Skip to content

Commit

Permalink
Merge pull request #20 from opositatest/fix/fix-payload-decode
Browse files Browse the repository at this point in the history 
Fix payload decode
  • Loading branch information
@arivasloureiro
arivasloureiro authored May 31, 2022
2 parents 02eb2c5 + 9664e02 commit 3384514
Show file tree
Hide file tree
Showing 2 changed files with 7 additions and 6 deletions.
3 changes: 3 additions & 0 deletions CHANGELOG.md
View file
Original file line number Diff line number Diff line change
@@ -1,3 +1,6 @@
* v1.0.7
* Fix payload decode [#20](https://github.com/opositatest/varnish-jwt/pull/20)

* v1.0.6
* Remove libmov-digest dependency [#19](https://github.com/opositatest/varnish-jwt/pull/19)

Expand Down
10 changes: 4 additions & 6 deletions varnish/default.vcl
View file
Original file line number Diff line number Diff line change
Expand Up @@ -36,9 +36,7 @@ sub vcl_recv {
if(req.http.Authorization && req.http.Authorization ~ "Bearer") {
set req.http.x-token = regsuball(req.http.Authorization, "Bearer ", "");



set req.http.tmpHeader = regsub(req.http.x-token,"([^\.]+)\.[^\.]+\.[^\.]+","\1");
set req.http.tmpHeader = regsub(req.http.x-token,"([^\.]+)(.*)","\1");
set req.http.tmpHeaderDecoded = blob.transcode(decoding=BASE64, encoded=req.http.tmpHeader);


Expand All @@ -53,7 +51,7 @@ sub vcl_recv {
return(synth(401, "Invalid JWT Token: Token does not use RS256 hashing"));
}

set req.http.tmpPayload = regsub(req.http.x-token,"[^\.]+\.([^\.]+)\.[^\.]+$","\1");
set req.http.tmpPayload = regsub(req.http.x-token,"([^\.]+)\.([^\.]+)\.(.*)","\2");
set req.http.tmpRequestSig = regsub(req.http.x-token,"^[^\.]+\.[^\.]+\.([^\.]+)$","\1");

v.reset(); // need this if request restart
Expand All @@ -63,8 +61,8 @@ sub vcl_recv {
if (! v.valid( blob.decode(BASE64URLNOPAD, encoded=req.http.tmpRequestSig))) {
return (synth(401, "Invalid JWT Token: Signature"));
}

set req.http.tmpPayloadDecoded = blob.transcode(decoding=BASE64, encoded=req.http.tmpPayload);
set req.http.tmpPayloadDecoded = blob.transcode(decoding=BASE64URLNOPAD, encoded=req.http.tmpPayload);
set req.http.X-Expiration = regsub(req.http.tmpPayloadDecoded, {"^.*?"exp":([0-9]+).*?$"},"\1");

if (std.integer(req.http.X-Expiration, 0) < std.time2integer(now, 0)) {
Expand Down

0 comments on commit 3384514

Please sign in to comment.