refactor: initial commit for major rewrite
This commit is contained in:
parent
3253cb8bbb
commit
bfd83f35a3
GPG key ID:
0430CDBE22619155
45 changed files with 439 additions and 1733 deletions
101
pkg/auth.go
101
pkg/auth.go
|
|
@ -1,101 +0,0 @@
|
|||
package configurator
|
||||
|
||||
import (
|
||||
"context"
|
||||
"encoding/json"
|
||||
"fmt"
|
||||
"net/http"
|
||||
"slices"
|
||||
|
||||
"github.com/OpenCHAMI/jwtauth/v5"
|
||||
"github.com/lestrrat-go/jwx/v2/jwk"
|
||||
)
|
||||
|
||||
func VerifyScope(testScopes []string, r *http.Request) (bool, error) {
|
||||
// extract the scopes from JWT
|
||||
var scopes []string
|
||||
_, claims, err := jwtauth.FromContext(r.Context())
|
||||
if err != nil {
|
||||
return false, fmt.Errorf("failed to get claim(s) from token: %v", err)
|
||||
}
|
||||
|
||||
appendScopes := func(slice []string, scopeClaim any) []string {
|
||||
switch scopeClaim.(type) {
|
||||
case []any:
|
||||
// convert all scopes to str and append
|
||||
for _, s := range scopeClaim.([]any) {
|
||||
switch s.(type) {
|
||||
case string:
|
||||
slice = append(slice, s.(string))
|
||||
}
|
||||
}
|
||||
case []string:
|
||||
slice = append(slice, scopeClaim.([]string)...)
|
||||
}
|
||||
return slice
|
||||
}
|
||||
|
||||
// check for and append both "scp" and "scope" claims
|
||||
v, ok := claims["scp"]
|
||||
if ok {
|
||||
scopes = appendScopes(scopes, v)
|
||||
}
|
||||
v, ok = claims["scope"]
|
||||
if ok {
|
||||
scopes = appendScopes(scopes, v)
|
||||
}
|
||||
|
||||
// check for both 'scp' and 'scope' claims for scope
|
||||
scopeClaim, ok := claims["scp"]
|
||||
if ok {
|
||||
switch scopeClaim.(type) {
|
||||
case []any:
|
||||
// convert all scopes to str and append
|
||||
for _, s := range scopeClaim.([]any) {
|
||||
switch s.(type) {
|
||||
case string:
|
||||
scopes = append(scopes, s.(string))
|
||||
}
|
||||
}
|
||||
case []string:
|
||||
scopes = append(scopes, scopeClaim.([]string)...)
|
||||
}
|
||||
}
|
||||
scopeClaim, ok = claims["scope"]
|
||||
if ok {
|
||||
scopes = append(scopes, scopeClaim.([]string)...)
|
||||
}
|
||||
|
||||
// verify that each of the test scopes are included
|
||||
for _, testScope := range testScopes {
|
||||
index := slices.Index(scopes, testScope)
|
||||
if index < 0 {
|
||||
return false, fmt.Errorf("invalid or missing scope")
|
||||
}
|
||||
}
|
||||
// NOTE: should this be ok if no scopes were found?
|
||||
return true, nil
|
||||
}
|
||||
|
||||
func FetchPublicKeyFromURL(url string) (*jwtauth.JWTAuth, error) {
|
||||
ctx, cancel := context.WithCancel(context.Background())
|
||||
defer cancel()
|
||||
set, err := jwk.Fetch(ctx, url)
|
||||
if err != nil {
|
||||
return nil, fmt.Errorf("%v", err)
|
||||
}
|
||||
jwks, err := json.Marshal(set)
|
||||
if err != nil {
|
||||
return nil, fmt.Errorf("failed to marshal JWKS: %v", err)
|
||||
}
|
||||
tokenAuth, err := jwtauth.NewKeySet(jwks)
|
||||
if err != nil {
|
||||
return nil, fmt.Errorf("failed to initialize JWKS: %v", err)
|
||||
}
|
||||
|
||||
return tokenAuth, nil
|
||||
}
|
||||
|
||||
func LoadAccessToken() {
|
||||
|
||||
}
|
||||
Loading…
Add table
Add a link
Reference in a new issue