diff options
-rw-r--r-- | back-end/src/Endpoints/BmAccountEndpoint.cs | 35 | ||||
-rw-r--r-- | back-end/src/SimpleBookmark.csproj | 8 | ||||
-rw-r--r-- | ci/container/Dockerfile | 1 | ||||
-rw-r--r-- | ci/container/Taskfile.yaml | 4 | ||||
-rw-r--r-- | ci/container/config-templates/SimpleBookmark-template.json | 4 | ||||
-rw-r--r-- | ci/container/docker-compose.yaml | 1 |
6 files changed, 20 insertions, 33 deletions
diff --git a/back-end/src/Endpoints/BmAccountEndpoint.cs b/back-end/src/Endpoints/BmAccountEndpoint.cs index 9b57d39..e9401fa 100644 --- a/back-end/src/Endpoints/BmAccountEndpoint.cs +++ b/back-end/src/Endpoints/BmAccountEndpoint.cs @@ -79,7 +79,7 @@ namespace SimpleBookmark.Endpoints * long term exposure of a signing key. * */ - AuthMan = new JwtAuthManager(); + AuthMan = new JwtAuthManager(64); if(config.TryGetProperty("key_regen_interval_mins", p => p.GetTimeSpan(TimeParseType.Minutes), out TimeSpan regen)) { @@ -333,52 +333,39 @@ namespace SimpleBookmark.Endpoints return base.DeleteAsync(entity); } - private sealed class JwtAuthManager() : IIntervalScheduleable + private sealed class JwtAuthManager(int keySize) : IIntervalScheduleable { /* * Random signing keys are rotated on the configured expiration * interval. */ - private byte[] secretKey = RandomHash.GetRandomBytes(64); + private byte[] secretKey = RandomHash.GetRandomBytes(keySize); Task IIntervalScheduleable.OnIntervalAsync(ILogProvider log, CancellationToken cancellationToken) { - secretKey = RandomHash.GetRandomBytes(64); + secretKey = RandomHash.GetRandomBytes(keySize); return Task.CompletedTask; } - public void SignJwt(JsonWebToken jwt) - { - if (ManagedHash.IsAlgSupported(HashAlg.BlAKE2B)) - { - jwt.Sign(secretKey, HashAlg.BlAKE2B); - } - else if (ManagedHash.IsAlgSupported(HashAlg.SHA3_256)) - { - jwt.Sign(secretKey, HashAlg.SHA3_256); - } - else - { - //fallback to sha256 - jwt.Sign(secretKey, HashAlg.SHA256); - } - } + public void SignJwt(JsonWebToken jwt) => jwt.Sign(secretKey, GetHashAlg()); + + public bool VerifyJwt(JsonWebToken jwt) => jwt.Verify(secretKey, GetHashAlg()); - public bool VerifyJwt(JsonWebToken jwt) + private static HashAlg GetHashAlg() { if (ManagedHash.IsAlgSupported(HashAlg.BlAKE2B)) { - return jwt.Verify(secretKey, HashAlg.BlAKE2B); + return HashAlg.BlAKE2B; } else if (ManagedHash.IsAlgSupported(HashAlg.SHA3_256)) { - return jwt.Verify(secretKey, HashAlg.SHA3_256); + return HashAlg.SHA3_256; } else { //fallback to sha256 - return jwt.Verify(secretKey, HashAlg.SHA256); + return HashAlg.SHA256; } } } diff --git a/back-end/src/SimpleBookmark.csproj b/back-end/src/SimpleBookmark.csproj index 03d3b03..609144b 100644 --- a/back-end/src/SimpleBookmark.csproj +++ b/back-end/src/SimpleBookmark.csproj @@ -34,10 +34,10 @@ <ItemGroup> <PackageReference Include="MemoryPack" Version="1.10.0" /> - <PackageReference Include="VNLib.Plugins.Extensions.Data" Version="0.1.0-ci0049" /> - <PackageReference Include="VNLib.Plugins.Extensions.Loading" Version="0.1.0-ci0049" /> - <PackageReference