Ability to decode JWT headers

mendhak · mendhak · commit 17b20d365dc7 · 2020-10-09T10:50:11.000+01:00
diff --git a/README.md b/README.md
@@ -1,8 +1,9 @@
-Docker image which echoes various HTTP request properties back to client, as well as in docker logs. 
+Docker image which echoes various HTTP request properties back to client, as well as in the Docker container logs.  
+You can use your own certificates, choose your ports, decode JWT headers and filter out certain paths
 
 ![browser](https://raw.githubusercontent.com/mendhak/docker-http-https-echo/master/screenshots/screenshot.png)
 
-## Usage
+## Basic Usage
 
 Run with Docker
 
@@ -17,20 +18,6 @@ Then, issue a request via your browser or curl, and watch the response, as well
     curl -k -X PUT -H "Arbitrary:Header" -d aaa=bbb https://localhost:8443/hello-world
 
 
-## Use your own certificates
-
-You can substitute the certificate and private key with your own. This example uses the snakeoil cert.
-
-    my-http-listener:
-        image: mendhak/http-https-echo
-        ports:
-            - "8080:80"
-            - "8443:443"
-        volumes:
-            - /etc/ssl/certs/ssl-cert-snakeoil.pem:/app/fullchain.pem
-            - /etc/ssl/private/ssl-cert-snakeoil.key:/app/privkey.pem
-
-
 ## Choose your ports
 
 You can choose a different internal port instead of 80 and 443 with the `HTTP_PORT` and `HTTPS_PORT` environment variables. 
@@ -51,6 +38,35 @@ With docker compose, this would be:
             - "8080:8888"
             - "8443:9999"
 
+
+## Use your own certificates
+
+Use volume mounting to substitute the certificate and private key with your own. This example uses the snakeoil cert.
+
+    my-http-listener:
+        image: mendhak/http-https-echo
+        ports:
+            - "8080:80"
+            - "8443:443"
+        volumes:
+            - /etc/ssl/certs/ssl-cert-snakeoil.pem:/app/fullchain.pem
+            - /etc/ssl/private/ssl-cert-snakeoil.key:/app/privkey.pem
+
+
+
+## Decode JWT header
+
+If you specify the header that contains the JWT, the echo output will contain the decoded JWT.  Use the `JWT_HEADER` environment variable for this. 
+
+    docker run -e JWT_HEADER=Authentication -p 8080:80 -p 8443:443 --rm -it mendhak/http-https-echo
+
+
+Now make your request with `Authentication: eyJ...` header (it should also work with the `Authentication: Bearer eyJ...` schema too):
+
+     curl -k -H "Authentication: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c" http://localhost:8080/
+
+And in the output you should see a `jwt` section. 
+
 ## Do not log specific path
 
 Set the environment variable `LOG_IGNORE_PATH` to a path you would like to exclude from verbose logging to stdout. 
diff --git a/index.js b/index.js
@@ -42,10 +42,11 @@ app.all('*', (req, res) => {
     }
   };
   if (process.env.JWT_HEADER) {
-    const token = req.headers[process.env.JWT_HEADER.toLowerCase()];
+    let token = req.headers[process.env.JWT_HEADER.toLowerCase()];
     if (!token) {
       echo.jwt = token;
     } else {
+      token = token.split(" ").pop();
       const decoded = jwt.decode(token, {complete: true});
       echo.jwt = decoded;
     }
diff --git a/package-lock.json b/package-lock.json

Original file line number	Diff line number	Diff line change
`@@ -42,10 +42,11 @@ app.all('*', (req, res) => {`
`42`	`42`	`}`
`43`	`43`	`};`
`44`	`44`	`if (process.env.JWT_HEADER) {`
`45`		`- const token = req.headers[process.env.JWT_HEADER.toLowerCase()];`
	`45`	`+ let token = req.headers[process.env.JWT_HEADER.toLowerCase()];`
`46`	`46`	`if (!token) {`
`47`	`47`	`echo.jwt = token;`
`48`	`48`	`} else {`
	`49`	`+ token = token.split(" ").pop();`
`49`	`50`	`const decoded = jwt.decode(token, {complete: true});`
`50`	`51`	`echo.jwt = decoded;`
`51`	`52`	`}`