Dev (#2530)

* fix(chalice): fixed Math-operators validation refactor(chalice): search for sessions that have events for heatmaps * refactor(chalice): search for sessions that have at least 1 location event for heatmaps * fix(chalice): fixed Math-operators validation refactor(chalice): search for sessions that have events for heatmaps * refactor(chalice): search for sessions that have at least 1 location event for heatmaps * feat(chalice): autocomplete return top 10 with stats * fix(chalice): fixed autocomplete top 10 meta-filters * refactor(chalice): changed JWT env-vars refactor(deployment): changed JWT env-vars for chalice&http
2024-09-03 14:53:44 +02:00 · 2024-09-03 14:53:44 +02:00 · e59f14458f
commit e59f14458f
parent 1636d9cc06
9 changed files with 26 additions and 15 deletions
--- a/api/chalicelib/core/assist.py
+++ b/api/chalicelib/core/assist.py
@ -106,7 +106,7 @@ def __get_agent_token(project_id, project_key, session_id):
            "aud": f"openreplay:agent"
        },
        key=config("ASSIST_JWT_SECRET"),
-        algorithm=config("jwt_algorithm")
+        algorithm=config("JWT_ALGORITHM")
    )


--- a/api/chalicelib/core/authorizers.py
+++ b/api/chalicelib/core/authorizers.py
@ -29,8 +29,8 @@ def jwt_authorizer(scheme: str, token: str, leeway=0) -> dict | None:
        return None
    try:
        payload = jwt.decode(jwt=token,
-                             key=config("jwt_secret") if not is_spot_token(token) else config("JWT_SPOT_SECRET"),
-                             algorithms=config("jwt_algorithm"),
+                             key=config("JWT_SECRET") if not is_spot_token(token) else config("JWT_SPOT_SECRET"),
+                             algorithms=config("JWT_ALGORITHM"),
                             audience=get_supported_audience(),
                             leeway=leeway)
    except jwt.ExpiredSignatureError:
@ -50,7 +50,7 @@ def jwt_refresh_authorizer(scheme: str, token: str):
        payload = jwt.decode(jwt=token,
                             key=config("JWT_REFRESH_SECRET") if not is_spot_token(token) \
                                 else config("JWT_SPOT_REFRESH_SECRET"),
-                             algorithms=config("jwt_algorithm"),
+                             algorithms=config("JWT_ALGORITHM"),
                             audience=get_supported_audience())
    except jwt.ExpiredSignatureError:
        logger.debug("! JWT-refresh Expired signature")
@ -73,8 +73,8 @@ def generate_jwt(user_id, tenant_id, iat, aud, for_spot=False):
            "iat": iat,
            "aud": aud
        },
-        key=config("jwt_secret") if not for_spot else config("JWT_SPOT_SECRET"),
-        algorithm=config("jwt_algorithm")
+        key=config("JWT_SECRET") if not for_spot else config("JWT_SPOT_SECRET"),
+        algorithm=config("JWT_ALGORITHM")
    )
    return token

@ -92,7 +92,7 @@ def generate_jwt_refresh(user_id, tenant_id, iat, aud, jwt_jti, for_spot=False):
            "jti": jwt_jti
        },
        key=config("JWT_REFRESH_SECRET") if not for_spot else config("JWT_SPOT_REFRESH_SECRET"),
-        algorithm=config("jwt_algorithm")
+        algorithm=config("JWT_ALGORITHM")
    )
    return token

