mirror of
https://github.com/ClusterCockpit/cc-backend
synced 2024-12-25 12:59:06 +01:00
update README.md; gen-keypair utility
This commit is contained in:
parent
ef91f862c9
commit
a64944f3c3
14
.env
14
.env
@ -1,4 +1,10 @@
|
|||||||
export JWT_PUBLIC_KEY="kzfYrYy+TzpanWZHJ5qSdMj5uKUWgq74BWhQG6copP0="
|
# Base64 encoded Ed25519 keys (DO NOT USE THESE TWO IN PRODUCTION!)
|
||||||
export JWT_PRIVATE_KEY="dtPC/6dWJFKZK7KZ78CvWuynylOmjBFyMsUWArwmodOTN9itjL5POlqdZkcnmpJ0yPm4pRaCrvgFaFAbpyik/Q=="
|
# You can generate your own keypair using `go run utils/gen-keypair.go`
|
||||||
export SESSION_KEY="67d829bf61dc5f87a73fd814e2c9f629"
|
JWT_PUBLIC_KEY="kzfYrYy+TzpanWZHJ5qSdMj5uKUWgq74BWhQG6copP0="
|
||||||
export LDAP_ADMIN_PASSWORD="mashup"
|
JWT_PRIVATE_KEY="dtPC/6dWJFKZK7KZ78CvWuynylOmjBFyMsUWArwmodOTN9itjL5POlqdZkcnmpJ0yPm4pRaCrvgFaFAbpyik/Q=="
|
||||||
|
|
||||||
|
# Some random bytes used as secret for cookie-based sessions (DO NOT USE THIS ONE IN PRODUCTION)
|
||||||
|
SESSION_KEY="67d829bf61dc5f87a73fd814e2c9f629"
|
||||||
|
|
||||||
|
# Password for the ldap server (optional)
|
||||||
|
LDAP_ADMIN_PASSWORD="mashup"
|
||||||
|
4
.gitignore
vendored
4
.gitignore
vendored
@ -3,4 +3,8 @@ cc-jobarchive
|
|||||||
|
|
||||||
/var/job-archive
|
/var/job-archive
|
||||||
/var/*.db
|
/var/*.db
|
||||||
|
/var/machine-state
|
||||||
|
|
||||||
|
/.env
|
||||||
|
/config.json
|
||||||
|
|
||||||
|
@ -1,7 +1,5 @@
|
|||||||
# ClusterCockpit with a Golang backend
|
# ClusterCockpit with a Golang backend
|
||||||
|
|
||||||
__*DOES NOT WORK WITH CURRENT FRONTEND*__
|
|
||||||
|
|
||||||
[![Build](https://github.com/ClusterCockpit/cc-jobarchive/actions/workflows/test.yml/badge.svg)](https://github.com/ClusterCockpit/cc-jobarchive/actions/workflows/test.yml)
|
[![Build](https://github.com/ClusterCockpit/cc-jobarchive/actions/workflows/test.yml/badge.svg)](https://github.com/ClusterCockpit/cc-jobarchive/actions/workflows/test.yml)
|
||||||
|
|
||||||
Create your job-archive accoring to [this specification](https://github.com/ClusterCockpit/cc-specifications). At least one cluster with a valid `cluster.json` file is required. Having no jobs in the job-archive at all is fine. You may use the sample job-archive available for download [in cc-docker/develop](https://github.com/ClusterCockpit/cc-docker/tree/develop).
|
Create your job-archive accoring to [this specification](https://github.com/ClusterCockpit/cc-specifications). At least one cluster with a valid `cluster.json` file is required. Having no jobs in the job-archive at all is fine. You may use the sample job-archive available for download [in cc-docker/develop](https://github.com/ClusterCockpit/cc-docker/tree/develop).
|
||||||
@ -30,7 +28,7 @@ touch ./var/job.db
|
|||||||
|
|
||||||
# EDIT THE .env FILE BEFORE YOU DEPLOY (Change the secrets)!
|
# EDIT THE .env FILE BEFORE YOU DEPLOY (Change the secrets)!
|
||||||
# If authentication is disabled, it can be empty.
|
# If authentication is disabled, it can be empty.
|
||||||
source .env
|
vim ./.env
|
||||||
|
|
||||||
# This will first initialize the job.db database by traversing all
|
# This will first initialize the job.db database by traversing all
|
||||||
# `meta.json` files in the job-archive and add a new user. `--no-server` will cause the
|
# `meta.json` files in the job-archive and add a new user. `--no-server` will cause the
|
||||||
|
@ -22,6 +22,8 @@ import (
|
|||||||
"golang.org/x/crypto/bcrypt"
|
"golang.org/x/crypto/bcrypt"
|
||||||
)
|
)
|
||||||
|
|
||||||
|
// TODO: Properly do this "roles" stuff.
