aboutsummaryrefslogtreecommitdiff
path: root/server
diff options
context:
space:
mode:
authorNiall Sheridan <nsheridan@gmail.com>2016-05-18 22:39:27 +0100
committerNiall Sheridan <nsheridan@gmail.com>2016-05-18 22:39:27 +0100
commit748ae6cf5a681588ca370a92c1a0e42a987d79d5 (patch)
tree82bcaee6ab6194f7e99fee1d77d571eaa4b84ddc /server
parent47e702ab1d0c1b92b76663ba027c7c20122efab7 (diff)
Don't use jwt, it doesn't buy a whole lot for this application
Diffstat (limited to 'server')
-rw-r--r--server/config/config.go1
-rw-r--r--server/config/config_test.go1
-rw-r--r--server/main.go49
3 files changed, 18 insertions, 33 deletions
diff --git a/server/config/config.go b/server/config/config.go
index 3d12665..bf5bfc7 100644
--- a/server/config/config.go
+++ b/server/config/config.go
@@ -39,7 +39,6 @@ type Auth struct {
OauthCallbackURL string `mapstructure:"oauth_callback_url"`
Provider string `mapstructure:"provider"`
ProviderOpts map[string]string `mapstructure:"provider_opts"`
- JWTSigningKey string `mapstructure:"jwt_signing_key"`
}
// SSH holds the configuration specific to signing ssh keys.
diff --git a/server/config/config_test.go b/server/config/config_test.go
index f97961a..067b0dc 100644
--- a/server/config/config_test.go
+++ b/server/config/config_test.go
@@ -37,7 +37,6 @@ func TestAuthConfig(t *testing.T) {
a.Equal(auth.OauthClientID, "client_id")
a.Equal(auth.OauthClientSecret, "secret")
a.Equal(auth.OauthCallbackURL, "https://sshca.example.com/auth/callback")
- a.Equal(auth.JWTSigningKey, "supersecret")
}
func TestSSHConfig(t *testing.T) {
diff --git a/server/main.go b/server/main.go
index 786fc9f..402b321 100644
--- a/server/main.go
+++ b/server/main.go
@@ -13,11 +13,11 @@ import (
"log"
"net/http"
"os"
+ "strings"
"time"
"golang.org/x/oauth2"
- "github.com/dgrijalva/jwt-go"
"github.com/gorilla/mux"
"github.com/gorilla/sessions"
"github.com/nsheridan/cashier/lib"
@@ -34,12 +34,11 @@ var (
// appContext contains local context - cookiestore, authprovider, authsession, templates etc.
type appContext struct {
- cookiestore *sessions.CookieStore
- authprovider auth.Provider
- authsession *auth.Session
- views *template.Template
- sshKeySigner *signer.KeySigner
- jwtSigningKey []byte
+ cookiestore *sessions.CookieStore
+ authprovider auth.Provider
+ authsession *auth.Session
+ views *template.Template
+ sshKeySigner *signer.KeySigner
}
// getAuthCookie retrieves a cookie from the request and validates it.
@@ -83,21 +82,17 @@ func parseKey(r *http.Request) (*lib.SignRequest, error) {
// signHandler handles the "/sign" path.
// It unmarshals the client token to an oauth token, validates it and signs the provided public ssh key.
func signHandler(a *appContext, w http.ResponseWriter, r *http.Request) (int, error) {
- // Retrieve the client token and verify it.
- jwtoken, err := jwt.ParseFromRequest(r, func(t *jwt.Token) (interface{}, error) {
- return a.jwtSigningKey, nil
- })
- if err != nil {
- return http.StatusUnauthorized, errors.New(http.StatusText(http.StatusUnauthorized))
+ var t string
+ if ah := r.Header.Get("Authorization"); ah != "" {
+ if len(ah) > 6 && strings.ToUpper(ah[0:7]) == "BEARER " {
+ t = ah[7:]
+ }
}
- if !jwtoken.Valid {
- log.Printf("Token %v not valid", jwtoken)
+ if t == "" {
return http.StatusUnauthorized, errors.New(http.StatusText(http.StatusUnauthorized))
}
- expiry := int64(jwtoken.Claims["exp"].(float64))
token := &oauth2.Token{
- AccessToken: jwtoken.Claims["token"].(string),
- Expiry: time.Unix(expiry, 0),
+ AccessToken: t,
}
ok := a.authprovider.Valid(token)
if !ok {
@@ -156,16 +151,9 @@ func rootHandler(a *appContext, w http.ResponseWriter, r *http.Request) (int, er
http.Redirect(w, r, "/auth/login", http.StatusSeeOther)
return http.StatusSeeOther, nil
}
- j := jwt.New(jwt.SigningMethodHS256)
- j.Claims["token"] = tok.AccessToken
- j.Claims["exp"] = tok.Expiry.Unix()
- t, err := j.SignedString(a.jwtSigningKey)
- if err != nil {
- return http.StatusInternalServerError, err
- }
page := struct {
Token string
- }{t}
+ }{tok.AccessToken}
a.views.ExecuteTemplate(w, "token.html", page)
return http.StatusOK, nil
}
@@ -232,11 +220,10 @@ func main() {
}
ctx := &appContext{
- cookiestore: sessions.NewCookieStore([]byte(config.Server.CookieSecret)),
- authprovider: authprovider,
- views: template.Must(template.ParseGlob("templates/*")),
- sshKeySigner: signer,
- jwtSigningKey: []byte(config.Auth.JWTSigningKey),
+ cookiestore: sessions.NewCookieStore([]byte(config.Server.CookieSecret)),
+ authprovider: authprovider,
+ views: template.Must(template.ParseGlob("templates/*")),
+ sshKeySigner: signer,
}
ctx.cookiestore.Options = &sessions.Options{
MaxAge: 900,