Google Git
Sign in
edge/goscaffold/8b64b1f0a5809a7c69753b5a3b1d845f04541395^!/.
commit
8b64b1f0a5809a7c69753b5a3b1d845f04541395
[log]
author
Sundar Ramamoorthy <sramamoorthy@apigee.com>
Mon Jan 23 16:38:18 2017 -0800
committer
Sundar Ramamoorthy <sramamoorthy@apigee.com>
Mon Jan 23 16:38:18 2017 -0800
tree
9cf824d7527bd4218cb17efa345ea5de2c117137
parent
d4b1653a00426b138f7fa0e5db4a2b168e9b6e60 [diff]
Dont panic on first time oath failure, error and continue...

diff --git a/oauth.go b/oauth.go
index 5ce1cbf..986fd40 100644
--- a/oauth.go
+++ b/oauth.go

@@ -14,7 +14,7 @@
 )
 
 var (
-	gPkey   *rsa.PublicKey
+	gPkey   *rsa.PublicKey = nil
 	rwMutex sync.RWMutex
 )
 
@@ -59,16 +59,14 @@
 */
 func (s *HTTPScaffold) CreateOAuth(keyURL string) OAuthService {
 
-	pk, err := getPubicKey(keyURL)
+	pk, err := getPublicKey(keyURL)
 	if err != nil {
-		panic("Unable to retreive Public Key")
+		setPkSafe(pk)
 	}
-	setPkSafe(pk)
 	/*
-	  Routine that will fetch & update the public keys in the global
-	  variable periodically
+	  Routine that will fetch & update the public keys in safe manner
 	*/
-	updatePulicKeysPeriodic(keyURL)
+	updatePublicKeysPeriodic(keyURL)
 
 	return &OAuth{}
 
@@ -106,20 +104,28 @@
 
 	return func(rw http.ResponseWriter, r *http.Request, ps httprouter.Params) {
 
+		/* Parse the JWT from the input request */
 		jwt, err := jws.ParseJWTFromRequest(r)
 		if err != nil {
 			WriteErrorResponse(http.StatusBadRequest, err.Error(), rw)
 			return
 		}
 
-		/* Validate the JWT */
-		err = jwt.Validate(getPkSafe(), crypto.SigningMethodRS256)
+		/* Get the pulic key from cache */
+		pk := getPkSafe()
+		if pk == nil {
+			WriteErrorResponse(http.StatusBadRequest, "Public key not configured. Validation failed.", rw)
+			return
+		}
+
+		/* Validate the token */
+		err = jwt.Validate(pk, crypto.SigningMethodRS256)
 		if err != nil {
 			WriteErrorResponse(http.StatusBadRequest, err.Error(), rw)
 			return
 		}
 
-		/* Set the params in the request */
+		/* Set the input params in the request */
 		r = SetParamsInRequest(r, ps)
 		next.ServeHTTP(rw, r)
 	}
@@ -144,17 +150,17 @@
 }
 
 /*
-updatePulicKeysPeriodic updates the cache periodically (every day)
+updatePulicKeysPeriodic updates the cache periodically (every hour)
 */
-func updatePulicKeysPeriodic(keyURL string) {
+func updatePublicKeysPeriodic(keyURL string) {
 
-	ticker := time.NewTicker(24 * 3600 * time.Second)
+	ticker := time.NewTicker(3600 * time.Second)
 	quit := make(chan struct{})
 	go func() {
 		for {
 			select {
 			case <-ticker.C:
-				pk, err := getPubicKey(keyURL)
+				pk, err := getPublicKey(keyURL)
 				if err == nil {
 					setPkSafe(pk)
 				}
@@ -169,22 +175,26 @@
 /*
 getPubicKey: Loads the Public key in to memory and returns it.
 */
-func getPubicKey(keyURL string) (*rsa.PublicKey, error) {
+func getPublicKey(keyURL string) (*rsa.PublicKey, error) {
 
 	client := &http.Client{}
+
+	/* Connect to the server to fetch Key details */
 	r, err := client.Get(keyURL)
 	if err != nil {
 		return nil, err
 	}
 
 	defer r.Body.Close()
+
+	/* Decode the SSO Key */
 	ssoKey := &ssoKey{}
 	err = json.NewDecoder(r.Body).Decode(ssoKey)
 	if err != nil {
 		return nil, err
 	}
 
-	/* Retrieve the Public Key */
+	/* Retrieve the Public Key from SSO Key */
 	publicKey, err := crypto.ParseRSAPublicKeyFromPEM([]byte(ssoKey.Value))
 	if err != nil {
 		return nil, err