From 5b6ed074bfb9c99d24d17dd9ba720d69fadf91b1 Mon Sep 17 00:00:00 2001 From: mo khan Date: Wed, 28 May 2025 12:34:58 -0600 Subject: refactor: delete jwt verification code --- app/init.go | 22 ---------------------- app/middleware/from_cookie.go | 15 --------------- app/middleware/from_custom_header.go | 9 --------- app/middleware/init.go | 2 +- app/middleware/raw_token.go | 7 ------- app/middleware/token_parser.go | 3 --- app/middleware/user.go | 23 +++++++++++++++-------- app/middleware/user_parser.go | 16 ---------------- app/middleware/user_parser_test.go | 36 ------------------------------------ app/middleware/user_test.go | 2 ++ 10 files changed, 18 insertions(+), 117 deletions(-) delete mode 100644 app/middleware/from_cookie.go delete mode 100644 app/middleware/from_custom_header.go delete mode 100644 app/middleware/raw_token.go delete mode 100644 app/middleware/token_parser.go delete mode 100644 app/middleware/user_parser.go delete mode 100644 app/middleware/user_parser_test.go (limited to 'app') diff --git a/app/init.go b/app/init.go index 935c962..5057fe4 100644 --- a/app/init.go +++ b/app/init.go @@ -1,24 +1,20 @@ package app import ( - "context" "net/http" "os" - "github.com/coreos/go-oidc/v3/oidc" "github.com/rs/zerolog" "github.com/xlgmokha/x/pkg/env" "github.com/xlgmokha/x/pkg/ioc" "github.com/xlgmokha/x/pkg/log" "github.com/xlgmokha/x/pkg/mapper" "gitlab.com/gitlab-org/software-supply-chain-security/authorization/authzd.git/pkg/rpc" - "gitlab.com/gitlab-org/software-supply-chain-security/authorization/sparkled/app/cfg" "gitlab.com/gitlab-org/software-supply-chain-security/authorization/sparkled/app/controllers/dashboard" "gitlab.com/gitlab-org/software-supply-chain-security/authorization/sparkled/app/controllers/sparkles" "gitlab.com/gitlab-org/software-supply-chain-security/authorization/sparkled/app/db" "gitlab.com/gitlab-org/software-supply-chain-security/authorization/sparkled/app/domain" "gitlab.com/gitlab-org/software-supply-chain-security/authorization/sparkled/pkg/web" - "golang.org/x/oauth2" ) func init() { @@ -28,9 +24,6 @@ func init() { ioc.RegisterSingleton[domain.Repository[*domain.Sparkle]](ioc.Default, func() domain.Repository[*domain.Sparkle] { return db.NewRepository[*domain.Sparkle]() }) - ioc.RegisterSingleton[domain.Repository[*domain.User]](ioc.Default, func() domain.Repository[*domain.User] { - return db.NewRepository[*domain.User]() - }) ioc.RegisterSingleton[*http.ServeMux](ioc.Default, func() *http.ServeMux { return http.NewServeMux() }) @@ -47,21 +40,6 @@ func init() { }, } }) - ioc.RegisterSingleton[*oidc.Provider](ioc.Default, func() *oidc.Provider { - ctx := context.WithValue( - context.Background(), - oauth2.HTTPClient, - ioc.MustResolve[*http.Client](ioc.Default), - ) - return web.NewOIDCProvider(ctx, cfg.OIDCIssuer, func(err error) { - ioc.MustResolve[*zerolog.Logger](ioc.Default).Err(err).Send() - }) - }) - ioc.Register[*oidc.Config](ioc.Default, func() *oidc.Config { - return &oidc.Config{ - ClientID: cfg.OAuthClientID, - } - }) ioc.Register[rpc.Ability](ioc.Default, func() rpc.Ability { return rpc.NewAbilityProtobufClient( env.Fetch("AUTHZD_HOST", ""), diff --git a/app/middleware/from_cookie.go b/app/middleware/from_cookie.go deleted file mode 100644 index 316d6e4..0000000 --- a/app/middleware/from_cookie.go +++ /dev/null @@ -1,15 +0,0 @@ -package middleware - -import "net/http" - -func FromCookie(name string) TokenParser { - return func(r *http.Request) RawToken { - cookies := r.CookiesNamed(name) - - if len(cookies) != 1 { - return "" - } - - return RawToken(cookies[0].Value) - } -} diff --git a/app/middleware/from_custom_header.go b/app/middleware/from_custom_header.go deleted file mode 100644 index f385911..0000000 --- a/app/middleware/from_custom_header.go +++ /dev/null @@ -1,9 +0,0 @@ -package middleware - -import "net/http" - -func FromCustomHeader(name string) TokenParser { - return func(r *http.Request) RawToken { - return RawToken(r.Header.Get(name)) - } -} diff --git a/app/middleware/init.go b/app/middleware/init.go index 5bf84f6..23c524d 100644 --- a/app/middleware/init.go +++ b/app/middleware/init.go @@ -13,7 +13,7 @@ func init() { subject := h.Get("x-jwt-claim-sub") if x.IsPresent(subject) { return &domain.User{ - ID: domain.ID(subject), + ID: domain.ID(h.Get("x-jwt-claim-sub")), Username: h.Get("x-jwt-claim-username"), ProfileURL: