3 files changed, 88 insertions, 1 deletions
diff --git a/src/web_service/CMakeLists.txt b/src/web_service/CMakeLists.txt
index aff81f26d..753fb6e7a 100644
--- a/src/web_service/CMakeLists.txt
+++ b/src/web_service/CMakeLists.txt
@@ -5,10 +5,12 @@ add_library(web_service STATIC
    telemetry_json.h
    verify_login.cpp
    verify_login.h
+    verify_user_jwt.cpp
+    verify_user_jwt.h
    web_backend.cpp
    web_backend.h
    web_result.h
 )
 create_target_directory_groups(web_service)
-target_link_libraries(web_service PRIVATE common network nlohmann_json::nlohmann_json httplib)
+target_link_libraries(web_service PRIVATE common network nlohmann_json::nlohmann_json httplib cpp-jwt)
diff --git a/src/web_service/verify_user_jwt.cpp b/src/web_service/verify_user_jwt.cpp
new file mode 100644
index 000000000..78fe7bed5
--- /dev/null
+++ b/src/web_service/verify_user_jwt.cpp
@@ -0,0 +1,60 @@
+// Copyright 2018 Citra Emulator Project
+// Licensed under GPLv2 or any later version
+// Refer to the license.txt file included.
+#include <system_error>
+#include <jwt/jwt.hpp>
+#include "common/logging/log.h"
+#include "web_service/verify_user_jwt.h"
+#include "web_service/web_backend.h"
+#include "web_service/web_result.h"
+namespace WebService {
+static std::string public_key;
+std::string GetPublicKey(const std::string& host) {
+    if (public_key.empty()) {
+        Client client(host, "", ""); // no need for credentials here
+        public_key = client.GetPlain("/jwt/external/key.pem", true).returned_data;
+        if (public_key.empty()) {
+            LOG_ERROR(WebService, "Could not fetch external JWT public key, verification may fail");
+        } else {
+            LOG_INFO(WebService, "Fetched external JWT public key (size={})", public_key.size());
+        }
+    }
+    return public_key;
+}
+VerifyUserJWT::VerifyUserJWT(const std::string& host) : pub_key(GetPublicKey(host)) {}
+Network::VerifyUser::UserData VerifyUserJWT::LoadUserData(const std::string& verify_UID,
+                                                          const std::string& token) {
+    const std::string audience = fmt::format("external-{}", verify_UID);
+    using namespace jwt::params;
+    std::error_code error;
+    auto decoded =
+        jwt::decode(token, algorithms({"rs256"}), error, secret(pub_key), issuer("yuzu-core"),
+                    aud(audience), validate_iat(true), validate_jti(true));
+    if (error) {
+        LOG_INFO(WebService, "Verification failed: category={}, code={}, message={}",
+                 error.category().name(), error.value(), error.message());
+        return {};
+    }
+    Network::VerifyUser::UserData user_data{};
+    if (decoded.payload().has_claim("username")) {
+        user_data.username = decoded.payload().get_claim_value<std::string>("username");
+    }
+    if (decoded.payload().has_claim("displayName")) {
+        user_data.display_name = decoded.payload().get_claim_value<std::string>("displayName");
+    }
+    if (decoded.payload().has_claim("avatarUrl")) {
+        user_data.avatar_url = decoded.payload().get_claim_value<std::string>("avatarUrl");
+    }
+    if (decoded.payload().has_claim("roles")) {
+        auto roles = decoded.payload().get_claim_value<std::vector<std::string>>("roles");
+        user_data.moderator = std::find(roles.begin(), roles.end(), "moderator") != roles.end();
+    }
+    return user_data;
+}
+} // namespace WebService
diff --git a/src/web_service/verify_user_jwt.h b/src/web_service/verify_user_jwt.h
new file mode 100644
index 000000000..826e01eed
--- /dev/null
+++ b/src/web_service/verify_user_jwt.h
@@ -0,0 +1,25 @@
+// Copyright 2018 Citra Emulator Project
+// Licensed under GPLv2 or any later version
+// Refer to the license.txt file included.
+#pragma once
+#include <fmt/format.h>
+#include "network/verify_user.h"
+#include "web_service/web_backend.h"
+namespace WebService {
+class VerifyUserJWT final : public Network::VerifyUser::Backend {
+public:
+    VerifyUserJWT(const std::string& host);
+    ~VerifyUserJWT() = default;
+    Network::VerifyUser::UserData LoadUserData(const std::string& verify_UID,
+                                               const std::string& token) override;
+private:
+    std::string pub_key;
+};
+} // namespace WebService

diff --git a/src/web_service/CMakeLists.txt b/src/web_service/CMakeLists.txt index aff81f26d..753fb6e7a 100644 --- a/src/web_service/CMakeLists.txt +++ b/src/web_service/CMakeLists.txt
@@ -5,10 +5,12 @@ add_library(web_service STATIC
5	telemetry_json.h	5	telemetry_json.h
6	verify_login.cpp	6	verify_login.cpp
7	verify_login.h	7	verify_login.h
		8	verify_user_jwt.cpp
		9	verify_user_jwt.h
8	web_backend.cpp	10	web_backend.cpp
9	web_backend.h	11	web_backend.h
10	web_result.h	12	web_result.h
11	)	13	)
12		14
13	create_target_directory_groups(web_service)	15	create_target_directory_groups(web_service)
14	target_link_libraries(web_service PRIVATE common network nlohmann_json::nlohmann_json httplib)	16	target_link_libraries(web_service PRIVATE common network nlohmann_json::nlohmann_json httplib cpp-jwt)


diff --git a/src/web_service/verify_user_jwt.cpp b/src/web_service/verify_user_jwt.cpp new file mode 100644 index 000000000..78fe7bed5 --- /dev/null +++ b/src/web_service/verify_user_jwt.cpp
@@ -0,0 +1,60 @@
		1	// Copyright 2018 Citra Emulator Project
		2	// Licensed under GPLv2 or any later version
		3	// Refer to the license.txt file included.
		4
		5	#include <system_error>
		6	#include <jwt/jwt.hpp>
		7	#include "common/logging/log.h"
		8	#include "web_service/verify_user_jwt.h"
		9	#include "web_service/web_backend.h"
		10	#include "web_service/web_result.h"
		11
		12	namespace WebService {
		13
		14	static std::string public_key;
		15	std::string GetPublicKey(const std::string& host) {
		16	if (public_key.empty()) {
		17	Client client(host, "", ""); // no need for credentials here
		18	public_key = client.GetPlain("/jwt/external/key.pem", true).returned_data;
		19	if (public_key.empty()) {
		20	LOG_ERROR(WebService, "Could not fetch external JWT public key, verification may fail");
		21	} else {
		22	LOG_INFO(WebService, "Fetched external JWT public key (size={})", public_key.size());
		23	}
		24	}
		25	return public_key;
		26	}
		27
		28	VerifyUserJWT::VerifyUserJWT(const std::string& host) : pub_key(GetPublicKey(host)) {}
		29
		30	Network::VerifyUser::UserData VerifyUserJWT::LoadUserData(const std::string& verify_UID,
		31	const std::string& token) {
		32	const std::string audience = fmt::format("external-{}", verify_UID);
		33	using namespace jwt::params;
		34	std::error_code error;
		35	auto decoded =
		36	jwt::decode(token, algorithms({"rs256"}), error, secret(pub_key), issuer("yuzu-core"),
		37	aud(audience), validate_iat(true), validate_jti(true));
		38	if (error) {
		39	LOG_INFO(WebService, "Verification failed: category={}, code={}, message={}",
		40	error.category().name(), error.value(), error.message());
		41	return {};
		42	}
		43	Network::VerifyUser::UserData user_data{};
		44	if (decoded.payload().has_claim("username")) {
		45	user_data.username = decoded.payload().get_claim_value<std::string>("username");
		46	}
		47	if (decoded.payload().has_claim("displayName")) {
		48	user_data.display_name = decoded.payload().get_claim_value<std::string>("displayName");
		49	}
		50	if (decoded.payload().has_claim("avatarUrl")) {
		51	user_data.avatar_url = decoded.payload().get_claim_value<std::string>("avatarUrl");
		52	}
		53	if (decoded.payload().has_claim("roles")) {
		54	auto roles = decoded.payload().get_claim_value<std::vector<std::string>>("roles");
		55	user_data.moderator = std::find(roles.begin(), roles.end(), "moderator") != roles.end();
		56	}
		57	return user_data;
		58	}
		59
		60	} // namespace WebService


diff --git a/src/web_service/verify_user_jwt.h b/src/web_service/verify_user_jwt.h new file mode 100644 index 000000000..826e01eed --- /dev/null +++ b/src/web_service/verify_user_jwt.h
@@ -0,0 +1,25 @@
		1	// Copyright 2018 Citra Emulator Project
		2	// Licensed under GPLv2 or any later version
		3	// Refer to the license.txt file included.
		4
		5	#pragma once
		6
		7	#include <fmt/format.h>
		8	#include "network/verify_user.h"
		9	#include "web_service/web_backend.h"
		10
		11	namespace WebService {
		12
		13	class VerifyUserJWT final : public Network::VerifyUser::Backend {
		14	public:
		15	VerifyUserJWT(const std::string& host);
		16	~VerifyUserJWT() = default;
		17
		18	Network::VerifyUser::UserData LoadUserData(const std::string& verify_UID,
		19	const std::string& token) override;
		20
		21	private:
		22	std::string pub_key;
		23	};
		24
		25	} // namespace WebService