getClaimsFromJWT and build step fix

canonical · Jul 11, 2024 · f78aff3 · f78aff3
1 parent c7d1184
commit f78aff3
Show file tree

Hide file tree

Showing 2 changed files with 17 additions and 9 deletions.
diff --git a/.github/workflows/build-rock.yaml b/.github/workflows/build-rock.yaml
@@ -43,7 +43,7 @@ jobs:
         id: test_notify
         run : |
           curl -XPOST -k -d '{"username":"admin", "password": "Admin1234"}' https://localhost:3000/api/v1/accounts
-          export ADMIN_TOKEN=(curl -XPOST -k -d '{"username":"admin", "password": "Admin1234"}' https://localhost:3000/login)
+          export ADMIN_TOKEN=$(curl -XPOST -k -d '{"username":"admin", "password": "Admin1234"}' https://localhost:3000/login)
           curl -XPOST -k -d '-----BEGIN CERTIFICATE REQUEST-----
           MIIC5zCCAc8CAQAwRzEWMBQGA1UEAwwNMTAuMTUyLjE4My41MzEtMCsGA1UELQwk
           MzlhY2UxOTUtZGM1YS00MzJiLTgwOTAtYWZlNmFiNGI0OWNmMIIBIjANBgkqhkiG

diff --git a/internal/api/middleware.go b/internal/api/middleware.go
@@ -122,14 +122,8 @@ func authMiddleware(ctx *middlewareContext) middleware {
 				logErrorAndWriteResponse("authorization header couldn't be processed. The expected format is 'Bearer <token>'", http.StatusUnauthorized, w)
 				return
 			}
-			claims := jwtGocertClaims{}
-			token, err := jwt.ParseWithClaims(bearerToken[1], &claims, func(token *jwt.Token) (interface{}, error) {
-				if _, ok := token.Method.(*jwt.SigningMethodHMAC); !ok {
-					return nil, fmt.Errorf("unexpected signing method: %v", token.Header["alg"])
-				}
-				return ctx.jwtSecret, nil
-			})
-			if err != nil || !token.Valid {
+			claims, err := getClaimsFromJWT(bearerToken[1], ctx.jwtSecret)
+			if err != nil {
 				logErrorAndWriteResponse(fmt.Sprintf("token is not valid: %s", err.Error()), http.StatusUnauthorized, w)
 				return
 			}
@@ -154,3 +148,17 @@ func authMiddleware(ctx *middlewareContext) middleware {
 		})
 	}
 }
+
+func getClaimsFromJWT(bearerToken string, jwtSecret []byte) (*jwtGocertClaims, error) {
+	claims := jwtGocertClaims{}
+	token, err := jwt.ParseWithClaims(bearerToken, &claims, func(token *jwt.Token) (interface{}, error) {
+		if _, ok := token.Method.(*jwt.SigningMethodHMAC); !ok {
+			return nil, fmt.Errorf("unexpected signing method: %v", token.Header["alg"])
+		}
+		return jwtSecret, nil
+	})
+	if err != nil || !token.Valid {
+		return nil, err
+	}
+	return &claims, nil
+}