mirror of
https://github.com/alibaba/higress.git
synced 2026-06-01 00:27:26 +08:00
a86aaadaa4
Signed-off-by: Betula-L <6059935+Betula-L@users.noreply.github.com> Co-authored-by: Betula-L <6059935+Betula-L@users.noreply.github.com>
83 lines
2.3 KiB
Go
83 lines
2.3 KiB
Go
// Copyright (c) 2023 Alibaba Group Holding Ltd.
|
|
//
|
|
// Licensed under the Apache License, Version 2.0 (the "License");
|
|
// you may not use this file except in compliance with the License.
|
|
// You may obtain a copy of the License at
|
|
//
|
|
// http://www.apache.org/licenses/LICENSE-2.0
|
|
//
|
|
// Unless required by applicable law or agreed to in writing, software
|
|
// distributed under the License is distributed on an "AS IS" BASIS,
|
|
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
// See the License for the specific language governing permissions and
|
|
// limitations under the License.
|
|
|
|
package main
|
|
|
|
import (
|
|
"github.com/alibaba/higress/plugins/wasm-go/extensions/jwt-auth/config"
|
|
"github.com/alibaba/higress/plugins/wasm-go/extensions/jwt-auth/handler"
|
|
"github.com/higress-group/wasm-go/pkg/log"
|
|
"github.com/higress-group/wasm-go/pkg/wrapper"
|
|
"github.com/tidwall/gjson"
|
|
)
|
|
|
|
// @Name jwt-proxy
|
|
// @Category auth
|
|
// @Phase UNSPECIFIED_PHASE
|
|
// @Priority 0
|
|
// @Title zh-CN jwt验证
|
|
// @Description zh-CN 通过jwt进行验证
|
|
// @Version 0.1.0
|
|
//
|
|
// @Contact.name Ink33
|
|
// @Contact.url https://github.com/Ink-33
|
|
// @Contact.email ink33@smlk.org
|
|
//
|
|
// @Example
|
|
//
|
|
// {
|
|
// "consumers": [
|
|
// {
|
|
// "name": "example-consumer",
|
|
// "issuer": "https://issuer.example.com",
|
|
// "remote_jwks": {
|
|
// "service_name": "issuer.example.com.dns",
|
|
// "service_host": "issuer.example.com",
|
|
// "service_port": 443,
|
|
// "path": "/.well-known/jwks.json"
|
|
// },
|
|
// "jwks_cache_duration": 600,
|
|
// "jwks_fetch_timeout": 1500
|
|
// },
|
|
// {
|
|
// "name": "inline-consumer",
|
|
// "issuer": "https://issuer.example.com",
|
|
// "jwks": "{\"keys\":[...]}"
|
|
// }
|
|
// ]
|
|
// }
|
|
//
|
|
// @End
|
|
func main() {}
|
|
|
|
func init() {
|
|
wrapper.SetCtx(
|
|
// 插件名称
|
|
"jwt-auth",
|
|
// 为解析插件配置,设置自定义函数
|
|
wrapper.ParseConfigBy(parseGlobalConfig),
|
|
wrapper.ParseOverrideConfigBy(parseGlobalConfig, config.ParseRuleConfig),
|
|
// 为处理请求头,设置自定义函数
|
|
wrapper.ProcessRequestHeadersBy(handler.OnHTTPRequestHeaders),
|
|
)
|
|
}
|
|
|
|
func parseGlobalConfig(json gjson.Result, cfg *config.JWTAuthConfig, logger log.Log) error {
|
|
if err := config.ParseGlobalConfig(json, cfg, logger); err != nil {
|
|
return err
|
|
}
|
|
handler.PruneRemoteJWKsCache(cfg.Consumers)
|
|
return nil
|
|
}
|