fix: public key b64 encoding

solaris007 · solaris007 · commit df2eeeefdcb6 · 2025-03-31T11:27:33.000+02:00
diff --git a/packages/spacecat-shared-http-utils/src/auth/handlers/jwt.js b/packages/spacecat-shared-http-utils/src/auth/handlers/jwt.js
@@ -26,12 +26,14 @@ export default class JwtHandler extends AbstractHandler {
   }
 
   async #setup(context) {
-    const authPublicKey = context.env?.AUTH_PUBLIC_KEY;
+    const authPublicKeyB64 = context.env?.AUTH_PUBLIC_KEY_B64;
 
-    if (!hasText(authPublicKey)) {
+    if (!hasText(authPublicKeyB64)) {
       throw new Error('No public key provided');
     }
 
+    const authPublicKey = Buffer.from(authPublicKeyB64, 'base64').toString('utf-8');
+
     this.authPublicKey = await importSPKI(authPublicKey, ALGORITHM_ES256);
   }
 
@@ -48,6 +50,8 @@ export default class JwtHandler extends AbstractHandler {
       },
     );
 
+    verifiedToken.payload.tenants = verifiedToken.payload.tenants || [];
+
     return verifiedToken.payload;
   }
 
diff --git a/packages/spacecat-shared-http-utils/test/auth/handlers/jwt.test.js b/packages/spacecat-shared-http-utils/test/auth/handlers/jwt.test.js
@@ -26,6 +26,7 @@ import AuthInfo from '../../../src/auth/auth-info.js';
 use(chaiAsPromised);
 
 const publicKey = fs.readFileSync('test/fixtures/auth/jwt/public_key.pem', 'utf8');
+const publicKeyB64 = Buffer.from(publicKey, 'utf-8').toString('base64');
 
 const privateKeyEncrypted = fs.readFileSync('test/fixtures/auth/jwt/private_key.pem', 'utf8');
 const decryptedPrivateKey = crypto.createPrivateKey({
@@ -85,7 +86,7 @@ describe('SpacecatJWTHandler', () => {
 
   it('returns null when there is no authorization header', async () => {
     const context = {
-      env: { AUTH_PUBLIC_KEY: publicKey },
+      env: { AUTH_PUBLIC_KEY_B64: publicKeyB64 },
     };
     const result = await handler.checkAuth({}, context);
 
@@ -96,7 +97,7 @@ describe('SpacecatJWTHandler', () => {
 
   it('returns null when "Bearer " is missing from the authorization header', async () => {
     const context = {
-      env: { AUTH_PUBLIC_KEY: publicKey },
+      env: { AUTH_PUBLIC_KEY_B64: publicKeyB64 },
       pathInfo: { headers: { authorization: 'some-token' } },
     };
     const result = await handler.checkAuth({}, context);
@@ -108,7 +109,7 @@ describe('SpacecatJWTHandler', () => {
 
   it('returns null when the token is empty', async () => {
     const context = {
-      env: { AUTH_PUBLIC_KEY: publicKey },
+      env: { AUTH_PUBLIC_KEY_B64: publicKeyB64 },
       pathInfo: { headers: { authorization: 'Bearer ' } },
     };
     const result = await handler.checkAuth({}, context);
@@ -123,7 +124,7 @@ describe('SpacecatJWTHandler', () => {
 
     beforeEach(() => {
       context = {
-        env: { AUTH_PUBLIC_KEY: publicKey },
+        env: { AUTH_PUBLIC_KEY_B64: publicKeyB64 },
         func: { version: 'ci' },
         log: logStub,
       };

Original file line number	Diff line number	Diff line change
`@@ -26,12 +26,14 @@ export default class JwtHandler extends AbstractHandler {`
`26`	`26`	`}`
`27`	`27`
`28`	`28`	`async #setup(context) {`
`29`		`- const authPublicKey = context.env?.AUTH_PUBLIC_KEY;`
	`29`	`+ const authPublicKeyB64 = context.env?.AUTH_PUBLIC_KEY_B64;`
`30`	`30`
`31`		`- if (!hasText(authPublicKey)) {`
	`31`	`+ if (!hasText(authPublicKeyB64)) {`
`32`	`32`	`throw new Error('No public key provided');`
`33`	`33`	`}`
`34`	`34`
	`35`	`+ const authPublicKey = Buffer.from(authPublicKeyB64, 'base64').toString('utf-8');`
	`36`	`+`
`35`	`37`	`this.authPublicKey = await importSPKI(authPublicKey, ALGORITHM_ES256);`
`36`	`38`	`}`
`37`	`39`
`@@ -48,6 +50,8 @@ export default class JwtHandler extends AbstractHandler {`
`48`	`50`	`},`
`49`	`51`	`);`
`50`	`52`
	`53`	`+ verifiedToken.payload.tenants = verifiedToken.payload.tenants \|\| [];`
	`54`	`+`
`51`	`55`	`return verifiedToken.payload;`
`52`	`56`	`}`
`53`	`57`