diff --git a/Cargo.toml b/Cargo.toml index bb9796d..d1cf853 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -44,3 +44,5 @@ privdrop = "0.5.6" ctrlc = "3.5.2" serde_json = "1.0.149" subtle = "2.6.1" +moka = { version = "0.12.1", features = ["sync"] } +ahash = "0.8.12" diff --git a/src/utils/auth.rs b/src/utils/auth.rs index 7f2d450..321c2bd 100644 --- a/src/utils/auth.rs +++ b/src/utils/auth.rs @@ -31,10 +31,10 @@ pub static AUTH_CONNECTOR: LazyLock = LazyLock::new(|| Connector::new #[async_trait::async_trait] impl AuthValidator for ForwardAuth<'_> { async fn validate(&self, session: &mut Session) -> bool { - // let method = match session.req_header().method.as_str() { - // "HEAD" => "HEAD", - // _ => "GET", - // }; + let method = match session.req_header().method.as_str() { + "HEAD" => "HEAD", + _ => "GET", + }; let auth_url = self.0; @@ -67,7 +67,7 @@ impl AuthValidator for ForwardAuth<'_> { } }; - let mut auth_req = match RequestHeader::build("GET", uri.as_bytes(), None) { + let mut auth_req = match RequestHeader::build(method, uri.as_bytes(), None) { Ok(r) => r, Err(e) => { log::warn!("ForwardAuth: failed to build request: {}", e); @@ -75,7 +75,6 @@ impl AuthValidator for ForwardAuth<'_> { } }; - // Filter headers ???? // auth_req.headers = session.req_header().headers.clone(); auth_req.insert_header("Host", addr).ok(); auth_req.insert_header("X-Forwarded-Uri", uri).ok(); @@ -147,7 +146,6 @@ impl AuthValidator for ForwardAuth<'_> { } else { false } - // (200..300).contains(&status) } } diff --git a/src/utils/jwt.rs b/src/utils/jwt.rs index 3e1e7b2..c553203 100644 --- a/src/utils/jwt.rs +++ b/src/utils/jwt.rs @@ -1,16 +1,42 @@ +use ahash::AHasher; use jsonwebtoken::{decode, Algorithm, DecodingKey, Validation}; +use moka::sync::Cache; use serde::{Deserialize, Serialize}; +use std::hash::{Hash, Hasher}; +use std::sync::LazyLock; #[derive(Debug, Serialize, Deserialize)] pub(crate) struct Claims { pub(crate) user: String, pub(crate) exp: u64, } + +static JWT_CACHE: LazyLock> = LazyLock::new(|| Cache::builder().max_capacity(100_000).time_to_live(std::time::Duration::from_secs(60)).build()); +static JWT_VALIDATION: LazyLock = LazyLock::new(|| Validation::new(Algorithm::HS256)); + +/* pub fn check_jwt(input: &str, secret: &str) -> bool { let validation = Validation::new(Algorithm::HS256); let token_data = decode::(&input, &DecodingKey::from_secret(secret.as_ref()), &validation); - match token_data { - Ok(_) => true, - Err(_) => false, - } + token_data.is_ok() +} +*/ + +pub fn check_jwt(token: &str, secret: &str) -> bool { + let key = hash_token(token, secret); + if let Some(v) = JWT_CACHE.get(&key) { + return v; + } + let result = decode::(token, &DecodingKey::from_secret(secret.as_ref()), &JWT_VALIDATION).is_ok(); + if result { + JWT_CACHE.insert(key, true); + } + result +} + +fn hash_token(token: &str, secret: &str) -> u64 { + let mut hasher = AHasher::default(); + token.hash(&mut hasher); + secret.hash(&mut hasher); + hasher.finish() } diff --git a/src/utils/structs.rs b/src/utils/structs.rs index 161cdc2..2a82961 100644 --- a/src/utils/structs.rs +++ b/src/utils/structs.rs @@ -76,7 +76,7 @@ pub struct HostConfig { pub struct Auth { #[serde(rename = "type")] pub auth_type: String, - #[serde(rename = "creds")] + #[serde(rename = "data")] pub auth_cred: String, } #[derive(Debug, Default, Serialize, Deserialize)]