Skip to content

Commit 5899d96

Browse files
biilmannbiilmann
committed
Fix handling of JWT verification from instance config
1 parent 8855213 commit 5899d96

File tree

1 file changed

+23
-21
lines changed

1 file changed

+23
-21
lines changed

api/middleware.go

Lines changed: 23 additions & 21 deletions
Original file line numberDiff line numberDiff line change
@@ -5,6 +5,7 @@ import (
55
"net/http"
66

77
"github.com/dgrijalva/jwt-go"
8+
"github.com/netlify/git-gateway/conf"
89
"github.com/netlify/git-gateway/models"
910
)
1011

@@ -30,40 +31,41 @@ func (a *API) loadJWSSignatureHeader(w http.ResponseWriter, r *http.Request) (co
3031

3132
func (a *API) loadInstanceConfig(w http.ResponseWriter, r *http.Request) (context.Context, error) {
3233
ctx := r.Context()
33-
config := getConfig(ctx)
34-
3534
signature := getSignature(ctx)
3635
if signature == "" {
3736
return nil, badRequestError("Operator signature missing")
3837
}
3938

39+
var config *conf.Configuration
40+
var instanceID string
41+
4042
claims := NetlifyMicroserviceClaims{}
4143
p := jwt.Parser{ValidMethods: []string{jwt.SigningMethodHS256.Name}}
4244
_, err := p.ParseWithClaims(signature, &claims, func(token *jwt.Token) (interface{}, error) {
43-
return []byte(config.JWT.Secret), nil
44-
})
45-
if err != nil {
46-
return nil, badRequestError("Operator microservice signature is invalid: %v", err)
47-
}
45+
instanceID = claims.InstanceID
46+
if instanceID == "" {
47+
return nil, badRequestError("Instance ID is missing")
48+
}
4849

49-
instanceID := claims.InstanceID
50-
if instanceID == "" {
51-
return nil, badRequestError("Instance ID is missing")
52-
}
50+
logEntrySetField(r, "instance_id", instanceID)
51+
logEntrySetField(r, "netlify_id", claims.NetlifyID)
52+
instance, err := a.db.GetInstance(instanceID)
53+
if err != nil {
54+
if models.IsNotFoundError(err) {
55+
return nil, notFoundError("Unable to locate site configuration")
56+
}
57+
return nil, internalServerError("Database error loading instance").WithInternalError(err)
58+
}
5359

54-
logEntrySetField(r, "instance_id", instanceID)
55-
logEntrySetField(r, "netlify_id", claims.NetlifyID)
56-
instance, err := a.db.GetInstance(instanceID)
57-
if err != nil {
58-
if models.IsNotFoundError(err) {
59-
return nil, notFoundError("Unable to locate site configuration")
60+
config, err = instance.Config()
61+
if err != nil {
62+
return nil, internalServerError("Error loading environment config").WithInternalError(err)
6063
}
61-
return nil, internalServerError("Database error loading instance").WithInternalError(err)
62-
}
6364

64-
config, err := instance.Config()
65+
return []byte(config.JWT.Secret), nil
66+
})
6567
if err != nil {
66-
return nil, internalServerError("Error loading environment config").WithInternalError(err)
68+
return nil, badRequestError("Operator microservice signature is invalid: %v", err)
6769
}
6870

6971
ctx = withNetlifyID(ctx, claims.NetlifyID)

0 commit comments

Comments
 (0)