removed variables and rewritten audience check
This commit is contained in:
dcore94
parent
fab67f754a
commit
2e3cb415a3
|
|
@ -14,8 +14,6 @@ function enforce(r) {
|
|||
request: r
|
||||
}
|
||||
|
||||
var allowedcontexts = ["{{ shinyproxy_authorized_scopes }}"]
|
||||
|
||||
log(context, "Inside NJS enforce for " + r.method + " @ " + r.headersIn.host + "/" + r.uri)
|
||||
context.authn = {}
|
||||
context.authn.token = getBearerToken(context)
|
||||
|
|
@ -26,7 +24,7 @@ function enforce(r) {
|
|||
.then(ctx=>{
|
||||
const jwt = context.authn.verified_token
|
||||
debug(context, "[PEP] Token is valid:" + njs.dump(jwt))
|
||||
if(allowedcontexts.indexOf(jwt.aud) === -1){
|
||||
if(!checkAudience(context, jwt.aud)){
|
||||
debug(context, "[PEP] Unathorized context " + jwt.aud)
|
||||
throw new Error("Unauthorized")
|
||||
}
|
||||
|
|
@ -61,6 +59,11 @@ function getBearerToken(context){
|
|||
return null;
|
||||
}
|
||||
|
||||
function checkAudience(context, aud){
|
||||
context.log("Audience to verify is " + njs.dump(aud))
|
||||
return true
|
||||
}
|
||||
|
||||
function buildAccountingRecord(context){
|
||||
const t = (new Date()).getTime()
|
||||
return {
|
||||
|
|
@ -75,8 +78,8 @@ function buildAccountingRecord(context){
|
|||
"serviceName": context.request.uri.split("app/")[1],
|
||||
"duration": 0,
|
||||
"maxInvocationTime": 0,
|
||||
"scope": "{{ shinyproxy_authorized_scopes }}",
|
||||
"host": "{{ shinyproxy_service_host }}",
|
||||
"scope": context.verified_token.aud,
|
||||
"host": icontext.request.host,
|
||||
"startTime": t,
|
||||
"id": uuid(),
|
||||
"calledMethod": context.request.method + " " + context.request.uri,
|
||||
|
|
|
|||
Loading…
Reference in New Issue