Include="VNLib.Plugins.Extensions.Loading.Sql" Version="0.1.0-ci0049" /> - <PackageReference Include="VNLib.Plugins.Extensions.Validation" Version="0.1.0-ci0049" /> + <PackageReference Include="VNLib.Plugins.Extensions.Data" Version="0.1.0-ci0050" /> + <PackageReference Include="VNLib.Plugins.Extensions.Loading" Version="0.1.0-ci0050" /> + <PackageReference Include="VNLib.Plugins.Extensions.Loading.Sql" Version="0.1.0-ci0050" /> + <PackageReference Include="VNLib.Plugins.Extensions.Validation" Version="0.1.0-ci0050" /> <PackageReference Include="VNLib.Plugins.Extensions.VNCache" Version="0.1.0-ci0052" /> </ItemGroup> diff --git a/ci/container/Dockerfile b/ci/container/Dockerfile index 365f1c7..6804a6e 100644 --- a/ci/container/Dockerfile +++ b/ci/container/Dockerfile @@ -54,6 +54,7 @@ ENV VNLIB_ARGON2_DLL_PATH=/app/lib/libargon2.so #set default env variables ENV MAX_BOOKMARKS=5000 +ENV REG_TOKEN_DURATION_MIN=360 #SQL Config ENV SQL_LIB_PATH=VNLib.Plugins.Extensions.Sql.SQLite.dll diff --git a/ci/container/Taskfile.yaml b/ci/container/Taskfile.yaml index bbf2b30..97548dc 100644 --- a/ci/container/Taskfile.yaml +++ b/ci/container/Taskfile.yaml @@ -32,9 +32,7 @@ tasks: #build rpmalloc library - cd lib/vnlib_rpmalloc/ && task && cp build/libvn_rpmalloc.so {{.OUT_DIR}}/libvn_rpmalloc.so #install zlib and brotli native libraries from the source repos (they dont have active releases anymore :() - - mkdir -p lib/third-party - - cd lib/third-party && git clone https://github.com/cloudflare/zlib.git - - cd lib/third-party && git clone https://github.com/google/brotli.git + - cd lib/vnlib_compress/ && task && cp build/libvn_compress.so {{.OUT_DIR}}/libvn_compress.so #build native compression lib and put in lib dir - cd lib/vnlib_compress && cmake -B./build && cmake --build build/ --config Release && cp build/libvn_compress.so {{.OUT_DIR}}/libvn_compress.so diff --git a/ci/container/config-templates/SimpleBookmark-template.json b/ci/container/config-templates/SimpleBookmark-template.json index 6f39001..a64a10a 100644 --- a/ci/container/config-templates/SimpleBookmark-template.json +++ b/ci/container/config-templates/SimpleBookmark-template.json @@ -16,7 +16,7 @@ "registration": { "path": "/api/register", //Path for the registration endpoint - "token_lifetime_mins": 360, //Token lifetime in minutes - "key_regen_interval_mins": 3600 //Signing key regeneration interval in minutes + "token_lifetime_mins": ${REG_TOKEN_DURATION_MIN}, //Token lifetime in minutes + "key_regen_interval_mins": ${REG_TOKEN_DURATION_MIN}0 //Signing key regeneration interval in minutes } }
\ No newline at end of file diff --git a/ci/container/docker-compose.yaml b/ci/container/docker-compose.yaml index 92745dd..eb28055 100644 --- a/ci/container/docker-compose.yaml +++ b/ci/container/docker-compose.yaml @@ -16,6 +16,7 @@ services: - 8080:8080 environment: MAX_BOOKMARKS: "5000" + REG_TOKEN_DURATION_MIN: "360" #6 hours #SQL Config SQL_LIB_PATH: "VNLib.Plugins.Extensions.Sql.SQLite.dll" SQL_CONNECTION_STRING: "Data Source=data/simple-bookmark.db;" |