idk some bad code

tmpim · Sep 7, 2024 · efa68f5 · efa68f5
1 parent bb1e0af
commit efa68f5
Show file tree

Hide file tree

Showing 2 changed files with 85 additions and 2 deletions.
diff --git a/cmd/mini-server/main.go b/cmd/mini-server/main.go
@@ -190,6 +190,57 @@ func main() {
 		}{tmpauth.MinValidationTime().UnixMilli()})
 	})
 
+	http.HandleFunc("/header-evaluate", func(w http.ResponseWriter, r *http.Request) {
+		w.Header().Set("Content-Type", "text/plain")
+
+		var headerOption tmpauth.HeaderOption
+		err := json.NewDecoder(r.Body).Decode(&headerOption)
+		if err != nil {
+			log.Println("error decoding header option:", err)
+			http.Error(w, err.Error(), http.StatusBadRequest)
+			return
+		}
+
+		configID := r.Header.Get(tmpauth.ConfigIDHeader)
+		if configID == "" {
+			log.Println("missing config ID")
+			http.Error(w, "missing config ID", http.StatusBadRequest)
+			return
+		}
+
+		token := r.Header.Get(tmpauth.TokenHeader)
+		if token == "" {
+			log.Println("missing tmpauth token")
+			http.Error(w, "missing tmpauth token", http.StatusBadRequest)
+			return
+		}
+
+		ta, ok := tmpauthInstances[configID]
+		if !ok {
+			log.Println("invalid config ID:", configID)
+			http.Error(w, "invalid config ID", http.StatusPreconditionFailed)
+			return
+		}
+
+		cachedToken, err := ta.ParseWrappedAuthJWT(token)
+		if err != nil {
+			log.Println("error parsing token:", err)
+			http.Error(w, err.Error(), http.StatusBadRequest)
+			return
+		}
+
+		result, err := headerOption.Evaluate(cachedToken.UserDescriptor)
+		if err != nil {
+			log.Println("error evaluating header:", err)
+			http.Error(w, err.Error(), http.StatusInternalServerError)
+			return
+		}
+
+		w.WriteHeader(http.StatusOK)
+		w.Write([]byte(result))
+		return
+	})
+
 	http.HandleFunc("/tmpauth/whomst", func(w http.ResponseWriter, r *http.Request) {
 		configID := r.Header.Get(tmpauth.ConfigIDHeader)
 		if configID == "" {

diff --git a/token.go b/token.go
@@ -1,12 +1,14 @@
 package tmpauth
 
 import (
+	"bytes"
 	"crypto/sha256"
 	"encoding/base64"
 	"encoding/hex"
 	"encoding/json"
 	"errors"
 	"fmt"
+	"io"
 	"math/rand"
 	"net/http"
 	"net/url"
@@ -288,8 +290,38 @@ func (t *Tmpauth) SetHeaders(token *CachedToken, headers http.Header) error {
 				headers.Set(headerName, val)
 			} else {
 				if t.miniServerHost != "" {
-					return errors.New("tmpauth: cannot set headers when using mini server " +
-						"endpoint, mini server has a bad implementation")
+					headerConfig, err := json.Marshal(headerOption)
+					if err != nil {
+						return fmt.Errorf("tmpauth: failed to marshal header option: %w", err)
+					}
+
+					req, err := http.NewRequest(http.MethodGet, t.miniServerHost+"/header-evaluate",
+						bytes.NewReader(headerConfig))
+					if err != nil {
+						return fmt.Errorf("tmpauth: invalid mini server request: %w", err)
+					}
+
+					req.Header.Set(ConfigIDHeader, t.miniConfigID)
+					req.Header.Set(TokenHeader, token.RawToken)
+
+					req.Header.Set("Content-Type", "application/jwt")
+					resp, err := t.miniClient(req, 0)
+					if err != nil {
+						return fmt.Errorf("tmpauth: mini request failed: %w", err)
+					}
+
+					body, err := io.ReadAll(resp.Body)
+					if err != nil {
+						return fmt.Errorf("tmpauth: read all failed: %w", err)
+					}
+
+					if resp.StatusCode != http.StatusOK {
+						return fmt.Errorf("tmpauth: mini server returned %v: %v", resp.Status, string(body))
+					}
+
+					headers.Set(headerName, string(body))
+					headersToCache = append(headersToCache, [2]string{headerOption.Format, string(body)})
+					return nil
 				}
 
 				value, err := headerOption.Evaluate(token.UserDescriptor)