mirror of
https://github.com/netbirdio/netbird.git
synced 2026-04-18 08:16:39 +00:00
Jwtclaims package (#242)
* Move JWTClaims logic to its own package * Add extractor tests
This commit is contained in:
Maycon Santos
@@ -3,6 +3,7 @@ package handler
|
||||
import (
|
||||
"encoding/json"
|
||||
"fmt"
|
||||
"github.com/wiretrustee/wiretrustee/management/server/jwtclaims"
|
||||
"net/http"
|
||||
"time"
|
||||
|
||||
@@ -15,7 +16,7 @@ import (
|
||||
type Peers struct {
|
||||
accountManager server.AccountManager
|
||||
authAudience string
|
||||
jwtExtractor JWTClaimsExtractor
|
||||
jwtExtractor jwtclaims.ClaimsExtractor
|
||||
}
|
||||
|
||||
//PeerResponse is a response sent to the client
|
||||
@@ -37,7 +38,7 @@ func NewPeers(accountManager server.AccountManager, authAudience string) *Peers
|
||||
return &Peers{
|
||||
accountManager: accountManager,
|
||||
authAudience: authAudience,
|
||||
jwtExtractor: *NewJWTClaimsExtractor(nil),
|
||||
jwtExtractor: *jwtclaims.NewClaimsExtractor(nil),
|
||||
}
|
||||
}
|
||||
|
||||
@@ -69,7 +70,7 @@ func (h *Peers) deletePeer(accountId string, peer *server.Peer, w http.ResponseW
|
||||
}
|
||||
|
||||
func (h *Peers) getPeerAccount(r *http.Request) (*server.Account, error) {
|
||||
jwtClaims := h.jwtExtractor.extractClaimsFromRequestContext(r, h.authAudience)
|
||||
jwtClaims := h.jwtExtractor.ExtractClaimsFromRequestContext(r, h.authAudience)
|
||||
|
||||
account, err := h.accountManager.GetAccountByUserOrAccountId(jwtClaims.UserId, jwtClaims.AccountId, jwtClaims.Domain)
|
||||
if err != nil {
|
||||
|
||||
@@ -2,6 +2,7 @@ package handler
|
||||
|
||||
import (
|
||||
"encoding/json"
|
||||
"github.com/wiretrustee/wiretrustee/management/server/jwtclaims"
|
||||
"io"
|
||||
"net"
|
||||
"net/http"
|
||||
@@ -27,9 +28,9 @@ func initTestMetaData(peer ...*server.Peer) *Peers {
|
||||
},
|
||||
},
|
||||
authAudience: "",
|
||||
jwtExtractor: JWTClaimsExtractor{
|
||||
extractClaimsFromRequestContext: func(r *http.Request, authAudiance string) JWTClaims {
|
||||
return JWTClaims{
|
||||
jwtExtractor: jwtclaims.ClaimsExtractor{
|
||||
ExtractClaimsFromRequestContext: func(r *http.Request, authAudiance string) jwtclaims.AuthorizationClaims {
|
||||
return jwtclaims.AuthorizationClaims{
|
||||
UserId: "test_user",
|
||||
Domain: "hotmail.com",
|
||||
AccountId: "test_id",
|
||||
|
||||
@@ -3,6 +3,7 @@ package handler
|
||||
import (
|
||||
"encoding/json"
|
||||
"fmt"
|
||||
"github.com/wiretrustee/wiretrustee/management/server/jwtclaims"
|
||||
"net/http"
|
||||
"time"
|
||||
|
||||
@@ -122,8 +123,8 @@ func (h *SetupKeys) createKey(accountId string, w http.ResponseWriter, r *http.R
|
||||
}
|
||||
|
||||
func (h *SetupKeys) getSetupKeyAccount(r *http.Request) (*server.Account, error) {
|
||||
extractor := NewJWTClaimsExtractor(nil)
|
||||
jwtClaims := extractor.extractClaimsFromRequestContext(r, h.authAudience)
|
||||
extractor := jwtclaims.NewClaimsExtractor(nil)
|
||||
jwtClaims := extractor.ExtractClaimsFromRequestContext(r, h.authAudience)
|
||||
|
||||
account, err := h.accountManager.GetAccountByUserOrAccountId(jwtClaims.UserId, jwtClaims.AccountId, jwtClaims.Domain)
|
||||
if err != nil {
|
||||
|
||||
@@ -5,53 +5,8 @@ import (
|
||||
"errors"
|
||||
"net/http"
|
||||
"time"
|
||||
|
||||
"github.com/golang-jwt/jwt"
|
||||
)
|
||||
|
||||
// JWTClaims stores information from JWTs
|
||||
type JWTClaims struct {
|
||||
UserId string
|
||||
AccountId string
|
||||
Domain string
|
||||
}
|
||||
|
||||
type extractJWTClaims func(r *http.Request, authAudiance string) JWTClaims
|
||||
|
||||
type JWTClaimsExtractor struct {
|
||||
extractClaimsFromRequestContext extractJWTClaims
|
||||
}
|
||||
|
||||
// NewJWTClaimsExtractor returns an extractor, and if provided with a function with extractJWTClaims signature,
|
||||
// then it will use that logic. Uses extractClaimsFromRequestContext by default
|
||||
func NewJWTClaimsExtractor(e extractJWTClaims) *JWTClaimsExtractor {
|
||||
var extractFunc extractJWTClaims
|
||||
if extractFunc = e; extractFunc == nil {
|
||||
extractFunc = extractClaimsFromRequestContext
|
||||
}
|
||||
|
||||
return &JWTClaimsExtractor{
|
||||
extractClaimsFromRequestContext: extractFunc,
|
||||
}
|
||||
}
|
||||
|
||||
// extractClaimsFromRequestContext extracts claims from the request context previously filled by the JWT token (after auth)
|
||||
func extractClaimsFromRequestContext(r *http.Request, authAudiance string) JWTClaims {
|
||||
token := r.Context().Value("user").(*jwt.Token)
|
||||
claims := token.Claims.(jwt.MapClaims)
|
||||
jwtClaims := JWTClaims{}
|
||||
jwtClaims.UserId = claims["sub"].(string)
|
||||
accountIdClaim, ok := claims[authAudiance+"wt_account_id"]
|
||||
if ok {
|
||||
jwtClaims.AccountId = accountIdClaim.(string)
|
||||
}
|
||||
domainClaim, ok := claims[authAudiance+"wt_user_domain"]
|
||||
if ok {
|
||||
jwtClaims.Domain = domainClaim.(string)
|
||||
}
|
||||
return jwtClaims
|
||||
}
|
||||
|
||||
//writeJSONObject simply writes object to the HTTP reponse in JSON format
|
||||
func writeJSONObject(w http.ResponseWriter, obj interface{}) {
|
||||
w.WriteHeader(http.StatusOK)
|
||||
|
||||
Reference in New Issue
Block a user