kixi.heimdall
(image from https://en.wikipedia.org/wiki/Heimdallr#/media/File:Gosforth_Cross_monsters.jpg)
This app has been largely inspired by the blog posts Securing Clojure Microservices using buddy.
Prerequisites
You will need Leiningen 2.0.0 or above installed.
The app requires a passphrase-protected private key and public key (RSA), to be generated with
openssl genrsa -aes128 -out auth_privkey.pem 2048
openssl rsa -pubout -in auth_privkey.pem -out auth_pubkey.pem
These should be moved to the resources/ folder. Ensure the that the key names match those in resources/conf.edn
under :auth-conf
.
There should also be a configuration file in the home directory called .secrets.edn
, with following structure:
{
:dev-passphrase "secret-key-you-used-to-create-pems"
}
The app has one significant URL: '/create-auth-token' which takes a username and password parameter in json format.
Development
You can add seed data for development using the following command:
lein seed development
Deployment on mesos
Assuming that mesos is running on AWS architecture. docker build an image with an extra argument to specify the S3 bucket the secrets are stored in.
docker build --build-arg SECRETS_BUCKET=<bucket> -t mastodonc/kixi.heimdall .
The deployment file to post to marathon can be built using the deploy.sh script
./scripts/deploy.sh <mesos-admin-lb> staging mastodonc/kixi.heimdall
(substituting mastodonc/kixi.heimdall in the snippets above by the desired docker image name)
Running
Heimdall uses docker and docker-compose to manage external dependencies in development:
docker-compose up
Wait until the system has settled before proceeding.
To start the application, run:
lein run -m kixi.heimdall.bootstrap -p <development/prod>
Development docker image
There's a docker-compose to start all the dependencies
docker-compose up
in the root directory.
To build a development docker image to use in dev setups, which expects all the dependencies to run on localhost:
docker build -t mastodonc/kixi.heimdall-dev -f Dockerfile-dev .
docker run --net=host -p 3002:3002 -p 5001:5001 mastodonc/kixi.heimdall-dev
The public key to use in combination with this development setup is the test_pubkey.pem which is in the resources folder.
The repl to do user and group administration
Beforehand:
(require '[kixi.heimdall.kaylee :as k])
To find a user (name, ID, etc), by username/email:
(k/find-user "foo@bar.com")
To invite a new user:
(k/invite-user! "foo@bar.com" "FooBar")
This will create the user, their self group, and produce an 'invite code' which the user can then use to signup via the /signup
route.
(k/invite-user! "foo@bar.com" "FooBar" ["Group"])
This will create the user, their self group, ensure they are a member (creating as required) of "Group", and produce an 'invite code' which the user can then use to signup via the /signup
route.
To change a user's password:
(k/change-user-password! "foo@bar.com" "S3cr3t!123")
To create a group:
(k/create-group! "New Group" "foo@bar.com")
This will create a group called 'New Group' and assign the 'foo@bar.com' user as the group owner.
To add and remove group members:
(k/add-user-to-group! "New Group" "baz@bar.com")
(k/remove-user-from-group! "New Group" "baz@bar.com")
Note: it's important to use the given functions so that an event gets fired off, especially when used in production.
License
Copyright © 2016 Mastodon C