objective categorical abstract machine language personal data server
xrpc getServiceAuth
+24
-6
+21
pegasus/lib/api/server/getServiceAuth.ml
+21
pegasus/lib/api/server/getServiceAuth.ml
···
1
+
type response = {token: string} [@@deriving yojson {strict= false}]
2
+
3
+
let handler =
4
+
Xrpc.handler ~auth:Auth.Verifiers.access (fun {req; auth; db} ->
5
+
let did = Auth.get_authed_did_exn auth in
6
+
let aud, lxm =
7
+
match (Dream.query req "aud", Dream.query req "lxm") with
8
+
| Some aud, Some lxm ->
9
+
(aud, lxm)
10
+
| _ ->
11
+
Errors.invalid_request "missing aud or lxm"
12
+
in
13
+
let%lwt signing_key =
14
+
match%lwt Data_store.get_actor_by_identifier did db with
15
+
| Some {signing_key; _} ->
16
+
Lwt.return signing_key
17
+
| None ->
18
+
Errors.internal_error ~msg:"actor not found" ()
19
+
in
20
+
let token = Auth.generate_service_jwt ~did ~aud ~lxm ~signing_key in
21
+
Dream.json @@ Yojson.Safe.to_string @@ response_to_yojson {token} )
+2
-5
pegasus/lib/auth.ml
+2
-5
pegasus/lib/auth.ml
···
56
56
in
57
57
(access, refresh)
58
58
59
-
let generate_service_jwt ~did ~service_did ~lxm ~signing_key =
59
+
let generate_service_jwt ~did ~aud ~lxm ~signing_key =
60
60
let now_s = int_of_float (Unix.gettimeofday ()) in
61
61
let exp = now_s + (60 * 5) in
62
62
match
63
63
Jwto.encode Jwto.HS256 signing_key
64
-
[ ("iss", did)
65
-
; ("aud", service_did)
66
-
; ("lxm", lxm)
67
-
; ("exp", Int.to_string exp) ]
64
+
[("iss", did); ("aud", aud); ("lxm", lxm); ("exp", Int.to_string exp)]
68
65
with
69
66
| Ok token ->
70
67
token
+1
-1
pegasus/lib/xrpc.ml
+1
-1
pegasus/lib/xrpc.ml
···
61
61
Errors.internal_error ~msg:"user not found" ()
62
62
in
63
63
let jwt =
64
-
Auth.generate_service_jwt ~did ~service_did ~lxm:nsid ~signing_key
64
+
Auth.generate_service_jwt ~did ~aud:service_did ~lxm:nsid ~signing_key
65
65
in
66
66
let uri =
67
67
host ^ "/" ^ String.concat "/" @@ (Dream.path [@warning "-3"]) ctx.req