Initial commit

examples/v7-jwt-verification/.github/pull_request_template.md

@@ -0,0 +1,5 @@
+**NOTICE TO CONTRIBUTORS**
+
+This repository is not actively monitored and any pull requests made to this repository will be closed/ignored.
+
+Please submit the pull request to [edgio-docs/edgio-examples](https://github.com/edgio-docs/edgio-examples) instead.

examples/v7-jwt-verification/.github/workflows/edgio.yml

@@ -0,0 +1,18 @@
+name: Deploy to Edgio
+
+on:
+  workflow_dispatch:
+  push:
+
+jobs:
+  deploy-to-edgio:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v3
+      - uses: actions/setup-node@v3
+        with:
+          node-version: 16
+      - run: if [ -f yarn.lock ]; then yarn install; else npm ci; fi
+      - run: if [ -f yarn.lock ]; then yarn edgio:deploy -- --token=$EDGIO_DEPLOY_TOKEN; else npm run edgio:deploy -- --token=$EDGIO_DEPLOY_TOKEN; fi
+        env:
+          EDGIO_DEPLOY_TOKEN: ${{secrets.EDGIO_DEPLOY_TOKEN}}

examples/v7-jwt-verification/.gitignore

@@ -0,0 +1,5 @@
+# Edgio generated build directory
+/.edgio
+
+/node_modules
+.env

examples/v7-jwt-verification/edge-functions/JWT.js

@@ -0,0 +1,54 @@
+import { Buffer } from 'buffer'
+import * as Base64 from 'crypto-js/enc-base64url'
+import { HmacSHA256, HmacSHA384, HmacSHA512 } from 'crypto-js'
+
+const base64decode = (str) => Buffer.from(str, 'base64').toString()
+
+const hashLibraries = {
+  HS256: HmacSHA256,
+  HS384: HmacSHA384,
+  HS512: HmacSHA512,
+}
+
+export class JWT {
+  // JWT validation process:
+  // 1. Split the token by '.' to get the header (json), payload (json), and signature (string).
+  // 2. Calculate a signature using the algorithm in the header (hardcoded here) to join the header and payload with a
+  //    '.', and hash it using a secret value
+  // 3. Compare the calculated signature with the one from the token. If they match, the token is valid. If not, the
+  //    token has been tampered with.
+
+  constructor(token, secret) {
+    const [ header_base64, payload_base64, origSignature ] = token.split('.')
+
+    this.header_base64 = header_base64
+    this.payload_base64 = payload_base64
+
+    this.header = JSON.parse(base64decode(header_base64))
+    this.payload = JSON.parse(base64decode(payload_base64))
+
+    this.origSignature = origSignature
+
+    this.hasher = hashLibraries[this.header.alg]
+    this.secret = secret
+  }
+
+  validate() {
+    console.log(`validating token using ${this.header.alg} algorithm.`)
+    const calculatedSignature = Base64.stringify(
+      this.hasher(
+        `${this.header_base64}.${this.payload_base64}`,
+        this.secret
+      )
+    )
+    return calculatedSignature === this.origSignature
+  }
+
+  payloadObject() {
+    return this.payload
+  }
+
+  algUsed() {
+    return this.header.alg
+  }
+}

examples/v7-jwt-verification/edge-functions/validate.js

@@ -0,0 +1,21 @@
+import { JWT } from './JWT.js'
+
+export async function handleHttpRequest(request, context) {
+  const token = await request.text()
+  const secret = context.environmentVars['JWT_SECRET'] || ''
+  const resp = {
+    valid: false
+  }
+
+  const jwt = new JWT(token, secret)
+  const isValid = jwt.validate()
+  if (isValid) {
+    resp.valid = true
+    resp.payload = jwt.payloadObject()
+    resp.alg = jwt.algUsed()
+  }
+
+  return new Response(JSON.stringify(resp), {
+    status: isValid ? 200 : 403
+  })
+}

examples/v7-jwt-verification/edgio.config.js

@@ -0,0 +1,90 @@
+// This file was automatically added by edgio init.
+// You should commit this file to source control.
+// Learn more about this file at https://docs.edg.io/guides/edgio_config
+module.exports = {
+  // The name of the site in Edgio to which this app should be deployed.
+  name: "ef-jwt-validate",
+
+  // The name of the organization in Edgio to which this app should be deployed.
+  // organization: 'my-organization-name',
+
+  // Overrides the default path to the routes file. The path should be relative to the root of your app.
+  // routes: 'routes.js',
+
+  // When set to true or omitted entirely, Edgio includes the deployment number in the cache key,
+  // effectively purging the cache each time you deploy.
+  purgeCacheOnDeploy: true,
+  // purgeCacheOnDeploy: false,
+
+  origins: [
+    {
+      // The name of the backend origin
+      name: "origin",
+
+      // Use the following to override the host header sent from the browser when connecting to the origin
+      override_host_header: "httpbin.org",
+
+      // The list of origin hosts to which to connect
+      hosts: [
+        {
+          // The domain name or IP address of the origin server
+          location: "httpbin.org",
+        },
+      ],
+
+      tls_verify: {
+        use_sni: true,
+        sni_hint_and_strict_san_check: "httpbin.org",
+      },
+
+      // Uncomment the following to configure a shield
+      // shields: { us_east: 'DCD' },
+    },
+  ],
+
+  // Uncomment the following to specify environment specific configs
+  // environments: {
+  //   production: {
+  //     hostnames: [{ hostname: 'www.mysite.com' }],
+  //   },
+  //   staging: {
+  //     hostnames: [{ hostname: 'staging.mysite.com' }],
+  //     origins: [
+  //       {
+  //         name: 'origin',
+  //         hosts: [{ location: 'staging-origin.mysite.com' }],
+  //         override_host_header: 'staging-origin.mysite.com',
+  //         tls_verify: {
+  //           use_sni: true,
+  //           sni_hint_and_strict_san_check: 'staging-origin.mysite.com',
+  //         },
+  //         shields: { us_east: 'DCD' },
+  //       },
+  //     ],
+  //   },
+  // },
+
+  // Options for hosting serverless functions on Edgio
+  // serverless: {
+  //   // Set to true to include all packages listed in the dependencies property of package.json when deploying to Edgio.
+  //   // This option generally isn't needed as Edgio automatically includes all modules imported by your code in the bundle that
+  //   // is uploaded during deployment
+  //   includeNodeModules: true,
+  //
+  //   // Include additional paths that are dynamically loaded by your app at runtime here when building the serverless bundle.
+  //   include: ['views/**/*'],
+  // },
+
+  // The maximum number of URLs that will be concurrently prerendered during deployment when static prerendering is enabled.
+  // Defaults to 200, which is the maximum allowed value.
+  // prerenderConcurrency: 200,
+
+  // A list of glob patterns identifying which source files should be uploaded when running edgio deploy --includeSources.
+  // This option is primarily used to share source code with Edgio support personnel for the purpose of debugging. If omitted,
+  // edgio deploy --includeSources will result in all files which are not gitignored being uploaded to Edgio.
+  //
+  // sources : [
+  //   '**/*', // include all files
+  //   '!(**/secrets/**/*)', // except everything in the secrets directory
+  // ],
+};