completed implementation of #17

Cargo.toml

@@ -44,3 +44,5 @@ privdrop = "0.5.6"
 ctrlc = "3.5.2"
 serde_json = "1.0.149"
 subtle = "2.6.1"
+moka = { version = "0.12.1", features = ["sync"] }
+ahash = "0.8.12"

src/utils/auth.rs

@@ -31,10 +31,10 @@ pub static AUTH_CONNECTOR: LazyLock<Connector> = LazyLock::new(|| Connector::new
 #[async_trait::async_trait]
 impl AuthValidator for ForwardAuth<'_> {
     async fn validate(&self, session: &mut Session) -> bool {
-        // let method = match session.req_header().method.as_str() {
-        //     "HEAD" => "HEAD",
-        //     _ => "GET",
-        // };
+        let method = match session.req_header().method.as_str() {
+            "HEAD" => "HEAD",
+            _ => "GET",
+        };
 
         let auth_url = self.0;
 
@@ -67,7 +67,7 @@ impl AuthValidator for ForwardAuth<'_> {
             }
         };
 
-        let mut auth_req = match RequestHeader::build("GET", uri.as_bytes(), None) {
+        let mut auth_req = match RequestHeader::build(method, uri.as_bytes(), None) {
             Ok(r) => r,
             Err(e) => {
                 log::warn!("ForwardAuth: failed to build request: {}", e);
@@ -75,7 +75,6 @@ impl AuthValidator for ForwardAuth<'_> {
             }
         };
 
-        // Filter headers ????
         // auth_req.headers = session.req_header().headers.clone();
         auth_req.insert_header("Host", addr).ok();
         auth_req.insert_header("X-Forwarded-Uri", uri).ok();
@@ -147,7 +146,6 @@ impl AuthValidator for ForwardAuth<'_> {
         } else {
             false
         }
-        // (200..300).contains(&status)
     }
 }
 

src/utils/jwt.rs

@@ -1,16 +1,42 @@
+use ahash::AHasher;
 use jsonwebtoken::{decode, Algorithm, DecodingKey, Validation};
+use moka::sync::Cache;
 use serde::{Deserialize, Serialize};
+use std::hash::{Hash, Hasher};
+use std::sync::LazyLock;
 
 #[derive(Debug, Serialize, Deserialize)]
 pub(crate) struct Claims {
     pub(crate) user: String,
     pub(crate) exp: u64,
 }
+
+static JWT_CACHE: LazyLock<Cache<u64, bool>> = LazyLock::new(|| Cache::builder().max_capacity(100_000).time_to_live(std::time::Duration::from_secs(60)).build());
+static JWT_VALIDATION: LazyLock<Validation> = LazyLock::new(|| Validation::new(Algorithm::HS256));
+
+/*
 pub fn check_jwt(input: &str, secret: &str) -> bool {
     let validation = Validation::new(Algorithm::HS256);
     let token_data = decode::<Claims>(&input, &DecodingKey::from_secret(secret.as_ref()), &validation);
-    match token_data {
-        Ok(_) => true,
-        Err(_) => false,
-    }
+    token_data.is_ok()
+}
+*/
+
+pub fn check_jwt(token: &str, secret: &str) -> bool {
+    let key = hash_token(token, secret);
+    if let Some(v) = JWT_CACHE.get(&key) {
+        return v;
+    }
+    let result = decode::<Claims>(token, &DecodingKey::from_secret(secret.as_ref()), &JWT_VALIDATION).is_ok();
+    if result {
+        JWT_CACHE.insert(key, true);
+    }
+    result
+}
+
+fn hash_token(token: &str, secret: &str) -> u64 {
+    let mut hasher = AHasher::default();
+    token.hash(&mut hasher);
+    secret.hash(&mut hasher);
+    hasher.finish()
 }

src/utils/structs.rs

@@ -76,7 +76,7 @@ pub struct HostConfig {
 pub struct Auth {
     #[serde(rename = "type")]
     pub auth_type: String,
-    #[serde(rename = "creds")]
+    #[serde(rename = "data")]
     pub auth_cred: String,
 }
 #[derive(Debug, Default, Serialize, Deserialize)]