Add persistent tokens for iprose authentication (#154)

* Add trusted token * Fix config * Fix option naming * Rename tokens option * Revert deps * Fix naming
vpnhouse · Apr 27, 2024 · 5c265fd · 5c265fd
1 parent 20e682c
commit 5c265fd
Showing 1 changed file with 11 additions and 1 deletion.
diff --git a/internal/iprose/instance.go b/internal/iprose/instance.go
@@ -16,12 +16,14 @@ import (
 )
 
 type Config struct {
-	QueueSize int `yaml:"queue_size"`
+	QueueSize        int      `yaml:"queue_size"`
+	PersistentTokens []string `yaml:"persistent_tokens"`
 }
 
 type Instance struct {
 	iprose     *server.IPRoseServer
 	authorizer authorizer.JWTAuthorizer
+	config     *Config
 }
 
 func New(config *Config, jwtAuthorizer authorizer.JWTAuthorizer) (*Instance, error) {
@@ -32,6 +34,7 @@ func New(config *Config, jwtAuthorizer authorizer.JWTAuthorizer) (*Instance, err
 
 	instance := &Instance{
 		authorizer: authorizer.WithEntitlement(jwtAuthorizer, authorizer.IPRose),
+		config:     config,
 	}
 	var err error
 	instance.iprose, err = server.New(
@@ -54,6 +57,13 @@ func (instance *Instance) authenticate(r *http.Request) error {
 		return xerror.EAuthenticationFailed("no auth token", nil)
 	}
 
+	for _, t := range instance.config.PersistentTokens {
+		if userToken == t {
+			zap.L().Debug("Authenticated with fixed trusted token")
+			return nil
+		}
+	}
+
 	_, err := instance.authorizer.Authenticate(userToken, auth.AudienceTunnel)
 	if err != nil {
 		return err