mirror of
https://github.com/penpot/penpot.git
synced 2025-01-23 23:18:48 -05:00
🎉 Add keys namespace.
A modularized approach for key derivation.
This commit is contained in:
parent
c02638e10e
commit
d1cce44616
5 changed files with 42 additions and 19 deletions
|
@ -49,6 +49,7 @@
|
|||
|
||||
;; Create the application jar
|
||||
(spit "./target/dist/version.txt" version)
|
||||
|
||||
(-> ($ jar cvf "./target/dist/deps/app.jar" -C ~(first classpath-paths) ".") check)
|
||||
(-> ($ jar uvf "./target/dist/deps/app.jar" -C "./target/dist" "version.txt") check)
|
||||
(run! (fn [item]
|
||||
|
|
|
@ -50,6 +50,7 @@
|
|||
(assoc k (name v))))
|
||||
{}
|
||||
props))]
|
||||
|
||||
(update event :props #(-> % clean-common clean-profile-id clean-complex-data))))
|
||||
|
||||
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
|
||||
|
|
|
@ -44,7 +44,7 @@
|
|||
:redis-uri (cf/get :redis-uri)}
|
||||
|
||||
:app.tokens/tokens
|
||||
{:props (ig/ref :app.setup/props)}
|
||||
{:keys (ig/ref :app.setup/keys)}
|
||||
|
||||
:app.storage/gc-deleted-task
|
||||
{:pool (ig/ref :app.db/pool)
|
||||
|
@ -282,6 +282,9 @@
|
|||
{:pool (ig/ref :app.db/pool)
|
||||
:key (cf/get :secret-key)}
|
||||
|
||||
:app.setup/keys
|
||||
{:props (ig/ref :app.setup/props)}
|
||||
|
||||
:app.loggers.zmq/receiver
|
||||
{:endpoint (cf/get :loggers-zmq-uri)}
|
||||
|
||||
|
|
29
backend/src/app/setup/keys.clj
Normal file
29
backend/src/app/setup/keys.clj
Normal file
|
@ -0,0 +1,29 @@
|
|||
;; This Source Code Form is subject to the terms of the Mozilla Public
|
||||
;; License, v. 2.0. If a copy of the MPL was not distributed with this
|
||||
;; file, You can obtain one at http://mozilla.org/MPL/2.0/.
|
||||
;;
|
||||
;; Copyright (c) UXBOX Labs SL
|
||||
|
||||
(ns app.setup.keys
|
||||
"Keys derivation service."
|
||||
(:require
|
||||
[app.common.spec :as us]
|
||||
[buddy.core.kdf :as bk]
|
||||
[clojure.spec.alpha :as s]
|
||||
[integrant.core :as ig]))
|
||||
|
||||
(s/def ::secret-key ::us/string)
|
||||
(s/def ::props (s/keys :req-un [::secret-key]))
|
||||
|
||||
(defmethod ig/pre-init-spec :app.setup/keys [_]
|
||||
(s/keys :req-un [::props]))
|
||||
|
||||
(defmethod ig/init-key :app.setup/keys
|
||||
[_ {:keys [props] :as cfg}]
|
||||
(fn [& {:keys [salt size]}]
|
||||
(let [engine (bk/engine {:key (:secret-key props)
|
||||
:salt salt
|
||||
:alg :hkdf
|
||||
:digest :blake2b-512})]
|
||||
(bk/get-bytes engine 32))))
|
||||
|
|
@ -11,19 +11,10 @@
|
|||
[app.common.spec :as us]
|
||||
[app.common.transit :as t]
|
||||
[app.util.time :as dt]
|
||||
[buddy.core.kdf :as bk]
|
||||
[buddy.sign.jwe :as jwe]
|
||||
[clojure.spec.alpha :as s]
|
||||
[integrant.core :as ig]))
|
||||
|
||||
(defn- derive-tokens-secret
|
||||
[key]
|
||||
(let [engine (bk/engine {:key key
|
||||
:salt "tokens"
|
||||
:alg :hkdf
|
||||
:digest :blake2b-512})]
|
||||
(bk/get-bytes engine 32)))
|
||||
|
||||
(defn- generate
|
||||
[cfg claims]
|
||||
(let [payload (t/encode claims)]
|
||||
|
@ -50,13 +41,6 @@
|
|||
:params params))
|
||||
claims))
|
||||
|
||||
(s/def ::secret-key ::us/string)
|
||||
(s/def ::props
|
||||
(s/keys :req-un [::secret-key]))
|
||||
|
||||
(defmethod ig/pre-init-spec ::tokens [_]
|
||||
(s/keys :req-un [::props]))
|
||||
|
||||
(defn- generate-predefined
|
||||
[cfg {:keys [iss profile-id] :as params}]
|
||||
(case iss
|
||||
|
@ -70,9 +54,14 @@
|
|||
:code :not-implemented
|
||||
:hint "no predefined token")))
|
||||
|
||||
(s/def ::keys fn?)
|
||||
|
||||
(defmethod ig/pre-init-spec ::tokens [_]
|
||||
(s/keys :req-un [::keys]))
|
||||
|
||||
(defmethod ig/init-key ::tokens
|
||||
[_ {:keys [props] :as cfg}]
|
||||
(let [secret (derive-tokens-secret (:secret-key props))
|
||||
[_ {:keys [keys] :as cfg}]
|
||||
(let [secret (keys :salt "tokens" :size 32)
|
||||
cfg (assoc cfg ::secret secret)]
|
||||
(fn [action params]
|
||||
(case action
|
||||
|
|
Loading…
Add table
Reference in a new issue