Added basic and api auth

This commit is contained in:
Borna Rajković 2024-01-04 21:48:05 +01:00
parent d49b8341a1
commit dbe068bbcb
3 changed files with 77 additions and 6 deletions

1
.gitignore vendored
View File

@ -1,2 +1,3 @@
resource_manager resource_manager
.idea/ .idea/
.env

68
api/middleware.go Normal file
View File

@ -0,0 +1,68 @@
package api
import (
"fmt"
"github.com/gin-gonic/gin"
"log"
"net/http"
"os"
"strings"
"time"
)
func Auth() gin.HandlerFunc {
basicAuth, hasBasicAuth := os.LookupEnv("BASIC_AUTH_CREDENTIALS")
var apiAuths []string
if list, hasApiAuth := os.LookupEnv("API_CREDENTIALS"); hasApiAuth {
apiAuths = strings.Split(list, ",")
}
return func(c *gin.Context) {
authHeader := c.GetHeader("Authorization")
if strings.HasPrefix(authHeader, "Basic ") && hasBasicAuth {
if strings.TrimPrefix(authHeader, "Basic ") == basicAuth {
c.Set("secure", "basic")
return
}
}
if strings.HasPrefix(authHeader, "Api ") && hasBasicAuth {
key := strings.TrimPrefix(authHeader, "Api ")
if hasValidApiKey(apiAuths, key) {
c.Set("secure", "api")
return
}
}
abort(c, nil, http.StatusUnauthorized, "missing auth")
}
}
func Secure(types ...string) gin.HandlerFunc {
return func(c *gin.Context) {
value, exists := c.Get("secure")
if !exists {
abort(c, nil, http.StatusUnauthorized, "missing auth")
} else {
securityType := value.(string)
for _, t := range types {
if t == securityType {
return
}
}
abort(c, nil, http.StatusUnauthorized, fmt.Sprintf("bad security: received %s type", securityType))
}
}
}
func hasValidApiKey(auths []string, key string) bool {
for _, a := range auths {
if a == key {
return true
}
}
return false
}
func abort(c *gin.Context, err error, statusCode int, message string) {
log.Printf("Aborted: %v", err.Error())
c.AbortWithStatusJSON(statusCode, gin.H{"status": statusCode, "created": time.Now(), "message": message})
}

View File

@ -19,7 +19,7 @@ func createServer() *gin.Engine {
server := gin.New() server := gin.New()
server.NoRoute(NoRoute()) server.NoRoute(NoRoute())
server.NoMethod(NoMethod()) server.NoMethod(NoMethod())
server.Use(gin.Recovery()) server.Use(gin.Recovery(), Auth())
return server return server
} }
@ -31,11 +31,13 @@ func RegisterRoutes(server *gin.Engine) {
resourceManager := resource.NewManager(cacheManager, expiration) resourceManager := resource.NewManager(cacheManager, expiration)
server.POST("/api/v1/upload", HandleUpload(resourceManager)) v1Group := server.Group("/api/v1/resources", Secure("basic", "api"))
server.GET("/api/v1/download", HandleDownload(resourceManager))
server.GET("/api/v1/presign", HandlePresign(resourceManager)) v1Group.POST("", HandleUpload(resourceManager))
server.PUT("/api/v1/copy", HandleCopy(resourceManager)) v1Group.GET("", HandleDownload(resourceManager))
server.DELETE("/api/v1/delete", HandleDelete(resourceManager)) v1Group.GET("presign", HandlePresign(resourceManager))
v1Group.PUT("copy", HandleCopy(resourceManager))
v1Group.DELETE("", HandleDelete(resourceManager))
} }
func loadExpiration() time.Duration { func loadExpiration() time.Duration {