Merge branch 'master' of ssh://forge.cadoles.com:4242/Cadoles/go-http-peering

Migrate to namespace forge.cadoles.com/Cadoles/go-http-peering
Allow ignoring of specific client token errors
2019-10-16 11:35:15 +02:00 · 2019-10-16 11:18:34 +02:00 · 2019-05-17 13:03:32 +02:00 · 2019-05-10 14:20:01 +02:00
19 changed files with 97 additions and 58 deletions
--- a/2
+++ b/2
@ -26,7 +26,7 @@ sd-%:
 	goseq doc/sequence-diagram/$*.seq > doc/sequence-diagram/$*.svg
 doc:
-	@echo "open your browser to http://localhost:6060/pkg/forge.cadoles.com/wpetit/go-http-peering to see the documentation"
+	@echo "open your browser to http://localhost:6060/pkg/forge.cadoles.com/Cadoles/go-http-peering to see the documentation"
 	godoc -http=:6060
 bin/keygen:
--- a/README.md
+++ b/README.md
@ -2,7 +2,7 @@
 Librairie implémentant un protocole d'authentification par "appairage" d'un serveur et client HTTP basé sur [JWT](https://jwt.io/).
-[Documentation](https://godoc.org/forge.cadoles.com/wpetit/go-http-peering)
+[Documentation](https://godoc.org/forge.cadoles.com/Cadoles/go-http-peering)
 ## Séquences
--- a/chi/mount.go
+++ b/chi/mount.go
@ -3,8 +3,8 @@ package chi
 import (
 	"crypto/rsa"
-	peering "forge.cadoles.com/wpetit/go-http-peering"
+	peering "forge.cadoles.com/Cadoles/go-http-peering"
-	"forge.cadoles.com/wpetit/go-http-peering/server"
+	"forge.cadoles.com/Cadoles/go-http-peering/server"
 	"github.com/go-chi/chi"
 )
--- a/chi/mount_test.go
+++ b/chi/mount_test.go
@ -3,9 +3,9 @@ package chi
 import (
 	"testing"
-	peering "forge.cadoles.com/wpetit/go-http-peering"
+	peering "forge.cadoles.com/Cadoles/go-http-peering"
-	peeringCrypto "forge.cadoles.com/wpetit/go-http-peering/crypto"
+	peeringCrypto "forge.cadoles.com/Cadoles/go-http-peering/crypto"
-	"forge.cadoles.com/wpetit/go-http-peering/memory"
+	"forge.cadoles.com/Cadoles/go-http-peering/memory"
 	"github.com/go-chi/chi"
 )
--- a/client/client.go
+++ b/client/client.go
@ -9,11 +9,11 @@ import (
 	"net/http"
 	"time"
-	"github.com/dgrijalva/jwt-go"
+	jwt "github.com/dgrijalva/jwt-go"
-	peering "forge.cadoles.com/wpetit/go-http-peering"
+	peering "forge.cadoles.com/Cadoles/go-http-peering"
-	"forge.cadoles.com/wpetit/go-http-peering/crypto"
+	"forge.cadoles.com/Cadoles/go-http-peering/crypto"
-	"forge.cadoles.com/wpetit/go-http-peering/server"
+	"forge.cadoles.com/Cadoles/go-http-peering/server"
 )
 var (
@ -153,8 +153,8 @@ func (c *Client) addClientToken(r *http.Request, body []byte) error {
 	token := jwt.NewWithClaims(jwt.SigningMethodRS256, peering.ClientTokenClaims{
 		StandardClaims: jwt.StandardClaims{
-			NotBefore: time.Now().Unix(),
+			NotBefore: time.Now().Add(time.Minute * -1).Unix(),
-			ExpiresAt: time.Now().Add(time.Minute * 10).Unix(),
+			ExpiresAt: time.Now().Add(time.Minute * 5).Unix(),
 		},
 		BodySum: bodySum,
 	})
--- a/client/client_test.go
+++ b/client/client_test.go
@ -5,9 +5,9 @@ import (
 	"crypto/rsa"
 	"testing"
-	peeringCrypto "forge.cadoles.com/wpetit/go-http-peering/crypto"
+	peeringCrypto "forge.cadoles.com/Cadoles/go-http-peering/crypto"
-	peering "forge.cadoles.com/wpetit/go-http-peering"
