diff --git a/.env.sample b/.env.sample index 16e9f05..6ea977b 100644 --- a/.env.sample +++ b/.env.sample @@ -34,24 +34,24 @@ MICRO_BROKER_ADDRESS=nats:4222 ## Auth Server # 1 hour -MICRO_AUTH2_JWT_ACCESS_EXPIRY=3600 +AUTH2_JWT_ACCESS_EXPIRY=3600 # 86400*14 -MICRO_AUTH2_JWT_REFRESH_EXPIRY=1209600 +AUTH2_JWT_REFRESH_EXPIRY=1209600 ## Log LOG_LEVEL=debug ## Database -MICRO_AUTH2_DATABASE_DEBUG=true -MICRO_AUTH2_DATABASE_URL="postgres://postgres:RedactedPostgresPassword@postgresd:5432/auth?sslmode=disable" -MICRO_AUTH2_MIGRATIONS_DIR="./cmd/microauth2sqld/migrations" +AUTH2_DATABASE_DEBUG=true +AUTH2_DATABASE_URL="postgres://postgres:RedactedPostgresPassword@postgresd:5432/auth?sslmode=disable" +AUTH2_MIGRATIONS_DIR="./cmd/microauth2sqld/migrations" ## JWT -MICRO_AUTH2_JWT_AUDIENCE="https://lobby.wz2100.net,https://wz2100.net" +AUTH2_JWT_AUDIENCE="https://lobby.wz2100.net,https://wz2100.net" # go.micro.auth Ed25519 JWT keys in PEM - generated using '/tmp/go-build3574312808/b001/exe/microauth2sqld --auth2_generate_keys' -MICRO_AUTH2_JWT_PRIV_KEY="LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1DNENBUUF3QlFZREsyVndCQ0lFSUcwQkt3elV6bnRMQXR2K1Ztb0xsYVV5ZlJBdm04SVpiY2dUMC9BZGdyekIKLS0tLS1FTkQgUFJJVkFURSBLRVktLS0tLQo=" -MICRO_AUTH2_JWT_PUB_KEY="LS0tLS1CRUdJTiBQVUJMSUMgS0VZLS0tLS0KTUNvd0JRWURLMlZ3QXlFQXB6V0Q5T29iWUUrMEYxbnI0MWlKL0VITC9veDZDT1NTeGlwZjh6c21IQlU9Ci0tLS0tRU5EIFBVQkxJQyBLRVktLS0tLQo=" -MICRO_AUTH2_JWT_REFRESH_PRIV_KEY="LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1DNENBUUF3QlFZREsyVndCQ0lFSUJTVE1YTDVvUGxXWFg1azl6akpvWVVFdTJYWndkbjBvVWJRdjd6eHJIa3YKLS0tLS1FTkQgUFJJVkFURSBLRVktLS0tLQo=" -MICRO_AUTH2_JWT_REFRESH_PUB_KEY="LS0tLS1CRUdJTiBQVUJMSUMgS0VZLS0tLS0KTUNvd0JRWURLMlZ3QXlFQVRaWG4xWkt1Z3puTGVQdHNHUFFhbTVVS2d3K0ZCMGxudUxZYllQUnRxb1k9Ci0tLS0tRU5EIFBVQkxJQyBLRVktLS0tLQo=" \ No newline at end of file +AUTH2_JWT_PRIV_KEY="LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1DNENBUUF3QlFZREsyVndCQ0lFSUcwQkt3elV6bnRMQXR2K1Ztb0xsYVV5ZlJBdm04SVpiY2dUMC9BZGdyekIKLS0tLS1FTkQgUFJJVkFURSBLRVktLS0tLQo=" +AUTH2_JWT_PUB_KEY="LS0tLS1CRUdJTiBQVUJMSUMgS0VZLS0tLS0KTUNvd0JRWURLMlZ3QXlFQXB6V0Q5T29iWUUrMEYxbnI0MWlKL0VITC9veDZDT1NTeGlwZjh6c21IQlU9Ci0tLS0tRU5EIFBVQkxJQyBLRVktLS0tLQo=" +AUTH2_JWT_REFRESH_PRIV_KEY="LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1DNENBUUF3QlFZREsyVndCQ0lFSUJTVE1YTDVvUGxXWFg1azl6akpvWVVFdTJYWndkbjBvVWJRdjd6eHJIa3YKLS0tLS1FTkQgUFJJVkFURSBLRVktLS0tLQo=" +AUTH2_JWT_REFRESH_PUB_KEY="LS0tLS1CRUdJTiBQVUJMSUMgS0VZLS0tLS0KTUNvd0JRWURLMlZ3QXlFQVRaWG4xWkt1Z3puTGVQdHNHUFFhbTVVS2d3K0ZCMGxudUxZYllQUnRxb1k9Ci0tLS0tRU5EIFBVQkxJQyBLRVktLS0tLQo=" \ No newline at end of file diff --git a/Taskfile.yml b/Taskfile.yml index f9ee9ea..6dabc48 100644 --- a/Taskfile.yml +++ b/Taskfile.yml @@ -27,7 +27,7 @@ tasks: volume: run: "once" cmds: - - podman volume inspect jo-micro_auth2_go 1>/dev/null 2>&1 || podman volume create jo-micro_auth2_go + - podman volume inspect jo-AUTH2_go 1>/dev/null 2>&1 || podman volume create jo-AUTH2_go builder: desc: Run something in the builder container for example "task builder -- go get -u ./..." @@ -39,7 +39,7 @@ tasks: {{.DOCKER_ORG_JO_MICRO}}/builder:latest {{.CLI_ARGS}} vars: VOLUME_PATH: - sh: podman volume inspect jo-micro_auth2_go --format "{{"{{"}}.Mountpoint{{"}}"}}" + sh: podman volume inspect jo-AUTH2_go --format "{{"{{"}}.Mountpoint{{"}}"}}" BUILD_MOUNT_FOLDER_INT: sh: realpath {{.BUILD_MOUNT_FOLDER}} preconditions: @@ -77,7 +77,7 @@ tasks: . vars: VOLUME_PATH: - sh: podman volume inspect jo-micro_auth2_go --format "{{"{{"}}.Mountpoint{{"}}"}}" + sh: podman volume inspect jo-AUTH2_go --format "{{"{{"}}.Mountpoint{{"}}"}}" BUILD_MOUNT_FOLDER_INT: sh: realpath {{.BUILD_MOUNT_FOLDER}} @@ -115,7 +115,7 @@ tasks: rm: desc: Remove all persistent data cmds: - - podman volume rm jo-micro_auth2_go || exit 0 + - podman volume rm jo-AUTH2_go || exit 0 - podman image rm {{.DOCKER_ORG_JO_MICRO}}/auth2-sql:latest || exit 0 - rm -rf $PWD/.task diff --git a/cmd/microauth2sqld/main.go b/cmd/microauth2sqld/main.go index 083813a..ec3674a 100644 --- a/cmd/microauth2sqld/main.go +++ b/cmd/microauth2sqld/main.go @@ -31,7 +31,7 @@ import ( ) var ( - ErrorNoKeys = errors.New("config MICRO_AUTH2_JWT_*_KEY or MICRO_AUTH2_JWT_REFRESH_*_KEY not given") + ErrorNoKeys = errors.New("config AUTH2_JWT_*_KEY or AUTH2_JWT_REFRESH_*_KEY not given") ) func generateEd25519PEMKeyPair() (string, string, error) { @@ -117,7 +117,7 @@ func main() { &cli.StringFlag{ Name: "auth2_sqld_router_basepath", Usage: "Router basepath", - EnvVars: []string{"MICRO_AUTH2_SQLD_ROUTER_BASEPATH"}, + EnvVars: []string{"AUTH2_SQLD_ROUTER_BASEPATH"}, Value: "auth", }, @@ -126,41 +126,41 @@ func main() { &cli.StringFlag{ Name: "auth2_jwt_pub_key", Usage: "Public access key PEM base64 encoded", - EnvVars: []string{"MICRO_AUTH2_JWT_PUB_KEY"}, + EnvVars: []string{"AUTH2_JWT_PUB_KEY"}, }, &cli.StringFlag{ Name: "auth2_jwt_priv_key", Usage: "Private access key PEM base64 encoded", - EnvVars: []string{"MICRO_AUTH2_JWT_PRIV_KEY"}, + EnvVars: []string{"AUTH2_JWT_PRIV_KEY"}, }, &cli.StringFlag{ Name: "auth2_jwt_refresh_pub_key", Usage: "Public refresh key PEM base64 encoded", - EnvVars: []string{"MICRO_AUTH2_JWT_REFRESH_PUB_KEY"}, + EnvVars: []string{"AUTH2_JWT_REFRESH_PUB_KEY"}, }, &cli.StringFlag{ Name: "auth2_jwt_refresh_priv_key", Usage: "Private refresh key PEM base64 encoded", - EnvVars: []string{"MICRO_AUTH2_JWT_REFRESH_PRIV_KEY"}, + EnvVars: []string{"AUTH2_JWT_REFRESH_PRIV_KEY"}, }, // Token &cli.Int64Flag{ Name: "auth2_jwt_refresh_expiry", Usage: "Expire the refreshtoken after x seconds, default is one day", - EnvVars: []string{"MICRO_AUTH2_JWT_REFRESH_EXPIRY"}, + EnvVars: []string{"AUTH2_JWT_REFRESH_EXPIRY"}, Value: 86400, }, &cli.Int64Flag{ Name: "auth2_jwt_access_expiry", Usage: "Expire the accesstoken after x seconds, default is 15 minutes", - EnvVars: []string{"MICRO_AUTH2_JWT_ACCESS_EXPIRY"}, + EnvVars: []string{"AUTH2_JWT_ACCESS_EXPIRY"}, Value: 900, }, &cli.StringSliceFlag{ Name: "auth2_jwt_audience", Usage: "Add and expect this JWT audience", - EnvVars: []string{"MICRO_AUTH2_JWT_AUDIENCES"}, + EnvVars: []string{"AUTH2_JWT_AUDIENCES"}, }, } @@ -231,10 +231,10 @@ func main() { } fmt.Printf("# go.micro.auth %s JWT keys in PEM - generated using '%s %s'\n", c.String("auth2_generate_format"), absPath, strings.Join(os.Args[1:len(os.Args)], " ")) - fmt.Printf("MICRO_AUTH2_JWT_PRIV_KEY=\"%s\"\n", aPrivKey) - fmt.Printf("MICRO_AUTH2_JWT_PUB_KEY=\"%s\"\n", aPubKey) - fmt.Printf("MICRO_AUTH2_JWT_REFRESH_PRIV_KEY=\"%s\"\n", rPrivKey) - fmt.Printf("MICRO_AUTH2_JWT_REFRESH_PUB_KEY=\"%s\"\n", rPubKey) + fmt.Printf("AUTH2_JWT_PRIV_KEY=\"%s\"\n", aPrivKey) + fmt.Printf("AUTH2_JWT_PUB_KEY=\"%s\"\n", aPubKey) + fmt.Printf("AUTH2_JWT_REFRESH_PRIV_KEY=\"%s\"\n", rPrivKey) + fmt.Printf("AUTH2_JWT_REFRESH_PUB_KEY=\"%s\"\n", rPubKey) os.Exit(0) } @@ -295,17 +295,17 @@ func main() { // Check the other handler cli arguments if c.Int64("auth2_jwt_access_expiry") < 1 { - err := errors.New("MICRO_AUTH2_JWT_ACCESS_EXPIRY must be great than 0") + err := errors.New("AUTH2_JWT_ACCESS_EXPIRY must be great than 0") logger.Fatal(err) return err } if c.Int64("auth2_jwt_refresh_expiry") < 1 { - err := errors.New("MICRO_AUTH2_JWT_REFRESH_EXPIRY must be great than 0") + err := errors.New("AUTH2_JWT_REFRESH_EXPIRY must be