chore: move blocklist middleware from route blocklist to middlewares
This commit is contained in:
Jonas Kaninda
@@ -30,7 +30,7 @@ var cfg *Gateway
|
|||||||
type Config struct {
|
type Config struct {
|
||||||
file string
|
file string
|
||||||
}
|
}
|
||||||
type BasicRule struct {
|
type BasicRuleMiddleware struct {
|
||||||
Username string `yaml:"username"`
|
Username string `yaml:"username"`
|
||||||
Password string `yaml:"password"`
|
Password string `yaml:"password"`
|
||||||
}
|
}
|
||||||
@@ -54,10 +54,10 @@ type Cors struct {
|
|||||||
Headers map[string]string `yaml:"headers"`
|
Headers map[string]string `yaml:"headers"`
|
||||||
}
|
}
|
||||||
|
|
||||||
// JWTRuler authentication using HTTP GET method
|
// JWTRuleMiddleware authentication using HTTP GET method
|
||||||
//
|
//
|
||||||
// JWTRuler contains the authentication details
|
// JWTRuleMiddleware contains the authentication details
|
||||||
type JWTRuler struct {
|
type JWTRuleMiddleware struct {
|
||||||
// URL contains the authentication URL, it supports HTTP GET method only.
|
// URL contains the authentication URL, it supports HTTP GET method only.
|
||||||
URL string `yaml:"url"`
|
URL string `yaml:"url"`
|
||||||
// RequiredHeaders , contains required before sending request to the backend.
|
// RequiredHeaders , contains required before sending request to the backend.
|
||||||
@@ -84,16 +84,21 @@ type RateLimiter struct {
|
|||||||
Rule int `yaml:"rule"`
|
Rule int `yaml:"rule"`
|
||||||
}
|
}
|
||||||
|
|
||||||
|
type AccessRuleMiddleware struct {
|
||||||
|
ResponseCode int `yaml:"responseCode"` // HTTP Response code
|
||||||
|
}
|
||||||
|
|
||||||
// Middleware defined the route middleware
|
// Middleware defined the route middleware
|
||||||
type Middleware struct {
|
type Middleware struct {
|
||||||
//Path contains the name of middleware and must be unique
|
//Path contains the name of middleware and must be unique
|
||||||
Name string `yaml:"name"`
|
Name string `yaml:"name"`
|
||||||
// Type contains authentication types
|
// Type contains authentication types
|
||||||
//
|
//
|
||||||
// basic, jwt, auth0, rateLimit
|
// basic, jwt, auth0, rateLimit, access
|
||||||
Type string `yaml:"type"`
|
Type string `yaml:"type"` // Middleware type [basic, jwt, auth0, rateLimit, access]
|
||||||
|
Paths []string `yaml:"paths"` // Protected paths
|
||||||
// Rule contains rule type of
|
// Rule contains rule type of
|
||||||
Rule interface{} `yaml:"rule"`
|
Rule interface{} `yaml:"rule"` // Middleware rule
|
||||||
}
|
}
|
||||||
type MiddlewareName struct {
|
type MiddlewareName struct {
|
||||||
name string `yaml:"name"`
|
name string `yaml:"name"`
|
||||||
@@ -136,7 +141,7 @@ type Route struct {
|
|||||||
// Eg: [ 403, 405, 500 ]
|
// Eg: [ 403, 405, 500 ]
|
||||||
InterceptErrors []int `yaml:"interceptErrors"`
|
InterceptErrors []int `yaml:"interceptErrors"`
|
||||||
// Middlewares Defines route middleware from Middleware names
|
// Middlewares Defines route middleware from Middleware names
|
||||||
Middlewares []RouteMiddleware `yaml:"middlewares"`
|
Middlewares []string `yaml:"middlewares"`
|
||||||
}
|
}
|
||||||
|
|
||||||
// Gateway contains Goma Proxy Gateway's configs
|
// Gateway contains Goma Proxy Gateway's configs
|
||||||
@@ -287,12 +292,7 @@ func initConfig(configFile string) {
|
|||||||
"Access-Control-Max-Age": "1728000",
|
"Access-Control-Max-Age": "1728000",
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
Middlewares: []RouteMiddleware{
|
Middlewares: []string{"basic-auth"},
