change RS256 algorithm
All checks were successful
Build And Test / build-and-push (push) Successful in 1m46s
All checks were successful
Build And Test / build-and-push (push) Successful in 1m46s
This commit is contained in:
@ -13,6 +13,7 @@ https://docs.djangoproject.com/en/4.2/ref/settings/
|
||||
import os
|
||||
from dotenv import load_dotenv
|
||||
from pathlib import Path
|
||||
from datetime import timedelta
|
||||
import sys
|
||||
|
||||
LOGGING = {
|
||||
@ -183,6 +184,26 @@ TEMPLATES = [
|
||||
|
||||
WSGI_APPLICATION = 'blog_prj.wsgi.application'
|
||||
|
||||
# JWT 설정
|
||||
# https://django-rest-framework-simplejwt.readthedocs.io/en/latest/settings.html
|
||||
# istio jwt token check
|
||||
ISTIO_JWT = os.environ.get("ISTIO_JWT", "0") == "1"
|
||||
|
||||
if ISTIO_JWT:
|
||||
# RS256 모드
|
||||
# 운영환경에서 key파일은 POD mount로 적용하는게 안전
|
||||
with open(BASE_DIR / "keys/private.pem", "r") as f:
|
||||
PRIVATE_KEY = f.read()
|
||||
with open(BASE_DIR / "keys/public.pem", "r") as f:
|
||||
PUBLIC_KEY = f.read()
|
||||
|
||||
SIMPLE_JWT = {
|
||||
"ALGORITHM": "RS256",
|
||||
"VERIFYING_KEY": PUBLIC_KEY,
|
||||
"ISSUER": "msa-user",
|
||||
"ACCESS_TOKEN_LIFETIME": timedelta(minutes=30),
|
||||
"REFRESH_TOKEN_LIFETIME": timedelta(days=1),
|
||||
}
|
||||
|
||||
# Database
|
||||
# https://docs.djangoproject.com/en/4.2/ref/settings/#databases
|
||||
|
||||
Reference in New Issue
Block a user