Github/aralez
1
0
Fork 0
mirror of https://github.com/sadoyan/aralez.git synced 2026-05-30 03:44:06 +08:00
Code Issues Packages Projects Releases Wiki Activity

JWT auth read and caches KEY from system env.

Browse Source
This commit is contained in:
Ara Sadoyan
2026-05-19 15:26:05 +02:00
parent 37ef118861
commit 4bbedee27b
5 changed files with 36 additions and 26 deletions
Download Patch File Download Diff File Expand all files Collapse all files

44
src/utils/auth.rs
View File

@@ -1,4 +1,5 @@
use crate::utils::jwt::check_jwt;
use crate::utils::jwt::{check_jwt, JWT_TOKEN};
use crate::utils::structs::InnerAuth;
use axum::http::StatusCode;
use base64::engine::general_purpose::STANDARD;
use base64::Engine;
@@ -8,7 +9,7 @@ use pingora_core::upstreams::peer::HttpPeer;
use pingora_http::ResponseHeader;
use pingora_proxy::Session;
use std::collections::HashMap;
use std::sync::{Arc, LazyLock};
use std::sync::LazyLock;
use subtle::ConstantTimeEq;
use urlencoding::decode;
@@ -18,7 +19,7 @@ trait AuthValidator {
}
struct BasicAuth<'a>(&'a str);
struct ApiKeyAuth<'a>(&'a str);
struct JwtAuth<'a>(&'a str);
struct JwtAuth();
struct ForwardAuth<'a>(&'a str);
pub static AUTH_CONNECTOR: LazyLock<Connector> = LazyLock::new(|| Connector::new(None));
@@ -175,18 +176,19 @@ impl AuthValidator for ApiKeyAuth<'_> {
}
#[async_trait::async_trait]
impl AuthValidator for JwtAuth<'_> {
impl AuthValidator for JwtAuth {
async fn validate(&self, session: &mut Session) -> bool {
println!("{:?}", self.0);
let jwtsecret = self.0;
if let Some(tok) = get_query_param(session, "araleztoken") {
return check_jwt(tok.as_str(), jwtsecret);
}
if let Some(auth_header) = session.get_header("authorization") {
if let Ok(header_str) = auth_header.to_str() {
if let Some((scheme, token)) = header_str.split_once(' ') {
if scheme.eq_ignore_ascii_case("bearer") {
return check_jwt(token, jwtsecret);
if let Some(jwtsecret) = JWT_TOKEN.clone() {
// println!(" ===> {:?}", jwtsecret);
if let Some(tok) = get_query_param(session, "araleztoken") {
return check_jwt(tok.as_str(), jwtsecret.as_ref());
}
if let Some(auth_header) = session.get_header("authorization") {
if let Ok(header_str) = auth_header.to_str() {
if let Some((scheme, token)) = header_str.split_once(' ') {
if scheme.eq_ignore_ascii_case("bearer") {
return check_jwt(token, jwtsecret.as_ref());
}
}
}
}
@@ -195,14 +197,14 @@ impl AuthValidator for JwtAuth<'_> {
}
}
pub async fn authenticate(auth_type: &Arc<str>, credentials: &Arc<str>, session: &mut Session) -> bool {
match &**auth_type {
"basic" => BasicAuth(credentials).validate(session).await,
"apikey" => ApiKeyAuth(credentials).validate(session).await,
"jwt" => JwtAuth(credentials).validate(session).await,
"forward" => ForwardAuth(credentials).validate(session).await,
pub async fn authenticate(auth: &InnerAuth, session: &mut Session) -> bool {
match &*auth.auth_type {
"basic" => BasicAuth(&*auth.auth_cred).validate(session).await,
"apikey" => ApiKeyAuth(&*auth.auth_cred).validate(session).await,
"jwt" => JwtAuth().validate(session).await,
"forward" => ForwardAuth(&*auth.auth_cred).validate(session).await,
_ => {
log::warn!("Unsupported authentication mechanism : {}", auth_type);
log::warn!("Unsupported authentication mechanism : {}", &*auth.auth_type);
false
}
}