great than 0") logger.Fatal(err) return err } if c.StringSlice("auth2_jwt_audience") == nil { - err := errors.New("MICRO_AUTH2_JWT_AUDIENCES must be given") + err := errors.New("AUTH2_JWT_AUDIENCES must be given") logger.Fatal(err) return err } diff --git a/component.go b/component.go index e1fcf53..99b75d3 100644 --- a/component.go +++ b/component.go @@ -90,7 +90,7 @@ func (r *AuthRegistry[T]) Flags(c *components.Registry) []cli.Flag { &cli.StringFlag{ Name: fmt.Sprintf("auth2_%s", r.kind), Usage: fmt.Sprintf("Auth %s Plugin to use", r.kind), - EnvVars: []string{fmt.Sprintf("MICRO_AUTH2_%s", strings.ToUpper(r.kind))}, + EnvVars: []string{fmt.Sprintf("AUTH2_%s", strings.ToUpper(r.kind))}, Value: "noop", }, } @@ -116,7 +116,7 @@ func (r *AuthRegistry[T]) Init(c *components.Registry, cli *cli.Context) error { plugin := cli.String(fmt.Sprintf("auth2_%s", r.kind)) m, ok := r.plugins[plugin] if !ok { - return fmt.Errorf("unknown MICRO_AUTH2_%s plugin '%s'", strings.ToUpper(r.kind), plugin) + return fmt.Errorf("unknown AUTH2_%s plugin '%s'", strings.ToUpper(r.kind), plugin) } r.plugin = m diff --git a/docker-compose.yml b/docker-compose.yml index 5ac967f..1ce88de 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -42,17 +42,17 @@ services: restart: ${DOCKER_RESTART} image: ${DOCKER_ORG_JO_MICRO}/auth2-sql:latest environment: - - MICRO_AUTH2_CLIENT=jwt - - MICRO_AUTH2_DATABASE_DEBUG=${MICRO_AUTH2_DATABASE_DEBUG} - - MICRO_AUTH2_DATABASE_URL=${MICRO_AUTH2_DATABASE_URL} - - MICRO_AUTH2_JWT_ACCESS_EXPIRY=${MICRO_AUTH2_JWT_ACCESS_EXPIRY} - - MICRO_AUTH2_JWT_AUDIENCES=${MICRO_AUTH2_JWT_AUDIENCES} - - MICRO_AUTH2_JWT_PRIV_KEY=${MICRO_AUTH2_JWT_PRIV_KEY} - - MICRO_AUTH2_JWT_PUB_KEY=${MICRO_AUTH2_JWT_PUB_KEY} - - MICRO_AUTH2_JWT_REFRESH_EXPIRY=${MICRO_AUTH2_JWT_REFRESH_EXPIRY} - - MICRO_AUTH2_JWT_REFRESH_PRIV_KEY=${MICRO_AUTH2_JWT_REFRESH_PRIV_KEY} - - MICRO_AUTH2_JWT_REFRESH_PUB_KEY=${MICRO_AUTH2_JWT_REFRESH_PUB_KEY} - - MICRO_AUTH2_LOG_LEVEL=${LOG_LEVEL} + - AUTH2_CLIENT=jwt + - AUTH2_DATABASE_DEBUG=${AUTH2_DATABASE_DEBUG} + - AUTH2_DATABASE_URL=${AUTH2_DATABASE_URL} + - AUTH2_JWT_ACCESS_EXPIRY=${AUTH2_JWT_ACCESS_EXPIRY} + - AUTH2_JWT_AUDIENCES=${AUTH2_JWT_AUDIENCES} + - AUTH2_JWT_PRIV_KEY=${AUTH2_JWT_PRIV_KEY} + - AUTH2_JWT_PUB_KEY=${AUTH2_JWT_PUB_KEY} + - AUTH2_JWT_REFRESH_EXPIRY=${AUTH2_JWT_REFRESH_EXPIRY} + - AUTH2_JWT_REFRESH_PRIV_KEY=${AUTH2_JWT_REFRESH_PRIV_KEY} + - AUTH2_JWT_REFRESH_PUB_KEY=${AUTH2_JWT_REFRESH_PUB_KEY} + - AUTH2_LOG_LEVEL=${LOG_LEVEL} - MICRO_TRANSPORT=${MICRO_TRANSPORT} - MICRO_REGISTRY=${MICRO_REGISTRY} - MICRO_REGISTRY_ADDRESS=${MICRO_REGISTRY_ADDRESS} @@ -69,11 +69,11 @@ services: restart: ${DOCKER_RESTART} image: ${DOCKER_ORG_JO_MICRO}/router:latest environment: - - MICRO_AUTH2_CLIENT=jwt - - MICRO_AUTH2_ROUTER=jwt - - MICRO_AUTH2_JWT_AUDIENCES=${MICRO_AUTH2_JWT_AUDIENCES} - - MICRO_AUTH2_JWT_PRIV_KEY=${MICRO_AUTH2_JWT_PRIV_KEY} - - MICRO_AUTH2_JWT_PUB_KEY=${MICRO_AUTH2_JWT_PUB_KEY} + - AUTH2_CLIENT=jwt + - AUTH2_ROUTER=jwt + - AUTH2_JWT_AUDIENCES=${AUTH2_JWT_AUDIENCES} + - AUTH2_JWT_PRIV_KEY=${AUTH2_JWT_PRIV_KEY} + - AUTH2_JWT_PUB_KEY=${AUTH2_JWT_PUB_KEY} - MICRO_TRANSPORT=${MICRO_TRANSPORT} - MICRO_REGISTRY=${MICRO_REGISTRY} - MICRO_REGISTRY_ADDRESS=${MICRO_REGISTRY_ADDRESS} diff --git a/plugins/client/jwt/jwt.go b/plugins/client/jwt/jwt.go index 4095f09..a347b03 100644 --- a/plugins/client/jwt/jwt.go +++ b/plugins/client/jwt/jwt.go @@ -44,15 +44,15 @@ func (p *jwtPlugin) Flags(r *components.Registry) []cli.Flag { &cli.StringFlag{ Name: "auth2_jwt_pub_key", Usage: "Public key PEM base64 encoded for access keys", - EnvVars: []string{"MICRO_AUTH2_JWT_PUB_KEY"}, + EnvVars: []string{"AUTH2_JWT_PUB_KEY"}, }, &cli.StringFlag{ Name: "auth2_jwt_priv_key", Usage: "Private key PEM base64 encoded for access keys", - EnvVars: []string{"MICRO_AUTH2_JWT_PRIV_KEY"}, + EnvVars: []string{"AUTH2_JWT_PRIV_KEY"}, }, &cli.StringSliceFlag{ Name: "auth2_jwt_audience", Usage: "Add and expect this JWT audience", - EnvVars: []string{"MICRO_AUTH2_JWT_AUDIENCES"}, + EnvVars: []string{"AUTH2_JWT_AUDIENCES"}, }, } } @@ -63,7 +63,7 @@ func (p *jwtPlugin) Init(r *components.Registry, cli *cli.Context) error { } if cli.StringSlice("auth2_jwt_audience") == nil { - return errors.New("MICRO_AUTH2_JWT_AUDIENCES must be given") + return errors.New("AUTH2_JWT_AUDIENCES must be given") } pub, priv, err := sjwt.DecodeKeyPair(cli.String("auth2_jwt_pub_key"), cli.String("auth2_jwt_priv_key")) diff --git a/plugins/router/jwt/jwt.go b/plugins/router/jwt/jwt.go index 296f049..1c778a5 100644 --- a/plugins/router/jwt/jwt.go +++ b/plugins/router/jwt/jwt.go @@ -38,7 +38,7 @@ func (p *jwtPlugin) Flags(r *components.Registry) []cli.Flag { &cli.StringFlag{ Name: "auth2_jwt_pub_key", Usage: "Public key PEM base64 encoded", - EnvVars: []string{"MICRO_AUTH2_JWT_PUB_KEY"}, + EnvVars: []string{"AUTH2_JWT_PUB_KEY"}, }, } }