From e7676bd6cdfb0c22057ba87d76a293588bb39d5a Mon Sep 17 00:00:00 2001 From: caffeinated92 Date: Tue, 11 Jun 2024 10:24:58 +0700 Subject: [PATCH 1/2] jwt-auth-variable --- config/config.go | 1 + server/api.go | 5 +++-- server/server.go | 1 + 3 files changed, 5 insertions(+), 2 deletions(-) diff --git a/config/config.go b/config/config.go index 62abe1001..3ce3fad6f 100644 --- a/config/config.go +++ b/config/config.go @@ -660,6 +660,7 @@ type Config struct { OAuthClientID string `mapstructure:"api-oauth-client-id" toml:"api-oauth-client-id" json:"apiOAuthClientID"` OAuthClientSecret string `mapstructure:"api-oauth-client-secret" toml:"api-oauth-client-secret" json:"apiOAuthClientSecret"` CacheStaticMaxAge int `mapstructure:"cache-static-max-age" toml:"cache-static-max-age" json:"-"` + AuthJwtExpire int `mapstructure:"auth-jwt-expire" toml:"auth-jwt-expire" json:"authJwtExpire"` //OAuthRedirectURL string `mapstructure:"api-oauth-redirect-url" toml:"git-url" json:"-"` // BackupResticStoragePolicy string `mapstructure:"backup-restic-storage-policy" toml:"backup-restic-storage-policy" json:"backupResticStoragePolicy"` //ProvMode string `mapstructure:"prov-mode" toml:"prov-mode" json:"provMode"` //InitContainer vs API diff --git a/server/api.go b/server/api.go index 8ed96e6b9..537c99a59 100644 --- a/server/api.go +++ b/server/api.go @@ -343,7 +343,7 @@ func (repman *ReplicationManager) loginHandler(w http.ResponseWriter, r *http.Re //set claims claims["iss"] = "https://api.replication-manager.signal18.io" claims["iat"] = time.Now().Unix() - claims["exp"] = time.Now().Add(time.Hour * 48).Unix() + claims["exp"] = time.Now().Add(time.Hour * time.Duration(repman.Conf.AuthJwtExpire)).Unix() claims["jti"] = "1" // should be user ID(?) claims["CustomUserInfo"] = struct { Name string @@ -355,6 +355,7 @@ func (repman *ReplicationManager) loginHandler(w http.ResponseWriter, r *http.Re //sk, _ := jwt.ParseRSAPublicKeyFromPEM(signingKey) tokenString, err := signer.SignedString(sk) + log.Printf("Token expiration: %d hour\n", repman.Conf.AuthJwtExpire) if err != nil { w.WriteHeader(http.StatusInternalServerError) @@ -456,7 +457,7 @@ func (repman *ReplicationManager) handlerMuxAuthCallback(w http.ResponseWriter, //set claims claims["iss"] = "https://api.replication-manager.signal18.io" claims["iat"] = time.Now().Unix() - claims["exp"] = time.Now().Add(time.Hour * 48).Unix() + claims["exp"] = time.Now().Add(time.Hour * time.Duration(repman.Conf.AuthJwtExpire)).Unix() claims["jti"] = "1" // should be user ID(?) claims["CustomUserInfo"] = struct { Name string diff --git a/server/server.go b/server/server.go index b9c746af3..49fa17e72 100644 --- a/server/server.go +++ b/server/server.go @@ -211,6 +211,7 @@ func (repman *ReplicationManager) SetDefaultFlags(v *viper.Viper) { } func (repman *ReplicationManager) AddFlags(flags *pflag.FlagSet, conf *config.Config) { + flags.IntVar(&conf.AuthJwtExpire, "auth-jwt-expire", 48, "Timespan of JWT before expired in hour") if WithDeprecate == "ON" { // initDeprecated() // not needed used alias in main From c399b83828a28c9f8c0606bf1d1dd84e26b717c1 Mon Sep 17 00:00:00 2001 From: caffeinated92 Date: Tue, 11 Jun 2024 14:42:08 +0700 Subject: [PATCH 2/2] rename to api-token-timeout --- config/config.go | 2 +- server/api.go | 6 +++--- server/server.go | 2 +- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/config/config.go b/config/config.go index 3ce3fad6f..7810652b1 100644 --- a/config/config.go +++ b/config/config.go @@ -660,7 +660,7 @@ type Config struct { OAuthClientID string `mapstructure:"api-oauth-client-id" toml:"api-oauth-client-id" json:"apiOAuthClientID"` OAuthClientSecret string `mapstructure:"api-oauth-client-secret" toml:"api-oauth-client-secret" json:"apiOAuthClientSecret"` CacheStaticMaxAge int `mapstructure:"cache-static-max-age" toml:"cache-static-max-age" json:"-"` - AuthJwtExpire int `mapstructure:"auth-jwt-expire" toml:"auth-jwt-expire" json:"authJwtExpire"` + TokenTimeout int `mapstructure:"api-token-timeout" toml:"api-token-timeout" json:"apiTokenTimeout"` //OAuthRedirectURL string `mapstructure:"api-oauth-redirect-url" toml:"git-url" json:"-"` // BackupResticStoragePolicy string `mapstructure:"backup-restic-storage-policy" toml:"backup-restic-storage-policy" json:"backupResticStoragePolicy"` //ProvMode string `mapstructure:"prov-mode" toml:"prov-mode" json:"provMode"` //InitContainer vs API diff --git a/server/api.go b/server/api.go index 0dbb4ad19..d325e73dd 100644 --- a/server/api.go +++ b/server/api.go @@ -343,7 +343,7 @@ func (repman *ReplicationManager) loginHandler(w http.ResponseWriter, r *http.Re //set claims claims["iss"] = "https://api.replication-manager.signal18.io" claims["iat"] = time.Now().Unix() - claims["exp"] = time.Now().Add(time.Hour * time.Duration(repman.Conf.AuthJwtExpire)).Unix() + claims["exp"] = time.Now().Add(time.Hour * time.Duration(repman.Conf.TokenTimeout)).Unix() claims["jti"] = "1" // should be user ID(?) claims["CustomUserInfo"] = struct { Name string @@ -355,7 +355,7 @@ func (repman *ReplicationManager) loginHandler(w http.ResponseWriter, r *http.Re //sk, _ := jwt.ParseRSAPublicKeyFromPEM(signingKey) tokenString, err := signer.SignedString(sk) - log.Printf("Token expiration: %d hour\n", repman.Conf.AuthJwtExpire) + // log.Printf("Token expiration: %d hour\n", repman.Conf.TokenTimeout) if err != nil { w.WriteHeader(http.StatusInternalServerError) @@ -457,7 +457,7 @@ func (repman *ReplicationManager) handlerMuxAuthCallback(w http.ResponseWriter, //set claims claims["iss"] = "https://api.replication-manager.signal18.io" claims["iat"] = time.Now().Unix() - claims["exp"] = time.Now().Add(time.Hour * time.Duration(repman.Conf.AuthJwtExpire)).Unix() + claims["exp"] = time.Now().Add(time.Hour * time.Duration(repman.Conf.TokenTimeout)).Unix() claims["jti"] = "1" // should be user ID(?) claims["CustomUserInfo"] = struct { Name string diff --git a/server/server.go b/server/server.go index 49fa17e72..9cd6317a3 100644 --- a/server/server.go +++ b/server/server.go @@ -211,7 +211,7 @@ func (repman *ReplicationManager) SetDefaultFlags(v *viper.Viper) { } func (repman *ReplicationManager) AddFlags(flags *pflag.FlagSet, conf *config.Config) { - flags.IntVar(&conf.AuthJwtExpire, "auth-jwt-expire", 48, "Timespan of JWT before expired in hour") + flags.IntVar(&conf.TokenTimeout, "api-token-timeout", 48, "Timespan of API Token before expired in hour") if WithDeprecate == "ON" { // initDeprecated() // not needed used alias in main