|
|
|
@@ -13,11 +13,15 @@ import (
|
|
|
|
"git.t-juice.club/microfilm/auth"
|
|
|
|
"git.t-juice.club/microfilm/auth"
|
|
|
|
"github.com/golang-jwt/jwt/v5"
|
|
|
|
"github.com/golang-jwt/jwt/v5"
|
|
|
|
"go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp"
|
|
|
|
"go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp"
|
|
|
|
|
|
|
|
"go.opentelemetry.io/otel"
|
|
|
|
)
|
|
|
|
)
|
|
|
|
|
|
|
|
|
|
|
|
func VerifyToken(authURL string, permittedRoles []string) func(http.Handler) http.Handler {
|
|
|
|
func VerifyToken(authURL string, permittedRoles []string) func(http.Handler) http.Handler {
|
|
|
|
fn := func(next http.Handler) http.Handler {
|
|
|
|
fn := func(next http.Handler) http.Handler {
|
|
|
|
fn := func(w http.ResponseWriter, r *http.Request) {
|
|
|
|
fn := func(w http.ResponseWriter, r *http.Request) {
|
|
|
|
|
|
|
|
ctx, span := otel.GetTracerProvider().Tracer("").Start(r.Context(), "verify-token")
|
|
|
|
|
|
|
|
defer span.End()
|
|
|
|
|
|
|
|
|
|
|
|
authHeader := r.Header.Get("Authorization")
|
|
|
|
authHeader := r.Header.Get("Authorization")
|
|
|
|
if !strings.Contains(authHeader, "Bearer ") {
|
|
|
|
if !strings.Contains(authHeader, "Bearer ") {
|
|
|
|
// No token, pass if unathorized in permitted
|
|
|
|
// No token, pass if unathorized in permitted
|
|
|
|
@@ -40,7 +44,7 @@ func VerifyToken(authURL string, permittedRoles []string) func(http.Handler) htt
|
|
|
|
|
|
|
|
|
|
|
|
// Fetch current pubkey
|
|
|
|
// Fetch current pubkey
|
|
|
|
url := fmt.Sprintf("%s/key", authURL)
|
|
|
|
url := fmt.Sprintf("%s/key", authURL)
|
|
|
|
ctx, cancel := context.WithTimeout(r.Context(), 5*time.Second)
|
|
|
|
ctx, cancel := context.WithTimeout(ctx, 5*time.Second)
|
|
|
|
defer cancel()
|
|
|
|
defer cancel()
|
|
|
|
|
|
|
|
|
|
|
|
req, err := http.NewRequestWithContext(ctx, http.MethodGet, url, nil)
|
|
|
|
req, err := http.NewRequestWithContext(ctx, http.MethodGet, url, nil)
|
|
|
|
|