+	peering "forge.cadoles.com/Cadoles/go-http-peering"
 )
 func TestClientPeerID(t *testing.T) {
--- a/cmd/keygen/create_key.go
+++ b/cmd/keygen/create_key.go
@ -3,7 +3,7 @@ package main
 import (
 	"fmt"
-	"forge.cadoles.com/wpetit/go-http-peering/crypto"
+	"forge.cadoles.com/Cadoles/go-http-peering/crypto"
 )
 func createKey() {
--- a/cmd/keygen/create_token.go
+++ b/cmd/keygen/create_token.go
@ -3,9 +3,9 @@ package main
 import (
 	"fmt"
-	"forge.cadoles.com/wpetit/go-http-peering/crypto"
+	"forge.cadoles.com/Cadoles/go-http-peering/crypto"
-	peering "forge.cadoles.com/wpetit/go-http-peering"
+	peering "forge.cadoles.com/Cadoles/go-http-peering"
 )
 func createToken() {
--- a/cmd/keygen/get_public_key.go
+++ b/cmd/keygen/get_public_key.go
@ -3,7 +3,7 @@ package main
 import (
 	"fmt"
-	"forge.cadoles.com/wpetit/go-http-peering/crypto"
+	"forge.cadoles.com/Cadoles/go-http-peering/crypto"
 )
 func getPublicKey() {
--- a/cmd/keygen/util.go
+++ b/cmd/keygen/util.go
@ -12,7 +12,7 @@ import (
 	"os"
 	"syscall"
-	"forge.cadoles.com/wpetit/go-http-peering/crypto"
+	"forge.cadoles.com/Cadoles/go-http-peering/crypto"
 	"golang.org/x/crypto/ssh/terminal"
 )
--- a/crypto/rsa.go
+++ b/crypto/rsa.go
@ -5,7 +5,7 @@ import (
 	"crypto/rsa"
 	"time"
-	peering "forge.cadoles.com/wpetit/go-http-peering"
+	peering "forge.cadoles.com/Cadoles/go-http-peering"
 	jwt "github.com/dgrijalva/jwt-go"
 )
--- a/go.mod
+++ b/go.mod
@ -1,4 +1,4 @@
-module forge.cadoles.com/wpetit/go-http-peering
+module forge.cadoles.com/Cadoles/go-http-peering
 require (
 	github.com/davecgh/go-spew v1.1.1
@ -8,3 +8,5 @@ require (
 	golang.org/x/crypto v0.0.0-20190219172222-a4c6cb3142f2
 	golang.org/x/sys v0.0.0-20190222072716-a9d3bda3a223 // indirect
 )
 go 1.13
--- a/memory/store.go
+++ b/memory/store.go
@ -4,7 +4,7 @@ import (
 	"sync"
 	"time"
-	peering "forge.cadoles.com/wpetit/go-http-peering"
+	peering "forge.cadoles.com/Cadoles/go-http-peering"
 )
 type Store struct {
--- a/server/handler.go
+++ b/server/handler.go
@ -7,8 +7,8 @@ import (
 	"net/http"
 	"time"
-	peering "forge.cadoles.com/wpetit/go-http-peering"
+	peering "forge.cadoles.com/Cadoles/go-http-peering"
-	peeringCrypto "forge.cadoles.com/wpetit/go-http-peering/crypto"
+	peeringCrypto "forge.cadoles.com/Cadoles/go-http-peering/crypto"
 )
 var (
--- a/server/middleware.go
+++ b/server/middleware.go
@ -10,9 +10,9 @@ import (
 	"io/ioutil"
 	"time"
-	peeringCrypto "forge.cadoles.com/wpetit/go-http-peering/crypto"
+	peeringCrypto "forge.cadoles.com/Cadoles/go-http-peering/crypto"
-	peering "forge.cadoles.com/wpetit/go-http-peering"
+	peering "forge.cadoles.com/Cadoles/go-http-peering"
 	jwt "github.com/dgrijalva/jwt-go"
 	"net/http"
@ -58,7 +58,13 @@ func Authenticate(store peering.Store, key *rsa.PublicKey, funcs ...OptionFunc)
 				return
 			}
-			clientClaims, err := assertClientToken(serverClaims.PeerID, store, clientToken)
+			clientClaims, err := assertClientToken(
 				serverClaims.PeerID,
 				store,
 				clientToken,
 				logger,
 				options.IgnoredClientTokenErrors...,
 			)
 			if err != nil {
 				logger.Printf("[ERROR] %s", err)
 				switch err {
