✨ Allow overide the secret-key on setup module.

Usefull when using a pre-shared secret key.

backend/src/app/config.clj

@@ -87,6 +87,7 @@
    :initial-project-skey "initial-project"
    })
 
+(s/def ::secret-key ::us/string)
 (s/def ::allow-demo-users ::us/boolean)
 (s/def ::asserts-enabled ::us/boolean)
 (s/def ::assets-path ::us/string)
@@ -169,7 +170,8 @@
 (s/def ::tenant ::us/string)
 
 (s/def ::config
-  (s/keys :opt-un [::allow-demo-users
+  (s/keys :opt-un [::secret-key
+                   ::allow-demo-users
                    ::asserts-enabled
                    ::database-password
                    ::database-uri

backend/src/app/main.clj

@@ -45,7 +45,7 @@
     :redis-uri (cf/get :redis-uri)}
 
    :app.tokens/tokens
-   {:sprops (ig/ref :app.setup/props)}
+   {:props (ig/ref :app.setup/props)}
 
    :app.storage/gc-deleted-task
    {:pool     (ig/ref :app.db/pool)
@@ -257,7 +257,8 @@
     :host (cf/get :srepl-host)}
 
    :app.setup/props
-   {:pool (ig/ref :app.db/pool)}
+   {:pool (ig/ref :app.db/pool)
+    :key  (cf/get :secret-key)}
 
    :app.loggers.zmq/receiver
    {:endpoint (cf/get :loggers-zmq-uri)}

backend/src/app/setup.clj

@@ -29,16 +29,26 @@
       (initialize-instance-id! cfg)
       (retrieve-all cfg))))
 
+(def sql:upsert-secret-key
+  "insert into server_prop (id, preload, content)
+   values ('secret-key', true, ?::jsonb)
+   on conflict (id) do update set content = ?::jsonb")
+
+(def sql:insert-secret-key
+  "insert into server_prop (id, preload, content)
+   values ('secret-key', true, ?::jsonb)
+   on conflict (id) do nothing")
+
 (defn- initialize-secret-key!
-  [{:keys [conn] :as cfg}]
-  (let [key (-> (bn/random-bytes 64)
-                (bc/bytes->b64u)
-                (bc/bytes->str))]
-    (db/insert! conn :server-prop
-                {:id "secret-key"
-                 :preload true
-                 :content (db/tjson key)}
-                {:on-conflict-do-nothing true})))
+  [{:keys [conn key] :as cfg}]
+  (if key
+    (let [key (db/tjson key)]
+      (db/exec-one! conn [sql:upsert-secret-key key key]))
+    (let [key (-> (bn/random-bytes 64)
+                  (bc/bytes->b64u)
+                  (bc/bytes->str))
+          key (db/tjson key)]
+      (db/exec-one! conn [sql:insert-secret-key key]))))
 
 (defn- initialize-instance-id!
   [{:keys [conn] :as cfg}]

backend/src/app/tokens.clj

@@ -51,11 +51,11 @@
     claims))
 
 (s/def ::secret-key ::us/string)
-(s/def ::sprops
+(s/def ::props
   (s/keys :req-un [::secret-key]))
 
 (defmethod ig/pre-init-spec ::tokens [_]
-  (s/keys :req-un [::sprops]))
+  (s/keys :req-un [::props]))
 
 (defn- generate-predefined
   [cfg {:keys [iss profile-id] :as params}]
@@ -71,8 +71,8 @@
               :hint "no predefined token")))
 
 (defmethod ig/init-key ::tokens
-  [_ {:keys [sprops] :as cfg}]
-  (let [secret (derive-tokens-secret (:secret-key sprops))
+  [_ {:keys [props] :as cfg}]
+  (let [secret (derive-tokens-secret (:secret-key props))
         cfg    (assoc cfg ::secret secret)]
     (fn [action params]
       (case action