ditch jwt for oauth
Thibault Duplessis
parent
6c15f0233f
commit
878409ea57
|
|
@ -32,7 +32,7 @@ scriptClasspath := Seq("*")
|
|||
libraryDependencies ++= Seq(
|
||||
scalaz, chess, compression, scalalib, hasher, typesafeConfig, findbugs,
|
||||
reactivemongo.driver, reactivemongo.iteratees, akka.actor, akka.slf4j,
|
||||
maxmind, prismic, netty, guava, jwt,
|
||||
maxmind, prismic, netty, guava,
|
||||
kamon.core, kamon.influxdb,
|
||||
java8compat, semver, scrimage, scalaConfigs, scaffeine
|
||||
)
|
||||
|
|
@ -268,7 +268,7 @@ lazy val irwin = module("irwin", Seq(common, db, user, game, tournament, mod)).s
|
|||
)
|
||||
|
||||
lazy val oauth = module("oauth", Seq(common, db, user)).settings(
|
||||
libraryDependencies ++= provided(play.api, reactivemongo.driver, jwt)
|
||||
libraryDependencies ++= provided(play.api, reactivemongo.driver)
|
||||
)
|
||||
|
||||
lazy val security = module("security", Seq(common, hub, db, user, i18n, slack, oauth)).settings(
|
||||
|
|
|
|||
|
|
@ -267,9 +267,6 @@ oauth {
|
|||
access_token = oauth_access_token
|
||||
app = oauth_client
|
||||
}
|
||||
jwt {
|
||||
public_key = ""
|
||||
}
|
||||
base_url = ${net.protocol}oauth.${net.domain}/
|
||||
}
|
||||
recaptcha {
|
||||
|
|
|
|||
|
|
@ -15,7 +15,6 @@ final class Env(
|
|||
val DbConfig = config getConfig "mongodb"
|
||||
val CollectionAccessToken = config getString "collection.access_token"
|
||||
val CollectionApp = config getString "collection.app"
|
||||
val JwtPublicKey = config getString "jwt.public_key"
|
||||
}
|
||||
import settings._
|
||||
|
||||
|
|
@ -27,7 +26,6 @@ final class Env(
|
|||
|
||||
lazy val server = new OAuthServer(
|
||||
tokenColl = tokenColl,
|
||||
jwtPublicKey = JWT.PublicKey(JwtPublicKey),
|
||||
asyncCache = asyncCache
|
||||
)
|
||||
|
||||
|
|
|
|||
|
|
@ -1,7 +1,6 @@
|
|||
package lila.oauth
|
||||
|
||||
import org.joda.time.DateTime
|
||||
import pdi.jwt.{ Jwt, JwtAlgorithm }
|
||||
import play.api.http.HeaderNames.AUTHORIZATION
|
||||
import play.api.libs.json.Json
|
||||
import play.api.mvc.{ RequestHeader, Result }
|
||||
|
|
@ -12,7 +11,6 @@ import lila.user.{ User, UserRepo }
|
|||
|
||||
final class OAuthServer(
|
||||
tokenColl: Coll,
|
||||
jwtPublicKey: JWT.PublicKey,
|
||||
asyncCache: lila.memo.AsyncCache.Builder
|
||||
) {
|
||||
|
||||
|
|
@ -23,15 +21,7 @@ final class OAuthServer(
|
|||
def auth(req: RequestHeader, scopes: List[OAuthScope]): Fu[AuthResult] = {
|
||||
req.headers.get(AUTHORIZATION).map(_.split(" ", 2)) match {
|
||||
case Some(Array("Bearer", tokenStr)) => for {
|
||||
accessTokenId <- {
|
||||
if (tokenStr.size == AccessToken.idSize) fuccess(AccessToken.Id(tokenStr))
|
||||
else Jwt.decodeRaw(tokenStr, jwtPublicKey.value, Seq(JwtAlgorithm.RS256)).fold(
|
||||
err => fufail(InvalidToken),
|
||||
jsonStr => (Json.parse(jsonStr) str "jti").fold[Fu[AccessToken.Id]](fufail(InvalidToken)) { t =>
|
||||
fuccess(AccessToken.Id(t))
|
||||
}
|
||||
)
|
||||
}
|
||||
accessTokenId <- fuccess(AccessToken.Id(tokenStr))
|
||||
accessToken <- {
|
||||
if (accessTokenId.isPersonal) personalAccessTokenCache.get(accessTokenId)
|
||||
else fetchAccessToken(accessTokenId)
|
||||
|
|
@ -71,7 +61,6 @@ object OAuthServer {
|
|||
case object ServerOffline extends AuthError("OAuth server is offline! Try again soon.")
|
||||
case object MissingAuthorizationHeader extends AuthError("Missing authorization header")
|
||||
case object InvalidAuthorizationHeader extends AuthError("Invalid authorization header")
|
||||
case object InvalidToken extends AuthError("Invalid token")
|
||||
case object NoSuchToken extends AuthError("No such token")
|
||||
case class MissingScope(scopes: List[OAuthScope]) extends AuthError("Missing scope")
|
||||
case object NoSuchUser extends AuthError("No such user")
|
||||
|
|
|
|||
|
|
@ -1,7 +0,0 @@
|
|||
package lila.oauth
|
||||
|
||||
case class AccessTokenJWT(value: String) extends AnyVal
|
||||
|
||||
object JWT {
|
||||
case class PublicKey(value: String) extends AnyVal
|
||||
}
|
||||
|
|
@ -359,9 +359,8 @@ object UserRepo {
|
|||
}(scala.collection.breakOut)
|
||||
}
|
||||
|
||||
def setSeenAt(id: ID): Unit = {
|
||||
def setSeenAt(id: ID): Unit =
|
||||
coll.updateFieldUnchecked($id(id), "seenAt", DateTime.now)
|
||||
}
|
||||
|
||||
def recentlySeenNotKidIdsCursor(since: DateTime)(implicit cp: CursorProducer[Bdoc]) =
|
||||
coll.find($doc(
|
||||
|
|
|
|||
|
|
@ -41,7 +41,6 @@ object Dependencies {
|
|||
val guava = "com.google.guava" % "guava" % "21.0"
|
||||
val specs2 = "org.specs2" %% "specs2-core" % "4.0.2" % "test"
|
||||
val specs2Scalaz = "org.specs2" %% "specs2-scalaz" % "4.0.2" % "test"
|
||||
val jwt = "com.pauldijou" %% "jwt-core" % "0.14.1"
|
||||
|
||||
object reactivemongo {
|
||||
val version = "0.12.3"
|
||||
|
|
|
|||
Loading…
Reference in New Issue