diff --git a/.gitignore b/.gitignore index 5fba53b..688e395 100644 --- a/.gitignore +++ b/.gitignore @@ -161,3 +161,5 @@ cython_debug/ # option (not recommended) you can uncomment the following to ignore the entire idea folder. #.idea/ +# RS256 을 위한 적용 keys 폴더 +keys \ No newline at end of file diff --git a/Dockerfile b/Dockerfile index bdd89bc..53e5f1d 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,5 +1,5 @@ # pull official base image -FROM python:3.10-slim-buster +FROM python:3.10-slim-bullseye # set work directory WORKDIR /usr/src/app diff --git a/README.md b/README.md index a2dfe70..18f8d82 100644 --- a/README.md +++ b/README.md @@ -1,5 +1,6 @@ # msa-django-ansible +python3 manage.py runserver 0.0.0.0:8888 추후 개선필요 auth에 암호화되서 저장된 ssh키를 이쪽에서 호출하고 복호화는 ansible server에서 하도록 해야함... diff --git a/ansible_prj/settings.py b/ansible_prj/settings.py index 8bcdfc4..0520a0f 100644 --- a/ansible_prj/settings.py +++ b/ansible_prj/settings.py @@ -13,6 +13,7 @@ https://docs.djangoproject.com/en/4.2/ref/settings/ import os from dotenv import load_dotenv from pathlib import Path +from datetime import timedelta import sys from cryptography.fernet import Fernet import hashlib @@ -178,7 +179,24 @@ TEMPLATES = [ WSGI_APPLICATION = 'ansible_prj.wsgi.application' +ISTIO_JWT = os.environ.get("ISTIO_JWT", "0") == "1" +if ISTIO_JWT: + # RS256 모드 + # 운영환경에서 key파일은 POD mount로 적용하는게 안전 + with open(BASE_DIR / "keys/private.pem", "r") as f: + PRIVATE_KEY = f.read() + with open(BASE_DIR / "keys/public.pem", "r") as f: + PUBLIC_KEY = f.read() + + SIMPLE_JWT = { + "ALGORITHM": "RS256", + "VERIFYING_KEY": PUBLIC_KEY, + "ISSUER": "msa-user", + "ACCESS_TOKEN_LIFETIME": timedelta(minutes=30), + "REFRESH_TOKEN_LIFETIME": timedelta(days=1), + } + # Database # https://docs.djangoproject.com/en/4.2/ref/settings/#databases diff --git a/version b/version index 31b9bca..8ce995b 100644 --- a/version +++ b/version @@ -1 +1 @@ -0.0.2-r4 \ No newline at end of file +v0.0.3 \ No newline at end of file