make token expiratioin configurable

2024-10-31 23:59:32 +01:00 · 2016-08-08 11:21:48 +08:00 · 2016-08-08 11:21:48 +08:00 · fe34a6a110
commit fe34a6a110
parent 77448551ee
4 changed files with 33 additions and 2 deletions
--- a/Deploy/harbor.cfg
+++ b/Deploy/harbor.cfg
@ -44,6 +44,9 @@ use_compressed_js = on
 #Maximum number of job workers in job service  
 max_job_workers = 3 

+#The expiration of token used by token service, default is 30 minutes
+token_expiration = 30
+
 #Determine whether the job service should verify the ssl cert when it connects to a remote registry.
 #Set this flag to off when the remote registry uses a self-signed or untrusted certificate.
 verify_remote_cert = on
--- a/Deploy/prepare
+++ b/Deploy/prepare
@ -48,6 +48,7 @@ crt_organizationalunit = rcp.get("configuration", "crt_organizationalunit")
 crt_commonname = rcp.get("configuration", "crt_commonname")
 crt_email = rcp.get("configuration", "crt_email")
 max_job_workers = rcp.get("configuration", "max_job_workers")
+token_expiration = rcp.get("configuration", "token_expiration")
 verify_remote_cert = rcp.get("configuration", "verify_remote_cert")
 ########

@ -101,7 +102,8 @@ render(os.path.join(templates_dir, "ui", "env"),
 	self_registration=self_registration,
 	use_compressed_js=use_compressed_js,
        ui_secret=ui_secret,
-	verify_remote_cert=verify_remote_cert)
+	verify_remote_cert=verify_remote_cert,
+	token_expiration=token_expiration)

 render(os.path.join(templates_dir, "ui", "app.conf"),
        ui_conf,
--- a/Deploy/templates/ui/env
+++ b/Deploy/templates/ui/env
@ -19,3 +19,4 @@ GODEBUG=netdns=cgo
 EXT_ENDPOINT=$ui_url
 TOKEN_URL=http://ui
 VERIFY_REMOTE_CERT=$verify_remote_cert
+TOKEN_EXPIRATION=$token_expiration
--- a/service/token/authutils.go
+++ b/service/token/authutils.go
@ -21,6 +21,8 @@ import (
 	"encoding/base64"
 	"encoding/json"
 	"fmt"
+	"os"
+	"strconv"
 	"strings"
 	"time"

@ -34,9 +36,32 @@ import (
 const (
 	issuer     = "registry-token-issuer"
 	privateKey = "/etc/ui/private_key.pem"
-	expiration = 5 //minute
 )

+var (
+	expiration = 30 //minutes
+)
+
+func init() {
+	// TODO read it from config
+	expi := os.Getenv("TOKEN_EXPIRATION")
+	if len(expi) != 0 {
+		i, err := strconv.Atoi(expi)
+		if err != nil {
+			log.Errorf("failed to parse token expiration: %v, using default value: %d minutes", err, expiration)
+			return
+		}
+
+		if i <= 0 {
+			log.Warningf("invalid token expiration, using default value: %d minutes", expiration)
+			return
+		}
+
+		expiration = i
+	}
+	log.Infof("token expiration: %d minutes", expiration)
+}
+
 // GetResourceActions ...
 func GetResourceActions(scopes []string) []*token.ResourceActions {
 	log.Debugf("scopes: %+v", scopes)