From 900eebb9a459d5db46c6f4265ec96207ee7a95bc Mon Sep 17 00:00:00 2001 From: Harshavardhana Date: Tue, 11 Aug 2020 16:09:34 -0700 Subject: [PATCH] use jwt instead of basicAuth for webEnv (#10246) --- pkg/env/web_env.go | 16 ++++++++++++++-- 1 file changed, 14 insertions(+), 2 deletions(-) diff --git a/pkg/env/web_env.go b/pkg/env/web_env.go index 25c56fbdc..fd2d2d8cb 100644 --- a/pkg/env/web_env.go +++ b/pkg/env/web_env.go @@ -30,6 +30,8 @@ import ( "os" "regexp" "time" + + "github.com/dgrijalva/jwt-go" ) const ( @@ -96,10 +98,20 @@ func fetchEnvHTTP(envKey string, u *url.URL) (string, error) { return "", err } - if username != "" && password != "" { - req.SetBasicAuth(username, password) + claims := &jwt.StandardClaims{ + ExpiresAt: int64(15 * time.Minute), + Issuer: username, + Subject: envKey, + } + + token := jwt.NewWithClaims(jwt.SigningMethodHS512, claims) + ss, err := token.SignedString([]byte(password)) + if err != nil { + return "", err } + req.Header.Set("Authorization", "Bearer "+ss) + clnt := &http.Client{ Transport: &http.Transport{ Proxy: http.ProxyFromEnvironment,