From efa68f55be2ea33db0048bd6237cb274d20892a5 Mon Sep 17 00:00:00 2001 From: Jason Chu Date: Fri, 6 Sep 2024 23:47:51 -0400 Subject: [PATCH] idk some bad code --- cmd/mini-server/main.go | 51 +++++++++++++++++++++++++++++++++++++++++ token.go | 36 +++++++++++++++++++++++++++-- 2 files changed, 85 insertions(+), 2 deletions(-) diff --git a/cmd/mini-server/main.go b/cmd/mini-server/main.go index e9e3c9b..ab8b07c 100644 --- a/cmd/mini-server/main.go +++ b/cmd/mini-server/main.go @@ -190,6 +190,57 @@ func main() { }{tmpauth.MinValidationTime().UnixMilli()}) }) + http.HandleFunc("/header-evaluate", func(w http.ResponseWriter, r *http.Request) { + w.Header().Set("Content-Type", "text/plain") + + var headerOption tmpauth.HeaderOption + err := json.NewDecoder(r.Body).Decode(&headerOption) + if err != nil { + log.Println("error decoding header option:", err) + http.Error(w, err.Error(), http.StatusBadRequest) + return + } + + configID := r.Header.Get(tmpauth.ConfigIDHeader) + if configID == "" { + log.Println("missing config ID") + http.Error(w, "missing config ID", http.StatusBadRequest) + return + } + + token := r.Header.Get(tmpauth.TokenHeader) + if token == "" { + log.Println("missing tmpauth token") + http.Error(w, "missing tmpauth token", http.StatusBadRequest) + return + } + + ta, ok := tmpauthInstances[configID] + if !ok { + log.Println("invalid config ID:", configID) + http.Error(w, "invalid config ID", http.StatusPreconditionFailed) + return + } + + cachedToken, err := ta.ParseWrappedAuthJWT(token) + if err != nil { + log.Println("error parsing token:", err) + http.Error(w, err.Error(), http.StatusBadRequest) + return + } + + result, err := headerOption.Evaluate(cachedToken.UserDescriptor) + if err != nil { + log.Println("error evaluating header:", err) + http.Error(w, err.Error(), http.StatusInternalServerError) + return + } + + w.WriteHeader(http.StatusOK) + w.Write([]byte(result)) + return + }) + http.HandleFunc("/tmpauth/whomst", func(w http.ResponseWriter, r *http.Request) { configID := r.Header.Get(tmpauth.ConfigIDHeader) if configID == "" { diff --git a/token.go b/token.go index c78d897..6ccee7e 100644 --- a/token.go +++ b/token.go @@ -1,12 +1,14 @@ package tmpauth import ( + "bytes" "crypto/sha256" "encoding/base64" "encoding/hex" "encoding/json" "errors" "fmt" + "io" "math/rand" "net/http" "net/url" @@ -288,8 +290,38 @@ func (t *Tmpauth) SetHeaders(token *CachedToken, headers http.Header) error { headers.Set(headerName, val) } else { if t.miniServerHost != "" { - return errors.New("tmpauth: cannot set headers when using mini server " + - "endpoint, mini server has a bad implementation") + headerConfig, err := json.Marshal(headerOption) + if err != nil { + return fmt.Errorf("tmpauth: failed to marshal header option: %w", err) + } + + req, err := http.NewRequest(http.MethodGet, t.miniServerHost+"/header-evaluate", + bytes.NewReader(headerConfig)) + if err != nil { + return fmt.Errorf("tmpauth: invalid mini server request: %w", err) + } + + req.Header.Set(ConfigIDHeader, t.miniConfigID) + req.Header.Set(TokenHeader, token.RawToken) + + req.Header.Set("Content-Type", "application/jwt") + resp, err := t.miniClient(req, 0) + if err != nil { + return fmt.Errorf("tmpauth: mini request failed: %w", err) + } + + body, err := io.ReadAll(resp.Body) + if err != nil { + return fmt.Errorf("tmpauth: read all failed: %w", err) + } + + if resp.StatusCode != http.StatusOK { + return fmt.Errorf("tmpauth: mini server returned %v: %v", resp.Status, string(body)) + } + + headers.Set(headerName, string(body)) + headersToCache = append(headersToCache, [2]string{headerOption.Format, string(body)}) + return nil } value, err := headerOption.Evaluate(token.UserDescriptor)