include binaries for the release

jetbrains-infra · Jul 20, 2020 · 15afc0e · 15afc0e
1 parent 8fc9bd1
commit 15afc0e
Show file tree

Hide file tree

Showing 89 changed files with 9,606 additions and 0 deletions.
diff --git a/lambda-release/jwks-generated.json b/lambda-release/jwks-generated.json
@@ -0,0 +1,8 @@
+{
+  "generated": "2020-07-20T16:23:41.147Z",
+  "alg": "RS256",
+  "keys": {
+    "public:9288e824-24ea-4a0f-afdd-d75e32a98977": "-----BEGIN PUBLIC KEY-----\nMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAyp0Xn8WhiYemqglMqKTY\n84f7QBhnjkvBXZNLuqkzyCDXCV/rdN8NdwvJEIHi97JPIdyHgd8PJzfLi/3orx1M\n2YyUwCFnQpXlFwvymcYiqmqviwBWbUXg2Kx70Yx24u9nktRmu2b1sklsiYfASoVS\nShOTWnHXM1kGiBbVI1F6hn8mKGY+/tl4YLj0woTkmbNWB6tqF4jXmsx4MMft1zx1\nifR6rD2UZBUH5SBpEJ7m7QIgawtYfscA64Pa91tJ3Xnv3qyOUeH377L/ovJrou2t\nH0RABEUwx0MhS99/nrdwDWGI3zoUYyoHcnmdbZejjvTPgL4NFYXTvoLfa+YP82Xm\n34NgWkVBv85d13cY9l1KfVkPETnwYk8U0zPLE0enC7sVOPIKOhLUycgg0EqQYdow\nKLxQmTmLdnNSHzRMF7uEzN4IuOP5tEi9Bje2SKLPUlQFNnwnH1kaC58eH4MDZiID\nEIUP8K8fA6avdhehSiYLAz6yBRo7QNUwv7+oBGZzm/bb64KD61AkfkopJQco0Jv7\nL+1om372OCbmcHfn6nhYuDCQngGo6kmSMOCKR0lCv6IvTPxLty/ZMyQhUy43pzLe\nghLwlsMFnG9WduNLv+dK+Zns+Cr/fsT8ONoH4mwFO60BInKXSuO7ULj1L3pEiyPW\nSAXSd2QNEmICs214L6grKdECAwEAAQ==\n-----END PUBLIC KEY-----\n",
+    "public:48c80d74-9653-44e7-82b5-0ef8a9794480": "-----BEGIN PUBLIC KEY-----\nMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAxtzQnn68s9wPyVD0s2ez\nfLdvk2AL3jcx6IHL0LEusHZ4tNrOLhgSxT9I66JYaWisNWaJwg4TUJVeqDVUWtMg\nRs53gErdwyuTp7W0meHws54NSXydIF0FpCWHd3+zIHqTvCFJhwVVUywfYNs4KHzW\nThvcnDfIcYbJTMif4EfkPOD0EVfhmh0xmqXeObrmVF1h2nZ+WPUPeQPv5iChWTyi\nsWviPLwEc4f+uD5YmIwKrj5HWTLoeCvoZFyslqtiEnyF6YuDezKWOMvDLbU3wjtG\nF0sSUCysNjlUiv0H2xI2RjdVnp/2XNT1GzKJY5d0ioIUAhGx93goUGEaECV2AkBI\nYEtYnGqSFrg4v4OyAYFBbRzQ3UgFj9rDJKxaTmdUYU/VE25Wjnr7pS3NsWZY6qNk\nlH4n27dvr7iuCpgc9x40JKI/DvtQWgm0E2CG7VgFjmfRh1kVFykZyS8/kHyyfQCJ\n7pGGqAK+BNyWNblTGAuVkxmwRvmLXIZi1cHTuJShk04hn6uSy9pRQAYhRH5yiVGs\naKmIXKCIaWJaxI49gQ9PC36GBSFcDNGCQ9MGlI8EKSRRIs5nQ/7I5unLljW7bKpK\n35g6mHJnDaIM4+TT86kdcvQHOiS8PvapWye/BHIFtA/fH+YR3d3T/4GIQgGnAHsA\nfGWrWzfVbAKgifgvpQVP9OMCAwEAAQ==\n-----END PUBLIC KEY-----\n"
+  }
+}
diff --git a/lambda-release/lambda.js b/lambda-release/lambda.js
@@ -0,0 +1,86 @@
+const jwt = require('jsonwebtoken');
+// if the file is missing, make sure build-lambda.js was executed
+const {alg: jwtAlgorithm, keys: jwtKeys} = require('./jwks-generated.json');
+
+function jwksGetKey(header, callback) {
+    const key = jwtKeys[header.kid];
+    if (key == null) {
+        callback(new Error("Unknown kid"), null);
+    } else {
+        callback(null, key);
+    }
+}
+
+function parseToken(headers) {
+    //see https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/lambda-examples.html
+    const {authorization = []} = headers;
+    if (authorization.length > 0) {
+        for (let i = 0; i < authorization.length; i++) {
+            const token = authorization[i].value || ''
+            const prefix = 'Bearer ';
+            if (token.startsWith(prefix)) {
