adding optional mode

Author: dr4hcu5-jan

internal/jwt/validator.go

@@ -24,6 +24,7 @@ type Validator struct {
 	jwkSet        jwk.Set
 	parserOptions []jwt.ParseOption
 	audiences     []string
+	optional      bool
 }
 
 var globalParserOptions = []jwt.ParseOption{
@@ -196,3 +197,19 @@ func (v *Validator) ParseHTTPRequest(r *http.Request) (accessToken jwt.Token, re
 		return nil, res
 	}
 }
+
+// EnableOptional allows the validator to run optional and ignore all errors
+// that appear and still let the request pass
+func (r *Validator) EnableOptional() {
+	r.optional = true
+}
+
+// DisableOptional forces the validator to run in the default mode and only
+// let requests pass that are not optional
+func (r *Validator) DisableOptional() {
+	r.optional = false
+}
+
+func (r *Validator) IsOptional() bool {
+	return r.optional
+}

middleware/gin/jwt/validator.go

@@ -16,24 +16,40 @@ func (r *Validator) Handler(c *gin.Context) {
 	headers := c.Request.Header["Authorization"]
 	switch {
 	case len(headers) == 0:
+		if r.IsOptional() {
+			c.Next()
+			return
+		}
 		c.Abort()
 		jwt.ErrMissingAuthorizationHeader.Emit(c)
 		return
 	case len(headers) > 1:
+		if r.IsOptional() {
+			c.Next()
+			return
+		}
 		c.Abort()
 		jwt.ErrSingleAuthorizationHeaderOnly.Emit(c)
 		return
 	}
 
 	val := strings.TrimSpace(headers[0])
 	if !jwt.TokenSchemeRegexCompiled.MatchString(val) {
+		if r.IsOptional() {
+			c.Next()
+			return
+		}
 		c.Abort()
 		jwt.ErrUnsupportedTokenScheme.Emit(c)
 		return
 	}
 
 	token, err := r.ParseHTTPRequest(c.Request)
 	if err != nil {
+		if r.IsOptional() {
+			c.Next()
+			return
+		}
 		c.Abort()
 		err.Emit(c)
 		return
@@ -42,6 +58,10 @@ func (r *Validator) Handler(c *gin.Context) {
 	iface := token.PrivateClaims()["scopes"]
 	ifaceArray, isArray := iface.([]any)
 	if !isArray {
+		if r.IsOptional() {
+			c.Next()
+			return
+		}
 		c.Abort()
 		jwt.ErrJWTInvalidScopeType.Emit(c)
 		return
@@ -50,6 +70,10 @@ func (r *Validator) Handler(c *gin.Context) {
 	for _, s := range ifaceArray {
 		scope, ok := s.(string)
 		if !ok {
+			if r.IsOptional() {
+				c.Next()
+				return
+			}
 			c.Abort()
 			jwt.ErrJWTInvalidScopeType.Emit(c)
 			return

middleware/stdlib/jwt/validator.go

@@ -18,27 +18,47 @@ func (v *Validator) Handler(next http.Handler) http.Handler {
 		headers := r.Header["Authorization"]
 		switch {
 		case len(headers) == 0:
+			if v.IsOptional() {
+				next.ServeHTTP(w, r)
+				return
+			}
 			jwt.ErrMissingAuthorizationHeader.Emit(w)
 			return
 		case len(headers) > 1:
+			if v.IsOptional() {
+				next.ServeHTTP(w, r)
+				return
+			}
 			jwt.ErrSingleAuthorizationHeaderOnly.Emit(w)
 			return
 		}
 
 		val := strings.TrimSpace(headers[0])
 		if !jwt.TokenSchemeRegexCompiled.MatchString(val) {
+			if v.IsOptional() {
+				next.ServeHTTP(w, r)
+				return
+			}
 			jwt.ErrUnsupportedTokenScheme.Emit(w)
 			return
 		}
 
 		token, err := v.ParseHTTPRequest(r)
 		if err != nil {
+			if v.IsOptional() {
+				next.ServeHTTP(w, r)
+				return
+			}
 			err.Emit(w)
 			return
 		}
 
 		scopes, correctType := token.PrivateClaims()["scopes"].([]string)
 		if !correctType {
+			if v.IsOptional() {
+				next.ServeHTTP(w, r)
+				return
+			}
 			jwt.ErrJWTMalformed.Emit(w)
 			return
 		}