move signup/secret to backend/secret

backend/api/signup/signup.go

@@ -10,8 +10,8 @@ import (
 	"github.com/aws/aws-sdk-go-v2/service/ses"
 	"github.com/aws/aws-sdk-go-v2/service/ses/types"
 	"github.com/mantil-io/mantil.go"
+	"github.com/mantil-io/mantil/backend/secret"
 	"github.com/mantil-io/mantil/signup"
-	"github.com/mantil-io/mantil/signup/secret"
 	"github.com/mantil-io/mantil/texts"
 )
 

signup/secret/secret_test.go → backend/secret/secret_test.go

@@ -3,8 +3,9 @@ package secret_test
 import (
 	"testing"
 
+	"github.com/mantil-io/mantil/backend/secret"
+	cliSecret "github.com/mantil-io/mantil/cli/secret"
 	"github.com/mantil-io/mantil/signup"
-	"github.com/mantil-io/mantil/signup/secret"
 	"github.com/stretchr/testify/require"
 )
 
@@ -19,7 +20,7 @@ func TestEncode(t *testing.T) {
 	t.Logf("token: %s", tkn)
 	require.NoError(t, err)
 
-	ut2, err := signup.Decode(tkn)
+	ut2, err := signup.Decode(tkn, cliSecret.SignupPublicKey)
 	require.NoError(t, err)
 	require.Equal(t, ut.ID, ut2.ID)
 	require.Equal(t, ut.Email, ut2.Email)

backend/test/register_test.go

@@ -5,6 +5,7 @@ import (
 	"testing"
 
 	"github.com/gavv/httpexpect"
+	"github.com/mantil-io/mantil/cli/secret"
 	"github.com/mantil-io/mantil/domain"
 	"github.com/mantil-io/mantil/signup"
 	"github.com/stretchr/testify/require"
@@ -35,7 +36,7 @@ func TestSignup(t *testing.T) {
 		Status(http.StatusOK).
 		Text().Raw()
 
-	tc, err := signup.Decode(jwt)
+	tc, err := signup.Decode(jwt, secret.SignupPublicKey)
 	require.NoError(t, err)
 
 	t.Logf("jwt: %s", jwt)

cli/controller/report.go

@@ -12,6 +12,7 @@ import (
 	"github.com/manifoldco/promptui"
 	"github.com/mantil-io/mantil/backend/dto"
 	"github.com/mantil-io/mantil/cli/log"
+	"github.com/mantil-io/mantil/cli/secret"
 	"github.com/mantil-io/mantil/cli/ui"
 	"github.com/mantil-io/mantil/domain"
 	"github.com/mantil-io/mantil/signup"
@@ -71,7 +72,7 @@ func userID() (string, error) {
 	if err != nil {
 		return "", log.Wrap(err)
 	}
-	claims, err := signup.Decode(token)
+	claims, err := signup.Decode(token, secret.SignupPublicKey)
 	if err != nil {
 		return "", log.Wrap(err)
 	}

cli/controller/signup.go

@@ -6,6 +6,7 @@ import (
 
 	"github.com/manifoldco/promptui"
 	"github.com/mantil-io/mantil/cli/log"
+	"github.com/mantil-io/mantil/cli/secret"
 	"github.com/mantil-io/mantil/cli/ui"
 	"github.com/mantil-io/mantil/domain"
 	"github.com/mantil-io/mantil/signup"
@@ -36,7 +37,7 @@ func Activate(id string) error {
 	if err := signupEndpoint.Call("activate", ar, &jwt); err != nil {
 		return log.Wrap(err)
 	}
-	claims, err := signup.Validate(jwt, machineID)
+	claims, err := signup.Validate(jwt, secret.SignupPublicKey, machineID)
 	if err != nil {
 		return log.Wrap(err)
 	}
@@ -55,7 +56,7 @@ func IsActivated() bool {
 		log.Error(err)
 		return false
 	}
-	claims, err := signup.Validate(jwt, domain.MachineID())
+	claims, err := signup.Validate(jwt, secret.SignupPublicKey, domain.MachineID())
 	if err != nil {
 		log.Error(err)
 		return false

cli/secret/secret.go

@@ -24,3 +24,6 @@ var LogsPublisherCreds string
 // nsc add user -n logs-listener --allow-sub '_INBOX.>' --deny-pub '*'
 //go:embed logs-listener.creds
 var LogsListenerCreds string
+
+//go:embed signup_public_key
+var SignupPublicKey string

end_to_end_test.go

@@ -9,10 +9,10 @@ import (
 
 	"github.com/mantil-io/mantil.go/logs"
 	"github.com/mantil-io/mantil/aws"
+	"github.com/mantil-io/mantil/backend/secret"
 	"github.com/mantil-io/mantil/cli/controller/invoke"
 	"github.com/mantil-io/mantil/domain"
 	"github.com/mantil-io/mantil/kit/shell"
-	"github.com/mantil-io/mantil/signup/secret"
 	"github.com/stretchr/testify/require"
 )
 

signup/signup.go

@@ -12,9 +12,6 @@ import (
 	"github.com/mantil-io/mantil/kit/token"
 )
 
-//go:embed public_key
-var publicKey string
-
 // TokenClaims content of the user token
 type TokenClaims struct {
 	ID        string `json:"id,omitempty"`
@@ -25,14 +22,14 @@ type TokenClaims struct {
 
 // Decode jwt token string to claims.
 // Fails if jwt is not signed by proper private key.
-func Decode(jwt string) (TokenClaims, error) {
+func Decode(jwt, publicKey string) (TokenClaims, error) {
 	var ut TokenClaims
 	err := token.Decode(jwt, publicKey, &ut)
 	return ut, err
 }
 
 // Validate returns true if jwt is valid for that machine
-func Validate(jwt, machineID string) (*TokenClaims, error) {
+func Validate(jwt, publicKey, machineID string) (*TokenClaims, error) {
 	jwt = strings.TrimSpace(jwt)
 	var ut TokenClaims
 	err := token.Decode(jwt, publicKey, &ut)