- Update of Dockerfile of testdata to use golang 1.22

- Refactoring of logic in JwtMiddleware
- Removing of comment in french that was a duplicate of correct comment in middlewares_test.go
- Added timeout to WellKnown Config http call
- Renaming of JWTWellKnown config parameter to JWTWellKnownURL for more precision

config/config.go

@@ -15,6 +15,7 @@ import (
 	"github.com/prest/prest/cache"
 
 	"net/http"
+	"time"
 
 	homedir "github.com/mitchellh/go-homedir"
 	"github.com/spf13/viper"
@@ -88,7 +89,7 @@ type Prest struct {
 	PGCache              bool
 	JWTKey               string
 	JWTAlgo              string
-	JWTWellKnown         string
+	JWTWellKnownURL      string
 	JWTJWKS              string
 	JWTWhiteList         []string
 	JSONAggType          string
@@ -179,7 +180,7 @@ func viperCfg() {
 
 	viper.SetDefault("jwt.default", true)
 	viper.SetDefault("jwt.algo", "HS256")
-	viper.SetDefault("jwt.wellknown", "")
+	viper.SetDefault("jwt.wellknownurl", "")
 	viper.SetDefault("jwt.jwks", "")
 	viper.SetDefault("jwt.whitelist", []string{"/auth"})
 
@@ -281,7 +282,7 @@ func Parse(cfg *Prest) {
 	cfg.SingleDB = viper.GetBool("pg.single")
 	cfg.JWTKey = viper.GetString("jwt.key")
 	cfg.JWTAlgo = viper.GetString("jwt.algo")
-	cfg.JWTWellKnown = viper.GetString("jwt.wellknown")
+	cfg.JWTWellKnownURL = viper.GetString("jwt.wellknownurl")
 	cfg.JWTJWKS = viper.GetString("jwt.jwks")
 	cfg.JWTWhiteList = viper.GetStringSlice("jwt.whitelist")
 	fetchJWKS(cfg)
@@ -373,7 +374,7 @@ func parseDatabaseURL(cfg *Prest) {
 
 // fetchJWKS tries to get the JWKS from the URL in the config
 func fetchJWKS(cfg *Prest) {
-	if cfg.JWTWellKnown == "" {
+	if cfg.JWTWellKnownURL == "" {
 		log.Debugln("no JWT WellKnown url found, skipping")
 		return
 	}
@@ -383,9 +384,13 @@ func fetchJWKS(cfg *Prest) {
 	}
 
 	// Call provider to obtain .well-known config
-	r, err := http.Get(cfg.JWTWellKnown)
+	client := &http.Client{
+		Timeout: 5 * time.Second,
+	}
+
+	r, err := client.Get(cfg.JWTWellKnownURL)
 	if err != nil {
-		log.Errorf("Cannot get .well-known configuration from '%s'. err: %v\n", cfg.JWTWellKnown, err)
+		log.Errorf("Cannot get .well-known configuration from '%s'. err: %v\n", cfg.JWTWellKnownURL, err)
 		return
 	}
 	defer r.Body.Close()
@@ -398,7 +403,13 @@ func fetchJWKS(cfg *Prest) {
 	}
 
 	//Retrieve the JWKS from the endpoint
-	JWKSet, err := jwk.Fetch(context.Background(), wellKnown["jwks_uri"].(string))
+	uri, ok := wellKnown["jwks_uri"].(string)
+	if !ok {
+		log.Errorf("Unable to convert .WellKnown configuration of jwks_uri to a string.")
+		return
+	}
+
+	JWKSet, err := jwk.Fetch(context.Background(), uri)
 	if err != nil {
 		err := fmt.Errorf("failed to parse JWK: %s", err)
 		log.Errorf("Failed to fetch JWK: %v\n", err)

config/config_test.go

@@ -96,7 +96,7 @@ func TestParse(t *testing.T) {
 		require.Equal(t, "HS512", cfg.JWTAlgo)
 	})
 
-	t.Run("PREST_JWT_WELLKNOWN", func(t *testing.T) {
+	t.Run("PREST_JWT_WELLKNOWNURL", func(t *testing.T) {
 		serverJWKS := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
 			w.WriteHeader(http.StatusOK)
 			w.Header().Set("Content-Type", "application/json")
@@ -111,11 +111,11 @@ func TestParse(t *testing.T) {
 		}))
 		defer serverWellKnown.Close()
 
