You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@superset.apache.org by cr...@apache.org on 2023/10/23 18:28:47 UTC
[superset] branch master updated: chore(websocket): [WIP] Making JWT algos configurable (#25521)
This is an automated email from the ASF dual-hosted git repository.
craigrueda pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/superset.git
The following commit(s) were added to refs/heads/master by this push:
new 861ee8b3c6 chore(websocket): [WIP] Making JWT algos configurable (#25521)
861ee8b3c6 is described below
commit 861ee8b3c6886a61c6d9ed3f819f7bc35ab2867d
Author: Craig Rueda <cr...@craigrueda.com>
AuthorDate: Mon Oct 23 11:28:41 2023 -0700
chore(websocket): [WIP] Making JWT algos configurable (#25521)
---
superset-websocket/config.example.json | 1 +
superset-websocket/src/config.ts | 2 ++
superset-websocket/src/index.ts | 7 +++++--
3 files changed, 8 insertions(+), 2 deletions(-)
diff --git a/superset-websocket/config.example.json b/superset-websocket/config.example.json
index 305c308362..296a0bee39 100644
--- a/superset-websocket/config.example.json
+++ b/superset-websocket/config.example.json
@@ -16,6 +16,7 @@
"ssl": false
},
"redisStreamPrefix": "async-events-",
+ "jwtAlgorithms": ["HS256"],
"jwtSecret": "CHANGE-ME",
"jwtCookieName": "async-token"
}
diff --git a/superset-websocket/src/config.ts b/superset-websocket/src/config.ts
index 7d0fac323e..aa361d17e2 100644
--- a/superset-websocket/src/config.ts
+++ b/superset-websocket/src/config.ts
@@ -36,6 +36,7 @@ type ConfigType = {
redisStreamPrefix: string;
redisStreamReadCount: number;
redisStreamReadBlockMs: number;
+ jwtAlgorithms: string[];
jwtSecret: string;
jwtCookieName: string;
jwtChannelIdKey: string;
@@ -53,6 +54,7 @@ function defaultConfig(): ConfigType {
redisStreamPrefix: 'async-events-',
redisStreamReadCount: 100,
redisStreamReadBlockMs: 5000,
+ jwtAlgorithms: ['HS256'],
jwtSecret: '',
jwtCookieName: 'async-token',
jwtChannelIdKey: 'channel',
diff --git a/superset-websocket/src/index.ts b/superset-websocket/src/index.ts
index 782275e5ca..cd73a6baa6 100644
--- a/superset-websocket/src/index.ts
+++ b/superset-websocket/src/index.ts
@@ -20,7 +20,7 @@ import * as http from 'http';
import * as net from 'net';
import WebSocket from 'ws';
import { v4 as uuidv4 } from 'uuid';
-import jwt from 'jsonwebtoken';
+import jwt, { Algorithm } from 'jsonwebtoken';
import cookie from 'cookie';
import Redis from 'ioredis';
import StatsD from 'hot-shots';
@@ -261,7 +261,10 @@ const readChannelId = (request: http.IncomingMessage): string => {
const token = cookies[opts.jwtCookieName];
if (!token) throw new Error('JWT not present');
- const jwtPayload = jwt.verify(token, opts.jwtSecret) as JwtPayload;
+ const jwtPayload = jwt.verify(token, opts.jwtSecret, {
+ algorithms: opts.jwtAlgorithms as Algorithm[],
+ complete: false,
+ }) as JwtPayload;
const channelId = jwtPayload[opts.jwtChannelIdKey];
if (!channelId) throw new Error('Channel ID not present in JWT');