view website/www/code.txt @ 7809:be6cb2e0d471

feat: add support for rotating jwt keys This allows jwt_secret to have multiple ',' separated secrets. The first/leftmost should be used to sign new JWTs. All of them are used (starting from left/newest) to try to verify a JWT. If the first secret is < 32 chars in length JWTs are disabled. If any of the other secrets are < 32 chars, the configuration code causes the software to exit. This prevents insecure (too short) secrets from being used. Updated doc examples and tests.
author John Rouillard <rouilj@ieee.org>
date Thu, 14 Mar 2024 19:04:19 -0400
parents 6f5054751fb6
children 141225d2981e
line wrap: on
line source

.. meta::
    :description:
        Information for developers of Roundup. Including directions on
        checking code from repository, how to run demo mode and
        execute tests.

Code
====

Project history is maintained in `CHANGES.txt <https://sourceforge.net/p/roundup/code/ci/tip/tree/CHANGES.txt>`_
file in code repository of Roundup, which can also be viewed online
through SourceForge `web interface <https://sourceforge.net/p/roundup/code/ci/default/tree/>`_.

Get sources
-----------

Official **read-only access** to Mercurial repository is provided through ::

  hg clone http://hg.code.sf.net/p/roundup/code roundup

**Read/write access** requires SSH password or SSH key
authorization (see `SourceForge.net docs for details
<https://sourceforge.net/p/forge/documentation/Mercurial/>`_) ::

  hg clone ssh://USERNAME@hg.code.sf.net/p/roundup/code roundup

You also need to be added as a Roundup developer for write access - ask
for it on the :doc:`roundup-devel list <contact>`.

Run demo
--------

Roundup doesn't need any dependencies and works out of the box. Demo
is accessible at http://localhost:8917/demo/ by default ::

  cd roundup
  python demo.py

Execute tests
-------------
::

  python -m pytest test

See repository `README.txt <https://sourceforge.net/p/roundup/code/ci/tip/tree/README.txt>`_
for more info.

Roundup Issue Tracker: http://roundup-tracker.org/