audit logic

openinfradev · Jan 24, 2024 · 19f7d04 · 19f7d04
1 parent 40de76e
commit 19f7d04
Show file tree

Hide file tree

Showing 4 changed files with 66 additions and 6 deletions.
diff --git a/internal/middleware/audit/audit.go b/internal/middleware/audit/audit.go
@@ -1 +1,29 @@
 package audit
+
+import (
+	"github.com/openinfradev/tks-api/internal/repository"
+	"net/http"
+)
+
+type Interface interface {
+	WithAudit(handler http.Handler) http.Handler
+}
+
+type defaultAudit struct {
+	repo repository.Repository
+}
+
+func NewDefaultAudit(repo repository.Repository) *defaultAudit {
+	return &defaultAudit{
+		repo: repo,
+	}
+}
+
+// TODO: implement audit logic
+func (a *defaultAudit) WithAudit(handler http.Handler) http.Handler {
+	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		// TODO: implement audit logic
+
+		handler.ServeHTTP(w, r)
+	})
+}
diff --git a/internal/middleware/auth/request/context.go b/internal/middleware/auth/request/context.go
@@ -13,6 +13,7 @@ const (
 	userToken
 	sessionKey
 	endpointKey
+	auditKey
 )
 
 func WithValue(parent context.Context, key, val interface{}) context.Context {
@@ -54,3 +55,12 @@ func EndpointFrom(ctx context.Context) (internalApi.Endpoint, bool) {
 	endpoint, ok := ctx.Value(endpointKey).(internalApi.Endpoint)
 	return endpoint, ok
 }
+
+func WithAudit(parent context.Context, audit string) context.Context {
+	return WithValue(parent, auditKey, audit)
+}
+
+func AuditFrom(ctx context.Context) (string, bool) {
+	audit, ok := ctx.Value(auditKey).(string)
+	return audit, ok
+}
diff --git a/internal/middleware/middleware.go b/internal/middleware/middleware.go
@@ -2,6 +2,7 @@ package middleware
 
 import (
 	internalApi "github.com/openinfradev/tks-api/internal/delivery/api"
+	"github.com/openinfradev/tks-api/internal/middleware/audit"
 	"github.com/openinfradev/tks-api/internal/middleware/auth/authenticator"
 	"github.com/openinfradev/tks-api/internal/middleware/auth/authorizer"
 	"github.com/openinfradev/tks-api/internal/middleware/auth/requestRecoder"
@@ -12,22 +13,41 @@ type Middleware struct {
 	authenticator  authenticator.Interface
 	authorizer     authorizer.Interface
 	requestRecoder requestRecoder.Interface
+	audit          audit.Interface
 }
 
 func NewMiddleware(authenticator authenticator.Interface,
 	authorizer authorizer.Interface,
-	requestRecoder requestRecoder.Interface) *Middleware {
+	requestRecoder requestRecoder.Interface,
+	audit audit.Interface) *Middleware {
 	ret := &Middleware{
 		authenticator:  authenticator,
 		authorizer:     authorizer,
 		requestRecoder: requestRecoder,
+		audit:          audit,
 	}
 	return ret
 }
 
 func (m *Middleware) Handle(endpoint internalApi.Endpoint, handle http.Handler) http.Handler {
-	handler := m.authorizer.WithAuthorization(handle)
-	handler = m.requestRecoder.WithRequestRecoder(endpoint, handler)
-	handler = m.authenticator.WithAuthentication(handler)
-	return handler
+
+	// pre-handler
+	preHandler := m.authorizer.WithAuthorization(handle)
+	// TODO: this is a temporary solution. check if this is the right place to put audit middleware
+	preHandler = m.audit.WithAudit(preHandler)
+	preHandler = m.requestRecoder.WithRequestRecoder(endpoint, preHandler)
+	preHandler = m.authenticator.WithAuthentication(preHandler)
+
+	// post-handler
+	emptyHandler := http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {})
+
+	// append post-handler below
+	// TODO: this is a temporary solution. check if this is the right place to put audit middleware
+	postHandler := m.audit.WithAudit(emptyHandler)
+
+	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		preHandler.ServeHTTP(w, r)
+
+		postHandler.ServeHTTP(w, r)
+	})
 }
diff --git a/internal/route/route.go b/internal/route/route.go
@@ -5,6 +5,7 @@ import (
 	"context"
 	"fmt"
 	internalApi "github.com/openinfradev/tks-api/internal/delivery/api"
+	"github.com/openinfradev/tks-api/internal/middleware/audit"
 	"github.com/openinfradev/tks-api/internal/middleware/auth/requestRecoder"
 	"io"
 	"net/http"
@@ -65,7 +66,8 @@ func SetupRouter(db *gorm.DB, argoClient argowf.ArgoClient, kc keycloak.IKeycloa
 	customMiddleware := internalMiddleware.NewMiddleware(
 		authenticator.NewAuthenticator(authKeycloak.NewKeycloakAuthenticator(kc)),
 		authorizer.NewDefaultAuthorization(repoFactory),
-		requestRecoder.NewDefaultRequestRecoder())
+		requestRecoder.NewDefaultRequestRecoder(),
+		audit.NewDefaultAudit(repoFactory))
 
 	cache := gcache.New(5*time.Minute, 10*time.Minute)