Merge pull request #110 from vapor/tn-jwt-provider

jwt provider

.github/workflows/test.yml

@@ -7,19 +7,12 @@ jobs:
       image: vapor/swift:5.1-xenial
     runs-on: ubuntu-latest
     steps:
-    - uses: actions/checkout@master
-    - run: swift test
+    - uses: actions/checkout@v1
+    - run: swift test --enable-test-discovery --sanitize=thread
   bionic:
     container: 
       image: vapor/swift:5.1-bionic
     runs-on: ubuntu-latest
     steps:
-    - uses: actions/checkout@master
-    - run: swift test
-  thread:
-    container: 
-      image: vapor/swift:5.1-bionic
-    runs-on: ubuntu-latest
-    steps:
-    - uses: actions/checkout@master
-    - run: swift test --sanitize=thread
+    - uses: actions/checkout@v1
+    - run: swift test --enable-test-discovery --sanitize=thread

Package.swift

@@ -1,23 +1,20 @@
-// swift-tools-version:5.0
+// swift-tools-version:5.1
 import PackageDescription
 
 let package = Package(
-    name: "jwt-kit",
+    name: "jwt",
+    platforms: [
+       .macOS(.v10_14)
+    ],
     products: [
-        .library(name: "JWTKit", targets: ["JWTKit"]),
+        .library(name: "JWT", targets: ["JWT"]),
+    ],
+    dependencies: [
+        .package(url: "https://github.com/vapor/jwt-kit.git", from: "4.0.0-beta.2"),
+        .package(url: "https://github.com/vapor/vapor.git", from: "4.0.0-beta.2"),
     ],
-    dependencies: [ ],
     targets: [
-        .systemLibrary(
-            name: "CJWTKitOpenSSL",
-            pkgConfig: "openssl",
-            providers: [
-                .apt(["openssl libssl-dev"]),
-                .brew(["openssl"])
-            ]
-        ),
-        .target(name: "CJWTKitCrypto", dependencies: ["CJWTKitOpenSSL"]),
-        .target(name: "JWTKit", dependencies: ["CJWTKitCrypto"]),
-        .testTarget(name: "JWTKitTests", dependencies: ["JWTKit"]),
+        .target(name: "JWT", dependencies: ["JWTKit", "Vapor"]),
+        .testTarget(name: "JWTTests", dependencies: ["JWT", "XCTVapor"]),
     ]
 )

Sources/JWT/Exports.swift

@@ -0,0 +1 @@
+@_exported import JWTKit

Sources/JWT/JWT.swift

@@ -0,0 +1,81 @@
+import Vapor
+
+extension Application {
+    public var jwt: JWT {
+        .init(application: self)
+    }
+
+    public struct JWT {
+        final class Storage {
+            var signers: JWTSigners
+            init() {
+                self.signers = .init()
+            }
+        }
+
+        struct Key: StorageKey {
+            typealias Value = Storage
+        }
+
+        let application: Application
+
+        public var signers: JWTSigners {
+            get { self.storage.signers }
+            set { self.storage.signers = newValue }
+        }
+
+        var storage: Storage {
+            if let existing = self.application.storage[Key.self] {
+                return existing
+            } else {
+                let new = Storage()
+                self.application.storage[Key.self] = new
+                return new
+            }
+        }
+    }
+}
+
+extension Request {
+    public var jwt: JWT {
+        .init(request: self)
+    }
+
+    public struct JWT {
+        let request: Request
+
+        public func verify<Payload>(as payload: Payload.Type = Payload.self) throws -> Payload
+            where Payload: JWTPayload
+        {
+            guard let token = self.request.headers.bearerAuthorization?.token else {
+                self.request.logger.error("Request is missing JWT bearer header")
+                throw Abort(.unauthorized)
+            }
+            return try self.verify(token, as: Payload.self)
+        }
+
+        public func verify<Payload>(_ message: String, as payload: Payload.Type = Payload.self) throws -> Payload
+            where Payload: JWTPayload
+        {
+            try self.verify([UInt8](message.utf8), as: Payload.self)
+        }
+
+        public func verify<Message, Payload>(_ message: Message, as payload: Payload.Type = Payload.self) throws -> Payload
+            where Message: DataProtocol, Payload: JWTPayload
+        {
+            try self.request.application.jwt.signers.verify(message, as: Payload.self)
+        }
+
+        public func sign<Payload>(_ jwt: Payload, kid: JWKIdentifier? = nil) throws -> String
+            where Payload: JWTPayload
+        {
+            try self.request.application.jwt.signers.sign(jwt, kid: kid)
+        }
+    }
+}
+
+extension JWTError: AbortError {
+    public var status: HTTPResponseStatus {
+        .unauthorized
+    }
+}

Sources/JWT/JWTAuthenticator.swift

@@ -0,0 +1,19 @@
+import Vapor
+
+public protocol JWTAuthenticator: BearerAuthenticator {
+    associatedtype Payload: JWTPayload
+    func authenticate(jwt: Payload, for request: Request) -> EventLoopFuture<User?>
+}
+
+extension JWTAuthenticator {
+    public func authenticate(bearer: BearerAuthorization, for request: Request) -> EventLoopFuture<User?> {
+        do {
+            return try self.authenticate(
+                jwt: request.jwt.verify([UInt8](bearer.token.utf8)),
+                for: request
+            )
+        } catch {
+            return request.eventLoop.makeFailedFuture(error)
+        }
+    }
+}