Verified Commit a80b9e7e authored by Sebastian Schüpbach's avatar Sebastian Schüpbach
Browse files

use jwt key password from envvar

parent 8cc8dd46
Pipeline #25756 passed with stages
in 3 minutes
......@@ -2,11 +2,11 @@ package main
import (
"fmt"
"strings"
"github.com/BurntSushi/toml"
"gitlab.switch.ch/memoriav/memobase-2020/services/streaming-server/pkg/memostream"
"log"
"os"
"strings"
"time"
)
......@@ -95,40 +95,64 @@ func LoadConfig(filepath string) Config {
if err != nil {
log.Fatalln("Error on loading config: ", err)
}
dsn := os.Getenv("DSN")
jwtKey, exists := os.LookupEnv("JWT_KEY")
if exists {
log.Printf("Load JWT key from envvar JWT_KEY")
conf.JwtKey = jwtKey
} else {
log.Printf("Load JWT key from config file")
}
jwtAlg, exists := os.LookupEnv("JWT_ALGORITHM")
if exists {
log.Printf("Load JWT algorithm from envvar JWT_ALGORITHM")
conf.JwtAlg = strings.Split(jwtAlg, ",")
} else {
log.Printf("Load JWT algorithm from config file")
}
dsn, exists := os.LookupEnv("DSN")
if exists {
log.Printf("Load DSN from envvar DSN")
conf.ResolverDBMySQL.Dsn = dsn
// removed because of security issues with password in logfile
//log.Printf("DSN from Environment: [%s]", conf.ResolverDBMySQL.Dsn)
} else {
mariadb_user, exists := os.LookupEnv("MARIADB_USER")
mariadbUser, exists := os.LookupEnv("MARIADB_USER")
if !exists {
log.Fatalln("No Mariadb user defined!")
} else {
log.Printf("Load MariaDB user from envvar MARIADB_USER")
}
mariadb_password, exists := os.LookupEnv("MARIADB_PASSWORD")
mariadbPassword, exists := os.LookupEnv("MARIADB_PASSWORD")
if !exists {
log.Fatalln("No Mariadb password defined!")
} else {
log.Printf("Load MariaDB password from envvar MARIADB_PASSWORD")
}
mariadb_host, exists := os.LookupEnv("MARIADB_HOST")
mariadbHost, exists := os.LookupEnv("MARIADB_HOST")
if !exists {
log.Fatalln("No Mariadb host defined!")
} else {
log.Printf("Load MariaDB host from envvar MARIADB_HOST")
}
mariadb_port, exists := os.LookupEnv("MARIADB_PORT")
mariadbPort, exists := os.LookupEnv("MARIADB_PORT")
if !exists {
log.Fatalln("No Mariadb port defined!")
} else {
log.Printf("Load MariaDB port from envvar MARIADB_PORT")
}
mariadb_database, exists := os.LookupEnv("MARIADB_DATABASE")
mariadbDatabase, exists := os.LookupEnv("MARIADB_DATABASE")
if !exists {
log.Fatalln("No Mariadb database defined!")
} else {
log.Printf("Load MariaDB database from envvar MARIADB_DATABASE")
}
conf.ResolverDBMySQL.Dsn = fmt.Sprintf(
"%s:%s@tcp(%s:%s)/%s",
strings.Trim(mariadb_user, "\n"),
strings.Trim(mariadb_password, "\n"),
mariadb_host,
mariadb_port,
mariadb_database,
strings.Trim(mariadbUser, "\n"),
strings.Trim(mariadbPassword, "\n"),
mariadbHost,
mariadbPort,
mariadbDatabase,
)
// removed because of security issues with password in logfile
log.Printf("DSN from Config: [%s]", conf.ResolverDBMySQL.Dsn)
......
......@@ -13,5 +13,7 @@ k8sIIIFHost: iiif.memobase.k8s.unibas.ch
mariadbDatabaseConfigs: prod-mariadb-db-medienserver-configs
mariadbUserSecrets: prod-mariadb-user-medienserver-secrets
accessTokenSecrets: prod-access-token-secrets
mediaVolumeClaimName: "media-volume-claim"
mediaFolderRootPath: "/data"
......@@ -13,5 +13,7 @@ k8sIIIFHost: iiif-stage.memobase.k8s.unibas.ch
mariadbDatabaseConfigs: stage-mariadb-db-medienserver-configs
mariadbUserSecrets: stage-mariadb-user-medienserver-secrets
accessTokenSecrets: stage-access-token-secrets
mediaVolumeClaimName: stage-media-volume-claim
mediaFolderRootPath: "/data"
......@@ -13,5 +13,7 @@ k8sIIIFHost: "iiif-test.memobase.k8s.unibas.ch"
mariadbDatabaseConfigs: test-mariadb-db-medienserver-configs
mariadbUserSecrets: test-mariadb-user-medienserver-secrets
accessTokenSecrets: test-access-token-secrets
mediaVolumeClaimName: test-media-volume-claim
mediaFolderRootPath: "/data"
......@@ -11,8 +11,8 @@ staticprefix = "/static/"
urlprefix = "/memo/" # prefix for accessing signature based content
# http://localhost:81/command/clearcache?auth=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiJjbWQ6Y2xlYXJjYWNoZSIsImV4cCI6MTgxNjIzOTAyMn0.M_Y6R4yMAFEyo534-SXAffPwdHv929WcuSgQUcjiz10
cmdprefix = "/command/"
jwtkey = "swordfish"
jwtalg = ["HS256", "HS384", "HS512"] # "hs256" "hs384" "hs512" "es256" "es384" "es512" "ps256" "ps384" "ps512"
# jwtkey = "swordfish"
# jwtalg = ["HS256", "HS384", "HS512"] # "hs256" "hs384" "hs512" "es256" "es384" "es512" "ps256" "ps384" "ps512"
resolverCacheSize = 1000
errorTemplate = "/app/templates/error.gohtml" # error message for memoHandler
baseurl = "https://media.memobase.k8s.unibas.ch/"
......
......@@ -11,8 +11,8 @@ staticprefix = "/static/"
urlprefix = "/memo/" # prefix for accessing signature based content
# http://localhost:81/command/clearcache?auth=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiJjbWQ6Y2xlYXJjYWNoZSIsImV4cCI6MTgxNjIzOTAyMn0.M_Y6R4yMAFEyo534-SXAffPwdHv929WcuSgQUcjiz10
cmdprefix = "/command/"
jwtkey = "swordfish"
jwtalg = ["HS256", "HS384", "HS512"] # "hs256" "hs384" "hs512" "es256" "es384" "es512" "ps256" "ps384" "ps512"
# jwtkey = "swordfish"
# jwtalg = ["HS256", "HS384", "HS512"] # "hs256" "hs384" "hs512" "es256" "es384" "es512" "ps256" "ps384" "ps512"
resolverCacheSize = 1000
errorTemplate = "/app/templates/error.gohtml" # error message for memoHandler
baseurl = "https://media-stage.memobase.k8s.unibas.ch/"
......
......@@ -41,6 +41,16 @@ spec:
secretKeyRef:
name: {{ .Values.mariadbUserSecrets }}
key: MARIADB_USER
- name: JWT_KEY
valueFrom:
secretKeyRef:
name: {{ .Values.jwtKeySecrets }}
key: JWT_KEY
- name: JWT_ALGORITHM
valueFrom:
secretKeyRef:
name: {{ .Values.jwtKeySecrets }}
key: JWT_ALGORITHM
ports:
- containerPort: {{ .Values.k8sPort }}
name: http
......
......@@ -11,8 +11,8 @@ staticprefix = "/static/"
urlprefix = "/memo/" # prefix for accessing signature based content
# http://localhost:81/command/clearcache?auth=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiJjbWQ6Y2xlYXJjYWNoZSIsImV4cCI6MTgxNjIzOTAyMn0.M_Y6R4yMAFEyo534-SXAffPwdHv929WcuSgQUcjiz10
cmdprefix = "/command/"
jwtkey = "swordfish"
jwtalg = ["HS256", "HS384", "HS512"] # "hs256" "hs384" "hs512" "es256" "es384" "es512" "ps256" "ps384" "ps512"
# jwtkey = "swordfish"
# jwtalg = ["HS256", "HS384", "HS512"] # "hs256" "hs384" "hs512" "es256" "es384" "es512" "ps256" "ps384" "ps512"
resolverCacheSize = 1000
errorTemplate = "/app/templates/error.gohtml" # error message for memoHandler
baseurl = "https://media-test.memobase.k8s.unibas.ch/"
......
......@@ -19,5 +19,7 @@ k8sIIIFHost: placeholder
mariadbDatabaseConfigs: placeholder
mariadbUserSecrets: placeholder
accessTokenSecrets: placeholder
mediaVolumeClaimName: placeholder
mediaFolderRootPath: placeholder
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment