azaion/satellite-provider
1
0
Fork 0
mirror of https://github.com/azaion/satellite-provider.git synced 2026-06-21 10:21:14 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
753be43d11cd046fd5db6eb829d8aa61854b0bec
satellite-provider/.env.example
T
Oleksandr Bezdieniezhnykh 96cd3c4495
ci/woodpecker/push/01-test Pipeline failed
Details
ci/woodpecker/push/02-build-push unknown status
Details
[AZ-487] JWT validation baseline (HS256, all endpoints) 
Adds Microsoft.AspNetCore.Authentication.JwtBearer 8.0.21 and the
SatelliteProvider.Api.Authentication.AddSatelliteJwt extension that
validates HS256 tokens against a shared JWT_SECRET (>=32 bytes, fail
fast at startup). Every minimal-API endpoint now carries
.RequireAuthorization(); the middleware chain is UseExceptionHandler ->
UseHttpsRedirection -> UseCors -> UseAuthentication -> UseAuthorization
-> endpoints. Swagger UI gets a Bearer security definition so the
Authorize button works.

Test infrastructure: JwtTokenFactory (unit) and JwtTestHelpers
(integration) mint deterministic tokens against the same secret; the
integration test runner attaches a default Bearer token to its shared
HttpClient so existing tests continue to exercise protected endpoints.
JwtIntegrationTests adds AC-1..AC-4 and AC-7 (Swagger advertises
Bearer) end-to-end; AuthenticationServiceCollectionExtensionsTests
covers AC-5 (missing/empty/short secret fail-fast) plus env-var
precedence; JwtTokenFactoryTests covers AC-6 (claims pass through
the JwtSecurityTokenHandler.ValidateToken path JwtBearer uses).

docker-compose and scripts/run-tests.sh now propagate JWT_SECRET to
the api and integration-tests containers, with a >=32-byte guard.
.env.example documents the required keys; .env stays gitignored.

Code review verdict: PASS_WITH_WARNINGS (2 Low findings surfaced
in _docs/03_implementation/reviews/batch_01_cycle2_review.md).

Cross-component coordination: gps-denied-onboard and the mission
planner UI must attach Bearer tokens before this lands in dev.

Co-authored-by: Cursor <cursoragent@cursor.com>
2026-05-11 23:06:23 +03:00

19 lines
698 B
Bash
Raw Blame History

# Satellite Provider environment configuration template.
# Copy this file to `.env` and replace placeholder values before running
# docker-compose or scripts/run-tests.sh.
#
# IMPORTANT: `.env` is gitignored on purpose. Never commit real secrets.
# Google Maps Platform API key for satellite imagery downloads.
GOOGLE_MAPS_API_KEY=
# HMAC-SHA256 signing key for JWT validation (suite-level auth contract,
# `suite/_docs/10_auth.md`). MUST be at least 32 bytes (UTF-8) — the API
# fails fast on startup if this is unset or shorter.
#
# Generate a strong secret with, for example:
# openssl rand -hex 32
#
# Test/CI runs may use a clearly tagged TEST-ONLY value (still >=32 bytes).
JWT_SECRET=
Reference in New Issue View Git Blame Copy Permalink