From 25f08a8eda7880b07c84d976aa0b58e64b3b39a1 Mon Sep 17 00:00:00 2001 From: Matthew Dillon Date: Tue, 27 Jan 2015 09:00:01 -0900 Subject: [PATCH] Moving JWT keys to ENVVARS --- api/auth.go | 32 +++++++++++--------------------- api/server_for_test.go | 39 ++++++++++++++++++++++++++++++++++++++- bactdb.go | 13 ++++++------- keys/.gitignore | 2 -- 4 files changed, 55 insertions(+), 31 deletions(-) delete mode 100644 keys/.gitignore diff --git a/api/auth.go b/api/auth.go index 6dbb074..7fd0088 100644 --- a/api/auth.go +++ b/api/auth.go @@ -2,10 +2,8 @@ package api import ( "errors" - "fmt" - "io/ioutil" - "log" "net/http" + "os" "strings" "github.com/dgrijalva/jwt-go" @@ -26,27 +24,19 @@ var ( errAccessDenied = errors.New("insufficient privileges") ) -func SetupCerts(p string) error { - var err error - if err != nil { - log.Fatalf("Path error: ", err) +func SetupCerts() error { + signkey := os.Getenv("PRIVATE_KEY") + if signkey == "" { + return errors.New("please set PRIVATE_KEY") } + signKey = []byte(signkey) - // openssl genrsa -out app.rsa keysize - privKeyPath := fmt.Sprintf("%vapp.rsa", p) - signKey, err = ioutil.ReadFile(privKeyPath) - if err != nil { - log.Fatalf("Error reading private key: ", err) - return err + verifykey := os.Getenv("PUBLIC_KEY") + if verifykey == "" { + return errors.New("please set PUBLIC_KEY") } + verifyKey = []byte(verifykey) - // openssl rsa -in app.rsa -pubout > app.rsa.pub - pubKeyPath := fmt.Sprintf("%vapp.rsa.pub", p) - verifyKey, err = ioutil.ReadFile(pubKeyPath) - if err != nil { - log.Fatalf("Error reading public key: ", err) - return err - } return nil } @@ -68,7 +58,7 @@ func (h authHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) { // Validate the token token, err := jwt.Parse(s[1], func(token *jwt.Token) (interface{}, error) { - return verifyKey, nil + return []byte(verifyKey), nil }) // Branch out into the possible error from signing diff --git a/api/server_for_test.go b/api/server_for_test.go index f5f9361..9637664 100644 --- a/api/server_for_test.go +++ b/api/server_for_test.go @@ -15,6 +15,44 @@ import ( ) func init() { + signKey = []byte(`-----BEGIN RSA PRIVATE KEY----- +MIIEowIBAAKCAQEAyXi+Q3rVv+NkBi3UWBXyylUN5SyHxQUtZvhbA6TwcF2fk3Io +Di3kipVWbfYAYijIxczACieCnadSynJpH4zNVJsRxp8DTG67Nx/K5n3TJyg5hLpa +PE+46lOS7E0O9JPT119zKCGHtHldpgjsPCXGHRXKZdFafSv8ktFhwvK5ZQO1NjH2 ++NOsfhp2ubuQXL7O/45fC5wTCj0lLatdXtlTcIxJb7FUj3AsAC7TlKhtkKe+Syox +n1xNMQiYK1R24+goW44JO5uZDYP85ufgRn+DdOQF9DskmiQN9/REhH/5VQjEIYZ3 +kjmKlNnjz3Jd1eOdtGALxTq3+neVawWMPBXOcQIDAQABAoIBAHMAYhKgrhxPTwwb +4ua4+JK4BCt5xLIYp3bscv9cigaJ2onOksCtP5Q/dEtmLYfaYehOXJwvO2aEWUTI +E+t3cslFjtsCb16UonbvxeDVl871LgfuW42rsBDJzcbmoY/IRhbdHB2fLhg9YtBg +rYATy8dUZejCnNVwY0bnD9e4t0zJ0lXUVy+dMvl69uNyP8f12LwvLGgCmAOWXh5p +NpGmT8/jRF9BrQvr9bhwxpV2JGsGEEyGvu+ayVR01AiyQ04kh9gZOJOVtsGa1fjx +AvgxzhkfLyAbCAgFTTUuhEbZoxXyCNBdOM0V3PXSbIbW+7gwLwXi71Czo08V050z +5SK9p2UCgYEA8JW+xIaAzYT+ZwPaJ/Ir1+WcisEI+AyCD1c5gblHrCmSwYHdKSX4 +ZcX0QAcj+dzuF6SyQStoy1pIooUzadDZxXeyBoeOjGdyobqJpmaEHb9g594w2inS +AsEb4waxvrKlTuhFXnI2JbJrbMyjRBTKWZw4K/FT73IE8hQL9ivXYN8CgYEA1mFu +uLD95N/KOFtQ0JcLUelPZK7gYSdq21YHSbABeeesvabnn3hFEzDl5cXqKFJ/4Ltf +2QhpO4JGgHYNlrsfCvvivV5dRxFKfleoojL/0qlJxOqQVfulscT0XB3wUpoyP+Qr +8AdyvZwUfLWpSaYxDUB7w77U1VayP5JLuULKKq8CgYBOge8QnnullUKXRzCHXIVm +HG1q8fcFSr+eVe5UIKv8yEw1jTUoWlWmkGRWCH566NdhK8NndMzrnviY4DKY0yhd +QeP8MXwY4SENGZwVitqOAoeS4nS6nG8FqxJ4kRSrkAxVpYINgeOdhY18oYKdktM9 +Trcdz9B+EI0Amf4VRNUxrQKBgQCTBXTagr9MhFF5vt44fy3LOhcxtGC7ID4/N8t9 +tI/+m2yzD9DPY7rzg1hW8Rk6GAINDFOaUxNgNWLGXK/LDH8omEASoLGVuHz/Enza +5+DcBy9JNZhQ72jd9nWi6wFSlN8bRA8B6Qm+kVjXgfocQTZooS1/u9LYkEFkKZ92 +6SAejwKBgH6V+dLUefC9w6N99VWpOAom9gE96imo1itTKxIB1WPdFsSDDe/CGXDG +W+l7ZiSjXaAfNF5UtuhO6yY0ob++Aa/d+l+Zo7CWn4SrmwTAp1CdRHxX3KxkqHNi +BsuYClbQh5Z9lOKn8FCNW3NyahJdYeWGhb/ZdeS0n+F6Ov4V+grc +-----END RSA PRIVATE KEY-----`) + + verifyKey = []byte(`-----BEGIN PUBLIC KEY----- +MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyXi+Q3rVv+NkBi3UWBXy +ylUN5SyHxQUtZvhbA6TwcF2fk3IoDi3kipVWbfYAYijIxczACieCnadSynJpH4zN +VJsRxp8DTG67Nx/K5n3TJyg5hLpaPE+46lOS7E0O9JPT119zKCGHtHldpgjsPCXG +HRXKZdFafSv8ktFhwvK5ZQO1NjH2+NOsfhp2ubuQXL7O/45fC5wTCj0lLatdXtlT +cIxJb7FUj3AsAC7TlKhtkKe+Syoxn1xNMQiYK1R24+goW44JO5uZDYP85ufgRn+D +dOQF9DskmiQN9/REhH/5VQjEIYZ3kjmKlNnjz3Jd1eOdtGALxTq3+neVawWMPBXO +cQIDAQAB +-----END PUBLIC KEY-----`) + serveMux.Handle("/", http.StripPrefix("/api", Handler())) } @@ -29,7 +67,6 @@ var ( func setup() { store = datastore.NewMockDatastore() - SetupCerts("../keys/") u, _ := apiClient.URL(router.GetToken, nil, nil) resp, _ := httpClient.PostForm(u.String(), url.Values{"username": {"test_user"}, "password": {"password"}}) diff --git a/bactdb.go b/bactdb.go index 97e1dde..98f373d 100644 --- a/bactdb.go +++ b/bactdb.go @@ -27,11 +27,6 @@ func main() { Usage: "HTTP service port", Value: 8901, }, - cli.StringFlag{ - Name: "keys", - Usage: "path to keys", - Value: "keys/", - }, }, Action: cmdServe, }, @@ -58,15 +53,19 @@ func main() { } func cmdServe(c *cli.Context) { + var err error httpAddr := fmt.Sprintf(":%v", c.Int("port")) datastore.Connect() - api.SetupCerts(c.String("keys")) + err = api.SetupCerts() + if err != nil { + log.Fatal("SetupCerts: ", err) + } m := http.NewServeMux() m.Handle("/api/", http.StripPrefix("/api", api.Handler())) log.Print("Listening on ", httpAddr) - err := http.ListenAndServe(httpAddr, m) + err = http.ListenAndServe(httpAddr, m) if err != nil { log.Fatal("ListenAndServe: ", err) } diff --git a/keys/.gitignore b/keys/.gitignore deleted file mode 100644 index d6b7ef3..0000000 --- a/keys/.gitignore +++ /dev/null @@ -1,2 +0,0 @@ -* -!.gitignore