backend-auth integration
parent
d22df9b05b
commit
58481cfff2
15
README.md
15
README.md
|
@ -2,6 +2,8 @@
|
||||||
|
|
||||||
Beep backend accepts PUT requests and publishes a protobuf-ed version to a [NATS](htts://nats.io) queue, like some sort of weird HTTP/NATS converter. Also handles authentication of said HTTP requests. Needless to say, relies on a NATS instance being up.
|
Beep backend accepts PUT requests and publishes a protobuf-ed version to a [NATS](htts://nats.io) queue, like some sort of weird HTTP/NATS converter. Also handles authentication of said HTTP requests. Needless to say, relies on a NATS instance being up.
|
||||||
|
|
||||||
|
**To run this service securely means to run it behind traefik forwarding auth to `backend-auth`**
|
||||||
|
|
||||||
## Quickstart
|
## Quickstart
|
||||||
|
|
||||||
```
|
```
|
||||||
|
@ -20,7 +22,14 @@ Supply environment variables by either exporting them or editing ```.env```.
|
||||||
|
|
||||||
## API
|
## API
|
||||||
|
|
||||||
All requests require an ```Authorization: Bearer <token>``` header, with token being obtained from ```backend-login```.
|
All requests need to be passed through `traefik` calling `backend-auth` as Forward Authentication. Otherwise, populate `X-User-Claim` with:
|
||||||
|
|
||||||
|
```json
|
||||||
|
{
|
||||||
|
"userid": "<userid>",
|
||||||
|
"clientid": "<clientid"
|
||||||
|
}
|
||||||
|
```
|
||||||
|
|
||||||
### Put Bite
|
### Put Bite
|
||||||
|
|
||||||
|
@ -49,7 +58,7 @@ Empty body.
|
||||||
|
|
||||||
| Code | Description |
|
| Code | Description |
|
||||||
| ---- | ----------- |
|
| ---- | ----------- |
|
||||||
| 400 | start is not an uint/key is not an alphanumeric string/data could not be read from the body |
|
| 400 | start is not an uint/key is not an alphanumeric string/data could not be read from the body/bad user claim |
|
||||||
| 500 | Error serialising data into a protocol buffer. |
|
| 500 | Error serialising data into a protocol buffer. |
|
||||||
|
|
||||||
---
|
---
|
||||||
|
@ -81,5 +90,5 @@ Empty body.
|
||||||
|
|
||||||
| Code | Description |
|
| Code | Description |
|
||||||
| ---- | ----------- |
|
| ---- | ----------- |
|
||||||
| 400 | start is not an uint/key is not an alphanumeric string/data could not be read from the body |
|
| 400 | start is not an uint/key is not an alphanumeric string/data could not be read from the body/bad user claim |
|
||||||
| 500 | Error serialising data into a protocol buffer. |
|
| 500 | Error serialising data into a protocol buffer. |
|
||||||
|
|
65
main.go
65
main.go
|
@ -1,6 +1,8 @@
|
||||||
package main;
|
package main;
|
||||||
|
|
||||||
import (
|
import (
|
||||||
|
"context"
|
||||||
|
"encoding/json"
|
||||||
"io/ioutil"
|
"io/ioutil"
|
||||||
"net/http"
|
"net/http"
|
||||||
"log"
|
"log"
|
||||||
|
@ -12,8 +14,6 @@ import (
|
||||||
"github.com/golang/protobuf/proto"
|
"github.com/golang/protobuf/proto"
|
||||||
"github.com/julienschmidt/httprouter"
|
"github.com/julienschmidt/httprouter"
|
||||||
"github.com/nats-io/go-nats"
|
"github.com/nats-io/go-nats"
|
||||||
"github.com/dgrijalva/jwt-go"
|
|
||||||
"github.com/aiden0z/go-jwt-middleware"
|
|
||||||
)
|
)
|
||||||
|
|
||||||
const MaxBiteSize = 1024 * 1024 * 10
|
const MaxBiteSize = 1024 * 1024 * 10
|
||||||
|
@ -44,23 +44,40 @@ func main() {
|
||||||
}
|
}
|
||||||
nats_conn = n
|
nats_conn = n
|
||||||
|
|
||||||
// JWT Middleware
|
|
||||||
jwtMiddleware := jwtmiddleware.New(jwtmiddleware.Options {
|
|
||||||
ValidationKeyGetter: func(token *jwt.Token) (interface{}, error) {
|
|
||||||
return secret, nil
|
|
||||||
},
|
|
||||||
SigningMethod: jwt.SigningMethodHS256,
|
|
||||||
})
|
|
||||||
|
|
||||||
// Routes
|
// Routes
|
||||||
router := httprouter.New()
|
router := httprouter.New()
|
||||||
|
|
||||||
router.PUT("/conversation/:key/start/:start", PutBite) // bites
|
