change RS256 algorithm

.gitignore

@@ -162,3 +162,4 @@ cython_debug/
 #  option (not recommended) you can uncomment the following to ignore the entire idea folder.
 #.idea/
 
+keys

Dockerfile

@@ -1,5 +1,5 @@
 # pull official base image
-FROM python:3.10-slim-buster
+FROM python:3.10-slim-bullseye
 
 # set work directory
 WORKDIR /usr/src/app

README.md

@@ -1,2 +1,13 @@
 # msa-django-blog
 
+## dev run server
+
+```bash
+python3 manage.py runserver 0.0.0.0:8800
+```
+
+### blog
+
+```bash
+gunicorn auth_prj.wsgi:application --bind 0.0.0.0:8800 --workers 3
+```

blog_prj/settings.py

@@ -13,6 +13,7 @@ https://docs.djangoproject.com/en/4.2/ref/settings/
 import os
 from dotenv import load_dotenv
 from pathlib import Path
+from datetime import timedelta
 import sys
 
 LOGGING = {
@@ -183,6 +184,26 @@ TEMPLATES = [
 
 WSGI_APPLICATION = 'blog_prj.wsgi.application'
 
+# JWT 설정
+# https://django-rest-framework-simplejwt.readthedocs.io/en/latest/settings.html
+# istio jwt token check 
+ISTIO_JWT = os.environ.get("ISTIO_JWT", "0") == "1"
+
+if ISTIO_JWT:
+    # RS256 모드 
+    # 운영환경에서 key파일은 POD mount로 적용하는게 안전
+    with open(BASE_DIR / "keys/private.pem", "r") as f:
+        PRIVATE_KEY = f.read()
+    with open(BASE_DIR / "keys/public.pem", "r") as f:
+        PUBLIC_KEY = f.read()
+
+    SIMPLE_JWT = {
+        "ALGORITHM": "RS256",
+        "VERIFYING_KEY": PUBLIC_KEY,
+        "ISSUER": "msa-user",
+        "ACCESS_TOKEN_LIFETIME": timedelta(minutes=30),  
+        "REFRESH_TOKEN_LIFETIME": timedelta(days=1),
+    }
 
 # Database
 # https://docs.djangoproject.com/en/4.2/ref/settings/#databases

version

@@ -1 +1 @@
-0.0.5-r1
+v0.0.6