-		t.Setenv("PREST_JWT_WELLKNOWN", serverWellKnown.URL)
+		t.Setenv("PREST_JWT_WELLKNOWNURL", serverWellKnown.URL)
 		viperCfg()
 		cfg := &Prest{}
 		Parse(cfg)
-		require.Equal(t, serverWellKnown.URL, cfg.JWTWellKnown)
+		require.Equal(t, serverWellKnown.URL, cfg.JWTWellKnownURL)
 	})
 
 	t.Run("PREST_JWT_JWKS", func(t *testing.T) {
@@ -259,7 +259,7 @@ func Test_fetchJWKS(t *testing.T) {
 	}))
 	defer serverWellKnown.Close()
 
-	c := &Prest{JWTWellKnown: serverWellKnown.URL}
+	c := &Prest{JWTWellKnownURL: serverWellKnown.URL}
 	fetchJWKS(c)
 	require.Equal(t, `{"keys":[{"alg":"RS256","e":"AQAB","kid":"lmjNOucrGdRiN7XlpWJbQRIzSeKBS7OD-92xrhch6kw","kty":"RSA","n":"9GPbUNJ_7dgq8k0eTbcCZtFMn-oTVpFHjzIi7nuyMm9TvIZNyu0q0O3buSIVTUWWhlakSgTp7hrRbldvxLmA4RSSs8oUw2Pm64q9oCdr0eXcnhL6mnfHASwpVed-aKMbM1Zlh1buDjPU0Ah_6D8sZaxqfOtMfrhT9LySbi91k2Hu16YJ6QK_RTj5BNjLZZSs2ns8-JdZKA-oL0RQwkEqO_QJrRvTWUhwguzpx4zACWc5zAQSWvDImbynH3N9L-rt2KoK3p2Zd0YZlCnZzK0iyYUHkVtTVixTFkYc-itceyZD64Z49q8vu478gIvu4dI8m3GIYeisZkKWBE5sjczvvw","use":"sig","x5c":["MIICmzCCAYMCBgGOLghSADANBgkqhkiG9w0BAQsFADARMQ8wDQYDVQQDDAZtYXN0ZXIwHhcNMjQwMzExMTQ1OTQxWhcNMzQwMzExMTUwMTIxWjARMQ8wDQYDVQQDDAZtYXN0ZXIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQD0Y9tQ0n/t2CryTR5NtwJm0Uyf6hNWkUePMiLue7Iyb1O8hk3K7SrQ7du5IhVNRZaGVqRKBOnuGtFuV2/EuYDhFJKzyhTDY+brir2gJ2vR5dyeEvqad8cBLClV535ooxszVmWHVu4OM9TQCH/oPyxlrGp860x+uFP0vJJuL3WTYe7XpgnpAr9FOPkE2MtllKzaezz4l1koD6gvRFDCQSo79AmtG9NZSHCC7OnHjMAJZznMBBJa8MiZvKcfc30v6u3YqgrenZl3RhmUKdnMrSLJhQeRW1NWLFMWRhz6K1x7JkPrhnj2ry+7jvyAi+7h0jybcYhh6KxmQpYETmyNzO+/AgMBAAEwDQYJKoZIhvcNAQELBQADggEBAAIDB54QwrWSQPou8UlGkpA8D3/Ws0ZGNiFutyIAQU0bzhzSB99AMsPl/4OJm5CGqpZMVyuLFgQHlMaArzeQJK7/8qN6piDZPP6A2lSRYuMJ/a8ciIVvjnepSUF+xx7PqeAnoarH8lxbdwhloBswnxn4iNcWTTMnxo73Ak9jpabj1m1a4e9+li6S8xCyA1AHxFXbjjAp5GxRvcUV2o3rMsDqdjM0IoU/+NNuCGtKApdTZNpFuk71AoKpM2/oxjuexEpOggyF30Pk5IdAgNtFMfD+pwcqzvSACbtKvk6VnSx4UtsFPWuizhWefWIkuV+7ml60NFMyD3eo28U9BQs2veU="],"x5t":"tUcTw0bM8ciXw9zIMlalEfyxdd8","x5t#S256":"eF-XsrHWa6gw8qC4W8RXJgA49xvac_7V-Tz7fdpS7ZM"},{"alg":"RSA-OAEP","e":"AQAB","kid":"V3rRzf_j1beZjEmQnDeT8r8ZVnXpjW1