From 48fdbbf1c22ff9a02dc57348a68ab22fa87215ab Mon Sep 17 00:00:00 2001 From: cant-code Date: Sun, 14 Apr 2024 15:31:28 +0530 Subject: [PATCH] Fetch jwk and issuer from well-known configs --- internal/auth/authMiddleware.go | 44 ++++++++++++++++++++++++++++++--- internal/auth/jwkFetcher.go | 2 +- internal/auth/tokenHandler.go | 2 +- 3 files changed, 42 insertions(+), 6 deletions(-) diff --git a/internal/auth/authMiddleware.go b/internal/auth/authMiddleware.go index 7413874..1d29afd 100644 --- a/internal/auth/authMiddleware.go +++ b/internal/auth/authMiddleware.go @@ -2,6 +2,9 @@ package auth import ( "crypto/rsa" + "encoding/json" + "fmt" + "io" "log" "net/http" "yt-clone-video-processing/internal/configurations" @@ -12,18 +15,51 @@ type IMiddleware interface { jwtMiddleware() func(http.Handler) http.Handler } +type openIdConfig struct { + Issuer string `json:"issuer"` + Jwks string `json:"jwks_uri"` +} + type middlewareConfig struct { - Auth configurations.Auth - JWKSet map[string]*rsa.PublicKey + OpenIdConfig *openIdConfig + JWKSet map[string]*rsa.PublicKey } +const wellKnownConfigs = "/.well-known/openid-configuration" + func HandleJwtAuthMiddleware(auth *configurations.Auth) func(http.Handler) http.Handler { - middleware := IMiddleware(&middlewareConfig{Auth: *auth}) + openIdConfig, err := getOpenIdConfigs(auth) + if err != nil { + log.Println("Error getting openid configs: ", err) + } + + middleware := IMiddleware(&middlewareConfig{OpenIdConfig: openIdConfig}) - err := middleware.getJWKSet() + err = middleware.getJWKSet() if err != nil { log.Printf("Error fetching jwk-sets: %v\n", err) } return middleware.jwtMiddleware() } + +func getOpenIdConfigs(auth *configurations.Auth) (*openIdConfig, error) { + response, err := http.Get(auth.Url + wellKnownConfigs) + if err != nil { + return nil, fmt.Errorf("error making GET request: %v", err) + } + defer func(Body io.ReadCloser) { + err := Body.Close() + if err != nil { + log.Println("Error closing body:", err) + } + }(response.Body) + + var openIdConfig openIdConfig + decoder := json.NewDecoder(response.Body) + if err := decoder.Decode(&openIdConfig); err != nil { + return nil, fmt.Errorf("error decoding JSON: %v", err) + } + + return &openIdConfig, nil +} diff --git a/internal/auth/jwkFetcher.go b/internal/auth/jwkFetcher.go index c066058..af660d1 100644 --- a/internal/auth/jwkFetcher.go +++ b/internal/auth/jwkFetcher.go @@ -14,7 +14,7 @@ import ( func (config *middlewareConfig) getJWKSet() error { // Make the GET request - response, err := http.Get(config.Auth.Url + "/protocol/openid-connect/certs") + response, err := http.Get(config.OpenIdConfig.Jwks) if err != nil { return fmt.Errorf("error making GET request: %v", err) } diff --git a/internal/auth/tokenHandler.go b/internal/auth/tokenHandler.go index 1ab1a91..e2a26f1 100644 --- a/internal/auth/tokenHandler.go +++ b/internal/auth/tokenHandler.go @@ -28,7 +28,7 @@ func (config *middlewareConfig) jwtMiddleware() func(http.Handler) http.Handler } issuer, err := token.Claims.GetIssuer() - if err != nil || issuer != config.Auth.Url { + if err != nil || issuer != config.OpenIdConfig.Issuer { log.Println("error validating issuer:", err) http.Error(w, "", http.StatusUnauthorized) return