auth

Paddy 2015-06-29 Parent:b0d1b3e39fc8 Child:0a2c3d677161

174:9e3ceddf29ad Go to Latest

auth/authd/server.go

Use an environment variable to set the JWT secret. When setting up the authd server, populate the JWT secret using a JWT_SECRET environment variable. Incidentally, we also included the subscriptions scope, for testing purposes while creating code.secondbit.org/ducky/subscriptions. We now also log the port we're listening on, listen on all interfaces (instead of just 127.0.0.1), and changed the port to 9000 instead of 8080.

Download raw file
View source Diff to previous Annotate
History 
     1.1 --- a/authd/server.go	Sun May 17 03:21:17 2015 -0400
     1.2 +++ b/authd/server.go	Mon Jun 29 23:30:29 2015 -0400
     1.3 @@ -1,6 +1,7 @@
     1.4  package main
     1.5  
     1.6  import (
     1.7 +	"encoding/base64"
     1.8  	"html/template"
     1.9  	"log"
    1.10  	"net/http"
    1.11 @@ -14,6 +15,21 @@
    1.12  	log.SetFlags(log.LstdFlags | log.Llongfile)
    1.13  	log.Printf("Running version '%s'\n", auth.Version)
    1.14  	var config auth.Config
    1.15 +	var jwtSecret string
    1.16 +	var err error
    1.17 +	if os.Getenv("JWT_SECRET") == "" {
    1.18 +		log.Fatal("JWT_SECRET must be set.")
    1.19 +	} else {
    1.20 +		jwtSecret = os.Getenv("JWT_SECRET")
    1.21 +	}
    1.22 +	if os.Getenv("JWT_SECRET_IS_BASE64_ENCODED") == "true" {
    1.23 +		config.JWTPrivateKey, err = base64.StdEncoding.DecodeString(jwtSecret)
    1.24 +		if err != nil {
    1.25 +			panic(err)
    1.26 +		}
    1.27 +	} else {
    1.28 +		config.JWTPrivateKey = []byte(jwtSecret)
    1.29 +	}
    1.30  	if os.Getenv("AUTH_PG_DB") != "" {
    1.31  		p, err := auth.NewPostgres(os.Getenv("AUTH_PG_DB"))
    1.32  		if err != nil {
    1.33 @@ -36,7 +52,6 @@
    1.34  	}
    1.35  	config.Template = template.Must(template.New("base").ParseGlob("./templates/*.gotmpl"))
    1.36  	config.LoginURI = "/login"
    1.37 -	config.JWTPrivateKey = []byte(`secret`)
    1.38  	if os.Getenv("AUTH_NSQD_ADDR") != "" {
    1.39  		n, err := auth.NewNSQNotifier(os.Getenv("AUTH_NSQD_ADDR"))
    1.40  		if err != nil {
    1.41 @@ -46,7 +61,7 @@
    1.42  	} else {
    1.43  		config.LoginVerificationNotifier = auth.NewStdoutNotifier()
    1.44  	}
    1.45 -	err := config.Init()
    1.46 +	err = config.Init()
    1.47  	if err != nil {
    1.48  		log.Fatal(err)
    1.49  	}
    1.50 @@ -56,6 +71,7 @@
    1.51  	}
    1.52  	err = context.CreateScopes([]auth.Scope{
    1.53  		auth.ScopeLoginAdmin,
    1.54 +		{ID: "subscriptions", Name: "Manage subscriptions", Description: "Create, view, edit, and cancel your subscriptions."},
    1.55  	})
    1.56  	if err != nil && err != auth.ErrScopeAlreadyExists {
    1.57  		log.Fatal(err)
    1.58 @@ -67,5 +83,6 @@
    1.59  	auth.RegisterProfileHandlers(router, context)
    1.60  	auth.RegisterClientHandlers(router, context)
    1.61  	http.Handle("/", router)
    1.62 -	log.Fatal(http.ListenAndServe(":8080", nil))
    1.63 +	log.Println("Listening on port 9000")
    1.64 +	log.Fatal(http.ListenAndServe("0.0.0.0:9000", nil))
    1.65  }