admin/hspguard
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: new env variable for server URI

Browse Source
This commit is contained in:
Amir Adal
2025-06-06 12:04:25 +02:00
parent 2b40e4e922
commit 83e3e5a2e9
7 changed files with 11 additions and 13 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
.env.example
View File

@ -1,6 +1,7 @@
GUARD_PORT=3001 GUARD_PORT=3001
GUARD_HOST="127.0.0.1" GUARD_HOST="127.0.0.1"
GUARD_URI="http://localhost:3001"
GUARD_DB_URL="postgres://<user>:<user>@<host>:<port>/<db>?sslmode=disable" GUARD_DB_URL="postgres://<user>:<user>@<host>:<port>/<db>?sslmode=disable"
@ -11,7 +12,6 @@ GUARD_ADMIN_PASSWORD="secret"
GUARD_JWT_PRIVATE="rsa" GUARD_JWT_PRIVATE="rsa"
GUARD_JWT_PUBLIC="rsa" GUARD_JWT_PUBLIC="rsa"
GUARD_JWT_KID="my-rsa-key-1" GUARD_JWT_KID="my-rsa-key-1"
GUARD_JWT_ISSUER="http://localhost:3001"
GUARD_MINIO_ENDPOINT="localhost:9000" GUARD_MINIO_ENDPOINT="localhost:9000"
GUARD_MINIO_ACCESS_KEY="" GUARD_MINIO_ACCESS_KEY=""
@ -20,5 +20,3 @@ GUARD_MINIO_SECRET_KEY=""
GOOSE_DRIVER="postgres" GOOSE_DRIVER="postgres"
GOOSE_DBSTRING=$DATABASE_URL GOOSE_DBSTRING=$DATABASE_URL
GOOSE_MIGRATION_DIR="./migrations" GOOSE_MIGRATION_DIR="./migrations"

2
Dockerfile
View File

@ -33,6 +33,7 @@ COPY --from=frontend-builder /app/dist ./dist
ENV ENV=production \ ENV ENV=production \
GUARD_PORT=3001 \ GUARD_PORT=3001 \
GUARD_HOST="127.0.0.1" \ GUARD_HOST="127.0.0.1" \
GUARD_URI="http://localhost:3001" \
GUARD_DB_URL="postgres://user:user@localhost:5432/db?sslmode=disable" \ GUARD_DB_URL="postgres://user:user@localhost:5432/db?sslmode=disable" \
GUARD_ADMIN_NAME="admin" \ GUARD_ADMIN_NAME="admin" \
GUARD_ADMIN_EMAIL="admin@test.net" \ GUARD_ADMIN_EMAIL="admin@test.net" \
@ -40,7 +41,6 @@ ENV ENV=production \
GUARD_JWT_PRIVATE="rsa" \ GUARD_JWT_PRIVATE="rsa" \
GUARD_JWT_PUBLIC="rsa" \ GUARD_JWT_PUBLIC="rsa" \
GUARD_JWT_KID="my-rsa-key-1" \ GUARD_JWT_KID="my-rsa-key-1" \
GUARD_JWT_ISSUER="http://localhost:3001" \
GUARD_MINIO_ENDPOINT="localhost:9000" \ GUARD_MINIO_ENDPOINT="localhost:9000" \
GUARD_MINIO_ACCESS_KEY="" \ GUARD_MINIO_ACCESS_KEY="" \
GUARD_MINIO_SECRET_KEY="" \ GUARD_MINIO_SECRET_KEY="" \

4
internal/auth/routes.go
View File

@ -29,7 +29,7 @@ func (h *AuthHandler) signTokens(user *repository.User) (string, string, error)
UserEmail: user.Email, UserEmail: user.Email,
IsAdmin: user.IsAdmin, IsAdmin: user.IsAdmin,
RegisteredClaims: jwt.RegisteredClaims{ RegisteredClaims: jwt.RegisteredClaims{
Issuer: h.cfg.Jwt.Issuer, Issuer: h.cfg.Uri,
Subject: user.ID.String(), Subject: user.ID.String(),
IssuedAt: jwt.NewNumericDate(time.Now()), IssuedAt: jwt.NewNumericDate(time.Now()),
ExpiresAt: jwt.NewNumericDate(time.Now().Add(15 * time.Minute)), ExpiresAt: jwt.NewNumericDate(time.Now().Add(15 * time.Minute)),
@ -45,7 +45,7 @@ func (h *AuthHandler) signTokens(user *repository.User) (string, string, error)
UserEmail: user.Email, UserEmail: user.Email,
IsAdmin: user.IsAdmin, IsAdmin: user.IsAdmin,
RegisteredClaims: jwt.RegisteredClaims{ RegisteredClaims: jwt.RegisteredClaims{
Issuer: h.cfg.Jwt.Issuer, Issuer: h.cfg.Uri,
Subject: user.ID.String(), Subject: user.ID.String(),
IssuedAt: jwt.NewNumericDate(time.Now()), IssuedAt: jwt.NewNumericDate(time.Now()),
ExpiresAt: jwt.NewNumericDate(time.Now().Add(30 * 24 * time.Hour)), ExpiresAt: jwt.NewNumericDate(time.Now().Add(30 * 24 * time.Hour)),

