feat: make rp id configurable

2025-02-23 15:12:52 +08:00 · 2023-04-08 13:54:32 +02:00 · 2023-04-08 13:54:32 +02:00 · 807f5e776c
commit 807f5e776c
parent b8b322d737
5 changed files with 13 additions and 5 deletions
--- a/backend/src/main/java/io/papermc/hangar/components/auth/config/WebAuthNConfig.java
+++ b/backend/src/main/java/io/papermc/hangar/components/auth/config/WebAuthNConfig.java
@ -3,6 +3,7 @@ package io.papermc.hangar.components.auth.config;
 import com.yubico.webauthn.RelyingParty;
 import com.yubico.webauthn.data.RelyingPartyIdentity;
 import io.papermc.hangar.components.auth.service.WebAuthNService;
+import io.papermc.hangar.config.hangar.HangarConfig;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;

@ -10,17 +11,18 @@ import org.springframework.context.annotation.Configuration;
 public class WebAuthNConfig {

    private final WebAuthNService webAuthNService;
+    private final HangarConfig config;

-    public WebAuthNConfig(final WebAuthNService webAuthNService) {
+    public WebAuthNConfig(final WebAuthNService webAuthNService, final HangarConfig config) {
        this.webAuthNService = webAuthNService;
+        this.config = config;
    }

    @Bean
    public RelyingPartyIdentity relyingPartyIdentity() {
-        // TODO get from config
        return RelyingPartyIdentity.builder()
-            .id("localhost")
-            .name("Hangar")
+            .id(this.config.security.rpId())
+            .name(this.config.security.rpName())
            .build();
    }

--- a/backend/src/main/java/io/papermc/hangar/config/hangar/HangarSecurityConfig.java
+++ b/backend/src/main/java/io/papermc/hangar/config/hangar/HangarSecurityConfig.java
@ -17,7 +17,9 @@ public record HangarSecurityConfig(
    String tokenIssuer,
    String tokenSecret,
    @DurationUnit(ChronoUnit.SECONDS) Duration tokenExpiry,
-    @DurationUnit(ChronoUnit.DAYS) Duration refreshTokenExpiry
+    @DurationUnit(ChronoUnit.DAYS) Duration refreshTokenExpiry,
+    String rpName,
+    String rpId
 ) {

    public boolean checkSafe(final String url) {
--- a/backend/src/main/resources/application.yml
+++ b/backend/src/main/resources/application.yml
@ -153,6 +153,8 @@ hangar:
    token-secret: "secret!"
    token-expiry: 300 # seconds
    refresh-token-expiry: 30 # days
+    rp-name: "Hangar"
+    rp-id: "localhost"
    safe-download-hosts:
      - "github.com"
      - "githubusercontent.com"
--- a/chart/templates/secret-hangar-backend.yaml
+++ b/chart/templates/secret-hangar-backend.yaml
@ -52,6 +52,7 @@ stringData:

      security:
        token-secret: "{{ .Values.backend.config.tokenSecret }}"
+        rp-id: "{{ .Values.backend.config.rpId }}"

      storage:
        plugin-upload-dir: "/hangar/uploads"
--- a/chart/values.yaml
+++ b/chart/values.yaml
@ -179,6 +179,7 @@ backend:
      database: "hangarauth"
      options: "?currentSchema=hangar"
    tokenSecret: "secret"
+    rpId: "localhost"
    storage:
      type: "local"
      accessKey: "todo"