initial commit of ef-jwt-validation example project

edgio-docs · Aug 7, 2024 · 97b09c1 · 97b09c1
1 parent c55ef91
commit 97b09c1
Show file tree

Hide file tree

Showing 7 changed files with 9,733 additions and 0 deletions.
diff --git a/examples/v7-ef-jwt-validation/.github/pull_request_template.md b/examples/v7-ef-jwt-validation/.github/pull_request_template.md
@@ -0,0 +1,5 @@
+**NOTICE TO CONTRIBUTORS**
+
+This repository is not actively monitored and any pull requests made to this repository will be closed/ignored.
+
+Please submit the pull request to [edgio-docs/edgio-examples](https://github.com/edgio-docs/edgio-examples) instead.
diff --git a/examples/v7-ef-jwt-validation/.github/workflows/edgio.yml b/examples/v7-ef-jwt-validation/.github/workflows/edgio.yml
@@ -0,0 +1,18 @@
+name: Deploy to Edgio
+
+on:
+  workflow_dispatch:
+  push:
+
+jobs:
+  deploy-to-edgio:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v3
+      - uses: actions/setup-node@v3
+        with:
+          node-version: 18
+      - run: if [ -f yarn.lock ]; then yarn install; else npm ci; fi
+      - run: if [ -f yarn.lock ]; then yarn edgio:deploy -- --token=$EDGIO_DEPLOY_TOKEN; else npm run edgio:deploy -- --token=$EDGIO_DEPLOY_TOKEN; fi
+        env:
+          EDGIO_DEPLOY_TOKEN: ${{secrets.EDGIO_DEPLOY_TOKEN}}
diff --git a/examples/v7-ef-jwt-validation/edge-functions/validate.js b/examples/v7-ef-jwt-validation/edge-functions/validate.js
@@ -0,0 +1,48 @@
+import { KJUR, KEYUTIL } from 'jsrsasign'
+import { Buffer } from 'buffer'
+
+// Set up some polyfills to allow this code to run locally and when deployed:
+global.process = global.process || { env: {} }
+const fromBase64 = (str) => Buffer.from(str, 'base64').toString()
+
+export async function handleHttpRequest(request, context) {
+  Object.assign(process.env, context.environmentVars)
+
+  // Extract the toke and any other objects from the request.
+  const { token, ...other } = await request.json()
+
+  // Split out the header and payload from the cleartext token and determine the right algorithm to use.
+  const [header, payload] = token.split('.')
+  const { alg } = JSON.parse(fromBase64(header))
+
+  let validationComponent = null
+  let valid = false
+  const resp = { valid }
+
+  try {
+    // For HSxxx algorithms, the validation requires a plaintext secret key.
+    // For RSxxx, ESxxx, and PSxxx algorithms, a public key is required instead.
+    // The public key is expected to be part of the request payload and be named pubKey;
+    // the secret key SHOULD NOT be part of the payload.
+    if (/^HS/i.test(alg)) {
+      validationComponent = process.env.JWT_SECRET
+    } else if (/^[REP]S/i.test(alg)) {
+      validationComponent = KEYUTIL.getKey(other.pubKey)
+    } else {
+      return new Response('Invalid JWT alg specified.', { status: 401 })
+    }
+
+    valid = KJUR.jws.JWS.verifyJWT(token, validationComponent, { alg: [alg] })
+    if (valid === true) {
+      // Only parse the payload if the signature is valid.
+      const decodedPayload = JSON.parse(fromBase64(payload))
+      Object.assign(resp, { valid, alg, payload: decodedPayload })
+    }
+  } catch (e) {
+    // Handle exceptions here.
+  }
+
+  return new Response(JSON.stringify(resp), {
+    status: valid ? 200 : 401
+  })
+}
diff --git a/examples/v7-ef-jwt-validation/edgio.config.js b/examples/v7-ef-jwt-validation/edgio.config.js
@@ -0,0 +1,91 @@
+// This file was automatically added by edgio init.
+// You should commit this file to source control.
+// Learn more about this file at https://docs.edg.io/guides/edgio_config
+module.exports = {
+  // The name of the site in Edgio to which this app should be deployed.
+  name: "edgio-v7-ef-jwt-validation-example",
+
+  // The name of the organization in Edgio to which this app should be deployed.
+  // organization: 'my-organization-name',
+
+  // Overrides the default path to the routes file. The path should be relative to the root of your app.
+  // routes: 'routes.js',
+
+  // When set to true, Edgio includes the deployment number in the cache key,
+  // effectively purging the cache each time you deploy.
+  purgeCacheOnDeploy: true,
+  // If omitted this will default to the "Automatic Purging" configuration on the environment's Caching tab.
+  // purgeCacheOnDeploy: false,
+
+  origins: [
+    {
+      // The name of the backend origin
+      name: "origin",
+
+      // Use the following to override the host header sent from the browser when connecting to the origin
+      override_host_header: "httpbin.org",
+
+      // The list of origin hosts to which to connect
+      hosts: [
+        {
+          // The domain name or IP address of the origin server
+          location: "httpbin.org",
+        },
+      ],
+
+      tls_verify: {
+        use_sni: true,
+        sni_hint_and_strict_san_check: "httpbin.org",
+      },
+
+      // Uncomment the following to configure a shield
+      // shields: { us_east: 'DCD' },
+    },
+  ],
+
+  // Uncomment the following to specify environment specific configs
+  // environments: {
+  //   production: {
+  //     hostnames: [{ hostname: 'www.mysite.com' }],
+  //   },
+  //   staging: {
+  //     hostnames: [{ hostname: 'staging.mysite.com' }],
+  //     origins: [
+  //       {
+  //         name: 'origin',
+  //         hosts: [{ location: 'staging-origin.mysite.com' }],
+  //         override_host_header: 'staging-origin.mysite.com',
+  //         tls_verify: {
+  //           use_sni: true,
+  //           sni_hint_and_strict_san_check: 'staging-origin.mysite.com',
+  //         },
+  //         shields: { us_east: 'DCD' },
+  //       },
+  //     ],
+  //   },
+  // },
+
+  // Options for hosting serverless functions on Edgio
+  // serverless: {
+  //   // Set to true to include all packages listed in the dependencies property of package.json when deploying to Edgio.
+  //   // This option generally isn't needed as Edgio automatically includes all modules imported by your code in the bundle that
+  //   // is uploaded during deployment
+  //   includeNodeModules: true,
+  //
+  //   // Include additional paths that are dynamically loaded by your app at runtime here when building the serverless bundle.
+  //   include: ['views/**/*'],
+  // },
+
+  // The maximum number of URLs that will be concurrently prerendered during deployment when static prerendering is enabled.
+  // Defaults to 200, which is the maximum allowed value.
+  // prerenderConcurrency: 200,
+
+  // A list of glob patterns identifying which source files should be uploaded when running edgio deploy --includeSources.
+  // This option is primarily used to share source code with Edgio support personnel for the purpose of debugging. If omitted,
+  // edgio deploy --includeSources will result in all files which are not gitignored being uploaded to Edgio.
+  //
+  // sources : [
+  //   '**/*', // include all files
+  //   '!(**/secrets/**/*)', // except everything in the secrets directory
+  // ],
+};