feat: implement blacklist of tokens #3
Conversation
| @@ -12,3 +12,6 @@ | |||
| username_claim = sub | |||
| ; Claim that is used as CouchDB roles. The claim must contain array of the users roles. | |||
| roles_claim = roles | |||
|
|
|||
| ; Blacklist tokens | |||
| blacklist = [] | |||
There was a problem hiding this comment.
This one is redundant as you use separate section for blacklisting.
There was a problem hiding this comment.
well spotted :) it was a leftover from the previous iteration that I oversaw :/
| @@ -58,6 +58,12 @@ decode(Token, Config) -> | |||
| end, List), posix_time(calendar:universal_time()), Config) | |||
| end. | |||
|
|
|||
| ensure_safe_token(Token, Config) -> | |||
| case couch_util:get_value(Token, Config) of | |||
There was a problem hiding this comment.
How may tokens could be blacklisted? If you expect hundred/thousand values as real ones, better use couch_config:get/3 here since ETS table behind is more suitable for random access than lists.
There was a problem hiding this comment.
I'd say it could be any number, it's really up to whomever runs the service.
Is this the fn you're talking about? https://github.com/apache/couchdb/blob/1.6.x/src/couchdb/couch_config.erl#L59
Would it be something like this?
ensure_safe_token(Token) ->
case couch_config:get("jwt_auth_blacklist", Token) of
...How would you test it?
There was a problem hiding this comment.
Right, I thought about /2 (:
For testing see https://github.com/apache/couchdb/blob/1.x.x/test/couchdb/couch_config_tests.erl
TL;DR start couch_config app, put there some value, call your function.
There was a problem hiding this comment.
Good stuff, that seems like a cleaner approach. It could also be used across other sections of the code too I guess.
I wonder can I mock couch_config:get instead of setting up the whole lot... Would meck be a good start? (and when I was about to hit Comment I found this https://github.com/apache/couchdb-meck :P)
There was a problem hiding this comment.
You can use meck with 2.0. 1.x doesn't provides it.
There was a problem hiding this comment.
Oh, ok... Since we're in the 2.0 discussion, according to what you know, what would it take to make this 2.0 compatible?
There was a problem hiding this comment.
Well, for 2.0 better try to compile project and fix all the ongoing errors. For instance, couch_config turned into config. I'm not familiar with this codebase to say what else you'll have to do.
There was a problem hiding this comment.
Great, will give that a go over the next few weeks. Thanks!
No description provided.