WIP: Add support for TDEI access token authentication

Author: cyrossignol

CMakeLists.txt

@@ -116,6 +116,9 @@ find_package(fmt 6.0 REQUIRED)
 target_link_libraries(cgimap_common_compiler_options INTERFACE
     $<IF:$<BOOL:${ENABLE_FMT_HEADER}>,fmt::fmt-header-only,fmt::fmt>)
 
+# TDEI Workspaces - we need to link an OpenSSL implementation for JWT-CPP:
+find_package(OpenSSL REQUIRED)
+
 
 ###########################
 # source subdirectories
@@ -141,7 +144,8 @@ target_link_libraries(openstreetmap_cgimap
     cgimap_fcgi
     cgimap_apidb
     Boost::program_options
-    PQXX::PQXX)
+    PQXX::PQXX
+    OpenSSL::SSL)
 
 
 #############################################################

README

@@ -34,7 +34,8 @@ If you're running a Debian or Ubuntu system these can be installed
 using the following command:
 
     sudo apt-get install libxml2-dev libpqxx-dev libfcgi-dev zlib1g-dev libbrotli-dev \
-      libboost-program-options-dev libfmt-dev libmemcached-dev libcrypto++-dev libyajl-dev
+      libboost-program-options-dev libfmt-dev libmemcached-dev libcrypto++-dev libyajl-dev \
+      libssl-dev
 
 Note that C++17 is _required_ to build CGImap.
 
@@ -65,7 +66,7 @@ directory. For system-wide installation you still need to run:
 
 For historic reasons, CGImap provides a number of shared libraries which were
 originally intended for reuse by other applications. As there are no real world
-consumers of these libraries, a static build is used by default. If you want 
+consumers of these libraries, a static build is used by default. If you want
 to build with dynamic libraries instead, you can use the following cmake parameters:
 
     cmake .. -DBUILD_SHARED_LIBS=ON

contrib/CMakeLists.txt

@@ -4,6 +4,8 @@ disable_build_lint()
 add_subdirectory(catch2)
 add_subdirectory(libxml++)
 add_subdirectory(sjparser)
+add_subdirectory(jwt-cpp)
 
 target_link_libraries(catch2 INTERFACE cgimap_common_compiler_options)
 target_link_libraries(libxml++ PUBLIC cgimap_common_compiler_options)
+target_link_libraries(jwt-cpp INTERFACE cgimap_common_compiler_options)

contrib/jwt-cpp/CMakeLists.txt

@@ -0,0 +1,30 @@
+cmake_minimum_required(VERSION 3.14)
+
+project(jwt-cpp
+    LANGUAGES CXX)
+
+add_library(jwt-cpp INTERFACE)
+
+if(CMAKE_VERSION VERSION_GREATER_EQUAL 3.23.0)
+    target_sources(jwt-cpp
+        INTERFACE
+            FILE_SET HEADERS
+            BASE_DIRS include/
+            FILES
+                picojson/picojson.h
+                jwt-cpp/base.h
+                jwt-cpp/traits/boost-json/defaults.h
+                jwt-cpp/traits/boost-json/traits.h
+                jwt-cpp/traits/danielaparker-jsoncons/defaults.h
+                jwt-cpp/traits/danielaparker-jsoncons/traits.h
+                jwt-cpp/traits/nlohmann-json/defaults.h
+                jwt-cpp/traits/nlohmann-json/traits.h
+                jwt-cpp/traits/kazuho-picojson/defaults.h
+                jwt-cpp/traits/kazuho-picojson/traits.h
+                jwt-cpp/traits/defaults.h.mustache
+                jwt-cpp/jwt.h)
+
+else()
+    target_include_directories(jwt-cpp INTERFACE
+        include/)
+endif()

contrib/jwt-cpp/LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2018 Dominik Thalhammer
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

contrib/jwt-cpp/README.contrib

@@ -0,0 +1,5 @@
+Source: https://github.com/Thalhammer/jwt-cpp
+Revision: v0.7.0
+Commit: 08bcf77a687fb06e34138e9e9fa12a4ecbe12332
+
+This library is used for TDEI Workspaces JWT token authentication.

