From 9432b3a8fd14a1c60cedb5026051fc542ab3b416 Mon Sep 17 00:00:00 2001 From: Pierre HUBERT Date: Sat, 20 Apr 2024 11:56:36 +0200 Subject: [PATCH] Remove "None" variant for JWT public key --- virtweb_backend/src/api_tokens.rs | 6 +++--- .../src/controllers/api_tokens_controller.rs | 3 +-- .../src/extractors/api_auth_extractor.rs | 8 +++++++- virtweb_backend/src/utils/jwt_utils.rs | 14 -------------- 4 files changed, 11 insertions(+), 20 deletions(-) diff --git a/virtweb_backend/src/api_tokens.rs b/virtweb_backend/src/api_tokens.rs index 5cfa856..6479d99 100644 --- a/virtweb_backend/src/api_tokens.rs +++ b/virtweb_backend/src/api_tokens.rs @@ -76,8 +76,8 @@ pub struct Token { pub description: String, created: u64, updated: u64, - #[serde(skip_serializing_if = "TokenPubKey::is_invalid")] - pub pub_key: TokenPubKey, + #[serde(skip_serializing_if = "Option::is_none")] + pub pub_key: Option, pub rights: TokenRights, pub last_used: u64, pub ip_restriction: Option, @@ -205,7 +205,7 @@ pub async fn create(t: &NewToken) -> anyhow::Result<(Token, TokenPrivKey)> { id: TokenID(uuid::Uuid::new_v4()), created: time(), updated: time(), - pub_key, + pub_key: Some(pub_key), rights: t.rights.clone(), last_used: time(), ip_restriction: t.ip_restriction, diff --git a/virtweb_backend/src/controllers/api_tokens_controller.rs b/virtweb_backend/src/controllers/api_tokens_controller.rs index fa32fbd..c47647e 100644 --- a/virtweb_backend/src/controllers/api_tokens_controller.rs +++ b/virtweb_backend/src/controllers/api_tokens_controller.rs @@ -10,7 +10,6 @@ use actix_web::{web, HttpResponse}; /// Create a special module for REST token to enforce usage of constructor function mod rest_token { use crate::api_tokens::Token; - use crate::utils::jwt_utils::TokenPubKey; #[derive(serde::Serialize)] pub struct RestToken { @@ -20,7 +19,7 @@ mod rest_token { impl RestToken { pub fn new(mut token: Token) -> Self { - token.pub_key = TokenPubKey::None; + token.pub_key = None; Self { token } } } diff --git a/virtweb_backend/src/extractors/api_auth_extractor.rs b/virtweb_backend/src/extractors/api_auth_extractor.rs index 19d5dff..8a26a71 100644 --- a/virtweb_backend/src/extractors/api_auth_extractor.rs +++ b/virtweb_backend/src/extractors/api_auth_extractor.rs @@ -72,7 +72,13 @@ impl FromRequest for ApiAuthExtractor { return Err(ErrorBadRequest("Unable to validate token!")); } - let claims = match jwt_utils::validate_jwt::(&token.pub_key, &token_jwt) { + let claims = match jwt_utils::validate_jwt::( + &token + .pub_key + .clone() + .expect("All tokens shall have public key!"), + &token_jwt, + ) { Ok(c) => c, Err(e) => { log::error!("Failed to validate JWT: {e}"); diff --git a/virtweb_backend/src/utils/jwt_utils.rs b/virtweb_backend/src/utils/jwt_utils.rs index d8beb25..4b0b5c6 100644 --- a/virtweb_backend/src/utils/jwt_utils.rs +++ b/virtweb_backend/src/utils/jwt_utils.rs @@ -9,21 +9,10 @@ use serde::Serialize; #[derive(serde::Serialize, serde::Deserialize, Clone, Debug, Eq, PartialEq)] #[serde(tag = "alg")] pub enum TokenPubKey { - /// This variant DOES make crash the program. It MUST NOT used to validate JWT. - /// - /// It is a hack to hide public key when getting the list of tokens - None, - /// ECDSA with SHA2-384 variant ES384 { r#pub: String }, } -impl TokenPubKey { - pub fn is_invalid(&self) -> bool { - self == &TokenPubKey::None - } -} - #[derive(serde::Serialize, serde::Deserialize, Clone, Debug)] #[serde(tag = "alg")] pub enum TokenPrivKey { @@ -71,9 +60,6 @@ pub fn validate_jwt(key: &TokenPubKey, token: &str) -> anyh let validation = Validation::new(Algorithm::ES384); Ok(jsonwebtoken::decode::(token, &decoding_key, &validation)?.claims) } - TokenPubKey::None => { - panic!("A public key is required!") - } } }