diff --git a/.gitignore b/.gitignore index b6fcb392f8..162fc2bcba 100644 --- a/.gitignore +++ b/.gitignore @@ -352,3 +352,5 @@ secrets.sh # Redis *.rdb + +jwks.b64.txt diff --git a/care/utils/jwks/generate_jwk.py b/care/utils/jwks/generate_jwk.py index bc1f0454c1..b2e1565a43 100644 --- a/care/utils/jwks/generate_jwk.py +++ b/care/utils/jwks/generate_jwk.py @@ -1,5 +1,6 @@ import base64 import json +from pathlib import Path from authlib.jose import JsonWebKey @@ -11,3 +12,15 @@ def generate_encoded_jwks(): keys = {"keys": [key]} keys_json = json.dumps(keys) return base64.b64encode(keys_json.encode()).decode() + + +def get_jwks_from_file(base_path: Path): + file_path = base_path / "jwks.b64.txt" + try: + with open(file_path, "r") as file: + return file.read() + except FileNotFoundError: + jwks = generate_encoded_jwks() + with open(file_path, "w") as file: + file.write(jwks) + return jwks diff --git a/config/settings/base.py b/config/settings/base.py index 265abac9ab..07c5c5e1aa 100644 --- a/config/settings/base.py +++ b/config/settings/base.py @@ -2,13 +2,10 @@ Base settings to build other settings files upon. """ -import base64 -import json from datetime import datetime, timedelta from pathlib import Path import environ -from authlib.jose import JsonWebKey from django.utils.translation import gettext_lazy as _ from healthy_django.healthcheck.celery_queue_length import ( DjangoCeleryQueueLengthHealthCheck, @@ -17,7 +14,6 @@ from healthy_django.healthcheck.django_database import DjangoDatabaseHealthCheck from care.utils.csp import config as csp_config -from care.utils.jwks.generate_jwk import generate_encoded_jwks from plug_config import manager BASE_DIR = Path(__file__).resolve(strict=True).parent.parent.parent @@ -630,11 +626,6 @@ CURRENT_DOMAIN = env("CURRENT_DOMAIN", default="localhost:8000") BACKEND_DOMAIN = env("BACKEND_DOMAIN", default="localhost:9000") -# open id connect -JWKS = JsonWebKey.import_key_set( - json.loads(base64.b64decode(env("JWKS_BASE64", default=generate_encoded_jwks()))) -) - APP_VERSION = env("APP_VERSION", default="unknown") # ABDM diff --git a/config/settings/deployment.py b/config/settings/deployment.py index 4d22554be7..e2525bf0f6 100644 --- a/config/settings/deployment.py +++ b/config/settings/deployment.py @@ -1,6 +1,9 @@ +import base64 +import json import logging import sentry_sdk +from authlib.jose import JsonWebKey from sentry_sdk.integrations.celery import CeleryIntegration from sentry_sdk.integrations.django import DjangoIntegration from sentry_sdk.integrations.logging import LoggingIntegration, ignore_logger @@ -118,3 +121,6 @@ SNS_ACCESS_KEY = env("SNS_ACCESS_KEY") SNS_SECRET_KEY = env("SNS_SECRET_KEY") SNS_REGION = "ap-south-1" + +# open id connect +JWKS = JsonWebKey.import_key_set(json.loads(base64.b64decode(env("JWKS_BASE64")))) diff --git a/config/settings/local.py b/config/settings/local.py index 1e9196b582..0edae64230 100644 --- a/config/settings/local.py +++ b/config/settings/local.py @@ -1,4 +1,12 @@ +import base64 +import json + +from authlib.jose import JsonWebKey + +from care.utils.jwks.generate_jwk import get_jwks_from_file + from .base import * # noqa +from .base import BASE_DIR, INSTALLED_APPS, MIDDLEWARE, env # https://github.com/adamchainz/django-cors-headers#cors_allow_all_origins-bool CORS_ORIGIN_ALLOW_ALL = True @@ -6,19 +14,20 @@ # WhiteNoise # ------------------------------------------------------------------------------ # http://whitenoise.evans.io/en/latest/django.html#using-whitenoise-in-development -INSTALLED_APPS = ["whitenoise.runserver_nostatic"] + INSTALLED_APPS # noqa F405 +INSTALLED_APPS = ["whitenoise.runserver_nostatic"] + INSTALLED_APPS # django-silk # ------------------------------------------------------------------------------ # https://github.com/jazzband/django-silk#requirements -INSTALLED_APPS += ["silk"] # F405 -MIDDLEWARE += ["silk.middleware.SilkyMiddleware"] # noqa F405 +INSTALLED_APPS += ["silk"] +MIDDLEWARE += ["silk.middleware.SilkyMiddleware"] +# https://github.com/jazzband/django-silk#profiling SILKY_PYTHON_PROFILER = True # django-extensions # ------------------------------------------------------------------------------ # https://django-extensions.readthedocs.io/en/latest/installation_instructions.html#configuration -INSTALLED_APPS += ["django_extensions"] # F405 +INSTALLED_APPS += ["django_extensions"] # Celery @@ -33,3 +42,15 @@ RUNSERVER_PLUS_PRINT_SQL_TRUNCATE = 100000 DISABLE_RATELIMIT = True + +# open id connect +JWKS = JsonWebKey.import_key_set( + json.loads( + base64.b64decode( + env( + "JWKS_BASE64", + default=get_jwks_from_file(BASE_DIR), + ) + ) + ) +) diff --git a/config/settings/test.py b/config/settings/test.py index 69b5f54fb8..d06dc5c992 100644 --- a/config/settings/test.py +++ b/config/settings/test.py @@ -1,9 +1,12 @@ -""" -With these settings, tests run faster. -""" +import base64 +import json + +from authlib.jose import JsonWebKey + +from care.utils.jwks.generate_jwk import get_jwks_from_file from .base import * # noqa -from .base import env +from .base import BASE_DIR, TEMPLATES, env # GENERAL # ------------------------------------------------------------------------------ @@ -17,7 +20,7 @@ # TEMPLATES # ------------------------------------------------------------------------------ -TEMPLATES[-1]["OPTIONS"]["loaders"] = [ # type: ignore[index] # noqa F405 +TEMPLATES[-1]["OPTIONS"]["loaders"] = [ # type: ignore[index] ( "django.template.loaders.cached.Loader", [ @@ -74,3 +77,16 @@ } CELERY_TASK_ALWAYS_EAGER = True + + +# open id connect +JWKS = JsonWebKey.import_key_set( + json.loads( + base64.b64decode( + env( + "JWKS_BASE64", + default=get_jwks_from_file(BASE_DIR), + ) + ) + ) +)