@ -78,10 +84,11 @@ func Authenticate(store peering.Store, key *rsa.PublicKey, funcs ...OptionFunc)
 						return
 					}
 					sendError(w, http.StatusForbidden)
 					return
 				default:
 					sendError(w, http.StatusInternalServerError)
 					return
 				}
 				return
 			}
 			match, body, err := assertBodySum(r.Body, clientClaims.BodySum)
@ -145,7 +152,7 @@ func assertServerToken(key *rsa.PublicKey, serverToken string) (*peering.ServerT
 	return claims, nil
 }
-func assertClientToken(peerID peering.PeerID, store peering.Store, clientToken string) (*peering.ClientTokenClaims, error) {
+func assertClientToken(peerID peering.PeerID, store peering.Store, clientToken string, logger Logger, ignoredValidationErrors ...uint32) (*peering.ClientTokenClaims, error) {
 	fn := func(token *jwt.Token) (interface{}, error) {
 		peer, err := store.Get(peerID)
 		if err != nil {
@ -163,22 +170,35 @@ func assertClientToken(peerID peering.PeerID, store peering.Store, clientToken s
 		}
 		return publicKey, nil
 	}
 	getPeeringClaims := func(token *jwt.Token) (*peering.ClientTokenClaims, error) {
 		claims, ok := token.Claims.(*peering.ClientTokenClaims)
 		if !ok {
 			return nil, ErrInvalidClaims
 		}
 		return claims, nil
 	}
 	token, err := jwt.ParseWithClaims(clientToken, &peering.ClientTokenClaims{}, fn)
 	if err != nil {
 		validationError, ok := err.(*jwt.ValidationError)
 		if ok {
 			for _, c := range ignoredValidationErrors {
 				if validationError.Errors&c != 0 {
 					logger.Printf("ignoring token validation error: '%s'", validationError.Inner)
 					return getPeeringClaims(token)
 				}
 			}
 			return nil, validationError.Inner
 		}
 		return nil, err
 	}
 	if !token.Valid {
 		return nil, ErrInvalidClaims
 	}
-	claims, ok := token.Claims.(*peering.ClientTokenClaims)
+
-	if !ok {
+	return getPeeringClaims(token)
 		return nil, ErrInvalidClaims
 	}
 	return claims, nil
 }
 func assertBodySum(rc io.ReadCloser, bodySum []byte) (bool, []byte, error) {
@ -200,6 +220,15 @@ func sendError(w http.ResponseWriter, status int) {
 	http.Error(w, http.StatusText(status), status)
 }
 func filterIgnoredValidationError(err *jwt.ValidationError, ignored ...uint32) error {
 	for _, c := range ignored {
 		if err.Errors&c != 0 {
 			return nil
 		}
 	}
 	return err
 }
 func compareChecksum(body []byte, sum []byte) (bool, error) {
 	sha := sha256.New()
 	_, err := sha.Write(body)
--- a/server/option.go
+++ b/server/option.go
@ -11,9 +11,10 @@ type Logger interface {
 }
 type Options struct {
-	PeerAttributes []string
+	PeerAttributes           []string
-	ErrorHandler   ErrorHandler
+	ErrorHandler             ErrorHandler
-	Logger         Logger
+	Logger                   Logger
 	IgnoredClientTokenErrors []uint32
 }
 type OptionFunc func(*Options)
@ -38,12 +39,19 @@ func WithErrorHandler(handler ErrorHandler) OptionFunc {
 	}
 }
 func WithIgnoredClientTokenErrors(codes ...uint32) OptionFunc {
 	return func(options *Options) {
 		options.IgnoredClientTokenErrors = codes
 	}
 }
 func defaultOptions() *Options {
 	logger := log.New(os.Stdout, "[go-http-peering] ", log.LstdFlags|log.Lshortfile)
 	return &Options{
-		PeerAttributes: []string{"Label"},
