feat(lib): annotate cookies with what rule was passed (#576)
* feat(lib): annotate cookies with what rule was passed Anubis JWTs now contain a policyRule claim with the cryptographic hash of the rule that it passed. This is intended to help with a future move away from proof of work being the default. Signed-off-by: Xe Iaso <me@xeiaso.net> * test(lib): fix cookie storage logic Signed-off-by: Xe Iaso <me@xeiaso.net> --------- Signed-off-by: Xe Iaso <me@xeiaso.net>
This commit is contained in:
Xe Iaso
GitHub
parent
28ab29389c
commit
fbbab5a035
4 changed files with 164 additions and 23 deletions
|
|
@ -12,6 +12,7 @@ import (
|
|||
"github.com/TecharoHQ/anubis/lib/policy"
|
||||
"github.com/TecharoHQ/anubis/web"
|
||||
"github.com/a-h/templ"
|
||||
"github.com/golang-jwt/jwt/v5"
|
||||
)
|
||||
|
||||
func (s *Server) SetCookie(w http.ResponseWriter, name, value, path string) {
|
||||
|
|
@ -151,3 +152,11 @@ func (s *Server) ServeHTTPNext(w http.ResponseWriter, r *http.Request) {
|
|||
s.next.ServeHTTP(w, r)
|
||||
}
|
||||
}
|
||||
|
||||
func (s *Server) signJWT(claims jwt.MapClaims) (string, error) {
|
||||
claims["iat"] = time.Now().Unix()
|
||||
claims["nbf"] = time.Now().Add(-1 * time.Minute).Unix()
|
||||
claims["exp"] = time.Now().Add(s.opts.CookieExpiration).Unix()
|
||||
|
||||
return jwt.NewWithClaims(jwt.SigningMethodEdDSA, claims).SignedString(s.priv)
|
||||
}
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue