devbennett7/goma-gateway
1
0
Fork 0
Code Pull Requests Activity

chore: move blocklist middleware from route blocklist to middlewares

Browse Source
This commit is contained in:
Jonas Kaninda
2024-10-30 16:38:09 +01:00
parent 5450570e9e
commit bc86abd8f8
5 changed files with 141 additions and 109 deletions
Download Patch File Download Diff File Expand all files Collapse all files

56
pkg/config.go
View File

@@ -30,7 +30,7 @@ var cfg *Gateway
type Config struct { type Config struct {
file string file string
} }
type BasicRule struct { type BasicRuleMiddleware struct {
Username string `yaml:"username"` Username string `yaml:"username"`
Password string `yaml:"password"` Password string `yaml:"password"`
} }
@@ -54,10 +54,10 @@ type Cors struct {
Headers map[string]string `yaml:"headers"` Headers map[string]string `yaml:"headers"`
} }
// JWTRuler authentication using HTTP GET method // JWTRuleMiddleware authentication using HTTP GET method
// //
// JWTRuler contains the authentication details // JWTRuleMiddleware contains the authentication details
type JWTRuler struct { type JWTRuleMiddleware struct {
// URL contains the authentication URL, it supports HTTP GET method only. // URL contains the authentication URL, it supports HTTP GET method only.
URL string `yaml:"url"` URL string `yaml:"url"`
// RequiredHeaders , contains required before sending request to the backend. // RequiredHeaders , contains required before sending request to the backend.
@@ -84,16 +84,21 @@ type RateLimiter struct {
Rule int `yaml:"rule"` Rule int `yaml:"rule"`
} }
type AccessRuleMiddleware struct {
ResponseCode int `yaml:"responseCode"` // HTTP Response code
}
// Middleware defined the route middleware // Middleware defined the route middleware
type Middleware struct { type Middleware struct {
//Path contains the name of middleware and must be unique //Path contains the name of middleware and must be unique
Name string `yaml:"name"` Name string `yaml:"name"`
// Type contains authentication types // Type contains authentication types
// //
// basic, jwt, auth0, rateLimit // basic, jwt, auth0, rateLimit, access
Type string `yaml:"type"` Type string `yaml:"type"` // Middleware type [basic, jwt, auth0, rateLimit, access]
Paths []string `yaml:"paths"` // Protected paths
// Rule contains rule type of // Rule contains rule type of
Rule interface{} `yaml:"rule"` Rule interface{} `yaml:"rule"` // Middleware rule
} }
type MiddlewareName struct { type MiddlewareName struct {
name string `yaml:"name"` name string `yaml:"name"`
@@ -136,7 +141,7 @@ type Route struct {
// Eg: [ 403, 405, 500 ] // Eg: [ 403, 405, 500 ]
InterceptErrors []int `yaml:"interceptErrors"` InterceptErrors []int `yaml:"interceptErrors"`
// Middlewares Defines route middleware from Middleware names // Middlewares Defines route middleware from Middleware names
Middlewares []RouteMiddleware `yaml:"middlewares"` Middlewares []string `yaml:"middlewares"`
} }
// Gateway contains Goma Proxy Gateway's configs // Gateway contains Goma Proxy Gateway's configs
@@ -287,12 +292,7 @@ func initConfig(configFile string) {
"Access-Control-Max-Age": "1728000", "Access-Control-Max-Age": "1728000",
}, },
}, },
Middlewares: []RouteMiddleware{ Middlewares: []string{"basic-auth"},
{
Path: "/user",
Rules: []string{"basic-auth"},
},
},
}, },
{ {
Name: "Hostname example", Name: "Hostname example",
@@ -308,14 +308,14 @@ func initConfig(configFile string) {
{ {
Name: "basic-auth", Name: "basic-auth",
Type: "basic", Type: "basic",
Rule: BasicRule{ Rule: BasicRuleMiddleware{
Username: "goma", Username: "goma",
Password: "goma", Password: "goma",
}, },
}, { }, {
Name: "jwt", Name: "jwt",
Type: "jwt", Type: "jwt",
Rule: JWTRuler{ Rule: JWTRuleMiddleware{
URL: "https://www.googleapis.com/auth/userinfo.email", URL: "https://www.googleapis.com/auth/userinfo.email",
RequiredHeaders: []string{ RequiredHeaders: []string{
"Authorization", "Authorization",
@@ -361,40 +361,40 @@ func (Gateway) Setup(conf string) *Gateway {
return &Gateway{} return &Gateway{}
} }
func (middleware Middleware) name() {
} // getJWTMiddleware returns JWTRuleMiddleware,error
func ToJWTRuler(input interface{}) (JWTRuler, error) { func getJWTMiddleware(input interface{}) (JWTRuleMiddleware, error) {
jWTRuler := new(JWTRuler) jWTRuler := new(JWTRuleMiddleware)
var bytes []byte var bytes []byte
bytes, err := yaml.Marshal(input) bytes, err := yaml.Marshal(input)
if err != nil { if err != nil {
return JWTRuler{}, fmt.Errorf("error parsing yaml: %v", err) return JWTRuleMiddleware{}, fmt.Errorf("error parsing yaml: %v", err)
} }
err = yaml.Unmarshal(bytes, jWTRuler) err = yaml.Unmarshal(bytes, jWTRuler)
if err != nil { if err != nil {
return JWTRuler{}, fmt.Errorf("error parsing yaml: %v", err) return JWTRuleMiddleware{}, fmt.Errorf("error parsing yaml: %v", err)
} }
if jWTRuler.URL == "" { if jWTRuler.URL == "" {
return JWTRuler{}, fmt.Errorf("error parsing yaml: empty url in jwt auth middleware") return JWTRuleMiddleware{}, fmt.Errorf("error parsing yaml: empty url in jwt auth middleware")
} }
return *jWTRuler, nil return *jWTRuler, nil
} }
func ToBasicAuth(input interface{}) (BasicRule, error) { // getBasicAuthMiddleware returns BasicRuleMiddleware,error
basicAuth := new(BasicRule) func getBasicAuthMiddleware(input interface{}) (BasicRuleMiddleware, error) {
basicAuth := new(BasicRuleMiddleware)
var bytes []byte var bytes []byte
bytes, err := yaml.Marshal(input) bytes, err := yaml.Marshal(input)
if err != nil { if err != nil {
return BasicRule{}, fmt.Errorf("error parsing yaml: %v", err) return BasicRuleMiddleware{}, fmt.Errorf("error parsing yaml: %v", err)
} }
err = yaml.Unmarshal(bytes, basicAuth) err = yaml.Unmarshal(bytes, basicAuth)
if err != nil { if err != nil {
return BasicRule{}, fmt.Errorf("error parsing yaml: %v", err) return BasicRuleMiddleware{}, fmt.Errorf("error parsing yaml: %v", err)
} }
if basicAuth.Username == "" || basicAuth.Password == "" { if basicAuth.Username == "" || basicAuth.Password == "" {
return BasicRule{}, fmt.Errorf("error parsing yaml: empty username/password in %s middleware", basicAuth) return BasicRuleMiddleware{}, fmt.Errorf("error parsing yaml: empty username/password in %s middleware", basicAuth)
} }
return *basicAuth, nil return *basicAuth, nil

