feat(authentication-service): added the logic for rotation of keys wi…

…th database 2034
sourcefuse · Nov 8, 2024 · 5876101 · 5876101
1 parent c811258
commit 5876101
Show file tree

Hide file tree

Showing 37 changed files with 1,259 additions and 561 deletions.
diff --git a/package-lock.json b/package-lock.json
diff --git a/services/authentication-service/.env.defaults b/services/authentication-service/.env.defaults
@@ -61,4 +61,6 @@ AZURE_AUTH_COOKIE_KEY=
 
 #iv is 12 bit
 
-AZURE_AUTH_COOKIE_IV=
+AZURE_AUTH_COOKIE_IV=
+
+MAX_JWT_KEYS=2
diff --git a/services/authentication-service/.env.example b/services/authentication-service/.env.example
@@ -83,3 +83,5 @@ AUTH0_DOMAIN=
 AUTH0_CLIENT_ID=
 AUTH0_CLIENT_SECRET=
 AUTH0_CALLBACK_URL=
+
+MAX_JWT_KEYS=
diff --git a/.../authentication-service/migrations/mysql/migrations/20241105074844-add-jwt-keys-schema.js b/.../authentication-service/migrations/mysql/migrations/20241105074844-add-jwt-keys-schema.js
@@ -0,0 +1,59 @@
+'use strict';
+
+var dbm;
+var type;
+var seed;
+var fs = require('fs');
+var path = require('path');
+var Promise;
+
+/**
+ * We receive the dbmigrate dependency from dbmigrate initially.
+ * This enables us to not have to rely on NODE_PATH.
+ */
+exports.setup = function (options, seedLink) {
+  dbm = options.dbmigrate;
+  type = dbm.dataType;
+  seed = seedLink;
+  Promise = options.Promise;
+};
+
+exports.up = function (db) {
+  var filePath = path.join(
+    __dirname,
+    'sqls',
+    '20241105074844-add-jwt-keys-schema-up.sql',
+  );
+  return new Promise(function (resolve, reject) {
+    fs.readFile(filePath, {encoding: 'utf-8'}, function (err, data) {
+      if (err) return reject(err);
+      console.log('received data: ' + data);
+
+      resolve(data);
+    });
+  }).then(function (data) {
+    return db.runSql(data);
+  });
+};
+
+exports.down = function (db) {
+  var filePath = path.join(
+    __dirname,
+    'sqls',
+    '20241105074844-add-jwt-keys-schema-down.sql',
+  );
+  return new Promise(function (resolve, reject) {
+    fs.readFile(filePath, {encoding: 'utf-8'}, function (err, data) {
+      if (err) return reject(err);
+      console.log('received data: ' + data);
+
+      resolve(data);
+    });
+  }).then(function (data) {
+    return db.runSql(data);
+  });
+};
+
+exports._meta = {
+  version: 1,
+};
diff --git a/...tion-service/migrations/mysql/migrations/sqls/20241105074844-add-jwt-keys-schema-down.sql b/...tion-service/migrations/mysql/migrations/sqls/20241105074844-add-jwt-keys-schema-down.sql
@@ -0,0 +1 @@
+DROP TABLE main.jwt_keys;
diff --git a/...cation-service/migrations/mysql/migrations/sqls/20241105074844-add-jwt-keys-schema-up.sql b/...cation-service/migrations/mysql/migrations/sqls/20241105074844-add-jwt-keys-schema-up.sql
@@ -0,0 +1,7 @@
+CREATE TABLE main.jwt_keys (
+    id INT AUTO_INCREMENT PRIMARY KEY,
+    key_id VARCHAR(100) UNIQUE NOT NULL,
+    public_key TEXT NOT NULL,                -- Public key in PEM format
+    private_key TEXT NOT NULL,               -- Private key in PEM format
+    created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP
+);
diff --git a/...ces/authentication-service/migrations/pg/migrations/20241105074844-add-jwt-keys-schema.js b/...ces/authentication-service/migrations/pg/migrations/20241105074844-add-jwt-keys-schema.js
@@ -0,0 +1,59 @@
+'use strict';
+
+var dbm;
+var type;
+var seed;
+var fs = require('fs');
+var path = require('path');
+var Promise;
+
+/**
+ * We receive the dbmigrate dependency from dbmigrate initially.
+ * This enables us to not have to rely on NODE_PATH.
+ */
+exports.setup = function (options, seedLink) {
+  dbm = options.dbmigrate;
+  type = dbm.dataType;
+  seed = seedLink;
+  Promise = options.Promise;
+};
+
+exports.up = function (db) {
+  var filePath = path.join(
+    __dirname,
+    'sqls',
+    '20241105074844-add-jwt-keys-schema-up.sql',
+  );
+  return new Promise(function (resolve, reject) {
+    fs.readFile(filePath, {encoding: 'utf-8'}, function (err, data) {
+      if (err) return reject(err);
+      console.log('received data: ' + data);
+
+      resolve(data);
+    });
+  }).then(function (data) {
+    return db.runSql(data);
+  });
+};
+
+exports.down = function (db) {
+  var filePath = path.join(
+    __dirname,
+    'sqls',
+    '20241105074844-add-jwt-keys-schema-down.sql',
+  );
+  return new Promise(function (resolve, reject) {
+    fs.readFile(filePath, {encoding: 'utf-8'}, function (err, data) {
+      if (err) return reject(err);
+      console.log('received data: ' + data);
+
+      resolve(data);
+    });
+  }).then(function (data) {
+    return db.runSql(data);
+  });
+};
+
+exports._meta = {
+  version: 1,
+};
diff --git a/...ication-service/migrations/pg/migrations/sqls/20241105074844-add-jwt-keys-schema-down.sql b/...ication-service/migrations/pg/migrations/sqls/20241105074844-add-jwt-keys-schema-down.sql
@@ -0,0 +1 @@
+DROP TABLE main.jwt_keys;
diff --git a/...ntication-service/migrations/pg/migrations/sqls/20241105074844-add-jwt-keys-schema-up.sql b/...ntication-service/migrations/pg/migrations/sqls/20241105074844-add-jwt-keys-schema-up.sql
@@ -0,0 +1,7 @@
+CREATE TABLE main.jwt_keys (
+    id SERIAL PRIMARY KEY,
+    key_id VARCHAR(100) UNIQUE NOT NULL,
+    public_key TEXT NOT NULL,                -- Public key in PEM format
+    private_key TEXT NOT NULL,               -- Private key in PEM format
+    created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP
+);