diff --git a/backend/go.mod b/backend/go.mod index 0b4b64b..24fcd2c 100644 --- a/backend/go.mod +++ b/backend/go.mod @@ -13,7 +13,6 @@ require ( github.com/glebarez/sqlite v1.8.0 github.com/go-chi/chi/v5 v5.0.8 github.com/go-chi/cors v1.2.1 - github.com/go-chi/jwtauth v4.0.4+incompatible github.com/go-chi/jwtauth/v5 v5.1.0 github.com/jc21/go-sse v0.0.0-20230307071053-2e6b1dbcb7ec github.com/jc21/jsref v0.0.0-20210608024405-a97debfc4760 @@ -36,7 +35,6 @@ require ( github.com/decred/dcrd/dcrec/secp256k1/v4 v4.1.0 // indirect github.com/dustin/go-humanize v1.0.1 // indirect github.com/glebarez/go-sqlite v1.21.1 // indirect - github.com/go-chi/chi v4.1.2+incompatible // indirect github.com/go-sql-driver/mysql v1.7.1 // indirect github.com/goccy/go-json v0.9.11 // indirect github.com/google/uuid v1.3.0 // indirect diff --git a/backend/go.sum b/backend/go.sum index 389a5fb..e6c5203 100644 --- a/backend/go.sum +++ b/backend/go.sum @@ -26,14 +26,10 @@ github.com/glebarez/go-sqlite v1.21.1 h1:7MZyUPh2XTrHS7xNEHQbrhfMZuPSzhkm2A1qgg0 github.com/glebarez/go-sqlite v1.21.1/go.mod h1:ISs8MF6yk5cL4n/43rSOmVMGJJjHYr7L2MbZZ5Q4E2E= github.com/glebarez/sqlite v1.8.0 h1:02X12E2I/4C1n+v90yTqrjRa8yuo7c3KeHI3FRznCvc= github.com/glebarez/sqlite v1.8.0/go.mod h1:bpET16h1za2KOOMb8+jCp6UBP/iahDpfPQqSaYLTLx8= -github.com/go-chi/chi v4.1.2+incompatible h1:fGFk2Gmi/YKXk0OmGfBh0WgmN3XB8lVnEyNz34tQRec= -github.com/go-chi/chi v4.1.2+incompatible/go.mod h1:eB3wogJHnLi3x/kFX2A+IbTBlXxmMeXJVKy9tTv1XzQ= github.com/go-chi/chi/v5 v5.0.8 h1:lD+NLqFcAi1ovnVZpsnObHGW4xb4J8lNmoYVfECH1Y0= github.com/go-chi/chi/v5 v5.0.8/go.mod h1:DslCQbL2OYiznFReuXYUmQ2hGd1aDpCnlMNITLSKoi8= github.com/go-chi/cors v1.2.1 h1:xEC8UT3Rlp2QuWNEr4Fs/c2EAGVKBwy/1vHx3bppil4= github.com/go-chi/cors v1.2.1/go.mod h1:sSbTewc+6wYHBBCW7ytsFSn836hqM7JxpglAy2Vzc58= -github.com/go-chi/jwtauth v4.0.4+incompatible h1:LGIxg6YfvSBzxU2BljXbrzVc1fMlgqSKBQgKOGAVtPY= -github.com/go-chi/jwtauth v4.0.4+incompatible/go.mod h1:Q5EIArY/QnD6BdS+IyDw7B2m6iNbnPxtfd6/BcmtWbs= github.com/go-chi/jwtauth/v5 v5.1.0 h1:wJyf2YZ/ohPvNJBwPOzZaQbyzwgMZZceE1m8FOzXLeA= github.com/go-chi/jwtauth/v5 v5.1.0/go.mod h1:MA93hc1au3tAQwCKry+fI4LqJ5MIVN4XSsglOo+lSc8= github.com/go-errors/errors v1.4.2 h1:J6MZopCL4uSllY1OfXM374weqZFFItUbrImctkmUxIA= diff --git a/backend/internal/api/handler/schema.go b/backend/internal/api/handler/schema.go index 9eab87f..2ae795f 100644 --- a/backend/internal/api/handler/schema.go +++ b/backend/internal/api/handler/schema.go @@ -48,9 +48,9 @@ func getSchema() []byte { return nil } - provider := provider.NewIoFS(apiDocsSub, "") + prov := provider.NewIoFS(apiDocsSub, "") resolver := jsref.New() - err := resolver.AddProvider(provider) + err := resolver.AddProvider(prov) if err != nil { logger.Error("SchemaProviderError", err) } diff --git a/backend/internal/api/middleware/sse_auth.go b/backend/internal/api/middleware/sse_auth.go index 5fa9e74..81721dc 100644 --- a/backend/internal/api/middleware/sse_auth.go +++ b/backend/internal/api/middleware/sse_auth.go @@ -6,7 +6,7 @@ import ( h "npm/internal/api/http" "npm/internal/entity/user" - "github.com/go-chi/jwtauth" + "github.com/go-chi/jwtauth/v5" ) // SSEAuth will validate that the jwt token provided to get this far is a SSE token @@ -33,7 +33,13 @@ func SSEAuth(next http.Handler) http.Handler { userID := uint(claims["uid"].(float64)) _, enabled := user.IsEnabled(userID) - if token == nil || !token.Valid || !enabled || !claims.VerifyIssuer("sse", true) { + if token == nil || !enabled { + h.ResultErrorJSON(w, r, http.StatusUnauthorized, "Unauthorised", nil) + return + } + + iss, _ := token.Get("iss") + if iss != "sse" { h.ResultErrorJSON(w, r, http.StatusUnauthorized, "Unauthorised", nil) return }