opt: Remove the configuration field secret

README.md

@@ -164,7 +164,6 @@ remove token success: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJuYW1lIjoidG9rZW4xI
 >the default config path is "~/.auth-auth/config.toml"
 ```
 Port = "8989" 
-Secret = "88b8a61690ee648bef9bc73463b8a05917f1916df169c775a3896719466be04a"
 ReadTimeout = "1m"
 WriteTimeout = "1m"
 IdleTimeout = "1m"

auth/app.go

@@ -61,8 +61,8 @@ type oauthApp struct {
 	srv OAuthService
 }
 
-func NewOAuthApp(secret, dbPath string, cnf *config.DBConfig) (OAuthApp, error) {
-	srv, err := NewOAuthService(secret, dbPath, cnf)
+func NewOAuthApp(dbPath string, cnf *config.DBConfig) (OAuthApp, error) {
+	srv, err := NewOAuthService(dbPath, cnf)
 	if err != nil {
 		return nil, err
 	}

auth/jwt.go

@@ -18,7 +18,6 @@ import (
 
 	"github.com/filecoin-project/venus-auth/config"
 	"github.com/filecoin-project/venus-auth/core"
-	"github.com/filecoin-project/venus-auth/log"
 	"github.com/filecoin-project/venus-auth/storage"
 	"github.com/filecoin-project/venus-auth/util"
 )
@@ -76,9 +75,8 @@ type OAuthService interface {
 }
 
 type jwtOAuth struct {
-	secret *jwt.HMACSHA
-	store  storage.Store
-	mp     Mapper
+	store storage.Store
+	mp    Mapper
 }
 
 type JWTPayload struct {
@@ -87,43 +85,15 @@ type JWTPayload struct {
 	Extra string          `json:"ext"`
 }
 
-func NewOAuthService(secret string, dbPath string, cnf *config.DBConfig) (OAuthService, error) {
-	sec, err := hex.DecodeString(secret)
-	if err != nil {
-		return nil, err
-	}
+func NewOAuthService(dbPath string, cnf *config.DBConfig) (OAuthService, error) {
 	store, err := storage.NewStore(cnf, dbPath)
 	if err != nil {
 		return nil, err
 	}
 
-	// TODO: remove it next version
-	skip, limit := int64(0), int64(20)
-	for {
-		kps, err := store.List(skip, limit)
-		if err != nil {
-			return nil, xerrors.Errorf("list token %v", err)
-		}
-		for _, kp := range kps {
-			if len(kp.Secret) == 0 {
-				kp.Secret = secret
-				log.Infof("update token %s secret %s", kp.Token, secret)
-				if err := store.UpdateToken(kp); err != nil {
-					return nil, xerrors.Errorf("update token(%s) %v", kp.Token, err)
-				}
-			}
-		}
-		if len(kps) == 0 {
-			break
-		}
-
-		skip += limit
-	}
-
 	jwtOAuthInstance = &jwtOAuth{
-		secret: jwt.NewHS256(sec),
-		store:  store,
-		mp:     newMapper(),
+		store: store,
+		mp:    newMapper(),
 	}
 	return jwtOAuthInstance, nil
 }

auth/jwt_test.go

@@ -3,7 +3,6 @@ package auth
 
 import (
 	"context"
-	"encoding/hex"
 	"encoding/json"
 	"errors"
 	"fmt"
@@ -15,7 +14,6 @@ import (
 	"testing"
 	"time"
 
-	"github.com/gbrlsnchs/jwt/v3"
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
 
@@ -1228,18 +1226,9 @@ func setup(cfg *config.DBConfig, t *testing.T) {
 		t.Fatal(err)
 	}
 
-	secret, err := config.RandSecret()
-	if err != nil {
-		t.Fatal(err)
-	}
-	sec, err := hex.DecodeString(hex.EncodeToString(secret))
-	if err != nil {
-		t.Fatal(err)
-	}
 	jwtOAuthInstance = &jwtOAuth{
-		secret: jwt.NewHS256(sec),
-		store:  theStore,
-		mp:     newMapper(),
+		store: theStore,
+		mp:    newMapper(),
 	}
 }
 

cli/run.go

@@ -51,10 +51,7 @@ func configScan(path string, cliCtx *cli.Context) (*config.Config, error) {
 		return fillConfigByFlag(cnf, cliCtx), nil
 	}
 
-	cnf, err := config.DefaultConfig()
-	if err != nil {
-		return nil, fmt.Errorf("failed to generate secret : %s", err)
-	}
+	cnf := config.DefaultConfig()
 	cnf = fillConfigByFlag(cnf, cliCtx)
 	err = config.Cover(path, cnf)
 	if err != nil {
@@ -97,7 +94,7 @@ func run(cliCtx *cli.Context) error {
 	log.InitLog(cnf.Log)
 
 	dataPath := repo.GetDataDir()
-	app, err := auth.NewOAuthApp(cnf.Secret, dataPath, cnf.DB)
+	app, err := auth.NewOAuthApp(dataPath, cnf.DB)
 	if err != nil {
 		return fmt.Errorf("init oauth app: %s", err)
 	}

cmd/mock/main.go

@@ -30,7 +30,7 @@ func main() {
 		return
 	}
 	log.InitLog(cnf.Log)
-	app, err := auth.NewOAuthApp(cnf.Secret, dataPath, cnf.DB)
+	app, err := auth.NewOAuthApp(dataPath, cnf.DB)
 	if err != nil {
 		log.Fatalf("Failed to init venus-auth: %s", err)
