jsonrpc: verify jwt tokens
This commit is contained in:
parent
265302f4aa
commit
c0f3bdbb61
@ -10,4 +10,10 @@ type jwtPayload struct {
|
||||
Allow []string
|
||||
}
|
||||
|
||||
|
||||
func init() {
|
||||
p := jwtPayload{
|
||||
Allow: []string{"read", "write"},
|
||||
}
|
||||
r, _ := jwt.Sign(&p, secret)
|
||||
log.Infof("WRITE TOKEN: %s", string(r))
|
||||
}
|
||||
|
@ -1,12 +1,16 @@
|
||||
package jsonrpc
|
||||
|
||||
import (
|
||||
"context"
|
||||
"encoding/json"
|
||||
"io"
|
||||
"net/http"
|
||||
"strings"
|
||||
|
||||
"github.com/gbrlsnchs/jwt/v3"
|
||||
"github.com/gorilla/websocket"
|
||||
|
||||
"github.com/filecoin-project/go-lotus/api"
|
||||
)
|
||||
|
||||
const (
|
||||
@ -29,7 +33,7 @@ func NewServer() *RPCServer {
|
||||
|
||||
var upgrader = websocket.Upgrader{}
|
||||
|
||||
func (s *RPCServer) handleWS(w http.ResponseWriter, r *http.Request) {
|
||||
func (s *RPCServer) handleWS(ctx context.Context, w http.ResponseWriter, r *http.Request) {
|
||||
c, err := upgrader.Upgrade(w, r, nil)
|
||||
if err != nil {
|
||||
log.Error(err)
|
||||
@ -40,7 +44,7 @@ func (s *RPCServer) handleWS(w http.ResponseWriter, r *http.Request) {
|
||||
(&wsConn{
|
||||
conn: c,
|
||||
handler: s.methods,
|
||||
}).handleWsConn(r.Context())
|
||||
}).handleWsConn(ctx)
|
||||
|
||||
if err := c.Close(); err != nil {
|
||||
log.Error(err)
|
||||
@ -50,6 +54,8 @@ func (s *RPCServer) handleWS(w http.ResponseWriter, r *http.Request) {
|
||||
|
||||
// TODO: return errors to clients per spec
|
||||
func (s *RPCServer) ServeHTTP(w http.ResponseWriter, r *http.Request) {
|
||||
ctx := r.Context()
|
||||
|
||||
token := r.Header.Get("Authorization")
|
||||
if token != "" {
|
||||
if !strings.HasPrefix(token, "Bearer ") {
|
||||
@ -58,15 +64,21 @@ func (s *RPCServer) ServeHTTP(w http.ResponseWriter, r *http.Request) {
|
||||
}
|
||||
token = token[len("Bearer "):]
|
||||
|
||||
|
||||
}
|
||||
|
||||
if r.Header.Get("Connection") == "Upgrade" {
|
||||
s.handleWS(w, r)
|
||||
var payload jwtPayload
|
||||
if _, err := jwt.Verify([]byte(token), secret, &payload); err != nil {
|
||||
w.WriteHeader(401)
|
||||
return
|
||||
}
|
||||
|
||||
s.methods.handleReader(r.Context(), r.Body, w, rpcError)
|
||||
ctx = api.WithPerm(ctx, payload.Allow)
|
||||
}
|
||||
|
||||
if r.Header.Get("Connection") == "Upgrade" {
|
||||
s.handleWS(ctx, w, r)
|
||||
return
|
||||
}
|
||||
|
||||
s.methods.handleReader(ctx, r.Body, w, rpcError)
|
||||
}
|
||||
|
||||
func rpcError(wf func(func(io.Writer)), req *request, code int, err error) {
|
||||
|
Loading…
Reference in New Issue
Block a user