Changed server handlers to use public and protected routes correctly with auth
This commit is contained in:
David Allen
parent
7836aef5c3
commit
bf937bf4d4
2 changed files with 69 additions and 47 deletions
|
|
@ -51,6 +51,7 @@ var serveCmd = &cobra.Command{
|
||||||
|
|
||||||
// set up the routes and start the server
|
// set up the routes and start the server
|
||||||
server := server.Server{
|
server := server.Server{
|
||||||
|
Config: &config,
|
||||||
Server: &http.Server{
|
Server: &http.Server{
|
||||||
Addr: fmt.Sprintf("%s:%d", config.Server.Host, config.Server.Port),
|
Addr: fmt.Sprintf("%s:%d", config.Server.Host, config.Server.Port),
|
||||||
},
|
},
|
||||||
|
|
@ -65,7 +66,7 @@ var serveCmd = &cobra.Command{
|
||||||
Verbose: verbose,
|
Verbose: verbose,
|
||||||
},
|
},
|
||||||
}
|
}
|
||||||
err := server.Serve(&config)
|
err := server.Serve()
|
||||||
if errors.Is(err, http.ErrServerClosed) {
|
if errors.Is(err, http.ErrServerClosed) {
|
||||||
fmt.Printf("Server closed.")
|
fmt.Printf("Server closed.")
|
||||||
} else if err != nil {
|
} else if err != nil {
|
||||||
|
|
|
||||||
|
|
@ -27,6 +27,7 @@ type Jwks struct {
|
||||||
}
|
}
|
||||||
type Server struct {
|
type Server struct {
|
||||||
*http.Server
|
*http.Server
|
||||||
|
Config *configurator.Config
|
||||||
Jwks Jwks `yaml:"jwks"`
|
Jwks Jwks `yaml:"jwks"`
|
||||||
GeneratorParams generator.Params
|
GeneratorParams generator.Params
|
||||||
TokenAuth *jwtauth.JWTAuth
|
TokenAuth *jwtauth.JWTAuth
|
||||||
|
|
@ -44,21 +45,21 @@ func New() *Server {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
func (s *Server) Serve(config *configurator.Config) error {
|
func (s *Server) Serve() error {
|
||||||
// create client just for the server to use to fetch data from SMD
|
// create client just for the server to use to fetch data from SMD
|
||||||
_ = &configurator.SmdClient{
|
_ = &configurator.SmdClient{
|
||||||
Host: config.SmdClient.Host,
|
Host: s.Config.SmdClient.Host,
|
||||||
Port: config.SmdClient.Port,
|
Port: s.Config.SmdClient.Port,
|
||||||
}
|
}
|
||||||
|
|
||||||
// set the server address with config values
|
// set the server address with config values
|
||||||
s.Server.Addr = fmt.Sprintf("%s:%d", config.Server.Host, config.Server.Port)
|
s.Server.Addr = fmt.Sprintf("%s:%d", s.Config.Server.Host, s.Config.Server.Port)
|
||||||
|
|
||||||
// fetch JWKS public key from authorization server
|
// fetch JWKS public key from authorization server
|
||||||
if config.Server.Jwks.Uri != "" && tokenAuth == nil {
|
if s.Config.Server.Jwks.Uri != "" && tokenAuth == nil {
|
||||||
for i := 0; i < config.Server.Jwks.Retries; i++ {
|
for i := 0; i < s.Config.Server.Jwks.Retries; i++ {
|
||||||
var err error
|
var err error
|
||||||
tokenAuth, err = configurator.FetchPublicKeyFromURL(config.Server.Jwks.Uri)
|
tokenAuth, err = configurator.FetchPublicKeyFromURL(s.Config.Server.Jwks.Uri)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
logrus.Errorf("failed to fetch JWKS: %w", err)
|
logrus.Errorf("failed to fetch JWKS: %w", err)
|
||||||
continue
|
continue
|
||||||
|
|
@ -67,26 +68,46 @@ func (s *Server) Serve(config *configurator.Config) error {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
var WriteError = func(w http.ResponseWriter, format string, a ...any) {
|
