Update the JWT signing algo when the signing key is changed in the config

This commit is contained in:
Dane Everitt 2020-04-11 17:26:17 -07:00
parent d3a3d4dbf5
commit 3bd48bbac1
No known key found for this signature in database
GPG Key ID: EEA66103B3D71F53
3 changed files with 21 additions and 11 deletions

View File

@ -3,6 +3,7 @@ package config
import (
"fmt"
"github.com/creasty/defaults"
"github.com/gbrlsnchs/jwt/v3"
"go.uber.org/zap"
"gopkg.in/yaml.v2"
"io/ioutil"
@ -231,7 +232,9 @@ func ReadConfiguration(path string) (*Configuration, error) {
}
var Mutex sync.RWMutex
var _config *Configuration
var _jwtAlgo *jwt.HMACSHA
var _debugViaFlag bool
// Set the global configuration instance. This is a blocking operation such that
@ -239,6 +242,11 @@ var _debugViaFlag bool
// will be paused until it is complete.
func Set(c *Configuration) {
Mutex.Lock()
if _config == nil || _config.AuthenticationToken != c.AuthenticationToken {
_jwtAlgo = jwt.NewHS256([]byte(c.AuthenticationToken))
}
_config = c
Mutex.Unlock()
}
@ -256,6 +264,14 @@ func Get() *Configuration {
return _config
}
// Returns the in-memory JWT algorithm.
func GetJwtAlgorithm() *jwt.HMACSHA {
Mutex.RLock()
defer Mutex.RUnlock()
return _jwtAlgo
}
// Ensures that the Pterodactyl core user exists on the system. This user will be the
// owner of all data in the root data directory and is used as the user within containers.
//

View File

@ -6,8 +6,6 @@ import (
"time"
)
var alg *jwt.HMACSHA
type TokenData interface {
GetPayload() *jwt.Payload
}
@ -18,16 +16,12 @@ type TokenData interface {
//
// This simply returns a parsed token.
func ParseToken(token []byte, data TokenData) error {
if alg == nil {
alg = jwt.NewHS256([]byte(config.Get().AuthenticationToken))
}
verifyOptions := jwt.ValidatePayload(
data.GetPayload(),
jwt.ExpirationTimeValidator(time.Now()),
)
_, err := jwt.Verify(token, alg, &data, verifyOptions)
_, err := jwt.Verify(token, config.GetJwtAlgorithm(), &data, verifyOptions)
return err
}

View File

@ -7,8 +7,8 @@ import (
)
type TokenStore struct {
sync.Mutex
cache *cache.Cache
mutex *sync.Mutex
}
var _tokens *TokenStore
@ -20,16 +20,16 @@ func getTokenStore() *TokenStore {
if _tokens == nil {
_tokens = &TokenStore{
cache: cache.New(time.Minute*60, time.Minute*5),
mutex: &sync.Mutex{},
}
}
return _tokens
}
// Checks if a token is valid or not.
func (t *TokenStore) IsValidToken(token string) bool {
t.mutex.Lock()
defer t.mutex.Unlock()
t.Lock()
defer t.Unlock()
_, exists := t.cache.Get(token)