Now caching jwks file contents in memory.
h3rald h3rald@h3rald.com
Fri, 05 Jan 2024 12:05:38 +0100
3 files changed,
12 insertions(+),
5 deletions(-)
M
src/litestorepkg/lib/core.nim
→
src/litestorepkg/lib/core.nim
@@ -704,7 +704,16 @@ LS.auth = newJObject();
LS.auth["access"] = newJObject(); if LS.config.hasKey("jwks_uri"): LOG.debug("Authentication: Downloading JWKS file.") - LS.downloadJwks(LS.config["jwks_uri"].getStr) + try: + LS.downloadJwks(LS.config["jwks_uri"].getStr) + except CatchableError: + LOG.warn "Unable to download JWKS file." + eWarn() + try: + LS.jwks = LS.jwksPath.parseFile + except: + LOG.warn "Unable to parse JWKS file." + eWarn() elif LS.config.hasKey("signature"): LOG.debug("Authentication: Signature found, processing authentication rules in configuration.") LS.auth["signature"] = LS.config["signature"].getStr.replace(
M
src/litestorepkg/lib/jwt.nim
→
src/litestorepkg/lib/jwt.nim
@@ -32,10 +32,7 @@ let err = getLastError()
raise newException(EX509Error, msg&"\n"&err) proc getX5c*(LS: LiteStore; token: JWT): string = - let file = LS.jwksPath - if not file.fileExists: - raise newException(ValueError, "JWKS file not found: " & file) - let keys = file.readFile.parseJson["keys"] + let keys = LS.jwks["keys"] if token.header.hasKey("kid"): let kid = token.header["kid"].getStr return keys.filterIt(it["kid"].getStr == kid)[0]["x5c"][0].getStr
M
src/litestorepkg/lib/types.nim
→
src/litestorepkg/lib/types.nim
@@ -92,6 +92,7 @@ port*: int
operation*: Operation config*: JsonNode configFile*: string + jwks*: JsonNode cliSettings*: JsonNode directory*: string manageSystemData*: bool