Started with RSA jwt support

eXo-OpenSource · Jul 22, 2019 · 4cf2219 · 4cf2219
1 parent 528d05f
commit 4cf2219
Show file tree

Hide file tree

Showing 4 changed files with 79 additions and 14 deletions.
diff --git a/module/CFunctions.cpp b/module/CFunctions.cpp
@@ -6,24 +6,40 @@
 #include <jwt-cpp/jwt.h>
 #include <sstream>
 #include "UItils.h"
+#include <fstream>
+#include "Crypto.h"
 
 #ifndef _WIN32
 	#include <sys/stat.h>
 #endif
 
 int CFunctions::sign_jwt_token(lua_State* lua_vm)
 {
-	// string jwtSign(table claims, string algorithm, string secret)
-	if (lua_type(lua_vm, 1) != LUA_TTABLE || lua_type(lua_vm, 2) != LUA_TSTRING || lua_type(lua_vm, 3) != LUA_TSTRING)
+	// string jwtSign(table claims, string algorithm, string secret/publicKeyPath, string? privateKey)
+	if (lua_type(lua_vm, 1) != LUA_TTABLE || lua_type(lua_vm, 2) != LUA_TSTRING || lua_type(lua_vm, 3) != LUA_TSTRING || 
+		(lua_type(lua_vm, 4) != LUA_TNONE && lua_type(lua_vm, 4) != LUA_TSTRING))
 	{
 		pModuleManager->ErrorPrintf("Bad argument @ jwtSign\n");
 		lua_pushboolean(lua_vm, false);
 		return 1;
 	}
-
-	const auto claims    = Utils::parse_named_table(lua_vm, 1);
-	const auto algorithm = lua_tostring(lua_vm, 2);
-	const auto secret    = lua_tostring(lua_vm, 3);
+
+	const auto claims           = Utils::parse_named_table(lua_vm, 1);
+	const auto algorithm        = lua_tostring(lua_vm, 2);
+	const auto public_key_path  = lua_tostring(lua_vm, 3);
+	const auto private_key_path = lua_tostring(lua_vm, 4);
+
+	std::string public_key = public_key_path, private_key;
+	if (lua_type(lua_vm, 4) != LUA_TNONE)
+	{
+		std::string pub_path;
+		if (!Crypto::read_key_pair(public_key_path, private_key_path, &public_key, &private_key))
+		{
+			pModuleManager->ErrorPrintf("Bad argument @ jwtVerify\n");
+			lua_pushboolean(lua_vm, false);
+			return 1;
+		}
+	}
 
 	const auto& now = std::chrono::system_clock::now();
 	auto jwt = jwt::create()
@@ -36,28 +52,42 @@ int CFunctions::sign_jwt_token(lua_State* lua_vm)
 		jwt.set_payload_claim(pair.first, pair.second);
 	}
 
-	lua_pushstring(lua_vm, jwt.sign(jwt::algorithm::hs256{ secret }).c_str());
+	lua_pushstring(lua_vm, jwt.sign(jwt::algorithm::hs256(public_key)).c_str());
 	return 1;
 }
 
 int CFunctions::verify_jwt_token(lua_State* lua_vm)
 {
-	// bool jwtVerify(string token, string algorithm, string secret)
-	if (lua_type(lua_vm, 1) != LUA_TSTRING || lua_type(lua_vm, 2) != LUA_TSTRING || lua_type(lua_vm, 3) != LUA_TSTRING)
+	// bool jwtVerify(string token, string algorithm, string secret/publicKeyPath, string? privateKey)
+	if (lua_type(lua_vm, 1) != LUA_TSTRING || lua_type(lua_vm, 2) != LUA_TSTRING || lua_type(lua_vm, 3) != LUA_TSTRING ||
+		(lua_type(lua_vm, 4) != LUA_TNONE && lua_type(lua_vm, 4) != LUA_TSTRING))
 	{
 		pModuleManager->ErrorPrintf("Bad argument @ jwtVerify\n");
 		lua_pushboolean(lua_vm, false);
 		return 1;
 	}
 
-	const auto token     = lua_tostring(lua_vm, 1);
-	const auto algorithm = lua_tostring(lua_vm, 2);
-	const auto secret    = lua_tostring(lua_vm, 3);
+	const auto token            = lua_tostring(lua_vm, 1);
+	const auto algorithm        = lua_tostring(lua_vm, 2);
+	const auto public_key_path  = lua_tostring(lua_vm, 3);
+	const auto private_key_path = lua_tostring(lua_vm, 4);
+
+	std::string public_key = public_key_path, private_key;
+	if (lua_type(lua_vm, 4) != LUA_TNONE)
+	{
+		std::string pub_path;
+		if (!Crypto::read_key_pair(public_key_path, private_key_path, &public_key, &private_key))
+		{
+			pModuleManager->ErrorPrintf("Bad argument @ jwtVerify\n");
+			lua_pushboolean(lua_vm, false);
+			return 1;
+		}
+	}
 
 	try {
 		const auto decoded_jwt = jwt::decode(token);
 		jwt::verify()
-			.allow_algorithm(jwt::algorithm::hs256{ secret })
+			.allow_algorithm(jwt::algorithm::hs256(public_key))
 			.verify(decoded_jwt);
 
 		lua_pushboolean(lua_vm, true);

diff --git a/module/Crypto.cpp b/module/Crypto.cpp
@@ -0,0 +1,6 @@
+#include "Crypto.h"
+
+bool Crypto::read_key_pair(const std::string& public_key_path, const std::string& private_key_path, std::string* public_key, std::string* private_key)
+{
+	return false;
+}
diff --git a/module/Crypto.h b/module/Crypto.h
@@ -0,0 +1,10 @@
+#pragma once
+#include <string>
+
+class Crypto
+{
+public:
+	static bool read_key_pair(const std::string& public_key_path, const std::string& private_key_path,
+	                          std::string* public_key, std::string* private_key);
+};
+
diff --git a/module/UItils.h b/module/UItils.h
@@ -28,5 +28,24 @@ class Utils
 		}
 
 		return result;
-	} 
+	}
+
+	static inline bool format_path(lua_State* lua_vm, const std::string& input_path, std::string* formatted_path)
+	{
+		char buf[300];
+		if (!pModuleManager->GetResourceFilePath(lua_vm, input_path.c_str(), buf, sizeof(buf)))
+		{
+			return false;
+		}
+
+		// Check if path is valid
+		const std::string path{ buf };
+		if (path.find("..") != std::string::npos)
+		{
+			return false;
+		}
+
+		*formatted_path = path;
+		return true;
+	}
 };