|
||||||
|
// Add a roles array and `user.HasRole(...)` functions.
|
||||||
type User struct {
|
type User struct {
|
||||||
Username string
|
Username string
|
||||||
Password string
|
Password string
|
||||||
@ -191,6 +193,7 @@ func Login(db *sqlx.DB) http.Handler {
|
|||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
|
session.Options.MaxAge = 30 * 24 * 60 * 60
|
||||||
session.Values["username"] = user.Username
|
session.Values["username"] = user.Username
|
||||||
session.Values["is_admin"] = user.IsAdmin
|
session.Values["is_admin"] = user.IsAdmin
|
||||||
if err := sessionStore.Save(r, rw, session); err != nil {
|
if err := sessionStore.Save(r, rw, session); err != nil {
|
||||||
@ -239,6 +242,8 @@ func authViaToken(r *http.Request) (*User, error) {
|
|||||||
sub, _ := claims["sub"].(string)
|
sub, _ := claims["sub"].(string)
|
||||||
isAdmin, _ := claims["is_admin"].(bool)
|
isAdmin, _ := claims["is_admin"].(bool)
|
||||||
isAPIUser, _ := claims["is_api"].(bool)
|
isAPIUser, _ := claims["is_api"].(bool)
|
||||||
|
|
||||||
|
// TODO: Check if sub is still a valid user!
|
||||||
return &User{
|
return &User{
|
||||||
Username: sub,
|
Username: sub,
|
||||||
IsAdmin: isAdmin,
|
IsAdmin: isAdmin,
|
||||||
@ -258,6 +263,7 @@ func Auth(next http.Handler) http.Handler {
|
|||||||
return
|
return
|
||||||
}
|
}
|
||||||
if user != nil {
|
if user != nil {
|
||||||
|
// Successfull authentication using a token
|
||||||
ctx := context.WithValue(r.Context(), ContextUserKey, user)
|
ctx := context.WithValue(r.Context(), ContextUserKey, user)
|
||||||
next.ServeHTTP(rw, r.WithContext(ctx))
|
next.ServeHTTP(rw, r.WithContext(ctx))
|
||||||
return
|
return
|
||||||
@ -265,6 +271,7 @@ func Auth(next http.Handler) http.Handler {
|
|||||||
|
|
||||||
session, err := sessionStore.Get(r, "session")
|
session, err := sessionStore.Get(r, "session")
|
||||||
if err != nil {
|
if err != nil {
|
||||||
|
// sessionStore.Get will return a new session if no current one is attached to this request.
|
||||||
http.Error(rw, err.Error(), http.StatusInternalServerError)
|
http.Error(rw, err.Error(), http.StatusInternalServerError)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
22
utils/gen-keypair.go
Normal file
22
utils/gen-keypair.go
Normal file
@ -0,0 +1,22 @@
|
|||||||
|
package main
|
||||||
|
|
||||||
|
import (
|
||||||
|
"crypto/ed25519"
|
||||||
|
"crypto/rand"
|
||||||
|
"encoding/base64"
|
||||||
|
"fmt"
|
||||||
|
"os"
|
||||||
|
)
|
||||||
|
|
||||||
|
func main() {
|
||||||
|
// rand.Reader uses /dev/urandom on Linux
|
||||||
|
pub, priv, err := ed25519.GenerateKey(rand.Reader)
|
||||||
|
if err != nil {
|
||||||
|
fmt.Fprintf(os.Stderr, "error: %s\n", err.Error())
|
||||||
|
os.Exit(1)
|
||||||
|
}
|
||||||
|
|
||||||
|
fmt.Fprintf(os.Stdout, "JWT_PUBLIC_KEY=%#v\nJWT_PRIVATE_KEY=%#v\n",
|
||||||
|
base64.StdEncoding.EncodeToString(pub),
|
||||||
|
base64.StdEncoding.EncodeToString(priv))
|
||||||
|
}
|
Loading…
Reference in New Issue
Block a user