From dbd09743889f64e185a62da842afedb9bd5a4fcb Mon Sep 17 00:00:00 2001 From: Jonas Kaninda Date: Mon, 25 Nov 2024 07:38:49 +0100 Subject: [PATCH] refactor: refactoring of auth middlewares --- internal/middlewares/access_middleware.go | 4 ++-- internal/middlewares/middleware.go | 6 +++--- internal/middlewares/oauth_middleware.go | 2 +- internal/middlewares/types.go | 6 +++++- internal/routes.go | 25 +++++++++++++---------- 5 files changed, 25 insertions(+), 18 deletions(-) diff --git a/internal/middlewares/access_middleware.go b/internal/middlewares/access_middleware.go index 5b18181..d6132e2 100644 --- a/internal/middlewares/access_middleware.go +++ b/internal/middlewares/access_middleware.go @@ -53,9 +53,9 @@ func isPathBlocked(requestPath, blockedPath string) bool { } return false } -func isProtectedPath(urlPath string, paths []string) bool { +func isProtectedPath(urlPath, prefix string, paths []string) bool { for _, path := range paths { - return isPathBlocked(urlPath, util.ParseURLPath(path)) + return isPathBlocked(urlPath, util.ParseURLPath(prefix+path)) } return false } diff --git a/internal/middlewares/middleware.go b/internal/middlewares/middleware.go index da52614..5cb66e0 100644 --- a/internal/middlewares/middleware.go +++ b/internal/middlewares/middleware.go @@ -29,7 +29,7 @@ import ( // authorization based on the result of backend's response and continue the request when the client is authorized func (jwtAuth JwtAuth) AuthMiddleware(next http.Handler) http.Handler { return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { - if isProtectedPath(r.URL.Path, jwtAuth.Paths) { + if isProtectedPath(r.URL.Path, jwtAuth.Path, jwtAuth.Paths) { for _, header := range jwtAuth.RequiredHeaders { if r.Header.Get(header) == "" { logger.Error("Proxy error, missing %s header", header) @@ -98,16 +98,16 @@ func (jwtAuth JwtAuth) AuthMiddleware(next http.Handler) http.Handler { } r.URL.RawQuery = query.Encode() } - next.ServeHTTP(w, r) }) + } // AuthMiddleware checks for the Authorization header and verifies the credentials func (basicAuth AuthBasic) AuthMiddleware(next http.Handler) http.Handler { return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { logger.Trace("Basic-Auth request headers: %v", r.Header) - if isProtectedPath(r.URL.Path, basicAuth.Paths) { + if isProtectedPath(r.URL.Path, basicAuth.Path, basicAuth.Paths) { // Get the Authorization header authHeader := r.Header.Get("Authorization") if authHeader == "" { diff --git a/internal/middlewares/oauth_middleware.go b/internal/middlewares/oauth_middleware.go index 74b4089..3157ea5 100644 --- a/internal/middlewares/oauth_middleware.go +++ b/internal/middlewares/oauth_middleware.go @@ -26,7 +26,7 @@ import ( func (oauth Oauth) AuthMiddleware(next http.Handler) http.Handler { return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { - if isProtectedPath(r.URL.Path, oauth.Paths) { + if isProtectedPath(r.URL.Path, oauth.Path, oauth.Paths) { oauthConf := oauth2Config(oauth) // Check if the user is authenticated token, err := r.Cookie("goma.oauth") diff --git a/internal/middlewares/types.go b/internal/middlewares/types.go index c715d61..826d94a 100644 --- a/internal/middlewares/types.go +++ b/internal/middlewares/types.go @@ -85,7 +85,7 @@ type ProxyResponseError struct { // JwtAuth stores JWT configuration type JwtAuth struct { - RoutePath string + Path string Paths []string AuthURL string RequiredHeaders []string @@ -109,6 +109,8 @@ type AccessListMiddleware struct { // AuthBasic contains Basic auth configuration type AuthBasic struct { + // Route path + Path string Paths []string Username string Password string @@ -129,6 +131,8 @@ type responseRecorder struct { body *bytes.Buffer } type Oauth struct { + // Route path + Path string // Route protected path Paths []string // ClientID is the application's ID. diff --git a/internal/routes.go b/internal/routes.go index 4b736e8..8536ffb 100644 --- a/internal/routes.go +++ b/internal/routes.go @@ -201,7 +201,7 @@ func (gatewayServer GatewayServer) Initialize() *mux.Router { // Error: middlewares not found logger.Error("Error: %v", err.Error()) } else { - attachAuthMiddlewares(route, routeMiddleware, gateway, r) + attachAuthMiddlewares(route, routeMiddleware, gateway, router) } } else { logger.Error("Error, middlewares path is empty") @@ -211,13 +211,6 @@ func (gatewayServer GatewayServer) Initialize() *mux.Router { // Apply route Cors router.Use(CORSHandler(route.Cors)) - if len(route.Hosts) > 0 { - for _, host := range route.Hosts { - router.Host(host).PathPrefix("").Handler(proxyRoute.ProxyHandler()) - } - } else { - router.PathPrefix("").Handler(proxyRoute.ProxyHandler()) - } if gateway.EnableMetrics { pr := metrics.PrometheusRoute{ Name: route.Name, @@ -234,6 +227,13 @@ func (gatewayServer GatewayServer) Initialize() *mux.Router { } router.Use(interceptErrors.ErrorInterceptor) } + if len(route.Hosts) != 0 { + for _, host := range route.Hosts { + router.Host(host).PathPrefix("").Handler(proxyRoute.ProxyHandler()) + } + } else { + router.PathPrefix("").Handler(proxyRoute.ProxyHandler()) + } } else { logger.Error("Error, path is empty in route %s", route.Name) @@ -266,7 +266,8 @@ func attachAuthMiddlewares(route Route, routeMiddleware Middleware, gateway Gate logger.Error("Error: %s", err.Error()) } else { authBasic := middlewares.AuthBasic{ - Paths: util.AddPrefixPath(route.Path, routeMiddleware.Paths), + Path: route.Path, + Paths: routeMiddleware.Paths, Username: basicAuth.Username, Password: basicAuth.Password, Headers: nil, @@ -282,7 +283,8 @@ func attachAuthMiddlewares(route Route, routeMiddleware Middleware, gateway Gate logger.Error("Error: %s", err.Error()) } else { jwtAuth := middlewares.JwtAuth{ - Paths: util.AddPrefixPath(route.Path, routeMiddleware.Paths), + Path: route.Path, + Paths: routeMiddleware.Paths, AuthURL: jwt.URL, RequiredHeaders: jwt.RequiredHeaders, Headers: jwt.Headers, @@ -304,7 +306,8 @@ func attachAuthMiddlewares(route Route, routeMiddleware Middleware, gateway Gate redirectURL = oauth.RedirectURL } amw := middlewares.Oauth{ - Paths: util.AddPrefixPath(route.Path, routeMiddleware.Paths), + Path: route.Path, + Paths: routeMiddleware.Paths, ClientID: oauth.ClientID, ClientSecret: oauth.ClientSecret, RedirectURL: redirectURL,