From 1f6b32dd60f2abd4059dffb78fe989af6992ea9d Mon Sep 17 00:00:00 2001 From: Anton Zadvorny Date: Sat, 2 Dec 2023 07:44:50 +0300 Subject: [PATCH] Update JWT authentication middleware --- auth/jwt/jwt.go | 8 ++++---- auth/jwt/jwt_test.go | 22 +++++++++++----------- go.mod | 4 ++-- go.sum | 32 ++++++++++++++++++-------------- 4 files changed, 35 insertions(+), 31 deletions(-) diff --git a/auth/jwt/jwt.go b/auth/jwt/jwt.go index 946b0cd..408b7b2 100644 --- a/auth/jwt/jwt.go +++ b/auth/jwt/jwt.go @@ -5,8 +5,8 @@ import ( "errors" "net/http" - "github.com/lestrrat-go/jwx/jwa" - "github.com/lestrrat-go/jwx/jwt" + "github.com/lestrrat-go/jwx/v2/jwa" + "github.com/lestrrat-go/jwx/v2/jwt" "go.pkg.cx/middleware" ) @@ -20,7 +20,7 @@ var ( // Context keys var ( JWTCtxKey = &middleware.CtxKey{Pkg: "go.pkg.cx/middleware/auth/jwt", Name: "JWT"} - DataCtxKey = &middleware.CtxKey{Pkg: "go.pkg.cx/middleware/auth/token", Name: "Data"} + DataCtxKey = &middleware.CtxKey{Pkg: "go.pkg.cx/middleware/auth/jwt", Name: "Data"} ) // DefaultOptions represents default jwt auth middleware options @@ -134,7 +134,7 @@ func Middleware(key interface{}, alg jwa.SignatureAlgorithm, opts ...Option) fun return } - jwtToken, err := jwt.ParseString(token, jwt.WithVerify(a.algorithm, a.key)) + jwtToken, err := jwt.ParseString(token, jwt.WithKey(a.algorithm, a.key)) if err != nil { a.responseHandler(w, r, err) return diff --git a/auth/jwt/jwt_test.go b/auth/jwt/jwt_test.go index 66af558..088b967 100644 --- a/auth/jwt/jwt_test.go +++ b/auth/jwt/jwt_test.go @@ -7,8 +7,8 @@ import ( "testing" "time" - "github.com/lestrrat-go/jwx/jwa" - "github.com/lestrrat-go/jwx/jwt" + "github.com/lestrrat-go/jwx/v2/jwa" + "github.com/lestrrat-go/jwx/v2/jwt" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" @@ -41,7 +41,7 @@ func TestJWTAuthDefaults(t *testing.T) { assert.Equal(t, "Unauthorized\n", string(b)) token := jwt.New() - payload, err := jwt.Sign(token, jwa.HS256, []byte("changethis")) + payload, err := jwt.Sign(token, jwt.WithKey(jwa.HS256, []byte("changethis"))) assert.NoError(t, err) res, err = http.Get(server.URL + "/?jwt=" + string(payload)) @@ -72,7 +72,7 @@ func TestJWTAuthParseVerify(t *testing.T) { token := jwt.New() - payload, err := jwt.Sign(token, jwa.HS512, []byte("tkey")) + payload, err := jwt.Sign(token, jwt.WithKey(jwa.HS512, []byte("tkey"))) assert.NoError(t, err) res, err := http.Get(server.URL + "/?token=" + string(payload)) @@ -80,7 +80,7 @@ func TestJWTAuthParseVerify(t *testing.T) { defer res.Body.Close() assert.Equal(t, http.StatusUnauthorized, res.StatusCode) - payload, err = jwt.Sign(token, jwa.HS256, []byte("tkey")) + payload, err = jwt.Sign(token, jwt.WithKey(jwa.HS256, []byte("tkey"))) assert.NoError(t, err) res, err = http.Get(server.URL + "/?token=" + string(payload)) @@ -88,7 +88,7 @@ func TestJWTAuthParseVerify(t *testing.T) { defer res.Body.Close() assert.Equal(t, http.StatusUnauthorized, res.StatusCode) - payload, err = jwt.Sign(token, jwa.HS512, []byte("wrongkey")) + payload, err = jwt.Sign(token, jwt.WithKey(jwa.HS512, []byte("wrongkey"))) assert.NoError(t, err) res, err = http.Get(server.URL + "/?token=" + string(payload)) @@ -99,7 +99,7 @@ func TestJWTAuthParseVerify(t *testing.T) { now := time.Now() token.Set(jwt.IssuedAtKey, now.Add(-1*time.Hour)) // nolint:errcheck // No need to check error here token.Set(jwt.ExpirationKey, now.Add(-58*time.Minute)) // nolint:errcheck // No need to check error here - payload, err = jwt.Sign(token, jwa.HS512, []byte("tkey")) + payload, err = jwt.Sign(token, jwt.WithKey(jwa.HS512, []byte("tkey"))) assert.NoError(t, err) res, err = http.Get(server.URL + "/?token=" + string(payload)) @@ -121,7 +121,7 @@ func TestJWTAuthVerifyOptions(t *testing.T) { token := jwt.New() token.Set(jwt.IssuerKey, "wrongissuer") // nolint:errcheck // No need to check error here - payload, err := jwt.Sign(token, jwa.HS256, []byte("changethis")) + payload, err := jwt.Sign(token, jwt.WithKey(jwa.HS256, []byte("changethis"))) assert.NoError(t, err) res, err := http.Get(server.URL + "/?jwt=" + string(payload)) @@ -130,7 +130,7 @@ func TestJWTAuthVerifyOptions(t *testing.T) { assert.Equal(t, http.StatusUnauthorized, res.StatusCode) token.Set(jwt.IssuerKey, "tissuer") // nolint:errcheck // No need to check error here - payload, err = jwt.Sign(token, jwa.HS256, []byte("changethis")) + payload, err = jwt.Sign(token, jwt.WithKey(jwa.HS256, []byte("changethis"))) assert.NoError(t, err) res, err = http.Get(server.URL + "/?jwt=" + string(payload)) @@ -173,7 +173,7 @@ func TestJWTAuthContext(t *testing.T) { server := httptest.NewServer(auth(testCtxHandler)) defer server.Close() - payload, err := jwt.Sign(token, jwa.HS256, []byte("changethis")) + payload, err := jwt.Sign(token, jwt.WithKey(jwa.HS256, []byte("changethis"))) assert.NoError(t, err) res, err := http.Get(server.URL + "/?jwt=" + string(payload)) @@ -182,7 +182,7 @@ func TestJWTAuthContext(t *testing.T) { assert.Equal(t, http.StatusOK, res.StatusCode) token.Set(jwt.JwtIDKey, "invalid") // nolint:errcheck // No need to check error here - payload, err = jwt.Sign(token, jwa.HS256, []byte("changethis")) + payload, err = jwt.Sign(token, jwt.WithKey(jwa.HS256, []byte("changethis"))) assert.NoError(t, err) res, err = http.Get(server.URL + "/?jwt=" + string(payload)) diff --git a/go.mod b/go.mod index e2073db..e4331c2 100644 --- a/go.mod +++ b/go.mod @@ -4,7 +4,7 @@ go 1.15 require ( github.com/go-pkgz/expirable-cache v1.0.0 - github.com/lestrrat-go/jwx v1.2.26 + github.com/lestrrat-go/jwx/v2 v2.0.17 github.com/stretchr/testify v1.8.4 - golang.org/x/crypto v0.10.0 // indirect + golang.org/x/crypto v0.16.0 // indirect ) diff --git a/go.sum b/go.sum index 86fcb4a..b12ce8f 100644 --- a/go.sum +++ b/go.sum @@ -8,23 +8,23 @@ github.com/go-pkgz/expirable-cache v1.0.0 h1:ns5+1hjY8hntGv8bPaQd9Gr7Jyo+Uw5SLyI github.com/go-pkgz/expirable-cache v1.0.0/go.mod h1:GTrEl0X+q0mPNqN6dtcQXksACnzCBQ5k/k1SwXJsZKs= github.com/goccy/go-json v0.10.2 h1:CrxCmQqYDkv1z7lO7Wbh2HN93uovUHgrECaO5ZrCXAU= github.com/goccy/go-json v0.10.2/go.mod h1:6MelG93GURQebXPDq3khkgXZkazVtN9CRI+MGFi0w8I= -github.com/lestrrat-go/backoff/v2 v2.0.8 h1:oNb5E5isby2kiro9AgdHLv5N5tint1AnDVVf2E2un5A= -github.com/lestrrat-go/backoff/v2 v2.0.8/go.mod h1:rHP/q/r9aT27n24JQLa7JhSQZCKBBOiM/uP402WwN8Y= -github.com/lestrrat-go/blackmagic v1.0.1 h1:lS5Zts+5HIC/8og6cGHb0uCcNCa3OUt1ygh3Qz2Fe80= -github.com/lestrrat-go/blackmagic v1.0.1/go.mod h1:UrEqBzIR2U6CnzVyUtfM6oZNMt/7O7Vohk2J0OGSAtU= +github.com/lestrrat-go/blackmagic v1.0.2 h1:Cg2gVSc9h7sz9NOByczrbUvLopQmXrfFx//N+AkAr5k= +github.com/lestrrat-go/blackmagic v1.0.2/go.mod h1:UrEqBzIR2U6CnzVyUtfM6oZNMt/7O7Vohk2J0OGSAtU= github.com/lestrrat-go/httpcc v1.0.1 h1:ydWCStUeJLkpYyjLDHihupbn2tYmZ7m22BGkcvZZrIE= github.com/lestrrat-go/httpcc v1.0.1/go.mod h1:qiltp3Mt56+55GPVCbTdM9MlqhvzyuL6W/NMDA8vA5E= +github.com/lestrrat-go/httprc v1.0.4 h1:bAZymwoZQb+Oq8MEbyipag7iSq6YIga8Wj6GOiJGdI8= +github.com/lestrrat-go/httprc