diff --git a/backend/scripts/build b/backend/scripts/build index f1d9e03a47..865fed48b0 100755 --- a/backend/scripts/build +++ b/backend/scripts/build @@ -49,6 +49,7 @@ ;; Create the application jar (spit "./target/dist/version.txt" version) + (-> ($ jar cvf "./target/dist/deps/app.jar" -C ~(first classpath-paths) ".") check) (-> ($ jar uvf "./target/dist/deps/app.jar" -C "./target/dist" "version.txt") check) (run! (fn [item] diff --git a/backend/src/app/loggers/audit.clj b/backend/src/app/loggers/audit.clj index deb58cfd47..835a8acff9 100644 --- a/backend/src/app/loggers/audit.clj +++ b/backend/src/app/loggers/audit.clj @@ -50,6 +50,7 @@ (assoc k (name v)))) {} props))] + (update event :props #(-> % clean-common clean-profile-id clean-complex-data)))) ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; diff --git a/backend/src/app/main.clj b/backend/src/app/main.clj index 2125f087d9..da576cf624 100644 --- a/backend/src/app/main.clj +++ b/backend/src/app/main.clj @@ -44,7 +44,7 @@ :redis-uri (cf/get :redis-uri)} :app.tokens/tokens - {:props (ig/ref :app.setup/props)} + {:keys (ig/ref :app.setup/keys)} :app.storage/gc-deleted-task {:pool (ig/ref :app.db/pool) @@ -282,6 +282,9 @@ {:pool (ig/ref :app.db/pool) :key (cf/get :secret-key)} + :app.setup/keys + {:props (ig/ref :app.setup/props)} + :app.loggers.zmq/receiver {:endpoint (cf/get :loggers-zmq-uri)} diff --git a/backend/src/app/setup/keys.clj b/backend/src/app/setup/keys.clj new file mode 100644 index 0000000000..4618fa4949 --- /dev/null +++ b/backend/src/app/setup/keys.clj @@ -0,0 +1,29 @@ +;; This Source Code Form is subject to the terms of the Mozilla Public +;; License, v. 2.0. If a copy of the MPL was not distributed with this +;; file, You can obtain one at http://mozilla.org/MPL/2.0/. +;; +;; Copyright (c) UXBOX Labs SL + +(ns app.setup.keys + "Keys derivation service." + (:require + [app.common.spec :as us] + [buddy.core.kdf :as bk] + [clojure.spec.alpha :as s] + [integrant.core :as ig])) + +(s/def ::secret-key ::us/string) +(s/def ::props (s/keys :req-un [::secret-key])) + +(defmethod ig/pre-init-spec :app.setup/keys [_] + (s/keys :req-un [::props])) + +(defmethod ig/init-key :app.setup/keys + [_ {:keys [props] :as cfg}] + (fn [& {:keys [salt size]}] + (let [engine (bk/engine {:key (:secret-key props) + :salt salt + :alg :hkdf + :digest :blake2b-512})] + (bk/get-bytes engine 32)))) + diff --git a/backend/src/app/tokens.clj b/backend/src/app/tokens.clj index 5c96c19802..efff646d1e 100644 --- a/backend/src/app/tokens.clj +++ b/backend/src/app/tokens.clj @@ -11,19 +11,10 @@ [app.common.spec :as us] [app.common.transit :as t] [app.util.time :as dt] - [buddy.core.kdf :as bk] [buddy.sign.jwe :as jwe] [clojure.spec.alpha :as s] [integrant.core :as ig])) -(defn- derive-tokens-secret - [key] - (let [engine (bk/engine {:key key - :salt "tokens" - :alg :hkdf - :digest :blake2b-512})] - (bk/get-bytes engine 32))) - (defn- generate [cfg claims] (let [payload (t/encode claims)] @@ -50,13 +41,6 @@ :params params)) claims)) -(s/def ::secret-key ::us/string) -(s/def ::props - (s/keys :req-un [::secret-key])) - -(defmethod ig/pre-init-spec ::tokens [_] - (s/keys :req-un [::props])) - (defn- generate-predefined [cfg {:keys [iss profile-id] :as params}] (case iss @@ -70,9 +54,14 @@ :code :not-implemented :hint "no predefined token"))) +(s/def ::keys fn?) + +(defmethod ig/pre-init-spec ::tokens [_] + (s/keys :req-un [::keys])) + (defmethod ig/init-key ::tokens - [_ {:keys [props] :as cfg}] - (let [secret (derive-tokens-secret (:secret-key props)) + [_ {:keys [keys] :as cfg}] + (let [secret (keys :salt "tokens" :size 32) cfg (assoc cfg ::secret secret)] (fn [action params] (case action