mirror of
https://github.com/zoriya/Kyoo.git
synced 2025-07-31 14:33:50 -04:00
Add jwt check with jwks in transcoder
This commit is contained in:
Zoe Roux
parent
460e4596f7
commit
ec204d04e1
@ -1,8 +1,6 @@
|
|||||||
# vi: ft=sh
|
# vi: ft=sh
|
||||||
# shellcheck disable=SC2034
|
# shellcheck disable=SC2034
|
||||||
|
|
||||||
# used to verify who's making the jwt
|
|
||||||
JWT_ISSUER=$PUBLIC_URL
|
|
||||||
# keibi's server to retrieve the public jwt secret
|
# keibi's server to retrieve the public jwt secret
|
||||||
JWKS_URL=http://auth:4568/.well-known/jwks.json
|
JWKS_URL=http://auth:4568/.well-known/jwks.json
|
||||||
|
|
||||||
|
|||||||
@ -2,6 +2,7 @@ package main
|
|||||||
|
|
||||||
import (
|
import (
|
||||||
"context"
|
"context"
|
||||||
|
"errors"
|
||||||
"fmt"
|
"fmt"
|
||||||
"net/http"
|
"net/http"
|
||||||
|
|
||||||
@ -88,16 +89,25 @@ func main() {
|
|||||||
g := e.Group("/video")
|
g := e.Group("/video")
|
||||||
g.Use(echojwt.WithConfig(echojwt.Config{
|
g.Use(echojwt.WithConfig(echojwt.Config{
|
||||||
KeyFunc: func(token *jwt.Token) (any, error) {
|
KeyFunc: func(token *jwt.Token) (any, error) {
|
||||||
return jwks.CachedSet(src.Settings.JwksUrl)
|
keys, err := jwks.CachedSet(src.Settings.JwksUrl)
|
||||||
// kid, ok := token.Header["kid"]
|
if err != nil {
|
||||||
// if !ok {
|
return nil, err
|
||||||
// return nil, errors.New("missing kid in jwt")
|
}
|
||||||
// }
|
kid, ok := token.Header["kid"].(string)
|
||||||
// keys, err := jwks.CachedSet(src.Settings.JwksUrl)
|
if !ok {
|
||||||
// if err != nil {
|
return nil, errors.New("missing kid in jwt")
|
||||||
// return nil, err
|
}
|
||||||
// }
|
key, found := keys.LookupKeyID(kid)
|
||||||
// return keys.LookupKeyID(kid.(string))
|
if !found {
|
||||||
|
return nil, fmt.Errorf("unable to find key %q", kid)
|
||||||
|
}
|
||||||
|
|
||||||
|
var pubkey interface{}
|
||||||
|
if err := jwk.Export(key, &pubkey); err != nil {
|
||||||
|
return nil, fmt.Errorf("Unable to get the public key. Error: %s", err.Error())
|
||||||
|
}
|
||||||
|
|
||||||
|
return pubkey, nil
|
||||||
},
|
},
|
||||||
}))
|
}))
|
||||||
|
|
||||||
|
|||||||
@ -14,11 +14,10 @@ func GetEnvOr(env string, def string) string {
|
|||||||
}
|
}
|
||||||
|
|
||||||
type SettingsT struct {
|
type SettingsT struct {
|
||||||
Outpath string
|
Outpath string
|
||||||
SafePath string
|
SafePath string
|
||||||
JwksUrl string
|
JwksUrl string
|
||||||
JwtIssuer string
|
HwAccel HwAccelT
|
||||||
HwAccel HwAccelT
|
|
||||||
}
|
}
|
||||||
|
|
||||||
type HwAccelT struct {
|
type HwAccelT struct {
|
||||||
@ -31,9 +30,8 @@ type HwAccelT struct {
|
|||||||
|
|
||||||
var Settings = SettingsT{
|
var Settings = SettingsT{
|
||||||
// we manually add a folder to make sure we do not delete user data.
|
// we manually add a folder to make sure we do not delete user data.
|
||||||
Outpath: path.Join(GetEnvOr("GOCODER_CACHE_ROOT", "/cache"), "kyoo_cache"),
|
Outpath: path.Join(GetEnvOr("GOCODER_CACHE_ROOT", "/cache"), "kyoo_cache"),
|
||||||
SafePath: GetEnvOr("GOCODER_SAFE_PATH", "/video"),
|
SafePath: GetEnvOr("GOCODER_SAFE_PATH", "/video"),
|
||||||
JwksUrl: GetEnvOr("JWKS_URL", "http://auth:4568/.well-known/jwks.json"),
|
JwksUrl: GetEnvOr("JWKS_URL", "http://auth:4568/.well-known/jwks.json"),
|
||||||
JwtIssuer: GetEnvOr("JWT_ISSUER", "http://localhost:8901"),
|
HwAccel: DetectHardwareAccel(),
|
||||||
HwAccel: DetectHardwareAccel(),
|
|
||||||
}
|
}
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user