fixup: Take the rsa public key as a string, not as a file

Also allow the setting to be overridden with `VSS_JWT_RSA_PEM`

Author: tankyleo

rust/server/src/main.rs

@@ -36,7 +36,7 @@ fn main() {
 		std::process::exit(1);
 	}
 
-	let Config { server_config: ServerConfig { host, port, rsa_pub_file_path }, postgresql_config } =
+	let Config { server_config: ServerConfig { host, port }, jwt_auth_config, postgresql_config } =
 		match util::config::load_config(&args[1]) {
 			Ok(cfg) => cfg,
 			Err(e) => {
@@ -69,23 +69,27 @@ fn main() {
 			},
 		};
 
-		let authorizer: Arc<dyn Authorizer> = if let Some(file_path) = rsa_pub_file_path {
-			let rsa_pub_file = match std::fs::read(file_path) {
-				Ok(pem) => pem,
-				Err(e) => {
-					println!("Failed to read RSA public key file: {}", e);
-					std::process::exit(-1);
-				},
-			};
-			let rsa_public_key = match DecodingKey::from_rsa_pem(&rsa_pub_file) {
-				Ok(pem) => pem,
+		let rsa_pem_env = match std::env::var("VSS_JWT_RSA_PEM") {
+			Ok(env) => Some(env),
+			Err(std::env::VarError::NotPresent) => None,
+			Err(e) => {
+				println!("Failed to load the VSS_JWT_RSA_PEM env var: {}", e);
+				std::process::exit(-1);
+			},
+		};
+		let rsa_pem = rsa_pem_env.or(jwt_auth_config.map(|config| config.rsa_pem));
+		let authorizer: Arc<dyn Authorizer> = if let Some(pem) = rsa_pem {
+			let rsa_public_key = match DecodingKey::from_rsa_pem(pem.as_bytes()) {
+				Ok(p) => p,
 				Err(e) => {
-					println!("Failed to parse RSA public key file: {}", e);
+					println!("Failed to parse the PEM formatted RSA public key: {}", e);
 					std::process::exit(-1);
 				},
 			};
+			println!("Configured JWT authorizer with RSA public key");
 			Arc::new(JWTAuthorizer::new(rsa_public_key).await)
 		} else {
+			println!("No JWT authentication method configured");
 			Arc::new(NoopAuthorizer {})
 		};
 

rust/server/src/util/config.rs

@@ -3,14 +3,19 @@ use serde::Deserialize;
 #[derive(Deserialize)]
 pub(crate) struct Config {
 	pub(crate) server_config: ServerConfig,
+	pub(crate) jwt_auth_config: Option<JwtAuthConfig>,
 	pub(crate) postgresql_config: Option<PostgreSQLConfig>,
 }
 
 #[derive(Deserialize)]
 pub(crate) struct ServerConfig {
 	pub(crate) host: String,
 	pub(crate) port: u16,
-	pub(crate) rsa_pub_file_path: Option<String>,
+}
+
+#[derive(Deserialize)]
+pub(crate) struct JwtAuthConfig {
+	pub(crate) rsa_pem: String,
 }
 
 #[derive(Deserialize)]

rust/server/vss-server-config.toml

@@ -1,7 +1,21 @@
 [server_config]
 host = "127.0.0.1"
 port = 8080
-# rsa_pub_file_path = "rsa_public_key.pem" # Uncomment to verify JWT tokens in the HTTP Authorization header
+
+# Uncomment the table below to verify JWT tokens in the HTTP Authorization header against the given RSA public key,
+# can be overridden by env var `VSS_JWT_RSA_PEM`
+# [jwt_auth_config]
+# rsa_pem = """
+# -----BEGIN PUBLIC KEY-----
+# MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAstPJs4ut+tFAI0qrOyGt
+# /3FN5jWc5gLv/j9Rc6lgr4hm7lyR05PU/G+4rfxdXGNyGTlQ6dRqcVy78CjxWz9f
+# 8l08EKLERPh8JhE5el6vr+ehWD5iQxSP3ejpx0Mr977fKMNKg6jlFiL+y50hOEp2
+# 6iN9QzZQjLxotDT3aQvbCA/DZpI+fV6WKDKWGS+pZGDVgOz5x/RcStJQXxkX3ACK
+# WhVdrtN3h6mHlhIt7ZIqVvQmY4NL03QPyljt13sYHoiFaoxINF/funBMCjrfSLcB
+# ko1rWE2BWdOrFqi27RtBs5AHOSAWXuz/2SUGpFuTQuJi7U68QUfjKeQO46JpQf+v
+# kQIDAQAB
+# -----END PUBLIC KEY-----
+# """
 
 [postgresql_config]
 username = "postgres"  # Optional in TOML, can be overridden by env var `VSS_POSTGRESQL_USERNAME`