Merge pull request #227 from jzelinskie/fixjwt
jwt: add updateKeys method and call in constructor
This commit is contained in:
Jimmy Zelinskie
GitHub
commit
8a71ee793d
2 changed files with 43 additions and 28 deletions
|
|
@ -78,7 +78,11 @@ func (cfg ConfigFile) CreateHooks() (preHooks, postHooks []middleware.Hook, err
|
|||
if err != nil {
|
||||
return nil, nil, errors.New("invalid JWT middleware config: " + err.Error())
|
||||
}
|
||||
preHooks = append(preHooks, jwt.NewHook(jwtCfg))
|
||||
hook, err := jwt.NewHook(jwtCfg)
|
||||
if err != nil {
|
||||
return nil, nil, errors.New("invalid JWT middleware config: " + err.Error())
|
||||
}
|
||||
preHooks = append(preHooks, hook)
|
||||
case "client approval":
|
||||
var caCfg clientapproval.Config
|
||||
err := yaml.Unmarshal(cfgBytes, &caCfg)
|
||||
|
|
|
|||
|
|
@ -50,49 +50,60 @@ type hook struct {
|
|||
}
|
||||
|
||||
// NewHook returns an instance of the JWT middleware.
|
||||
func NewHook(cfg Config) middleware.Hook {
|
||||
func NewHook(cfg Config) (middleware.Hook, error) {
|
||||
h := &hook{
|
||||
cfg: cfg,
|
||||
publicKeys: map[string]crypto.PublicKey{},
|
||||
closing: make(chan struct{}),
|
||||
}
|
||||
|
||||
err := h.updateKeys()
|
||||
if err != nil {
|
||||
return nil, errors.New("failed to update initial JWK Set: " + err.Error())
|
||||
}
|
||||
|
||||
go func() {
|
||||
for {
|
||||
select {
|
||||
case <-h.closing:
|
||||
return
|
||||
case <-time.After(cfg.JWKUpdateInterval):
|
||||
resp, err := http.Get(cfg.JWKSetURL)
|
||||
if err != nil {
|
||||
log.Errorln("failed to fetch JWK Set: " + err.Error())
|
||||
continue
|
||||
}
|
||||
|
||||
parsedJWKs := map[string]gojwk.Key{}
|
||||
err = json.NewDecoder(resp.Body).Decode(&parsedJWKs)
|
||||
if err != nil {
|
||||
resp.Body.Close()
|
||||
log.Errorln("failed to decode JWK JSON: " + err.Error())
|
||||
continue
|
||||
}
|
||||
resp.Body.Close()
|
||||
|
||||
keys := map[string]crypto.PublicKey{}
|
||||
for kid, parsedJWK := range parsedJWKs {
|
||||
publicKey, err := parsedJWK.DecodePublicKey()
|
||||
if err != nil {
|
||||
log.Errorln("failed to decode JWK into public key: " + err.Error())
|
||||
continue
|
||||
}
|
||||
keys[kid] = publicKey
|
||||
}
|
||||
h.publicKeys = keys
|
||||
h.updateKeys()
|
||||
}
|
||||
}
|
||||
}()
|
||||
|
||||
return h
|
||||
return h, nil
|
||||
}
|
||||
|
||||
func (h *hook) updateKeys() error {
|
||||
resp, err := http.Get(h.cfg.JWKSetURL)
|
||||
if err != nil {
|
||||
log.Errorln("failed to fetch JWK Set: " + err.Error())
|
||||
return err
|
||||
}
|
||||
|
||||
parsedJWKs := map[string]gojwk.Key{}
|
||||
err = json.NewDecoder(resp.Body).Decode(&parsedJWKs)
|
||||
if err != nil {
|
||||
resp.Body.Close()
|
||||
log.Errorln("failed to decode JWK JSON: " + err.Error())
|
||||
return err
|
||||
}
|
||||
resp.Body.Close()
|
||||
|
||||
keys := map[string]crypto.PublicKey{}
|
||||
for kid, parsedJWK := range parsedJWKs {
|
||||
publicKey, err := parsedJWK.DecodePublicKey()
|
||||
if err != nil {
|
||||
log.Errorln("failed to decode JWK into public key: " + err.Error())
|
||||
return err
|
||||
}
|
||||
keys[kid] = publicKey
|
||||
}
|
||||
h.publicKeys = keys
|
||||
|
||||
return nil
|
||||
}
|
||||
|
||||
func (h *hook) Stop() <-chan error {
|
||||
|
|
|
|||
Loading…
Reference in a new issue