Skip to content

Commit

Permalink
Customize self issuer
Browse files Browse the repository at this point in the history
  • Loading branch information
Daniel Sincere committed Oct 15, 2024
1 parent a018c0b commit 34d6b72
Show file tree
Hide file tree
Showing 14 changed files with 33 additions and 3 deletions.
1 change: 1 addition & 0 deletions .env.development.sample
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,6 @@
DATABASE_URL=postgres://sincereauth:SincereAuthServer@localhost/sincereauth_dev
REDIS_URL=redis://localhost
SELF_ISSUER_ID: "com.fullqueuedeveloper.FQAuth"
APPLE_SERVICES_KEY=com.fullqueuedeveloper.FQAuthServer
APPLE_SERVICES_KEY_ID=com.fullqueuedeveloper.FQAuthServer
APPLE_TEAM_ID=FQDV1234
Expand Down
1 change: 1 addition & 0 deletions .env.testing.sample
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,7 @@
DB_SYMMETRIC_KEY=9/Vk5Rlzctc5tyX0SCmIJaRzEg+QgwWjlTzD0LMPqNY=
DATABASE_URL=postgres://sincereauth:SincereAuthServer@localhost/sincereauth_test
REDIS_URL=redis://localhost
SELF_ISSUER_ID: "com.fullqueuedeveloper.FQAuth"
APPLE_SERVICES_KEY_ID=com.fullqueuedeveloper.FQAuthServer
APPLE_TEAM_ID=FQDV1234
APPLE_APP_ID=com.fullqueuedeveloper.FQAuth
Expand Down
2 changes: 2 additions & 0 deletions .github/workflows/CI.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -143,6 +143,7 @@ jobs:
DATABASE_URL: "postgresql://postgres:postgres@localhost/postgres"
DB_SYMMETRIC_KEY: "9/Vk5Rlzctc5tyX0SCmIJaRzEg+QgwWjlTzD0LMPqNY="
REDIS_URL: "redis://localhost"
SELF_ISSUER_ID: "com.fullqueuedeveloper.FQAuth"
APPLE_SERVICES_KEY: "LS0tLS1CRUdJTiBFQyBQQVJBTUVURVJTLS0tLS0KQmdVcmdRUUFJdz09Ci0tLS0tRU5EIEVDIFBBUkFNRVRFUlMtLS0tLQotLS0tLUJFR0lOIEVDIFBSSVZBVEUgS0VZLS0tLS0KTUlIY0FnRUJCRUlCdXRBYnNFUjY1bVFnby9iKzJYcTVsaDZQTDhuRTJSRjZ0WjFDdWNmdW5UaWtyNDFwL3JhZwpYaXd6MTJVOWxoY211Y2wrWDh5MkVacUowQ0FXS0VhTHluYWdCd1lGSzRFRUFDT2hnWWtEZ1lZQUJBQm92SWc2CkNRREdkcjMxNlR6bEJXRG56SHIvWDVoSnVzbnpSY0E2WUpUS1RVMll2bXdCaHVGUFBiNit1MUttaUdkTnQ2N1EKTU16RjMxYjY0L0gwS3prQ1BnRVZicklMVkthNDlUbTdNQU1WT3dsUUxaVHBIck8xMVk2bVd5eERydEFCSXNDTApqNnBRMFhGNlZiNWNOT3RWL1BpMC9lcTIxY3UwV3h5aDNHODY2TlQ0T1E9PQotLS0tLUVORCBFQyBQUklWQVRFIEtFWS0tLS0tCg=="
APPLE_SERVICES_KEY_ID: "com.fullqueuedeveloper.FQAuthServer.AppleServicesKeyID"
APPLE_TEAM_ID: "FQDV1234"
Expand Down Expand Up @@ -198,6 +199,7 @@ jobs:
DATABASE_URL: "postgresql://myuser:mypassword@localhost/mydatabase"
DB_SYMMETRIC_KEY: "9/Vk5Rlzctc5tyX0SCmIJaRzEg+QgwWjlTzD0LMPqNY="
REDIS_URL: "redis://127.0.0.1:6379"
SELF_ISSUER_ID: "com.fullqueuedeveloper.FQAuth"
APPLE_SERVICES_KEY: "LS0tLS1CRUdJTiBFQyBQQVJBTUVURVJTLS0tLS0KQmdVcmdRUUFJdz09Ci0tLS0tRU5EIEVDIFBBUkFNRVRFUlMtLS0tLQotLS0tLUJFR0lOIEVDIFBSSVZBVEUgS0VZLS0tLS0KTUlIY0FnRUJCRUlCdXRBYnNFUjY1bVFnby9iKzJYcTVsaDZQTDhuRTJSRjZ0WjFDdWNmdW5UaWtyNDFwL3JhZwpYaXd6MTJVOWxoY211Y2wrWDh5MkVacUowQ0FXS0VhTHluYWdCd1lGSzRFRUFDT2hnWWtEZ1lZQUJBQm92SWc2CkNRREdkcjMxNlR6bEJXRG56SHIvWDVoSnVzbnpSY0E2WUpUS1RVMll2bXdCaHVGUFBiNit1MUttaUdkTnQ2N1EKTU16RjMxYjY0L0gwS3prQ1BnRVZicklMVkthNDlUbTdNQU1WT3dsUUxaVHBIck8xMVk2bVd5eERydEFCSXNDTApqNnBRMFhGNlZiNWNOT3RWL1BpMC9lcTIxY3UwV3h5aDNHODY2TlQ0T1E9PQotLS0tLUVORCBFQyBQUklWQVRFIEtFWS0tLS0tCg=="
APPLE_SERVICES_KEY_ID: "com.fullqueuedeveloper.FQAuthServer.AppleServicesKeyID"
APPLE_TEAM_ID: "FQDV1234"
Expand Down
1 change: 1 addition & 0 deletions Deploy/Fly.io/README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -12,6 +12,7 @@

