Mirrors/wireguard_webadmin
1
0
Fork 0
mirror of https://github.com/eduardogsilva/wireguard_webadmin.git synced 2026-03-17 22:36:17 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

enhance security by adding HTTP security headers and disabling OpenAPI documentation

Browse Source
This commit is contained in:
Eduardo Silva
2026-03-16 19:49:11 -03:00
parent 76048593f1
commit 4c109957e9
2 changed files with 26 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
containers/auth-gateway/auth_gateway/services/oidc_service.py
View File

@@ -38,13 +38,15 @@ class OIDCService:
client = self._client(method_name, method)
token = await client.authorize_access_token(request)
claims = {}
# Always parse and validate the ID token (validates nonce, signature, issuer, audience)
if "id_token" in token:
claims = dict(await client.parse_id_token(request, token, nonce=nonce))
# Merge userinfo on top for richer claims — core identity is from the validated ID token
if "userinfo" in token and isinstance(token["userinfo"], dict):
claims = token["userinfo"]
elif "id_token" in token:
claims = await client.parse_id_token(request, token, nonce=nonce)
claims.update(token["userinfo"])
email = claims.get("email")
subject = claims.get("sub")
return OIDCIdentity(subject=subject, email=email, claims=dict(claims))
return OIDCIdentity(subject=subject, email=email, claims=claims)
def is_oidc_identity_allowed(method: OIDCMethodModel, email: str | None) -> bool: