sts-sponsors team mailing list archive

[Adam Collard <mp+440870@xxxxxxxxxxxxxxxxxx>]

Diff comments:

> diff --git a/backend/msm/schema/_models.py b/backend/msm/schema/_models.py
> index 9a80683..76ed5e9 100644
> --- a/backend/msm/schema/_models.py
> +++ b/backend/msm/schema/_models.py
> @@ -112,6 +123,23 @@ class Token(CreateToken):
>      id: int
>  
>  
> +class JWTToken(BaseModel):

JWTToken ? Like a PIN number to use at the ATM machine?

s/JWTToken/JSONWebToken/ ?

> +    """
> +    A JSON Web Token for authenticating users.
> +    """
> +
> +    access_token: str
> +    token_type: str
> +
> +
> +class JWTTokenData(BaseModel):
> +    """
> +    The payload data for a JWT Token
> +    """
> +
> +    email: str
> +
> +
>  class PaginatedTokens(PaginatedResults):
>      items: list[Token]
>  
> diff --git a/backend/msm/settings.py b/backend/msm/settings.py
> index 680fcf3..0fc9f59 100644
> --- a/backend/msm/settings.py
> +++ b/backend/msm/settings.py
> @@ -28,5 +36,19 @@ class Settings(BaseSettings):
>          env="MSM_ALLOWED_ORIGINS",
>      )
>  
> +    # to get a string like this run:
> +    # openssl rand -hex 32
> +    secret_key = getenv(
> +        "SECRET_KEY",
> +        "09d25e094faa6ca2556c818166b7a9563b93f7099f6f0f4caa6cf63b88e8d3e7",

err, wat? this feels super dangerous

> +    )
> +    if "SECRET_KEY" not in environ:
> +        logger.critical("Secret key not defined in environment!")
> +    # XXX: Require this in the config
> +
> +    algorithm = "HS256"
> +
> +    access_token_expire_minutes = int(getenv("TOKEN_EXPIRATION_TIME", 30))
> +
>  
>  SETTINGS = Settings()


-- 
https://code.launchpad.net/~lloydwaltersj/maas-site-manager/+git/site-manager/+merge/440870
Your team MAAS Committers is requested to review the proposed merge of ~lloydwaltersj/maas-site-manager:add-login into maas-site-manager:main.