Remove db conf handling and read private key from storage

2025-05-24 02:02:36 -04:00 · 2025-03-31 09:41:10 +02:00 · 2025-03-31 09:41:10 +02:00 · 8ef4fe5e55
commit 8ef4fe5e55
parent 92753b72d3
9 changed files with 25 additions and 151 deletions
--- a/auth/.env.example
+++ b/auth/.env.example
@ -4,6 +4,9 @@
 # http route prefix (will listen to $KEIBI_PREFIX/users for example)
 KEIBI_PREFIX=""

+# path of the private key used to sign jwts. If this is empty, a new one will be generated on startup
+RSA_PRIVATE_KEY_PATH=""
+
 # The url you can use to reach your kyoo instance. This is used during oidc to redirect users to your instance.
 PUBLIC_URL=http://localhost:8901

--- a/auth/config.go
+++ b/auth/config.go
@ -27,56 +27,39 @@ var DefaultConfig = Configuration{
 	ExpirationDelay: 30 * 24 * time.Hour,
 }

-const (
-	JwtPrivateKey = "jwt_private_key"
-)
-
 func LoadConfiguration(db *dbc.Queries) (*Configuration, error) {
-	ctx := context.Background()
-	confs, err := db.LoadConfig(ctx)
-	if err != nil {
-		return nil, err
-	}
-
 	ret := DefaultConfig

-	for _, conf := range confs {
-		switch conf.Key {
-		case JwtPrivateKey:
-			block, _ := pem.Decode([]byte(conf.Value))
-			key, err := x509.ParsePKCS1PrivateKey(block.Bytes)
-			if err != nil {
-				return nil, err
-			}
-			ret.JwtPrivateKey = key
-			ret.JwtPublicKey = &key.PublicKey
-		}
-	}
-
 	ret.PublicUrl = os.Getenv("PUBLIC_URL")
 	ret.Prefix = os.Getenv("KEIBI_PREFIX")

-	if ret.JwtPrivateKey == nil {
+	rsa_pk_path := os.Getenv("RSA_PRIVATE_KEY_PATH")
+	if rsa_pk_path != "" {
+		privateKeyData, err := os.ReadFile(rsa_pk_path)
+		if err != nil {
+			return nil, err
+		}
+
+		block, _ := pem.Decode(privateKeyData)
+		if block == nil || block.Type != "RSA PRIVATE KEY" {
+			return nil, err
+		}
+
+		ret.JwtPrivateKey, err = x509.ParsePKCS1PrivateKey(block.Bytes)
+		if err != nil {
+			pkcs8Key, err := x509.ParsePKCS8PrivateKey(block.Bytes)
+			if err != nil {
+				return nil, err
+			}
+			ret.JwtPrivateKey = pkcs8Key.(*rsa.PrivateKey)
+		}
+	} else {
+		var err error
 		ret.JwtPrivateKey, err = rsa.GenerateKey(rand.Reader, 4096)
 		if err != nil {
 			return nil, err
 		}
 		ret.JwtPublicKey = &ret.JwtPrivateKey.PublicKey
-
-		pemd := pem.EncodeToMemory(
-			&pem.Block{
-				Type:  "RSA PRIVATE KEY",
-				Bytes: x509.MarshalPKCS1PrivateKey(ret.JwtPrivateKey),
-			},
-		)
-
-		_, err := db.SaveConfig(ctx, dbc.SaveConfigParams{
-			Key:   JwtPrivateKey,
-			Value: string(pemd),
-		})
-		if err != nil {
-			return nil, err
-		}
 	}

 	return &ret, nil
--- a/auth/dbc/config.sql.go
+++ b/auth/dbc/config.sql.go
@ -1,73 +0,0 @@
-// Code generated by sqlc. DO NOT EDIT.
-// versions:
-//   sqlc v1.28.0
-// source: config.sql
-
-package dbc
-
-import (
-	"context"
-)
-
-const deleteConfig = `-- name: DeleteConfig :one
-delete from config
-where key = $1
-returning
-	key, value
-`
-
-func (q *Queries) DeleteConfig(ctx context.Context, key string) (Config, error) {
-	row := q.db.QueryRow(ctx, deleteConfig, key)
-	var i Config
-	err := row.Scan(&i.Key, &i.Value)
-	return i, err
-}
-
-const loadConfig = `-- name: LoadConfig :many
-select
-	key, value
-from
-	config
-`
-
-func (q *Queries) LoadConfig(ctx context.Context) ([]Config, error) {
-	rows, err := q.db.Query(ctx, loadConfig)
-	if err != nil {
-		return nil, err
-	}
-	defer rows.Close()
-	var items []Config
-	for rows.Next() {
-		var i Config
-		if err := rows.Scan(&i.Key, &i.Value); err != nil {
-			return nil, err
-		}
-		items = append(items, i)
-	}
-	if err := rows.Err(); err != nil {
-		return nil, err
-	}
-	return items, nil
-}
-
-const saveConfig = `-- name: SaveConfig :one
-insert into config(key, value)
-	values ($1, $2)
-on conflict (key)
-	do update set
-		value = excluded.value
-	returning
-		key, value
-`
-
-type SaveConfigParams struct {
-	Key   string `json:"key"`
-	Value string `json:"value"`
-}
-
-func (q *Queries) SaveConfig(ctx context.Context, arg SaveConfigParams) (Config, error) {
-	row := q.db.QueryRow(ctx, saveConfig, arg.Key, arg.Value)
-	var i Config
-	err := row.Scan(&i.Key, &i.Value)
-	return i, err
-}
--- a/auth/dbc/models.go
+++ b/auth/dbc/models.go
@ -11,11 +11,6 @@ import (
 	"github.com/google/uuid"
 )

-type Config struct {
-	Key   string `json:"key"`
-	Value string `json:"value"`
-}
-
 type OidcHandle struct {
 	UserPk       int32      `json:"userPk"`
 	Provider     string     `json:"provider"`
--- a/auth/sql/migrations/000002_config.down.sql
+++ b/auth/sql/migrations/000002_config.down.sql
@ -1,5 +0,0 @@
-begin;
-
-drop table config;
-
-commit;
--- a/auth/sql/migrations/000002_config.up.sql
+++ b/auth/sql/migrations/000002_config.up.sql
@ -1,8 +0,0 @@
-begin;
-
-create table config(
-	key varchar(256) not null primary key,
-	value text not null
-);
-
-commit;
--- a/auth/sql/migrations/000002_sessions.down.sql
+++ b/auth/sql/migrations/000002_sessions.down.sql
--- a/auth/sql/migrations/000002_sessions.up.sql
+++ b/auth/sql/migrations/000002_sessions.up.sql
--- a/auth/sql/queries/config.sql
+++ b/auth/sql/queries/config.sql
@ -1,21 +0,0 @@
-- name: LoadConfig :many
-select
-	*
-from
-	config;
-
-- name: SaveConfig :one
-insert into config(key, value)
-	values ($1, $2)
-on conflict (key)
-	do update set
-		value = excluded.value
-	returning
-		*;
-
-- name: DeleteConfig :one
-delete from config
-where key = $1
-returning
-	*;
-