Cutlery/Kyoo
1
0
Fork 0
mirror of https://github.com/zoriya/Kyoo.git synced 2025-05-24 02:02:36 -04:00
Code Issues Packages Projects Releases Wiki Activity

Remove db conf handling and read private key from storage

Browse Source
This commit is contained in:
Zoe Roux 2025-03-31 09:41:10 +02:00
parent 92753b72d3
commit 8ef4fe5e55
No known key found for this signature in database
9 changed files with 25 additions and 151 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
auth/.env.example
View File

@ -4,6 +4,9 @@
# http route prefix (will listen to $KEIBI_PREFIX/users for example) # http route prefix (will listen to $KEIBI_PREFIX/users for example)
KEIBI_PREFIX="" KEIBI_PREFIX=""
# path of the private key used to sign jwts. If this is empty, a new one will be generated on startup
RSA_PRIVATE_KEY_PATH=""
# The url you can use to reach your kyoo instance. This is used during oidc to redirect users to your instance. # The url you can use to reach your kyoo instance. This is used during oidc to redirect users to your instance.
PUBLIC_URL=http://localhost:8901 PUBLIC_URL=http://localhost:8901

61
auth/config.go
View File

@ -27,56 +27,39 @@ var DefaultConfig = Configuration{
ExpirationDelay: 30 * 24 * time.Hour, ExpirationDelay: 30 * 24 * time.Hour,
} }
const (
JwtPrivateKey = "jwt_private_key"
)
func LoadConfiguration(db *dbc.Queries) (*Configuration, error) { func LoadConfiguration(db *dbc.Queries) (*Configuration, error) {
ctx := context.Background()
confs, err := db.LoadConfig(ctx)
if err != nil {
return nil, err
}
ret := DefaultConfig ret := DefaultConfig
for _, conf := range confs {
switch conf.Key {
case JwtPrivateKey:
block, _ := pem.Decode([]byte(conf.Value))
key, err := x509.ParsePKCS1PrivateKey(block.Bytes)
if err != nil {
return nil, err
}
ret.JwtPrivateKey = key
ret.JwtPublicKey = &key.PublicKey
}
}
ret.PublicUrl = os.Getenv("PUBLIC_URL") ret.PublicUrl = os.Getenv("PUBLIC_URL")
ret.Prefix = os.Getenv("KEIBI_PREFIX") ret.Prefix = os.Getenv("KEIBI_PREFIX")
if ret.JwtPrivateKey == nil { rsa_pk_path := os.Getenv("RSA_PRIVATE_KEY_PATH")
if rsa_pk_path != "" {
privateKeyData, err := os.ReadFile(rsa_pk_path)
if err != nil {
return nil, err
}
block, _ := pem.Decode(privateKeyData)
if block == nil || block.Type != "RSA PRIVATE KEY" {
return nil, err
}
ret.JwtPrivateKey, err = x509.ParsePKCS1PrivateKey(block.Bytes)
if err != nil {
pkcs8Key, err := x509.ParsePKCS8PrivateKey(block.Bytes)
if err != nil {
return nil, err
}
ret.JwtPrivateKey = pkcs8Key.(*rsa.PrivateKey)
}
} else {
var err error
ret.JwtPrivateKey, err = rsa.GenerateKey(rand.Reader, 4096) ret.JwtPrivateKey, err = rsa.GenerateKey(rand.Reader, 4096)
if err != nil { if err != nil {
return nil, err return nil, err
} }
ret.JwtPublicKey = &ret.JwtPrivateKey.PublicKey ret.JwtPublicKey = &ret.JwtPrivateKey.PublicKey
pemd := pem.EncodeToMemory(
&pem.Block{
Type: "RSA PRIVATE KEY",
Bytes: x509.MarshalPKCS1PrivateKey(ret.JwtPrivateKey),
},
)
_, err := db.SaveConfig(ctx, dbc.SaveConfigParams{
Key: JwtPrivateKey,
Value: string(pemd),
})
if err != nil {
return nil, err
}
} }
return &ret, nil return &ret, nil

73
auth/dbc/config.sql.go
View File

@ -1,73 +0,0 @@
// Code generated by sqlc. DO NOT EDIT.
// versions:
// sqlc v1.28.0
// source: config.sql
package dbc
import (
"context"
)
const deleteConfig = `-- name: DeleteConfig :one
delete from config
where key = $1
returning
key, value
`
func (q *Queries) DeleteConfig(ctx context.Context, key string) (Config, error) {
row := q.db.QueryRow(ctx, deleteConfig, key)
var i Config
err := row.Scan(&i.Key, &i.Value)
return i, err
}
const loadConfig = `-- name: LoadConfig :many
select
key, value
from
config
`
func (q *Queries) LoadConfig(ctx context.Context) ([]Config, error) {
rows, err := q.db.Query(ctx, loadConfig)
if err != nil {
return nil, err
}
defer rows.Close()
var items []Config
for rows.Next() {
var i Config
if err := rows.Scan(&i.Key, &i.Value); err != nil {
return nil, err
}
items = append(items, i)
}
if err := rows.Err(); err != nil {
return nil, err
}
return items, nil
}
const saveConfig = `-- name: SaveConfig :one
insert into config(key, value)
values ($1, $2)
on conflict (key)
do update set
value = excluded.value
returning
key, value
`
type SaveConfigParams struct {
Key string `json:"key"`
Value string `json:"value"`
}
func (q *Queries) SaveConfig(ctx context.Context, arg SaveConfigParams) (Config, error) {
row := q.db.QueryRow(ctx, saveConfig, arg.Key, arg.Value)
var i Config
err := row.Scan(&i.Key, &i.Value)
return i, err
}

5
auth/dbc/models.go
View File

@ -11,11 +11,6 @@ import (
"github.com/google/uuid" "github.com/google/uuid"
) )
type Config struct {
Key string `json:"key"`
Value string `json:"value"`
}
type OidcHandle struct { type OidcHandle struct {
UserPk int32 `json:"userPk"` UserPk int32 `json:"userPk"`
Provider string `json:"provider"` Provider string `json:"provider"`

5
auth/sql/migrations/000002_config.down.sql
View File

@ -1,5 +0,0 @@
begin;
drop table config;
commit;

8
auth/sql/migrations/000002_config.up.sql
View File

@ -1,8 +0,0 @@
begin;
create table config(
key varchar(256) not null primary key,
value text not null
);
commit;

0
auth/sql/migrations/000003_sessions.down.sql → auth/sql/migrations/000002_sessions.down.sql
View File

0
auth/sql/migrations/000003_sessions.up.sql → auth/sql/migrations/000002_sessions.up.sql
View File

21
auth/sql/queries/config.sql
View File

@ -1,21 +0,0 @@
-- name: LoadConfig :many
select
*
from
config;
-- name: SaveConfig :one
insert into config(key, value)
values ($1, $2)
on conflict (key)
do update set
value = excluded.value
returning
*;
-- name: DeleteConfig :one
delete from config
where key = $1
returning
*;