hex/wstunnel
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Randomize jwt secret signature

Browse source
This commit is contained in:
Σrebe - Romain GERARD 2024-08-26 20:56:22 +02:00
parent 6e37a97918
commit 1522882edc
No known key found for this signature in database
GPG key ID: 7A42B4B97E0332F4
1 changed files with 11 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

15
src/tunnel/transport/jwt.rs
View file

@ -4,18 +4,25 @@ use serde::{Deserialize, Serialize};
use std::collections::HashSet;
use std::ops::Deref;
use std::sync::LazyLock;
use std::time::SystemTime;
use url::Host;
use uuid::Uuid;
pub static JWT_HEADER_PREFIX: &str = "authorization.bearer.";
static JWT_SECRET: &[u8; 15] = b"champignonfrais";
static JWT_KEY: LazyLock<(Header, EncodingKey)> =
LazyLock::new(|| (Header::new(Algorithm::HS256), EncodingKey::from_secret(JWT_SECRET)));
static JWT_KEY: LazyLock<(Header, EncodingKey)> = LazyLock::new(|| {
let now = SystemTime::now()
.duration_since(SystemTime::UNIX_EPOCH)
.unwrap()
.as_nanos()
.to_ne_bytes();
(Header::new(Algorithm::HS256), EncodingKey::from_secret(&now))
});
static JWT_DECODE: LazyLock<(Validation, DecodingKey)> = LazyLock::new(|| {
let mut validation = Validation::new(Algorithm::HS256);
validation.required_spec_claims = HashSet::with_capacity(0);
(validation, DecodingKey::from_secret(JWT_SECRET))
validation.insecure_disable_signature_validation();
(validation, DecodingKey::from_secret(b"champignonfrais"))
});
#[derive(Debug, Clone, Serialize, Deserialize)]