1
internal/config/jwt.go
View File

@ -4,5 +4,4 @@ type JwtConfig struct {
PrivateKey string `env:"GUARD_JWT_PRIVATE" required:"true"` PrivateKey string `env:"GUARD_JWT_PRIVATE" required:"true"`
PublicKey string `env:"GUARD_JWT_PUBLIC" required:"true"` PublicKey string `env:"GUARD_JWT_PUBLIC" required:"true"`
KID string `env:"GUARD_JWT_KID" default:"guard-rsa"` KID string `env:"GUARD_JWT_KID" default:"guard-rsa"`
Issuer string `env:"GUARD_JWT_ISSUER" required:"true"`
} }

1
internal/config/mod.go
View File

@ -12,6 +12,7 @@ import (
type AppConfig struct { type AppConfig struct {
Port string `env:"GUARD_PORT" default:"3001"` Port string `env:"GUARD_PORT" default:"3001"`
Host string `env:"GUARD_HOST" default:"127.0.0.1"` Host string `env:"GUARD_HOST" default:"127.0.0.1"`
Uri string `env:"GUARD_URI" default:"http://127.0.0.1:3001"`
DatabaseURL string `env:"GUARD_DB_URL" required:"true"` DatabaseURL string `env:"GUARD_DB_URL" required:"true"`
Admin AdminConfig Admin AdminConfig
Jwt JwtConfig Jwt JwtConfig

10
internal/oauth/openid.go
View File

@ -23,11 +23,11 @@ func (h *OAuthHandler) OpenIdConfiguration(w http.ResponseWriter, r *http.Reques
w.Header().Set("Content-Type", "application/json") w.Header().Set("Content-Type", "application/json")
if err := encoder.Encode(Response{ if err := encoder.Encode(Response{
TokenEndpoint: h.cfg.Jwt.Issuer + "/api/v1/oauth/token", TokenEndpoint: h.cfg.Uri + "/api/v1/oauth/token",
AuthorizationEndpoint: h.cfg.Jwt.Issuer + "/api/v1/oauth/authorize", AuthorizationEndpoint: h.cfg.Uri + "/api/v1/oauth/authorize",
JwksURI: h.cfg.Jwt.Issuer + "/.well-known/jwks.json", JwksURI: h.cfg.Uri + "/.well-known/jwks.json",
Issuer: h.cfg.Jwt.Issuer, Issuer: h.cfg.Uri,
EndSessionEndpoint: h.cfg.Jwt.Issuer + "/api/v1/oauth/logout", EndSessionEndpoint: h.cfg.Uri + "/api/v1/oauth/logout",
}); err != nil { }); err != nil {
web.Error(w, "failed to encode response", http.StatusInternalServerError) web.Error(w, "failed to encode response", http.StatusInternalServerError)
} }

2
internal/oauth/token.go
View File

@ -91,7 +91,7 @@ func (h *OAuthHandler) tokenEndpoint(w http.ResponseWriter, r *http.Request) {
Nonce: nonce, Nonce: nonce,
Roles: roles, Roles: roles,
RegisteredClaims: jwt.RegisteredClaims{ RegisteredClaims: jwt.RegisteredClaims{
Issuer: h.cfg.Jwt.Issuer, Issuer: h.cfg.Uri,
// TODO: use dedicated API id that is in local DB and bind to user there // TODO: use dedicated API id that is in local DB and bind to user there
Subject: user.ID.String(), Subject: user.ID.String(),
Audience: jwt.ClaimStrings{clientId}, Audience: jwt.ClaimStrings{clientId},