h.Get("x-jwt-claim-profile-url"), Picture: h.Get("x-jwt-claim-picture-url"), diff --git a/app/middleware/raw_token.go b/app/middleware/raw_token.go deleted file mode 100644 index f7aa264..0000000 --- a/app/middleware/raw_token.go +++ /dev/null @@ -1,7 +0,0 @@ -package middleware - -type RawToken string - -func (r RawToken) String() string { - return string(r) -} diff --git a/app/middleware/token_parser.go b/app/middleware/token_parser.go deleted file mode 100644 index 1a92760..0000000 --- a/app/middleware/token_parser.go +++ /dev/null @@ -1,3 +0,0 @@ -package middleware - -type TokenParser RequestParser[RawToken] diff --git a/app/middleware/user.go b/app/middleware/user.go index 90bf6aa..2b2dd17 100644 --- a/app/middleware/user.go +++ b/app/middleware/user.go @@ -3,20 +3,27 @@ package middleware import ( "net/http" - "github.com/xlgmokha/x/pkg/x" + "github.com/xlgmokha/x/pkg/log" + "github.com/xlgmokha/x/pkg/mapper" "gitlab.com/gitlab-org/software-supply-chain-security/authorization/sparkled/app/cfg" + "gitlab.com/gitlab-org/software-supply-chain-security/authorization/sparkled/app/domain" ) func User() func(http.Handler) http.Handler { - parser := UserParser() return func(next http.Handler) http.Handler { return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { - user := parser(r) - if x.IsPresent(user) { - next.ServeHTTP(w, r.WithContext(cfg.CurrentUser.With(r.Context(), user))) - } else { - next.ServeHTTP(w, r) - } + log.WithFields(r.Context(), log.Fields{ + "payload": r.Header.Get("x-jwt-payload"), + "photo": r.Header.Get("x-jwt-claim-picture-url"), + "profile": r.Header.Get("x-jwt-claim-profile-url"), + "sub": r.Header.Get("x-jwt-claim-sub"), + "username": r.Header.Get("x-jwt-claim-username"), + }) + + next.ServeHTTP(w, r.WithContext(cfg.CurrentUser.With( + r.Context(), + mapper.MapFrom[http.Header, *domain.User](r.Header), + ))) }) } } diff --git a/app/middleware/user_parser.go b/app/middleware/user_parser.go deleted file mode 100644 index dfa0cce..0000000 --- a/app/middleware/user_parser.go +++ /dev/null @@ -1,16 +0,0 @@ -package middleware - -import ( - "net/http" - - "github.com/xlgmokha/x/pkg/log" - "github.com/xlgmokha/x/pkg/mapper" - "gitlab.com/gitlab-org/software-supply-chain-security/authorization/sparkled/app/domain" -) - -func UserParser() RequestParser[*domain.User] { - return func(r *http.Request) *domain.User { - log.WithFields(r.Context(), log.Fields{"header": r.Header}) - return mapper.MapFrom[http.Header, *domain.User](r.Header) - } -} diff --git a/app/middleware/user_parser_test.go b/app/middleware/user_parser_test.go deleted file mode 100644 index 2127a10..0000000 --- a/app/middleware/user_parser_test.go +++ /dev/null @@ -1,36 +0,0 @@ -package middleware - -import ( - "testing" - - "github.com/stretchr/testify/assert" - "github.com/stretchr/testify/require" - "github.com/xlgmokha/x/pkg/test" - "gitlab.com/gitlab-org/software-supply-chain-security/authorization/sparkled/app/domain" -) - -func TestUserParser(t *testing.T) { - parser := UserParser() - - t.Run("when x-jwt-claim-* headers are not provided", func(t *testing.T) { - t.Run("forwards the request without a current user attached to the request", func(t *testing.T) { - assert.Nil(t, parser(test.Request("GET", "/"))) - }) - }) - - t.Run("when x-jwt-claim-* headers are provided", func(t *testing.T) { - r := test.Request("GET", "/", - test.WithRequestHeader("x-jwt-claim-sub", "1"), - test.WithRequestHeader("x-jwt-claim-username", "root"), - test.WithRequestHeader("x-jwt-claim-profile-url", "https://gitlab.com/tanuki"), - test.WithRequestHeader("x-jwt-claim-picture-url", "https://example.com/profile.png"), - ) - - result := parser(r) - require.NotNil(t, result) - assert.Equal(t, domain.ID("1"), result.ID) - assert.Equal(t, "root", result.Username) - assert.Equal(t, "https://gitlab.com/tanuki", result.ProfileURL) - assert.Equal(t, "https://example.com/profile.png", result.Picture) - }) -} diff --git a/app/middleware/user_test.go b/app/middleware/user_test.go index c5fa7ed..66ca121 100644 --- a/app/middleware/user_test.go +++ b/app/middleware/user_test.go @@ -29,6 +29,8 @@ func TestUser(t *testing.T) { t.Run("when x-jwt-claim-* headers are provided", func(t *testing.T) { server := middleware(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { + require.True(t, IsLoggedIn(r)) + user := cfg.CurrentUser.From(r.Context()) require.NotNil(t, user) -- cgit v1.2.3