(schema []byte, algo, publicKeyFile string, closedByDefault bool)
| 265 | } |
| 266 | |
| 267 | func AppendAuthInfo(schema []byte, algo, publicKeyFile string, closedByDefault bool) ([]byte, error) { |
| 268 | authInfo := `# Dgraph.Authorization {"VerificationKey":"%s","Header":"X-Test-Auth","Namespace":"https://xyz.io/jwt/claims","Algo":"%s","Audience":["aud1","63do0q16n6ebjgkumu05kkeian","aud5"],"ClosedByDefault":%s}` |
| 269 | |
| 270 | closedByDefaultStr := "false" |
| 271 | if closedByDefault { |
| 272 | closedByDefaultStr = "true" |
| 273 | } |
| 274 | |
| 275 | var verificationKey string |
| 276 | switch algo { |
| 277 | case "HS256": |
| 278 | // Widened from the original 9-byte "secretkey" to meet the 14-byte |
| 279 | // (112-bit) HMAC key minimum that NIST SP 800-131A requires and |
| 280 | // that some FIPS-validated crypto providers (e.g. the OpenSSL FIPS |
| 281 | // provider used by Chainguard go-fips / Microsoft Go FIPS-mode builds) |
| 282 | // enforce at EVP_MAC_init. Benign for non-FIPS builds — a longer |
| 283 | // HMAC key is always acceptable. See graphql/resolve/auth_test.go |
| 284 | // for the matching hardcoded JWT tokens signed with this value. |
| 285 | verificationKey = "secretkey-long-enough" |
| 286 | case "RS256": |
| 287 | keyData, err := os.ReadFile(publicKeyFile) |
| 288 | if err != nil { |
| 289 | return nil, err |
| 290 | } |
| 291 | // Replacing ASCII newline with "\n" as the authorization information in the schema |
| 292 | // should be present in a single line. |
| 293 | verificationKey = string(bytes.ReplaceAll(keyData, []byte{10}, []byte{92, 110})) |
| 294 | } |
| 295 | |
| 296 | authInfo = fmt.Sprintf(authInfo, verificationKey, algo, closedByDefaultStr) |
| 297 | return append(schema, []byte(authInfo)...), nil |
| 298 | } |
| 299 | |
| 300 | func AppendAuthInfoWithJWKUrl(schema []byte) ([]byte, error) { |
| 301 | authInfo := `# Dgraph.Authorization {"VerificationKey":"","Header":"X-Test-Auth","jwkurl":"https://dev-hr2kugfp.us.auth0.com/.well-known/jwks.json", "Namespace":"https://xyz.io/jwt/claims","Algo":"","Audience":[ "HhaXkQVRBn5e0K3DmMp2zbjI8i1wcv2e"]}` |
no outgoing calls