aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorFrederick Muriuki Muriithi2024-04-18 19:59:06 +0300
committerFrederick Muriuki Muriithi2024-04-18 19:59:06 +0300
commitd9b8b05a460535dfb09168d1958c047255ff0fa2 (patch)
tree4a353a501c9b495737304fb4561fc5a649e901a1
parentc76fa687c5d7648ac5d3493b5b0f32f90452e606 (diff)
downloadgn-auth-d9b8b05a460535dfb09168d1958c047255ff0fa2.tar.gz
Add the `SSL_KEY_PAIR_*` configurations
Add paths to the SSL key-pair used for signing and verifying the JWTs.
-rw-r--r--gn_auth/__init__.py15
-rw-r--r--gn_auth/settings.py4
2 files changed, 18 insertions, 1 deletions
diff --git a/gn_auth/__init__.py b/gn_auth/__init__.py
index 62ff99d..5218673 100644
--- a/gn_auth/__init__.py
+++ b/gn_auth/__init__.py
@@ -7,6 +7,7 @@ from typing import Optional
from flask import Flask
from flask_cors import CORS
+from authlib.jose import JsonWebKey
from gn_auth.misc_views import misc
from gn_auth.auth.views import oauth2
@@ -24,7 +25,8 @@ def check_mandatory_settings(app: Flask) -> None:
undefined = tuple(
setting for setting in (
"SECRET_KEY", "SQL_URI", "AUTH_DB", "AUTH_MIGRATIONS",
- "OAUTH2_SCOPE")
+ "OAUTH2_SCOPE", "SSL_KEY_PAIR_PRIVATE_KEY",
+ "SSL_KEY_PAIR_PUBLIC_KEY")
if not ((setting in app.config) and bool(app.config[setting])))
if len(undefined) > 0:
raise ConfigurationError(
@@ -58,6 +60,16 @@ def load_secrets_conf(app: Flask) -> None:
"You must provide a path to an existing secrets file.")
app.config.from_pyfile(secretsfile)
+
+def parse_ssl_key_pair(app):
+ def __parse_key__(keypathconfig: str, configkey: Optional[str]):
+ configkey = configkey or keypathconfig
+ with open(app.config[keypathconfig]) as _sslkey:
+ app.config[configkey] = JsonWebKey.import_key(_sslkey.read())
+
+ __parse_key__("SSL_KEY_PAIR_PUBLIC_KEY", "JWT_PUBLIC_KEY")
+ __parse_key__("SSL_KEY_PAIR_PRIVATE_KEY", "JWT_PRIVATE_KEY")
+
def create_app(config: Optional[dict] = None) -> Flask:
"""Create and return a new flask application."""
app = Flask(__name__)
@@ -73,6 +85,7 @@ def create_app(config: Optional[dict] = None) -> Flask:
override_settings_with_envvars(app)
load_secrets_conf(app)
+ parse_ssl_key_pair(app)
# ====== END: Setup configuration ======
check_mandatory_settings(app)
diff --git a/gn_auth/settings.py b/gn_auth/settings.py
index feb80e3..59f3eec 100644
--- a/gn_auth/settings.py
+++ b/gn_auth/settings.py
@@ -28,3 +28,7 @@ CORS_HEADERS = [
"Authorization",
"Access-Control-Allow-Credentials"
]
+
+# OpenSSL Key-Pair
+SSL_KEY_PAIR_PRIVATE_KEY = ""
+SSL_KEY_PAIR_PUBLIC_KEY = ""