Forward For WS
This commit is contained in:
@@ -1,10 +1,13 @@
|
||||
package claims
|
||||
|
||||
import (
|
||||
"fmt"
|
||||
"oc-auth/conf"
|
||||
"reflect"
|
||||
"strings"
|
||||
|
||||
"cloud.o-forge.io/core/oc-lib/models/peer"
|
||||
"github.com/google/go-cmp/cmp"
|
||||
)
|
||||
|
||||
// ClaimService builds and verifies OAuth2 session claims
|
||||
@@ -14,7 +17,7 @@ type ClaimService interface {
|
||||
BuildConsentSession(clientID string, userId string, peer *peer.Peer) Claims
|
||||
|
||||
// DecodeClaimsInToken verifies permissions from claims extracted from a JWT
|
||||
DecodeClaimsInToken(host string, method string, forward string, sessionClaims Claims, publicKey string, external bool) (bool, error)
|
||||
DecodeClaimsInToken(host string, method string, forward string, sessionClaims Claims, publicKey string, external bool) (bool, string, error)
|
||||
}
|
||||
|
||||
// SessionClaims contains access_token and id_token claim maps
|
||||
@@ -32,6 +35,88 @@ var t = map[string]ClaimService{
|
||||
"hydra": HydraClaims{},
|
||||
}
|
||||
|
||||
func cleanMap(m map[string]interface{}) map[string]interface{} {
|
||||
if m == nil {
|
||||
return map[string]interface{}{}
|
||||
}
|
||||
|
||||
ignored := map[string]bool{
|
||||
"exp": true,
|
||||
"iat": true,
|
||||
"nbf": true,
|
||||
}
|
||||
|
||||
out := make(map[string]interface{})
|
||||
|
||||
for k, v := range m {
|
||||
if ignored[k] {
|
||||
continue
|
||||
}
|
||||
|
||||
switch val := v.(type) {
|
||||
case map[string]interface{}:
|
||||
out[k] = cleanMap(val)
|
||||
default:
|
||||
out[k] = val
|
||||
}
|
||||
}
|
||||
|
||||
return out
|
||||
}
|
||||
|
||||
func (c *Claims) EqualExt(ext map[string]interface{}) bool {
|
||||
claims := &Claims{}
|
||||
claims.SessionFromExt(ext)
|
||||
|
||||
return c.EqualClaims(claims)
|
||||
}
|
||||
|
||||
func (c *Claims) EqualClaims(claims *Claims, permsKey ...string) bool {
|
||||
c.normalizeClaims()
|
||||
claims.normalizeClaims()
|
||||
|
||||
if len(permsKey) > 0 {
|
||||
for _, p := range permsKey {
|
||||
if !(claims.Session.AccessToken[p] != nil && c.Session.AccessToken[p] != nil && claims.Session.AccessToken[p] == c.Session.AccessToken[p]) {
|
||||
return false
|
||||
}
|
||||
}
|
||||
return true
|
||||
}
|
||||
ok := reflect.DeepEqual(c.Session, claims.Session)
|
||||
if !ok {
|
||||
fmt.Println(cmp.Diff(c.Session, claims.Session))
|
||||
}
|
||||
return ok
|
||||
}
|
||||
|
||||
func (c *Claims) normalizeClaims() {
|
||||
c.Session.AccessToken = cleanMap(c.Session.AccessToken)
|
||||
c.Session.IDToken = cleanMap(c.Session.IDToken)
|
||||
}
|
||||
|
||||
func (c *Claims) SessionFromExt(ext map[string]interface{}) {
|
||||
var access map[string]interface{}
|
||||
var id map[string]interface{}
|
||||
|
||||
if v, ok := ext["access_token"].(map[string]interface{}); ok && v != nil {
|
||||
access = v
|
||||
} else {
|
||||
access = map[string]interface{}{}
|
||||
}
|
||||
|
||||
if v, ok := ext["id_token"].(map[string]interface{}); ok && v != nil {
|
||||
id = v
|
||||
} else {
|
||||
id = map[string]interface{}{}
|
||||
}
|
||||
|
||||
c.Session = SessionClaims{
|
||||
AccessToken: access,
|
||||
IDToken: id,
|
||||
}
|
||||
}
|
||||
|
||||
func GetClaims() ClaimService {
|
||||
for k := range t {
|
||||
if strings.Contains(conf.GetConfig().Auth, k) {
|
||||
|
||||
Reference in New Issue
Block a user