Skip to content

Commit

Permalink
chore(websocket): [WIP] Making JWT algos configurable (apache#25521)
Browse files Browse the repository at this point in the history
  • Loading branch information
craig-rueda authored Oct 23, 2023
1 parent e4173d9 commit 861ee8b
Show file tree
Hide file tree
Showing 3 changed files with 8 additions and 2 deletions.
1 change: 1 addition & 0 deletions superset-websocket/config.example.json
Original file line number Diff line number Diff line change
Expand Up @@ -16,6 +16,7 @@
"ssl": false
},
"redisStreamPrefix": "async-events-",
"jwtAlgorithms": ["HS256"],
"jwtSecret": "CHANGE-ME",
"jwtCookieName": "async-token"
}
2 changes: 2 additions & 0 deletions superset-websocket/src/config.ts
Original file line number Diff line number Diff line change
Expand Up @@ -36,6 +36,7 @@ type ConfigType = {
redisStreamPrefix: string;
redisStreamReadCount: number;
redisStreamReadBlockMs: number;
jwtAlgorithms: string[];
jwtSecret: string;
jwtCookieName: string;
jwtChannelIdKey: string;
Expand All @@ -53,6 +54,7 @@ function defaultConfig(): ConfigType {
redisStreamPrefix: 'async-events-',
redisStreamReadCount: 100,
redisStreamReadBlockMs: 5000,
jwtAlgorithms: ['HS256'],
jwtSecret: '',
jwtCookieName: 'async-token',
jwtChannelIdKey: 'channel',
Expand Down
7 changes: 5 additions & 2 deletions superset-websocket/src/index.ts
Original file line number Diff line number Diff line change
Expand Up @@ -20,7 +20,7 @@ import * as http from 'http';
import * as net from 'net';
import WebSocket from 'ws';
import { v4 as uuidv4 } from 'uuid';
import jwt from 'jsonwebtoken';
import jwt, { Algorithm } from 'jsonwebtoken';
import cookie from 'cookie';
import Redis from 'ioredis';
import StatsD from 'hot-shots';
Expand Down Expand Up @@ -261,7 +261,10 @@ const readChannelId = (request: http.IncomingMessage): string => {
const token = cookies[opts.jwtCookieName];

if (!token) throw new Error('JWT not present');
const jwtPayload = jwt.verify(token, opts.jwtSecret) as JwtPayload;
const jwtPayload = jwt.verify(token, opts.jwtSecret, {
algorithms: opts.jwtAlgorithms as Algorithm[],
complete: false,
}) as JwtPayload;
const channelId = jwtPayload[opts.jwtChannelIdKey];

if (!channelId) throw new Error('Channel ID not present in JWT');
Expand Down

0 comments on commit 861ee8b

Please sign in to comment.