From 2b9f0ffa12b0b926105880171b11fa10d66af148 Mon Sep 17 00:00:00 2001
From: Jon Lundy <jon@xuu.cc>
Date: Sun, 22 Jan 2023 11:11:01 -0700
Subject: [PATCH] fix: authreq header

---
 pkg/authreq/authreq.go | 26 +++++++++++++++++++++-----
 1 file changed, 21 insertions(+), 5 deletions(-)

diff --git a/pkg/authreq/authreq.go b/pkg/authreq/authreq.go
index cbb5e39..045372f 100644
--- a/pkg/authreq/authreq.go
+++ b/pkg/authreq/authreq.go
@@ -2,6 +2,7 @@ package authreq
 
 import (
 	"bytes"
+	"context"
 	"crypto/ed25519"
 	"encoding/base64"
 	"fmt"
@@ -14,9 +15,10 @@ import (
 	"github.com/golang-jwt/jwt/v4"
 )
 
-var SignatureLifetime = 90 * time.Minute
+var SignatureLifetime = 30 * time.Minute
+var AuthHeader = "Authorization"
 
-func Sign(req http.Request, key ed25519.PrivateKey) (http.Request, error) {
+func Sign(req *http.Request, key ed25519.PrivateKey) (*http.Request, error) {
 	pub := enc([]byte(key.Public().(ed25519.PublicKey)))
 
 	h := fnv.New128a()
@@ -44,14 +46,14 @@ func Sign(req http.Request, key ed25519.PrivateKey) (http.Request, error) {
 		return req, err
 	}
 
-	req.Header.Set("Authorization", sig)
+	req.Header.Set(AuthHeader, sig)
 
 	return req, nil
 }
 
 func Authorization(hdlr http.Handler) http.Handler {
 	return http.HandlerFunc(func(rw http.ResponseWriter, req *http.Request) {
-		auth := req.Header.Get("Authorizaton")
+		auth := req.Header.Get(AuthHeader)
 		if auth == "" {
 			rw.WriteHeader(http.StatusUnauthorized)
 			return
@@ -82,7 +84,7 @@ func Authorization(hdlr http.Handler) http.Handler {
 				pub, err := dec(c.Issuer)
 				return ed25519.PublicKey(pub), err
 			},
-			jwt.WithValidMethods([]string{"EdDSA"}),
+			jwt.WithValidMethods([]string{jwt.SigningMethodEdDSA.Alg()}),
 			jwt.WithJSONNumber(),
 		)
 		if err != nil {
@@ -97,6 +99,8 @@ func Authorization(hdlr http.Handler) http.Handler {
 			return
 		}
 
+		req = req.WithContext(context.WithValue(req.Context(), contextKey, c))
+
 		if c.Subject != subject {
 			rw.WriteHeader(http.StatusForbidden)
 			return
@@ -113,3 +117,15 @@ func dec(s string) ([]byte, error) {
 	s = strings.TrimSpace(s)
 	return base64.RawURLEncoding.DecodeString(s)
 }
+
+var contextKey = struct{ name string }{"jwtClaim"}
+
+func FromContext(ctx context.Context) *jwt.RegisteredClaims {
+	if v := ctx.Value(contextKey); v != nil {
+		if c, ok := v.(*jwt.RegisteredClaims); ok {
+			return c
+		}
+	}
+
+	return nil
+}