Skip to content

Commit

Permalink
feat: add auth config to manager (#2161)
Browse files Browse the repository at this point in the history
Fix GHSA-hpc8-7wpm-889w.

Signed-off-by: Gaius <[email protected]>
  • Loading branch information
gaius-qi authored Mar 13, 2023
1 parent c37e227 commit 684469a
Show file tree
Hide file tree
Showing 9 changed files with 190 additions and 12 deletions.
15 changes: 15 additions & 0 deletions deploy/docker-compose/template/manager.template.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -32,6 +32,21 @@ server:
# In macos(just for testing), default value is /Users/$USER/.dragonfly/plugins.
pluginDir: ''

auth:
jwt:
# Realm name to display to the user, default value is Dragonfly.
realm: "Dragonfly"
# Key is secret key used for signing, default value is
# encoded base64 of dragonfly.
# Please change the key in production.
key: "ZHJhZ29uZmx5Cg=="
# Timeout is duration that a jwt token is valid,
# default duration is two days.
timeout: 48h
# MaxRefresh field allows clients to refresh their token
# until MaxRefresh has passed, default duration is two days.
maxRefresh: 48h

# Database info used for server.
database:
# Database type, supported types include mysql, mariadb and postgres.
Expand Down
45 changes: 45 additions & 0 deletions manager/config/config.go
Original file line number Diff line number Diff line change
Expand Up @@ -37,6 +37,9 @@ type Config struct {
// Server configuration.
Server ServerConfig `yaml:"server" mapstructure:"server"`

// Auth configuration.
Auth AuthConfig `yaml:"auth" mapstructure:"auth"`

// Database configuration.
Database DatabaseConfig `yaml:"database" mapstructure:"database"`

Expand Down Expand Up @@ -79,6 +82,25 @@ type ServerConfig struct {
REST RestConfig `yaml:"rest" mapstructure:"rest"`
}

type AuthConfig struct {
// JWT configuration.
JWT JWTConfig `yaml:"jwt" mapstructure:"jwt"`
}

type JWTConfig struct {
// Realm name to display to the user, default value is Dragonfly.
Realm string `yaml:"realm" mapstructure:"realm"`

// Key is secret key used for signing. Please change the key in production
Key string `yaml:"key" mapstructure:"key"`

// Timeout is duration that a jwt token is valid, default duration is two days.
Timeout time.Duration `yaml:"timeout" mapstructure:"timeout"`

// MaxRefresh field allows clients to refresh their token until MaxRefresh has passed, default duration is two days.
MaxRefresh time.Duration `yaml:"maxRefresh" mapstructure:"maxRefresh"`
}

type DatabaseConfig struct {
// Database type.
Type string `yaml:"type" mapstructure:"type"`
Expand Down Expand Up @@ -324,6 +346,13 @@ func New() *Config {
Addr: DefaultRESTAddr,
},
},
Auth: AuthConfig{
JWT: JWTConfig{
Realm: DefaultJWTRealm,
Timeout: DefaultJWTTimeout,
MaxRefresh: DefaultJWTMaxRefresh,
},
},
Database: DatabaseConfig{
Type: DatabaseTypeMysql,
Mysql: MysqlConfig{
Expand Down Expand Up @@ -391,6 +420,22 @@ func (cfg *Config) Validate() error {
return errors.New("grpc requires parameter listenIP")
}

if cfg.Auth.JWT.Realm == "" {
return errors.New("jwt requires parameter realm")
}

if cfg.Auth.JWT.Key == "" {
return errors.New("jwt requires parameter key")
}

if cfg.Auth.JWT.Timeout == 0 {
return errors.New("jwt requires parameter timeout")
}

if cfg.Auth.JWT.MaxRefresh == 0 {
return errors.New("jwt requires parameter maxRefresh")
}

if cfg.Database.Type == "" {
return errors.New("database requires parameter type")
}
Expand Down
Loading

0 comments on commit 684469a

Please sign in to comment.