--- a/api/env.default
+++ b/api/env.default
@ -25,7 +25,7 @@ FS_DIR=/mnt/efs
 invitation_link=/api/users/invitation?token=%s
 IOS_VIDEO_BUCKET=mobs
 js_cache_bucket=sessions-assets
-jwt_algorithm=HS512
+JWT_ALGORITHM=HS512
 JWT_EXPIRATION=86400
 JWT_ISSUER=OpenReplay-oss
 JWT_REFRESH_EXPIRATION=604800
@ -34,7 +34,7 @@ JWT_SPOT_REFRESH_EXPIRATION=604800
 JWT_SPOT_REFRESH_SECRET="SET A RANDOM STRING HERE"
 JWT_SPOT_SECRET=SECRET
 JWT_SPOT_EXPIRATION=3600
-jwt_secret="SET A RANDOM STRING HERE"
+JWT_SECRET="SET A RANDOM STRING HERE"
 pg_dbname=postgres
 pg_host=postgresql.db.svc.cluster.local
 PG_MAXCONN=20
--- a/api/env.dev
+++ b/api/env.dev
@ -35,7 +35,7 @@ JWT_SPOT_REFRESH_EXPIRATION=604800
 JWT_SPOT_REFRESH_SECRET=SECRET3
 JWT_SPOT_SECRET=SECRET
 JWT_SPOT_EXPIRATION=6000
-jwt_secret=SECRET
+JWT_SECRET=SECRET
 LOCAL_DEV=true
 LOGLEVEL=INFO
 pg_dbname=postgres
--- a/ee/api/env.default
+++ b/ee/api/env.default
@ -43,7 +43,7 @@ idp_x509cert=
 invitation_link=/api/users/invitation?token=%s
 IOS_VIDEO_BUCKET=mobs
 js_cache_bucket=sessions-assets
-jwt_algorithm=HS512
+JWT_ALGORITHM=HS512
 JWT_EXPIRATION=86400
 JWT_ISSUER=openreplay-oss
 JWT_REFRESH_EXPIRATION=604800
@ -52,7 +52,7 @@ JWT_SPOT_REFRESH_EXPIRATION=604800
 JWT_SPOT_REFRESH_SECRET="SET A RANDOM STRING HERE"
 JWT_SPOT_SECRET=SECRET
 JWT_SPOT_EXPIRATION=3600
-jwt_secret="SET A RANDOM STRING HERE"
+JWT_SECRET="SET A RANDOM STRING HERE"
 KAFKA_SERVERS=kafka.db.svc.cluster.local:9092
 KAFKA_USE_SSL=false
 LICENSE_KEY=
--- a/ee/api/env.dev
+++ b/ee/api/env.dev
@ -42,7 +42,7 @@ idp_x509cert=
 invitation_link=/users/invitation?token=%s
 IOS_VIDEO_BUCKET=mobs
 js_cache_bucket=
-jwt_algorithm=HS512
+JWT_ALGORITHM=HS512
 JWT_EXPIRATION=6000
 JWT_ISSUER=openReplay-dev
 JWT_REFRESH_EXPIRATION=604800
@ -51,7 +51,7 @@ JWT_SPOT_REFRESH_EXPIRATION=604800
 JWT_SPOT_REFRESH_SECRET=SECRET3
 JWT_SPOT_SECRET=SECRET
 JWT_SPOT_EXPIRATION=6000
-jwt_secret=SECRET
+JWT_SECRET=SECRET
 KAFKA_SERVERS=127.0.0.1:9092
 KAFKA_USE_SSL=false
 LOCAL_DEV=true
--- a/scripts/helmcharts/openreplay/charts/chalice/templates/deployment.yaml
+++ b/scripts/helmcharts/openreplay/charts/chalice/templates/deployment.yaml
@ -60,6 +60,10 @@ spec:
              value: "http://assist-openreplay.{{.Release.Namespace}}.{{.Values.global.clusterDomain}}:9001/assist/%s"
            - name: ASSIST_JWT_SECRET
              value: {{ .Values.global.assistJWTSecret }}
+            - name: JWT_SECRET
+              value: {{ .Values.global.jwtSecret }}
+            - name: JWT_SPOT_SECRET
+              value: {{ .Values.global.jwtSpotSecret }}
            - name: ASSIST_KEY
              value: {{ .Values.global.assistKey }}
            - name: LICENSE_KEY
--- a/scripts/helmcharts/openreplay/charts/http/templates/deployment.yaml
+++ b/scripts/helmcharts/openreplay/charts/http/templates/deployment.yaml
@ -91,6 +91,10 @@ spec:
            - name: POSTGRES_STRING
              value: 'postgres://{{ .Values.global.postgresql.postgresqlUser }}:$(pg_password)@{{ .Values.global.postgresql.postgresqlHost }}:{{ .Values.global.postgresql.postgresqlPort }}/{{ .Values.global.postgresql.postgresqlDatabase }}'
            {{- include "openreplay.env.redis_string" .Values.global.redis | nindent 12 }}
+            - name: JWT_SECRET
+              value: {{ .Values.global.jwtSecret }}
+            - name: JWT_SPOT_SECRET
+              value: {{ .Values.global.jwtSpotSecret }}
          ports:
            {{- range $key, $val := .Values.service.ports }}
            - name: {{ $key }}
--- a/scripts/helmcharts/vars.yaml
+++ b/scripts/helmcharts/vars.yaml
@ -122,6 +122,8 @@ global:
  # secret key to inject to assist and peers service
  assistKey: "{{ randAlphaNum 20}}"
  assistJWTSecret: "{{ randAlphaNum 20}}"
+  jwtSecret: "{{ randAlphaNum 20}}"
+  jwtSpotSecret: "{{ randAlphaNum 20}}"
  # In case of multiple nodes in the kubernetes cluster,
  # we'll have to create an RWX PVC for shared components.
  # If it's a single node, we'll use hostVolume, which is the default for the community/oss edition.
@ -157,7 +159,8 @@ global:

 chalice:
  env:
-    jwt_secret: "{{ randAlphaNum 20}}"
+    JWT_REFRESH_SECRET: "{{ randAlphaNum 20}}"
+    JWT_SPOT_REFRESH_SECRET: "{{ randAlphaNum 20}}"
    # captcha_server: ''
    # captcha_key: ''
    # SAML2_MD_URL: ''