Support denying a JWT JTI via the API

2020-11-03 21:01:50 -08:00 · 2020-11-03 21:01:50 -08:00 · 08d1efb475
commit 08d1efb475
parent 65664b63e7
2 changed files with 19 additions and 0 deletions
--- a/router/router.go
+++ b/router/router.go
@ -70,6 +70,7 @@ func Configure() *gin.Engine {
 		server.POST("/commands", postServerCommands)
 		server.POST("/install", postServerInstall)
 		server.POST("/reinstall", postServerReinstall)
+		server.POST("/ws/deny", postServerDenyWSTokens)

 		// This archive request causes the archive to start being created
 		// this should only be triggered by the panel.
--- a/router/router_server.go
+++ b/router/router_server.go
@ -6,6 +6,7 @@ import (
 	"github.com/apex/log"
 	"github.com/gin-gonic/gin"
 	"github.com/pkg/errors"
+	"github.com/pterodactyl/wings/router/tokens"
 	"github.com/pterodactyl/wings/server"
 	"net/http"
 	"os"
@ -241,3 +242,20 @@ func deleteServer(c *gin.Context) {

 	c.Status(http.StatusNoContent)
 }
+
+// Adds any of the JTIs passed through in the body to the deny list for the websocket
+// preventing any JWT generated before the current time from being used to connect to
+// the socket or send along commands.
+func postServerDenyWSTokens(c *gin.Context) {
+	var data struct{ JTIs []string `json:"jtis"` }
+
+	if err := c.BindJSON(&data); err != nil {
+		return
+	}
+
+	for _, jti := range data.JTIs {
+		tokens.DenyJTI(jti)
+	}
+
+	c.Status(http.StatusNoContent)
+}