removed variables and rewritten audience check
This commit is contained in:
parent
fab67f754a
commit
2e3cb415a3
|
@ -14,8 +14,6 @@ function enforce(r) {
|
||||||
request: r
|
request: r
|
||||||
}
|
}
|
||||||
|
|
||||||
var allowedcontexts = ["{{ shinyproxy_authorized_scopes }}"]
|
|
||||||
|
|
||||||
log(context, "Inside NJS enforce for " + r.method + " @ " + r.headersIn.host + "/" + r.uri)
|
log(context, "Inside NJS enforce for " + r.method + " @ " + r.headersIn.host + "/" + r.uri)
|
||||||
context.authn = {}
|
context.authn = {}
|
||||||
context.authn.token = getBearerToken(context)
|
context.authn.token = getBearerToken(context)
|
||||||
|
@ -26,7 +24,7 @@ function enforce(r) {
|
||||||
.then(ctx=>{
|
.then(ctx=>{
|
||||||
const jwt = context.authn.verified_token
|
const jwt = context.authn.verified_token
|
||||||
debug(context, "[PEP] Token is valid:" + njs.dump(jwt))
|
debug(context, "[PEP] Token is valid:" + njs.dump(jwt))
|
||||||
if(allowedcontexts.indexOf(jwt.aud) === -1){
|
if(!checkAudience(context, jwt.aud)){
|
||||||
debug(context, "[PEP] Unathorized context " + jwt.aud)
|
debug(context, "[PEP] Unathorized context " + jwt.aud)
|
||||||
throw new Error("Unauthorized")
|
throw new Error("Unauthorized")
|
||||||
}
|
}
|
||||||
|
@ -61,6 +59,11 @@ function getBearerToken(context){
|
||||||
return null;
|
return null;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
function checkAudience(context, aud){
|
||||||
|
context.log("Audience to verify is " + njs.dump(aud))
|
||||||
|
return true
|
||||||
|
}
|
||||||
|
|
||||||
function buildAccountingRecord(context){
|
function buildAccountingRecord(context){
|
||||||
const t = (new Date()).getTime()
|
const t = (new Date()).getTime()
|
||||||
return {
|
return {
|
||||||
|
@ -75,8 +78,8 @@ function buildAccountingRecord(context){
|
||||||
"serviceName": context.request.uri.split("app/")[1],
|
"serviceName": context.request.uri.split("app/")[1],
|
||||||
"duration": 0,
|
"duration": 0,
|
||||||
"maxInvocationTime": 0,
|
"maxInvocationTime": 0,
|
||||||
"scope": "{{ shinyproxy_authorized_scopes }}",
|
"scope": context.verified_token.aud,
|
||||||
"host": "{{ shinyproxy_service_host }}",
|
"host": icontext.request.host,
|
||||||
"startTime": t,
|
"startTime": t,
|
||||||
"id": uuid(),
|
"id": uuid(),
|
||||||
"calledMethod": context.request.method + " " + context.request.uri,
|
"calledMethod": context.request.method + " " + context.request.uri,
|
||||||
|
|
Loading…
Reference in New Issue