+		PeerAttributes:           []string{"Label"},
-		ErrorHandler:   DefaultErrorHandler,
+		ErrorHandler:             DefaultErrorHandler,
-		Logger:         logger,
+		Logger:                   logger,
 		IgnoredClientTokenErrors: make([]uint32, 0),
 	}
 }
--- a/test/advertise_test.go
+++ b/test/advertise_test.go
@ -5,13 +5,13 @@ import (
 	"testing"
 	"time"
-	"forge.cadoles.com/wpetit/go-http-peering/client"
+	"forge.cadoles.com/Cadoles/go-http-peering/client"
-	peeringCrypto "forge.cadoles.com/wpetit/go-http-peering/crypto"
+	peeringCrypto "forge.cadoles.com/Cadoles/go-http-peering/crypto"
-	"forge.cadoles.com/wpetit/go-http-peering/memory"
+	"forge.cadoles.com/Cadoles/go-http-peering/memory"
-	"forge.cadoles.com/wpetit/go-http-peering/server"
+	"forge.cadoles.com/Cadoles/go-http-peering/server"
-	peering "forge.cadoles.com/wpetit/go-http-peering"
+	peering "forge.cadoles.com/Cadoles/go-http-peering"
-	"forge.cadoles.com/wpetit/go-http-peering/crypto"
+	"forge.cadoles.com/Cadoles/go-http-peering/crypto"
 )
 func TestAdvertise(t *testing.T) {
--- a/test/ping_test.go
+++ b/test/ping_test.go
@ -3,11 +3,11 @@ package test
 import (
 	"testing"
-	peering "forge.cadoles.com/wpetit/go-http-peering"
+	peering "forge.cadoles.com/Cadoles/go-http-peering"
-	"forge.cadoles.com/wpetit/go-http-peering/client"
+	"forge.cadoles.com/Cadoles/go-http-peering/client"
-	peeringCrypto "forge.cadoles.com/wpetit/go-http-peering/crypto"
+	peeringCrypto "forge.cadoles.com/Cadoles/go-http-peering/crypto"
-	"forge.cadoles.com/wpetit/go-http-peering/memory"
+	"forge.cadoles.com/Cadoles/go-http-peering/memory"
-	"forge.cadoles.com/wpetit/go-http-peering/server"
+	"forge.cadoles.com/Cadoles/go-http-peering/server"
 )
 func TestPing(t *testing.T) {
--- a/test/update_test.go
+++ b/test/update_test.go
@ -5,12 +5,12 @@ import (
 	"testing"
 	"time"
-	peering "forge.cadoles.com/wpetit/go-http-peering"
+	peering "forge.cadoles.com/Cadoles/go-http-peering"
-	"forge.cadoles.com/wpetit/go-http-peering/client"
+	"forge.cadoles.com/Cadoles/go-http-peering/client"
-	"forge.cadoles.com/wpetit/go-http-peering/crypto"
+	"forge.cadoles.com/Cadoles/go-http-peering/crypto"
-	peeringCrypto "forge.cadoles.com/wpetit/go-http-peering/crypto"
+	peeringCrypto "forge.cadoles.com/Cadoles/go-http-peering/crypto"
-	"forge.cadoles.com/wpetit/go-http-peering/memory"
+	"forge.cadoles.com/Cadoles/go-http-peering/memory"
-	"forge.cadoles.com/wpetit/go-http-peering/server"
+	"forge.cadoles.com/Cadoles/go-http-peering/server"
 )
 func TestUpdate(t *testing.T) {
Author	SHA1	Message	Date
William Petit	e6643cba6b	Merge branch 'master' of ssh://forge.cadoles.com:4242/Cadoles/go-http-peering	2019-10-16 11:35:15 +02:00
William Petit	e7072ccdb3	Migrate to namespace forge.cadoles.com/Cadoles/go-http-peering	2019-10-16 11:18:34 +02:00
William Petit	5f3f508329	Allow ignoring of specific client token errors	2019-05-17 13:03:32 +02:00
William Petit	dab91eea29	Fix client token generation - Set NotBefore timestamp one minute in the past to prevent false negative checks - Set NotAfter timestamp 5 minutes to the future	2019-05-10 14:20:01 +02:00