Skip to content

Commit a03ff64

Browse files
capcom6capcom6
committed
[jwt] secure token parsing
1 parent 7ae4f08 commit a03ff64

File tree

3 files changed

+27
-7
lines changed

3 files changed

+27
-7
lines changed

api/requests.http

Lines changed: 14 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -192,6 +192,20 @@ Content-Type: application/json
192192
}
193193
}
194194

195+
###
196+
POST {{baseUrl}}/3rdparty/v1/auth/token HTTP/1.1
197+
Authorization: Basic {{credentials}}
198+
Content-Type: application/json
199+
200+
{}
201+
202+
###
203+
POST {{baseUrl}}/3rdparty/v1/auth/token/revoke HTTP/1.1
204+
Authorization: Basic {{credentials}}
205+
Content-Type: application/json
206+
207+
{}
208+
195209
###
196210
GET http://localhost:3000/metrics HTTP/1.1
197211

internal/sms-gateway/handlers/3rdparty.go

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -74,13 +74,14 @@ func (h *thirdPartyHandler) Register(router fiber.Router) {
7474

7575
func newThirdPartyHandler(params ThirdPartyHandlerParams) *thirdPartyHandler {
7676
return &thirdPartyHandler{
77-
Handler: base.Handler{Logger: params.Logger.Named("ThirdPartyHandler"), Validator: params.Validator},
77+
Handler: base.Handler{Logger: params.Logger, Validator: params.Validator},
7878
healthHandler: params.HealthHandler,
7979
messagesHandler: params.MessagesHandler,
8080
webhooksHandler: params.WebhooksHandler,
8181
devicesHandler: params.DevicesHandler,
8282
settingsHandler: params.SettingsHandler,
8383
logsHandler: params.LogsHandler,
84+
authHandler: params.AuthHandler,
8485
authSvc: params.AuthSvc,
8586
}
8687
}

internal/sms-gateway/jwt/service.go

Lines changed: 11 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -80,12 +80,17 @@ func (s *service) GenerateToken(userID string, scopes []string, ttl time.Duratio
8080
}
8181

8282
func (s *service) ParseToken(ctx context.Context, token string) (*Claims, error) {
83-
parsedToken, err := jwt.ParseWithClaims(token, new(Claims), func(t *jwt.Token) (any, error) {
84-
if t.Method != jwt.SigningMethodHS256 {
85-
return nil, fmt.Errorf("%w: %v", ErrUnexpectedSigningMethod, t.Header["alg"])
86-
}
87-
return []byte(s.config.Secret), nil
88-
})
83+
parsedToken, err := jwt.ParseWithClaims(
84+
token,
85+
new(Claims),
86+
func(t *jwt.Token) (any, error) {
87+
return []byte(s.config.Secret), nil
88+
},
89+
jwt.WithExpirationRequired(),
90+
jwt.WithIssuedAt(),
91+
jwt.WithIssuer(s.config.Issuer),
92+
jwt.WithValidMethods([]string{jwt.SigningMethodHS256.Name}),
93+
)
8994
if err != nil {
9095
return nil, fmt.Errorf("failed to parse token: %w", err)
9196
}

0 commit comments

Comments
 (0)