neofs-oauthz is an authentication backend allowing to login to NeoFS network via Google or Github OAuth 2.0. It checks the user and then generates a bearer token to allow uploading files with user's e-mail specified in attributes. There is no fancy key management there, but at the same time it allows to identify each object's uploader which is the main purpose for it now. This backend is currently used by https://send.fs.neo.org/ demo.
- To build the binary run the following command:
$ make
- To build the docker image
make image
neofs-oauthz must be run with .yaml config file:
$ ./neofs-oauthz -c config.yaml
or environment variables
NEOFS_OAUTHZ_CONFIG=config.yaml ./neofs-oauthz
Example of the configuration file: config/config.yaml
Now the app supports authentication via github and google services.
redirect:
url: "/"
listen_address: 0.0.0.0:8083
logger:
level: debug
connect_timeout: 30s
request_timeout: 15s
rebalance_timer: 15s
| Parameter | Type | Default value | Description |
|---|---|---|---|
bearer_cookie_name |
string |
Bearer |
The name of the cookie holding bearer token. |
redirect.url |
string |
URL to redirect users going through the OAuth flow | |
listen_address |
string |
The address that the app is listening on. | |
logger.level |
string |
debug |
Logging level. Possible values: debug, info, warn, error, dpanic, panic, fatal. |
connect_timeout |
duration |
30s |
Timeout to connect to a node. |
request_timeout |
duration |
15s |
Timeout to check node health during rebalance. |
rebalance_timer |
duration |
15s |
Interval to check node health. |
neofs:
wallet:
path: /path/to/wallet.json
address: NfgHwwTi3wHAS8aFAN243C5vGbkYDpqLHP # Account address. If omitted default one will be used.
passphrase: '' # Passphrase to decrypt wallet. If you're using a wallet without a password, place '' here.
cid: 2qAEwyRwV1sMmq8pc32mKCt1SRmTBXrzP9KbfMoHmqYM
bearer_user_id: NUVPACMnKFhpuHjsRjhUvXz1XhqfGZYVtY
bearer_email_attribute: email
| Parameter | Type | Default value | Description |
|---|---|---|---|
neofs.wallet.path |
string |
Path to the wallet. | |
neofs.wallet.address |
string |
Account address to get from wallet. If omitted default one will be used. | |
neofs.wallet.passphrase |
string |
Passphrase to decrypt wallet. | |
neofs.cid |
string |
container ID in NeoFS where objects will be stored | |
neofs.bearer_user_id |
string |
User ID that will be given the right to upload objects into NeoFS container (can be omitted to allow this for any owner of the token) | |
neofs.bearer_email_attribute |
string |
Email |
The name of the NeoFS attribute used as to match user by his e-mail address (case sensitive as all NeoFS attributes) |
peers:
0:
address: node1.neofs:8080
priority: 1
weight: 1
1:
address: node2.neofs:8080
priority: 2
weight: 0.1
2:
address: node3.neofs:8080
priority: 2
weight: 0.9
| Parameter | Type | Default value | Description |
|---|---|---|---|
address |
string |
Address of storage node. | |
priority |
int |
1 |
It allows to group nodes and don't switch group until all nodes with the same priority will be unhealthy. The lower the value, the higher the priority. |
weight |
float |
1 |
Weight of node in the group with the same priority. Distribute requests to nodes proportionally to these values. |