feat: don't parse claims if not required

2025-10-16 12:35:34 +00:00 · 2022-12-27 09:21:17 +01:00 · 2022-12-27 09:21:17 +01:00 · ce6e4631b8
commit ce6e4631b8
parent aed3aa661b
2 changed files with 77 additions and 74 deletions
--- a/example/middlewares/jwtfromcookie/main.go
+++ b/example/middlewares/jwtfromcookie/main.go
@ -76,77 +76,80 @@ func main() {

 	svr.AddService(
 		keel.NewServiceHTTP(l, "demo", "localhost:8080", svs,
-			middleware.JWT(
-				jwtInst,
-				ContextKey,
-				// use custom token provider
-				middleware.JWTWithTokenProvider(tokenProvider),
-				// user custom claims
-				middleware.JWTWithClaimsProvider(func() jwt2.Claims {
-					return &CustomClaims{}
-				}),
-				// handle existing claim
-				middleware.JWTWithClaimsHandler(func(l *zap.Logger, w http.ResponseWriter, r *http.Request, claims jwt2.Claims) bool {
-					if value, ok := claims.(*CustomClaims); ok {
-						var language string
-						switch {
-						case strings.HasPrefix(r.URL.Path, "/fr"):
-							language = "fr"
-						case strings.HasPrefix(r.URL.Path, "/en"):
-							language = "en"
-						default:
-							language = "de"
-						}
-						if value.Language != language {
-							value.Language = language
-							if token, err := jwtInst.GetSignedToken(claims); err != nil {
-								httputils.InternalServerError(l, w, r, err)
-								return false
-							} else if c, err := jwtCookie.Set(w, r, token); err != nil {
-								httputils.InternalServerError(l, w, r, err)
-								return false
+			middleware.Skip(
+				middleware.JWT(
+					jwtInst,
+					ContextKey,
+					// use custom token provider
+					middleware.JWTWithTokenProvider(tokenProvider),
+					// user custom claims
+					middleware.JWTWithClaimsProvider(func() jwt2.Claims {
+						return &CustomClaims{}
+					}),
+					// handle existing claim
+					middleware.JWTWithClaimsHandler(func(l *zap.Logger, w http.ResponseWriter, r *http.Request, claims jwt2.Claims) bool {
+						if value, ok := claims.(*CustomClaims); ok {
+							var language string
+							switch {
+							case strings.HasPrefix(r.URL.Path, "/fr"):
+								language = "fr"
+							case strings.HasPrefix(r.URL.Path, "/en"):
+								language = "en"
+							default:
+								language = "de"
+							}
+							if value.Language != language {
+								value.Language = language
+								if token, err := jwtInst.GetSignedToken(claims); err != nil {
+									httputils.InternalServerError(l, w, r, err)
+									return false
+								} else if c, err := jwtCookie.Set(w, r, token); err != nil {
+									httputils.InternalServerError(l, w, r, err)
+									return false
+								} else {
+									r.AddCookie(c)
+									l.Info("updated cookie", zap.String("path", r.URL.Path))
+									return true
+								}
 							} else {
-								r.AddCookie(c)
-								l.Info("updated cookie", zap.String("path", r.URL.Path))
 								return true
 							}
 						} else {
-							return true
+							httputils.InternalServerError(l, w, r, err)
+							return false
 						}
-					} else {
-						httputils.InternalServerError(l, w, r, err)
+					}),
+					// create cookie if missing
+					middleware.JWTWithMissingTokenHandler(func(l *zap.Logger, w http.ResponseWriter, r *http.Request) (jwt2.Claims, bool) {
+						claims := &CustomClaims{
+							StandardClaims: jwt.NewStandardClaims(),
+							Name:           "JWT From Cookie Example",
+							Language:       "de",
+						}
+						if token, err := jwtInst.GetSignedToken(claims); err != nil {
+							httputils.InternalServerError(l, w, r, err)
+							return nil, false
+						} else if c, err := jwtCookie.Set(w, r, token); err != nil {
+							httputils.InternalServerError(l, w, r, err)
+							return nil, false
+						} else {
+							r.AddCookie(c)
+							l.Info("added cookie", zap.String("path", r.URL.Path))
+						}
+						return claims, true
+					}),
+					// delete cookie if e.g. sth is wrong with it
+					middleware.JWTWithErrorHandler(func(l *zap.Logger, w http.ResponseWriter, r *http.Request, err error) bool {
+						if err := jwtCookie.Delete(w, r); err != nil {
+							httputils.InternalServerError(l, w, r, err)
+							return false
+						}
+						l.Info("deleted cookie")
+						http.Redirect(w, r, r.URL.String(), http.StatusTemporaryRedirect)
 						return false
-					}
-				}),
-				// create cookie if missing
-				middleware.JWTWithMissingTokenHandler(func(l *zap.Logger, w http.ResponseWriter, r *http.Request) (jwt2.Claims, bool) {
-					claims := &CustomClaims{
-						StandardClaims: jwt.NewStandardClaims(),
-						Name:           "JWT From Cookie Example",
-						Language:       "de",
-					}
-					if token, err := jwtInst.GetSignedToken(claims); err != nil {
-						httputils.InternalServerError(l, w, r, err)
-						return nil, false
-					} else if c, err := jwtCookie.Set(w, r, token); err != nil {
-						httputils.InternalServerError(l, w, r, err)
-						return nil, false
-					} else {
-						r.AddCookie(c)
-						l.Info("added cookie", zap.String("path", r.URL.Path))
-					}
-					return claims, true
-				}),
-				// delete cookie if e.g. sth is wrong with it
-				middleware.JWTWithErrorHandler(func(l *zap.Logger, w http.ResponseWriter, r *http.Request, err error) bool {
-					if err := jwtCookie.Delete(w, r); err != nil {
-						httputils.InternalServerError(l, w, r, err)
-						return false
-					}
-					l.Info("deleted cookie")
-					http.Redirect(w, r, r.URL.String(), http.StatusTemporaryRedirect)
-					return false
-				}),
+					}),
+				),
+				middleware.RequestURIBlacklistSkipper("/favicon.ico"),
 			),
 		),
 	)
--- a/net/http/middleware/jwt.go
+++ b/net/http/middleware/jwt.go
@ -23,8 +23,8 @@ type (
 		ErrorHandler        JWTErrorHandler
 	}
 	JWTOption              func(*JWTOptions)
-	JWTClaimsHandler       func(*zap.Logger, http.ResponseWriter, *http.Request, jwt2.Claims) bool
 	JWTClaimsProvider      func() jwt2.Claims
+	JWTClaimsHandler       func(*zap.Logger, http.ResponseWriter, *http.Request, jwt2.Claims) bool
 	JWTErrorHandler        func(*zap.Logger, http.ResponseWriter, *http.Request, error) bool
 	JWTMissingTokenHandler func(*zap.Logger, http.ResponseWriter, *http.Request) (jwt2.Claims, bool)
 	JWTInvalidTokenHandler func(*zap.Logger, http.ResponseWriter, *http.Request, *jwt2.Token) bool
@ -167,6 +167,12 @@ func JWTWithOptions(jwt *jwt.JWT, contextKey interface{}, opts JWTOptions) Middl
 				}
 			}

+			// don't validate if not required
+			if !opts.SetContext {
+				next.ServeHTTP(w, r)
+				return
+			}
+
 			// handle existing token
 			jwtToken, err := jwt.ParseWithClaims(token, claims)
 			if err != nil {
@ -183,16 +189,10 @@ func JWTWithOptions(jwt *jwt.JWT, contextKey interface{}, opts JWTOptions) Middl
 				} else {
 					return
 				}
-			}
-
-			// handle existing claims and serve
-			if resume := opts.ClaimsHandler(l, w, r, claims); !resume {
-				return
-			} else if opts.SetContext {
-				next.ServeHTTP(w, r.WithContext(context.WithValue(r.Context(), contextKey, claims)))
+			} else if resume := opts.ClaimsHandler(l, w, r, claims); !resume {
 				return
 			} else {
-				next.ServeHTTP(w, r)
+				next.ServeHTTP(w, r.WithContext(context.WithValue(r.Context(), contextKey, claims)))
 				return
 			}
 		})