all repos — litestore @ 39ce973f6f190b02bf30a06c04f28ff7f95dc489

A minimalist nosql document store.

jwks.json is now based on store ID.
h3rald h3rald@h3rald.com
Sat, 30 Dec 2023 16:13:44 +0100
commit

39ce973f6f190b02bf30a06c04f28ff7f95dc489

parent

f4eb0151a1fb5bb3c80d919175c0aba757f77a7b

M .gitignore.gitignore

@@ -17,7 +17,7 @@ jester_integration

js *_backup config.json -jwks.json +*jwks.json *.db-shm *.db-wal *.nim.bak
M src/litestorepkg/lib/core.nimsrc/litestorepkg/lib/core.nim

@@ -1,7 +1,9 @@

import db_connector/sqlite3, db_connector/db_sqlite as db, + std/[ os, + paths, oids, json, pegs,

@@ -10,7 +12,7 @@ strutils,

sequtils, httpclient, base64, - math + math] import types, contenttypes,

@@ -691,29 +693,28 @@ LOG.level = lvNone

else: fail(103, "Invalid log level '$1'" % val) - -proc downloadJwks*(uri: string) = - let file = getCurrentDir() / "jwks.json" +proc downloadJwks*(LS: LiteStore, uri: string) = + let file = LS.jwksPath let client = newHttpClient() client.downloadFile(uri, file) -proc processAuthConfig(configuration: var JsonNode, auth: var JsonNode) = - if auth == newJNull() and configuration != newJNull(): - auth = newJObject(); - auth["access"] = newJObject(); - if configuration.hasKey("jwks_uri"): +proc processAuthConfig(LS: var LiteStore) = + if LS.auth == newJNull() and LS.config != newJNull(): + LS.auth = newJObject(); + LS.auth["access"] = newJObject(); + if LS.config.hasKey("jwks_uri"): LOG.debug("Authentication: Downloading JWKS file.") - downloadJwks(configuration["jwks_uri"].getStr) - elif configuration.hasKey("signature"): + LS.downloadJwks(LS.config["jwks_uri"].getStr) + elif LS.config.hasKey("signature"): LOG.debug("Authentication: Signature found, processing authentication rules in configuration.") - auth["signature"] = configuration["signature"].getStr.replace( + LS.auth["signature"] = LS.config["signature"].getStr.replace( "-----BEGIN CERTIFICATE-----\n", "").replace( "\n-----END CERTIFICATE-----").strip().newJString - for k, v in configuration["resources"].pairs: - auth["access"][k] = newJObject() + for k, v in LS.config["resources"].pairs: + LS.auth["access"][k] = newJObject() for meth, content in v.pairs: if content.hasKey("auth"): - auth["access"][k][meth] = content["auth"] + LS.auth["access"][k][meth] = content["auth"] proc processConfigSettings(LS: var LiteStore) = # Process config settings if present and if no cli settings are set

@@ -777,7 +778,7 @@ # Process config settings

LS.processConfigSettings() # Process auth from config settings LOG.debug("Authentication: Checking configuration for auth rules - Store file: " & LS.file) - processAuthConfig(LS.config, LS.auth) + LS.processAuthConfig() if LS.auth == newJNull(): # Attempt to retrieve auth.json from system documents
M src/litestorepkg/lib/jwt.nimsrc/litestorepkg/lib/jwt.nim

@@ -1,7 +1,7 @@

import std/[ openssl, base64, strutils, macros, json, times, pegs, sequtils, os ] -import types +import types, core when defined(windows) and defined(amd64): {.passL: "-static -L"&getProjectPath()&"/litestorepkg/vendor/openssl/windows -lssl -lcrypto -lbcrypt".}

@@ -31,8 +31,8 @@ proc raiseX509Error(msg: string) =

let err = getLastError() raise newException(EX509Error, msg&"\n"&err) -proc getX5c*(token: JWT): string = - let file = getCurrentDir() / "jwks.json" +proc getX5c*(LS: LiteStore; token: JWT): string = + let file = LS.jwksPath if not file.fileExists: raise newException(ValueError, "JWKS file not found: " & file) let keys = file.readFile.parseJson["keys"]
M src/litestorepkg/lib/server.nimsrc/litestorepkg/lib/server.nim

@@ -52,7 +52,7 @@ let jwt = token.newJwt

var x5c: string if LS.config.hasKey("jwks_uri"): LOG.debug("Selecting x5c...") - x5c = jwt.getX5c() + x5c = LS.getX5c(jwt) else: LOG.debug("Using stored signature...") x5c = LS.config["signature"].getStr
M src/litestorepkg/lib/types.nimsrc/litestorepkg/lib/types.nim

@@ -1,15 +1,16 @@

import db_connector/db_sqlite, - asynchttpserver, + std/[asynchttpserver, asyncnet, uri, pegs, json, strtabs, + os, strutils, sequtils, nativesockets, - tables + tables] import config

@@ -123,6 +124,9 @@ resource: string,

id: string, version: string ] + +proc jwksPath*(LS: LiteStore): string = + return "$#/$#_jwks.json" % [getCurrentDir(), LS.file.splitFile.name] proc initLiteStore*(): LiteStore = result.config = newJNull()