mirror of
https://github.com/azaion/admin.git
synced 2026-06-21 15:01:09 +00:00
Oleksandr Bezdieniezhnykh
51a293dbcc
AZ-531 — /login now returns access (15 min) + opaque refresh; rotation on /token/refresh; reuse of a rotated refresh kills the entire session family per OAuth 2.1 §6.1; sliding 8 h + absolute 12 h windows; new sessions table with serializable-tx rotation. AZ-532 — switched access-token signing from HS256 shared-secret to ES256 file-backed PEMs; new JwtSigningKeyProvider, JWKS at /.well-known/jwks.json with public-only fields and 1 h cache; ValidAlgorithms pinned so an HS256-with-public-key alg-confusion attack is rejected; production keys ignored under secrets/jwt-keys, deterministic test fixtures committed under e2e/test-keys. Tests: 10/10 new ACs covered (RefreshTokenFlowTests, AsymmetricSigningTests). Pre-existing AuthTests.Jwt_contains_expected_claims_and_lifetime updated for 15 min + sid/jti claims; SecurityTests.Expired_jwt re-signed with ES256; ResilienceTests login p95 SLO raised 500 ms → 1500 ms in test env to reflect Argon2id + dual DB writes + ES256 sign cost (production Linux budget unchanged, see batch_02_cycle2_review.md F1). Co-authored-by: Cursor <cursoragent@cursor.com>
56 lines
3.5 KiB
Bash
56 lines
3.5 KiB
Bash
# =============================================================================
|
|
# Azaion Admin API — environment variable template
|
|
# Copy to `.env` (git-ignored) and fill in real values for your environment.
|
|
# Production secrets MUST come from the secret manager, not from a checked-in
|
|
# file. See _docs/04_deploy/reports/deploy_status_report.md for the full table.
|
|
# =============================================================================
|
|
|
|
# ---------- ASP.NET Core runtime --------------------------------------------
|
|
ASPNETCORE_ENVIRONMENT=Development # Development | Staging | Production
|
|
ASPNETCORE_URLS=http://+:8080 # Kestrel bind address inside the container
|
|
|
|
# ---------- Database (PostgreSQL on port 4312 in prod, 5432 in test) --------
|
|
# Two roles: reader (read-only) and admin (read/write). See env/db/01_permissions.sql.
|
|
ASPNETCORE_ConnectionStrings__AzaionDb=Host=localhost;Port=4312;Database=azaion;Username=azaion_reader;Password=CHANGE_ME
|
|
ASPNETCORE_ConnectionStrings__AzaionDbAdmin=Host=localhost;Port=4312;Database=azaion;Username=azaion_admin;Password=CHANGE_ME
|
|
|
|
# ---------- JWT (ES256, 15 min access, 8/12 h refresh — AZ-531/AZ-532) ------
|
|
# AZ-532 — admin signs access tokens with ES256. Keys live as PEM files in
|
|
# JwtConfig__KeysFolder (the kid is the filename without `.pem`); generate with
|
|
# scripts/generate-jwt-key.sh. JwtConfig__Secret is gone — verifiers fetch the
|
|
# public key from /.well-known/jwks.json instead.
|
|
ASPNETCORE_JwtConfig__Issuer=AzaionApi
|
|
ASPNETCORE_JwtConfig__Audience=Annotators/OrangePi/Admins
|
|
ASPNETCORE_JwtConfig__KeysFolder=secrets/jwt-keys
|
|
# ActiveKid optional — defaults to the lexicographically first PEM in the folder.
|
|
# ASPNETCORE_JwtConfig__ActiveKid=kid-20260514-000000
|
|
ASPNETCORE_JwtConfig__AccessTokenLifetimeMinutes=15
|
|
|
|
# AZ-531 — refresh-token windows. Sliding extends on every rotation; absolute
|
|
# caps the family lifetime regardless of activity.
|
|
ASPNETCORE_SessionConfig__RefreshSlidingHours=8
|
|
ASPNETCORE_SessionConfig__RefreshAbsoluteHours=12
|
|
|
|
# ---------- Resource storage (filesystem) -----------------------------------
|
|
ASPNETCORE_ResourcesConfig__ResourcesFolder=Content
|
|
|
|
# ---------- Container build / image label ------------------------------------
|
|
# Injected at build time as --build-arg CI_COMMIT_SHA=… by Woodpecker.
|
|
# Local builds may leave it unset (Dockerfile defaults to "unknown").
|
|
# CI_COMMIT_SHA=
|
|
|
|
# ---------- Deploy targets (consumed by scripts/, not by the API process) ---
|
|
DEPLOY_HOST=admin.azaion.com # SSH target for scripts/deploy.sh
|
|
DEPLOY_SSH_USER=root # SSH user on DEPLOY_HOST
|
|
DEPLOY_CONTAINER_NAME=azaion.api # Docker container name on the host
|
|
DEPLOY_HOST_PORT=4000 # Port published on DEPLOY_HOST (mapped to 8080 in container)
|
|
DEPLOY_HOST_CONTENT_DIR=/root/api/content # Bind-mount for resource files
|
|
DEPLOY_HOST_LOGS_DIR=/root/api/logs # Bind-mount for Serilog rolling files
|
|
|
|
# ---------- Container registry ----------------------------------------------
|
|
REGISTRY_HOST=docker.azaion.com # Private registry; CI may use localhost:5000
|
|
REGISTRY_IMAGE=azaion/admin # Image path inside REGISTRY_HOST
|
|
REGISTRY_TAG=dev-arm # main→arm, stage→stage-arm, dev→dev-arm
|
|
REGISTRY_USER= # CI / scripts only — leave empty in dev .env
|
|
REGISTRY_TOKEN= # CI / scripts only — leave empty in dev .env
|