load private key from init

server/server.go

@@ -74,13 +74,8 @@
 }
 
 func newServer(userSvc handlers.UserService, patSvc handlers.PersonalAccessTokenService, handler ...handlers.Handler) *server.Server {
-	key, err := jwt.LoadPrivateKey()
-	if err != nil {
-		log.Panic().Err(err).Msg("failed loading private key")
-	}
-
 	jwtConfig := jwtMw.Config{
-		Key:             key,
+		Key:             jwt.PrivateKey,
 		UseRefreshToken: true,
 		ExemptRoutes: map[string][]string{
 			"/":                       {http.MethodGet},
@@ -90,7 +85,6 @@
 			"/openapi/*":              {http.MethodGet},
 			"/auth/login":             {http.MethodPost},
 			"/auth/signup":            {http.MethodPost},
-			"/google":                 {http.MethodGet},
 			"/oauth2/google/callback": {http.MethodGet},
 			"/oauth2/google/login":    {http.MethodGet},
 		},
@@ -161,6 +155,7 @@
 				}
 			}
 
+			// set token_id globally
 			log.Logger = log.Logger.With().Str("token_id", t.Subject()).Logger()
 
 			return nil
@@ -169,7 +164,7 @@
 
 	enforcer, err := casbin.NewEnforcer(viper.GetString(config.CasbinModel), viper.GetString(config.CasbinPolicy))
 	if err != nil {
-		panic(err)
+		log.Panic().Err(err).Msg("failed creating enforcer")
 	}
 
 	openAPIConfig := openapiMw.Config{
@@ -180,7 +175,6 @@
 			"/livez":                  {http.MethodGet},
 			"/docs":                   {http.MethodGet},
 			"/openapi/*":              {http.MethodGet},
-			"/google":                 {http.MethodGet},
 			"/oauth2/google/callback": {http.MethodGet},
 			"/oauth2/google/login":    {http.MethodGet},
 		},

util/jwt/jwt.go

@@ -16,6 +16,19 @@
 	"github.com/alexferl/echo-boilerplate/config"
 )
 
+var PrivateKey *rsa.PrivateKey = nil
+
+func init() {
+	c := config.New()
+	c.BindFlags()
+
+	key, err := loadPrivateKey()
+	if err != nil {
+		panic(err)
+	}
+	PrivateKey = key
+}
+
 type Type int8
 
 const (
@@ -57,11 +70,6 @@
 }
 
 func generateToken(typ Type, expiry time.Duration, sub string, claims map[string]any) ([]byte, error) {
-	key, err := LoadPrivateKey()
-	if err != nil {
-		return nil, err
-	}
-
 	builder := jwx.NewBuilder().
 		Subject(sub).
 		Issuer(viper.GetString(config.JWTIssuer)).
@@ -81,7 +89,7 @@
 		return nil, fmt.Errorf("failed to build %s token: %v\n", typ.String(), err)
 	}
 
-	signed, err := jwx.Sign(token, jwx.WithKey(jwa.RS256, key))
+	signed, err := jwx.Sign(token, jwx.WithKey(jwa.RS256, PrivateKey))
 	if err != nil {
 		return nil, fmt.Errorf("failed to sign %s token: %v\n", typ.String(), err)
 	}
@@ -90,20 +98,15 @@
 }
 
 func ParseEncoded(encodedToken []byte) (jwx.Token, error) {
-	key, err := LoadPrivateKey()
-	if err != nil {
-		return nil, err
-	}
-
-	token, err := jwx.Parse(encodedToken, jwx.WithValidate(true), jwx.WithKey(jwa.RS256, key))
+	token, err := jwx.Parse(encodedToken, jwx.WithValidate(true), jwx.WithKey(jwa.RS256, PrivateKey))
 	if err != nil {
 		return nil, err
 	}
 
 	return token, nil
 }
 
-func LoadPrivateKey() (*rsa.PrivateKey, error) {
+func loadPrivateKey() (*rsa.PrivateKey, error) {
 	f, err := os.Open(viper.GetString(config.JWTPrivateKey))
 	if err != nil {
 		return nil, fmt.Errorf("failed to open private key: %v", err)