contrib/jwt-cpp/README.md

@@ -0,0 +1,155 @@
+<img src="https://raw.githubusercontent.com/Thalhammer/jwt-cpp/master/.github/logo.svg" alt="logo" width="100%">
+
+[![License Badge](https://img.shields.io/github/license/Thalhammer/jwt-cpp)](https://github.com/Thalhammer/jwt-cpp/blob/master/LICENSE)
+[![Codacy Badge](https://api.codacy.com/project/badge/Grade/5f7055e294744901991fd0a1620b231d)](https://app.codacy.com/gh/Thalhammer/jwt-cpp/dashboard)
+[![Linux Badge][Linux]][Cross-Platform]
+[![MacOS Badge][MacOS]][Cross-Platform]
+[![Windows Badge][Windows]][Cross-Platform]
+[![Coverage Status](https://coveralls.io/repos/github/Thalhammer/jwt-cpp/badge.svg?branch=master)](https://coveralls.io/github/Thalhammer/jwt-cpp?branch=master)
+
+[![Documentation Badge](https://img.shields.io/badge/Documentation-master-blue)](https://thalhammer.github.io/jwt-cpp/)
+
+[![Stars Badge](https://img.shields.io/github/stars/Thalhammer/jwt-cpp)](https://github.com/Thalhammer/jwt-cpp/stargazers)
+[![GitHub release (latest SemVer including pre-releases)](https://img.shields.io/github/v/release/Thalhammer/jwt-cpp?include_prereleases)](https://github.com/Thalhammer/jwt-cpp/releases)
+[![ConanCenter package](https://repology.org/badge/version-for-repo/conancenter/jwt-cpp.svg)](https://repology.org/project/jwt-cpp/versions)
+[![Vcpkg package](https://repology.org/badge/version-for-repo/vcpkg/jwt-cpp.svg)](https://repology.org/project/jwt-cpp/versions)
+
+[Linux]: https://img.shields.io/endpoint?url=https://raw.githubusercontent.com/Thalhammer/jwt-cpp/badges/cross-platform/ubuntu-latest/shields.json
+[MacOS]: https://img.shields.io/endpoint?url=https://raw.githubusercontent.com/Thalhammer/jwt-cpp/badges/cross-platform/macos-latest/shields.json
+[Windows]: https://img.shields.io/endpoint?url=https://raw.githubusercontent.com/Thalhammer/jwt-cpp/badges/cross-platform/windows-latest/shields.json
+[Cross-Platform]: https://github.com/Thalhammer/jwt-cpp/actions?query=workflow%3A%22Cross-Platform+CI%22
+
+A header only library for creating and validating [JSON Web Tokens](https://tools.ietf.org/html/rfc7519) in C++11. For a great introduction, [read this](https://jwt.io/introduction/).
+
+## Signature algorithms
+
+jwt-cpp supports all the algorithms defined by the specifications. The modular design allows to easily add additional algorithms without any problems. If you need any feel free to create a pull request or [open an issue](https://github.com/Thalhammer/jwt-cpp/issues/new).
+
+For completeness, here is a list of all supported algorithms:
+
+| HMSC  | RSA   | ECDSA  | PSS   | EdDSA   |
+|-------|-------|--------|-------|---------|
+| HS256 | RS256 | ES256  | PS256 | Ed25519 |
+| HS384 | RS384 | ES384  | PS384 | Ed448   |
+| HS512 | RS512 | ES512  | PS512 |         |
+|       |       | ES256K |       |         |
+
+## SSL Compatibility
+
+In the name of flexibility and extensibility, jwt-cpp supports [OpenSSL](https://github.com/openssl/openssl), [LibreSSL](https://github.com/libressl-portable/portable), and [wolfSSL](https://github.com/wolfSSL/wolfssl). Read [this page](docs/ssl.md) for more details. These are the version which are currently being tested:
+
+| OpenSSL           | LibreSSL       | wolfSSL        |
