From d1cce4461665c2f989537826e9b9365059f642d1 Mon Sep 17 00:00:00 2001
From: Andrey Antukh <niwi@niwi.nz>
Date: Tue, 6 Jul 2021 10:42:24 +0200
Subject: [PATCH] :tada: Add keys namespace.

A modularized approach for key derivation.
---
 backend/scripts/build             |  1 +
 backend/src/app/loggers/audit.clj |  1 +
 backend/src/app/main.clj          |  5 ++++-
 backend/src/app/setup/keys.clj    | 29 +++++++++++++++++++++++++++++
 backend/src/app/tokens.clj        | 25 +++++++------------------
 5 files changed, 42 insertions(+), 19 deletions(-)
 create mode 100644 backend/src/app/setup/keys.clj

diff --git a/backend/scripts/build b/backend/scripts/build
index f1d9e03a4..865fed48b 100755
--- a/backend/scripts/build
+++ b/backend/scripts/build
@@ -49,6 +49,7 @@
 
 ;; Create the application jar
 (spit "./target/dist/version.txt" version)
+
 (-> ($ jar cvf "./target/dist/deps/app.jar" -C ~(first classpath-paths) ".") check)
 (-> ($ jar uvf "./target/dist/deps/app.jar" -C "./target/dist" "version.txt") check)
 (run! (fn [item]
diff --git a/backend/src/app/loggers/audit.clj b/backend/src/app/loggers/audit.clj
index deb58cfd4..835a8acff 100644
--- a/backend/src/app/loggers/audit.clj
+++ b/backend/src/app/loggers/audit.clj
@@ -50,6 +50,7 @@
                            (assoc k (name v))))
                        {}
                        props))]
+
     (update event :props #(-> % clean-common clean-profile-id clean-complex-data))))
 
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
diff --git a/backend/src/app/main.clj b/backend/src/app/main.clj
index 2125f087d..da576cf62 100644
--- a/backend/src/app/main.clj
+++ b/backend/src/app/main.clj
@@ -44,7 +44,7 @@
     :redis-uri (cf/get :redis-uri)}
 
    :app.tokens/tokens
-   {:props (ig/ref :app.setup/props)}
+   {:keys (ig/ref :app.setup/keys)}
 
    :app.storage/gc-deleted-task
    {:pool     (ig/ref :app.db/pool)
@@ -282,6 +282,9 @@
    {:pool (ig/ref :app.db/pool)
     :key  (cf/get :secret-key)}
 
+   :app.setup/keys
+   {:props (ig/ref :app.setup/props)}
+
    :app.loggers.zmq/receiver
    {:endpoint (cf/get :loggers-zmq-uri)}
 
diff --git a/backend/src/app/setup/keys.clj b/backend/src/app/setup/keys.clj
new file mode 100644
index 000000000..4618fa494
--- /dev/null
+++ b/backend/src/app/setup/keys.clj
@@ -0,0 +1,29 @@
+;; This Source Code Form is subject to the terms of the Mozilla Public
+;; License, v. 2.0. If a copy of the MPL was not distributed with this
+;; file, You can obtain one at http://mozilla.org/MPL/2.0/.
+;;
+;; Copyright (c) UXBOX Labs SL
+
+(ns app.setup.keys
+  "Keys derivation service."
+  (:require
+   [app.common.spec :as us]
+   [buddy.core.kdf :as bk]
+   [clojure.spec.alpha :as s]
+   [integrant.core :as ig]))
+
+(s/def ::secret-key ::us/string)
+(s/def ::props (s/keys :req-un [::secret-key]))
+
+(defmethod ig/pre-init-spec :app.setup/keys [_]
+  (s/keys :req-un [::props]))
+
+(defmethod ig/init-key :app.setup/keys
+  [_ {:keys [props] :as cfg}]
+  (fn [& {:keys [salt size]}]
+    (let [engine (bk/engine {:key (:secret-key props)
+                             :salt salt
+                             :alg :hkdf
+                             :digest :blake2b-512})]
+      (bk/get-bytes engine 32))))
+
diff --git a/backend/src/app/tokens.clj b/backend/src/app/tokens.clj
index 5c96c1980..efff646d1 100644
--- a/backend/src/app/tokens.clj
+++ b/backend/src/app/tokens.clj
@@ -11,19 +11,10 @@
    [app.common.spec :as us]
    [app.common.transit :as t]
    [app.util.time :as dt]
-   [buddy.core.kdf :as bk]
    [buddy.sign.jwe :as jwe]
    [clojure.spec.alpha :as s]
    [integrant.core :as ig]))
 
-(defn- derive-tokens-secret
-  [key]
-  (let [engine (bk/engine {:key key
-                           :salt "tokens"
-                           :alg :hkdf
-                           :digest :blake2b-512})]
-    (bk/get-bytes engine 32)))
-
 (defn- generate
   [cfg claims]
   (let [payload (t/encode claims)]
@@ -50,13 +41,6 @@
                 :params params))
     claims))
 
-(s/def ::secret-key ::us/string)
-(s/def ::props
-  (s/keys :req-un [::secret-key]))
-
-(defmethod ig/pre-init-spec ::tokens [_]
-  (s/keys :req-un [::props]))
-
 (defn- generate-predefined
   [cfg {:keys [iss profile-id] :as params}]
   (case iss
@@ -70,9 +54,14 @@
               :code :not-implemented
               :hint "no predefined token")))
 
+(s/def ::keys fn?)
+
+(defmethod ig/pre-init-spec ::tokens [_]
+  (s/keys :req-un [::keys]))
+
 (defmethod ig/init-key ::tokens
-  [_ {:keys [props] :as cfg}]
-  (let [secret (derive-tokens-secret (:secret-key props))
+  [_ {:keys [keys] :as cfg}]
+  (let [secret (keys :salt "tokens" :size 32)
         cfg    (assoc cfg ::secret secret)]
     (fn [action params]
       (case action