feat(auth): remote and local third-party authentication

2023-07-26 07:14:49 -06:00
parent 42d49eb090
commit 8e88b5a7f1
13 changed files with 307 additions and 63 deletions
--- a/internal/jwk/jwk.go
+++ b/internal/jwk/jwk.go
@ -1,11 +1,13 @@
 package jwk

 import (
+	"context"
 	"crypto/rand"
 	"crypto/rsa"
 	"encoding/json"
 	"io/ioutil"
 	"os"
+	"time"

 	"github.com/btcsuite/btcd/btcutil/base58"
 	"github.com/lestrrat-go/jwx/v2/jwa"
@ -34,7 +36,7 @@ func Parse(src []byte, options ...jwk.ParseOption) (Set, error) {
 	return jwk.Parse(src, options...)
 }

-func PublicKeySet(keys ...jwk.Key) (jwk.Set, error) {
+func RS256PublicKeySet(keys ...jwk.Key) (jwk.Set, error) {
 	set := jwk.NewSet()

 	for _, k := range keys {
@ -85,6 +87,27 @@ func LoadOrGenerate(path string, size int) (jwk.Key, error) {
 	return key, nil
 }

+func CreateCachedRemoteKeySet(ctx context.Context, url string, refreshInterval time.Duration) (func(context.Context) (jwk.Set, error), error) {
+	cache := jwk.NewCache(ctx)
+
+	if err := cache.Register(url, jwk.WithMinRefreshInterval(refreshInterval)); err != nil {
+		return nil, errors.WithStack(err)
+	}
+
+	if _, err := cache.Refresh(ctx, url); err != nil {
+		return nil, errors.WithStack(err)
+	}
+
+	return func(ctx context.Context) (jwk.Set, error) {
+		keySet, err := cache.Get(ctx, url)
+		if err != nil {
+			return nil, errors.WithStack(err)
+		}
+
+		return keySet, nil
+	}, nil
+}
+
 func Generate(size int) (jwk.Key, error) {
 	privKey, err := rsa.GenerateKey(rand.Reader, size)
 	if err != nil {
--- a/internal/jwk/jwk_test.go
+++ b/internal/jwk/jwk_test.go
@ -12,7 +12,7 @@ func TestJWK(t *testing.T) {
 		t.Fatalf("%+v", errors.WithStack(err))
 	}

-	keySet, err := PublicKeySet(privateKey)
+	keySet, err := RS256PublicKeySet(privateKey)
 	if err != nil {
 		t.Fatalf("%+v", errors.WithStack(err))
 	}