|
||||||
{
|
|
||||||
Path: "/user",
|
|
||||||
Rules: []string{"basic-auth"},
|
|
||||||
},
|
|
||||||
},
|
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
Name: "Hostname example",
|
Name: "Hostname example",
|
||||||
@@ -308,14 +308,14 @@ func initConfig(configFile string) {
|
|||||||
{
|
{
|
||||||
Name: "basic-auth",
|
Name: "basic-auth",
|
||||||
Type: "basic",
|
Type: "basic",
|
||||||
Rule: BasicRule{
|
Rule: BasicRuleMiddleware{
|
||||||
Username: "goma",
|
Username: "goma",
|
||||||
Password: "goma",
|
Password: "goma",
|
||||||
},
|
},
|
||||||
}, {
|
}, {
|
||||||
Name: "jwt",
|
Name: "jwt",
|
||||||
Type: "jwt",
|
Type: "jwt",
|
||||||
Rule: JWTRuler{
|
Rule: JWTRuleMiddleware{
|
||||||
URL: "https://www.googleapis.com/auth/userinfo.email",
|
URL: "https://www.googleapis.com/auth/userinfo.email",
|
||||||
RequiredHeaders: []string{
|
RequiredHeaders: []string{
|
||||||
"Authorization",
|
"Authorization",
|
||||||
@@ -361,40 +361,40 @@ func (Gateway) Setup(conf string) *Gateway {
|
|||||||
return &Gateway{}
|
return &Gateway{}
|
||||||
|
|
||||||
}
|
}
|
||||||
func (middleware Middleware) name() {
|
|
||||||
|
|
||||||
}
|
// getJWTMiddleware returns JWTRuleMiddleware,error
|
||||||
func ToJWTRuler(input interface{}) (JWTRuler, error) {
|
func getJWTMiddleware(input interface{}) (JWTRuleMiddleware, error) {
|
||||||
jWTRuler := new(JWTRuler)
|
jWTRuler := new(JWTRuleMiddleware)
|
||||||
var bytes []byte
|
var bytes []byte
|
||||||
bytes, err := yaml.Marshal(input)
|
bytes, err := yaml.Marshal(input)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return JWTRuler{}, fmt.Errorf("error parsing yaml: %v", err)
|
return JWTRuleMiddleware{}, fmt.Errorf("error parsing yaml: %v", err)
|
||||||
}
|
}
|
||||||
err = yaml.Unmarshal(bytes, jWTRuler)
|
err = yaml.Unmarshal(bytes, jWTRuler)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return JWTRuler{}, fmt.Errorf("error parsing yaml: %v", err)
|
return JWTRuleMiddleware{}, fmt.Errorf("error parsing yaml: %v", err)
|
||||||
}
|
}
|
||||||
if jWTRuler.URL == "" {
|
if jWTRuler.URL == "" {
|
||||||
return JWTRuler{}, fmt.Errorf("error parsing yaml: empty url in jwt auth middleware")
|
return JWTRuleMiddleware{}, fmt.Errorf("error parsing yaml: empty url in jwt auth middleware")
|
||||||
|
|
||||||
}
|
}
|
||||||
return *jWTRuler, nil
|
return *jWTRuler, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
func ToBasicAuth(input interface{}) (BasicRule, error) {
|
// getBasicAuthMiddleware returns BasicRuleMiddleware,error
|
||||||
basicAuth := new(BasicRule)
|
func getBasicAuthMiddleware(input interface{}) (BasicRuleMiddleware, error) {
|
||||||
|
basicAuth := new(BasicRuleMiddleware)
|
||||||
var bytes []byte
|
var bytes []byte
|
||||||
bytes, err := yaml.Marshal(input)
|
bytes, err := yaml.Marshal(input)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return BasicRule{}, fmt.Errorf("error parsing yaml: %v", err)
|
return BasicRuleMiddleware{}, fmt.Errorf("error parsing yaml: %v", err)
|
||||||
}
|
}
|
||||||
err = yaml.Unmarshal(bytes, basicAuth)
|
err = yaml.Unmarshal(bytes, basicAuth)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return BasicRule{}, fmt.Errorf("error parsing yaml: %v", err)
|
return BasicRuleMiddleware{}, fmt.Errorf("error parsing yaml: %v", err)
|
||||||
}
|
}
|
||||||
if basicAuth.Username == "" || basicAuth.Password == "" {
|
if basicAuth.Username == "" || basicAuth.Password == "" {
|
||||||
return BasicRule{}, fmt.Errorf("error parsing yaml: empty username/password in %s middleware", basicAuth)
|
return BasicRuleMiddleware{}, fmt.Errorf("error parsing yaml: empty username/password in %s middleware", basicAuth)
|
||||||
|
|
||||||
}
|
}
|
||||||
return *basicAuth, nil
|
return *basicAuth, nil
|
||||||
|
|||||||
@@ -7,7 +7,7 @@ import (
|
|||||||
"strings"
|
"strings"
|
||||||
)
|
)
|
||||||
|
|
||||||
func searchMiddleware(rules []string, middlewares []Middleware) (Middleware, error) {
|
func getMiddleware(rules []string, middlewares []Middleware) (Middleware, error) {
|
||||||
for _, m := range middlewares {
|
for _, m := range middlewares {
|
||||||
if slices.Contains(rules, m.Name) {
|
if slices.Contains(rules, m.Name) {
|
||||||
return m, nil
|
return m, nil
|
||||||
@@ -17,17 +17,6 @@ func searchMiddleware(rules []string, middlewares []Middleware) (Middleware, err
|
|||||||
|
|
||||||
return Middleware{}, errors.New("middleware not found with name: [" + strings.Join(rules, ";") + "]")
|
return Middleware{}, errors.New("middleware not found with name: [" + strings.Join(rules, ";") + "]")
|
||||||
}
|
}
|
||||||
func getMiddleware(rule string, middlewares []Middleware) (Middleware, error) {
|
|
||||||
for _, m := range middlewares {
|
|
||||||
if strings.Contains(rule, m.Name) {
|
|
||||||
|
|
||||||
return m, nil
|
|
||||||
}
|
|
||||||
continue
|
|
||||||
}
|
|
||||||
|
|
||||||
return Middleware{}, errors.New("no middleware found with name " + rule)
|
|
||||||
}
|
|
||||||
|
|
||||||
type RoutePath struct {
|
type RoutePath struct {
|
||||||
route Route
|
route Route
|
||||||
@@ -36,3 +25,12 @@ type RoutePath struct {
|
|||||||
middlewares []Middleware
|
middlewares []Middleware
|
||||||
router *mux.Router
|
router *mux.Router
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func doesExist(tyName string) bool {
|
||||||
|
middlewareList := []string{BasicAuth, JWTAuth, AccessMiddleware}
|
||||||
|
if slices.Contains(middlewareList, tyName) {
|
||||||
|
return true
|
||||||
|
|
||||||
|
}
|
||||||
|
return false
|
||||||
|
}
|
||||||
|
|||||||
@@ -33,14 +33,27 @@ func TestMiddleware(t *testing.T) {
|
|||||||
{
|
{
|
||||||
Name: "basic-auth",
|
Name: "basic-auth",
|
||||||
Type: "basic",
|
Type: "basic",
|
||||||
Rule: BasicRule{
|
Paths: []string{"/", "/admin"},
|
||||||
|
Rule: BasicRuleMiddleware{
|
||||||
Username: "goma",
|
Username: "goma",
|
||||||
Password: "goma",
|
Password: "goma",
|
||||||
},
|
},
|
||||||
}, {
|
},
|
||||||
Name: MidName,
|
{
|
||||||
|
Name: "forbidden path acces",
|
||||||
|
Type: "access",
|
||||||
|
Paths: []string{"/", "/admin"},
|
||||||
|
Rule: BasicRuleMiddleware{
|
||||||
|
Username: "goma",
|
||||||
|
Password: "goma",
|
||||||
|
},
|
||||||
|
},
|
||||||
|
|
||||||
|
{
|
||||||
|
Name: "jwt",
|
||||||
Type: "jwt",
|
Type: "jwt",
|
||||||
Rule: JWTRuler{
|
Paths: []string{"/", "/admin"},
|
||||||
|
Rule: JWTRuleMiddleware{
|
||||||
URL: "https://www.googleapis.com/auth/userinfo.email",
|
URL: "https://www.googleapis.com/auth/userinfo.email",
|
||||||
Headers: map[string]string{},
|
Headers: map[string]string{},
|
||||||
Params: map[string]string{},
|
Params: map[string]string{},
|
||||||
@@ -61,21 +74,21 @@ func TestMiddleware(t *testing.T) {
|
|||||||
func TestReadMiddleware(t *testing.T) {
|
func TestReadMiddleware(t *testing.T) {
|
||||||
TestMiddleware(t)
|
TestMiddleware(t)
|
||||||
middlewares := getMiddlewares(t)
|
middlewares := getMiddlewares(t)
|
||||||
middleware, err := searchMiddleware(rules, middlewares)
|
middleware, err := getMiddleware(rules, middlewares)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
