5
0
Fork 0

backend-auth integration

master
UnicodingUnicorn 2019-02-24 04:02:26 +08:00
parent d22df9b05b
commit 58481cfff2
2 changed files with 52 additions and 28 deletions

View File

@ -2,6 +2,8 @@
Beep backend accepts PUT requests and publishes a protobuf-ed version to a [NATS](htts://nats.io) queue, like some sort of weird HTTP/NATS converter. Also handles authentication of said HTTP requests. Needless to say, relies on a NATS instance being up. Beep backend accepts PUT requests and publishes a protobuf-ed version to a [NATS](htts://nats.io) queue, like some sort of weird HTTP/NATS converter. Also handles authentication of said HTTP requests. Needless to say, relies on a NATS instance being up.
**To run this service securely means to run it behind traefik forwarding auth to `backend-auth`**
## Quickstart ## Quickstart
``` ```
@ -20,7 +22,14 @@ Supply environment variables by either exporting them or editing ```.env```.
## API ## API
All requests require an ```Authorization: Bearer <token>``` header, with token being obtained from ```backend-login```. All requests need to be passed through `traefik` calling `backend-auth` as Forward Authentication. Otherwise, populate `X-User-Claim` with:
```json
{
"userid": "<userid>",
"clientid": "<clientid"
}
```
### Put Bite ### Put Bite
@ -49,7 +58,7 @@ Empty body.
| Code | Description | | Code | Description |
| ---- | ----------- | | ---- | ----------- |
| 400 | start is not an uint/key is not an alphanumeric string/data could not be read from the body | | 400 | start is not an uint/key is not an alphanumeric string/data could not be read from the body/bad user claim |
| 500 | Error serialising data into a protocol buffer. | | 500 | Error serialising data into a protocol buffer. |
--- ---
@ -81,5 +90,5 @@ Empty body.
| Code | Description | | Code | Description |
| ---- | ----------- | | ---- | ----------- |
| 400 | start is not an uint/key is not an alphanumeric string/data could not be read from the body | | 400 | start is not an uint/key is not an alphanumeric string/data could not be read from the body/bad user claim |
| 500 | Error serialising data into a protocol buffer. | | 500 | Error serialising data into a protocol buffer. |

65
main.go
View File

@ -1,6 +1,8 @@
package main; package main;
import ( import (
"context"
"encoding/json"
"io/ioutil" "io/ioutil"
"net/http" "net/http"
"log" "log"
@ -12,8 +14,6 @@ import (
"github.com/golang/protobuf/proto" "github.com/golang/protobuf/proto"
"github.com/julienschmidt/httprouter" "github.com/julienschmidt/httprouter"
"github.com/nats-io/go-nats" "github.com/nats-io/go-nats"
"github.com/dgrijalva/jwt-go"
"github.com/aiden0z/go-jwt-middleware"
) )
const MaxBiteSize = 1024 * 1024 * 10 const MaxBiteSize = 1024 * 1024 * 10
@ -44,23 +44,40 @@ func main() {
} }
nats_conn = n nats_conn = n
// JWT Middleware
jwtMiddleware := jwtmiddleware.New(jwtmiddleware.Options {
ValidationKeyGetter: func(token *jwt.Token) (interface{}, error) {
return secret, nil
},
SigningMethod: jwt.SigningMethodHS256,
})
// Routes // Routes
router := httprouter.New() router := httprouter.New()
router.PUT("/conversation/:key/start/:start", PutBite) // bites router.PUT("/conversation/:key/start/:start", AuthMiddleware(PutBite)) // bites
router.PUT("/conversation/:key/start/:start/user", PutBiteUser) // bite_users router.PUT("/conversation/:key/start/:start/user", AuthMiddleware(PutBiteUser)) // bite_users
// Start server // Start server
log.Printf("starting server on %s", listen) log.Printf("starting server on %s", listen)
log.Fatal(http.ListenAndServe(listen, jwtMiddleware.Handler(router))) log.Fatal(http.ListenAndServe(listen, router))
}
type RawClient struct {
UserId string `json:"userid"`
ClientId string `json:"clientid"`
}
func AuthMiddleware(next httprouter.Handle) httprouter.Handle {
return func (w http.ResponseWriter, r *http.Request, p httprouter.Params) {
ua := r.Header.Get("X-User-Claim")
if ua == "" {
http.Error(w, http.StatusText(http.StatusBadRequest), http.StatusBadRequest)
return
}
var client RawClient
err := json.Unmarshal([]byte(ua), &client)
if err != nil {
http.Error(w, http.StatusText(http.StatusBadRequest), http.StatusBadRequest)
return
}
context := context.WithValue(r.Context(), "user", client)
next(w, r.WithContext(context), p)
}
} }
// TODO: ensure security of regexp // TODO: ensure security of regexp
@ -76,11 +93,10 @@ func ParseStartString(start string) (uint64, error) {
// Route handlers // Route handlers
func PutBite(w http.ResponseWriter, r *http.Request, p httprouter.Params) { func PutBite(w http.ResponseWriter, r *http.Request, p httprouter.Params) {
user := r.Context().Value("user") client := r.Context().Value("user").(RawClient)
userClaims := user.(*jwt.Token).Claims.(jwt.MapClaims) c := Client {
client := Client { Key: client.UserId,
Key: userClaims["id"].(string), Client: client.ClientId,
Client: userClaims["client"].(string),
} }
start, err := ParseStartString(p.ByName("start")) start, err := ParseStartString(p.ByName("start"))
@ -106,7 +122,7 @@ func PutBite(w http.ResponseWriter, r *http.Request, p httprouter.Params) {
Start: start, Start: start,
Key: key, Key: key,
Data: body, Data: body,
Client: &client, Client: &c,
} }
out, err := proto.Marshal(&b) out, err := proto.Marshal(&b)
if err != nil { if err != nil {
@ -120,11 +136,10 @@ func PutBite(w http.ResponseWriter, r *http.Request, p httprouter.Params) {
} }
func PutBiteUser(w http.ResponseWriter, r *http.Request, p httprouter.Params) { func PutBiteUser(w http.ResponseWriter, r *http.Request, p httprouter.Params) {
user := r.Context().Value("user") client := r.Context().Value("user").(RawClient)
userClaims := user.(*jwt.Token).Claims.(jwt.MapClaims) c := Client {
client := Client { Key: client.UserId,
Key: userClaims["id"].(string), Client: client.ClientId,
Client: userClaims["client"].(string),
} }
start, err := ParseStartString(p.ByName("start")) start, err := ParseStartString(p.ByName("start"))
@ -150,7 +165,7 @@ func PutBiteUser(w http.ResponseWriter, r *http.Request, p httprouter.Params) {
Start: start, Start: start,
Key: key, Key: key,
Data: body, Data: body,
Client: &client, Client: &c,
} }
out, err := proto.Marshal(&b) out, err := proto.Marshal(&b)
if err != nil { if err != nil {