Fixed rate limit panic when authenticatin with a link share auth token (#97)
This commit is contained in:
konrad
Gitea
parent
fdd1624121
commit
6140920cb8
3 changed files with 22 additions and 18 deletions
|
|
@ -19,7 +19,10 @@ package v1
|
|||
import (
|
||||
"code.vikunja.io/api/pkg/config"
|
||||
"code.vikunja.io/api/pkg/models"
|
||||
"code.vikunja.io/web"
|
||||
"github.com/dgrijalva/jwt-go"
|
||||
"github.com/labstack/echo/v4"
|
||||
"net/http"
|
||||
"time"
|
||||
)
|
||||
|
||||
|
|
@ -65,3 +68,17 @@ func NewLinkShareJWTAuthtoken(share *models.LinkSharing) (token string, err erro
|
|||
// Generate encoded token and send it as response.
|
||||
return t.SignedString([]byte(config.ServiceJWTSecret.GetString()))
|
||||
}
|
||||
|
||||
// GetAuthFromClaims returns a web.Auth object from jwt claims
|
||||
func GetAuthFromClaims(c echo.Context) (a web.Auth, err error) {
|
||||
jwtinf := c.Get("user").(*jwt.Token)
|
||||
claims := jwtinf.Claims.(jwt.MapClaims)
|
||||
typ := int(claims["type"].(float64))
|
||||
if typ == AuthTypeLinkShare && config.ServiceEnableLinkSharing.GetBool() {
|
||||
return models.GetLinkShareFromClaims(claims)
|
||||
}
|
||||
if typ == AuthTypeUser {
|
||||
return models.GetUserFromClaims(claims)
|
||||
}
|
||||
return nil, echo.NewHTTPError(http.StatusBadRequest, models.Message{Message: "Invalid JWT token."})
|
||||
}
|
||||
|
|
|
|||
|
|
@ -20,8 +20,8 @@ package routes
|
|||
import (
|
||||
"code.vikunja.io/api/pkg/config"
|
||||
"code.vikunja.io/api/pkg/log"
|
||||
"code.vikunja.io/api/pkg/models"
|
||||
"code.vikunja.io/api/pkg/red"
|
||||
apiv1 "code.vikunja.io/api/pkg/routes/api/v1"
|
||||
"github.com/labstack/echo/v4"
|
||||
"github.com/ulule/limiter/v3"
|
||||
"github.com/ulule/limiter/v3/drivers/store/memory"
|
||||
|
|
@ -40,11 +40,11 @@ func RateLimit(rateLimiter *limiter.Limiter) echo.MiddlewareFunc {
|
|||
case "ip":
|
||||
rateLimitKey = c.RealIP()
|
||||
case "user":
|
||||
user, err := models.GetCurrentUser(c)
|
||||
auth, err := apiv1.GetAuthFromClaims(c)
|
||||
if err != nil {
|
||||
log.Errorf("Error while getting the current user for rate limiting: %s", err)
|
||||
log.Errorf("Error getting auth from jwt claims: %v", err)
|
||||
}
|
||||
rateLimitKey = "user_" + strconv.FormatInt(user.ID, 10)
|
||||
rateLimitKey = "user_" + strconv.FormatInt(auth.GetID(), 10)
|
||||
default:
|
||||
log.Errorf("Unknown rate limit kind configured: %s", config.RateLimitKind.GetString())
|
||||
}
|
||||
|
|
|
|||
|
|
@ -48,11 +48,9 @@ import (
|
|||
"code.vikunja.io/web"
|
||||
"code.vikunja.io/web/handler"
|
||||
"github.com/asaskevich/govalidator"
|
||||
"github.com/dgrijalva/jwt-go"
|
||||
"github.com/labstack/echo/v4"
|
||||
"github.com/labstack/echo/v4/middleware"
|
||||
elog "github.com/labstack/gommon/log"
|
||||
"net/http"
|
||||
"strings"
|
||||
)
|
||||
|
||||
|
|
@ -109,18 +107,7 @@ func NewEcho() *echo.Echo {
|
|||
|
||||
// Handler config
|
||||
handler.SetAuthProvider(&web.Auths{
|
||||
AuthObject: func(c echo.Context) (web.Auth, error) {
|
||||
jwtinf := c.Get("user").(*jwt.Token)
|
||||
claims := jwtinf.Claims.(jwt.MapClaims)
|
||||
typ := int(claims["type"].(float64))
|
||||
if typ == apiv1.AuthTypeLinkShare && config.ServiceEnableLinkSharing.GetBool() {
|
||||
return models.GetLinkShareFromClaims(claims)
|
||||
}
|
||||
if typ == apiv1.AuthTypeUser {
|
||||
return models.GetUserFromClaims(claims)
|
||||
}
|
||||
return nil, echo.NewHTTPError(http.StatusBadRequest, models.Message{Message: "Invalid JWT token."})
|
||||
},
|
||||
AuthObject: apiv1.GetAuthFromClaims,
|
||||
})
|
||||
handler.SetLoggingProvider(log.GetLogger())
|
||||
|
||||
|
|
|
|||
Loading…
Reference in a new issue