Skip to content
/ jwt-edge-validation Public

An experiment with Fastly's serverless platform that shows how to deploy applications with an example that validates JWTs and rate-limits requests on a per IP basis.

License

MIT license
3 stars 1 fork Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

spreadshirt/jwt-edge-validation

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

5 Commits
src
src
 
 
.gitignore
.gitignore
 
 
.travis.yml
.travis.yml
 
 
Cargo.toml
Cargo.toml
 
 
LICENSE
LICENSE
 
 
Makefile
Makefile
 
 
README.md
README.md
 
 

Repository files navigation

Fastly Edge Computing

Build Status

This project is part of the 22. Innovation and Hacking Days and tries to explore what we can do with serverless computing on Fastly's edge nodes. Fastly provides some kind of web IDE that makes it pretty easy to deploy code to their edge nodes, the project is called terrarium It uses lucet as a compiler backend that translates the code, be it in Rust, Javascript or C to webassembly (WASM) which is then executed on their edge nodes.

Task

What we want to achieve today is to validate JWT tokens using Fastly's Terrarium platform and to rate-limit on a per IP basis.

Setup

The following instructions are explained thoroughly on in this blog post.

  • install a Rust distribution through rustup
  • install the compiler toolchain that supports wasm targets: rustup toolchain add nightly
  • install what is required to compile to wasm: rustup target add wasm32-unknown-unknown --toolchain nightly

This does not need to be done, but here's how to create a sample project:

  • this creates a project scaffold cargo new --lib jwt-edge-validation
  • configure the project to be a dynamic library by adding this to jwt-edge-validation/Cargo.toml:
[lib]
crate-type=["cdylib"]
  • cd into jwt-edge-validation and run rustup override set nightly to set the nightly toolchain as default

Build

Debug build: cargo build --target wasm32-unknown-unknown, the binary can then be found in target/wasm32-unknown-unknown/debug/ Release build: cargo build --release --target wasm32-unknown-unknown, the path is then target/wasm32-unknown-unknown/release/

Deployment

To access Fastly's Terrarium API we use terrctl, it can be installed either via go get -u github.com/fastly/terrctl/terrctl or by using the prebuilt binaries.

$ terrctl src/lib.rs

Usage

At first generate a JWT with arbitrary payload and sign it with HMAC256, e.g. using jwt.io, using this secret ZPM//uZwrUN85ogHI0JAb8K1SFtNw270W6wdU4Op1Wk=.

$ curl --header "Authorization: Bearer <Token>" "https://<deployment-domain>.com/some/path?param=value"

Example: curl --header 'Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.nJkjEH_2wFclNpjG4mem7xShvYDS9UB3zfHmQ93CNiQ' https://captured-crew-prove-meant.fastly-terrarium.com/get

About

An experiment with Fastly's serverless platform that shows how to deploy applications with an example that validates JWTs and rate-limits requests on a per IP basis.

Topics

rust jwt serverless webassembly wasm fastly

Resources

Readme

License

MIT license
Activity
Custom properties

Stars

3 stars

Watchers

12 watching

Forks

1 fork
Report repository

Releases

No releases published

Packages

No packages published

Languages