Transfer JWT claims to CGI environment variables

Author: jung-kurt

README.md

@@ -263,6 +263,27 @@ the response looks the same except for the following lines:
 	POST_DATA         [city=San%20Francisco]
 	REQUEST_METHOD    [POST]
 
+### JSON web tokens
+
+If you protect your CGI application with the [Caddy JWT][jwt] middleware, your
+program will have access to the token's payload claims by means of environment
+variables. For example, the following token claims
+
+	{
+		"sub": "1234567890",
+		"user": "quixote",
+		"admin": true,
+	}
+
+will be available with the following environment variables
+
+	HTTP_TOKEN_CLAIM_SUB=1234567890
+	HTTP_TOKEN_CLAIM_USER=doe
+	HTTP_TOKEN_CLAIM_ADMIN=true
+
+All values are conveyed as strings, so some conversion may be necessary in your
+program.
+
 ### Fossil Example
 
 The [fossil][fossil] distributed software management tool is a native
@@ -466,10 +487,11 @@ at sample/min.php:
 [fossil]: https://www.fossil-scm.org/
 [github]: https://github.com/jung-kurt/caddy-cgi
 [jung]: https://github.com/jung-kurt/
+[jwt]: https://github.com/BTBurke/caddy-jwt
 [key]: class:key
-[subkey]: class:subkey
 [license]: https://raw.githubusercontent.com/jung-kurt/caddy-cgi/master/LICENSE
 [match]: https://golang.org/pkg/path/#Match
 [php]: http://php.net/
 [report]: https://goreportcard.com/report/github.com/jung-kurt/caddy-cgi
+[subkey]: class:subkey
 [travis]: https://travis-ci.org/jung-kurt/caddy-cgi

cgi.go

@@ -23,6 +23,7 @@ import (
 	"net/http/cgi"
 	"path"
 	"path/filepath"
+	"strings"
 
 	"github.com/mholt/caddy/caddyhttp/httpserver"
 )
@@ -62,7 +63,7 @@ func currentDir() (wdStr string) {
 // setupCall instantiates a CGI handler based on the incoming request and the
 // configuration rule that it matches.
 func setupCall(h handlerType, rule ruleType, lfStr, rtStr string,
-	rep httpserver.Replacer, username string) (cgiHnd cgi.Handler) {
+	rep httpserver.Replacer, hdr http.Header, username string) (cgiHnd cgi.Handler) {
 	cgiHnd.Root = "/"
 	cgiHnd.Dir = h.root
 	rep.Set("root", h.root)
@@ -86,6 +87,13 @@ func setupCall(h handlerType, rule ruleType, lfStr, rtStr string,
 	envAdd("PATH_INFO", rtStr)
 	envAdd("SCRIPT_FILENAME", cgiHnd.Path)
 	envAdd("SCRIPT_NAME", lfStr)
+	// Convey JSON Web Token claims to CGI app by means of environment
+	for key, list := range hdr {
+		if strings.HasPrefix(key, "Token-Claim-") {
+			cgiHnd.Env = append(cgiHnd.Env, strings.ToUpper(key)+"="+
+				strings.Join(list, "\t"))
+		}
+	}
 	cgiHnd.InheritEnv = append(cgiHnd.InheritEnv, rule.passEnvs...)
 	cgiHnd.InheritEnv = append(cgiHnd.InheritEnv, rule.passEnvs...)
 	for _, str := range rule.args {
@@ -106,7 +114,7 @@ func (h handlerType) ServeHTTP(w http.ResponseWriter, r *http.Request) (code int
 				// Retrieve name of remote user that was set by some downstream middleware,
 				// possibly basicauth.
 				remoteUser, _ := r.Context().Value(httpserver.RemoteUserCtxKey).(string) // Blank if not set
-				cgiHnd := setupCall(h, rule, lfStr, rtStr, rep, remoteUser)
+				cgiHnd := setupCall(h, rule, lfStr, rtStr, rep, r.Header, remoteUser)
 				cgiHnd.Stderr = &buf
 				cgiHnd.ServeHTTP(w, r)
 				if buf.Len() > 0 {

cgi_test.go

@@ -64,14 +64,15 @@ func TestServe(t *testing.T) {
 	}
 
 	expectStr := `code [0], error [example error message]
-[    ]
+[---] [---] [---] [quixote] [] []
 code [0], error [example error message]
-[/1930/05/11 name=Edsger%20W.%20Dijkstra   ]
+[/1930/05/11] [---] [---] [---] [name=Edsger%20W.%20Dijkstra] [quixote]
 code [0], error [example error message]
-[12 --example   ]
+[---] [12] [--example] [quixote] [] []
 code [0], error [example error message]
-[/1930/05/11 12 --example name=Edsger%20W.%20Dijkstra ]
+[/1930/05/11] [---] [12] [--example] [name=Edsger%20W.%20Dijkstra] [quixote]
 `
+
 	// Testing the ServeHTTP method requires OS-specific CGI scripts, because a
 	// system call is made to respond to the request.
 	if runtime.GOOS == "linux" || runtime.GOOS == "darwin" {
@@ -80,6 +81,9 @@ code [0], error [example error message]
 			hnd, err = handlerGet(directiveList[dirJ], "./test")
 			if err == nil {
 				srv = httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+					r.Header.Set("Token-Claim-User", "quixote")
+					r.Header.Set("Token-Claim-Language", "en-GB")
+					r.Header.Add("Token-Claim-Language", "en-AU")
 					code, err = hnd.ServeHTTP(w, r)
 					if err != nil {
 						fmt.Fprintf(&buf, "code [%d], error [%s]\n", code, err)

doc.go

@@ -260,6 +260,27 @@ the response looks the same except for the following lines:
 	POST_DATA         [city=San%20Francisco]
 	REQUEST_METHOD    [POST]
 
