phares3757/gatus
3
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

oidc: Add /api/v1/config route for determining whether to display a login button on the UI

Browse Source
This commit is contained in:
TwiN
2022-01-02 18:29:34 -05:00
parent 8838f6f2ad
commit 425c1d3674
15 changed files with 135 additions and 27 deletions
Download Patch File Download Diff File Expand all files Collapse all files

19
security/config.go
View File

@ -18,6 +18,8 @@ const (
type Config struct {
Basic *BasicConfig `yaml:"basic,omitempty"`
OIDC *OIDCConfig `yaml:"oidc,omitempty"`
gate *g8.Gate
}
// IsValid returns whether the security configuration is valid or not
@ -37,6 +39,8 @@ func (c *Config) RegisterHandlers(router *mux.Router) error {
return nil
}
// ApplySecurityMiddleware applies an authentication middleware to the router passed.
// The router passed should be a subrouter in charge of handlers that require authentication.
func (c *Config) ApplySecurityMiddleware(api *mux.Router) {
if c.OIDC != nil {
// We're going to use g8 for session handling
@ -55,8 +59,8 @@ func (c *Config) ApplySecurityMiddleware(api *mux.Router) {
}
// TODO: g8: Add a way to update cookie after? would need the writer
authorizationService := g8.NewAuthorizationService().WithClientProvider(clientProvider)
gate := g8.New().WithAuthorizationService(authorizationService).WithCustomTokenExtractor(customTokenExtractorFunc)
api.Use(gate.Protect)
c.gate = g8.New().WithAuthorizationService(authorizationService).WithCustomTokenExtractor(customTokenExtractorFunc)
api.Use(c.gate.Protect)
} else if c.Basic != nil {
api.Use(func(handler http.Handler) http.Handler {
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
@ -72,3 +76,14 @@ func (c *Config) ApplySecurityMiddleware(api *mux.Router) {
})
}
}
// IsAuthenticated checks whether the user is authenticated
// If the Config does not warrant authentication, it will always return true.
func (c *Config) IsAuthenticated(r *http.Request) bool {
if c.gate != nil {
token := c.gate.ExtractTokenFromRequest(r)
_, hasSession := sessions.Get(token)
return hasSession
}
return false
}

12
security/config_test.go
View File

@ -33,14 +33,14 @@ func TestConfig_ApplySecurityMiddleware(t *testing.T) {
})
c.ApplySecurityMiddleware(api)
// Try to access the route without basic auth
request, _ := http.NewRequest("GET", "/test", nil)
request, _ := http.NewRequest("GET", "/test", http.NoBody)
responseRecorder := httptest.NewRecorder()
api.ServeHTTP(responseRecorder, request)
if responseRecorder.Code != http.StatusUnauthorized {
t.Error("expected code to be 401, but was", responseRecorder.Code)
}
// Try again, but with basic auth
request, _ = http.NewRequest("GET", "/test", nil)
request, _ = http.NewRequest("GET", "/test", http.NoBody)
responseRecorder = httptest.NewRecorder()
request.SetBasicAuth("john.doe", "hunter2")
api.ServeHTTP(responseRecorder, request)
@ -65,14 +65,14 @@ func TestConfig_ApplySecurityMiddleware(t *testing.T) {
c.Basic = nil
c.ApplySecurityMiddleware(api)
// Try without any session cookie
request, _ = http.NewRequest("GET", "/test", nil)
request, _ = http.NewRequest("GET", "/test", http.NoBody)
responseRecorder = httptest.NewRecorder()
api.ServeHTTP(responseRecorder, request)
if responseRecorder.Code != http.StatusUnauthorized {
t.Error("expected code to be 401, but was", responseRecorder.Code)
}
// Try with a session cookie
request, _ = http.NewRequest("GET", "/test", nil)
request, _ = http.NewRequest("GET", "/test", http.NoBody)
request.AddCookie(&http.Cookie{Name: "session", Value: "123"})
responseRecorder = httptest.NewRecorder()
api.ServeHTTP(responseRecorder, request)
@ -86,7 +86,7 @@ func TestConfig_RegisterHandlers(t *testing.T) {
router := mux.NewRouter()
c.RegisterHandlers(router)
// Try to access the OIDC handler. This should fail, because the security config doesn't have OIDC
request, _ := http.NewRequest("GET", "/oidc/login", nil)
request, _ := http.NewRequest("GET", "/oidc/login", http.NoBody)
responseRecorder := httptest.NewRecorder()
router.ServeHTTP(responseRecorder, request)
if responseRecorder.Code != http.StatusNotFound {
@ -107,7 +107,7 @@ func TestConfig_RegisterHandlers(t *testing.T) {
if err := c.RegisterHandlers(router); err != nil {
t.Fatal("expected no error, but got", err)
}
request, _ = http.NewRequest("GET", "/oidc/login", nil)
request, _ = http.NewRequest("GET", "/oidc/login", http.NoBody)
responseRecorder = httptest.NewRecorder()
router.ServeHTTP(responseRecorder, request)
if responseRecorder.Code != http.StatusFound {