ditch jwt for oauth

joeyksclark · Apr 30, 2018 · 878409e · 878409e
1 parent 6c15f02
commit 878409e
Show file tree

Hide file tree

Showing 7 changed files with 4 additions and 29 deletions.
diff --git a/build.sbt b/build.sbt
@@ -32,7 +32,7 @@ scriptClasspath := Seq("*")
 libraryDependencies ++= Seq(
  scalaz, chess, compression, scalalib, hasher, typesafeConfig, findbugs,
  reactivemongo.driver, reactivemongo.iteratees, akka.actor, akka.slf4j,
- maxmind, prismic, netty, guava, jwt,
+ maxmind, prismic, netty, guava,
  kamon.core, kamon.influxdb,
  java8compat, semver, scrimage, scalaConfigs, scaffeine
 )
@@ -268,7 +268,7 @@ lazy val irwin = module("irwin", Seq(common, db, user, game, tournament, mod)).s
 )
 
 lazy val oauth = module("oauth", Seq(common, db, user)).settings(
- libraryDependencies ++= provided(play.api, reactivemongo.driver, jwt)
+ libraryDependencies ++= provided(play.api, reactivemongo.driver)
 )
 
 lazy val security = module("security", Seq(common, hub, db, user, i18n, slack, oauth)).settings(

diff --git a/conf/base.conf b/conf/base.conf
@@ -267,9 +267,6 @@ oauth {
  access_token = oauth_access_token
  app = oauth_client
  }
- jwt {
- public_key = ""
- }
  base_url = ${net.protocol}oauth.${net.domain}/
 }
 recaptcha {

diff --git a/modules/oauth/src/main/Env.scala b/modules/oauth/src/main/Env.scala
@@ -15,7 +15,6 @@ final class Env(
  val DbConfig = config getConfig "mongodb"
  val CollectionAccessToken = config getString "collection.access_token"
  val CollectionApp = config getString "collection.app"
- val JwtPublicKey = config getString "jwt.public_key"
  }
  import settings._
 
@@ -27,7 +26,6 @@ final class Env(
 
  lazy val server = new OAuthServer(
  tokenColl = tokenColl,
- jwtPublicKey = JWT.PublicKey(JwtPublicKey),
  asyncCache = asyncCache
  )
 

diff --git a/modules/oauth/src/main/OAuthServer.scala b/modules/oauth/src/main/OAuthServer.scala
@@ -1,7 +1,6 @@
 package lila.oauth
 
 import org.joda.time.DateTime
-import pdi.jwt.{ Jwt, JwtAlgorithm }
 import play.api.http.HeaderNames.AUTHORIZATION
 import play.api.libs.json.Json
 import play.api.mvc.{ RequestHeader, Result }
@@ -12,7 +11,6 @@ import lila.user.{ User, UserRepo }
 
 final class OAuthServer(
  tokenColl: Coll,
- jwtPublicKey: JWT.PublicKey,
  asyncCache: lila.memo.AsyncCache.Builder
 ) {
 
@@ -23,15 +21,7 @@ final class OAuthServer(
  def auth(req: RequestHeader, scopes: List[OAuthScope]): Fu[AuthResult] = {
  req.headers.get(AUTHORIZATION).map(_.split(" ", 2)) match {
  case Some(Array("Bearer", tokenStr)) => for {
- accessTokenId <- {
- if (tokenStr.size == AccessToken.idSize) fuccess(AccessToken.Id(tokenStr))
- else Jwt.decodeRaw(tokenStr, jwtPublicKey.value, Seq(JwtAlgorithm.RS256)).fold(
- err => fufail(InvalidToken),
- jsonStr => (Json.parse(jsonStr) str "jti").fold[Fu[AccessToken.Id]](fufail(InvalidToken)) { t =>
- fuccess(AccessToken.Id(t))
- }
- )
- }
+ accessTokenId <- fuccess(AccessToken.Id(tokenStr))
  accessToken <- {
  if (accessTokenId.isPersonal) personalAccessTokenCache.get(accessTokenId)
  else fetchAccessToken(accessTokenId)
@@ -71,7 +61,6 @@ object OAuthServer {
  case object ServerOffline extends AuthError("OAuth server is offline! Try again soon.")
  case object MissingAuthorizationHeader extends AuthError("Missing authorization header")
  case object InvalidAuthorizationHeader extends AuthError("Invalid authorization header")
- case object InvalidToken extends AuthError("Invalid token")
  case object NoSuchToken extends AuthError("No such token")
  case class MissingScope(scopes: List[OAuthScope]) extends AuthError("Missing scope")
  case object NoSuchUser extends AuthError("No such user")

diff --git a/modules/oauth/src/main/model.scala b/modules/oauth/src/main/model.scala
diff --git a/modules/user/src/main/UserRepo.scala b/modules/user/src/main/UserRepo.scala
@@ -359,9 +359,8 @@ object UserRepo {
  }(scala.collection.breakOut)
  }
 
- def setSeenAt(id: ID): Unit = {
+ def setSeenAt(id: ID): Unit =
  coll.updateFieldUnchecked($id(id), "seenAt", DateTime.now)
- }
 
  def recentlySeenNotKidIdsCursor(since: DateTime)(implicit cp: CursorProducer[Bdoc]) =
  coll.find($doc(

diff --git a/project/Dependencies.scala b/project/Dependencies.scala
@@ -41,7 +41,6 @@ object Dependencies {
  val guava = "com.google.guava" % "guava" % "21.0"
  val specs2 = "org.specs2" %% "specs2-core" % "4.0.2" % "test"
  val specs2Scalaz = "org.specs2" %% "specs2-scalaz" % "4.0.2" % "test"
- val jwt = "com.pauldijou" %% "jwt-core" % "0.14.1"
 
  object reactivemongo {
  val version = "0.12.3"