mirror of
https://github.com/meilisearch/MeiliSearch
synced 2024-11-26 14:54:27 +01:00
Change the jsonwebtoken crate usage
This commit is contained in:
parent
ac48860bbb
commit
968053649b
@ -131,7 +131,7 @@ pub trait Policy {
|
|||||||
}
|
}
|
||||||
|
|
||||||
pub mod policies {
|
pub mod policies {
|
||||||
use jsonwebtoken::{dangerous_insecure_decode, decode, Algorithm, DecodingKey, Validation};
|
use jsonwebtoken::{decode, Algorithm, DecodingKey, Validation};
|
||||||
use once_cell::sync::Lazy;
|
use once_cell::sync::Lazy;
|
||||||
use serde::{Deserialize, Serialize};
|
use serde::{Deserialize, Serialize};
|
||||||
use time::OffsetDateTime;
|
use time::OffsetDateTime;
|
||||||
@ -141,10 +141,11 @@ pub mod policies {
|
|||||||
// reexport actions in policies in order to be used in routes configuration.
|
// reexport actions in policies in order to be used in routes configuration.
|
||||||
pub use meilisearch_auth::actions;
|
pub use meilisearch_auth::actions;
|
||||||
|
|
||||||
pub static TENANT_TOKEN_VALIDATION: Lazy<Validation> = Lazy::new(|| Validation {
|
pub static TENANT_TOKEN_VALIDATION: Lazy<Validation> = Lazy::new(|| {
|
||||||
validate_exp: false,
|
let mut validation = Validation::default();
|
||||||
algorithms: vec![Algorithm::HS256, Algorithm::HS384, Algorithm::HS512],
|
validation.validate_exp = false;
|
||||||
..Default::default()
|
validation.algorithms = vec![Algorithm::HS256, Algorithm::HS384, Algorithm::HS512];
|
||||||
|
validation
|
||||||
});
|
});
|
||||||
|
|
||||||
pub struct MasterPolicy;
|
pub struct MasterPolicy;
|
||||||
@ -204,12 +205,19 @@ pub mod policies {
|
|||||||
return None;
|
return None;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
let mut validation = Validation::default();
|
||||||
|
validation.validate_exp = false;
|
||||||
|
validation.validate_nbf = false;
|
||||||
|
validation.insecure_disable_signature_validation();
|
||||||
|
let dummy_key = DecodingKey::from_secret(b"secret");
|
||||||
|
let token_data = decode::<Claims>(token, &dummy_key, &validation).ok()?;
|
||||||
|
|
||||||
// get token fields without validating it.
|
// get token fields without validating it.
|
||||||
let Claims {
|
let Claims {
|
||||||
search_rules,
|
search_rules,
|
||||||
exp,
|
exp,
|
||||||
api_key_prefix,
|
api_key_prefix,
|
||||||
} = dangerous_insecure_decode::<Claims>(token).ok()?.claims;
|
} = token_data.claims;
|
||||||
|
|
||||||
// Check index access if an index restriction is provided.
|
// Check index access if an index restriction is provided.
|
||||||
if let Some(index) = index {
|
if let Some(index) = index {
|
||||||
|
Loading…
Reference in New Issue
Block a user