+JSON web tokens
+
+If you protect your CGI application with the Caddy JWT middleware, your
+program will have access to the token's payload claims by means of environment
+variables. For example, the following token claims
+
+	{
+		"sub": "1234567890",
+		"user": "quixote",
+		"admin": true,
+	}
+
+will be available with the following environment variables
+
+	HTTP_TOKEN_CLAIM_SUB=1234567890
+	HTTP_TOKEN_CLAIM_USER=doe
+	HTTP_TOKEN_CLAIM_ADMIN=true
+
+All values are conveyed as strings, so some conversion may be necessary in your
+program.
+
 Fossil Example
 
 The fossil distributed software management tool is a native

doc/cgi.md

@@ -266,6 +266,27 @@ the response looks the same except for the following lines:
 	POST_DATA         [city=San%20Francisco]
 	REQUEST_METHOD    [POST]
 
+### JSON web tokens
+
+If you protect your CGI application with the [Caddy JWT][jwt] middleware, your
+program will have access to the token's payload claims by means of environment
+variables. For example, the following token claims
+
+	{
+		"sub": "1234567890",
+		"user": "quixote",
+		"admin": true,
+	}
+
+will be available with the following environment variables
+
+	HTTP_TOKEN_CLAIM_SUB=1234567890
+	HTTP_TOKEN_CLAIM_USER=doe
+	HTTP_TOKEN_CLAIM_ADMIN=true
+
+All values are conveyed as strings, so some conversion may be necessary in your
+program.
+
 ### Fossil Example
 
 The [fossil][fossil] distributed software management tool is a native
@@ -469,10 +490,11 @@ at sample/min.php:
 [fossil]: https://www.fossil-scm.org/
 [github]: https://github.com/jung-kurt/caddy-cgi
 [jung]: https://github.com/jung-kurt/
+[jwt]: https://github.com/BTBurke/caddy-jwt
 [key]: class:key
-[subkey]: class:subkey
 [license]: https://raw.githubusercontent.com/jung-kurt/caddy-cgi/master/LICENSE
 [match]: https://golang.org/pkg/path/#Match
 [php]: http://php.net/
 [report]: https://goreportcard.com/report/github.com/jung-kurt/caddy-cgi
+[subkey]: class:subkey
 [travis]: https://travis-ci.org/jung-kurt/caddy-cgi

doc/doc.txt

@@ -303,6 +303,27 @@ the response looks the same except for the following lines:
 	POST_DATA         [city=San%20Francisco]
 	REQUEST_METHOD    [POST]
 
+### JSON web tokens
+
+If you protect your CGI application with the [Caddy JWT][jwt] middleware, your
+program will have access to the token's payload claims by means of environment
+variables. For example, the following token claims
+
+	{
+		"sub": "1234567890",
+		"user": "quixote",
+		"admin": true,
+	}
+
+will be available with the following environment variables
+
+	HTTP_TOKEN_CLAIM_SUB=1234567890
+	HTTP_TOKEN_CLAIM_USER=doe
+	HTTP_TOKEN_CLAIM_ADMIN=true
+
+All values are conveyed as strings, so some conversion may be necessary in your
+program.
+
 ### Fossil Example
 
 The [fossil][fossil] distributed software management tool is a native
@@ -507,10 +528,11 @@ at sample/min.php:
 [fossil]: https://www.fossil-scm.org/
 [github]: https://github.com/jung-kurt/caddy-cgi
 [jung]: https://github.com/jung-kurt/
+[jwt]: https://github.com/BTBurke/caddy-jwt
 [key]: class:key
-[subkey]: class:subkey
 [license]: https://raw.githubusercontent.com/jung-kurt/caddy-cgi/master/LICENSE
 [match]: https://golang.org/pkg/path/#Match
 [php]: http://php.net/
 [report]: https://goreportcard.com/report/github.com/jung-kurt/caddy-cgi
+[subkey]: class:subkey
 [travis]: https://travis-ci.org/jung-kurt/caddy-cgi

test/example

@@ -1,6 +1,7 @@
 #!/bin/bash
 
 printf "Content-type: text/plain\n\n"
-printf "[%s %s %s %s %s]\n" $PATH_INFO $CGI_LOCAL $CGI_GLOBAL $1 $QUERY_STRING
+printf "[%s] [%s] [%s] [%s] [%s] [%s]\n" ${PATH_INFO----} ${CGI_LOCAL----} \
+  ${CGI_GLOBAL----} ${1----} ${QUERY_STRING----} ${HTTP_TOKEN_CLAIM_USER----}
 printf "example error message\n" > /dev/stderr
 exit 0