22
pkg/middleware.go
View File

@@ -7,7 +7,7 @@ import (
"strings" "strings"
) )
func searchMiddleware(rules []string, middlewares []Middleware) (Middleware, error) { func getMiddleware(rules []string, middlewares []Middleware) (Middleware, error) {
for _, m := range middlewares { for _, m := range middlewares {
if slices.Contains(rules, m.Name) { if slices.Contains(rules, m.Name) {
return m, nil return m, nil
@@ -17,17 +17,6 @@ func searchMiddleware(rules []string, middlewares []Middleware) (Middleware, err
return Middleware{}, errors.New("middleware not found with name: [" + strings.Join(rules, ";") + "]") return Middleware{}, errors.New("middleware not found with name: [" + strings.Join(rules, ";") + "]")
} }
func getMiddleware(rule string, middlewares []Middleware) (Middleware, error) {
for _, m := range middlewares {
if strings.Contains(rule, m.Name) {
return m, nil
}
continue
}
return Middleware{}, errors.New("no middleware found with name " + rule)
}
type RoutePath struct { type RoutePath struct {
route Route route Route
@@ -36,3 +25,12 @@ type RoutePath struct {
middlewares []Middleware middlewares []Middleware
router *mux.Router router *mux.Router
} }
func doesExist(tyName string) bool {
middlewareList := []string{BasicAuth, JWTAuth, AccessMiddleware}
if slices.Contains(middlewareList, tyName) {
return true
}
return false
}

35
pkg/middleware_test.go
View File

@@ -31,16 +31,29 @@ func TestMiddleware(t *testing.T) {
TestInit(t) TestInit(t)
middlewares := []Middleware{ middlewares := []Middleware{
{ {
Name: "basic-auth", Name: "basic-auth",
Type: "basic", Type: "basic",
Rule: BasicRule{ Paths: []string{"/", "/admin"},
Rule: BasicRuleMiddleware{
Username: "goma", Username: "goma",
Password: "goma", Password: "goma",
}, },
}, { },
Name: MidName, {
Type: "jwt", Name: "forbidden path acces",
Rule: JWTRuler{ Type: "access",
Paths: []string{"/", "/admin"},
Rule: BasicRuleMiddleware{
Username: "goma",
Password: "goma",
},
},
{
Name: "jwt",
Type: "jwt",
Paths: []string{"/", "/admin"},
Rule: JWTRuleMiddleware{
URL: "https://www.googleapis.com/auth/userinfo.email", URL: "https://www.googleapis.com/auth/userinfo.email",
Headers: map[string]string{}, Headers: map[string]string{},
Params: map[string]string{}, Params: map[string]string{},
@@ -61,21 +74,21 @@ func TestMiddleware(t *testing.T) {
func TestReadMiddleware(t *testing.T) { func TestReadMiddleware(t *testing.T) {
TestMiddleware(t) TestMiddleware(t)
middlewares := getMiddlewares(t) middlewares := getMiddlewares(t)
middleware, err := searchMiddleware(rules, middlewares) middleware, err := getMiddleware(rules, middlewares)
if err != nil { if err != nil {
t.Fatalf("Error searching middleware %s", err.Error()) t.Fatalf("Error searching middleware %s", err.Error())
} }
switch middleware.Type { switch middleware.Type {
case "basic": case "basic":
log.Println("Basic auth") log.Println("Basic auth")
basicAuth, err := ToBasicAuth(middleware.Rule) basicAuth, err := getBasicAuthMiddleware(middleware.Rule)
if err != nil { if err != nil {
log.Fatalln("error:", err) log.Fatalln("error:", err)
} }
log.Printf("Username: %s and password: %s\n", basicAuth.Username, basicAuth.Password) log.Printf("Username: %s and password: %s\n", basicAuth.Username, basicAuth.Password)
case "jwt": case "jwt":
log.Println("JWT auth") log.Println("JWT auth")
jwt, err := ToJWTRuler(middleware.Rule) jwt, err := getJWTMiddleware(middleware.Rule)
if err != nil { if err != nil {
log.Fatalln("error:", err) log.Fatalln("error:", err)
} }
@@ -89,7 +102,7 @@ func TestReadMiddleware(t *testing.T) {
func TestFoundMiddleware(t *testing.T) { func TestFoundMiddleware(t *testing.T) {
middlewares := getMiddlewares(t) middlewares := getMiddlewares(t)
middleware, err := searchMiddleware(rules, middlewares) middleware, err := getAuthMiddleware("jwt", middlewares)
if err != nil { if err != nil {
t.Errorf("Error getting middleware %v", err) t.Errorf("Error getting middleware %v", err)
} }

