mirror of
https://github.com/netbirdio/netbird.git
synced 2025-01-23 14:28:51 +01:00
fec3132585
The management will validate the JWT as it does in the API and will register the Peer to the user's account. New fields were added to grpc messages in management and client daemon and its clients were updated Peer has one new field, UserID, that will hold the id of the user that registered it JWT middleware CheckJWT got a splitter and renamed to support validation for non HTTP requests Added test for adding new Peer with UserID Lots of tests update because of a new field
62 lines
1.9 KiB
Go
62 lines
1.9 KiB
Go
package jwtclaims
|
|
|
|
import (
|
|
"github.com/golang-jwt/jwt"
|
|
"net/http"
|
|
)
|
|
|
|
const (
|
|
TokenUserProperty = "user"
|
|
AccountIDSuffix = "wt_account_id"
|
|
DomainIDSuffix = "wt_account_domain"
|
|
DomainCategorySuffix = "wt_account_domain_category"
|
|
UserIDClaim = "sub"
|
|
)
|
|
|
|
// Extract function type
|
|
type ExtractClaims func(r *http.Request, authAudiance string) AuthorizationClaims
|
|
|
|
// ClaimsExtractor struct that holds the extract function
|
|
type ClaimsExtractor struct {
|
|
ExtractClaimsFromRequestContext ExtractClaims
|
|
}
|
|
|
|
// NewClaimsExtractor returns an extractor, and if provided with a function with ExtractClaims signature,
|
|
// then it will use that logic. Uses ExtractClaimsFromRequestContext by default
|
|
func NewClaimsExtractor(e ExtractClaims) *ClaimsExtractor {
|
|
var extractFunc ExtractClaims
|
|
if extractFunc = e; extractFunc == nil {
|
|
extractFunc = ExtractClaimsFromRequestContext
|
|
}
|
|
|
|
return &ClaimsExtractor{
|
|
ExtractClaimsFromRequestContext: extractFunc,
|
|
}
|
|
}
|
|
|
|
// ExtractClaimsFromRequestContext extracts claims from the request context previously filled by the JWT token (after auth)
|
|
func ExtractClaimsFromRequestContext(r *http.Request, authAudience string) AuthorizationClaims {
|
|
token := r.Context().Value(TokenUserProperty).(*jwt.Token)
|
|
return ExtractClaimsWithToken(token, authAudience)
|
|
}
|
|
|
|
// ExtractClaimsWithToken extracts claims from the token (after auth)
|
|
func ExtractClaimsWithToken(token *jwt.Token, authAudience string) AuthorizationClaims {
|
|
claims := token.Claims.(jwt.MapClaims)
|
|
jwtClaims := AuthorizationClaims{}
|
|
jwtClaims.UserId = claims[UserIDClaim].(string)
|
|
accountIdClaim, ok := claims[authAudience+AccountIDSuffix]
|
|
if ok {
|
|
jwtClaims.AccountId = accountIdClaim.(string)
|
|
}
|
|
domainClaim, ok := claims[authAudience+DomainIDSuffix]
|
|
if ok {
|
|
jwtClaims.Domain = domainClaim.(string)
|
|
}
|
|
domainCategoryClaim, ok := claims[authAudience+DomainCategorySuffix]
|
|
if ok {
|
|
jwtClaims.DomainCategory = domainCategoryClaim.(string)
|
|
}
|
|
return jwtClaims
|
|
}
|