twentyhq · charlesBochet · Oct 30, 2024 · Oct 18, 2024 · Oct 19, 2024 · Oct 20, 2024
diff --git a/packages/twenty-server/src/engine/core-modules/auth/token/services/token.service.ts b/packages/twenty-server/src/engine/core-modules/auth/token/services/token.service.ts
@@ -46,6 +46,7 @@ import {
 } from 'src/engine/core-modules/workspace/workspace.entity';
 import { TwentyORMGlobalManager } from 'src/engine/twenty-orm/twenty-orm-global.manager';
 import { WorkspaceMemberWorkspaceEntity } from 'src/modules/workspace-member/standard-objects/workspace-member.workspace-entity';
+import { generateSecret } from 'src/utils/generate-secret';
 
 @Injectable()
 export class TokenService {
@@ -232,7 +233,7 @@ export class TokenService {
     userId: string,
     workspaceId: string,
   ): Promise<AuthToken> {
-    const secret = this.environmentService.get('LOGIN_TOKEN_SECRET');
+    const secret = generateSecret(workspaceId, 'LOGIN');
     const expiresIn = this.environmentService.get(
       'SHORT_TERM_TOKEN_EXPIRES_IN',
     );
@@ -271,7 +272,7 @@ export class TokenService {
     const jwtPayload = {
       sub: workspaceId,
     };
-    const secret = this.environmentService.get('ACCESS_TOKEN_SECRET');
+    const secret = generateSecret(workspaceId, 'ACCESS');
     let expiresIn: string | number;
 
     if (expiresAt) {

diff --git a/packages/twenty-server/src/utils/generate-secret.ts b/packages/twenty-server/src/utils/generate-secret.ts
@@ -0,0 +1,14 @@
+import { createHash } from 'crypto';
+
+if (!process.env.APP_SECRET) {
+  throw new Error('APP_SECRET is not set');
+}
+
+export const generateSecret = (
+  workspaceId: string,
+  type: 'ACCESS' | 'LOGIN' | 'REFRESH' | 'FILE',
+): string => {
+  return createHash('sha256')
+    .update(`${process.env.APP_SECRET}${workspaceId}${type}`)
+    .digest('hex');
+};