// create new go-chi router with its routes
|
||||||
|
router := chi.NewRouter()
|
||||||
|
router.Use(middleware.RequestID)
|
||||||
|
router.Use(middleware.RealIP)
|
||||||
|
router.Use(middleware.Logger)
|
||||||
|
router.Use(middleware.Recoverer)
|
||||||
|
router.Use(middleware.StripSlashes)
|
||||||
|
router.Use(middleware.Timeout(60 * time.Second))
|
||||||
|
if s.Config.Server.Jwks.Uri != "" {
|
||||||
|
router.Group(func(r chi.Router) {
|
||||||
|
r.Use(
|
||||||
|
jwtauth.Verifier(tokenAuth),
|
||||||
|
jwtauth.Authenticator(tokenAuth),
|
||||||
|
)
|
||||||
|
|
||||||
|
// protected routes if using auth
|
||||||
|
r.HandleFunc("/generate", s.Generate)
|
||||||
|
r.HandleFunc("/templates", s.ManageTemplates)
|
||||||
|
})
|
||||||
|
} else {
|
||||||
|
// public routes without auth
|
||||||
|
router.HandleFunc("/generate", s.Generate)
|
||||||
|
router.HandleFunc("/templates", s.ManageTemplates)
|
||||||
|
}
|
||||||
|
|
||||||
|
// always public routes go here (none at the moment)
|
||||||
|
|
||||||
|
s.Handler = router
|
||||||
|
return s.ListenAndServe()
|
||||||
|
}
|
||||||
|
|
||||||
|
func WriteError(w http.ResponseWriter, format string, a ...any) {
|
||||||
errmsg := fmt.Sprintf(format, a...)
|
errmsg := fmt.Sprintf(format, a...)
|
||||||
fmt.Printf(errmsg)
|
fmt.Printf(errmsg)
|
||||||
w.Write([]byte(errmsg))
|
w.Write([]byte(errmsg))
|
||||||
}
|
}
|
||||||
|
|
||||||
// create new go-chi router with its routes
|
func (s *Server) Generate(w http.ResponseWriter, r *http.Request) {
|
||||||
router := chi.NewRouter()
|
|
||||||
router.Use(middleware.RedirectSlashes)
|
|
||||||
router.Use(middleware.Timeout(60 * time.Second))
|
|
||||||
router.Group(func(r chi.Router) {
|
|
||||||
if config.Server.Jwks.Uri != "" {
|
|
||||||
r.Use(
|
|
||||||
jwtauth.Verifier(tokenAuth),
|
|
||||||
jwtauth.Authenticator(tokenAuth),
|
|
||||||
)
|
|
||||||
}
|
|
||||||
r.HandleFunc("/generate", func(w http.ResponseWriter, r *http.Request) {
|
|
||||||
s.GeneratorParams.Target = r.URL.Query().Get("target")
|
s.GeneratorParams.Target = r.URL.Query().Get("target")
|
||||||
outputs, err := generator.Generate(config, s.GeneratorParams)
|
outputs, err := generator.Generate(s.Config, s.GeneratorParams)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
WriteError(w, "failed to generate config: %v", err)
|
WriteError(w, "failed to generate config: %v", err)
|
||||||
return
|
return
|
||||||
|
|
@ -109,13 +130,13 @@ func (s *Server) Serve(config *configurator.Config) error {
|
||||||
WriteError(w, "failed to write response: %v", err)
|
WriteError(w, "failed to write response: %v", err)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
})
|
}
|
||||||
r.HandleFunc("/templates", func(w http.ResponseWriter, r *http.Request) {
|
|
||||||
// TODO: handle GET request
|
func (s *Server) ManageTemplates(w http.ResponseWriter, r *http.Request) {
|
||||||
// TODO: handle POST request
|
// TODO: need to implement template managing API first in "internal/generator/templates" or something
|
||||||
|
_, err := w.Write([]byte("this is not implemented yet"))
|
||||||
})
|
if err != nil {
|
||||||
})
|
WriteError(w, "failed to write response: %v", err)
|
||||||
s.Handler = router
|
return
|
||||||
return s.ListenAndServe()
|
}
|
||||||
}
|
}
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue