Mercurial > p > roundup > code
view website/www/code.txt @ 7809:be6cb2e0d471
feat: add support for rotating jwt keys
This allows jwt_secret to have multiple ',' separated secrets. The
first/leftmost should be used to sign new JWTs. All of them are used
(starting from left/newest) to try to verify a JWT.
If the first secret is < 32 chars in length JWTs are disabled. If any
of the other secrets are < 32 chars, the configuration code causes the
software to exit. This prevents insecure (too short) secrets from
being used.
Updated doc examples and tests.
| author | John Rouillard <rouilj@ieee.org> |
|---|---|
| date | Thu, 14 Mar 2024 19:04:19 -0400 |
| parents | 6f5054751fb6 |
| children | 141225d2981e |
line wrap: on
line source
.. meta:: :description: Information for developers of Roundup. Including directions on checking code from repository, how to run demo mode and execute tests. Code ==== Project history is maintained in `CHANGES.txt <https://sourceforge.net/p/roundup/code/ci/tip/tree/CHANGES.txt>`_ file in code repository of Roundup, which can also be viewed online through SourceForge `web interface <https://sourceforge.net/p/roundup/code/ci/default/tree/>`_. Get sources ----------- Official **read-only access** to Mercurial repository is provided through :: hg clone http://hg.code.sf.net/p/roundup/code roundup **Read/write access** requires SSH password or SSH key authorization (see `SourceForge.net docs for details <https://sourceforge.net/p/forge/documentation/Mercurial/>`_) :: hg clone ssh://USERNAME@hg.code.sf.net/p/roundup/code roundup You also need to be added as a Roundup developer for write access - ask for it on the :doc:`roundup-devel list <contact>`. Run demo -------- Roundup doesn't need any dependencies and works out of the box. Demo is accessible at http://localhost:8917/demo/ by default :: cd roundup python demo.py Execute tests ------------- :: python -m pytest test See repository `README.txt <https://sourceforge.net/p/roundup/code/ci/tip/tree/README.txt>`_ for more info.