diff options
Diffstat (limited to 'server')
| -rw-r--r-- | server/src/Jobs/TokenCleanupJob.cs | 5 | ||||
| -rw-r--r-- | server/src/Jobs/VaultTokenRenewalJob.cs | 15 | ||||
| -rw-r--r-- | server/src/Program.cs | 6 | ||||
| -rw-r--r-- | server/src/Services/VaultService.cs | 20 |
4 files changed, 33 insertions, 13 deletions
diff --git a/server/src/Jobs/TokenCleanupJob.cs b/server/src/Jobs/TokenCleanupJob.cs index 3b042b3..fce40c9 100644 --- a/server/src/Jobs/TokenCleanupJob.cs +++ b/server/src/Jobs/TokenCleanupJob.cs @@ -13,9 +13,10 @@ public class TokenCleanupJob : IJob } public Task Execute(IJobExecutionContext context) { - var staleTokens = _context.AccessTokens.Where(c => c.ExpiryDate < AppDateTime.UtcNow); + var staleTokens = _context.AccessTokens.Where(c => c.ExpiryDate < AppDateTime.UtcNow).ToList(); + if (staleTokens.IsNullOrEmpty()) return Task.CompletedTask; _logger.LogInformation("Removing {0} stale tokens", staleTokens.Count()); - _context.AccessTokens.RemoveRange(); + _context.AccessTokens.RemoveRange(staleTokens); return Task.CompletedTask; } } diff --git a/server/src/Jobs/VaultTokenRenewalJob.cs b/server/src/Jobs/VaultTokenRenewalJob.cs new file mode 100644 index 0000000..fffbf7c --- /dev/null +++ b/server/src/Jobs/VaultTokenRenewalJob.cs @@ -0,0 +1,15 @@ +using Quartz; + +namespace IOL.GreatOffice.Api.Jobs; + +public class VaultTokenRenewalJob : IJob +{ + private readonly ILogger<VaultTokenRenewalJob> _logger; + public VaultTokenRenewalJob(ILogger<VaultTokenRenewalJob> logger) { + _logger = logger; + } + + public Task Execute(IJobExecutionContext context) { + return Task.CompletedTask; + } +} diff --git a/server/src/Program.cs b/server/src/Program.cs index b7e6ce6..d7bbf9f 100644 --- a/server/src/Program.cs +++ b/server/src/Program.cs @@ -38,6 +38,7 @@ global using IOL.GreatOffice.Api.Data.Static; global using IOL.GreatOffice.Api.Services; global using IOL.GreatOffice.Api.Utilities; using System.Reflection; +using System.Security.Cryptography.X509Certificates; using IOL.GreatOffice.Api.Endpoints.V1; using IOL.GreatOffice.Api.Jobs; using Microsoft.AspNetCore.HttpOverrides; @@ -89,7 +90,10 @@ public static class Program }); } - builder.Services.AddDataProtection().PersistKeysToDbContext<AppDbContext>(); + builder.Services + .AddDataProtection() + .PersistKeysToDbContext<AppDbContext>() + .ProtectKeysWithCertificate(vaultService.Get<X509Certificate2>("")); builder.Services.Configure(JsonSettings.Default); builder.Services.AddQuartz(options => { options.UsePersistentStore(o => { diff --git a/server/src/Services/VaultService.cs b/server/src/Services/VaultService.cs index 6034586..f6d0ad8 100644 --- a/server/src/Services/VaultService.cs +++ b/server/src/Services/VaultService.cs @@ -15,7 +15,7 @@ public class VaultService CACHE_TTL = configuration.GetValue(AppEnvironmentVariables.VAULT_CACHE_TTL, 60 * 60 * 12); if (token.IsNullOrWhiteSpace()) throw new ApplicationException("VAULT_TOKEN is empty"); if (vaultUrl.IsNullOrWhiteSpace()) throw new ApplicationException("VAULT_URL is empty"); - client.DefaultRequestHeaders.Add(AppHeaders.VAULT_TOKEN, token); + client.DefaultRequestHeaders.Add("X-Vault-Token", token); client.BaseAddress = new Uri(vaultUrl); _client = client; _cache = cache; @@ -29,17 +29,17 @@ public class VaultService cacheEntry => { cacheEntry.AbsoluteExpirationRelativeToNow = TimeSpan.FromSeconds(CACHE_TTL); var getSecretResponse = _client.GetFromJsonAsync<GetSecretResponse<T>>("/v1/kv/data/" + path).Result; - if (getSecretResponse != null) { - Log.Debug("Setting new Vault cache, " - + new { - PATH = path, - CACHE_TTL, - Data = JsonSerializer.Serialize(getSecretResponse.Data.Data) - }); - return getSecretResponse.Data.Data ?? default; + if (getSecretResponse == null) { + return default; } - return default; + Log.Debug("Setting new Vault cache, " + + new { + PATH = path, + CACHE_TTL, + Data = JsonSerializer.Serialize(getSecretResponse.Data.Data) + }); + return getSecretResponse.Data.Data ?? default; }); } |