cerc-io/lotus
16
0
Fork 0
Code Issues Pull Requests Packages Projects Releases 27 Wiki Activity

jsonrpc: verify jwt tokens

Browse Source
This commit is contained in:
Łukasz Magiera 2019-07-18 19:41:19 +02:00
parent 265302f4aa
commit c0f3bdbb61
2 changed files with 23 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
lib/jsonrpc/auth.go
View File

@ -10,4 +10,10 @@ type jwtPayload struct {
Allow []string Allow []string
} }
func init() {
p := jwtPayload{
Allow: []string{"read", "write"},
}
r, _ := jwt.Sign(&p, secret)
log.Infof("WRITE TOKEN: %s", string(r))
}

28
lib/jsonrpc/server.go
View File

@ -1,12 +1,16 @@
package jsonrpc package jsonrpc
import ( import (
"context"
"encoding/json" "encoding/json"
"io" "io"
"net/http" "net/http"
"strings" "strings"
"github.com/gbrlsnchs/jwt/v3"
"github.com/gorilla/websocket" "github.com/gorilla/websocket"
"github.com/filecoin-project/go-lotus/api"
) )
const ( const (
@ -29,7 +33,7 @@ func NewServer() *RPCServer {
var upgrader = websocket.Upgrader{} var upgrader = websocket.Upgrader{}
func (s *RPCServer) handleWS(w http.ResponseWriter, r *http.Request) { func (s *RPCServer) handleWS(ctx context.Context, w http.ResponseWriter, r *http.Request) {
c, err := upgrader.Upgrade(w, r, nil) c, err := upgrader.Upgrade(w, r, nil)
if err != nil { if err != nil {
log.Error(err) log.Error(err)
@ -40,7 +44,7 @@ func (s *RPCServer) handleWS(w http.ResponseWriter, r *http.Request) {
(&wsConn{ (&wsConn{
conn: c, conn: c,
handler: s.methods, handler: s.methods,
}).handleWsConn(r.Context()) }).handleWsConn(ctx)
if err := c.Close(); err != nil { if err := c.Close(); err != nil {
log.Error(err) log.Error(err)
@ -50,6 +54,8 @@ func (s *RPCServer) handleWS(w http.ResponseWriter, r *http.Request) {
// TODO: return errors to clients per spec // TODO: return errors to clients per spec
func (s *RPCServer) ServeHTTP(w http.ResponseWriter, r *http.Request) { func (s *RPCServer) ServeHTTP(w http.ResponseWriter, r *http.Request) {
ctx := r.Context()
token := r.Header.Get("Authorization") token := r.Header.Get("Authorization")
if token != "" { if token != "" {
if !strings.HasPrefix(token, "Bearer ") { if !strings.HasPrefix(token, "Bearer ") {
@ -58,15 +64,21 @@ func (s *RPCServer) ServeHTTP(w http.ResponseWriter, r *http.Request) {
} }
token = token[len("Bearer "):] token = token[len("Bearer "):]
var payload jwtPayload
} if _, err := jwt.Verify([]byte(token), secret, &payload); err != nil {
w.WriteHeader(401)
if r.Header.Get("Connection") == "Upgrade" {
s.handleWS(w, r)
return return
} }
s.methods.handleReader(r.Context(), r.Body, w, rpcError) ctx = api.WithPerm(ctx, payload.Allow)
}
if r.Header.Get("Connection") == "Upgrade" {
s.handleWS(ctx, w, r)
return
}
s.methods.handleReader(ctx, r.Body, w, rpcError)
} }
func rpcError(wf func(func(io.Writer)), req *request, code int, err error) { func rpcError(wf func(func(io.Writer)), req *request, code int, err error) {