🎉 Add keys namespace.

A modularized approach for key derivation.
2025-07-15 11:25:12 +02:00 · 2021-07-06 10:42:24 +02:00 · 2021-07-06 10:42:24 +02:00 · d1cce44616
commit d1cce44616
parent c02638e10e
5 changed files with 42 additions and 19 deletions
--- a/backend/src/app/tokens.clj
+++ b/backend/src/app/tokens.clj
@ -11,19 +11,10 @@
   [app.common.spec :as us]
   [app.common.transit :as t]
   [app.util.time :as dt]
-   [buddy.core.kdf :as bk]
   [buddy.sign.jwe :as jwe]
   [clojure.spec.alpha :as s]
   [integrant.core :as ig]))

-(defn- derive-tokens-secret
-  [key]
-  (let [engine (bk/engine {:key key
-                           :salt "tokens"
-                           :alg :hkdf
-                           :digest :blake2b-512})]
-    (bk/get-bytes engine 32)))
-
 (defn- generate
  [cfg claims]
  (let [payload (t/encode claims)]
@ -50,13 +41,6 @@
                :params params))
    claims))

-(s/def ::secret-key ::us/string)
-(s/def ::props
-  (s/keys :req-un [::secret-key]))
-
-(defmethod ig/pre-init-spec ::tokens [_]
-  (s/keys :req-un [::props]))
-
 (defn- generate-predefined
  [cfg {:keys [iss profile-id] :as params}]
  (case iss
@ -70,9 +54,14 @@
              :code :not-implemented
              :hint "no predefined token")))

+(s/def ::keys fn?)
+
+(defmethod ig/pre-init-spec ::tokens [_]
+  (s/keys :req-un [::keys]))
+
 (defmethod ig/init-key ::tokens
-  [_ {:keys [props] :as cfg}]
-  (let [secret (derive-tokens-secret (:secret-key props))
+  [_ {:keys [keys] :as cfg}]
+  (let [secret (keys :salt "tokens" :size 32)
        cfg    (assoc cfg ::secret secret)]
    (fn [action params]
      (case action