admin/hspguard
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: refactor for using app config

Browse Source
This commit is contained in:
Amir Adal
2025-05-25 16:22:28 +02:00
parent b95dcc6230
commit 07b9b94143
10 changed files with 120 additions and 153 deletions
Download Patch File Download Diff File Expand all files Collapse all files

75
internal/auth/jwt.go
View File

@ -4,71 +4,13 @@ import (
"crypto/rsa"
"crypto/x509"
"encoding/base64"
"encoding/json"
"fmt"
"net/http"
"os"
"gitea.local/admin/hspguard/internal/types"
"gitea.local/admin/hspguard/internal/web"
"github.com/golang-jwt/jwt/v5"
)
func WriteJWKS(w http.ResponseWriter, r *http.Request) {
pubKey, err := parseBase64PublicKey("JWT_PUBLIC_KEY")
if err != nil {
web.Error(w, "failed to parse public key", http.StatusInternalServerError)
}
n := base64.RawURLEncoding.EncodeToString(pubKey.N.Bytes())
e := base64.RawURLEncoding.EncodeToString([]byte{1, 0, 1}) // 65537 = 0x010001
jwks := map[string]interface{}{
"keys": []map[string]string{
{
"kty": "RSA",
"kid": "my-rsa-key-1",
"use": "sig",
"alg": "RS256",
"n": n,
"e": e,
},
},
}
w.Header().Set("Content-Type", "application/json")
json.NewEncoder(w).Encode(jwks)
}
func OpenIdConfiguration(w http.ResponseWriter, r *http.Request) {
type Response struct {
TokenEndpoint string `json:"token_endpoint"`
AuthorizationEndpoint string `json:"authorization_endpoint"`
JwksURI string `json:"jwks_uri"`
Issuer string `json:"issuer"`
EndSessionEndpoint string `json:"end_session_endpoint"`
}
w.Header().Set("Content-Type", "application/json")
encoder := json.NewEncoder(w)
if err := encoder.Encode(Response{
TokenEndpoint: "https://cb5f-2a00-10-5b00-c801-e955-5c68-63d0-b777.ngrok-free.app/api/v1/oauth/token",
AuthorizationEndpoint: "https://cb5f-2a00-10-5b00-c801-e955-5c68-63d0-b777.ngrok-free.app/authorize",
JwksURI: "https://cb5f-2a00-10-5b00-c801-e955-5c68-63d0-b777.ngrok-free.app/.well-known/jwks.json",
Issuer: "https://cb5f-2a00-10-5b00-c801-e955-5c68-63d0-b777.ngrok-free.app",
EndSessionEndpoint: "https://cb5f-2a00-10-5b00-c801-e955-5c68-63d0-b777.ngrok-free.app/api/v1/oauth/logout",
}); err != nil {
web.Error(w, "failed to encode response", http.StatusInternalServerError)
}
}
func parseBase64PrivateKey(envVar string) (*rsa.PrivateKey, error) {
b64 := os.Getenv(envVar)
if b64 == "" {
return nil, fmt.Errorf("env var %s is empty", envVar)
}
func ParseBase64PrivateKey(b64 string) (*rsa.PrivateKey, error) {
decoded, err := base64.StdEncoding.DecodeString(b64)
if err != nil {
return nil, fmt.Errorf("failed to decode base64 key: %v", err)
@ -78,12 +20,7 @@ func parseBase64PrivateKey(envVar string) (*rsa.PrivateKey, error) {
return key.(*rsa.PrivateKey), err
}
func parseBase64PublicKey(envVar string) (*rsa.PublicKey, error) {
b64 := os.Getenv(envVar)
if b64 == "" {
return nil, fmt.Errorf("env var %s is empty", envVar)
}
func ParseBase64PublicKey(b64 string) (*rsa.PublicKey, error) {
decoded, err := base64.StdEncoding.DecodeString(b64)
if err != nil {
return nil, fmt.Errorf("failed to decode base64 key: %v", err)
@ -102,8 +39,8 @@ func parseBase64PublicKey(envVar string) (*rsa.PublicKey, error) {
return pubKey, nil
}
func SignJwtToken(claims jwt.Claims) (string, error) {
privateKey, err := parseBase64PrivateKey("JWT_PRIVATE_KEY")
func SignJwtToken(claims jwt.Claims, key string) (string, error) {
privateKey, err := ParseBase64PrivateKey(key)
if err != nil {
return "", err
}
@ -120,8 +57,8 @@ func SignJwtToken(claims jwt.Claims) (string, error) {
return s, nil
}
func VerifyToken(token string) (*jwt.Token, *types.UserClaims, error) {
publicKey, err := parseBase64PublicKey("JWT_PUBLIC_KEY")
func VerifyToken(token string, key string) (*jwt.Token, *types.UserClaims, error) {
publicKey, err := ParseBase64PublicKey(key)
if err != nil {
return nil, nil, err
}