From 748ae6cf5a681588ca370a92c1a0e42a987d79d5 Mon Sep 17 00:00:00 2001
From: Niall Sheridan <nsheridan@gmail.com>
Date: Wed, 18 May 2016 22:39:27 +0100
Subject: Don't use jwt, it doesn't buy a whole lot for this application

---
 server/config/config.go      |  1 -
 server/config/config_test.go |  1 -
 server/main.go               | 49 ++++++++++++++++----------------------------
 3 files changed, 18 insertions(+), 33 deletions(-)

(limited to 'server')

diff --git a/server/config/config.go b/server/config/config.go
index 3d12665..bf5bfc7 100644
--- a/server/config/config.go
+++ b/server/config/config.go
@@ -39,7 +39,6 @@ type Auth struct {
 	OauthCallbackURL  string            `mapstructure:"oauth_callback_url"`
 	Provider          string            `mapstructure:"provider"`
 	ProviderOpts      map[string]string `mapstructure:"provider_opts"`
-	JWTSigningKey     string            `mapstructure:"jwt_signing_key"`
 }
 
 // SSH holds the configuration specific to signing ssh keys.
diff --git a/server/config/config_test.go b/server/config/config_test.go
index f97961a..067b0dc 100644
--- a/server/config/config_test.go
+++ b/server/config/config_test.go
@@ -37,7 +37,6 @@ func TestAuthConfig(t *testing.T) {
 	a.Equal(auth.OauthClientID, "client_id")
 	a.Equal(auth.OauthClientSecret, "secret")
 	a.Equal(auth.OauthCallbackURL, "https://sshca.example.com/auth/callback")
-	a.Equal(auth.JWTSigningKey, "supersecret")
 }
 
 func TestSSHConfig(t *testing.T) {
diff --git a/server/main.go b/server/main.go
index 786fc9f..402b321 100644
--- a/server/main.go
+++ b/server/main.go
@@ -13,11 +13,11 @@ import (
 	"log"
 	"net/http"
 	"os"
+	"strings"
 	"time"
 
 	"golang.org/x/oauth2"
 
-	"github.com/dgrijalva/jwt-go"
 	"github.com/gorilla/mux"
 	"github.com/gorilla/sessions"
 	"github.com/nsheridan/cashier/lib"
@@ -34,12 +34,11 @@ var (
 
 // appContext contains local context - cookiestore, authprovider, authsession, templates etc.
 type appContext struct {
-	cookiestore   *sessions.CookieStore
-	authprovider  auth.Provider
-	authsession   *auth.Session
-	views         *template.Template
-	sshKeySigner  *signer.KeySigner
-	jwtSigningKey []byte
+	cookiestore  *sessions.CookieStore
+	authprovider auth.Provider
+	authsession  *auth.Session
+	views        *template.Template
+	sshKeySigner *signer.KeySigner
 }
 
 // getAuthCookie retrieves a cookie from the request and validates it.
@@ -83,21 +82,17 @@ func parseKey(r *http.Request) (*lib.SignRequest, error) {
 // signHandler handles the "/sign" path.
 // It unmarshals the client token to an oauth token, validates it and signs the provided public ssh key.
 func signHandler(a *appContext, w http.ResponseWriter, r *http.Request) (int, error) {
-	// Retrieve the client token and verify it.
-	jwtoken, err := jwt.ParseFromRequest(r, func(t *jwt.Token) (interface{}, error) {
-		return a.jwtSigningKey, nil
-	})
-	if err != nil {
-		return http.StatusUnauthorized, errors.New(http.StatusText(http.StatusUnauthorized))
+	var t string
+	if ah := r.Header.Get("Authorization"); ah != "" {
+		if len(ah) > 6 && strings.ToUpper(ah[0:7]) == "BEARER " {
+			t = ah[7:]
+		}
 	}
-	if !jwtoken.Valid {
-		log.Printf("Token %v not valid", jwtoken)
+	if t == "" {
 		return http.StatusUnauthorized, errors.New(http.StatusText(http.StatusUnauthorized))
 	}
-	expiry := int64(jwtoken.Claims["exp"].(float64))
 	token := &oauth2.Token{
-		AccessToken: jwtoken.Claims["token"].(string),
-		Expiry:      time.Unix(expiry, 0),
+		AccessToken: t,
 	}
 	ok := a.authprovider.Valid(token)
 	if !ok {
@@ -156,16 +151,9 @@ func rootHandler(a *appContext, w http.ResponseWriter, r *http.Request) (int, er
 		http.Redirect(w, r, "/auth/login", http.StatusSeeOther)
 		return http.StatusSeeOther, nil
 	}
-	j := jwt.New(jwt.SigningMethodHS256)
-	j.Claims["token"] = tok.AccessToken
-	j.Claims["exp"] = tok.Expiry.Unix()
-	t, err := j.SignedString(a.jwtSigningKey)
-	if err != nil {
-		return http.StatusInternalServerError, err
-	}
 	page := struct {
 		Token string
-	}{t}
+	}{tok.AccessToken}
 	a.views.ExecuteTemplate(w, "token.html", page)
 	return http.StatusOK, nil
 }
@@ -232,11 +220,10 @@ func main() {
 	}
 
 	ctx := &appContext{
-		cookiestore:   sessions.NewCookieStore([]byte(config.Server.CookieSecret)),
-		authprovider:  authprovider,
-		views:         template.Must(template.ParseGlob("templates/*")),
-		sshKeySigner:  signer,
-		jwtSigningKey: []byte(config.Auth.JWTSigningKey),
+		cookiestore:  sessions.NewCookieStore([]byte(config.Server.CookieSecret)),
+		authprovider: authprovider,
+		views:        template.Must(template.ParseGlob("templates/*")),
+		sshKeySigner: signer,
 	}
 	ctx.cookiestore.Options = &sessions.Options{
 		MaxAge:   900,
-- 
cgit v1.2.3