- `AUTH_PRIVATE_KEY`: Base64. Output of `swish generate-jwt-key`
- `DB_SYMMETRIC_KEY`: output of `swish generate-db-key`
- `SELF_ISSUER_ID`: Custom name of your issuer. For example: `com.fullqueuedeveloper.MyAppServer`
- `APPLE_SERVICES_KEY`: Base64. Create under `Certificates, Identifiers & Profiles` > `Keys` or find here https://developer.apple.com/account/resources/authkeys/list
- `APPLE_SERVICES_KEY_ID`: ID of the `APPLE_SERVICES_KEY`
- `APPLE_TEAM_ID`: your Apple team ID. Looks like `ARST1234`
Expand Down
1 change: 1 addition & 0 deletions Deploy/Heroku/README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -13,6 +13,7 @@ Install heroku cli tool from Homebrew

- `AUTH_PRIVATE_KEY`: Base64. Output of `swish generate-jwt-key`
- `DB_SYMMETRIC_KEY`: output of `swish generate-db-key`
- `SELF_ISSUER_ID`: Custom name of your issuer. For example: `com.fullqueuedeveloper.MyAppServer`
- `APPLE_SERVICES_KEY`: Base64. Create under `Certificates, Identifiers & Profiles` > `Keys` or find here https://developer.apple.com/account/resources/authkeys/list
- `APPLE_SERVICES_KEY_ID`: ID of the `APPLE_SERVICES_KEY`
- `APPLE_TEAM_ID`: your Apple team ID. Looks like `ARST1234`
Expand Down
2 changes: 2 additions & 0 deletions Deploy/Kubernetes/1-sincereauth-secrets.sample.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -9,6 +9,8 @@ stringData:
DATABASE_URL: postgres://postgres/sincereauth_prod
REDIS_URL: redis://sincereauth_redis

