all repos — litestore @ 39ce973f6f190b02bf30a06c04f28ff7f95dc489

A minimalist nosql document store. 

jwks.json is now based on store ID.
h3rald h3rald@h3rald.com
Sat, 30 Dec 2023 16:13:44 +0100
commit

39ce973f6f190b02bf30a06c04f28ff7f95dc489

parent

f4eb0151a1fb5bb3c80d919175c0aba757f77a7b

5 files changed, 28 insertions(+), 23 deletions(-)

jump to
M .gitignore.gitignore 
@@ -17,7 +17,7 @@ jester_integration
 js
 *_backup
 config.json
-jwks.json
+*jwks.json
 *.db-shm
 *.db-wal
 *.nim.bak
M src/litestorepkg/lib/core.nimsrc/litestorepkg/lib/core.nim 
@@ -1,7 +1,9 @@ 
 import
   db_connector/sqlite3,
   db_connector/db_sqlite as db,
+  std/[
   os,
+  paths,
   oids,
   json,
   pegs,

@@ -10,7 +12,7 @@ strutils,
   sequtils,
   httpclient,
   base64,
-  math
+  math]
 import
   types,
   contenttypes,

@@ -691,29 +693,28 @@ LOG.level = lvNone
     else:
       fail(103, "Invalid log level '$1'" % val)
 
-
-proc downloadJwks*(uri: string) =
-  let file = getCurrentDir() / "jwks.json"
+proc downloadJwks*(LS: LiteStore, uri: string) =
+  let file = LS.jwksPath
   let client = newHttpClient()
   client.downloadFile(uri, file)
 
-proc processAuthConfig(configuration: var JsonNode, auth: var JsonNode) =
-  if auth == newJNull() and configuration != newJNull():
-    auth = newJObject();
-    auth["access"] = newJObject();
-    if configuration.hasKey("jwks_uri"):
+proc processAuthConfig(LS: var LiteStore) =
+  if LS.auth == newJNull() and LS.config != newJNull():
+    LS.auth = newJObject();
+    LS.auth["access"] = newJObject();
+    if LS.config.hasKey("jwks_uri"):
       LOG.debug("Authentication: Downloading JWKS file.")
-      downloadJwks(configuration["jwks_uri"].getStr)
-    elif configuration.hasKey("signature"):
+      LS.downloadJwks(LS.config["jwks_uri"].getStr)
+    elif LS.config.hasKey("signature"):
       LOG.debug("Authentication: Signature found, processing authentication rules in configuration.")
-      auth["signature"] = configuration["signature"].getStr.replace(
+      LS.auth["signature"] = LS.config["signature"].getStr.replace(
           "-----BEGIN CERTIFICATE-----\n", "").replace(
           "\n-----END CERTIFICATE-----").strip().newJString
-    for k, v in configuration["resources"].pairs:
-      auth["access"][k] = newJObject()
+    for k, v in LS.config["resources"].pairs:
+      LS.auth["access"][k] = newJObject()
       for meth, content in v.pairs:
         if content.hasKey("auth"):
-          auth["access"][k][meth] = content["auth"]
+          LS.auth["access"][k][meth] = content["auth"]
 
 proc processConfigSettings(LS: var LiteStore) =
   # Process config settings if present and if no cli settings are set

@@ -777,7 +778,7 @@ # Process config settings
     LS.processConfigSettings()
     # Process auth from config settings
     LOG.debug("Authentication: Checking configuration for auth rules - Store file: " & LS.file)
-    processAuthConfig(LS.config, LS.auth)
+    LS.processAuthConfig()
 
   if LS.auth == newJNull():
     # Attempt to retrieve auth.json from system documents
M src/litestorepkg/lib/jwt.nimsrc/litestorepkg/lib/jwt.nim 
@@ -1,7 +1,7 @@ 
 import std/[
     openssl, base64, strutils, macros, json, times, pegs, sequtils, os
     ]
-import types
+import types, core
 
 when defined(windows) and defined(amd64):
     {.passL: "-static -L"&getProjectPath()&"/litestorepkg/vendor/openssl/windows -lssl -lcrypto -lbcrypt".}

@@ -31,8 +31,8 @@ proc raiseX509Error(msg: string) =
     let err = getLastError()
     raise newException(EX509Error, msg&"\n"&err)
 
-proc getX5c*(token: JWT): string =
-    let file = getCurrentDir() / "jwks.json"
+proc getX5c*(LS: LiteStore; token: JWT): string =
+    let file = LS.jwksPath
     if not file.fileExists:
         raise newException(ValueError, "JWKS file not found: " & file)
     let keys = file.readFile.parseJson["keys"]
M src/litestorepkg/lib/server.nimsrc/litestorepkg/lib/server.nim 
@@ -52,7 +52,7 @@ let jwt = token.newJwt
       var x5c: string
       if LS.config.hasKey("jwks_uri"):
         LOG.debug("Selecting x5c...")
-        x5c = jwt.getX5c()
+        x5c = LS.getX5c(jwt)
       else:
         LOG.debug("Using stored signature...")
         x5c = LS.config["signature"].getStr
M src/litestorepkg/lib/types.nimsrc/litestorepkg/lib/types.nim 
@@ -1,15 +1,16 @@ 
 import
   db_connector/db_sqlite,
-  asynchttpserver,
+  std/[asynchttpserver,
   asyncnet,
   uri,
   pegs,
   json,
   strtabs,
+  os,
   strutils,
   sequtils,
   nativesockets,
-  tables
+  tables]
 import
   config
 

@@ -123,6 +124,9 @@ resource: string,
     id: string,
     version: string
   ]
+
+proc jwksPath*(LS: LiteStore): string =
+  return "$#/$#_jwks.json" % [getCurrentDir(), LS.file.splitFile.name]
 
 proc initLiteStore*(): LiteStore =
   result.config = newJNull()