adding secrets manager and startup

This commit is contained in:
Andy Pack 2024-01-21 11:12:23 +00:00
parent ac8ea2723a
commit 5f535c0929
Signed by: sarsoo
GPG Key ID: A55BA3536A5E0ED7
5 changed files with 90 additions and 0 deletions

View File

@ -11,5 +11,6 @@
</ItemGroup>
<ItemGroup>
<PackageReference Include="Google.Cloud.Firestore" Version="3.3.0" />
<PackageReference Include="Google.Cloud.SecretManager.V1" Version="2.1.0" />
</ItemGroup>
</Project>

View File

@ -4,12 +4,16 @@ using System.Threading;
using System.Threading.Tasks;
using CloudNative.CloudEvents;
using Google.Cloud.Functions.Framework;
using Google.Cloud.Functions.Hosting;
using Google.Events.Protobuf.Cloud.PubSub.V1;
using Microsoft.AspNetCore.Hosting;
using Microsoft.Extensions.DependencyInjection;
using Microsoft.Extensions.Logging;
using Mixonomer.Fire;
namespace Mixonomer.Func;
[FunctionsStartup(typeof(RunUserPlaylistStartup))]
public class RunUserPlaylist : ICloudEventFunction<MessagePublishedData>
{
private readonly ILogger _logger;
@ -31,3 +35,13 @@ public class RunUserPlaylist : ICloudEventFunction<MessagePublishedData>
_logger.LogInformation($"{user.username} was last refreshed at {user.last_refreshed}");
}
}
public class RunUserPlaylistStartup : FunctionsStartup
{
public override void ConfigureServices(WebHostBuilderContext context, IServiceCollection services)
{
base.ConfigureServices(context, services);
services.AddSecretManagerServiceClient();
}
}

View File

@ -11,4 +11,8 @@
<ProjectReference Include="..\Mixonomer.Fire\Mixonomer.Fire.csproj" />
</ItemGroup>
<ItemGroup>
<PackageReference Include="SpotifyAPI.Web" Version="7.0.2" />
</ItemGroup>
</Project>

View File

@ -0,0 +1,16 @@
namespace Mixonomer.Playlist;
public static class SecretStrings
{
public static Lazy<string> GoogleProject = new(() => Environment.GetEnvironmentVariable("GOOGLE_CLOUD_PROJECT") ??
throw new ArgumentException("no GOOGLE_CLOUD_PROJECT env variable available"));
public static string SPOT_CLIENT_URI => $"projects/{GoogleProject.Value}/secrets/spotify-client/versions/latest";
public static string SPOT_SECRET_URI => $"projects/{GoogleProject.Value}/secrets/spotify-secret/versions/latest";
public static string LASTFM_CLIENT_URI => $"projects/{GoogleProject.Value}/secrets/lastfm-client/versions/latest";
public static string JWT_SECRET_URI => $"projects/{GoogleProject.Value}/secrets/jwt-secret/versions/latest";
public static string COOKIE_SECRET_URI => $"projects/{GoogleProject.Value}/secrets/cookie-secret/versions/latest";
public static string APNS_SIGN_URI => $"projects/{GoogleProject.Value}/secrets/apns-auth-sign-key/versions/1";
public static string STATIC_BUCKET => $"{GoogleProject.Value}-static";
}

View File

@ -0,0 +1,55 @@
using Google.Cloud.SecretManager.V1;
using Mixonomer.Fire;
using SpotifyAPI.Web;
namespace Mixonomer.Playlist;
public class SpotifyNetworkProvider
{
private readonly SecretManagerServiceClient _secretClient;
private readonly UserRepo _userRepo;
public SpotifyNetworkProvider(UserRepo userRepo, SecretManagerServiceClient secretClient)
{
_userRepo = userRepo;
_secretClient = secretClient ?? SecretManagerServiceClient.Create();
}
public async Task<SpotifyClientConfig> GetUserConfig(string username)
{
return await GetUserConfig(await _userRepo.GetUser(username));
}
public async Task<SpotifyClientConfig> GetUserConfig(User user)
{
var spotifyClient = await _secretClient.AccessSecretVersionAsync(SecretStrings.SPOT_CLIENT_URI);
var spotifySecret = await _secretClient.AccessSecretVersionAsync(SecretStrings.SPOT_SECRET_URI);
var spotifyClientStr = spotifyClient.Payload.Data.ToString() ?? throw new ArgumentException("No Spotify Client ID returned");
var spotifySecretStr = spotifySecret.Payload.Data.ToString() ?? throw new ArgumentException("No Spotify Secret ID returned");
var refreshed = await new OAuthClient()
.RequestToken(new AuthorizationCodeRefreshRequest(spotifyClientStr, spotifySecretStr, user.refresh_token));
var authenticator = new AuthorizationCodeAuthenticator(spotifyClientStr, spotifySecretStr, new()
{
AccessToken = refreshed.AccessToken,
TokenType = refreshed.TokenType,
ExpiresIn = refreshed.ExpiresIn,
Scope = refreshed.Scope,
RefreshToken = refreshed.RefreshToken ?? user.refresh_token,
CreatedAt = refreshed.CreatedAt
});
authenticator.TokenRefreshed += (sender, resp) =>
{
};
var config = SpotifyClientConfig
.CreateDefault()
.WithAuthenticator(authenticator);
return config;
}
}