Added basic and api auth
This commit is contained in:
Borna Rajković
parent
d49b8341a1
commit
dbe068bbcb
|
|
@ -1,2 +1,3 @@
|
||||||
resource_manager
|
resource_manager
|
||||||
.idea/
|
.idea/
|
||||||
|
.env
|
||||||
|
|
@ -0,0 +1,68 @@
|
||||||
|
package api
|
||||||
|
|
||||||
|
import (
|
||||||
|
"fmt"
|
||||||
|
"github.com/gin-gonic/gin"
|
||||||
|
"log"
|
||||||
|
"net/http"
|
||||||
|
"os"
|
||||||
|
"strings"
|
||||||
|
"time"
|
||||||
|
)
|
||||||
|
|
||||||
|
func Auth() gin.HandlerFunc {
|
||||||
|
basicAuth, hasBasicAuth := os.LookupEnv("BASIC_AUTH_CREDENTIALS")
|
||||||
|
var apiAuths []string
|
||||||
|
if list, hasApiAuth := os.LookupEnv("API_CREDENTIALS"); hasApiAuth {
|
||||||
|
apiAuths = strings.Split(list, ",")
|
||||||
|
}
|
||||||
|
|
||||||
|
return func(c *gin.Context) {
|
||||||
|
authHeader := c.GetHeader("Authorization")
|
||||||
|
if strings.HasPrefix(authHeader, "Basic ") && hasBasicAuth {
|
||||||
|
if strings.TrimPrefix(authHeader, "Basic ") == basicAuth {
|
||||||
|
c.Set("secure", "basic")
|
||||||
|
return
|
||||||
|
}
|
||||||
|
}
|
||||||
|
if strings.HasPrefix(authHeader, "Api ") && hasBasicAuth {
|
||||||
|
key := strings.TrimPrefix(authHeader, "Api ")
|
||||||
|
if hasValidApiKey(apiAuths, key) {
|
||||||
|
c.Set("secure", "api")
|
||||||
|
return
|
||||||
|
}
|
||||||
|
}
|
||||||
|
abort(c, nil, http.StatusUnauthorized, "missing auth")
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
func Secure(types ...string) gin.HandlerFunc {
|
||||||
|
return func(c *gin.Context) {
|
||||||
|
value, exists := c.Get("secure")
|
||||||
|
if !exists {
|
||||||
|
abort(c, nil, http.StatusUnauthorized, "missing auth")
|
||||||
|
} else {
|
||||||
|
securityType := value.(string)
|
||||||
|
for _, t := range types {
|
||||||
|
if t == securityType {
|
||||||
|
return
|
||||||
|
}
|
||||||
|
}
|
||||||
|
abort(c, nil, http.StatusUnauthorized, fmt.Sprintf("bad security: received %s type", securityType))
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
func hasValidApiKey(auths []string, key string) bool {
|
||||||
|
for _, a := range auths {
|
||||||
|
if a == key {
|
||||||
|
return true
|
||||||
|
}
|
||||||
|
}
|
||||||
|
return false
|
||||||
|
}
|
||||||
|
|
||||||
|
func abort(c *gin.Context, err error, statusCode int, message string) {
|
||||||
|
log.Printf("Aborted: %v", err.Error())
|
||||||
|
c.AbortWithStatusJSON(statusCode, gin.H{"status": statusCode, "created": time.Now(), "message": message})
|
||||||
|
}
|
||||||
|
|
@ -19,7 +19,7 @@ func createServer() *gin.Engine {
|
||||||
server := gin.New()
|
server := gin.New()
|
||||||
server.NoRoute(NoRoute())
|
server.NoRoute(NoRoute())
|
||||||
server.NoMethod(NoMethod())
|
server.NoMethod(NoMethod())
|
||||||
server.Use(gin.Recovery())
|
server.Use(gin.Recovery(), Auth())
|
||||||
return server
|
return server
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -31,11 +31,13 @@ func RegisterRoutes(server *gin.Engine) {
|
||||||
|
|
||||||
resourceManager := resource.NewManager(cacheManager, expiration)
|
resourceManager := resource.NewManager(cacheManager, expiration)
|
||||||
|
|
||||||
server.POST("/api/v1/upload", HandleUpload(resourceManager))
|
v1Group := server.Group("/api/v1/resources", Secure("basic", "api"))
|
||||||
server.GET("/api/v1/download", HandleDownload(resourceManager))
|
|
||||||
server.GET("/api/v1/presign", HandlePresign(resourceManager))
|
v1Group.POST("", HandleUpload(resourceManager))
|
||||||
server.PUT("/api/v1/copy", HandleCopy(resourceManager))
|
v1Group.GET("", HandleDownload(resourceManager))
|
||||||
server.DELETE("/api/v1/delete", HandleDelete(resourceManager))
|
v1Group.GET("presign", HandlePresign(resourceManager))
|
||||||
|
v1Group.PUT("copy", HandleCopy(resourceManager))
|
||||||
|
v1Group.DELETE("", HandleDelete(resourceManager))
|
||||||
}
|
}
|
||||||
|
|
||||||
func loadExpiration() time.Duration {
|
func loadExpiration() time.Duration {
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue