Remove last use of v4 jwtauth

2024-08-30 18:22:48 +00:00 · 2023-06-01 11:37:25 +10:00 · 2023-06-01 11:37:25 +10:00 · b437119535
commit b437119535
parent d5a75bb708
4 changed files with 10 additions and 10 deletions
--- a/backend/go.mod
+++ b/backend/go.mod
@ -13,7 +13,6 @@ require (
 	github.com/glebarez/sqlite v1.8.0
 	github.com/go-chi/chi/v5 v5.0.8
 	github.com/go-chi/cors v1.2.1
-	github.com/go-chi/jwtauth v4.0.4+incompatible
 	github.com/go-chi/jwtauth/v5 v5.1.0
 	github.com/jc21/go-sse v0.0.0-20230307071053-2e6b1dbcb7ec
 	github.com/jc21/jsref v0.0.0-20210608024405-a97debfc4760
@ -36,7 +35,6 @@ require (
 	github.com/decred/dcrd/dcrec/secp256k1/v4 v4.1.0 // indirect
 	github.com/dustin/go-humanize v1.0.1 // indirect
 	github.com/glebarez/go-sqlite v1.21.1 // indirect
-	github.com/go-chi/chi v4.1.2+incompatible // indirect
 	github.com/go-sql-driver/mysql v1.7.1 // indirect
 	github.com/goccy/go-json v0.9.11 // indirect
 	github.com/google/uuid v1.3.0 // indirect
--- a/backend/go.sum
+++ b/backend/go.sum
@ -26,14 +26,10 @@ github.com/glebarez/go-sqlite v1.21.1 h1:7MZyUPh2XTrHS7xNEHQbrhfMZuPSzhkm2A1qgg0
 github.com/glebarez/go-sqlite v1.21.1/go.mod h1:ISs8MF6yk5cL4n/43rSOmVMGJJjHYr7L2MbZZ5Q4E2E=
 github.com/glebarez/sqlite v1.8.0 h1:02X12E2I/4C1n+v90yTqrjRa8yuo7c3KeHI3FRznCvc=
 github.com/glebarez/sqlite v1.8.0/go.mod h1:bpET16h1za2KOOMb8+jCp6UBP/iahDpfPQqSaYLTLx8=
-github.com/go-chi/chi v4.1.2+incompatible h1:fGFk2Gmi/YKXk0OmGfBh0WgmN3XB8lVnEyNz34tQRec=
-github.com/go-chi/chi v4.1.2+incompatible/go.mod h1:eB3wogJHnLi3x/kFX2A+IbTBlXxmMeXJVKy9tTv1XzQ=
 github.com/go-chi/chi/v5 v5.0.8 h1:lD+NLqFcAi1ovnVZpsnObHGW4xb4J8lNmoYVfECH1Y0=
 github.com/go-chi/chi/v5 v5.0.8/go.mod h1:DslCQbL2OYiznFReuXYUmQ2hGd1aDpCnlMNITLSKoi8=
 github.com/go-chi/cors v1.2.1 h1:xEC8UT3Rlp2QuWNEr4Fs/c2EAGVKBwy/1vHx3bppil4=
 github.com/go-chi/cors v1.2.1/go.mod h1:sSbTewc+6wYHBBCW7ytsFSn836hqM7JxpglAy2Vzc58=
-github.com/go-chi/jwtauth v4.0.4+incompatible h1:LGIxg6YfvSBzxU2BljXbrzVc1fMlgqSKBQgKOGAVtPY=
-github.com/go-chi/jwtauth v4.0.4+incompatible/go.mod h1:Q5EIArY/QnD6BdS+IyDw7B2m6iNbnPxtfd6/BcmtWbs=
 github.com/go-chi/jwtauth/v5 v5.1.0 h1:wJyf2YZ/ohPvNJBwPOzZaQbyzwgMZZceE1m8FOzXLeA=
 github.com/go-chi/jwtauth/v5 v5.1.0/go.mod h1:MA93hc1au3tAQwCKry+fI4LqJ5MIVN4XSsglOo+lSc8=
 github.com/go-errors/errors v1.4.2 h1:J6MZopCL4uSllY1OfXM374weqZFFItUbrImctkmUxIA=
--- a/backend/internal/api/handler/schema.go
+++ b/backend/internal/api/handler/schema.go
@ -48,9 +48,9 @@ func getSchema() []byte {
 			return nil
 		}

-		provider := provider.NewIoFS(apiDocsSub, "")
+		prov := provider.NewIoFS(apiDocsSub, "")
 		resolver := jsref.New()
-		err := resolver.AddProvider(provider)
+		err := resolver.AddProvider(prov)
 		if err != nil {
 			logger.Error("SchemaProviderError", err)
 		}
--- a/backend/internal/api/middleware/sse_auth.go
+++ b/backend/internal/api/middleware/sse_auth.go
@ -6,7 +6,7 @@ import (
 	h "npm/internal/api/http"
 	"npm/internal/entity/user"

-	"github.com/go-chi/jwtauth"
+	"github.com/go-chi/jwtauth/v5"
 )

 // SSEAuth will validate that the jwt token provided to get this far is a SSE token
@ -33,7 +33,13 @@ func SSEAuth(next http.Handler) http.Handler {

 		userID := uint(claims["uid"].(float64))
 		_, enabled := user.IsEnabled(userID)
-		if token == nil || !token.Valid || !enabled || !claims.VerifyIssuer("sse", true) {
+		if token == nil || !enabled {
+			h.ResultErrorJSON(w, r, http.StatusUnauthorized, "Unauthorised", nil)
+			return
+		}
+
+		iss, _ := token.Get("iss")
+		if iss != "sse" {
 			h.ResultErrorJSON(w, r, http.StatusUnauthorized, "Unauthorised", nil)
 			return
 		}