From dc7f1377cfb534cbba94741359bb5c5955c9150a Mon Sep 17 00:00:00 2001
From: Tobias Assarsson <tobias.assarsson@gmail.com>
Date: Thu, 21 Mar 2024 13:48:27 +0100
Subject: [PATCH] fix oidc partial auth

---
 internal/api/application/user.go | 30 ++++++++++++++++++++++++++++++
 internal/api/v1/routes.go        |  1 +
 2 files changed, 31 insertions(+)

diff --git a/internal/api/application/user.go b/internal/api/application/user.go
index 04b3639..226af5e 100644
--- a/internal/api/application/user.go
+++ b/internal/api/application/user.go
@@ -48,6 +48,36 @@ func UserMiddleware() gin.HandlerFunc {
 	}
 }
 
+func JWTMiddleware() gin.HandlerFunc {
+	return func(c *gin.Context) {
+		authorization := c.GetHeader("Authorization")
+		fields := strings.Fields(authorization)
+		if len(fields) != 2 {
+			c.Next()
+			return
+		}
+		if !strings.EqualFold(fields[0], "bearer") {
+			c.Next()
+			return
+		}
+		set, err := trust.GetJWKSet()
+		if err != nil {
+			c.Next()
+			return
+		}
+		token, err := jwt.Parse([]byte(fields[1]),
+			jwt.WithValidate(true),
+			jwt.WithKeySet(set),
+			jwt.WithIssuer(viper.GetString("userApi.trustedIssuer")),
+			jwt.WithAcceptableSkew(time.Minute))
+		if err != nil {
+			c.Next()
+			return
+		}
+		c.Set("jwt", token)
+	}
+}
+
 func GetCurrentJWT(c *gin.Context) jwt.Token {
 	token, exists := c.Get("jwt")
 	if !exists {
diff --git a/internal/api/v1/routes.go b/internal/api/v1/routes.go
index 677adaa..af2c3ab 100644
--- a/internal/api/v1/routes.go
+++ b/internal/api/v1/routes.go
@@ -55,6 +55,7 @@ func AddRoutes(g *gin.RouterGroup) {
 	issuerGroup := g.Group("/oidc")
 	issuerGroup.Use(
 		cors.New(clientCorsConfig),
+		application.JWTMiddleware(),
 	)
 
 	public.AddRoutes(publicGroup)