httpd: add a setting to customize tokens validation

Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
2025-12-08 07:10:56 +03:00 · 2022-05-28 13:28:50 +02:00
parent 91dfa501f8
commit 32da923dfe
13 changed files with 62 additions and 278 deletions
--- a/httpd/middleware.go
+++ b/httpd/middleware.go
@@ -76,11 +76,13 @@ func validateJWTToken(w http.ResponseWriter, r *http.Request, audience tokenAudi
 		doRedirect("Your token audience is not valid", nil)
 		return errInvalidToken
 	}
-	ipAddr := util.GetIPFromRemoteAddress(r.RemoteAddr)
-	if !util.Contains(token.Audience(), ipAddr) {
-		logger.Debug(logSender, "", "the token with id %#v is not valid for the ip address %#v", token.JwtID(), ipAddr)
-		doRedirect("Your token is not valid", nil)
-		return errInvalidToken
+	if tokenValidationMode != tokenValidationNoIPMatch {
+		ipAddr := util.GetIPFromRemoteAddress(r.RemoteAddr)
+		if !util.Contains(token.Audience(), ipAddr) {
+			logger.Debug(logSender, "", "the token with id %#v is not valid for the ip address %#v", token.JwtID(), ipAddr)
+			doRedirect("Your token is not valid", nil)
+			return errInvalidToken
+		}
 	}
 	return nil
 }