move jwt key generation to startup

2025-08-19 12:18:41 -04:00 · 2025-08-19 12:18:41 -04:00 · d7614f6dfc
commit d7614f6dfc
parent e7f6010ef6
2 changed files with 34 additions and 8 deletions
--- a/Dockerfile.backend
+++ b/Dockerfile.backend
@ -22,14 +22,6 @@ RUN uv run python warm_up_docling.py && rm warm_up_docling.py 2506.08231v1.pdf
 # Copy Python source
 COPY src/ ./src/

-# Generate RSA keys for JWT signing if they don't exist
-RUN mkdir -p keys && \
-    if [ ! -f keys/private_key.pem ]; then \
-        openssl genrsa -out keys/private_key.pem 2048 && \
-        openssl rsa -in keys/private_key.pem -pubout -out keys/public_key.pem && \
-        echo "Generated RSA keys for JWT signing"; \
-    fi
-
 # Expose backend port
 EXPOSE 8000

--- a/src/main.py
+++ b/src/main.py
@ -1,6 +1,8 @@
 import asyncio
 import atexit
 import multiprocessing
+import os
+import subprocess
 from functools import partial
 from starlette.applications import Starlette
 from starlette.routing import Route
@ -88,6 +90,35 @@ async def init_index():
    else:
        print(f"Index '{knowledge_filter_index_name}' already exists, skipping creation.")

+def generate_jwt_keys():
+    """Generate RSA keys for JWT signing if they don't exist"""
+    keys_dir = "keys"
+    private_key_path = os.path.join(keys_dir, "private_key.pem")
+    public_key_path = os.path.join(keys_dir, "public_key.pem")
+    
+    # Create keys directory if it doesn't exist
+    os.makedirs(keys_dir, exist_ok=True)
+    
+    # Generate keys if they don't exist
+    if not os.path.exists(private_key_path):
+        try:
+            # Generate private key
+            subprocess.run([
+                "openssl", "genrsa", "-out", private_key_path, "2048"
+            ], check=True, capture_output=True)
+            
+            # Generate public key
+            subprocess.run([
+                "openssl", "rsa", "-in", private_key_path, "-pubout", "-out", public_key_path
+            ], check=True, capture_output=True)
+            
+            print("Generated RSA keys for JWT signing")
+        except subprocess.CalledProcessError as e:
+            print(f"Failed to generate RSA keys: {e}")
+            raise
+    else:
+        print("RSA keys already exist, skipping generation")
+
 async def init_index_when_ready():
    """Initialize OpenSearch index when it becomes available"""
    try:
@ -100,6 +131,9 @@ async def init_index_when_ready():

 def initialize_services():
    """Initialize all services and their dependencies"""
+    # Generate JWT keys if they don't exist
+    generate_jwt_keys()
+    
    # Initialize clients
    clients.initialize()