Change the jsonwebtoken crate usage

This commit is contained in:
Kerollmops 2022-03-14 16:23:53 +01:00
parent ac48860bbb
commit 968053649b
No known key found for this signature in database
GPG Key ID: 92ADA4E935E71FA4

View File

@ -131,7 +131,7 @@ pub trait Policy {
} }
pub mod policies { pub mod policies {
use jsonwebtoken::{dangerous_insecure_decode, decode, Algorithm, DecodingKey, Validation}; use jsonwebtoken::{decode, Algorithm, DecodingKey, Validation};
use once_cell::sync::Lazy; use once_cell::sync::Lazy;
use serde::{Deserialize, Serialize}; use serde::{Deserialize, Serialize};
use time::OffsetDateTime; use time::OffsetDateTime;
@ -141,10 +141,11 @@ pub mod policies {
// reexport actions in policies in order to be used in routes configuration. // reexport actions in policies in order to be used in routes configuration.
pub use meilisearch_auth::actions; pub use meilisearch_auth::actions;
pub static TENANT_TOKEN_VALIDATION: Lazy<Validation> = Lazy::new(|| Validation { pub static TENANT_TOKEN_VALIDATION: Lazy<Validation> = Lazy::new(|| {
validate_exp: false, let mut validation = Validation::default();
algorithms: vec![Algorithm::HS256, Algorithm::HS384, Algorithm::HS512], validation.validate_exp = false;
..Default::default() validation.algorithms = vec![Algorithm::HS256, Algorithm::HS384, Algorithm::HS512];
validation
}); });
pub struct MasterPolicy; pub struct MasterPolicy;
@ -204,12 +205,19 @@ pub mod policies {
return None; return None;
} }
let mut validation = Validation::default();
validation.validate_exp = false;
validation.validate_nbf = false;
validation.insecure_disable_signature_validation();
let dummy_key = DecodingKey::from_secret(b"secret");
let token_data = decode::<Claims>(token, &dummy_key, &validation).ok()?;
// get token fields without validating it. // get token fields without validating it.
let Claims { let Claims {
search_rules, search_rules,
exp, exp,
api_key_prefix, api_key_prefix,
} = dangerous_insecure_decode::<Claims>(token).ok()?.claims; } = token_data.claims;
// Check index access if an index restriction is provided. // Check index access if an index restriction is provided.
if let Some(index) = index { if let Some(index) = index {