diff options
| -rw-r--r-- | cmd/rpserver/main.go | 20 | ||||
| -rw-r--r-- | go.mod | 5 | ||||
| -rw-r--r-- | go.sum | 4 | ||||
| -rw-r--r-- | internal/auth/auth.go | 31 | ||||
| -rw-r--r-- | internal/auth/gen.go | 19 | ||||
| -rw-r--r-- | internal/cmd/root.go | 7 |
6 files changed, 60 insertions, 26 deletions
diff --git a/cmd/rpserver/main.go b/cmd/rpserver/main.go index 9d1c5a5..408fe78 100644 --- a/cmd/rpserver/main.go +++ b/cmd/rpserver/main.go @@ -1 +1,21 @@ package rpserver + +import ( + "log" + "os" + + "github.com/Wacky404/rpserver/internal/cmd" + "github.com/joho/godotenv" +) + +func init() { + godotenv.Load() +} + +func main() { + if os.Getenv("JWT_SECRET") == "" { + log.Println("a critical env var is not set!") + os.Exit(1) + } + cmd.ExecuteServer() +} @@ -1,3 +1,8 @@ module github.com/Wacky404/rpserver go 1.24.0 + +require ( + github.com/golang-jwt/jwt/v5 v5.2.1 + github.com/joho/godotenv v1.5.1 +) @@ -0,0 +1,4 @@ +github.com/golang-jwt/jwt/v5 v5.2.1 h1:OuVbFODueb089Lh128TAcimifWaLhJwVflnrgM17wHk= +github.com/golang-jwt/jwt/v5 v5.2.1/go.mod h1:pqrtFR0X4osieyHYxtmOUWsAWrfe1Q5UVIyoH402zdk= +github.com/joho/godotenv v1.5.1 h1:7eLL/+HRGLY0ldzfGMeQkb7vMd0as4CfYvUVzLqw0N0= +github.com/joho/godotenv v1.5.1/go.mod h1:f4LDr5Voq0i2e/R5DDNOoa2zzDfwtkZa6DnEwAbqwq4= diff --git a/internal/auth/auth.go b/internal/auth/auth.go index fdf9cd7..2826a47 100644 --- a/internal/auth/auth.go +++ b/internal/auth/auth.go @@ -1,27 +1,44 @@ package auth import ( + "fmt" "net/http" "os" "strings" "github.com/golang-jwt/jwt/v5" + "github.com/joho/godotenv" ) -var jwtSecret = []byte(os.Getenv("JWT_SECRET")) +func init() { + godotenv.Load() +} + +var ( + jwtsecret = []byte(os.Getenv("JWT_SECRET")) + algo = string(os.Getenv("JWT_ALGO")) +) -func validateJWT(tokenString string) (bool, error) { +func validateJWT(tokenString string, expectedAlg string) (bool, error) { token, err := jwt.Parse(tokenString, func(token *jwt.Token) (interface{}, error) { - return jwtSecret, nil + if _, ok := token.Method.(*jwt.SigningMethodHMAC); !ok { + return nil, fmt.Errorf("invalid token: %v", token.Header["alg"]) + } + if token.Header["alg"] != expectedAlg { + return nil, fmt.Errorf("incorrect alg: %v", token.Header["alg"]) + } + return jwtsecret, nil }) if err != nil || !token.Valid { return false, err } - - return true, nil + if _, ok := token.Claims.(jwt.MapClaims); ok && token.Valid { + return true, nil + } + return false, fmt.Errorf("invalid token") } -func AuthRequest(r *http.Request) bool { +func Verifyrequest(r *http.Request) bool { authHeader := r.Header.Get("Authorization") if authHeader == "" { return false @@ -34,6 +51,6 @@ func AuthRequest(r *http.Request) bool { } token := authSplit[1] - isValid, _ := validateJWT(token) + isValid, _ := validateJWT(token, algo) return isValid } diff --git a/internal/auth/gen.go b/internal/auth/gen.go deleted file mode 100644 index dd354c8..0000000 --- a/internal/auth/gen.go +++ /dev/null @@ -1,19 +0,0 @@ -package auth - -import ( - "fmt" - "time" - "os" - "github.com/goland-jwt/jwt/v5" -) - -var jwtkey = []byte(os.Getenv("JWT_KEY")) - -func GenerateJWT() (string, error) { - token := jwt.NewWithClaims(jwt.SigningMethodHS256, jwt.MapClaims{ - "user": "testuser", - "exp": time.Now().Add(time.Hour * 1).Unix(), // set it to expire after one hour - }) - - return token.SignedString(jwtSecret) -} diff --git a/internal/cmd/root.go b/internal/cmd/root.go index db0c87a..af7d694 100644 --- a/internal/cmd/root.go +++ b/internal/cmd/root.go @@ -7,6 +7,8 @@ import ( "net/http/httputil" "net/url" "time" + + "github.com/Wacky404/rpserver/internal/auth" ) func ExecuteServer() { @@ -17,6 +19,11 @@ func ExecuteServer() { } func handleProxy(w http.ResponseWriter, r *http.Request) { + if !auth.Verifyrequest(r) { + http.Error(w, "Unauthorized", http.StatusUnauthorized) + return + } + backendURL, err := getBackendURL(r) if err != nil { http.Error(w, "Backend URL not provided", http.StatusBadRequest) |