adding token and tokenfile as configuration to set preshared key

project-kessel · Mar 1, 2024 · 8aa3f08 · 8aa3f08
1 parent 6e4a53f
commit 8aa3f08
Show file tree

Hide file tree

Showing 4 changed files with 44 additions and 19 deletions.
diff --git a/configs/config.yaml b/configs/config.yaml
@@ -1,12 +1,13 @@
 server:
   http:
-    addr: 0.0.0.0:8000
+    addr: "${HTTPADDR:0.0.0.0:8000}"
     timeout: 1s
   grpc:
-    addr: 0.0.0.0:9000
+    addr: "${GRPCADDR:0.0.0.0:9000}"
     timeout: 1s
 data:
   spiceDb:
     useTLS: false
     endpoint: "${ENDPOINT:spicedb:50051}"
-    token: "${PRESHARED:.secrets/local-spicedb-secret}"
+    token: "${PRESHARED}" # token takes precedence over tokenFile
+    tokenFile: "${PRESHARED_FILE:.secrets/local-spicedb-secret}"
diff --git a/internal/conf/conf.pb.go b/internal/conf/conf.pb.go
diff --git a/internal/conf/conf.proto b/internal/conf/conf.proto
@@ -30,6 +30,7 @@ message Data {
     bool useTLS = 1;
     string endpoint = 2;
     string token = 3;
+    string tokenFile = 4;
   }
   SpiceDb spiceDb = 1;
 }
diff --git a/internal/data/spicedb.go b/internal/data/spicedb.go
@@ -7,15 +7,14 @@ import (
 	"context"
 	"errors"
 	"fmt"
-	"io"
-	"os"
-
 	v1 "github.com/authzed/authzed-go/proto/authzed/api/v1"
 	"github.com/authzed/authzed-go/v1"
 	"github.com/authzed/grpcutil"
 	"github.com/go-kratos/kratos/v2/log"
 	"google.golang.org/grpc"
 	"google.golang.org/grpc/credentials/insecure"
+	"io"
+	"os"
 )
 
 // SpiceDbRepository .
@@ -31,10 +30,16 @@ func NewSpiceDbRepository(c *conf.Data, logger log.Logger) (*SpiceDbRepository,
 	opts = append(opts, grpc.EmptyDialOption{})
 	//TODO: add a flag to enable/disable grpc.WithBlock
 
-	token, err := readToken(c.SpiceDb.Token)
-	if err != nil {
-		log.NewHelper(logger).Error(err)
-		return nil, nil, err
+	var token string
+	var err error
+	if c.SpiceDb.Token != "" {
+		token = c.SpiceDb.Token
+	} else if c.SpiceDb.TokenFile != "" {
+		token, err = readToken(c.SpiceDb.TokenFile)
+		if err != nil {
+			log.NewHelper(logger).Error(err)
+			return nil, nil, err
+		}
 	}
 	if token == "" {
 		err := fmt.Errorf("token is empty: %s", token)
@@ -191,10 +196,19 @@ func createSpiceDbRelationship(relationship *apiV1.Relationship) *v1.Relationshi
 }
 
 func readToken(file string) (string, error) {
+	isFileExist := checkFileExists(file)
+	if !isFileExist {
+		return file, errors.New("file doesn't exist")
+	}
 	bytes, err := os.ReadFile(file)
 	if err != nil {
 		return "", err
 	}
 
 	return string(bytes), nil
 }
+
+func checkFileExists(filePath string) bool {
+	_, err := os.Stat(filePath)
+	return !errors.Is(err, os.ErrNotExist)
+}