Gk3635CTCEGk","kty":"RSA","n":"1q1Iz-eyhnCWCBRKgq0xKm6cF2zHAi_a-L99OdwgnUgoGfut5bBTU2hGx9R1IGKn0loDjICtU64DVFpOaT7jY7oIG4BsQN3Et5H6O3XlVim5NQgMYVC6hKAreqnnVylUk-XfVvrQOotVkGfMFdARuBaLx1ubFxIHUONi2Mjgl2nZ8mmKg_GCsd5uKfJJ965zqSQu1CFn26YccTPp2doih4rykTGPVJdL5PVp3z4t9rTlahHbgCvv3E50yVK7LCNgtS9nmcZbD0meLqIZi3MoV0dBB_9C-qrEsevAIlPuXUmwtcbyDXOb1m7Xq_MPV_EASzoPYYjmk3k09zJ_p1EUTQ","use":"enc","x5c":["MIICmzCCAYMCBgGOLghSlzANBgkqhkiG9w0BAQsFADARMQ8wDQYDVQQDDAZtYXN0ZXIwHhcNMjQwMzExMTQ1OTQxWhcNMzQwMzExMTUwMTIxWjARMQ8wDQYDVQQDDAZtYXN0ZXIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDWrUjP57KGcJYIFEqCrTEqbpwXbMcCL9r4v3053CCdSCgZ+63lsFNTaEbH1HUgYqfSWgOMgK1TrgNUWk5pPuNjuggbgGxA3cS3kfo7deVWKbk1CAxhULqEoCt6qedXKVST5d9W+tA6i1WQZ8wV0BG4FovHW5sXEgdQ42LYyOCXadnyaYqD8YKx3m4p8kn3rnOpJC7UIWfbphxxM+nZ2iKHivKRMY9Ul0vk9WnfPi32tOVqEduAK+/cTnTJUrssI2C1L2eZxlsPSZ4uohmLcyhXR0EH/0L6qsSx68AiU+5dSbC1xvINc5vWbter8w9X8QBLOg9hiOaTeTT3Mn+nURRNAgMBAAEwDQYJKoZIhvcNAQELBQADggEBAIKBZNe4GmyfqRW6Ee8ai1umbstAmyK3W1kP2i0xxINTlvY2rwblV8UCrdyi3laD7zvZy1midZmpKqtZqWpiNigeZ5aUt76paYvdSl5TAuvZGDGoEAhmmECbnDSQKLp36rCn7NlrgiTDfZZ2PvIKZ3cXClzqXLF/iC6uGiKOgY5yOFOa5QgsfItpJmmxHtTzrRF70RVsbZCexB1Lt4bcId6Y3x2w7JNUjKIhf1RZ3QZx8+3xBM4cJ83h2J4nE0+IlFeAJL3VLGdeOk+z+FGMu2mYkxJwkxd9Wl2ubqrRcNy0t61Bgp3s40BgD10pzvawTXl7lEgabc/jzN2R0lcXmLo="],"x5t":"n5Y_Obidr330txi13j50zHzVbfg","x5t#S256":"f-Hrw_t_qUq86Ux0J2EckWVycuM3L_IjdOK6DW0DFoc"}]}`, c.JWTJWKS)
 }

middlewares/middlewares.go

@@ -148,12 +148,9 @@ func JwtMiddleware(key string, JWKSet string) negroni.Handler {
 			return
 		}
 		out := auth.Claims{}
-		var rawkey interface{}
+		var rawkey interface{} = []byte(key)
 
-		//Tester l'ensemble des types de clés...
-		if JWKSet == "" {
-			rawkey = []byte(key)
-		} else {
+		if JWKSet != "" {
 			parsedJWKSet, err := jwk.ParseString(JWKSet)
 			if err != nil {
 				err := fmt.Errorf("failed to parse JWKSet JSON string: %v", err)

testdata/Dockerfile

@@ -1,4 +1,4 @@
-FROM registry.hub.docker.com/library/golang:1.20
+FROM registry.hub.docker.com/library/golang:1.22
 WORKDIR /workspace
 RUN apt update && apt install -y postgresql-client