t.Fatalf("Error searching middleware %s", err.Error())
|
t.Fatalf("Error searching middleware %s", err.Error())
|
||||||
}
|
}
|
||||||
switch middleware.Type {
|
switch middleware.Type {
|
||||||
case "basic":
|
case "basic":
|
||||||
log.Println("Basic auth")
|
log.Println("Basic auth")
|
||||||
basicAuth, err := ToBasicAuth(middleware.Rule)
|
basicAuth, err := getBasicAuthMiddleware(middleware.Rule)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
log.Fatalln("error:", err)
|
log.Fatalln("error:", err)
|
||||||
}
|
}
|
||||||
log.Printf("Username: %s and password: %s\n", basicAuth.Username, basicAuth.Password)
|
log.Printf("Username: %s and password: %s\n", basicAuth.Username, basicAuth.Password)
|
||||||
case "jwt":
|
case "jwt":
|
||||||
log.Println("JWT auth")
|
log.Println("JWT auth")
|
||||||
jwt, err := ToJWTRuler(middleware.Rule)
|
jwt, err := getJWTMiddleware(middleware.Rule)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
log.Fatalln("error:", err)
|
log.Fatalln("error:", err)
|
||||||
}
|
}
|
||||||
@@ -89,7 +102,7 @@ func TestReadMiddleware(t *testing.T) {
|
|||||||
|
|
||||||
func TestFoundMiddleware(t *testing.T) {
|
func TestFoundMiddleware(t *testing.T) {
|
||||||
middlewares := getMiddlewares(t)
|
middlewares := getMiddlewares(t)
|
||||||
middleware, err := searchMiddleware(rules, middlewares)
|
middleware, err := getAuthMiddleware("jwt", middlewares)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
t.Errorf("Error getting middleware %v", err)
|
t.Errorf("Error getting middleware %v", err)
|
||||||
}
|
}
|
||||||
|
|||||||
49
pkg/route.go
49
pkg/route.go
@@ -42,14 +42,33 @@ func (gatewayServer GatewayServer) Initialize() *mux.Router {
|
|||||||
}
|
}
|
||||||
for _, route := range gateway.Routes {
|
for _, route := range gateway.Routes {
|
||||||
if route.Path != "" {
|
if route.Path != "" {
|
||||||
|
|
||||||
|
// Apply middlewares to route
|
||||||
|
for _, mid := range route.Middlewares {
|
||||||
|
if mid != "" {
|
||||||
|
// Get Access middleware if it does exist
|
||||||
|
accessMiddleware, err := getMiddleware([]string{mid}, middlewares)
|
||||||
|
if err != nil {
|
||||||
|
logger.Error("Error: %v", err.Error())
|
||||||
|
} else {
|
||||||
|
// Apply access middleware
|
||||||
|
if accessMiddleware.Type == AccessMiddleware {
|
||||||
blM := middleware.BlockListMiddleware{
|
blM := middleware.BlockListMiddleware{
|
||||||
Path: route.Path,
|
Path: route.Path,
|
||||||
List: route.Blocklist,
|
List: accessMiddleware.Paths,
|
||||||
}
|
}
|
||||||
// Apply route middlewares
|
r.Use(blM.BlocklistMiddleware)
|
||||||
for _, mid := range route.Middlewares {
|
|
||||||
if mid.Path != "" {
|
}
|
||||||
secureRouter := r.PathPrefix(util.ParseURLPath(route.Path + mid.Path)).Subrouter()
|
|
||||||
|
}
|
||||||
|
// Get route authentication middleware if it does exist
|
||||||
|
rMiddleware, err := getMiddleware([]string{mid}, middlewares)
|
||||||
|
if err != nil {
|
||||||
|
//Error: middleware not found
|
||||||
|
logger.Error("Error: %v", err.Error())
|
||||||
|
} else {
|
||||||
|
for _, midPath := range rMiddleware.Paths {
|
||||||
proxyRoute := ProxyRoute{
|
proxyRoute := ProxyRoute{
|
||||||
path: route.Path,
|
path: route.Path,
|
||||||
rewrite: route.Rewrite,
|
rewrite: route.Rewrite,
|
||||||
@@ -57,14 +76,11 @@ func (gatewayServer GatewayServer) Initialize() *mux.Router {
|
|||||||
disableXForward: route.DisableHeaderXForward,
|
disableXForward: route.DisableHeaderXForward,
