diff --git a/otoroshi/app/env/Env.scala b/otoroshi/app/env/Env.scala index 891f8cd37..16eddbff8 100644 --- a/otoroshi/app/env/Env.scala +++ b/otoroshi/app/env/Env.scala @@ -1153,6 +1153,12 @@ class Env( .getOptionalWithFileSupport[Int]("app.exposed-ports.https") .getOrElse(httpsPort) + lazy val bestExposedPort: String = if (exposedRootSchemeIsHttps) { + exposedHttpsPort + } else { + exposedHttpPort + } + lazy val proxyState = new NgProxyState(this) lazy val http2ClientProxyEnabled = configuration diff --git a/otoroshi/app/gateway/handlers.scala b/otoroshi/app/gateway/handlers.scala index 98f01c665..cf10c1ac1 100644 --- a/otoroshi/app/gateway/handlers.scala +++ b/otoroshi/app/gateway/handlers.scala @@ -857,8 +857,8 @@ class GatewayRequestHandler( Results.Unauthorized(Json.obj("error" -> "unauthorized")).vfuture } case Success(token) => { - if (rnd == Option(token.getClaim("r").asString()).getOrElse("--")) { - val id = Option(token.getClaim("i").asString()).getOrElse("--") + if (rnd == Option(token.getClaim("r").asString()).map(v => env.aesDecrypt(v)).getOrElse("--")) { + val id = Option(token.getClaim("i").asString()).map(v => env.aesDecrypt(v)).getOrElse("--") Option(token.getClaim("k").asString()).getOrElse("--") match { case "apikey" => { env.proxyState.apikey(id) match { diff --git a/otoroshi/app/utils/infotoken.scala b/otoroshi/app/utils/infotoken.scala index 338a7bb70..d39c76443 100644 --- a/otoroshi/app/utils/infotoken.scala +++ b/otoroshi/app/utils/infotoken.scala @@ -41,8 +41,8 @@ object InfoTokenHelper { val rnd = IdGenerator.token(16) val token: String = JWT.create() .withClaim("k", kind) - .withClaim("i", id) - .withClaim("r", rnd) + .withClaim("i", env.aesEncrypt(id)) + .withClaim("r", env.aesEncrypt(rnd)) .withIssuedAt(DateTime.now().toDate) .withExpiresAt(DateTime.now().plus(secComTtl.toMillis).toDate) .sign(env.sha256Alg) @@ -53,7 +53,7 @@ object InfoTokenHelper { exp = DateTime.now().plus(secComTtl.toMillis).toDate.getTime, iat = DateTime.now().toDate.getTime, jti = IdGenerator.uuid - ).withClaim("url", s"${env.rootScheme}${env.adminApiExposedHost}/.well-known/otoroshi/consumers/${rnd}?t=${token}") + ).withClaim("url", s"${env.rootScheme}${env.adminApiExposedHost}${env.bestExposedPort}/.well-known/otoroshi/consumers/${rnd}?t=${token}") } case SecComInfoTokenVersion.Legacy => { OtoroshiClaim(