JWT white list support

Signed-off-by: Avelino <t@avelino.xxx>

config/config.go

@@ -53,6 +53,7 @@ type Prest struct {
 	PGConnTimeout    int
 	JWTKey           string
 	JWTAlgo          string
+	JWTWhiteList     string `toml:"jwt_whitelist" cfg:"jwt_whitelist"`
 	MigrationsPath   string
 	QueriesPath      string
 	AccessConf       AccessConf
@@ -103,6 +104,7 @@ func viperCfg() {
 	viper.SetDefault("debug", false)
 	viper.SetDefault("jwt.default", true)
 	viper.SetDefault("jwt.algo", "HS256")
+	viper.SetDefault("jwt.whitelist", "/auth")
 	viper.SetDefault("cors.allowheaders", []string{"*"})
 	viper.SetDefault("cache.enable", true)
 	viper.SetDefault("context", "/")
@@ -177,6 +179,7 @@ func Parse(cfg *Prest) (err error) {
 	cfg.PGConnTimeout = viper.GetInt("pg.conntimeout")
 	cfg.JWTKey = viper.GetString("jwt.key")
 	cfg.JWTAlgo = viper.GetString("jwt.algo")
+	cfg.JWTWhiteList = viper.GetString("jwt.whitelist")
 	cfg.MigrationsPath = viper.GetString("migrations")
 	cfg.AccessConf.Restrict = viper.GetBool("access.restrict")
 	cfg.QueriesPath = viper.GetString("queries.location")

middlewares/middlewares.go

@@ -3,6 +3,7 @@ package middlewares
 import (
 	"context"
 	"fmt"
+	"log"
 	"net/http"
 	"net/http/httptest"
 	"strconv"
@@ -104,7 +105,26 @@ func JwtMiddleware(key string, algo string) negroni.Handler {
 		},
 		SigningMethod: jwt.GetSigningMethod(algo),
 	})
-	return negroni.HandlerFunc(jwtMiddleware.HandlerWithNext)
+	// return negroni.HandlerFunc(jwtMiddleware.HandlerWithNext)
+
+	return negroni.HandlerFunc(func(w http.ResponseWriter, r *http.Request, next http.HandlerFunc) {
+		match, err := MatchURL(r.URL.String())
+		if err != nil {
+			http.Error(w, fmt.Sprintf(`{"error": "%v"}`, err), http.StatusInternalServerError)
+			return
+		}
+		if match {
+			next(w, r)
+			return
+		}
+		err = jwtMiddleware.CheckJWT(w, r)
+		if err != nil {
+			log.Println("check jwt error", err.Error())
+			w.Write([]byte(fmt.Sprintf(`{"error": "%v"}`, err.Error())))
+			return
+		}
+		next(w, r)
+	})
 }
 
 // Cors middleware

middlewares/utils.go

@@ -6,9 +6,11 @@ import (
 	"io/ioutil"
 	"net/http"
 	"net/http/httptest"
+	"regexp"
 	"strings"
 
 	"github.com/clbanning/mxj/j2x"
+	"github.com/prest/prest/config"
 	"github.com/prest/prest/middlewares/statements"
 )
 
@@ -112,3 +114,14 @@ func checkCors(r *http.Request, origin []string) (allowed bool) {
 	}
 	return
 }
+
+// MatchURL matches the given url with a whitelist from config.core
+func MatchURL(url string) (match bool, err error) {
+	for _, exp := range strings.Fields(config.PrestConf.JWTWhiteList) {
+		match, err = regexp.Match(exp, []byte(url))
+		if match || err != nil {
+			return
+		}
+	}
+	return
+}

middlewares/utils_test.go

@@ -56,3 +56,51 @@ func Test_checkCors(t *testing.T) {
 		t.Error("expected false, got true")
 	}
 }
+
+
+func TestMatchURL(t *testing.T) {
+	test := []struct {
+		Label        string
+		URL          string
+		JWTWhiteList string
+		match        bool
+	}{
+		{
+			Label:        "auth",
+			URL:          "/auth",
+			JWTWhiteList: `\/auth`,
+			match:        true,
+		},
+		{
+			Label:        "auth regex",
+			URL:          "/auth/any",
+			JWTWhiteList: `\/auth\/.*`,
+			match:        true,
+		},
+		{
+			Label:        "auth2 lock",
+			URL:          "/auth2",
+			JWTWhiteList: `\/auth`,
+			match:        true,
+		},
+		{
+			Label:        "multi allow",
+			URL:          "/auth",
+			JWTWhiteList: `\/auth \/databases`,
+			match:        true,
+		}
+	}
+
+	for _, tt := range test {
+		t.Run(tt.Label, func(t *testing.T) {
+			config.Get.JWTWhiteList = tt.JWTWhiteList
+			match, err := MatchURL(tt.URL)
+			if err != nil {
+				t.Error(err)
+			}
+			if match != tt.match {
+				t.Errorf("expected %v, but got %v\n", tt.match, match)
+			}
+		})
+	}
+}