|
||||||
cors: route.Cors,
|
cors: route.Cors,
|
||||||
}
|
}
|
||||||
rMiddleware, err := searchMiddleware(mid.Rules, middlewares)
|
secureRouter := r.PathPrefix(util.ParseURLPath(route.Path + midPath)).Subrouter()
|
||||||
if err != nil {
|
|
||||||
logger.Error("Error: %v", err.Error())
|
|
||||||
} else {
|
|
||||||
//Check Authentication middleware
|
//Check Authentication middleware
|
||||||
switch rMiddleware.Type {
|
switch rMiddleware.Type {
|
||||||
case "basic":
|
case BasicAuth:
|
||||||
basicAuth, err := ToBasicAuth(rMiddleware.Rule)
|
basicAuth, err := getBasicAuthMiddleware(rMiddleware.Rule)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
logger.Error("Error: %s", err.Error())
|
logger.Error("Error: %s", err.Error())
|
||||||
} else {
|
} else {
|
||||||
@@ -80,8 +96,8 @@ func (gatewayServer GatewayServer) Initialize() *mux.Router {
|
|||||||
secureRouter.PathPrefix("/").Handler(proxyRoute.ProxyHandler()) // Proxy handler
|
secureRouter.PathPrefix("/").Handler(proxyRoute.ProxyHandler()) // Proxy handler
|
||||||
secureRouter.PathPrefix("").Handler(proxyRoute.ProxyHandler()) // Proxy handler
|
secureRouter.PathPrefix("").Handler(proxyRoute.ProxyHandler()) // Proxy handler
|
||||||
}
|
}
|
||||||
case "jwt":
|
case JWTAuth:
|
||||||
jwt, err := ToJWTRuler(rMiddleware.Rule)
|
jwt, err := getJWTMiddleware(rMiddleware.Rule)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
logger.Error("Error: %s", err.Error())
|
logger.Error("Error: %s", err.Error())
|
||||||
} else {
|
} else {
|
||||||
@@ -102,7 +118,11 @@ func (gatewayServer GatewayServer) Initialize() *mux.Router {
|
|||||||
logger.Error("OAuth is not yet implemented")
|
logger.Error("OAuth is not yet implemented")
|
||||||
logger.Info("Auth middleware ignored")
|
logger.Info("Auth middleware ignored")
|
||||||
default:
|
default:
|
||||||
|
if !doesExist(rMiddleware.Type) {
|
||||||
logger.Error("Unknown middleware type %s", rMiddleware.Type)
|
logger.Error("Unknown middleware type %s", rMiddleware.Type)
|
||||||
|
}
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -122,9 +142,6 @@ func (gatewayServer GatewayServer) Initialize() *mux.Router {
|
|||||||
router := r.PathPrefix(route.Path).Subrouter()
|
router := r.PathPrefix(route.Path).Subrouter()
|
||||||
// Apply route Cors
|
// Apply route Cors
|
||||||
router.Use(CORSHandler(route.Cors))
|
router.Use(CORSHandler(route.Cors))
|
||||||
// Add block access middleware to route, if defined
|
|
||||||
router.Use(blM.BlocklistMiddleware)
|
|
||||||
//Domain/host based request routing
|
|
||||||
if route.Host != "" {
|
if route.Host != "" {
|
||||||
router.Host(route.Host).PathPrefix("").Handler(proxyRoute.ProxyHandler())
|
router.Host(route.Host).PathPrefix("").Handler(proxyRoute.ProxyHandler())
|
||||||
} else {
|
} else {
|
||||||
|
|||||||
@@ -1,5 +1,9 @@
|
|||||||
package pkg
|
package pkg
|
||||||
|
|
||||||
const ConfigFile = "/config/goma.yml"
|
const ConfigFile = "/config/goma.yml" // Default configuration file
|
||||||
const accessControlAllowOrigin = "Access-Control-Allow-Origin"
|
const accessControlAllowOrigin = "Access-Control-Allow-Origin" // Cors
|
||||||
const serverName = "Goma"
|
const serverName = "Goma"
|
||||||
|
const AccessMiddleware = "access" // access middleware
|
||||||
|
const BasicAuth = "basic" // basic authentication middleware
|
||||||
|
const JWTAuth = "jwt" // JWT authentication middleware
|
||||||
|
const OAuth = "OAuth" // OAuth authentication middleware
|
||||||
|
|||||||
Reference in New Issue
Block a user