jwt: add initial jwt update
This also changes the signature of the constructor to return an error.
This commit is contained in:
Jimmy Zelinskie
parent
7f7f2726b4
commit
46bd349a23
2 changed files with 18 additions and 8 deletions
|
|
@ -78,7 +78,11 @@ func (cfg ConfigFile) CreateHooks() (preHooks, postHooks []middleware.Hook, err
|
|||
if err != nil {
|
||||
return nil, nil, errors.New("invalid JWT middleware config: " + err.Error())
|
||||
}
|
||||
preHooks = append(preHooks, jwt.NewHook(jwtCfg))
|
||||
hook, err := jwt.NewHook(jwtCfg)
|
||||
if err != nil {
|
||||
return nil, nil, errors.New("invalid JWT middleware config: " + err.Error())
|
||||
}
|
||||
preHooks = append(preHooks, hook)
|
||||
case "client approval":
|
||||
var caCfg clientapproval.Config
|
||||
err := yaml.Unmarshal(cfgBytes, &caCfg)
|
||||
|
|
|
|||
|
|
@ -50,14 +50,18 @@ type hook struct {
|
|||
}
|
||||
|
||||
// NewHook returns an instance of the JWT middleware.
|
||||
func NewHook(cfg Config) middleware.Hook {
|
||||
func NewHook(cfg Config) (middleware.Hook, error) {
|
||||
h := &hook{
|
||||
cfg: cfg,
|
||||
publicKeys: map[string]crypto.PublicKey{},
|
||||
closing: make(chan struct{}),
|
||||
}
|
||||
|
||||
h.updateKeys()
|
||||
err := h.updateKeys()
|
||||
if err != nil {
|
||||
return nil, errors.New("failed to update initial JWK Set: " + err.Error())
|
||||
}
|
||||
|
||||
go func() {
|
||||
for {
|
||||
select {
|
||||
|
|
@ -69,14 +73,14 @@ func NewHook(cfg Config) middleware.Hook {
|
|||
}
|
||||
}()
|
||||
|
||||
return h
|
||||
return h, nil
|
||||
}
|
||||
|
||||
func (h *hook) updateKeys() {
|
||||
func (h *hook) updateKeys() error {
|
||||
resp, err := http.Get(h.cfg.JWKSetURL)
|
||||
if err != nil {
|
||||
log.Errorln("failed to fetch JWK Set: " + err.Error())
|
||||
return
|
||||
return err
|
||||
}
|
||||
|
||||
parsedJWKs := map[string]gojwk.Key{}
|
||||
|
|
@ -84,7 +88,7 @@ func (h *hook) updateKeys() {
|
|||
if err != nil {
|
||||
resp.Body.Close()
|
||||
log.Errorln("failed to decode JWK JSON: " + err.Error())
|
||||
return
|
||||
return err
|
||||
}
|
||||
resp.Body.Close()
|
||||
|
||||
|
|
@ -93,11 +97,13 @@ func (h *hook) updateKeys() {
|
|||
publicKey, err := parsedJWK.DecodePublicKey()
|
||||
if err != nil {
|
||||
log.Errorln("failed to decode JWK into public key: " + err.Error())
|
||||
return
|
||||
return err
|
||||
}
|
||||
keys[kid] = publicKey
|
||||
}
|
||||
h.publicKeys = keys
|
||||
|
||||
return nil
|
||||
}
|
||||
|
||||
func (h *hook) Stop() <-chan error {
|
||||
|
|
|
|||
Loading…
Reference in a new issue