change RS256 algorithm

.gitignore

@@ -161,3 +161,5 @@ cython_debug/
 #  option (not recommended) you can uncomment the following to ignore the entire idea folder.
 #.idea/
 
+# RS256 을 위한 적용 keys 폴더
+keys 

Dockerfile

@@ -1,5 +1,5 @@
 # pull official base image
-FROM python:3.10-slim-buster
+FROM python:3.10-slim-bullseye
 
 # set work directory
 WORKDIR /usr/src/app

README.md

@@ -1,5 +1,6 @@
 # msa-django-ansible
 
+python3 manage.py runserver 0.0.0.0:8888
 
 추후 개선필요
 auth에 암호화되서 저장된 ssh키를 이쪽에서 호출하고 복호화는 ansible server에서 하도록 해야함...

ansible_prj/settings.py

@@ -13,6 +13,7 @@ https://docs.djangoproject.com/en/4.2/ref/settings/
 import os
 from dotenv import load_dotenv
 from pathlib import Path
+from datetime import timedelta
 import sys
 from cryptography.fernet import Fernet
 import hashlib
@@ -178,6 +179,23 @@ TEMPLATES = [
 
 WSGI_APPLICATION = 'ansible_prj.wsgi.application'
 
+ISTIO_JWT = os.environ.get("ISTIO_JWT", "0") == "1"
+
+if ISTIO_JWT:
+    # RS256 모드 
+    # 운영환경에서 key파일은 POD mount로 적용하는게 안전
+    with open(BASE_DIR / "keys/private.pem", "r") as f:
+        PRIVATE_KEY = f.read()
+    with open(BASE_DIR / "keys/public.pem", "r") as f:
+        PUBLIC_KEY = f.read()
+
+    SIMPLE_JWT = {
+        "ALGORITHM": "RS256",
+        "VERIFYING_KEY": PUBLIC_KEY,
+        "ISSUER": "msa-user",
+        "ACCESS_TOKEN_LIFETIME": timedelta(minutes=30),  
+        "REFRESH_TOKEN_LIFETIME": timedelta(days=1),
+    }
     
 # Database
 # https://docs.djangoproject.com/en/4.2/ref/settings/#databases

version

@@ -1 +1 @@
-0.0.2-r4
+v0.0.3