DeveloperDurp/DurpAPI
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

update

Browse Source
This commit is contained in:
DeveloperDurp
2023-08-09 19:16:56 -05:00
parent dc6a948405
commit e508310ece
1 changed files with 65 additions and 79 deletions
Download Patch File Download Diff File Expand all files Collapse all files

144
main.go
View File

@@ -81,98 +81,85 @@ func main() {
func authMiddleware(allowedGroups []string) gin.HandlerFunc { func authMiddleware(allowedGroups []string) gin.HandlerFunc {
return func(c *gin.Context) { return func(c *gin.Context) {
var groups []string var groups []string
var JwksURL = os.Getenv("jwksurl") JwksURL := os.Getenv("jwksurl")
tokenString := c.GetHeader("Authorization") tokenString := c.GetHeader("Authorization")
if tokenString != "" { if tokenString != "" {
tokenString = strings.TrimPrefix(tokenString, "Bearer ") tokenString = strings.TrimPrefix(tokenString, "Bearer ")
} else {
tokenString = c.GetHeader("X-authentik-jwt")
}
ctx, cancel := context.WithCancel(context.Background()) if tokenString == "" {
c.AbortWithStatusJSON(http.StatusUnauthorized, gin.H{
"message": "No Token in header",
})
return
}
options := keyfunc.Options{ ctx, cancel := context.WithCancel(context.Background())
Ctx: ctx,
RefreshErrorHandler: func(err error) {
log.Printf("There was an error with the jwt.Keyfunc\nError: %s", err.Error())
},
RefreshInterval: time.Hour,
RefreshRateLimit: time.Minute * 5,
RefreshTimeout: time.Second * 10,
RefreshUnknownKID: true,
}
jwks, err := keyfunc.Get(JwksURL, options) options := keyfunc.Options{
if err != nil { Ctx: ctx,
c.AbortWithStatusJSON(http.StatusUnauthorized, gin.H{ RefreshErrorHandler: func(err error) {
"message": "Failed to create JWKS: " + err.Error(), log.Printf("There was an error with the jwt.Keyfunc\nError: %s", err.Error())
}) },
cancel() RefreshInterval: time.Hour,
jwks.EndBackground() RefreshRateLimit: time.Minute * 5,
return RefreshTimeout: time.Second * 10,
} RefreshUnknownKID: true,
}
token, err := jwt.Parse(tokenString, jwks.Keyfunc)
if err != nil {
c.AbortWithStatusJSON(http.StatusUnauthorized, gin.H{
"message": err.Error(),
})
cancel()
jwks.EndBackground()
return
}
if !token.Valid {
c.AbortWithStatusJSON(http.StatusUnauthorized, gin.H{
"message": "Invalid Token: " + err.Error(),
})
cancel()
jwks.EndBackground()
return
}
jwks, err := keyfunc.Get(JwksURL, options)
if err != nil {
c.AbortWithStatusJSON(http.StatusUnauthorized, gin.H{
"message": "Failed to create JWKS: " + err.Error(),
})
cancel() cancel()
jwks.EndBackground() jwks.EndBackground()
return
}
claims, ok := token.Claims.(jwt.MapClaims) token, err := jwt.Parse(tokenString, jwks.Keyfunc)
if !ok { if err != nil {
c.AbortWithStatusJSON(http.StatusUnauthorized, gin.H{ c.AbortWithStatusJSON(http.StatusUnauthorized, gin.H{
"message": "Invalid authorization token claims", "message": err.Error(),
}) })
return cancel()
} jwks.EndBackground()
return
}
groupsClaim, ok := claims["groups"].([]interface{}) if !token.Valid {
if !ok { c.AbortWithStatusJSON(http.StatusUnauthorized, gin.H{
c.AbortWithStatusJSON(http.StatusUnauthorized, gin.H{ "message": "Invalid Token: " + err.Error(),
"message": "Missing or invalid groups claim in the authorization token", })
}) cancel()
return jwks.EndBackground()
} return
}
for _, group := range groupsClaim { cancel()
if groupName, ok := group.(string); ok { jwks.EndBackground()
groups = append(groups, groupName)
}
}
} else {
if groupsenv != "" {
groups = strings.Split(groupsenv, ",")
} else {
groupsHeader := c.GetHeader("X-Authentik-Groups")
requestHeaders := c.Request.Header claims, ok := token.Claims.(jwt.MapClaims)
for key, values := range requestHeaders { if !ok {
for _, value := range values { c.AbortWithStatusJSON(http.StatusUnauthorized, gin.H{
println(key + ": " + value) "message": "Invalid authorization token claims",
} })
} return
}
// Dump response headers groupsClaim, ok := claims["groups"].([]interface{})
responseHeaders := c.Writer.Header() if !ok {
for key, values := range responseHeaders { c.AbortWithStatusJSON(http.StatusUnauthorized, gin.H{
for _, value := range values { "message": "Missing or invalid groups claim in the authorization token",
println(key + ": " + value) })
} return
} }
groups = strings.Split(groupsHeader, "|")
for _, group := range groupsClaim {
if groupName, ok := group.(string); ok {
groups = append(groups, groupName)
} }
} }
@@ -197,7 +184,6 @@ func authMiddleware(allowedGroups []string) gin.HandlerFunc {
return return
} }
// Call the next handler
c.Next() c.Next()
} }
} }