jo-micro
/
auth2
1
1
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
You cannot select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
main
v0.0.1
v0.0.2
v0.0.3
v0.1.0
v0.2.0
v0.3.0
v0.3.1
v0.3.2
v0.3.3
v0.3.4
v0.3.5
v0.4.0
v0.4.1
v0.4.2
v0.4.3
v0.4.4
v0.4.5
v0.4.6
v0.4.7
v0.5.0
v0.5.1
v0.5.2
v0.5.3
v0.5.4
v0.5.5
v0.5.6
v0.5.7
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'b732cadc9b'
${ noResults }
auth2/plugins/router/jwt/jwt.go

123 lines
3.1 KiB
Go
Raw Blame History

package jwt
import (
"context"
"crypto/x509"
"encoding/base64"
"encoding/pem"
"fmt"
"net/http"
"strings"
"github.com/golang-jwt/jwt/v4"
"github.com/urfave/cli/v2"
"go-micro.dev/v4/errors"
"go-micro.dev/v4/metadata"
"jochum.dev/jo-micro/auth2"
"jochum.dev/jo-micro/auth2/shared/sjwt"
"jochum.dev/jo-micro/auth2/shared/sutil"
"jochum.dev/jo-micro/components"
"jochum.dev/jo-micro/logruscomponent"
)
func New() auth2.RouterPlugin {
return new(jwtPlugin)
}
type jwtPlugin struct {
cReg *components.Registry
pubKey any
}
func (p *jwtPlugin) String() string {
return "jwt"
}
func (p *jwtPlugin) Flags(r *components.Registry) []cli.Flag {
return []cli.Flag{
&cli.StringFlag{
Name: "auth2_jwt_pub_key",
Usage: "Public key PEM base64 encoded",
EnvVars: []string{"AUTH2_JWT_PUB_KEY"},
},
}
}
func (p *jwtPlugin) Init(r *components.Registry, cli *cli.Context) error {
p.cReg = r
if len(cli.String("auth2_jwt_pub_key")) < 1 {
return errors.InternalServerError("auth2/plugins/router/jwt.Init:No auth2_jwt_pub_key", "you must provide auth2_jwt_pub_key")
}
aPub, err := base64.StdEncoding.DecodeString(cli.String("auth2_jwt_pub_key"))
if err != nil {
return err
}
block, _ := pem.Decode(aPub)
if block == nil {
return errors.InternalServerError("auth2/plugins/router/jwt.Init:PEM parsing", "failed to parse PEM block containing the key")
}
pub, err := x509.ParsePKIXPublicKey(block.Bytes)
if err != nil {
return err
}
p.pubKey = pub
return nil
}
func (p *jwtPlugin) Stop() error {
return nil
}
func (p *jwtPlugin) Health(ctx context.Context) error {
return nil
}
func (p *jwtPlugin) Inspect(r *http.Request) (*auth2.User, error) {
if _, ok := r.Header["Authorization"]; !ok {
logruscomponent.MustReg(p.cReg).Logger().WithField("headers", r.Header).Debug("empty or no Authorization header in request")
return nil, errors.InternalServerError("auth2/plugins/router/jwt.Inspect", "empty or no Authorization header in request")
}
aTokenString, _, err := sutil.ExtractToken(r.Header["Authorization"][0])
if err != nil {
return nil, err
}
claims := sjwt.JWTClaims{}
_, err = jwt.ParseWithClaims(aTokenString, &claims, func(token *jwt.Token) (interface{}, error) {
return p.pubKey, nil
})
if err != nil {
return nil, err
}
cMD := map[string]string{
"Audience": strings.Join(claims.Audience, ","),
"ExpiresAt": fmt.Sprintf("%d", claims.ExpiresAt),
"IssuedAt": fmt.Sprintf("%d", claims.IssuedAt),
"NotBefore": fmt.Sprintf("%d", claims.NotBefore),
"Subject": claims.Subject,
}
return &auth2.User{Id: claims.ID, Type: claims.Type, Issuer: claims.Issuer, Metadata: cMD, Scopes: claims.Scopes, Roles: claims.Roles}, nil
}
func (p *jwtPlugin) ForwardContext(u *auth2.User, r *http.Request, ctx context.Context) (context.Context, error) {
md := metadata.Metadata{
"Authorization": r.Header.Get("Authorization"),
}
if v := r.Header.Get("X-Forwarded-For"); len(v) > 0 {
md["X-Fowarded-For"] = v
}
logruscomponent.MustReg(p.cReg).Logger().WithField("username", u.Metadata["Subject"]).Trace("Forwarding user")
return metadata.MergeContext(ctx, md, true), nil
}
Reference in New Issue View Git Blame Copy Permalink