auth

Paddy 2015-06-29 Parent:b0d1b3e39fc8 Child:aa14e29b666f

174:9e3ceddf29ad Browse Files

Use an environment variable to set the JWT secret. When setting up the authd server, populate the JWT secret using a JWT_SECRET environment variable. Incidentally, we also included the subscriptions scope, for testing purposes while creating code.secondbit.org/ducky/subscriptions. We now also log the port we're listening on, listen on all interfaces (instead of just 127.0.0.1), and changed the port to 9000 instead of 8080.

authd/server.go 

     1.1 --- a/authd/server.go	Sun May 17 03:21:17 2015 -0400
     1.2 +++ b/authd/server.go	Mon Jun 29 23:30:29 2015 -0400
     1.3 @@ -1,6 +1,7 @@
     1.4  package main
     1.5  
     1.6  import (
     1.7 +	"encoding/base64"
     1.8  	"html/template"
     1.9  	"log"
    1.10  	"net/http"
    1.11 @@ -14,6 +15,21 @@
    1.12  	log.SetFlags(log.LstdFlags | log.Llongfile)
    1.13  	log.Printf("Running version '%s'\n", auth.Version)
    1.14  	var config auth.Config
    1.15 +	var jwtSecret string
    1.16 +	var err error
    1.17 +	if os.Getenv("JWT_SECRET") == "" {
    1.18 +		log.Fatal("JWT_SECRET must be set.")
    1.19 +	} else {
    1.20 +		jwtSecret = os.Getenv("JWT_SECRET")
    1.21 +	}
    1.22 +	if os.Getenv("JWT_SECRET_IS_BASE64_ENCODED") == "true" {
    1.23 +		config.JWTPrivateKey, err = base64.StdEncoding.DecodeString(jwtSecret)
    1.24 +		if err != nil {
    1.25 +			panic(err)
    1.26 +		}
    1.27 +	} else {
    1.28 +		config.JWTPrivateKey = []byte(jwtSecret)
    1.29 +	}
    1.30  	if os.Getenv("AUTH_PG_DB") != "" {
    1.31  		p, err := auth.NewPostgres(os.Getenv("AUTH_PG_DB"))
    1.32  		if err != nil {
    1.33 @@ -36,7 +52,6 @@
    1.34  	}
    1.35  	config.Template = template.Must(template.New("base").ParseGlob("./templates/*.gotmpl"))
    1.36  	config.LoginURI = "/login"
    1.37 -	config.JWTPrivateKey = []byte(`secret`)
    1.38  	if os.Getenv("AUTH_NSQD_ADDR") != "" {
    1.39  		n, err := auth.NewNSQNotifier(os.Getenv("AUTH_NSQD_ADDR"))
    1.40  		if err != nil {
    1.41 @@ -46,7 +61,7 @@
    1.42  	} else {
    1.43  		config.LoginVerificationNotifier = auth.NewStdoutNotifier()
    1.44  	}
    1.45 -	err := config.Init()
    1.46 +	err = config.Init()
    1.47  	if err != nil {
    1.48  		log.Fatal(err)
    1.49  	}
    1.50 @@ -56,6 +71,7 @@
    1.51  	}
    1.52  	err = context.CreateScopes([]auth.Scope{
    1.53  		auth.ScopeLoginAdmin,
    1.54 +		{ID: "subscriptions", Name: "Manage subscriptions", Description: "Create, view, edit, and cancel your subscriptions."},
    1.55  	})
    1.56  	if err != nil && err != auth.ErrScopeAlreadyExists {
    1.57  		log.Fatal(err)
    1.58 @@ -67,5 +83,6 @@
    1.59  	auth.RegisterProfileHandlers(router, context)
    1.60  	auth.RegisterClientHandlers(router, context)
    1.61  	http.Handle("/", router)
    1.62 -	log.Fatal(http.ListenAndServe(":8080", nil))
    1.63 +	log.Println("Listening on port 9000")
    1.64 +	log.Fatal(http.ListenAndServe("0.0.0.0:9000", nil))
    1.65  }