-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
* jwt validation v1
- Loading branch information
Showing
15 changed files
with
331 additions
and
25 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,3 +1,6 @@ | ||
.env | ||
./listener/tmp/* | ||
./listener/bin/* | ||
./listener/bin/* | ||
jwt | ||
private.pem | ||
public.pem |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,6 @@ | ||
{ | ||
"stader": { | ||
"publicKey": "-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq81M9pHCZEExzJFgWEXK\navIs0AexsLlP6CIGkbvfe/GX+kIjP28kkXYGCJlUuVhGYa8wU2mBYeXTbtvi9OR9\ndmKTOzsl3QzIKVd5BqXqbTmQxGp0S6ShujK6LHTOELxwYhFKulx2ls2DSyXhqOGx\nyh0Gm/3H7CiCgNHMJWUUiy5Xyp71vtimzDM+OniUVQE/ZjPg5WG+cM536Ms8XcK1\nNIN0z8ovgAibHqw8jEljxM89Sn9XD3mQo8kBTG+3dLsjUbHZDiJZogNgeXsOrM7m\nh3YtIwMvr5YEWUR7ON7ST5Wrwx14uF6YDE0yo6nb/cmmSSUJ/cdX36dNK3dGrYhB\nywIDAQAB\n-----END PUBLIC KEY-----", | ||
"tags": ["solo"] | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,76 @@ | ||
package main | ||
|
||
import ( | ||
"flag" | ||
"fmt" | ||
"os" | ||
"time" | ||
|
||
"github.com/dappnode/validator-monitoring/listener/internal/logger" | ||
|
||
"github.com/golang-jwt/jwt/v5" | ||
) | ||
|
||
func main() { | ||
// Define flags for the command-line input | ||
privateKeyPath := flag.String("private-key", "", "Path to the RSA private key file (mandatory)") | ||
subject := flag.String("sub", "", "Subject claim for the JWT (optional)") | ||
expiration := flag.String("exp", "", "Expiration duration for the JWT in hours (optional, e.g., '24h' for 24 hours). If no value is provided, the generated token will not expire.") | ||
kid := flag.String("kid", "", "Key ID (kid) for the JWT (mandatory)") | ||
outputFilePath := flag.String("output", "token.jwt", "Output file path for the JWT. Defaults to ./token.jwt") | ||
|
||
flag.Parse() | ||
|
||
// Check for mandatory parameters | ||
if *kid == "" || *privateKeyPath == "" { | ||
logger.Fatal("Key ID (kid) and private key path must be provided") | ||
} | ||
|
||
// Read the private key file | ||
privateKeyData, err := os.ReadFile(*privateKeyPath) | ||
if err != nil { | ||
logger.Fatal(fmt.Sprintf("Failed to read private key file: %v", err)) | ||
} | ||
|
||
// Parse the RSA private key | ||
privateKey, err := jwt.ParseRSAPrivateKeyFromPEM(privateKeyData) | ||
if err != nil { | ||
logger.Fatal(fmt.Sprintf("Failed to parse private key: %v", err)) | ||
} | ||
|
||
// Prepare the claims for the JWT. These are optional | ||
claims := jwt.MapClaims{} | ||
if *subject != "" { | ||
claims["sub"] = *subject | ||
} | ||
if *expiration != "" { | ||
duration, err := time.ParseDuration(*expiration) | ||
if err != nil { | ||
logger.Fatal(fmt.Sprintf("Failed to parse expiration duration: %v", err)) | ||
} | ||
claims["exp"] = time.Now().Add(duration).Unix() | ||
} | ||
|
||
// Create a new token object, specifying signing method and claims | ||
token := jwt.NewWithClaims(jwt.SigningMethodRS256, claims) | ||
|
||
// Set the key ID (kid) in the token header | ||
token.Header["kid"] = *kid | ||
|
||
// Sign the token with the private key | ||
tokenString, err := token.SignedString(privateKey) | ||
if err != nil { | ||
logger.Fatal(fmt.Sprintf("Failed to sign token: %v", err)) | ||
} | ||
|
||
// Output the token to the console | ||
fmt.Println("JWT generated successfully:") | ||
fmt.Println(tokenString) | ||
|
||
// Save the token to a file | ||
err = os.WriteFile(*outputFilePath, []byte(tokenString), 0644) | ||
if err != nil { | ||
logger.Fatal(fmt.Sprintf("Failed to write the JWT to file: %v", err)) | ||
} | ||
fmt.Println("JWT saved to file:", *outputFilePath) | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,48 @@ | ||
package handlers | ||
|
||
import ( | ||
"context" | ||
"encoding/json" | ||
"fmt" | ||
"net/http" | ||
|
||
"github.com/dappnode/validator-monitoring/listener/internal/api/middleware" | ||
"github.com/dappnode/validator-monitoring/listener/internal/logger" | ||
"go.mongodb.org/mongo-driver/bson" | ||
"go.mongodb.org/mongo-driver/mongo" | ||
) | ||
|
||
func GetSignatures(w http.ResponseWriter, r *http.Request, dbCollection *mongo.Collection) { | ||
logger.Debug("Received new GET '/signatures' request") | ||
// Get tags from the context | ||
tags, ok := r.Context().Value(middleware.TagsKey).([]string) | ||
// middlewware already checks that tags is not empty. If something fails here, it is | ||
// because middleware didnt pass context correctly | ||
if !ok || len(tags) == 0 { | ||
http.Error(w, "Internal server error", http.StatusInternalServerError) | ||
return | ||
} | ||
|
||
// Query MongoDB for documents with tags matching the context tags | ||
var results []bson.M | ||
filter := bson.M{ | ||
"tag": bson.M{"$in": tags}, | ||
} | ||
cursor, err := dbCollection.Find(context.Background(), filter) | ||
if err != nil { | ||
http.Error(w, fmt.Sprintf("Failed to query MongoDB: %v", err), http.StatusInternalServerError) | ||
return | ||
} | ||
defer cursor.Close(context.Background()) | ||
|
||
if err := cursor.All(context.Background(), &results); err != nil { | ||
http.Error(w, fmt.Sprintf("Failed to read cursor: %v", err), http.StatusInternalServerError) | ||
return | ||
} | ||
|
||
// Return the results as JSON | ||
w.Header().Set("Content-Type", "application/json") | ||
if err := json.NewEncoder(w).Encode(results); err != nil { | ||
http.Error(w, fmt.Sprintf("Failed to encode results: %v", err), http.StatusInternalServerError) | ||
} | ||
} |
Oops, something went wrong.