mirror of
https://github.com/APIParkLab/APIPark.git
synced 2026-06-04 10:13:53 +08:00
Fix the issue of ineffective authentication for JWT, Oauth2, AK/SK
This commit is contained in:
Liujian
@@ -0,0 +1,28 @@
|
||||
package auth
|
||||
|
||||
func init() {
|
||||
b := NewAKSK()
|
||||
Register(b.Name(), b)
|
||||
}
|
||||
|
||||
func NewAKSK() *AKSK {
|
||||
return &AKSK{}
|
||||
}
|
||||
|
||||
type AKSK struct {
|
||||
}
|
||||
|
||||
func (a *AKSK) Name() string {
|
||||
return "aksk"
|
||||
}
|
||||
|
||||
func (a *AKSK) ToPattern(cfg map[string]interface{}) interface{} {
|
||||
result := make(map[string]interface{})
|
||||
result["ak"] = cfg["ak"]
|
||||
result["sk"] = cfg["sk"]
|
||||
return result
|
||||
}
|
||||
|
||||
func (a *AKSK) ToConfig(cfg map[string]interface{}) interface{} {
|
||||
return nil
|
||||
}
|
||||
@@ -0,0 +1,35 @@
|
||||
package auth
|
||||
|
||||
func init() {
|
||||
b := NewJWT()
|
||||
Register(b.Name(), b)
|
||||
}
|
||||
|
||||
func NewJWT() *JWT {
|
||||
return &JWT{}
|
||||
}
|
||||
|
||||
type JWT struct {
|
||||
}
|
||||
|
||||
func (J *JWT) Name() string {
|
||||
return "jwt"
|
||||
}
|
||||
|
||||
func (J *JWT) ToPattern(cfg map[string]interface{}) interface{} {
|
||||
result := make(map[string]interface{})
|
||||
result["username"] = cfg["user"]
|
||||
return result
|
||||
}
|
||||
|
||||
func (J *JWT) ToConfig(cfg map[string]interface{}) interface{} {
|
||||
result := make(map[string]interface{})
|
||||
result["iss"] = cfg["iss"]
|
||||
result["algorithm"] = cfg["algorithm"]
|
||||
result["secret"] = cfg["secret"]
|
||||
result["rsa_public_key"] = cfg["publicKey"]
|
||||
result["path"] = cfg["userPath"]
|
||||
result["claims_to_verify"] = cfg["claimsToVerify"]
|
||||
result["signature_is_base_64"] = cfg["signatureIsBase64"]
|
||||
return result
|
||||
}
|
||||
@@ -0,0 +1,29 @@
|
||||
package auth
|
||||
|
||||
func init() {
|
||||
b := NewOAuth2()
|
||||
Register(b.Name(), b)
|
||||
}
|
||||
|
||||
func NewOAuth2() *OAuth2 {
|
||||
return &OAuth2{}
|
||||
}
|
||||
|
||||
type OAuth2 struct {
|
||||
}
|
||||
|
||||
func (o *OAuth2) Name() string {
|
||||
return "oauth2"
|
||||
}
|
||||
func (o *OAuth2) ToPattern(cfg map[string]interface{}) interface{} {
|
||||
result := make(map[string]interface{})
|
||||
result["client_id"] = cfg["client_id"]
|
||||
result["client_secret"] = cfg["client_secret"]
|
||||
result["client_type"] = cfg["client_type"]
|
||||
result["hash_secret"] = cfg["hash_secret"]
|
||||
result["redirect_urls"] = cfg["redirect_urls"]
|
||||
return result
|
||||
}
|
||||
func (o *OAuth2) ToConfig(cfg map[string]interface{}) interface{} {
|
||||
return nil
|
||||
}
|
||||
@@ -6,11 +6,11 @@ import (
|
||||
"fmt"
|
||||
"strconv"
|
||||
"strings"
|
||||
|
||||
|
||||
auth_driver "github.com/APIParkLab/APIPark/module/application-authorization/auth-driver"
|
||||
|
||||
|
||||
"github.com/eolinker/go-common/utils"
|
||||
|
||||
|
||||
application_authorization_dto "github.com/APIParkLab/APIPark/module/application-authorization/dto"
|
||||
)
|
||||
|
||||
@@ -26,12 +26,12 @@ type Config struct {
|
||||
Iss string `json:"iss"`
|
||||
Algorithm string `json:"algorithm"`
|
||||
Secret string `json:"secret"`
|
||||
PublicKey string `json:"public_key"`
|
||||
PublicKey string `json:"publicKey"`
|
||||
User string `json:"user"`
|
||||
UserPath string `json:"user_path"`
|
||||
ClaimsToVerify []string `json:"claims_to_verify"`
|
||||
UserPath string `json:"userPath"`
|
||||
ClaimsToVerify []string `json:"claimsToVerify"`
|
||||
Label map[string]string `json:"label"`
|
||||
SignatureIsBase64 bool `json:"signature_is_base64"`
|
||||
SignatureIsBase64 bool `json:"signatureIsBase64"`
|
||||
}
|
||||
|
||||
func (cfg *Config) ID() string {
|
||||
@@ -46,7 +46,7 @@ func (cfg *Config) ID() string {
|
||||
for _, claim := range cfg.ClaimsToVerify {
|
||||
builder.WriteString(strings.TrimSpace(claim))
|
||||
}
|
||||
|
||||
|
||||
case "RS256", "RS384", "RS512", "ES256", "ES384", "ES512":
|
||||
builder.WriteString(strings.TrimSpace(cfg.Iss))
|
||||
builder.WriteString(strings.TrimSpace(cfg.PublicKey))
|
||||
@@ -81,7 +81,7 @@ func (cfg *Config) Valid() ([]byte, error) {
|
||||
default:
|
||||
return nil, fmt.Errorf("unsupport algorithm")
|
||||
}
|
||||
|
||||
|
||||
//校验 校验字段
|
||||
for _, claim := range cfg.ClaimsToVerify {
|
||||
switch claim {
|
||||
@@ -94,7 +94,7 @@ func (cfg *Config) Valid() ([]byte, error) {
|
||||
}
|
||||
|
||||
func (cfg *Config) Detail() []application_authorization_dto.DetailItem {
|
||||
|
||||
|
||||
items := []application_authorization_dto.DetailItem{
|
||||
{Key: "Iss", Value: cfg.Iss},
|
||||
{Key: "签名算法", Value: cfg.Algorithm},
|
||||
@@ -102,7 +102,7 @@ func (cfg *Config) Detail() []application_authorization_dto.DetailItem {
|
||||
{Key: "用户名JsonPath", Value: cfg.UserPath},
|
||||
{Key: "校验字段", Value: strings.Join(cfg.ClaimsToVerify, ",")},
|
||||
}
|
||||
|
||||
|
||||
switch cfg.Algorithm {
|
||||
case "HS256", "HS384", "HS512":
|
||||
items = append(items, application_authorization_dto.DetailItem{Key: "Secret", Value: cfg.Secret})
|
||||
@@ -110,10 +110,10 @@ func (cfg *Config) Detail() []application_authorization_dto.DetailItem {
|
||||
if cfg.SignatureIsBase64 {
|
||||
base64 = "true"
|
||||
}
|
||||
items = append(items, application_authorization_dto.DetailItem{Key: "Secret", Value: base64})
|
||||
items = append(items, application_authorization_dto.DetailItem{Key: "SignatureIsBase64", Value: base64})
|
||||
default:
|
||||
items = append(items, application_authorization_dto.DetailItem{Key: "RSA公钥", Value: cfg.PublicKey})
|
||||
}
|
||||
|
||||
|
||||
return items
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user