From e59f14458f8a7b0b9b5d6b172baa8ba219a63f45 Mon Sep 17 00:00:00 2001 From: Kraiem Taha Yassine Date: Tue, 3 Sep 2024 14:53:44 +0200 Subject: [PATCH] Dev (#2530) * fix(chalice): fixed Math-operators validation refactor(chalice): search for sessions that have events for heatmaps * refactor(chalice): search for sessions that have at least 1 location event for heatmaps * fix(chalice): fixed Math-operators validation refactor(chalice): search for sessions that have events for heatmaps * refactor(chalice): search for sessions that have at least 1 location event for heatmaps * feat(chalice): autocomplete return top 10 with stats * fix(chalice): fixed autocomplete top 10 meta-filters * refactor(chalice): changed JWT env-vars refactor(deployment): changed JWT env-vars for chalice&http --- api/chalicelib/core/assist.py | 2 +- api/chalicelib/core/authorizers.py | 12 ++++++------ api/env.default | 4 ++-- api/env.dev | 2 +- ee/api/env.default | 4 ++-- ee/api/env.dev | 4 ++-- .../charts/chalice/templates/deployment.yaml | 4 ++++ .../openreplay/charts/http/templates/deployment.yaml | 4 ++++ scripts/helmcharts/vars.yaml | 5 ++++- 9 files changed, 26 insertions(+), 15 deletions(-) diff --git a/api/chalicelib/core/assist.py b/api/chalicelib/core/assist.py index a47940f9f..a322aa0b8 100644 --- a/api/chalicelib/core/assist.py +++ b/api/chalicelib/core/assist.py @@ -106,7 +106,7 @@ def __get_agent_token(project_id, project_key, session_id): "aud": f"openreplay:agent" }, key=config("ASSIST_JWT_SECRET"), - algorithm=config("jwt_algorithm") + algorithm=config("JWT_ALGORITHM") ) diff --git a/api/chalicelib/core/authorizers.py b/api/chalicelib/core/authorizers.py index 1e1462d0b..04b2edcd8 100644 --- a/api/chalicelib/core/authorizers.py +++ b/api/chalicelib/core/authorizers.py @@ -29,8 +29,8 @@ def jwt_authorizer(scheme: str, token: str, leeway=0) -> dict | None: return None try: payload = jwt.decode(jwt=token, - key=config("jwt_secret") if not is_spot_token(token) else config("JWT_SPOT_SECRET"), - algorithms=config("jwt_algorithm"), + key=config("JWT_SECRET") if not is_spot_token(token) else config("JWT_SPOT_SECRET"), + algorithms=config("JWT_ALGORITHM"), audience=get_supported_audience(), leeway=leeway) except jwt.ExpiredSignatureError: @@ -50,7 +50,7 @@ def jwt_refresh_authorizer(scheme: str, token: str): payload = jwt.decode(jwt=token, key=config("JWT_REFRESH_SECRET") if not is_spot_token(token) \ else config("JWT_SPOT_REFRESH_SECRET"), - algorithms=config("jwt_algorithm"), + algorithms=config("JWT_ALGORITHM"), audience=get_supported_audience()) except jwt.ExpiredSignatureError: logger.debug("! JWT-refresh Expired signature") @@ -73,8 +73,8 @@ def generate_jwt(user_id, tenant_id, iat, aud, for_spot=False): "iat": iat, "aud": aud }, - key=config("jwt_secret") if not for_spot else config("JWT_SPOT_SECRET"), - algorithm=config("jwt_algorithm") + key=config("JWT_SECRET") if not for_spot else config("JWT_SPOT_SECRET"), + algorithm=config("JWT_ALGORITHM") ) return token @@ -92,7 +92,7 @@ def generate_jwt_refresh(user_id, tenant_id, iat, aud, jwt_jti, for_spot=False): "jti": jwt_jti }, key=config("JWT_REFRESH_SECRET") if not for_spot else config("JWT_SPOT_REFRESH_SECRET"), - algorithm=config("jwt_algorithm") + algorithm=config("JWT_ALGORITHM") ) return token diff --git a/api/env.default b/api/env.default index cb036dd32..8e80f2ea2 100644 --- a/api/env.default +++ b/api/env.default @@ -25,7 +25,7 @@ FS_DIR=/mnt/efs invitation_link=/api/users/invitation?token=%s IOS_VIDEO_BUCKET=mobs js_cache_bucket=sessions-assets -jwt_algorithm=HS512 +JWT_ALGORITHM=HS512 JWT_EXPIRATION=86400 JWT_ISSUER=OpenReplay-oss JWT_REFRESH_EXPIRATION=604800 @@ -34,7 +34,7 @@ JWT_SPOT_REFRESH_EXPIRATION=604800 JWT_SPOT_REFRESH_SECRET="SET A RANDOM STRING HERE" JWT_SPOT_SECRET=SECRET JWT_SPOT_EXPIRATION=3600 -jwt_secret="SET A RANDOM STRING HERE" +JWT_SECRET="SET A RANDOM STRING HERE" pg_dbname=postgres pg_host=postgresql.db.svc.cluster.local PG_MAXCONN=20 diff --git a/api/env.dev b/api/env.dev index 5507a8ab7..54634b7a9 