5
0
Fork 0

backend-auth integration

master
UnicodingUnicorn 2019-02-24 04:02:26 +08:00
parent d22df9b05b
commit 58481cfff2
2 changed files with 52 additions and 28 deletions

View File

@ -2,6 +2,8 @@
Beep backend accepts PUT requests and publishes a protobuf-ed version to a [NATS](htts://nats.io) queue, like some sort of weird HTTP/NATS converter. Also handles authentication of said HTTP requests. Needless to say, relies on a NATS instance being up.
**To run this service securely means to run it behind traefik forwarding auth to `backend-auth`**
## Quickstart
```
@ -20,7 +22,14 @@ Supply environment variables by either exporting them or editing ```.env```.
## API
All requests require an ```Authorization: Bearer <token>``` header, with token being obtained from ```backend-login```.
All requests need to be passed through `traefik` calling `backend-auth` as Forward Authentication. Otherwise, populate `X-User-Claim` with:
```json
{
"userid": "<userid>",
"clientid": "<clientid"
}
```
### Put Bite
@ -49,7 +58,7 @@ Empty body.
| Code | Description |
| ---- | ----------- |
| 400 | start is not an uint/key is not an alphanumeric string/data could not be read from the body |
| 400 | start is not an uint/key is not an alphanumeric string/data could not be read from the body/bad user claim |
| 500 | Error serialising data into a protocol buffer. |
---
@ -81,5 +90,5 @@ Empty body.
| Code | Description |
| ---- | ----------- |
| 400 | start is not an uint/key is not an alphanumeric string/data could not be read from the body |
| 400 | start is not an uint/key is not an alphanumeric string/data could not be read from the body/bad user claim |
| 500 | Error serialising data into a protocol buffer. |

65
main.go
View File

@ -1,6 +1,8 @@
package main;
import (
"context"
"encoding/json"
"io/ioutil"
"net/http"
"log"
@ -12,8 +14,6 @@ import (
"github.com/golang/protobuf/proto"
"github.com/julienschmidt/httprouter"
"github.com/nats-io/go-nats"
"github.com/dgrijalva/jwt-go"
"github.com/aiden0z/go-jwt-middleware"
)
const MaxBiteSize = 1024 * 1024 * 10
@ -44,23 +44,40 @@ func main() {
}
nats_conn = n
// JWT Middleware
jwtMiddleware := jwtmiddleware.New(jwtmiddleware.Options {
ValidationKeyGetter: func(token *jwt.Token) (interface{}, error) {
return secret, nil
},
SigningMethod: jwt.SigningMethodHS256,
})
// Routes
router := httprouter.New()
router.PUT("/conversation/:key/start/:start", PutBite) // bites
router.PUT("/conversation/:key/start/:start/user", PutBiteUser) // bite_users
router.PUT("/conversation/:key/start/:start", AuthMiddleware(PutBite)) // bites
router.PUT("/conversation/:key/start/:start/user", AuthMiddleware(PutBiteUser)) // bite_users
// Start server
log.Printf("starting server on %s", listen)
log.Fatal(http.ListenAndServe(listen, jwtMiddleware.Handler(router)))
log.Fatal(http.ListenAndServe(listen, router))
}
type RawClient struct {
UserId string `json:"userid"`
ClientId string `json:"clientid"`
}
func AuthMiddleware(next httprouter.Handle) httprouter.Handle {
return func (w http.ResponseWriter, r *http.Request, p httprouter.Params) {
ua := r.Header.Get("X-User-Claim")
if ua == "" {
http.Error(w, http.StatusText(http.StatusBadRequest), http.StatusBadRequest)
return
}
var client RawClient
err := json.Unmarshal([]byte(ua), &client)
if err != nil {
http.Error(w, http.StatusText(http.StatusBadRequest), http.StatusBadRequest)
return
}
context := context.WithValue(r.Context(), "user", client)
next(w, r.WithContext(context), p)
}
}
// TODO: ensure security of regexp
@ -76,11 +93,10 @@ func ParseStartString(start string) (uint64, error) {
// Route handlers
func PutBite(w http.ResponseWriter, r *http.Request, p httprouter.Params) {
user := r.Context().Value("user")
userClaims := user.(*jwt.Token).Claims.(jwt.MapClaims)
client := Client {
Key: userClaims["id"].(string),
Client: userClaims["client"].(string),
client := r.Context().Value("user").(RawClient)
c := Client {
Key: client.UserId,
Client: client.ClientId,
}
start, err := ParseStartString(p.ByName("start"))
@ -106,7 +122,7 @@ func PutBite(w http.ResponseWriter, r *http.Request, p httprouter.Params) {
Start: start,
Key: key,
Data: body,
Client: &client,
Client: &c,
}
out, err := proto.Marshal(&b)
if err != nil {
@ -120,11 +136,10 @@ func PutBite(w http.ResponseWriter, r *http.Request, p httprouter.Params) {
}
func PutBiteUser(w http.ResponseWriter, r *http.Request, p httprouter.Params) {
user := r.Context().Value("user")
userClaims := user.(*jwt.Token).Claims.(jwt.MapClaims)
client := Client {
Key: userClaims["id"].(string),
Client: userClaims["client"].(string),
client := r.Context().Value("user").(RawClient)
c := Client {
Key: client.UserId,
Client: client.ClientId,
}
start, err := ParseStartString(p.ByName("start"))
@ -150,7 +165,7 @@ func PutBiteUser(w http.ResponseWriter, r *http.Request, p httprouter.Params) {
Start: start,
Key: key,
Data: body,
Client: &client,
Client: &c,
}
out, err := proto.Marshal(&b)
if err != nil {