129
pkg/route.go
View File

@@ -42,67 +42,87 @@ func (gatewayServer GatewayServer) Initialize() *mux.Router {
} }
for _, route := range gateway.Routes { for _, route := range gateway.Routes {
if route.Path != "" { if route.Path != "" {
blM := middleware.BlockListMiddleware{
Path: route.Path, // Apply middlewares to route
List: route.Blocklist,
}
// Apply route middlewares
for _, mid := range route.Middlewares { for _, mid := range route.Middlewares {
if mid.Path != "" { if mid != "" {
secureRouter := r.PathPrefix(util.ParseURLPath(route.Path + mid.Path)).Subrouter() // Get Access middleware if it does exist
proxyRoute := ProxyRoute{ accessMiddleware, err := getMiddleware([]string{mid}, middlewares)
path: route.Path,
rewrite: route.Rewrite,
destination: route.Destination,
disableXForward: route.DisableHeaderXForward,
cors: route.Cors,
}
rMiddleware, err := searchMiddleware(mid.Rules, middlewares)
if err != nil { if err != nil {
logger.Error("Error: %v", err.Error()) logger.Error("Error: %v", err.Error())
} else { } else {
//Check Authentication middleware // Apply access middleware
switch rMiddleware.Type { if accessMiddleware.Type == AccessMiddleware {
case "basic": blM := middleware.BlockListMiddleware{
basicAuth, err := ToBasicAuth(rMiddleware.Rule) Path: route.Path,
if err != nil { List: accessMiddleware.Paths,
logger.Error("Error: %s", err.Error())
} else {
amw := middleware.AuthBasic{
Username: basicAuth.Username,
Password: basicAuth.Password,
Headers: nil,
Params: nil,
}
// Apply JWT authentication middleware
secureRouter.Use(amw.AuthMiddleware)
secureRouter.Use(CORSHandler(route.Cors))
secureRouter.PathPrefix("/").Handler(proxyRoute.ProxyHandler()) // Proxy handler
secureRouter.PathPrefix("").Handler(proxyRoute.ProxyHandler()) // Proxy handler
} }
case "jwt": r.Use(blM.BlocklistMiddleware)
jwt, err := ToJWTRuler(rMiddleware.Rule)
if err != nil { }
logger.Error("Error: %s", err.Error())
} else { }
amw := middleware.JwtAuth{ // Get route authentication middleware if it does exist
AuthURL: jwt.URL, rMiddleware, err := getMiddleware([]string{mid}, middlewares)
RequiredHeaders: jwt.RequiredHeaders, if err != nil {
Headers: jwt.Headers, //Error: middleware not found
Params: jwt.Params, logger.Error("Error: %v", err.Error())
} else {
for _, midPath := range rMiddleware.Paths {
proxyRoute := ProxyRoute{
path: route.Path,
rewrite: route.Rewrite,
destination: route.Destination,
disableXForward: route.DisableHeaderXForward,
cors: route.Cors,
}
secureRouter := r.PathPrefix(util.ParseURLPath(route.Path + midPath)).Subrouter()
//Check Authentication middleware
switch rMiddleware.Type {
case BasicAuth:
basicAuth, err := getBasicAuthMiddleware(rMiddleware.Rule)
if err != nil {
logger.Error("Error: %s", err.Error())
} else {
amw := middleware.AuthBasic{
Username: basicAuth.Username,
Password: basicAuth.Password,
Headers: nil,
Params: nil,
}
// Apply JWT authentication middleware
secureRouter.Use(amw.AuthMiddleware)
secureRouter.Use(CORSHandler(route.Cors))
secureRouter.PathPrefix("/").Handler(proxyRoute.ProxyHandler()) // Proxy handler
secureRouter.PathPrefix("").Handler(proxyRoute.ProxyHandler()) // Proxy handler
}
case JWTAuth:
jwt, err := getJWTMiddleware(rMiddleware.Rule)
if err != nil {
logger.Error("Error: %s", err.Error())
} else {
amw := middleware.JwtAuth{
AuthURL: jwt.URL,
RequiredHeaders: jwt.RequiredHeaders,
Headers: jwt.Headers,
Params: jwt.Params,
}
// Apply JWT authentication middleware
secureRouter.Use(amw.AuthMiddleware)
secureRouter.Use(CORSHandler(route.Cors))
secureRouter.PathPrefix("/").Handler(proxyRoute.ProxyHandler()) // Proxy handler
secureRouter.PathPrefix("").Handler(proxyRoute.ProxyHandler()) // Proxy handler
}
case "OAuth":
logger.Error("OAuth is not yet implemented")
logger.Info("Auth middleware ignored")
default:
if !doesExist(rMiddleware.Type) {
logger.Error("Unknown middleware type %s", rMiddleware.Type)
} }
// Apply JWT authentication middleware
secureRouter.Use(amw.AuthMiddleware)
secureRouter.Use(CORSHandler(route.Cors))
secureRouter.PathPrefix("/").Handler(proxyRoute.ProxyHandler()) // Proxy handler
secureRouter.PathPrefix("").Handler(proxyRoute.ProxyHandler()) // Proxy handler
} }
case "OAuth":
logger.Error("OAuth is not yet implemented")
logger.Info("Auth middleware ignored")
default:
logger.Error("Unknown middleware type %s", rMiddleware.Type)
} }
@@ -122,9 +142,6 @@ func (gatewayServer GatewayServer) Initialize() *mux.Router {
router := r.PathPrefix(route.Path).Subrouter() router := r.PathPrefix(route.Path).Subrouter()
// Apply route Cors // Apply route Cors
router.Use(CORSHandler(route.Cors)) router.Use(CORSHandler(route.Cors))
// Add block access middleware to route, if defined
router.Use(blM.BlocklistMiddleware)
//Domain/host based request routing
if route.Host != "" { if route.Host != "" {
router.Host(route.Host).PathPrefix("").Handler(proxyRoute.ProxyHandler()) router.Host(route.Host).PathPrefix("").Handler(proxyRoute.ProxyHandler())
} else { } else {

8
pkg/var.go
View File

@@ -1,5 +1,9 @@
package pkg package pkg
const ConfigFile = "/config/goma.yml" const ConfigFile = "/config/goma.yml" // Default configuration file
const accessControlAllowOrigin = "Access-Control-Allow-Origin" const accessControlAllowOrigin = "Access-Control-Allow-Origin" // Cors
const serverName = "Goma" const serverName = "Goma"
const AccessMiddleware = "access" // access middleware
const BasicAuth = "basic" // basic authentication middleware
const JWTAuth = "jwt" // JWT authentication middleware
const OAuth = "OAuth" // OAuth authentication middleware