router.PUT("/conversation/:key/start/:start", AuthMiddleware(PutBite)) // bites
|
||||||
router.PUT("/conversation/:key/start/:start/user", PutBiteUser) // bite_users
|
router.PUT("/conversation/:key/start/:start/user", AuthMiddleware(PutBiteUser)) // bite_users
|
||||||
|
|
||||||
// Start server
|
// Start server
|
||||||
log.Printf("starting server on %s", listen)
|
log.Printf("starting server on %s", listen)
|
||||||
log.Fatal(http.ListenAndServe(listen, jwtMiddleware.Handler(router)))
|
log.Fatal(http.ListenAndServe(listen, router))
|
||||||
|
}
|
||||||
|
|
||||||
|
type RawClient struct {
|
||||||
|
UserId string `json:"userid"`
|
||||||
|
ClientId string `json:"clientid"`
|
||||||
|
}
|
||||||
|
func AuthMiddleware(next httprouter.Handle) httprouter.Handle {
|
||||||
|
return func (w http.ResponseWriter, r *http.Request, p httprouter.Params) {
|
||||||
|
ua := r.Header.Get("X-User-Claim")
|
||||||
|
if ua == "" {
|
||||||
|
http.Error(w, http.StatusText(http.StatusBadRequest), http.StatusBadRequest)
|
||||||
|
return
|
||||||
|
}
|
||||||
|
|
||||||
|
var client RawClient
|
||||||
|
err := json.Unmarshal([]byte(ua), &client)
|
||||||
|
|
||||||
|
if err != nil {
|
||||||
|
http.Error(w, http.StatusText(http.StatusBadRequest), http.StatusBadRequest)
|
||||||
|
return
|
||||||
|
}
|
||||||
|
|
||||||
|
context := context.WithValue(r.Context(), "user", client)
|
||||||
|
next(w, r.WithContext(context), p)
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
// TODO: ensure security of regexp
|
// TODO: ensure security of regexp
|
||||||
|
@ -76,11 +93,10 @@ func ParseStartString(start string) (uint64, error) {
|
||||||
|
|
||||||
// Route handlers
|
// Route handlers
|
||||||
func PutBite(w http.ResponseWriter, r *http.Request, p httprouter.Params) {
|
func PutBite(w http.ResponseWriter, r *http.Request, p httprouter.Params) {
|
||||||
user := r.Context().Value("user")
|
client := r.Context().Value("user").(RawClient)
|
||||||
userClaims := user.(*jwt.Token).Claims.(jwt.MapClaims)
|
c := Client {
|
||||||
client := Client {
|
Key: client.UserId,
|
||||||
Key: userClaims["id"].(string),
|
Client: client.ClientId,
|
||||||
Client: userClaims["client"].(string),
|
|
||||||
}
|
}
|
||||||
|
|
||||||
start, err := ParseStartString(p.ByName("start"))
|
start, err := ParseStartString(p.ByName("start"))
|
||||||
|
@ -106,7 +122,7 @@ func PutBite(w http.ResponseWriter, r *http.Request, p httprouter.Params) {
|
||||||
Start: start,
|
Start: start,
|
||||||
Key: key,
|
Key: key,
|
||||||
Data: body,
|
Data: body,
|
||||||
Client: &client,
|
Client: &c,
|
||||||
}
|
}
|
||||||
out, err := proto.Marshal(&b)
|
out, err := proto.Marshal(&b)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
|
@ -120,11 +136,10 @@ func PutBite(w http.ResponseWriter, r *http.Request, p httprouter.Params) {
|
||||||
}
|
}
|
||||||
|
|
||||||
func PutBiteUser(w http.ResponseWriter, r *http.Request, p httprouter.Params) {
|
func PutBiteUser(w http.ResponseWriter, r *http.Request, p httprouter.Params) {
|
||||||
user := r.Context().Value("user")
|
client := r.Context().Value("user").(RawClient)
|
||||||
userClaims := user.(*jwt.Token).Claims.(jwt.MapClaims)
|
c := Client {
|
||||||
client := Client {
|
Key: client.UserId,
|
||||||
Key: userClaims["id"].(string),
|
Client: client.ClientId,
|
||||||
Client: userClaims["client"].(string),
|
|
||||||
}
|
}
|
||||||
|
|
||||||
start, err := ParseStartString(p.ByName("start"))
|
start, err := ParseStartString(p.ByName("start"))
|
||||||
|
@ -150,7 +165,7 @@ func PutBiteUser(w http.ResponseWriter, r *http.Request, p httprouter.Params) {
|
||||||
Start: start,
|
Start: start,
|
||||||
Key: key,
|
Key: key,
|
||||||
Data: body,
|
Data: body,
|
||||||
Client: &client,
|
Client: &c,
|
||||||
}
|
}
|
||||||
out, err := proto.Marshal(&b)
|
out, err := proto.Marshal(&b)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
|
|
Loading…
Reference in New Issue