all repos — litestore @ 5e505a3610fc3e929947bee825e58b56bb10e7d9

A minimalist nosql document store. 

Implemented enhanced JWT support (to be tested).
h3rald h3rald@h3rald.com
Fri, 29 Dec 2023 22:03:27 +0100
commit

5e505a3610fc3e929947bee825e58b56bb10e7d9

parent

11fee4a9e94a6aa915e4e3fbcf57dbf832b3d83f

5 files changed, 22 insertions(+), 15 deletions(-)

jump to
M .gitignore.gitignore 
@@ -16,7 +16,8 @@ LiteStore_UserGuide.htm
 jester_integration
 js
 *_backup
-./config.json
+config.json
+jwks.json
 *.db-shm
 *.db-wal
 *.nim.bak
M src/litestorepkg/lib/config.nimsrc/litestorepkg/lib/config.nim 
@@ -1,12 +1,12 @@ 
 const
-  pkgName*        = "litestore"
-  pkgVersion*     = "1.12.2"
-  pkgAuthor*      = "Fabio Cevasco"
+  pkgName* = "litestore"
+  pkgVersion* = "1.13.0"
+  pkgAuthor* = "Fabio Cevasco"
   pkgDescription* = "Self-contained, lightweight, RESTful document store."
-  pkgLicense*     = "MIT"
-  appname*        = "LiteStore"
+  pkgLicense* = "MIT"
+  appname* = "LiteStore"
 
 var
-  file*           = "data.db"
-  address*        = "127.0.0.1"
-  port*           = 9500
+  file* = "data.db"
+  address* = "127.0.0.1"
+  port* = 9500
M src/litestorepkg/lib/core.nimsrc/litestorepkg/lib/core.nim 
@@ -699,13 +699,13 @@ client.downloadFile(uri, file)
 
 proc processAuthConfig(configuration: var JsonNode, auth: var JsonNode) =
   if auth == newJNull() and configuration != newJNull():
+    auth = newJObject();
+    auth["access"] = newJObject();
     if configuration.hasKey("jwks_uri"):
       LOG.debug("Authentication: Downloading JWKS file.")
       downloadJwks(configuration["jwks_uri"].getStr)
     elif configuration.hasKey("signature"):
       LOG.debug("Authentication: Signature found, processing authentication rules in configuration.")
-      auth = newJObject();
-      auth["access"] = newJObject();
       auth["signature"] = configuration["signature"].getStr.replace(
           "-----BEGIN CERTIFICATE-----\n", "").replace(
           "\n-----END CERTIFICATE-----").strip().newJString
M src/litestorepkg/lib/jwt.nimsrc/litestorepkg/lib/jwt.nim 
@@ -26,7 +26,7 @@ proc getX5c*(token: JWT): string =
     let file = getCurrentDir() / "jwks.json"
     if not file.fileExists:
         raise newException(ValueError, "JWKS file not found: " & file)
-    let keys = file.readFile.parseJson
+    let keys = file.readFile.parseJson["keys"]
     if token.header.hasKey("kid"):
         let kid = token.header["kid"].getStr
         return keys.filterIt(it["kid"].getStr == kid)[0]["x5c"].getStr
M src/litestorepkg/lib/server.nimsrc/litestorepkg/lib/server.nim 
@@ -50,14 +50,20 @@ # Validate token
     try:
       let jwt = token.newJwt
       var x5c: string
-      if cfg.hasKey("jwks_uri"):
+      if LS.config.hasKey("jwks_uri"):
+        LOG.debug("Selecting x5c...")
         x5c = jwt.getX5c()
       else:
-        x5c = cfg["signature"].getStr
+        LOG.debug("Using stored signature...")
+        x5c = LS.config["signature"].getStr
+      LOG.debug("Verifying algorithm...")
       jwt.verifyAlgorithm()
+      LOG.debug("Verifying signature...")
       jwt.verifySignature(x5c)
+      LOG.debug("Verifying claims...")
       jwt.verifyTimeClaims()
-      let scope = cfg[reqMethod].getStr.split(peg"\s+")
+      let scope = cfg[reqMethod].mapIt(it.getStr)
+      LOG.debug("Verifying scope...")
       jwt.verifyScope(scope)
       LOG.debug("Authorization successful")
     except EUnauthorizedError: