9 changed files with 21 additions and 137 deletions
--- a/.goreleaser.yml
+++ b/.goreleaser.yml
@ -113,5 +113,10 @@ nfpms:
        file_info:
          mode: 0700
        packager: apk
+      - dst: /var/log/storage-server
+        type: dir
+        file_info:
+          mode: 0750
+        packager: apk
    scripts:
      postinstall: "misc/packaging/common/postinstall-storage-server.sh"
--- a/cmd/storage-server/command/auth/check_token.go
+++ b/cmd/storage-server/command/auth/check_token.go
@ -1,75 +0,0 @@
-package auth
-
-import (
-	"encoding/json"
-	"fmt"
-
-	"forge.cadoles.com/arcad/edge/cmd/storage-server/command/flag"
-	"forge.cadoles.com/arcad/edge/pkg/jwtutil"
-	"github.com/lestrrat-go/jwx/v2/jwa"
-	"github.com/pkg/errors"
-	"github.com/urfave/cli/v2"
-)
-
-func CheckToken() *cli.Command {
-	return &cli.Command{
-		Name:  "check-token",
-		Usage: "Validate and print the given token with the private key",
-		Flags: []cli.Flag{
-			&cli.StringFlag{
-				Name:     "token",
-				Required: true,
-			},
-			flag.PrivateKey,
-			flag.PrivateKeySigningAlgorithm,
-			flag.PrivateKeyDefaultSize,
-		},
-		Action: func(ctx *cli.Context) error {
-			privateKeyFile := flag.GetPrivateKey(ctx)
-			signingAlgorithm := flag.GetSigningAlgorithm(ctx)
-			privateKeyDefaultSize := flag.GetPrivateKeyDefaultSize(ctx)
-			rawToken := ctx.String("token")
-
-			if rawToken == "" {
-				return errors.New("you must provide a value for --token flag")
-			}
-
-			privateKey, err := jwtutil.LoadOrGenerateKey(
-				privateKeyFile,
-				privateKeyDefaultSize,
-			)
-			if err != nil {
-				return errors.WithStack(err)
-			}
-
-			keySet, err := jwtutil.NewKeySet()
-			if err != nil {
-				return errors.WithStack(err)
-			}
-
-			err = jwtutil.AddKeyWithSigningAlgo(keySet, privateKey, jwa.SignatureAlgorithm(signingAlgorithm))
-			if err != nil {
-				return errors.WithStack(err)
-			}
-
-			token, err := jwtutil.Parse([]byte(rawToken), keySet)
-			if err != nil {
-				return errors.WithStack(err)
-			}
-
-			claims, err := token.AsMap(ctx.Context)
-			if err != nil {
-				return errors.WithStack(err)
-			}
-
-			json, err := json.MarshalIndent(claims, "", "  ")
-			if err != nil {
-				return errors.WithStack(err)
-			}
-
-			fmt.Println(string(json))
-
-			return nil
-		},
-	}
-}
--- a/cmd/storage-server/command/auth/root.go
+++ b/cmd/storage-server/command/auth/root.go
@ -10,7 +10,6 @@ func Root() *cli.Command {
 		Usage: "Auth related command",
 		Subcommands: []*cli.Command{
 			NewToken(),
-			CheckToken(),
 		},
 	}
 }
--- a/cmd/storage-server/command/run.go
+++ b/cmd/storage-server/command/run.go
@ -41,11 +41,6 @@ func Run() *cli.Command {
 				Aliases: []string{"addr"},
 				Value:   ":3001",
 			},
-			&cli.IntFlag{
-				Name:    "log-level",
-				EnvVars: []string{"STORAGE_SERVER_LOG_LEVEL"},
-				Value:   int(logger.LevelError),
-			},
 			&cli.StringFlag{
 				Name:    "blobstore-dsn-pattern",
 				EnvVars: []string{"STORAGE_SERVER_BLOBSTORE_DSN_PATTERN"},
@ -85,9 +80,6 @@ func Run() *cli.Command {
 			privateKeyFile := flag.GetPrivateKey(ctx)
 			signingAlgorithm := flag.GetSigningAlgorithm(ctx)
 			privateKeyDefaultSize := flag.GetPrivateKeyDefaultSize(ctx)
-			logLevel := ctx.Int("log-level")
-
-			logger.SetLevel(logger.Level(logLevel))

 			router := chi.NewRouter()

@ -99,6 +91,11 @@ func Run() *cli.Command {
 				return errors.WithStack(err)
 			}

+			publicKey, err := privateKey.PublicKey()
+			if err != nil {
+				return errors.WithStack(err)
+			}
+
 			getBlobStoreServer := createGetCachedStoreServer(
 				func(dsn string) (storage.BlobStore, error) {
 					return driver.NewBlobStore(dsn)
@ -128,17 +125,12 @@ func Run() *cli.Command {

 			router.Use(middleware.RealIP)
 			router.Use(middleware.Logger)
-
-			logger.Debug(ctx.Context, "using authentication", logger.F("privateKey", privateKeyFile), logger.F("signingAlgorithm", signingAlgorithm))
-
-			router.Use(authenticate(privateKey, jwa.SignatureAlgorithm(signingAlgorithm)))
+			router.Use(authenticate(publicKey, jwa.SignatureAlgorithm(signingAlgorithm)))

 			router.Handle("/blobstore", createStoreHandler(getBlobStoreServer, blobStoreDSNPattern, true, cacheSize, cacheTTL))
 			router.Handle("/documentstore", createStoreHandler(getDocumentStoreServer, documentStoreDSNPattern, true, cacheSize, cacheTTL))
 			router.Handle("/sharestore", createStoreHandler(getShareStoreServer, shareStoreDSNPattern, false, cacheSize, cacheTTL))

-			logger.Info(ctx.Context, "listening", logger.F("addr", addr))
-
 			if err := http.ListenAndServe(addr, router); err != nil {
 				return errors.WithStack(err)
 			}
@ -226,17 +218,15 @@ func authenticate(privateKey jwk.Key, signingAlgorithm jwa.SignatureAlgorithm) f
 			ctx := r.Context()

 			createKeySet.Do(func() {
-				var keySet jwk.Set
-
-				keySet, err = jwtutil.NewKeySet()
+				err = privateKey.Set(jwk.AlgorithmKey, signingAlgorithm)
 				if err != nil {
-					err = errors.WithStack(err)
 					return
 				}

-				err = jwtutil.AddKeyWithSigningAlgo(keySet, privateKey, signingAlgorithm)
+				var keySet jwk.Set
+
+				keySet, err = jwtutil.NewKeySet(privateKey)
 				if err != nil {
-					err = errors.WithStack(err)
 					return
 				}

--- a/misc/packaging/openrc/storage-server.openrc.sh
+++ b/misc/packaging/openrc/storage-server.openrc.sh
@ -1,7 +1,7 @@
 #!/sbin/openrc-run
  
 command="/usr/bin/storage-server"
-command_args="run"
+command_args=run""
 supervisor=supervise-daemon
 output_log="/var/log/storage-server.log"
 error_log="$output_log"
--- a/modd.conf
+++ b/modd.conf
@ -4,7 +4,6 @@ pkg/sdk/client/src/**/*.js
 pkg/sdk/client/src/**/*.ts
 misc/client-sdk-testsuite/dist/server/*.js
 modd.conf
-.env
 {
    prep: make build-sdk build-cli build-storage-server
    daemon: make run-app
--- a/pkg/jwtutil/key.go
+++ b/pkg/jwtutil/key.go
@ -1,36 +1,11 @@
 package jwtutil

 import (
-	"strings"
-
 	"github.com/lestrrat-go/jwx/v2/jwa"
 	"github.com/lestrrat-go/jwx/v2/jwk"
 	"github.com/pkg/errors"
 )

-func AddKeyWithSigningAlgo(keySet jwk.Set, key jwk.Key, signingAlgorithm jwa.SignatureAlgorithm) error {
-	addedKey := key
-
-	if !strings.HasPrefix(string(signingAlgorithm), "HS") {
-		publicKey, err := key.PublicKey()
-		if err != nil {
-			return errors.WithStack(err)
-		}
-
-		addedKey = publicKey
-	}
-
-	if err := addedKey.Set(jwk.AlgorithmKey, signingAlgorithm); err != nil {
-		return errors.WithStack(err)
-	}
-
-	if err := keySet.AddKey(addedKey); err != nil {
-		return errors.WithStack(err)
-	}
-
-	return nil
-}
-
 func NewKeySet(keys ...jwk.Key) (jwk.Set, error) {
 	set := jwk.NewSet()

--- a/pkg/jwtutil/request.go
+++ b/pkg/jwtutil/request.go
@ -5,6 +5,7 @@ import (
 	"strings"

 	"github.com/lestrrat-go/jwx/v2/jwk"
+	"github.com/lestrrat-go/jwx/v2/jws"
 	"github.com/lestrrat-go/jwx/v2/jwt"
 	"github.com/pkg/errors"
 )
@ -110,7 +111,10 @@ func FindToken(r *http.Request, getKeySet GetKeySetFunc, funcs ...FindTokenOptio
 		return nil, errors.WithStack(ErrNoKeySet)
 	}

-	token, err := Parse([]byte(rawToken), keySet)
+	token, err := jwt.Parse([]byte(rawToken),
+		jwt.WithKeySet(keySet, jws.WithRequireKid(false)),
+		jwt.WithValidate(true),
+	)
 	if err != nil {
 		return nil, errors.WithStack(err)
 	}
--- a/pkg/jwtutil/token.go
+++ b/pkg/jwtutil/token.go
@ -5,7 +5,6 @@ import (

 	"github.com/lestrrat-go/jwx/v2/jwa"
 	"github.com/lestrrat-go/jwx/v2/jwk"
-	"github.com/lestrrat-go/jwx/v2/jws"
 	"github.com/lestrrat-go/jwx/v2/jwt"
 	"github.com/oklog/ulid/v2"
 	"github.com/pkg/errors"
@ -39,15 +38,3 @@ func SignedToken(key jwk.Key, signingAlgorithm jwa.SignatureAlgorithm, claims ma

 	return rawToken, nil
 }
-
-func Parse(rawToken []byte, keySet jwk.Set) (jwt.Token, error) {
-	token, err := jwt.Parse(rawToken,
-		jwt.WithKeySet(keySet, jws.WithRequireKid(false)),
-		jwt.WithValidate(true),
-	)
-	if err != nil {
-		return nil, errors.WithStack(err)
-	}
-
-	return token, nil
-}