+|-------------------|----------------|----------------|
+| ![1.0.2u][o1.0.2] | ![3.3.6][l3.3] | ![5.1.1][w5.1] |
+| ![1.1.0i][o1.1.0] | ![3.4.3][l3.4] | ![5.2.0][w5.2] |
+| ![1.1.1q][o1.1.1] | ![3.5.3][l3.5] | ![5.3.0][w5.3] |
+| ![3.0.5][o3.0]    |                |                |
+
+> ℹ️ Note: A complete list of versions tested in the past can be found [here](https://github.com/Thalhammer/jwt-cpp/tree/badges).
+
+[o1.0.2]: https://img.shields.io/endpoint?url=https://raw.githubusercontent.com/Thalhammer/jwt-cpp/badges/openssl/1.0.2u/shields.json
+[o1.1.0]: https://img.shields.io/endpoint?url=https://raw.githubusercontent.com/Thalhammer/jwt-cpp/badges/openssl/1.1.0i/shields.json
+[o1.1.1]: https://img.shields.io/endpoint?url=https://raw.githubusercontent.com/Thalhammer/jwt-cpp/badges/openssl/1.1.1q/shields.json
+[o3.0]: https://img.shields.io/endpoint?url=https://raw.githubusercontent.com/Thalhammer/jwt-cpp/badges/openssl/3.0.5/shields.json
+[l3.3]: https://img.shields.io/endpoint?url=https://raw.githubusercontent.com/Thalhammer/jwt-cpp/badges/libressl/3.3.6/shields.json
+[l3.4]: https://img.shields.io/endpoint?url=https://raw.githubusercontent.com/Thalhammer/jwt-cpp/badges/libressl/3.4.3/shields.json
+[l3.5]: https://img.shields.io/endpoint?url=https://raw.githubusercontent.com/Thalhammer/jwt-cpp/badges/libressl/3.5.3/shields.json
+[w5.1]: https://img.shields.io/endpoint?url=https://raw.githubusercontent.com/Thalhammer/jwt-cpp/badges/wolfssl/5.1.1/shields.json
+[w5.2]: https://img.shields.io/endpoint?url=https://raw.githubusercontent.com/Thalhammer/jwt-cpp/badges/wolfssl/5.2.0/shields.json
+[w5.3]: https://img.shields.io/endpoint?url=https://raw.githubusercontent.com/Thalhammer/jwt-cpp/badges/wolfssl/5.3.0/shields.json
+
+## Overview
+
+There is no hard dependency on a JSON library. Instead, there's a generic `jwt::basic_claim` which is templated around type traits, which described the semantic [JSON types](https://json-schema.org/understanding-json-schema/reference/type.html) for a value, object, array, string, number, integer and boolean, as well as methods to translate between them.
+
+```cpp
+jwt::basic_claim<my_favorite_json_library_traits> claim(json::object({{"json", true},{"example", 0}}));
+```
+
+This allows for complete freedom when picking which libraries you want to use. For more information, [read this page](docs/traits.md)).
+
+For your convenience there are serval traits implementation which provide some popular JSON libraries. They are:
+
+[![picojson][picojson]](https://github.com/kazuho/picojson)
+[![nlohmann][nlohmann]](https://github.com/nlohmann/json)
+[![jsoncons][jsoncons]](https://github.com/danielaparker/jsoncons)
+[![boostjson][boostjson]](https://github.com/boostorg/json)
+
+[picojson]: https://img.shields.io/endpoint?url=https://raw.githubusercontent.com/Thalhammer/jwt-cpp/badges/traits/kazuho-picojson/shields.json
+[nlohmann]: https://img.shields.io/endpoint?url=https://raw.githubusercontent.com/Thalhammer/jwt-cpp/badges/traits/nlohmann-json/shields.json
+[jsoncons]: https://img.shields.io/endpoint?url=https://raw.githubusercontent.com/Thalhammer/jwt-cpp/badges/traits/danielaparker-jsoncons/shields.json
+[boostjson]: https://img.shields.io/endpoint?url=https://raw.githubusercontent.com/Thalhammer/jwt-cpp/badges/traits/boost-json/shields.json
+
+In order to maintain compatibility, [picojson](https://github.com/kazuho/picojson) is still used to provide a specialized `jwt::claim` along with all helpers. Defining `JWT_DISABLE_PICOJSON` will remove this optional dependency. It's possible to directly include the traits defaults for the other JSON libraries. See the [traits examples](https://github.com/Thalhammer/jwt-cpp/tree/master/example/traits) for details.
+
+As for the base64 requirements of JWTs, this library provides `base.h` with all the required implementation; However base64 implementations are very common, with varying degrees of performance. When providing your own base64 implementation, you can define `JWT_DISABLE_BASE64` to remove the jwt-cpp implementation.
+
+### Getting Started
+
+Simple example of decoding a token and printing all [claims](https://tools.ietf.org/html/rfc7519#section-4) ([try it out](https://github.com/Thalhammer/jwt-cpp/tree/master/example/print-claims.cpp)):
+
+```cpp
+#include <jwt-cpp/jwt.h>
+#include <iostream>
+
+int main() {
+    std::string token = "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXUyJ9.eyJpc3MiOiJhdXRoMCJ9.AbIJTDMFc7yUa5MhvcP03nJPyCPzZtQcGEp-zWfOkEE";
+    auto decoded = jwt::decode(token);
+
+    for(auto& e : decoded.get_payload_json())
+        std::cout << e.first << " = " << e.second << std::endl;
+}
+```
+
+In order to verify a token you first build a verifier and use it to verify a decoded token.
+
+```cpp
+auto verifier = jwt::verify()
+    .allow_algorithm(jwt::algorithm::hs256{ "secret" })
+    .with_issuer("auth0");
+
+verifier.verify(decoded_token);
+```
+
+The created verifier is stateless so you can reuse it for different tokens.
+
+Creating a token (and signing) is equally as easy.
+
+```cpp
+auto token = jwt::create()
+    .set_issuer("auth0")
+    .set_type("JWS")
+    .set_payload_claim("sample", jwt::claim(std::string("test")))
+    .sign(jwt::algorithm::hs256{"secret"});
+```
+
+> To see more examples working with RSA public and private keys, visit our [examples](https://github.com/Thalhammer/jwt-cpp/tree/master/example)!
+
+### Providing your own JSON Traits
+
+To learn how to writes a trait's implementation, checkout the [these instructions](docs/traits.md)
+
+## Contributing
+
+If you have an improvement or found a bug feel free to [open an issue](https://github.com/Thalhammer/jwt-cpp/issues/new) or add the change and create a pull request. If you file a bug please make sure to include as much information about your environment (compiler version, etc.) as possible to help reproduce the issue. If you add a new feature please make sure to also include test cases for it.
+
+## Dependencies
+
+In order to use jwt-cpp you need the following tools.
+
+* libcrypto (openssl or compatible)
+* libssl-dev (for the header files)
+* a compiler supporting at least c++11
+* basic stl support
+
+In order to build the test cases you also need
+
+* gtest
+* pthread
+
+## Troubleshooting
+
+See the [FAQs](docs/faqs.md) for tips.
+
+## Conference Coverage
+[![CppCon](https://img.youtube.com/vi/Oq4NW5idmiI/0.jpg)](https://www.youtube.com/watch?v=Oq4NW5idmiI)