Implemented enhanced JWT support (to be tested).
h3rald h3rald@h3rald.com
Fri, 29 Dec 2023 22:03:27 +0100
5 files changed,
22 insertions(+),
15 deletions(-)
M
.gitignore
→
.gitignore
@@ -16,7 +16,8 @@ LiteStore_UserGuide.htm
jester_integration js *_backup -./config.json +config.json +jwks.json *.db-shm *.db-wal *.nim.bak
M
src/litestorepkg/lib/config.nim
→
src/litestorepkg/lib/config.nim
@@ -1,12 +1,12 @@
const - pkgName* = "litestore" - pkgVersion* = "1.12.2" - pkgAuthor* = "Fabio Cevasco" + pkgName* = "litestore" + pkgVersion* = "1.13.0" + pkgAuthor* = "Fabio Cevasco" pkgDescription* = "Self-contained, lightweight, RESTful document store." - pkgLicense* = "MIT" - appname* = "LiteStore" + pkgLicense* = "MIT" + appname* = "LiteStore" var - file* = "data.db" - address* = "127.0.0.1" - port* = 9500 + file* = "data.db" + address* = "127.0.0.1" + port* = 9500
M
src/litestorepkg/lib/core.nim
→
src/litestorepkg/lib/core.nim
@@ -699,13 +699,13 @@ client.downloadFile(uri, file)
proc processAuthConfig(configuration: var JsonNode, auth: var JsonNode) = if auth == newJNull() and configuration != newJNull(): + auth = newJObject(); + auth["access"] = newJObject(); if configuration.hasKey("jwks_uri"): LOG.debug("Authentication: Downloading JWKS file.") downloadJwks(configuration["jwks_uri"].getStr) elif configuration.hasKey("signature"): LOG.debug("Authentication: Signature found, processing authentication rules in configuration.") - auth = newJObject(); - auth["access"] = newJObject(); auth["signature"] = configuration["signature"].getStr.replace( "-----BEGIN CERTIFICATE-----\n", "").replace( "\n-----END CERTIFICATE-----").strip().newJString
M
src/litestorepkg/lib/jwt.nim
→
src/litestorepkg/lib/jwt.nim
@@ -26,7 +26,7 @@ proc getX5c*(token: JWT): string =
let file = getCurrentDir() / "jwks.json" if not file.fileExists: raise newException(ValueError, "JWKS file not found: " & file) - let keys = file.readFile.parseJson + let keys = file.readFile.parseJson["keys"] if token.header.hasKey("kid"): let kid = token.header["kid"].getStr return keys.filterIt(it["kid"].getStr == kid)[0]["x5c"].getStr
M
src/litestorepkg/lib/server.nim
→
src/litestorepkg/lib/server.nim
@@ -50,14 +50,20 @@ # Validate token
try: let jwt = token.newJwt var x5c: string - if cfg.hasKey("jwks_uri"): + if LS.config.hasKey("jwks_uri"): + LOG.debug("Selecting x5c...") x5c = jwt.getX5c() else: - x5c = cfg["signature"].getStr + LOG.debug("Using stored signature...") + x5c = LS.config["signature"].getStr + LOG.debug("Verifying algorithm...") jwt.verifyAlgorithm() + LOG.debug("Verifying signature...") jwt.verifySignature(x5c) + LOG.debug("Verifying claims...") jwt.verifyTimeClaims() - let scope = cfg[reqMethod].getStr.split(peg"\s+") + let scope = cfg[reqMethod].mapIt(it.getStr) + LOG.debug("Verifying scope...") jwt.verifyScope(scope) LOG.debug("Authorization successful") except EUnauthorizedError: