-
Notifications
You must be signed in to change notification settings - Fork 1
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
2 changed files
with
194 additions
and
86 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,105 @@ | ||
/* | ||
* Copyright 2024 Hypermode Inc. | ||
* Licensed under the terms of the Apache License, Version 2.0 | ||
* See the LICENSE file that accompanied this code for further details. | ||
* | ||
* SPDX-FileCopyrightText: 2024 Hypermode Inc. <hello@hypermode.com> | ||
* SPDX-License-Identifier: Apache-2.0 | ||
*/ | ||
|
||
package middleware | ||
|
||
import ( | ||
"context" | ||
"os" | ||
"strconv" | ||
"sync" | ||
"time" | ||
|
||
"github.com/hypermodeinc/modus/runtime/logger" | ||
) | ||
|
||
var ( | ||
globalAuthKeys *AuthKeys | ||
) | ||
|
||
type AuthKeys struct { | ||
pemPublicKeys map[string]any | ||
jwksPublicKeys map[string]any | ||
mu sync.RWMutex | ||
quit chan struct{} | ||
done chan struct{} | ||
} | ||
|
||
func newAuthKeys() *AuthKeys { | ||
return &AuthKeys{ | ||
pemPublicKeys: make(map[string]any), | ||
jwksPublicKeys: make(map[string]any), | ||
quit: make(chan struct{}), | ||
done: make(chan struct{}), | ||
} | ||
} | ||
|
||
func (ak *AuthKeys) setPemPublicKeys(keys map[string]any) { | ||
ak.mu.Lock() | ||
defer ak.mu.Unlock() | ||
ak.pemPublicKeys = keys | ||
} | ||
|
||
func (ak *AuthKeys) setJwksPublicKeys(keys map[string]any) { | ||
ak.mu.Lock() | ||
defer ak.mu.Unlock() | ||
ak.jwksPublicKeys = keys | ||
} | ||
|
||
func (ak *AuthKeys) getPemPublicKeys() map[string]any { | ||
ak.mu.RLock() | ||
defer ak.mu.RUnlock() | ||
return ak.pemPublicKeys | ||
} | ||
|
||
func (ak *AuthKeys) getJwksPublicKeys() map[string]any { | ||
ak.mu.RLock() | ||
defer ak.mu.RUnlock() | ||
return ak.jwksPublicKeys | ||
} | ||
|
||
func getJwksRefreshMinutes(ctx context.Context) int { | ||
refreshTimeStr := os.Getenv("MODUS_JWKS_REFRESH_MINUTES") | ||
if refreshTimeStr == "" { | ||
return 1440 | ||
} | ||
refreshTime, err := strconv.Atoi(refreshTimeStr) | ||
if err != nil { | ||
logger.Warn(ctx).Err(err).Msg("Invalid MODUS_JWKS_REFRESH_MINUTES value. Using default value of 1440 minutes.") | ||
return 1440 | ||
} | ||
return refreshTime | ||
} | ||
|
||
func (ak *AuthKeys) worker(ctx context.Context) { | ||
defer close(ak.done) | ||
timer := time.NewTimer(time.Duration(getJwksRefreshMinutes(ctx)) * time.Minute) | ||
|
||
defer timer.Stop() | ||
for { | ||
select { | ||
case <-timer.C: | ||
// refresh JWKS keys | ||
keysStr := os.Getenv("MODUS_JWKS_ENDPOINTS") | ||
if keysStr != "" { | ||
timer.Reset(time.Duration(getJwksRefreshMinutes(ctx)) * time.Minute) | ||
} else { | ||
keys, err := jwksEndpointsJsonToKeys(ctx, keysStr) | ||
if err != nil { | ||
logger.Error(ctx).Err(err).Msg("Auth JWKS public keys deserializing error") | ||
} else { | ||
ak.setJwksPublicKeys(keys) | ||
} | ||
} | ||
case <-ak.quit: | ||
return | ||
} | ||
} | ||
|
||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters