Cutlery/Kyoo
1
0
Fork 0
mirror of https://github.com/zoriya/Kyoo.git synced 2025-05-24 02:02:36 -04:00
Code Issues Packages Projects Releases Wiki Activity

Add kid in jwks & jwts

Browse Source
This commit is contained in:
Zoe Roux 2025-05-11 03:37:13 +02:00
parent d4e5afd514
commit 2ce696a07b
No known key found for this signature in database
2 changed files with 22 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
auth/config.go
View File

@ -2,9 +2,11 @@ package main
import ( import (
"context" "context"
"crypto"
"crypto/rand" "crypto/rand"
"crypto/rsa" "crypto/rsa"
"crypto/x509" "crypto/x509"
"encoding/base64"
"encoding/json" "encoding/json"
"encoding/pem" "encoding/pem"
"fmt" "fmt"
@ -15,6 +17,7 @@ import (
"github.com/golang-jwt/jwt/v5" "github.com/golang-jwt/jwt/v5"
"github.com/google/uuid" "github.com/google/uuid"
"github.com/lestrrat-go/jwx/v3/jwk"
"github.com/zoriya/kyoo/keibi/dbc" "github.com/zoriya/kyoo/keibi/dbc"
) )
@ -22,6 +25,7 @@ type Configuration struct {
Prefix string Prefix string
JwtPrivateKey *rsa.PrivateKey JwtPrivateKey *rsa.PrivateKey
JwtPublicKey *rsa.PublicKey JwtPublicKey *rsa.PublicKey
JwtKid string
PublicUrl string PublicUrl string
DefaultClaims jwt.MapClaims DefaultClaims jwt.MapClaims
FirstUserClaims jwt.MapClaims FirstUserClaims jwt.MapClaims
@ -100,8 +104,17 @@ func LoadConfiguration(db *dbc.Queries) (*Configuration, error) {
if err != nil { if err != nil {
return nil, err return nil, err
} }
ret.JwtPublicKey = &ret.JwtPrivateKey.PublicKey
} }
ret.JwtPublicKey = &ret.JwtPrivateKey.PublicKey
key, err := jwk.Import(ret.JwtPublicKey)
if err != nil {
return nil, err
}
thumbprint, err := key.Thumbprint(crypto.SHA256)
if err != nil {
return nil, err
}
ret.JwtKid = base64.RawStdEncoding.EncodeToString(thumbprint)
for _, env := range os.Environ() { for _, env := range os.Environ() {
if !strings.HasPrefix(env, "KEIBI_APIKEY_") { if !strings.HasPrefix(env, "KEIBI_APIKEY_") {

3
auth/jwt.go
View File

@ -79,6 +79,7 @@ func (h *Handler) createGuestJwt() *string {
Time: time.Now().UTC().Add(time.Hour), Time: time.Now().UTC().Add(time.Hour),
} }
jwt := jwt.NewWithClaims(jwt.SigningMethodRS256, claims) jwt := jwt.NewWithClaims(jwt.SigningMethodRS256, claims)
jwt.Header["kid"] = h.config.JwtKid
t, err := jwt.SignedString(h.config.JwtPrivateKey) t, err := jwt.SignedString(h.config.JwtPrivateKey)
if err != nil { if err != nil {
return nil return nil
@ -112,6 +113,7 @@ func (h *Handler) createJwt(token string) (string, error) {
Time: time.Now().UTC().Add(time.Hour), Time: time.Now().UTC().Add(time.Hour),
} }
jwt := jwt.NewWithClaims(jwt.SigningMethodRS256, claims) jwt := jwt.NewWithClaims(jwt.SigningMethodRS256, claims)
jwt.Header["kid"] = h.config.JwtKid
t, err := jwt.SignedString(h.config.JwtPrivateKey) t, err := jwt.SignedString(h.config.JwtPrivateKey)
if err != nil { if err != nil {
return "", err return "", err
@ -144,6 +146,7 @@ func (h *Handler) GetJwks(c echo.Context) error {
key.Set("use", "sig") key.Set("use", "sig")
key.Set("key_ops", "verify") key.Set("key_ops", "verify")
key.Set("kid", h.config.JwtKid)
set := jwk.NewSet() set := jwk.NewSet()
set.AddKey(key) set.AddKey(key)
return c.JSON(200, set) return c.JSON(200, set)