SELF_ISSUER_ID: com.fullqueuedeveloper.FQAuth

# spx generate-db-key
DB_SYMMETRIC_KEY: 8MwwngvgA/fJhxBqY7CP3rWYPG1qDAJUZIHOvFQIZ5E=

Expand Down
5 changes: 5 additions & 0 deletions Deploy/Kubernetes/3-sincereauth-release.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -23,6 +23,11 @@ spec:
secretKeyRef:
name: sincereauth.secrets
key: REDIS_URL
- name: SELF_ISSUER_ID
valueFrom:
secretKeyRef:
name: sincereauth.secrets
key: SELF_ISSUER_ID
- name: AUTH_PRIVATE_KEY
valueFrom:
secretKeyRef:
Expand Down
5 changes: 5 additions & 0 deletions Deploy/Kubernetes/4-sincereauth-scheduled-queues.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -34,6 +34,11 @@ spec:
secretKeyRef:
name: sincereauth.secrets
key: AUTH_PRIVATE_KEY
- name: SELF_ISSUER_ID
valueFrom:
secretKeyRef:
name: sincereauth.secrets
key: SELF_ISSUER_ID
- name: APPLE_SERVICES_KEY
valueFrom:
secretKeyRef:
Expand Down
5 changes: 5 additions & 0 deletions Deploy/Kubernetes/5-sincereauth-queues.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -34,6 +34,11 @@ spec:
secretKeyRef:
name: sincereauth.secrets
key: AUTH_PRIVATE_KEY
- name: SELF_ISSUER_ID
valueFrom:
secretKeyRef:
name: sincereauth.secrets
key: SELF_ISSUER_ID
- name: APPLE_SERVICES_KEY
valueFrom:
secretKeyRef:
Expand Down
5 changes: 5 additions & 0 deletions Deploy/Kubernetes/6-sincereauth-app.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -35,6 +35,11 @@ spec:
secretKeyRef:
name: sincereauth.secrets
key: REDIS_URL
- name: SELF_ISSUER_ID
valueFrom:
secretKeyRef:
name: sincereauth.secrets
key: SELF_ISSUER_ID
- name: AUTH_PRIVATE_KEY
valueFrom:
secretKeyRef:
Expand Down
1 change: 1 addition & 0 deletions Deploy/Kubernetes/README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -23,6 +23,7 @@ Deployment guide for SincereAuth on Digital Ocean Kubernetes
6. DB_SYMMETRIC_KEY
7. DATABASE_URL
8. REDIS_URL
9. SELF_ISSUER_ID

3. Deploy the App

Expand Down
2 changes: 0 additions & 2 deletions Sources/SincereAuthServer/Auth/AuthConstant.swift
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,8 +3,6 @@ import Foundation
enum AuthConstant {
static let refreshTokenLifetime: TimeInterval = .oneDay * 90
static let accessTokenLifetime: TimeInterval = .oneDay * 30

static let selfIssuer: String = "com.fullqueuedeveloper.FQAuth"
}

extension TimeInterval {
Expand Down
2 changes: 1 addition & 1 deletion Sources/SincereAuthServer/Auth/FQAuthSessionToken.init.swift
View file
Original file line number Diff line number Diff line change
Expand Up @@ -9,6 +9,6 @@ extension SincereAuthSessionToken {
deviceName: deviceName,
roles: roles,
expiration: .init(value: now.addingTimeInterval(AuthConstant.accessTokenLifetime)),
iss: .init(value: AuthConstant.selfIssuer))
iss: .init(value: EnvVars.selfIssuerId.loadOrFatal()))
}
}
3 changes: 3 additions & 0 deletions Sources/SincereAuthServer/EnvVars.swift
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,9 @@ enum EnvVars: String, CaseIterable {
/// generate with `spx generate-jwt-key`
case authPrivateKey = "AUTH_PRIVATE_KEY"

/// Self issuer ID. What do you want your issuer's name to be?
case selfIssuerId = "SELF_ISSUER_ID"

/// from https://developer.apple.com/account/resources/authkeys/list
case appleServicesKey = "APPLE_SERVICES_KEY"
case appleServicesKeyId = "APPLE_SERVICES_KEY_ID"
Expand Down

0 comments on commit 34d6b72

Please sign in to comment.