FEAT: skeleton authN middleware

kynrai · kynrai · commit 9227a281c7b3 · 2024-06-15T12:01:58.000+01:00
diff --git a/.env.example b/.env.example
@@ -1,3 +1,4 @@
 HOST=localhost
 PORT=8080
-ALLOWED_ORIGINS=http://localhost:8080
+ALLOWED_ORIGINS=http://localhost:8080
+AUTH_PROVIDER=none
diff --git a/config/config.go b/config/config.go
@@ -10,6 +10,7 @@ type Config struct {
 	Host          string
 	Port          string
 	AllowedOrigin string
+	AuthProvider  string
 }
 
 func New() Config {
@@ -19,6 +20,7 @@ func New() Config {
 		Host:          host,
 		Port:          port,
 		AllowedOrigin: getEnvDefault("ALLOWED_ORIGINS", fmt.Sprintf("http://%s:%s", host, port)),
+		AuthProvider:  getEnvDefault("AUTH_PROVIDER", "none"),
 	}
 }
 
diff --git a/server/auth.go b/server/auth.go
@@ -0,0 +1,44 @@
+package server
+
+import (
+	"net/http"
+	"strings"
+
+	"github.com/xray-web/web-check-api/config"
+)
+
+type User struct {
+	ID    string
+	Email string
+	Name  string
+	Roles []string
+}
+
+type Auth struct {
+	conf config.Config
+	// connection / sdk to auth provider, to trade token for user session token
+}
+
+func NewAuth(conf config.Config) *Auth {
+	// TODO: reduce scope of conf when we know what auth provider we will use
+	return &Auth{conf: conf}
+}
+
+func (a *Auth) Authenticate(h http.Handler) http.Handler {
+	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		if a.conf.AuthProvider == "none" {
+			h.ServeHTTP(w, r)
+			return
+		}
+		authHeader := r.Header.Get("Authorization")
+		// expect "Bearer token" format
+		parts := strings.Split(authHeader, " ")
+		if len(parts) != 2 || parts[0] != "Bearer" {
+			w.WriteHeader(http.StatusUnauthorized)
+			return
+		}
+		// use token to get user ID from auth provider
+		// TODO: swap token for user session token
+
+	})
+}
diff --git a/server/middleware.go b/server/middleware.go
@@ -49,3 +49,10 @@ func HealthCheck() http.Handler {
 		json.NewEncoder(w).Encode(Response{Status: "ok"})
 	})
 }
+
+func middlewares(h http.Handler, middlewares ...func(http.Handler) http.Handler) http.Handler {
+	for _, m := range middlewares {
+		h = m(h)
+	}
+	return h
+}
diff --git a/server/server.go b/server/server.go
@@ -53,7 +53,10 @@ func (s *Server) routes() {
 	s.mux.Handle("GET /api/tls", handlers.HandleTLS(s.checks.Tls))
 	s.mux.Handle("GET /api/trace-route", handlers.HandleTraceRoute())
 
-	s.srv.Handler = s.CORS(s.mux)
+	s.srv.Handler = middlewares(s.mux,
+		s.CORS,
+		NewAuth(s.conf).Authenticate,
+	)
 }
 
 func (s *Server) Run() error {

Original file line number	Diff line number	Diff line change
`@@ -10,6 +10,7 @@ type Config struct {`
`10`	`10`	`Host string`
`11`	`11`	`Port string`
`12`	`12`	`AllowedOrigin string`
	`13`	`+ AuthProvider string`
`13`	`14`	`}`
`14`	`15`
`15`	`16`	`func New() Config {`
`@@ -19,6 +20,7 @@ func New() Config {`
`19`	`20`	`Host: host,`
`20`	`21`	`Port: port,`
`21`	`22`	`AllowedOrigin: getEnvDefault("ALLOWED_ORIGINS", fmt.Sprintf("http://%s:%s", host, port)),`
	`23`	`+ AuthProvider: getEnvDefault("AUTH_PROVIDER", "none"),`
`22`	`24`	`}`
`23`	`25`	`}`
`24`	`26`