![Maven Central Adds Sigstore Signature Validation](https://cdn.sanity.io/images/cgdhsj6q/production/7da3bc8a946cfb5df15d7fcf49767faedc72b483-1024x1024.webp?w=400&fit=max&auto=format)
Security News
Maven Central Adds Sigstore Signature Validation
Maven Central now validates Sigstore signatures, making it easier for developers to verify the provenance of Java packages.
github.com/baozhenglab/oauth-service
OAuth service is an service for authentication and authorization, use for all 200lab project
Clone the project to your favorite folder
Note: Please use go mod. If you're using go 1.11 or above, it supports go mod as default.
GO111MODULE=on // actually we don't need it
git clone github.com/200lab/oauth-service.git YOUR_FOLDER_PATH
cd YOUR_FOLDER_PATH
Use one of following ways to start the services:
chmod +x start-in-docker.sh
./start-in-docker.sh
In case we don't want to re-build project:
./start-in-docker.sh nobuild
Two services will be started: OAuth (port 3000
) and Mongodb (port 27017
)
docker run -d --name mongo \
-e MONGODB_USERNAME=oauth \
-e MONGODB_PASSWORD=AuidwEyf776GG2S \
-e MONGODB_DATABASE=oauth \
-e MONGODB_ROOT_PASSWORD=200Lab2019! \
-p 27017:27017 \
bitnami/mongodb
go build -o app
./app
Run with remote mongodb, easy to setup development env
go build -o app
MDB_MGO_URI="mongodb://oauth:AuidwEyf776GG2S@dev.db.200lab.io:27017/oauth_dev" ./app
Here we need to start one more service to run as a client in OAuth2 Protocol
cd YOUR_FOLDER_PATH/oauth2/fosite-example
go build -o client
./client
A browser will be open automatically at port 3846
.
Two either way to show all environment:
./app outenv
docker run --rm oauth-service_app outenv
The result will look like
## gin mode (-gin-mode)
#GIN_MODE=
## disable default gin logger middleware (-gin-no-logger)
#GIN_NO_LOGGER=
## gin server Port. If 0 => get a random Port (-ginPort)
#GINPORT=3000
## gin server bind address (-ginaddr)
#GINADDR=
## init client id for oauth (-init-client-id)
#INIT_CLIENT_ID="200lab"
## init client secret for oauth (-init-client-secret)
#INIT_CLIENT_SECRET="secret-cannot-tell"
## init root password for client oauth (-init-root-password)
#INIT_ROOT_PASSWORD="Admin@2019"
## init root username for client oauth (-init-root-username)
#INIT_ROOT_USERNAME="admin"
## Log level: panic | fatal | error | warn | info | debug | trace (-log-level)
#LOG_LEVEL="debug"
## MongoDB ping check interval (-mdb-mgo-ping-interval)
#MDB_MGO_PING_INTERVAL=5
## MongoDB connection-string. Ex: mongodb://... (-mdb-mgo-uri)
#MDB_MGO_URI=
## oauth system secret key (-secret)
#SECRET="mrFPTI7EYOzt8CbcQVcUo2rIoLg97HI2"
FAQs
Unknown package
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Maven Central now validates Sigstore signatures, making it easier for developers to verify the provenance of Java packages.
Security News
CISOs are racing to adopt AI for cybersecurity, but hurdles in budgets and governance may leave some falling behind in the fight against cyber threats.
Research
Security News
Socket researchers uncovered a backdoored typosquat of BoltDB in the Go ecosystem, exploiting Go Module Proxy caching to persist undetected for years.