pr feedback

2026-05-20 03:00:43 -05:00 · 2025-12-09 15:51:03 -08:00
parent 18b4accaf8
commit 7900980c32
3 changed files with 16 additions and 11 deletions
@@ -17,6 +17,7 @@ package sqlserver
 import (
 	"errors"
 	"fmt"
+	"strings"
 	"time"

 	"github.com/sirupsen/logrus"
@@ -45,12 +46,16 @@ func validateJWT(jwksConfig *servercfg.JwksConfig, token string, reqTime time.Ti
 		return false, nil, fmt.Errorf("unable to validate JWT token: %w", err)
 	}

-	logString := "Metrics Auth with JWT: "
-	for _, field := range jwksConfig.FieldsToLog {
-		logString += fmt.Sprintf("%s: %s,", field, getClaimFromKey(privClaims, field))
+	if pr.Subject != privClaims.Subject {
+		return false, nil, fmt.Errorf("JWT token subject does not match subject claim")
 	}

-	logrus.Info(logString)
+	var keyValPairs []string
+	for _, field := range jwksConfig.FieldsToLog {
+		keyValPairs = append(keyValPairs, fmt.Sprintf("'%s': '%s'", field, getClaimFromKey(privClaims, field))
+	}
+
+	logrus.Info("Metrics Auth with JWT: " + strings.Join(keyValPairs, ", "))
 	return true, privClaims, nil
 }

@@ -632,7 +632,7 @@ func ConfigureServices(

 						valid, _, err := validateJWT(jwksConfig, strings.TrimPrefix(auth, "Bearer "), time.Now())
 						if err != nil {
-							logrus.Warnf("JWT validation error for /metrics: %w", err)
+							logrus.Warnf("JWT validation error for /metrics: %v", err)
 							http.Error(w, "auth failed", http.StatusUnauthorized)
 							return
 						} else if !valid {
@@ -64,9 +64,9 @@ metrics:
      name: jwks_name
      location_url: https://website.com
      claims: 
-        field1: a
-        field2: b
-      fields_to_log: [field1, field2]
+        iss: dolthub.com
+        aud: metrics
+      fields_to_log: [iss, aud]

 user_session_vars:
    - name: user0
@@ -121,10 +121,10 @@ jwks:
 			Name:        "jwks_name",
 			LocationUrl: "https://website.com",
 			Claims: map[string]string{
-				"field1": "a",
-				"field2": "b",
+				"iss": "dolthub.com",
+				"aud": "metrics",
 			},
-			FieldsToLog: []string{"field1", "field2"},
+			FieldsToLog: []string{"iss", "aud"},
 		},
 	}
 	expected.DataDirStr = ptr("some nonsense")