From f01448ecefc574f6e03a09182c653340b688d89f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=D0=90=D0=BB=D0=B5=D0=BA=D1=81=D0=B5=D0=B9=20=D0=91=D0=B0?= =?UTF-8?q?=D0=B4=D1=8F=D0=B5=D0=B2?= Date: Mon, 21 Apr 2025 16:39:07 +0700 Subject: [PATCH 1/3] check X-Forwarded-Host header --- server/resolvers/validate_jwt_token.go | 5 ++++- server/token/jwt.go | 3 ++- 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/server/resolvers/validate_jwt_token.go b/server/resolvers/validate_jwt_token.go index 7dbb32fde..69851bd27 100644 --- a/server/resolvers/validate_jwt_token.go +++ b/server/resolvers/validate_jwt_token.go @@ -62,7 +62,10 @@ func ValidateJwtTokenResolver(ctx context.Context, params model.ValidateJWTToken } } - hostname := parsers.GetHost(gc) + hostname := gc.Request.Header.Get("X-Forwarded-Host") + if hostname == "" { + hostname = parsers.GetHost(gc) + } // we cannot validate nonce in case of id_token as that token is not persisted in session store if nonce != "" { diff --git a/server/token/jwt.go b/server/token/jwt.go index 4e5f0ed93..06aab2c53 100644 --- a/server/token/jwt.go +++ b/server/token/jwt.go @@ -2,6 +2,7 @@ package token import ( "errors" + "fmt" "github.com/golang-jwt/jwt" @@ -156,7 +157,7 @@ func ValidateJWTTokenWithoutNonce(claims jwt.MapClaims, hostname, subject string } if claims["iss"] != hostname { - return false, errors.New("invalid issuer") + return false, fmt.Errorf("invalid issuer iss[%s] != hostname[%s]", claims["iss"], hostname) } if claims["sub"] != subject { From 701da2ef40da51f2cc3405d43371e4f3f8521f99 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=D0=90=D0=BB=D0=B5=D0=BA=D1=81=D0=B5=D0=B9=20=D0=91=D0=B0?= =?UTF-8?q?=D0=B4=D1=8F=D0=B5=D0=B2?= Date: Tue, 22 Apr 2025 07:57:21 +0700 Subject: [PATCH 2/3] =?UTF-8?q?=D0=9E=D0=B1=D0=BD=D0=BE=D0=B2=D0=BB=D0=B5?= =?UTF-8?q?=D0=BD=D1=8B=20=D0=B2=D0=B5=D1=80=D1=81=D0=B8=D0=B8=20Docker-?= =?UTF-8?q?=D0=BE=D0=B1=D1=80=D0=B0=D0=B7=D0=BE=D0=B2.?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- Dockerfile | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/Dockerfile b/Dockerfile index 2c3aacba3..22fb7d72c 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,4 +1,5 @@ -FROM golang:1.21.3-alpine3.18 as go-builder +FROM docker.io/golang:1.24.2-alpine3.21 AS go-builder + WORKDIR /authorizer COPY server server COPY Makefile . @@ -11,7 +12,7 @@ RUN apk add build-base &&\ make clean && make && \ chmod 777 build/server -FROM node:20-alpine3.18 as node-builder +FROM node:slim AS node-builder WORKDIR /authorizer COPY app app COPY dashboard dashboard @@ -20,7 +21,7 @@ RUN apk add build-base &&\ make build-app && \ make build-dashboard -FROM alpine:3.18 +FROM alpine:3.21 RUN adduser -D -h /authorizer -u 1000 -k /dev/null authorizer WORKDIR /authorizer RUN mkdir app dashboard From a4a2620e1aca057b4ef40ec82c1739ca295b0b61 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=D0=90=D0=BB=D0=B5=D0=BA=D1=81=D0=B5=D0=B9=20=D0=91=D0=B0?= =?UTF-8?q?=D0=B4=D1=8F=D0=B5=D0=B2?= Date: Tue, 22 Apr 2025 08:00:26 +0700 Subject: [PATCH 3/3] fixed dockerfile --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index 22fb7d72c..20205e718 100644 --- a/Dockerfile +++ b/Dockerfile @@ -12,7 +12,7 @@ RUN apk add build-base &&\ make clean && make && \ chmod 777 build/server -FROM node:slim AS node-builder +FROM node:alpine AS node-builder WORKDIR /authorizer COPY app app COPY dashboard dashboard