+                return token.substring(prefix.length)
+            }
+        }
+    }
+
+    return null;
+}
+
+function notAuthorized(callback) {
+    callback(null, {
+        status: '403',
+        statusDescription: 'Not Authorized by JetBrains',
+        body: 'Not Authorized by JetBrains'
+    });
+}
+
+function handler(request, callback) {
+    const token = parseToken(request.headers)
+
+    if (!token) {
+        notAuthorized(callback)
+        return;
+    }
+
+    function handleJwtReply(err, payload) {
+        if (err != null) {
+            // token exists but it-is invalid
+            console.log('Failed to verify token.', err);
+            notAuthorized(callback);
+            return;
+        }
+
+        const {sub = ''} = payload;
+        if (!sub.toLowerCase().endsWith("@jetbrains.com")) {
+            // token exists but it-is invalid
+            console.log('Invalid email address', err);
+            notAuthorized(callback);
+            return;
+        }
+
+        //allow the request
+        callback(null, request)
+    }
+
+    try {
+        jwt.verify(token, jwksGetKey, { algorithm: jwtAlgorithm}, (err, payload) => {
+            try {
+                return handleJwtReply(err, payload);
+            } catch (err) {
+                // token exists but it-is invalid
+                console.log('Failed to handle a token', err);
+                notAuthorized(callback);
+            }
+        })
+    } catch (err) {
+        // token exists but it-is invalid
+        console.log('Crashed to verify a token', err);
+        notAuthorized(callback);
+    }
+}
+
+exports.handler = (event, context, callback) => {
+    const request = event.Records[0].cf.request;
+    handler(request, callback)
+};
diff --git a/lambda-release/node_modules/.bin/semver b/lambda-release/node_modules/.bin/semver
diff --git a/lambda-release/node_modules/buffer-equal-constant-time/.npmignore b/lambda-release/node_modules/buffer-equal-constant-time/.npmignore
diff --git a/lambda-release/node_modules/buffer-equal-constant-time/.travis.yml b/lambda-release/node_modules/buffer-equal-constant-time/.travis.yml
diff --git a/lambda-release/node_modules/buffer-equal-constant-time/LICENSE.txt b/lambda-release/node_modules/buffer-equal-constant-time/LICENSE.txt
diff --git a/lambda-release/node_modules/buffer-equal-constant-time/README.md b/lambda-release/node_modules/buffer-equal-constant-time/README.md
diff --git a/lambda-release/node_modules/buffer-equal-constant-time/index.js b/lambda-release/node_modules/buffer-equal-constant-time/index.js
diff --git a/lambda-release/node_modules/buffer-equal-constant-time/package.json b/lambda-release/node_modules/buffer-equal-constant-time/package.json
diff --git a/lambda-release/node_modules/buffer-equal-constant-time/test.js b/lambda-release/node_modules/buffer-equal-constant-time/test.js
diff --git a/lambda-release/node_modules/ecdsa-sig-formatter/CODEOWNERS b/lambda-release/node_modules/ecdsa-sig-formatter/CODEOWNERS