From 1234429a8d5cb2a9fe32295cf5ccc8bfa5ea5cd8 Mon Sep 17 00:00:00 2001 From: Willy Kloucek Date: Thu, 2 Mar 2023 08:39:56 +0100 Subject: [PATCH] add tokenmanager to userlog to fix startup --- services/userlog/pkg/config/config.go | 7 +++++++ services/userlog/pkg/config/defaults/defaultconfig.go | 8 ++++++++ services/userlog/pkg/config/parser/parse.go | 4 ++++ services/userlog/pkg/server/http/server.go | 6 +++++- 4 files changed, 24 insertions(+), 1 deletion(-) diff --git a/services/userlog/pkg/config/config.go b/services/userlog/pkg/config/config.go index acf98e1a2..c3173f5c4 100644 --- a/services/userlog/pkg/config/config.go +++ b/services/userlog/pkg/config/config.go @@ -18,6 +18,8 @@ type Config struct { HTTP HTTP `yaml:"http"` GRPCClientTLS *shared.GRPCClientTLS `yaml:"grpc_client_tls"` + TokenManager *TokenManager `yaml:"token_manager"` + MachineAuthAPIKey string `yaml:"machine_auth_api_key" env:"OCIS_MACHINE_AUTH_API_KEY;USERLOG_MACHINE_AUTH_API_KEY" desc:"Machine auth API key used to validate internal requests necessary to access resources from other services."` RevaGateway string `yaml:"reva_gateway" env:"REVA_GATEWAY" desc:"CS3 gateway used to look up user metadata"` Events Events `yaml:"events"` @@ -60,3 +62,8 @@ type HTTP struct { CORS CORS `yaml:"cors"` TLS shared.HTTPServiceTLS `yaml:"tls"` } + +// TokenManager is the config for using the reva token manager +type TokenManager struct { + JWTSecret string `yaml:"jwt_secret" env:"OCIS_JWT_SECRET;USERLOG_JWT_SECRET" desc:"The secret to mint and validate jwt tokens."` +} diff --git a/services/userlog/pkg/config/defaults/defaultconfig.go b/services/userlog/pkg/config/defaults/defaultconfig.go index 6e6993fb6..5db2b5ce5 100644 --- a/services/userlog/pkg/config/defaults/defaultconfig.go +++ b/services/userlog/pkg/config/defaults/defaultconfig.go @@ -69,6 +69,14 @@ func EnsureDefaults(cfg *config.Config) { } } + if cfg.TokenManager == nil && cfg.Commons != nil && cfg.Commons.TokenManager != nil { + cfg.TokenManager = &config.TokenManager{ + JWTSecret: cfg.Commons.TokenManager.JWTSecret, + } + } else if cfg.TokenManager == nil { + cfg.TokenManager = &config.TokenManager{} + } + if cfg.Commons != nil { cfg.HTTP.TLS = cfg.Commons.HTTPServiceTLS } diff --git a/services/userlog/pkg/config/parser/parse.go b/services/userlog/pkg/config/parser/parse.go index b3218cec9..11340059c 100644 --- a/services/userlog/pkg/config/parser/parse.go +++ b/services/userlog/pkg/config/parser/parse.go @@ -39,5 +39,9 @@ func Validate(cfg *config.Config) error { return shared.MissingMachineAuthApiKeyError(cfg.Service.Name) } + if cfg.TokenManager.JWTSecret == "" { + return shared.MissingJWTTokenError(cfg.Service.Name) + } + return nil } diff --git a/services/userlog/pkg/server/http/server.go b/services/userlog/pkg/server/http/server.go index e603f5294..38dd5e2b8 100644 --- a/services/userlog/pkg/server/http/server.go +++ b/services/userlog/pkg/server/http/server.go @@ -7,6 +7,7 @@ import ( "github.com/go-chi/chi/v5" chimiddleware "github.com/go-chi/chi/v5/middleware" + "github.com/owncloud/ocis/v2/ocis-pkg/account" "github.com/owncloud/ocis/v2/ocis-pkg/middleware" "github.com/owncloud/ocis/v2/ocis-pkg/service/http" "github.com/owncloud/ocis/v2/ocis-pkg/version" @@ -49,7 +50,10 @@ func Server(opts ...Option) (http.Service, error) { middleware.Logger( options.Logger, ), - middleware.ExtractAccountUUID(), + middleware.ExtractAccountUUID( + account.Logger(options.Logger), + account.JWTSecret(options.Config.TokenManager.JWTSecret), + ), } mux := chi.NewMux()