v1.0.4/go.mod h1:mwwz3JMTPBjHUkkDv/IGJ39aALInZLrhBp0X7KGUZlo= github.com/lestrrat-go/iter v1.0.2 h1:gMXo1q4c2pHmC3dn8LzRhJfP1ceCbgSiT9lUydIzltI= github.com/lestrrat-go/iter v1.0.2/go.mod h1:Momfcq3AnRlRjI5b5O8/G5/BvpzrhoFTZcn06fEOPt4= -github.com/lestrrat-go/jwx v1.2.26 h1:4iFo8FPRZGDYe1t19mQP0zTRqA7n8HnJ5lkIiDvJcB0= -github.com/lestrrat-go/jwx v1.2.26/go.mod h1:MaiCdGbn3/cckbOFSCluJlJMmp9dmZm5hDuIkx8ftpQ= +github.com/lestrrat-go/jwx/v2 v2.0.17 h1:+WavkdKVWO90ECnIzUetOnjY+kcqqw4WXEUmil7sMCE= +github.com/lestrrat-go/jwx/v2 v2.0.17/go.mod h1:G8randPHLGAqhcNCqtt6/V/7E6fvJRl3Sf9z777eTQ0= github.com/lestrrat-go/option v1.0.0/go.mod h1:5ZHFbivi4xwXxhxY9XHDe2FHo6/Z7WWmtT7T5nBBp3I= github.com/lestrrat-go/option v1.0.1 h1:oAzP2fvZGQKWkvHa1/SAcFolBEca1oN+mQ7eooNBEYU= github.com/lestrrat-go/option v1.0.1/go.mod h1:5ZHFbivi4xwXxhxY9XHDe2FHo6/Z7WWmtT7T5nBBp3I= -github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4= -github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= +github.com/segmentio/asm v1.2.0 h1:9BQrFxC+YOHJlTlHGkTrFWf59nbL3XnCoFLTwDCI7ys= +github.com/segmentio/asm v1.2.0/go.mod h1:BqMnlJP91P8d+4ibuonYZw9mfnzI9HfxselHZr5aAcs= github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw= github.com/stretchr/objx v0.5.0/go.mod h1:Yh+to48EsGEfYuaHDzXPcE3xhTkx73EhmCGUpEOglKo= @@ -36,9 +36,9 @@ github.com/stretchr/testify v1.8.4/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXl github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY= golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= -golang.org/x/crypto v0.9.0/go.mod h1:yrmDGqONDYtNj3tH8X9dzUun2m2lzPa9ngI6/RUPGR0= -golang.org/x/crypto v0.10.0 h1:LKqV2xt9+kDzSTfOhx4FrkEBcMrAgHSYgzywV9zcGmM= -golang.org/x/crypto v0.10.0/go.mod h1:o4eNf7Ede1fv+hwOwZsTHl9EsPFO6q6ZvYR8vYfY45I= +golang.org/x/crypto v0.15.0/go.mod h1:4ChreQoLWfG3xLDer1WdlH5NdlQ3+mwnQq1YTKY+72g= +golang.org/x/crypto v0.16.0 h1:mMMrFzRSCF0GvB7Ne27XVtVAaXLrPmgPC7/v0tkwHaY= +golang.org/x/crypto v0.16.0/go.mod h1:gCAAfMLgwOJRpTjQ2zCCt2OcSfYMTeZVSRtQlPC7Nq4= golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4= golang.org/x/mod v0.8.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs= golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= @@ -52,22 +52,26 @@ golang.org/x/sync v0.1.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20220412211240-33da011f77ad/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.8.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.9.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.14.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= +golang.org/x/sys v0.15.0 h1:h48lPFYpsTvQJZF4EKyI4aLHaev3CxivZmv7yZig9pc= +golang.org/x/sys v0.15.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k= golang.org/x/term v0.8.0/go.mod h1:xPskH00ivmX89bAKVGSKKtLOWNx2+17Eiy94tnKShWo= -golang.org/x/term v0.9.0/go.mod h1:M6DEAAIenWoTxdKrOltXcmDY3rSplQUkrvaDU5FcQyo= +golang.org/x/term v0.14.0/go.mod h1:TySc+nGkYR6qt8km8wUhuFRTVSMIX3XPR58y2lC8vww= +golang.org/x/term v0.15.0/go.mod h1:BDl952bC7+uMoWR75FIrCDx79TPU9oHkTZ9yRbYOrX0= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ= golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= golang.org/x/text v0.9.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8= -golang.org/x/text v0.10.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE= +golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU= golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc=