feat(auth): migrate JWT from HS256 to RS256
- Add services/auth/app/config.py with JWT_PRIVATE_KEY and JWT_PUBLIC_KEY (Auth Service local config - private key never leaves this service) - Update routes.py: sign tokens with RS256 private key - Update deps.py + verify.py: verify tokens with RS256 public key - Update shared/config.py: replace JWT_SECRET/JWT_ALGORITHM with JWT_PUBLIC_KEY (for optional local verification by other services) - Add sys.path fix in main.py for local dev without PYTHONPATH
This commit is contained in:
Roberto Musso
@@ -4,7 +4,16 @@ Standalone FastAPI service extracted from the adiuva-api monolith.
|
||||
Owns: users, refresh_tokens, subscriptions (read).
|
||||
"""
|
||||
|
||||
import sys
|
||||
from contextlib import asynccontextmanager
|
||||
from pathlib import Path
|
||||
|
||||
# Ensure the repo root is on sys.path so "shared" is importable.
|
||||
# In Docker, COPY shared/ puts it at /app/shared/ (already importable).
|
||||
# In local dev, we need to add the repo root (two levels up from this file).
|
||||
_repo_root = str(Path(__file__).resolve().parents[3])
|
||||
if _repo_root not in sys.path:
|
||||
sys.path.insert(0, _repo_root)
|
||||
|
||||
from fastapi import FastAPI
|
||||
from fastapi.middleware.cors import CORSMiddleware
|
||||
|
||||
Reference in New Issue
Block a user