Next Generation of Auth microservice integrated with Kong Gateway for registration and issuing tokens
- White-listed email registration
- Anonymous: Shamir encrypted email and random identity
- issue and revoke JWT tokens
Environment Variables
| Name | Default | Valid values | Description |
|---|---|---|---|
| MODE | dev | dev, production, test, bench | if dev, log gorm debug sql |
| DB_URL | Database DSN, required in "production" mode | ||
| KONG_URL | if STANDALONE is false, required to connect to kong gateway | ||
| REDIS_URL | if not set, use go-cache instead | ||
| NOTIFICATION_URL | if not set, no notification will be sent | ||
| EMAIL_WHITELIST | use ',' to separate emails; if not set, allow all emails | ||
| VALIDATE_EMAIL_WHITELIST | use ',' to separate emails; the emails in it will not be checked for year vs. suffix | ||
| EMAIL_SERVER_NO_REPLY_URL | required in "production" mode; if not set, unable to send verification email | ||
| EMAIL_DOMAIN | required in "production" mode; if not set, unable to send verification email | ||
| EMAIL_DEV | [email protected] | send email if shamir update failed | |
| SHAMIR_FEATURE | true | if enabled, check email shamir encryption when users register and login | |
| STANDALONE | false | if not set, this application not required to set KONG_URL | |
| VERIFICATION_CODE_EXPIRES | 10 | integers | register verification code expiration time |
| SITE_NAME | Open Tree Hole | title prefix of verification email | |
| ENABLE_REGISTER_QUESTIONS | false | if set, user will be set "have not answered questions" when registered |
File settings, required in production mode
| Env Name | Default Path | Default | Description |
|---|---|---|---|
| IDENTIFIER_SALT | /var/run/secrets/identifier_salt | 123456 | hash salt for encrypting email; required in production mode |
| REGISTER_APIKEY_SEED | /var/run/secrets/register_apikey_seed | register apikey; if not set, disable apikey register function | |
| KONG_TOKEN | /var/run/secrets/kong_token | kong api token |
- set STANDALONE environment to true
- if
SHAMIR_FEATUREset true, it will create tableshamir_public_keyautomatically, and insert default shamir private keys defined in ./data/*-private.key
-
Kong Gateway deployed, see https://docs.konghq.com/gateway/latest/
-
Prepare mysql/sqlite database, if
SHAMIR_FEATUREset true or default
Create table shamir_public_key
CREATE TABLE `shamir_public_key`
(
`id` bigint NOT NULL AUTO_INCREMENT,
`identity_name` longtext NOT NULL,
`armored_public_key` longtext NOT NULL,
PRIMARY KEY (`id`)
);Insert at least 7 PGP key administrator info into this table
identity_name: PGP identity name or uid, including username, ( comment ) and < email >
armored_public_key: the public key begin with -----BEGIN PGP PUBLIC KEY BLOCK----- and end
with -----END PGP PUBLIC KEY BLOCK-----
This project continuously integrates with docker. Go check it out if you don't have docker locally installed.
Note: this docker image use MODE production as default, please check your configuration when deploying.
docker run -d -p 8000:8000 opentreehole/auth_nextor use docker compose
For api documentation, please open http://localhost:8000/docs after running app
Feel free to dive in! Open an issue or Submit PRs.
This project exists thanks to all the people who contribute.
