From 5d6b0642db91cd8635be98fd9c52cae19bf4c6f0 Mon Sep 17 00:00:00 2001
From: Sudarsan Reddy <sreddy@cloudflare.com>
Date: Wed, 21 Sep 2022 11:16:37 +0100
Subject: [PATCH] TUN-6772: Add a JWT Validator as an ingress verifier

This adds a new verifier interface that can be attached to ingress.Rule.
This would act as a middleware layer that gets executed at the start of
proxy.ProxyHTTP.

A jwt validator implementation for this verifier is also provided. The
validator downloads the public key from the access teams endpoint and
uses it to verify the JWT sent to cloudflared with the audtag (clientID)
information provided in the config.
---
 ingress/middleware/jwtvalidator_test.go |  6 ++++++
 ingress/middleware/verifier.go          | 10 ++++++++++
 2 files changed, 16 insertions(+)
 create mode 100644 ingress/middleware/jwtvalidator_test.go
 create mode 100644 ingress/middleware/verifier.go

diff --git a/ingress/middleware/jwtvalidator_test.go b/ingress/middleware/jwtvalidator_test.go
new file mode 100644
index 00000000..c12f6011
--- /dev/null
+++ b/ingress/middleware/jwtvalidator_test.go
@@ -0,0 +1,6 @@
+package middleware
+
+import "testing"
+
+func TestJWTValidatorHandle(t *testing.T) {
+}
diff --git a/ingress/middleware/verifier.go b/ingress/middleware/verifier.go
new file mode 100644
index 00000000..7888dc31
--- /dev/null
+++ b/ingress/middleware/verifier.go
@@ -0,0 +1,10 @@
+package middleware
+
+import (
+	"context"
+	"net/http"
+)
+
+type Handler interface {
+	Handle(ctx context.Context, r *http.Request) error
+}