TUN-6772: Add a JWT Validator as an ingress verifier

This adds a new verifier interface that can be attached to ingress.Rule. This would act as a middleware layer that gets executed at the start of proxy.ProxyHTTP. A jwt validator implementation for this verifier is also provided. The validator downloads the public key from the access teams endpoint and uses it to verify the JWT sent to cloudflared with the audtag (clientID) information provided in the config.
2025-07-29 17:39:57 +00:00 · 2022-09-21 15:17:44 +01:00
parent e9a2c85671
commit de07da02cd
51 changed files with 4371 additions and 790 deletions
--- a/vendor/golang.org/x/xerrors/fmt.go
+++ b/vendor/golang.org/x/xerrors/fmt.go
@@ -33,6 +33,9 @@ const percentBangString = "%!"
 // It is invalid to include more than one %w verb or to supply it with an
 // operand that does not implement the error interface. The %w verb is otherwise
 // a synonym for %v.
+//
+// Note that as of Go 1.13, the fmt.Errorf function will do error formatting,
+// but it will not capture a stack backtrace.
 func Errorf(format string, a ...interface{}) error {
 	format = formatPlusW(format)
 	// Support a ": %[wsv]" suffix, which works well with xerrors.Formatter.