feat(storage-server): jwt based authentication

pkg/module/auth/middleware/anonymous_user.go

@@ -7,8 +7,8 @@ import (
 	"net/http"
 	"time"
 
+	"forge.cadoles.com/arcad/edge/pkg/jwtutil"
 	"forge.cadoles.com/arcad/edge/pkg/module/auth"
-	"forge.cadoles.com/arcad/edge/pkg/module/auth/jwt"
 	"github.com/google/uuid"
 	"github.com/lestrrat-go/jwx/v2/jwa"
 	"github.com/lestrrat-go/jwx/v2/jwk"
@@ -18,7 +18,7 @@ import (
 
 const AnonIssuer = "anon"
 
-func AnonymousUser(algo jwa.KeyAlgorithm, key jwk.Key, funcs ...AnonymousUserOptionFunc) func(next http.Handler) http.Handler {
+func AnonymousUser(key jwk.Key, signingAlgorithm jwa.SignatureAlgorithm, funcs ...AnonymousUserOptionFunc) func(next http.Handler) http.Handler {
 	opts := defaultAnonymousUserOptions()
 	for _, fn := range funcs {
 		fn(opts)
@@ -26,7 +26,11 @@ func AnonymousUser(algo jwa.KeyAlgorithm, key jwk.Key, funcs ...AnonymousUserOpt
 
 	return func(next http.Handler) http.Handler {
 		handler := func(w http.ResponseWriter, r *http.Request) {
-			rawToken, err := auth.FindRawToken(r)
+			rawToken, err := jwtutil.FindRawToken(r, jwtutil.WithFinders(
+				jwtutil.FindTokenFromAuthorizationHeader,
+				jwtutil.FindTokenFromQueryString(auth.CookieName),
+				jwtutil.FindTokenFromCookie(auth.CookieName),
+			))
 
 			// If request already has a raw token, we do nothing
 			if rawToken != "" && err == nil {
@@ -62,7 +66,7 @@ func AnonymousUser(algo jwa.KeyAlgorithm, key jwk.Key, funcs ...AnonymousUserOpt
 				auth.ClaimEdgeTenant:        opts.Tenant,
 			}
 
-			token, err := jwt.GenerateSignedToken(algo, key, claims)
+			token, err := jwtutil.SignedToken(key, signingAlgorithm, claims)
 			if err != nil {
 				logger.Error(ctx, "could not generate signed token", logger.E(errors.WithStack(err)))
 				http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError)