MCorange/wings
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Update the JWT signing algo when the signing key is changed in the config

Browse Source
This commit is contained in:
Dane Everitt 2020-04-11 17:26:17 -07:00
parent d3a3d4dbf5
commit 3bd48bbac1
No known key found for this signature in database
GPG Key ID: EEA66103B3D71F53
3 changed files with 21 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
config/config.go
View File

@ -3,6 +3,7 @@ package config
import ( import (
"fmt" "fmt"
"github.com/creasty/defaults" "github.com/creasty/defaults"
"github.com/gbrlsnchs/jwt/v3"
"go.uber.org/zap" "go.uber.org/zap"
"gopkg.in/yaml.v2" "gopkg.in/yaml.v2"
"io/ioutil" "io/ioutil"
@ -231,7 +232,9 @@ func ReadConfiguration(path string) (*Configuration, error) {
} }
var Mutex sync.RWMutex var Mutex sync.RWMutex
var _config *Configuration var _config *Configuration
var _jwtAlgo *jwt.HMACSHA
var _debugViaFlag bool var _debugViaFlag bool
// Set the global configuration instance. This is a blocking operation such that // Set the global configuration instance. This is a blocking operation such that
@ -239,6 +242,11 @@ var _debugViaFlag bool
// will be paused until it is complete. // will be paused until it is complete.
func Set(c *Configuration) { func Set(c *Configuration) {
Mutex.Lock() Mutex.Lock()
if _config == nil || _config.AuthenticationToken != c.AuthenticationToken {
_jwtAlgo = jwt.NewHS256([]byte(c.AuthenticationToken))
}
_config = c _config = c
Mutex.Unlock() Mutex.Unlock()
} }
@ -256,6 +264,14 @@ func Get() *Configuration {
return _config return _config
} }
// Returns the in-memory JWT algorithm.
func GetJwtAlgorithm() *jwt.HMACSHA {
Mutex.RLock()
defer Mutex.RUnlock()
return _jwtAlgo
}
// Ensures that the Pterodactyl core user exists on the system. This user will be the // Ensures that the Pterodactyl core user exists on the system. This user will be the
// owner of all data in the root data directory and is used as the user within containers. // owner of all data in the root data directory and is used as the user within containers.
// //

8
router/tokens/parser.go
View File

@ -6,8 +6,6 @@ import (
"time" "time"
) )
var alg *jwt.HMACSHA
type TokenData interface { type TokenData interface {
GetPayload() *jwt.Payload GetPayload() *jwt.Payload
} }
@ -18,16 +16,12 @@ type TokenData interface {
// //
// This simply returns a parsed token. // This simply returns a parsed token.
func ParseToken(token []byte, data TokenData) error { func ParseToken(token []byte, data TokenData) error {
if alg == nil {
alg = jwt.NewHS256([]byte(config.Get().AuthenticationToken))
}
verifyOptions := jwt.ValidatePayload( verifyOptions := jwt.ValidatePayload(
data.GetPayload(), data.GetPayload(),
jwt.ExpirationTimeValidator(time.Now()), jwt.ExpirationTimeValidator(time.Now()),
) )
_, err := jwt.Verify(token, alg, &data, verifyOptions) _, err := jwt.Verify(token, config.GetJwtAlgorithm(), &data, verifyOptions)
return err return err
} }

8
router/tokens/token_store.go
View File

@ -7,8 +7,8 @@ import (
) )
type TokenStore struct { type TokenStore struct {
sync.Mutex
cache *cache.Cache cache *cache.Cache
mutex *sync.Mutex
} }
var _tokens *TokenStore var _tokens *TokenStore
@ -20,16 +20,16 @@ func getTokenStore() *TokenStore {
if _tokens == nil { if _tokens == nil {
_tokens = &TokenStore{ _tokens = &TokenStore{
cache: cache.New(time.Minute*60, time.Minute*5), cache: cache.New(time.Minute*60, time.Minute*5),
mutex: &sync.Mutex{},
} }
} }
return _tokens return _tokens
} }
// Checks if a token is valid or not.
func (t *TokenStore) IsValidToken(token string) bool { func (t *TokenStore) IsValidToken(token string) bool {
t.mutex.Lock() t.Lock()
defer t.mutex.Unlock() defer t.Unlock()
_, exists := t.cache.Get(token) _, exists := t.cache.Get(token)