refactor: refactoring of auth middlewares

2024-11-25 07:38:49 +01:00
parent f4e5bb3be2
commit dbd0974388
5 changed files with 25 additions and 18 deletions
--- a/internal/middlewares/access_middleware.go
+++ b/internal/middlewares/access_middleware.go
@@ -53,9 +53,9 @@ func isPathBlocked(requestPath, blockedPath string) bool {
 	}
 	return false
 }
-func isProtectedPath(urlPath string, paths []string) bool {
+func isProtectedPath(urlPath, prefix string, paths []string) bool {
 	for _, path := range paths {
-		return isPathBlocked(urlPath, util.ParseURLPath(path))
+		return isPathBlocked(urlPath, util.ParseURLPath(prefix+path))
 	}
 	return false
 }
--- a/internal/middlewares/middleware.go
+++ b/internal/middlewares/middleware.go
@@ -29,7 +29,7 @@ import (
 //	authorization based on the result of backend's response and continue the request when the client is authorized
 func (jwtAuth JwtAuth) AuthMiddleware(next http.Handler) http.Handler {
 	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
-		if isProtectedPath(r.URL.Path, jwtAuth.Paths) {
+		if isProtectedPath(r.URL.Path, jwtAuth.Path, jwtAuth.Paths) {
 			for _, header := range jwtAuth.RequiredHeaders {
 				if r.Header.Get(header) == "" {
 					logger.Error("Proxy error, missing %s header", header)
@@ -98,16 +98,16 @@ func (jwtAuth JwtAuth) AuthMiddleware(next http.Handler) http.Handler {
 			}
 			r.URL.RawQuery = query.Encode()
 		}
-
 		next.ServeHTTP(w, r)
 	})
+
 }

 // AuthMiddleware checks for the Authorization header and verifies the credentials
 func (basicAuth AuthBasic) AuthMiddleware(next http.Handler) http.Handler {
 	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
 		logger.Trace("Basic-Auth request headers: %v", r.Header)
-		if isProtectedPath(r.URL.Path, basicAuth.Paths) {
+		if isProtectedPath(r.URL.Path, basicAuth.Path, basicAuth.Paths) {
 			// Get the Authorization header
 			authHeader := r.Header.Get("Authorization")
 			if authHeader == "" {
--- a/internal/middlewares/oauth_middleware.go
+++ b/internal/middlewares/oauth_middleware.go
@@ -26,7 +26,7 @@ import (

 func (oauth Oauth) AuthMiddleware(next http.Handler) http.Handler {
 	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
-		if isProtectedPath(r.URL.Path, oauth.Paths) {
+		if isProtectedPath(r.URL.Path, oauth.Path, oauth.Paths) {
 			oauthConf := oauth2Config(oauth)
 			// Check if the user is authenticated
 			token, err := r.Cookie("goma.oauth")
--- a/internal/middlewares/types.go
+++ b/internal/middlewares/types.go
@@ -85,7 +85,7 @@ type ProxyResponseError struct {

 // JwtAuth  stores JWT configuration
 type JwtAuth struct {
-	RoutePath       string
+	Path            string
 	Paths           []string
 	AuthURL         string
 	RequiredHeaders []string
@@ -109,6 +109,8 @@ type AccessListMiddleware struct {

 // AuthBasic contains Basic auth configuration
 type AuthBasic struct {
+	// Route path
+	Path     string
 	Paths    []string
 	Username string
 	Password string
@@ -129,6 +131,8 @@ type responseRecorder struct {
 	body       *bytes.Buffer
 }
 type Oauth struct {
+	// Route path
+	Path string
 	// Route protected path
 	Paths []string
 	// ClientID is the application's ID.