Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Cleanup & Refactor #3

Open
wants to merge 32 commits into
base: main
Choose a base branch
from
Open

Cleanup & Refactor #3

wants to merge 32 commits into from

Conversation

ivan-c
Copy link
Member

@ivan-c ivan-c commented Feb 14, 2023
edited
Loading

NB: the diff for this PR is very messy. LMK if it's an issue, more than happy to re-write history so the PR diff is more readable

  • Fix broken HTTPS
  • Remove unused code
  • Move secrets to config file
  • Add notes, refs, TODOs etc
  • Switch config format from CLI args to environment variables

References

Errors Middleware cannot be used without an insecure workaround
oauth2-proxy traefik example
jonananas/traefik-oauth2-proxy

ivan-c added 25 commits February 13, 2023 08:49
@ivan-c
cleanup
5adc353
@ivan-c
Rename auth server to generic role-based name
f010bc0
@ivan-c
Add comment;fixup quoting
be85bdc
@ivan-c
Remove default redirect URL
de6eeb5
@ivan-c
Add comment; cleanup format
fdbd4ff
@ivan-c
Move CLI config to env var
7258834
@ivan-c
Add comment
a018060
@ivan-c
Rename middleware
dcad468
@ivan-c
WIP Switch to env var
2a6bea2
@ivan-c
Revert "WIP Switch to env var"
296413e 
This reverts commit 2a6bea2.
@ivan-c
Remove quoting
4a12e0d
@ivan-c
Add docs
130911a
@ivan-c
Reorganize and document settings
084aea2
@ivan-c
Make label formatting consistent
ee44593
@ivan-c
Remove testing override
00afd12
@ivan-c
Update postgres
97b1102
@ivan-c
Make init SQL read-only
cb23062
@ivan-c
Regroup labels
b8bd473
@ivan-c
Remove whitespace
2207336
@ivan-c
Add missing LE config
f55e0af
@ivan-c
Fixup traefik port config
5f01e51
@ivan-c
Merge branch 'main' into fixup/cleanup
e90cccf
@ivan-c
Add missing SQL file
39bbf93
@ivan-c
Make secrets configurable; remove default IP
5a794e7
@ivan-c
Rearrange header section
53dcc56
@ivan-c ivan-c marked this pull request as ready for review February 14, 2023 19:01
@ivan-c ivan-c changed the title Cleanup Refactor Cleanup & Refactor Feb 14, 2023
@ivan-c ivan-c requested a review from pbugni February 14, 2023 19:44
pbugni
pbugni requested changes Feb 15, 2023
View reviewed changes
docker-compose.yaml Outdated Show resolved Hide resolved
sql/init.sql
);

-- create web user w/ read only auth
create role web_anon nologin;
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

as we plan to discontinue sending a customized, pre-baked JWT with the claim "role": "event_logger", I would expect we need to bless the web_anon role with grants like those given to event_logger below?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

we need to bless the web_anon role with grants like those given to event_logger

Thanks for the reminder! I hadn't tested writing values into logserver (only viewing existing data). I'll make sure to test that the web_anon role can write events without authentication

@ivan-c ivan-c mentioned this pull request Feb 21, 2023
Open
2 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@pbugni pbugni pbugni requested changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@ivan-c @pbugni