README
¶
This repository includes a traefik plugin, jwt, It can check jwt from cookie or header. And It has optional configuration to set jwt to another header for backend.
Configuration
The plugin needs to be configured in the Traefik static configuration before it can be used.
Installation with Helm
# snippet from helm values.yaml
experimental:
plugins:
enabled: true
additionalArguments:
- --experimental.plugins.traefik-jwt-middleware.moduleName=github.com/aseara/jc2h
- --experimental.plugins.traefik-jwt-middleware.version=v0.1.2
Installation via command line
# Static configuratio
experimental:
plugins:
traefik-jwt-middleware:
moduleName: github.com/aseara/jc2h
version: v0.1.2
Configuration
The plugin currently supports the following configuration settings: (all fields are optional)
| Setting | Allowed values | Description |
|---|---|---|
| checkCookie | boolean | If set to true, will try extract token from cookie with cookieName unless checkHeader is set to true and token is extracted from header. |
| cookieName | string | Used as cookie name when extracting token from cookie. Needed if checkCookie is true. |
| checkHeader | boolean | If set to true, will try extract token from header with headerName. |
| headerName | string | Used to extract token from header. When checkHeader is true and this is empty, headerName will be set to Default value is 'Authorization' and headerValuePrefix to 'Bearer'. |
| headerValuePrefix | string | When extract token from header, this will be the prefix of header value. |
| signKey | string | PEM format public key to verify the jwt token. Cannot be empty when checkCookie or checkHeader is true. |
| ssoLoginUrl | string | login url to redirect when token invalid. Cannot be empty when checkCookie or checkHeader is true. |
| injectHeader | string | If set , the jwt token will be injected into request header with injectHeader value as key. |
Example configuration
This example uses Kubernetes Custom Resource Descriptors (CRD) :
apiVersion: traefik.containo.us/v1alpha1
kind: Middleware
metadata:
name: traefik-jwt-plugin
spec:
plugin:
traefik-jwt-plugin:
checkCookie: true
cookieName: jwt-token
ssoLoginUrl: https://sso.xxxx.cn
injectHeader: X-JWT-TOKEN
signKey: |
-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnzyis1ZjfNB0bBgKFMSv
vkTtwlvBsaJq7S5wA+kzeVOVpVWwkWdVha4s38XM/pa/yr47av7+z3VTmvDRyAHc
aT92whREFpLv9cj5lTeJSibyr/Mrm/YtjCZVWgaOYIhwrXwKLqPr/11inWsAkfIy
tvHWTxZYEcXLgAXFuUuaS3uF9gEiNQwzGTU1v0FqkqTBr4B8nW3HCN47XUu0t8Y0
e+lf4s4OxQawWD79J9/5d3Ry0vbV3Am1FtGJiJvOwRsIfVChDpYStTcHTCMqtvWb
V6L11BWkpzGXSW4Hv43qa+GSYOD2QU68Mb59oSk2OB+BtOLpJofmbGEGgvmwyCI9
MwIDAQAB
-----END PUBLIC KEY-----
Activate plugin in your config
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: test-server
labels:
app: test-server
annotations:
kubernetes.io/ingress.class: traefik
traefik.ingress.kubernetes.io/router.middlewares: traefik-jwt-plugin@kubernetescrd
Documentation
¶
Overview ¶
Package jc2h plugin a jwt auth plugin.
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
Types ¶
type Config ¶
type Config struct {
CheckCookie bool `json:"checkCookie,omitempty"`
CookieName string `json:"cookieName,omitempty"`
CheckHeader bool `json:"checkHeader,omitempty"`
HeaderName string `json:"headerName,omitempty"`
HeaderValuePrefix string `json:"headerValuePrefix,omitempty"`
SignKey string `json:"signKey,omitempty"`
SsoLoginURL string `json:"ssoLoginUrl,omitempty"`
InjectHeader string `json:"injectHeader,omitempty"`
}
Config the plugin configuration.
func CreateConfig ¶
func CreateConfig() *Config
CreateConfig creates the default plugin configuration.
Source Files
Click to show internal directories.
Click to hide internal directories.