Check backend-permissions to access store
parent
ec7026385b
commit
9ca40754ae
|
@ -1,6 +1,6 @@
|
||||||
# backend-store
|
# backend-store
|
||||||
|
|
||||||
Single Badger store to serve bite, transcription and any others. Is kinda bite-centric, so required values revolve around a Bite. Receives stores through [NATS](https://nats.io) while data is retrieved via a http api.
|
Single Badger store to serve bite, transcription and any others. Is kinda bite-centric, so required values revolve around a Bite. Receives stores through [NATS](https://nats.io) while data is retrieved via a http api. Checks `backend-permissions` for permissions to access the store.
|
||||||
|
|
||||||
**Relies on being behind a traefik instance forwarding auth to backend-auth for authentication**
|
**Relies on being behind a traefik instance forwarding auth to backend-auth for authentication**
|
||||||
|
|
||||||
|
@ -76,6 +76,7 @@ All numbers are Unix epoch timestamps. `starts` goes on for as long as it needs
|
||||||
| Code | Description |
|
| Code | Description |
|
||||||
| ---- | ----------- |
|
| ---- | ----------- |
|
||||||
| 400 | From/to are not unix epoch/Error marshalling key from params. |
|
| 400 | From/to are not unix epoch/Error marshalling key from params. |
|
||||||
|
| 401 | `permissions` denied permission for user to access this store. |
|
||||||
| 500 | Error scanning badger store. |
|
| 500 | Error scanning badger store. |
|
||||||
|
|
||||||
---
|
---
|
||||||
|
@ -105,4 +106,5 @@ Raw data of the bite.
|
||||||
| Code | Description |
|
| Code | Description |
|
||||||
| ---- | ----------- |
|
| ---- | ----------- |
|
||||||
| 400 | Error marshalling key from params/`start` was not a valid Epoch timestamp. |
|
| 400 | Error marshalling key from params/`start` was not a valid Epoch timestamp. |
|
||||||
|
| 401 | `permissions` denied permission for user to access this store. |
|
||||||
| 500 | Error retrieving bite from store. |
|
| 500 | Error retrieving bite from store. |
|
||||||
|
|
46
main.go
46
main.go
|
@ -1,6 +1,7 @@
|
||||||
package main
|
package main
|
||||||
|
|
||||||
import (
|
import (
|
||||||
|
"context"
|
||||||
"encoding/json"
|
"encoding/json"
|
||||||
"log"
|
"log"
|
||||||
"net/http"
|
"net/http"
|
||||||
|
@ -19,6 +20,7 @@ import (
|
||||||
var listen string
|
var listen string
|
||||||
var dbPath string
|
var dbPath string
|
||||||
var natsHost string
|
var natsHost string
|
||||||
|
var permissionsHost string
|
||||||
|
|
||||||
var db *badger.DB
|
var db *badger.DB
|
||||||
var nc *nats.Conn
|
var nc *nats.Conn
|
||||||
|
@ -32,6 +34,7 @@ func main() {
|
||||||
dbPath = os.Getenv("DBPATH")
|
dbPath = os.Getenv("DBPATH")
|
||||||
natsHost = os.Getenv("NATS")
|
natsHost = os.Getenv("NATS")
|
||||||
listen = os.Getenv("LISTEN")
|
listen = os.Getenv("LISTEN")
|
||||||
|
permissionsHost = os.Getenv("PERMISSIONS_HOST")
|
||||||
|
|
||||||
// Open badger
|
// Open badger
|
||||||
log.Printf("starting badger at %s", dbPath)
|
log.Printf("starting badger at %s", dbPath)
|
||||||
|
@ -54,14 +57,53 @@ func main() {
|
||||||
|
|
||||||
// Routes
|
// Routes
|
||||||
router := httprouter.New()
|
router := httprouter.New()
|
||||||
router.GET("/:type/:key/scan", ScanStore)
|
router.GET("/:type/:key/scan", AuthMiddleware(PermissionMiddleware(ScanStore)))
|
||||||
router.GET("/:type/:key/start/:start", GetStore)
|
router.GET("/:type/:key/start/:start", AuthMiddleware(PermissionMiddleware(GetStore)))
|
||||||
|
|
||||||
// Start server
|
// Start server
|
||||||
log.Printf("starting server on %s", listen)
|
log.Printf("starting server on %s", listen)
|
||||||
log.Fatal(http.ListenAndServe(listen, router))
|
log.Fatal(http.ListenAndServe(listen, router))
|
||||||
}
|
}
|
||||||
|
|
||||||
|
type RawClient struct {
|
||||||
|
UserId string `json:"userid"`
|
||||||
|
ClientId string `json:"clientid"`
|
||||||
|
}
|
||||||
|
func AuthMiddleware(next httprouter.Handle) httprouter.Handle {
|
||||||
|
return func (w http.ResponseWriter, r *http.Request, p httprouter.Params) {
|
||||||
|
ua := r.Header.Get("X-User-Claim")
|
||||||
|
if ua == "" {
|
||||||
|
http.Error(w, http.StatusText(http.StatusBadRequest), http.StatusBadRequest)
|
||||||
|
return
|
||||||
|
}
|
||||||
|
|
||||||
|
var client RawClient
|
||||||
|
err := json.Unmarshal([]byte(ua), &client)
|
||||||
|
if err != nil {
|
||||||
|
http.Error(w, http.StatusText(http.StatusBadRequest), http.StatusBadRequest)
|
||||||
|
return
|
||||||
|
}
|
||||||
|
|
||||||
|
context := context.WithValue(r.Context(), "user", client.UserId)
|
||||||
|
next(w, r.WithContext(context), p)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
func PermissionMiddleware(next httprouter.Handle) httprouter.Handle {
|
||||||
|
return func (w http.ResponseWriter, r *http.Request, p httprouter.Params) {
|
||||||
|
userID := r.Context().Value("user").(string)
|
||||||
|
conversationID := p.ByName("key")
|
||||||
|
|
||||||
|
response, err := http.Get(permissionsHost + "/user/" + userID + "/conversation/" + conversationID)
|
||||||
|
if err != nil {
|
||||||
|
http.Error(w, http.StatusText(http.StatusUnauthorized), http.StatusUnauthorized)
|
||||||
|
return
|
||||||
|
}
|
||||||
|
response.Body.Close()
|
||||||
|
next(w, r, p)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
func NewStore(m *nats.Msg) {
|
func NewStore(m *nats.Msg) {
|
||||||
storeRequest := Store{}
|
storeRequest := Store{}
|
||||||
if err := proto.Unmarshal(m.Data, &storeRequest); err != nil {
|
if err := proto.Unmarshal(m.Data, &storeRequest); err != nil {
|
||||||
|
|
Loading…
Reference in New Issue