From 4ce22fe2c4da9cdbc0a4ffe3ea765ee528b38f69 Mon Sep 17 00:00:00 2001 From: alexferl Date: Thu, 14 Mar 2024 00:57:47 -0400 Subject: [PATCH] load private key from init Signed-off-by: alexferl --- server/server.go | 12 +++--------- util/jwt/jwt.go | 29 ++++++++++++++++------------- 2 files changed, 19 insertions(+), 22 deletions(-) diff --git a/server/server.go b/server/server.go index 9f64f2f..43e3d4d 100644 --- a/server/server.go +++ b/server/server.go @@ -74,13 +74,8 @@ func NewTestServer(userSvc handlers.UserService, patSvc handlers.PersonalAccessT } func newServer(userSvc handlers.UserService, patSvc handlers.PersonalAccessTokenService, handler ...handlers.Handler) *server.Server { - key, err := jwt.LoadPrivateKey() - if err != nil { - log.Panic().Err(err).Msg("failed loading private key") - } - jwtConfig := jwtMw.Config{ - Key: key, + Key: jwt.PrivateKey, UseRefreshToken: true, ExemptRoutes: map[string][]string{ "/": {http.MethodGet}, @@ -90,7 +85,6 @@ func newServer(userSvc handlers.UserService, patSvc handlers.PersonalAccessToken "/openapi/*": {http.MethodGet}, "/auth/login": {http.MethodPost}, "/auth/signup": {http.MethodPost}, - "/google": {http.MethodGet}, "/oauth2/google/callback": {http.MethodGet}, "/oauth2/google/login": {http.MethodGet}, }, @@ -161,6 +155,7 @@ func newServer(userSvc handlers.UserService, patSvc handlers.PersonalAccessToken } } + // set token_id globally log.Logger = log.Logger.With().Str("token_id", t.Subject()).Logger() return nil @@ -169,7 +164,7 @@ func newServer(userSvc handlers.UserService, patSvc handlers.PersonalAccessToken enforcer, err := casbin.NewEnforcer(viper.GetString(config.CasbinModel), viper.GetString(config.CasbinPolicy)) if err != nil { - panic(err) + log.Panic().Err(err).Msg("failed creating enforcer") } openAPIConfig := openapiMw.Config{ @@ -180,7 +175,6 @@ func newServer(userSvc handlers.UserService, patSvc handlers.PersonalAccessToken "/livez": {http.MethodGet}, "/docs": {http.MethodGet}, "/openapi/*": {http.MethodGet}, - "/google": {http.MethodGet}, "/oauth2/google/callback": {http.MethodGet}, "/oauth2/google/login": {http.MethodGet}, }, diff --git a/util/jwt/jwt.go b/util/jwt/jwt.go index 8ea409e..ee9f3c6 100644 --- a/util/jwt/jwt.go +++ b/util/jwt/jwt.go @@ -16,6 +16,19 @@ import ( "github.com/alexferl/echo-boilerplate/config" ) +var PrivateKey *rsa.PrivateKey = nil + +func init() { + c := config.New() + c.BindFlags() + + key, err := loadPrivateKey() + if err != nil { + panic(err) + } + PrivateKey = key +} + type Type int8 const ( @@ -57,11 +70,6 @@ func GeneratePersonalToken(sub string, expiry time.Duration, claims map[string]a } func generateToken(typ Type, expiry time.Duration, sub string, claims map[string]any) ([]byte, error) { - key, err := LoadPrivateKey() - if err != nil { - return nil, err - } - builder := jwx.NewBuilder(). Subject(sub). Issuer(viper.GetString(config.JWTIssuer)). @@ -81,7 +89,7 @@ func generateToken(typ Type, expiry time.Duration, sub string, claims map[string return nil, fmt.Errorf("failed to build %s token: %v\n", typ.String(), err) } - signed, err := jwx.Sign(token, jwx.WithKey(jwa.RS256, key)) + signed, err := jwx.Sign(token, jwx.WithKey(jwa.RS256, PrivateKey)) if err != nil { return nil, fmt.Errorf("failed to sign %s token: %v\n", typ.String(), err) } @@ -90,12 +98,7 @@ func generateToken(typ Type, expiry time.Duration, sub string, claims map[string } func ParseEncoded(encodedToken []byte) (jwx.Token, error) { - key, err := LoadPrivateKey() - if err != nil { - return nil, err - } - - token, err := jwx.Parse(encodedToken, jwx.WithValidate(true), jwx.WithKey(jwa.RS256, key)) + token, err := jwx.Parse(encodedToken, jwx.WithValidate(true), jwx.WithKey(jwa.RS256, PrivateKey)) if err != nil { return nil, err } @@ -103,7 +106,7 @@ func ParseEncoded(encodedToken []byte) (jwx.Token, error) { return token, nil } -func LoadPrivateKey() (*rsa.PrivateKey, error) { +func loadPrivateKey() (*rsa.PrivateKey, error) { f, err := os.Open(viper.GetString(config.JWTPrivateKey)) if err != nil { return nil, fmt.Errorf("failed to open private key: %v", err)