From 9227a281c7b3d7efd1807247556525218674e449 Mon Sep 17 00:00:00 2001 From: Steven Lee Date: Sat, 15 Jun 2024 12:01:58 +0100 Subject: [PATCH] FEAT: skeleton authN middleware --- .env.example | 3 ++- config/config.go | 2 ++ server/auth.go | 44 ++++++++++++++++++++++++++++++++++++++++++++ server/middleware.go | 7 +++++++ server/server.go | 5 ++++- 5 files changed, 59 insertions(+), 2 deletions(-) create mode 100644 server/auth.go diff --git a/.env.example b/.env.example index ec01d74..5f2413f 100644 --- a/.env.example +++ b/.env.example @@ -1,3 +1,4 @@ HOST=localhost PORT=8080 -ALLOWED_ORIGINS=http://localhost:8080 \ No newline at end of file +ALLOWED_ORIGINS=http://localhost:8080 +AUTH_PROVIDER=none \ No newline at end of file diff --git a/config/config.go b/config/config.go index e317e2d..87cf802 100644 --- a/config/config.go +++ b/config/config.go @@ -10,6 +10,7 @@ type Config struct { Host string Port string AllowedOrigin string + AuthProvider string } func New() Config { @@ -19,6 +20,7 @@ func New() Config { Host: host, Port: port, AllowedOrigin: getEnvDefault("ALLOWED_ORIGINS", fmt.Sprintf("http://%s:%s", host, port)), + AuthProvider: getEnvDefault("AUTH_PROVIDER", "none"), } } diff --git a/server/auth.go b/server/auth.go new file mode 100644 index 0000000..7456f3e --- /dev/null +++ b/server/auth.go @@ -0,0 +1,44 @@ +package server + +import ( + "net/http" + "strings" + + "github.com/xray-web/web-check-api/config" +) + +type User struct { + ID string + Email string + Name string + Roles []string +} + +type Auth struct { + conf config.Config + // connection / sdk to auth provider, to trade token for user session token +} + +func NewAuth(conf config.Config) *Auth { + // TODO: reduce scope of conf when we know what auth provider we will use + return &Auth{conf: conf} +} + +func (a *Auth) Authenticate(h http.Handler) http.Handler { + return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { + if a.conf.AuthProvider == "none" { + h.ServeHTTP(w, r) + return + } + authHeader := r.Header.Get("Authorization") + // expect "Bearer token" format + parts := strings.Split(authHeader, " ") + if len(parts) != 2 || parts[0] != "Bearer" { + w.WriteHeader(http.StatusUnauthorized) + return + } + // use token to get user ID from auth provider + // TODO: swap token for user session token + + }) +} diff --git a/server/middleware.go b/server/middleware.go index b77e077..5a98a57 100644 --- a/server/middleware.go +++ b/server/middleware.go @@ -49,3 +49,10 @@ func HealthCheck() http.Handler { json.NewEncoder(w).Encode(Response{Status: "ok"}) }) } + +func middlewares(h http.Handler, middlewares ...func(http.Handler) http.Handler) http.Handler { + for _, m := range middlewares { + h = m(h) + } + return h +} diff --git a/server/server.go b/server/server.go index 102bdf3..fe51cb3 100644 --- a/server/server.go +++ b/server/server.go @@ -53,7 +53,10 @@ func (s *Server) routes() { s.mux.Handle("GET /api/tls", handlers.HandleTLS(s.checks.Tls)) s.mux.Handle("GET /api/trace-route", handlers.HandleTraceRoute()) - s.srv.Handler = s.CORS(s.mux) + s.srv.Handler = middlewares(s.mux, + s.CORS, + NewAuth(s.conf).Authenticate, + ) } func (s *Server) Run() error {