Ver Fonte

feat: enable JWT auth from a header (#547)

Noah Perks Sloan há 1 ano atrás
pai
commit
8865331da2

+ 1 - 0
service/internal/config/config.go

@@ -107,6 +107,7 @@ type Config struct {
 	ShowNewVersions                 bool
 	EnableCustomJs                  bool
 	AuthJwtCookieName               string
+	AuthJwtHeader                   string
 	AuthJwtAud                      string
 	AuthJwtDomain                   string
 	AuthJwtCertsURL                 string

+ 7 - 0
service/internal/httpservers/restapi.go

@@ -9,6 +9,7 @@ import (
 	"google.golang.org/protobuf/encoding/protojson"
 	"google.golang.org/protobuf/reflect/protoreflect"
 	"net/http"
+	"strings"
 
 	apiv1 "github.com/OliveTin/OliveTin/gen/grpc/olivetin/api/v1"
 
@@ -53,6 +54,12 @@ func parseRequestMetadata(ctx context.Context, req *http.Request) metadata.MD {
 	provider := "unknown"
 	sid := ""
 
+	if cfg.AuthJwtHeader != "" {
+		// JWTs in the Authorization header are usually prefixed with "Bearer " which is not part of the JWT token.
+		username, usergroup = parseJwt(strings.TrimPrefix(req.Header.Get(cfg.AuthJwtHeader), "Bearer "))
+		provider = "jwt-header"
+	}
+
 	if cfg.AuthJwtCookieName != "" {
 		username, usergroup = parseJwtCookie(req)
 		provider = "jwt-cookie"

+ 5 - 1
service/internal/httpservers/restapi_auth_jwt.go

@@ -137,7 +137,11 @@ func parseJwtCookie(request *http.Request) (string, string) {
 		return "", ""
 	}
 
-	claims, err := getClaimsFromJwtToken(cookie.Value)
+	return parseJwt(cookie.Value)
+}
+
+func parseJwt(token string) (string, string) {
+	claims, err := getClaimsFromJwtToken(token)
 
 	if err != nil {
 		log.Warnf("jwt claim error: %+v", err)