Added basic and api auth

2024-01-04 21:48:05 +01:00 · 2024-01-04 21:48:05 +01:00 · dbe068bbcb
parent d49b8341a1
commit dbe068bbcb
3 changed files with 77 additions and 6 deletions
--- a/.gitignore
+++ b/.gitignore
@ -1,2 +1,3 @@
 resource_manager
 .idea/
+.env
--- a/api/middleware.go
+++ b/api/middleware.go
@ -0,0 +1,68 @@
+package api
+
+import (
+	"fmt"
+	"github.com/gin-gonic/gin"
+	"log"
+	"net/http"
+	"os"
+	"strings"
+	"time"
+)
+
+func Auth() gin.HandlerFunc {
+	basicAuth, hasBasicAuth := os.LookupEnv("BASIC_AUTH_CREDENTIALS")
+	var apiAuths []string
+	if list, hasApiAuth := os.LookupEnv("API_CREDENTIALS"); hasApiAuth {
+		apiAuths = strings.Split(list, ",")
+	}
+
+	return func(c *gin.Context) {
+		authHeader := c.GetHeader("Authorization")
+		if strings.HasPrefix(authHeader, "Basic ") && hasBasicAuth {
+			if strings.TrimPrefix(authHeader, "Basic ") == basicAuth {
+				c.Set("secure", "basic")
+				return
+			}
+		}
+		if strings.HasPrefix(authHeader, "Api ") && hasBasicAuth {
+			key := strings.TrimPrefix(authHeader, "Api ")
+			if hasValidApiKey(apiAuths, key) {
+				c.Set("secure", "api")
+				return
+			}
+		}
+		abort(c, nil, http.StatusUnauthorized, "missing auth")
+	}
+}
+
+func Secure(types ...string) gin.HandlerFunc {
+	return func(c *gin.Context) {
+		value, exists := c.Get("secure")
+		if !exists {
+			abort(c, nil, http.StatusUnauthorized, "missing auth")
+		} else {
+			securityType := value.(string)
+			for _, t := range types {
+				if t == securityType {
+					return
+				}
+			}
+			abort(c, nil, http.StatusUnauthorized, fmt.Sprintf("bad security: received %s type", securityType))
+		}
+	}
+}
+
+func hasValidApiKey(auths []string, key string) bool {
+	for _, a := range auths {
+		if a == key {
+			return true
+		}
+	}
+	return false
+}
+
+func abort(c *gin.Context, err error, statusCode int, message string) {
+	log.Printf("Aborted: %v", err.Error())
+	c.AbortWithStatusJSON(statusCode, gin.H{"status": statusCode, "created": time.Now(), "message": message})
+}
--- a/api/routes.go
+++ b/api/routes.go
@ -19,7 +19,7 @@ func createServer() *gin.Engine {
 	server := gin.New()
 	server.NoRoute(NoRoute())
 	server.NoMethod(NoMethod())
-	server.Use(gin.Recovery())
+	server.Use(gin.Recovery(), Auth())
 	return server
 }

@ -31,11 +31,13 @@ func RegisterRoutes(server *gin.Engine) {

 	resourceManager := resource.NewManager(cacheManager, expiration)

-	server.POST("/api/v1/upload", HandleUpload(resourceManager))
-	server.GET("/api/v1/download", HandleDownload(resourceManager))
-	server.GET("/api/v1/presign", HandlePresign(resourceManager))
-	server.PUT("/api/v1/copy", HandleCopy(resourceManager))
-	server.DELETE("/api/v1/delete", HandleDelete(resourceManager))
+	v1Group := server.Group("/api/v1/resources", Secure("basic", "api"))
+
+	v1Group.POST("", HandleUpload(resourceManager))
+	v1Group.GET("", HandleDownload(resourceManager))
+	v1Group.GET("presign", HandlePresign(resourceManager))
+	v1Group.PUT("copy", HandleCopy(resourceManager))
+	v1Group.DELETE("", HandleDelete(resourceManager))
 }

 func loadExpiration() time.Duration {