 	}

config/config.go

@@ -3,7 +3,6 @@ package config
 import (
 	"bytes"
 	"crypto/rand"
-	"encoding/hex"
 	"io"
 	"io/ioutil"
 	"os"
@@ -16,7 +15,6 @@ import (
 
 type Config struct {
 	Port         string               `json:"port"`
-	Secret       string               `json:"secret"`
 	ReadTimeout  time.Duration        `json:"readTimeout"`
 	WriteTimeout time.Duration        `json:"writeTimeout"`
 	IdleTimeout  time.Duration        `json:"idleTimeout"`
@@ -51,14 +49,9 @@ func RandSecret() ([]byte, error) {
 	return sk, nil
 }
 
-func DefaultConfig() (*Config, error) {
-	secret, err := RandSecret()
-	if err != nil {
-		return nil, err
-	}
+func DefaultConfig() *Config {
 	return &Config{
 		Port:         "8989",
-		Secret:       hex.EncodeToString(secret),
 		ReadTimeout:  time.Minute,
 		WriteTimeout: time.Minute,
 		IdleTimeout:  time.Minute,
@@ -75,7 +68,7 @@ func DefaultConfig() (*Config, error) {
 		DB: &DBConfig{
 			Type: Badger,
 		},
-	}, nil
+	}
 }
 
 type LogHookType = int

config/config.toml

@@ -1,5 +1,4 @@
 Port = "8989"
-Secret = "88b8a61690ee648bef9bc73463b8a05917f1916df169c775a3896719466be04a"
 ReadTimeout = "1m"
 WriteTimeout = "1m"
 IdleTimeout = "1m"

config/config_test.go

@@ -14,15 +14,6 @@ func TestDecodeConfig(t *testing.T) {
 	t.Log(cnf)
 }
 
-func TestDefaultConfig(t *testing.T) {
-	cnf, err := DefaultConfig()
-	if err != nil {
-		t.Fatal(err)
-	}
-	t.Log(cnf.Secret)
-	t.Log(cnf.Log)
-}
-
 func TestSafeWriteConfig(t *testing.T) {
 	path := "./config.toml"
 	cnf, err := DecodeConfig(path)

config/safeConfig.toml

@@ -1,5 +1,4 @@
 Port = "8989"
-Secret = "88b8a61690ee648bef9bc73463b8a05917f1916df169c775a3896719466be04a"
 ReadTimeout = 60000000000
 WriteTimeout = 60000000000
 IdleTimeout = 60000000000

integrate_test/mock_deamon.go

@@ -21,10 +21,7 @@ func setup(t *testing.T) (server *httptest.Server, dir string, token string) {
 	}
 	log.Infof("create storage temp dir: %s", tempDir)
 
-	cnf, err := config.DefaultConfig()
-	if err != nil {
-		t.Fatal(err)
-	}
+	cnf := config.DefaultConfig()
 	cnf.DB.DSN = tempDir
 
 	dir, err = homedir.Expand(tempDir)
@@ -36,7 +33,7 @@ func setup(t *testing.T) (server *httptest.Server, dir string, token string) {
 	gin.SetMode(gin.DebugMode)
 	dataPath := path.Join(dir, "data")
 
-	app, err := auth.NewOAuthApp(cnf.Secret, dataPath, cnf.DB)
+	app, err := auth.NewOAuthApp(dataPath, cnf.DB)
 	if err != nil {
 		t.Fatalf("Failed to init venus-auth: %s", err)
 	}

jwtclient/auth_client_test.go

@@ -26,10 +26,7 @@ var cli *AuthClient
 
 // nolint
 func TestMain(m *testing.M) {
-	cnf, err := config.DefaultConfig()
-	if err != nil {
-		log.Fatalf("failed to get default config err:%s", err)
-	}
+	cnf := config.DefaultConfig()
 	flag.StringVar(&cnf.DB.Type, "db", "badger", "mysql or badger")
 	flag.StringVar(&cnf.DB.DSN, "dns", "", "sql connection string or badger data path")
 	flag.Parse()
@@ -51,7 +48,7 @@ func TestMain(m *testing.M) {
 	}
 
 	// stm: @VENUSAUTH_JWT_NEW_OAUTH_SERVICE_001
-	app, err := auth.NewOAuthApp(cnf.Secret, tmpPath, cnf.DB)
+	app, err := auth.NewOAuthApp(tmpPath, cnf.DB)
 	if err != nil {
 		log.Fatalf("Failed to init oauthApp : %s", err)
 	}

jwtclient/inteface.go

@@ -2,9 +2,6 @@ package jwtclient
 
 import (
 	"context"
-	"crypto/rand"
-	"io"
-	"io/ioutil"
 
 	"github.com/filecoin-project/venus-auth/core"
 )
@@ -42,7 +39,3 @@ type Logger interface {
 	Debug(args ...interface{})
 	Debugf(template string, args ...interface{})
 }
-
-func RandSecret() ([]byte, error) {
-	return ioutil.ReadAll(io.LimitReader(rand.Reader, 32))
-}

jwtclient/local_auth_client.go

@@ -4,6 +4,7 @@ import (
 	"context"
 
 	"github.com/filecoin-project/venus-auth/auth"
+	"github.com/filecoin-project/venus-auth/config"
 	"github.com/filecoin-project/venus-auth/core"
 	jwt3 "github.com/gbrlsnchs/jwt/v3"
 )
@@ -13,7 +14,7 @@ type LocalAuthClient struct {
 }
 
 func NewLocalAuthClient() (*LocalAuthClient, []byte, error) {
-	secret, err := RandSecret()
+	secret, err := config.RandSecret()
 	if err != nil {
 		return nil, nil, err
 	}