diff --git a/cmd/main.go b/cmd/main.go index 2440689..e66557f 100644 --- a/cmd/main.go +++ b/cmd/main.go @@ -43,8 +43,6 @@ func main() { logger.Info("Starting: Authentication Service") oidcClient := clients.NewOAuth2OIDCClient(logger, oidcClientConfiguration) - // Start OIDC Provider setup. - oidcClient.StartSetup() // Initializes a storage to save temporary sessions configured with TTL. sessionStorage := storages.NewSessionStorage() @@ -64,7 +62,9 @@ func main() { httpServer := server.NewServer(logger, serverConfiguration) restController.Boot(httpServer) - httpServer.Run(context.Background()) + + // Run HTTP Server and start setup the OIDC Provider. + httpServer.Run(context.Background(), oidcClient.StartSetup) // HealthCheck httpServer.AddHealthz() diff --git a/go.mod b/go.mod index ca1f961..aa27fcc 100644 --- a/go.mod +++ b/go.mod @@ -8,7 +8,7 @@ require ( github.com/golang-jwt/jwt/v4 v4.2.0 github.com/kelseyhightower/envconfig v1.4.0 github.com/stretchr/testify v1.7.0 - github.com/ydataai/go-core v0.2.1 + github.com/ydataai/go-core v0.4.0 golang.org/x/oauth2 v0.0.0-20211104180415-d3ed0bb246c8 ) diff --git a/go.sum b/go.sum index 143dfe8..680dd60 100644 --- a/go.sum +++ b/go.sum @@ -471,8 +471,8 @@ github.com/ugorji/go v1.1.7/go.mod h1:kZn38zHttfInRq0xu/PH0az30d+z6vm202qpg1oXVM github.com/ugorji/go/codec v1.1.7 h1:2SvQaVZ1ouYrrKKwoSk2pzd4A9evlKJb9oTL+OaLUSs= github.com/ugorji/go/codec v1.1.7/go.mod h1:Ax+UKWsSmolVDwsd+7N3ZtXu+yMGCf907BLYF3GoBXY= github.com/xiang90/probing v0.0.0-20190116061207-43a291ad63a2/go.mod h1:UETIi67q53MR2AWcXfiuqkDkRtnGDLqkBTpCHuJHxtU= -github.com/ydataai/go-core v0.2.1 h1:ZQoL04MyUa+3Qsrzzfqbg2g2NpmIeiBjCElgr3bceu8= -github.com/ydataai/go-core v0.2.1/go.mod h1:tdL95U51Wzr0GJvYsVXk4oNXz7P0NiVxc574NnhcLq4= +github.com/ydataai/go-core v0.4.0 h1:ZkI09itxvi+q5ctboTAvQWALS7lWjdedM29a+k4Vu0c= +github.com/ydataai/go-core v0.4.0/go.mod h1:zrMbN0hjPUPjs3O+z3yKwNtvsl9ioPhhn8aSBfcJ0Jw= github.com/yuin/goldmark v1.1.25/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= github.com/yuin/goldmark v1.1.32/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= diff --git a/internal/configurations/rest_controller_configuration.go b/internal/configurations/rest_controller_configuration.go index 8c8f92b..d70563a 100644 --- a/internal/configurations/rest_controller_configuration.go +++ b/internal/configurations/rest_controller_configuration.go @@ -14,6 +14,7 @@ type RESTControllerConfiguration struct { HTTPRequestTimeout time.Duration `envconfig:"HTTP_REQUEST_TIMEOUT" default:"30s"` UserIDHeader string `envconfig:"USER_ID_HEADER" default:"userid"` CookieMaxAge int `envconfig:"COOKIE_MAX_AGE" default:"86400"` + SkipURLs []string `envconfig:"SKIP_URLS" default:"/dex" split_words:"true"` } // LoadFromEnvVars reads all env vars. diff --git a/internal/controllers/rest_controller.go b/internal/controllers/rest_controller.go index 7299941..ecd688f 100644 --- a/internal/controllers/rest_controller.go +++ b/internal/controllers/rest_controller.go @@ -4,6 +4,7 @@ import ( "context" "encoding/json" "net/http" + "strings" "time" "github.com/gin-gonic/gin" @@ -42,9 +43,14 @@ func NewRESTController( // Boot initializes creating some routes. func (rc RESTController) Boot(s *server.Server) { + s.Router.Use(rc.skipURLsMiddleware()) + s.Router.GET(rc.configuration.AuthServiceURL, gin.WrapF(rc.CheckForAuthentication)) s.Router.GET(rc.configuration.OIDCCallbackURL, gin.WrapF(rc.OIDCProviderCallback)) - s.Router.GET(rc.configuration.LogoutURL, gin.WrapF(rc.Logout)) + s.Router.POST(rc.configuration.LogoutURL, gin.WrapF(rc.Logout)) + + s.Router.Any("/:forward", gin.WrapF(rc.CheckForAuthentication)) + s.Router.Any("/:forward/*any", gin.WrapF(rc.CheckForAuthentication)) } // CheckForAuthentication is responsible for knowing if the user already has a valid credential or not. @@ -186,3 +192,17 @@ func (rc RESTController) forbiddenResponse(w http.ResponseWriter, err error) { } json.NewEncoder(w).Encode(jsonBody) } + +// skipURLsMiddleware is a middleware that skips all requests configured in SKIP_URL. +func (rc RESTController) skipURLsMiddleware() gin.HandlerFunc { + return func(c *gin.Context) { + for _, skipURL := range rc.configuration.SkipURLs { + if strings.HasPrefix(c.Request.URL.Path, skipURL) { + rc.logger.Infof("URL %s was skipped. Accepted without authorization.", c.Request.URL.Path) + c.Abort() + return + } + } + c.Next() + } +}