100644 --- a/api/env.dev +++ b/api/env.dev @@ -35,7 +35,7 @@ JWT_SPOT_REFRESH_EXPIRATION=604800 JWT_SPOT_REFRESH_SECRET=SECRET3 JWT_SPOT_SECRET=SECRET JWT_SPOT_EXPIRATION=6000 -jwt_secret=SECRET +JWT_SECRET=SECRET LOCAL_DEV=true LOGLEVEL=INFO pg_dbname=postgres diff --git a/ee/api/env.default b/ee/api/env.default index a42af2955..4a4e05c42 100644 --- a/ee/api/env.default +++ b/ee/api/env.default @@ -43,7 +43,7 @@ idp_x509cert= invitation_link=/api/users/invitation?token=%s IOS_VIDEO_BUCKET=mobs js_cache_bucket=sessions-assets -jwt_algorithm=HS512 +JWT_ALGORITHM=HS512 JWT_EXPIRATION=86400 JWT_ISSUER=openreplay-oss JWT_REFRESH_EXPIRATION=604800 @@ -52,7 +52,7 @@ JWT_SPOT_REFRESH_EXPIRATION=604800 JWT_SPOT_REFRESH_SECRET="SET A RANDOM STRING HERE" JWT_SPOT_SECRET=SECRET JWT_SPOT_EXPIRATION=3600 -jwt_secret="SET A RANDOM STRING HERE" +JWT_SECRET="SET A RANDOM STRING HERE" KAFKA_SERVERS=kafka.db.svc.cluster.local:9092 KAFKA_USE_SSL=false LICENSE_KEY= diff --git a/ee/api/env.dev b/ee/api/env.dev index 4780980ff..d2681c584 100644 --- a/ee/api/env.dev +++ b/ee/api/env.dev @@ -42,7 +42,7 @@ idp_x509cert= invitation_link=/users/invitation?token=%s IOS_VIDEO_BUCKET=mobs js_cache_bucket= -jwt_algorithm=HS512 +JWT_ALGORITHM=HS512 JWT_EXPIRATION=6000 JWT_ISSUER=openReplay-dev JWT_REFRESH_EXPIRATION=604800 @@ -51,7 +51,7 @@ JWT_SPOT_REFRESH_EXPIRATION=604800 JWT_SPOT_REFRESH_SECRET=SECRET3 JWT_SPOT_SECRET=SECRET JWT_SPOT_EXPIRATION=6000 -jwt_secret=SECRET +JWT_SECRET=SECRET KAFKA_SERVERS=127.0.0.1:9092 KAFKA_USE_SSL=false LOCAL_DEV=true diff --git a/scripts/helmcharts/openreplay/charts/chalice/templates/deployment.yaml b/scripts/helmcharts/openreplay/charts/chalice/templates/deployment.yaml index 74d3cc69c..f5f1183e1 100644 --- a/scripts/helmcharts/openreplay/charts/chalice/templates/deployment.yaml +++ b/scripts/helmcharts/openreplay/charts/chalice/templates/deployment.yaml @@ -60,6 +60,10 @@ spec: value: "http://assist-openreplay.{{.Release.Namespace}}.{{.Values.global.clusterDomain}}:9001/assist/%s" - name: ASSIST_JWT_SECRET value: {{ .Values.global.assistJWTSecret }} + - name: JWT_SECRET + value: {{ .Values.global.jwtSecret }} + - name: JWT_SPOT_SECRET + value: {{ .Values.global.jwtSpotSecret }} - name: ASSIST_KEY value: {{ .Values.global.assistKey }} - name: LICENSE_KEY diff --git a/scripts/helmcharts/openreplay/charts/http/templates/deployment.yaml b/scripts/helmcharts/openreplay/charts/http/templates/deployment.yaml index f4e0bb709..4ecc87dd7 100644 --- a/scripts/helmcharts/openreplay/charts/http/templates/deployment.yaml +++ b/scripts/helmcharts/openreplay/charts/http/templates/deployment.yaml @@ -91,6 +91,10 @@ spec: - name: POSTGRES_STRING value: 'postgres://{{ .Values.global.postgresql.postgresqlUser }}:$(pg_password)@{{ .Values.global.postgresql.postgresqlHost }}:{{ .Values.global.postgresql.postgresqlPort }}/{{ .Values.global.postgresql.postgresqlDatabase }}' {{- include "openreplay.env.redis_string" .Values.global.redis | nindent 12 }} + - name: JWT_SECRET + value: {{ .Values.global.jwtSecret }} + - name: JWT_SPOT_SECRET + value: {{ .Values.global.jwtSpotSecret }} ports: {{- range $key, $val := .Values.service.ports }} - name: {{ $key }} diff --git a/scripts/helmcharts/vars.yaml b/scripts/helmcharts/vars.yaml index ba3e56f04..8ecdfcd4a 100644 --- a/scripts/helmcharts/vars.yaml +++ b/scripts/helmcharts/vars.yaml @@ -122,6 +122,8 @@ global: # secret key to inject to assist and peers service assistKey: "{{ randAlphaNum 20}}" assistJWTSecret: "{{ randAlphaNum 20}}" + jwtSecret: "{{ randAlphaNum 20}}" + jwtSpotSecret: "{{ randAlphaNum 20}}" # In case of multiple nodes in the kubernetes cluster, # we'll have to create an RWX PVC for shared components. # If it's a single node, we'll use hostVolume, which is the default for the community/oss edition. @@ -157,7 +159,8 @@ global: chalice: env: - jwt_secret: "{{ randAlphaNum 20}}" + JWT_REFRESH_SECRET: "{{ randAlphaNum 20}}" + JWT_SPOT_REFRESH_SECRET: "{{ randAlphaNum 20}}" # captcha_server: '' # captcha_key: '' # SAML2_MD_URL: ''