tcjlj/nginx-proxy-manager-zh
1
0
Fork 0
mirror of https://github.com/xiaoxinpro/nginx-proxy-manager-zh.git synced 2025-01-23 21:28:15 -05:00
Code Issues Actions Packages Projects Releases Wiki Activity
4a57956093
nginx-proxy-manager-zh/backend/internal/api/middleware/sse_auth.go

45 lines
1.0 KiB
Go
Raw Normal View History

Certificates Renewal + SSE - Certificate renewal is just a re-request as it's forced already - Rejig the routes for readability - Added Server Side Events so that the UI would invalidate the cache when changes happen on the backend, such as certs being provided or failing - Added a SSE Token, which has the same shelf life as normal token but can't be used interchangeably. The reason for this is, the SSE endpoint needs a token for auth as a Query param, so it would be stored in log files. If someone where to get a hold of that, it's pretty useless as it can't be used to change anything, only to listen for events until it expires - Added test endpoint for SSE testing only availabe in debug mode
2023-03-07 01:42:26 -05:00
package middleware
import (
"net/http"
h "npm/internal/api/http"
"npm/internal/entity/user"
"github.com/go-chi/jwtauth"
)
// SSEAuth will validate that the jwt token provided to get this far is a SSE token
// and that the user is enabled
func SSEAuth(next http.Handler) http.Handler {
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
ctx := r.Context()
token, claims, err := jwtauth.FromContext(ctx)
prevent panic when sse token is not found
2023-05-29 01:18:18 -04:00
Certificates Renewal + SSE - Certificate renewal is just a re-request as it's forced already - Rejig the routes for readability - Added Server Side Events so that the UI would invalidate the cache when changes happen on the backend, such as certs being provided or failing - Added a SSE Token, which has the same shelf life as normal token but can't be used interchangeably. The reason for this is, the SSE endpoint needs a token for auth as a Query param, so it would be stored in log files. If someone where to get a hold of that, it's pretty useless as it can't be used to change anything, only to listen for events until it expires - Added test endpoint for SSE testing only availabe in debug mode
2023-03-07 01:42:26 -05:00
if err != nil {
h.ResultErrorJSON(w, r, http.StatusUnauthorized, err.Error(), nil)
return
}
prevent panic when sse token is not found
2023-05-29 01:18:18 -04:00
if token == nil {
h.ResultErrorJSON(w, r, http.StatusUnauthorized, "No token given", nil)
return
}
if claims != nil {
h.ResultErrorJSON(w, r, http.StatusUnauthorized, "Unauthorised", nil)
return
}
Convert db backend to use Gorm, with basis for support for Mysql and Postgres in addition to existing Sqlite
2023-05-25 21:04:43 -04:00
userID := uint(claims["uid"].(float64))
Certificates Renewal + SSE - Certificate renewal is just a re-request as it's forced already - Rejig the routes for readability - Added Server Side Events so that the UI would invalidate the cache when changes happen on the backend, such as certs being provided or failing - Added a SSE Token, which has the same shelf life as normal token but can't be used interchangeably. The reason for this is, the SSE endpoint needs a token for auth as a Query param, so it would be stored in log files. If someone where to get a hold of that, it's pretty useless as it can't be used to change anything, only to listen for events until it expires - Added test endpoint for SSE testing only availabe in debug mode
2023-03-07 01:42:26 -05:00
_, enabled := user.IsEnabled(userID)
if token == nil || !token.Valid || !enabled || !claims.VerifyIssuer("sse", true) {
h.ResultErrorJSON(w, r, http.StatusUnauthorized, "Unauthorised", nil)
return
}
// Should be all good now
next.ServeHTTP(w, r)
})
}
Reference in New Issue Copy Permalink