snowykami/meilisearch
1
0
Fork 0
mirror of https://github.com/meilisearch/meilisearch.git synced 2024-11-26 03:55:07 +08:00
Code Issues Actions 5 Packages Projects Releases Wiki Activity

Tenant token validation is now created by a function

Browse Source
This commit is contained in:
Kerollmops 2022-03-17 17:49:24 +01:00
parent 4aef7c5ac5
commit 5bffa4b7f9
No known key found for this signature in database
GPG Key ID: 92ADA4E935E71FA4
1 changed files with 4 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
meilisearch-http/src/extractors/authentication/mod.rs
View File

@ -132,7 +132,6 @@ pub trait Policy {
pub mod policies { pub mod policies {
use jsonwebtoken::{decode, Algorithm, DecodingKey, Validation}; use jsonwebtoken::{decode, Algorithm, DecodingKey, Validation};
use once_cell::sync::Lazy;
use serde::{Deserialize, Serialize}; use serde::{Deserialize, Serialize};
use time::OffsetDateTime; use time::OffsetDateTime;
@ -141,13 +140,13 @@ pub mod policies {
// reexport actions in policies in order to be used in routes configuration. // reexport actions in policies in order to be used in routes configuration.
pub use meilisearch_auth::actions; pub use meilisearch_auth::actions;
pub static TENANT_TOKEN_VALIDATION: Lazy<Validation> = Lazy::new(|| { fn tenant_token_validation() -> Validation {
let mut validation = Validation::default(); let mut validation = Validation::default();
validation.validate_exp = false; validation.validate_exp = false;
validation.required_spec_claims.remove("exp"); validation.required_spec_claims.remove("exp");
validation.algorithms = vec![Algorithm::HS256, Algorithm::HS384, Algorithm::HS512]; validation.algorithms = vec![Algorithm::HS256, Algorithm::HS384, Algorithm::HS512];
validation validation
}); }
pub struct MasterPolicy; pub struct MasterPolicy;
@ -206,7 +205,7 @@ pub mod policies {
return None; return None;
} }
let mut validation = TENANT_TOKEN_VALIDATION.clone(); let mut validation = tenant_token_validation();
validation.insecure_disable_signature_validation(); validation.insecure_disable_signature_validation();
let dummy_key = DecodingKey::from_secret(b"secret"); let dummy_key = DecodingKey::from_secret(b"secret");
let token_data = decode::<Claims>(token, &dummy_key, &validation).ok()?; let token_data = decode::<Claims>(token, &dummy_key, &validation).ok()?;
@ -242,7 +241,7 @@ pub mod policies {
decode::<Claims>( decode::<Claims>(
token, token,
&DecodingKey::from_secret(key.as_bytes()), &DecodingKey::from_secret(key.as_bytes()),
&TENANT_TOKEN_VALIDATION, &tenant_token_validation(),
) )
.ok()?; .ok()?;