From e45ccb4311f376ce7b669b1ce121070cd9f1bc6d Mon Sep 17 00:00:00 2001
From: Markus Thielen <markus.thielen@basebox.io>
Date: Mon, 5 Jun 2023 14:11:43 +0200
Subject: [PATCH] Added files for PostgreSQL peer auth mode

---
 bbconf/broker-config.toml       |  4 +++-
 bbconf/dbproxy-config-peer.toml | 41 +++++++++++++++++++++++++++++++++
 bbconf/dbproxy-peer.sh          |  5 ++++
 3 files changed, 49 insertions(+), 1 deletion(-)
 create mode 100644 bbconf/dbproxy-config-peer.toml
 create mode 100755 bbconf/dbproxy-peer.sh

diff --git a/bbconf/broker-config.toml b/bbconf/broker-config.toml
index 168c71a..0844c8c 100644
--- a/bbconf/broker-config.toml
+++ b/bbconf/broker-config.toml
@@ -30,7 +30,9 @@ workers = 2
 # Path and file name of TLS certificate (chain) file
 # cert_file = "/path/to/cert.pem"
 
-[oauth2]
+[auth]
+mode = "client"
+
 # OAuth2 client id
 client_id = "5wl8hQV1thh07rScSoJ3aN56ETuXWprg"
 
diff --git a/bbconf/dbproxy-config-peer.toml b/bbconf/dbproxy-config-peer.toml
new file mode 100644
index 0000000..eb9c606
--- /dev/null
+++ b/bbconf/dbproxy-config-peer.toml
@@ -0,0 +1,41 @@
+[generic]
+# log level; can be error, warn, info, debug, trace
+log_level = "trace"
+
+[oidc_config]
+# Incoming ID tokens are validated using, among other, the following fields.
+# Contents of 'iss' field, usually the URL of the authetnication realm
+iss = "https://basebox-test-1.eu.auth0.com/"
+# Access token audience field
+aud = "basebox-todo"
+
+[graphql]
+# path and file name to GraphQL schema file
+schema_file = "todo_schema.graphql"
+# Path and file name of the resolver map file
+resolver_map_file = "bb_todo-resolver.toml"
+# Path and file name of the type map file
+type_map_file = "bb_todo-typemap.json"
+
+[database]
+# Type of database; currently, only "postgres" is suppoerted
+db_type = "postgres"
+
+# Setting just db_name will use PostgreSQL peer authentication mode
+db_name = "bb_todo"
+
+[server]
+# Host name of (this) proxy server
+host = "localhost"
+
+# Port number; default is 80 for http, 443 for https
+port = 8081
+
+# number of HTTP server threads to spawn; default is one per CPU core
+workers = 2
+
+# Path and file name of TLS/SSL key file
+# cert_key_file = "/path/to/key.pem"
+
+# Path and file name of TLS certificate (chain) file
+# cert_file = "/path/to/cert.pem"
diff --git a/bbconf/dbproxy-peer.sh b/bbconf/dbproxy-peer.sh
new file mode 100755
index 0000000..68a1a9d
--- /dev/null
+++ b/bbconf/dbproxy-peer.sh
@@ -0,0 +1,5 @@
+#!/bin/bash
+
+. ./util.sh
+
+bb_run broker -c dbproxy-config-peer.toml