support multiple authenticators for apis

TreeGateway · Feb 5, 2018 · 11dc2ea · 11dc2ea
1 parent d8d49f3
commit 11dc2ea
Show file tree

Hide file tree

Showing 3 changed files with 50 additions and 21 deletions.
diff --git a/src/authentication/auth.ts b/src/authentication/auth.ts
@@ -26,29 +26,32 @@ export class ApiAuth {
 
     authentication(apiRouter: express.Router, apiKey: string, api: ApiConfig, gatewayFeatures: ApiFeaturesConfig) {
         const path: string = api.path;
-        let authentication: ApiAuthenticationConfig = api.authentication;
-        try {
-            authentication = this.resolveReferences(authentication, gatewayFeatures);
-            const authStrategy: auth.Strategy = this.middlewareLoader.loadMiddleware('authentication/strategy', authentication.strategy);
-            if (!authStrategy) {
-                this.logger.error('Error configuring authenticator. Invalid Strategy');
-            } else {
-                auth.use(apiKey, authStrategy);
+        const authentications: Array<ApiAuthenticationConfig> = this.sortMiddlewares(api.authentication, path);
 
-                const authenticator = auth.authenticate(apiKey, { session: false, failWithError: true });
-                if (authentication.group) {
-                    this.createAuthenticatorForGroup(apiRouter, api, authentication, authenticator);
+        authentications.forEach((authentication: ApiAuthenticationConfig, index: number) => {
+            try {
+                authentication = this.resolveReferences(authentication, gatewayFeatures);
+                const authStrategy: auth.Strategy = this.middlewareLoader.loadMiddleware('authentication/strategy', authentication.strategy);
+                if (!authStrategy) {
+                    this.logger.error('Error configuring authenticator. Invalid Strategy');
                 } else {
-                    this.createAuthenticator(apiRouter, api, authentication, authenticator);
-                }
+                    auth.use(`${apiKey}_${index}`, authStrategy);
+
+                    const authenticator = auth.authenticate(`${apiKey}_${index}`, { session: false, failWithError: true });
+                    if (authentication.group) {
+                        this.createAuthenticatorForGroup(apiRouter, api, authentication, authenticator);
+                    } else {
+                        this.createAuthenticator(apiRouter, api, authentication, authenticator);
+                    }
 
-                if (this.logger.isDebugEnabled) {
-                    this.logger.debug(`Authentication Strategy [${this.middlewareLoader.getId(authentication.strategy)}] configured for path [${path}]`);
+                    if (this.logger.isDebugEnabled) {
+                        this.logger.debug(`Authentication Strategy [${this.middlewareLoader.getId(authentication.strategy)}] configured for path [${path}]`);
+                    }
                 }
+            } catch (e) {
+                this.logger.error(`Error configuring Authentication Strategy [${this.middlewareLoader.getId(authentication.strategy)}] for path [${path}]`, e);
             }
-        } catch (e) {
-            this.logger.error(`Error configuring Authentication Strategy [${this.middlewareLoader.getId(authentication.strategy)}] for path [${path}]`, e);
-        }
+        });
     }
 
     private resolveReferences(authentication: ApiAuthenticationConfig, features: ApiFeaturesConfig) {
@@ -132,4 +135,27 @@ export class ApiAuth {
 
         return null;
     }
+
+    private sortMiddlewares(middlewares: Array<ApiAuthenticationConfig>, path: string): Array<ApiAuthenticationConfig> {
+        const generalMiddlewares = _.filter(middlewares, (value) => {
+            if (value.group) {
+                return true;
+            }
+            return false;
+        });
+
+        if (generalMiddlewares.length > 1) {
+            this.logger.error(`Invalid authentication configuration for api [${path}]. Conflicting configurations for default group`);
+            return [];
+        }
+
+        if (generalMiddlewares.length > 0) {
+            const index = middlewares.indexOf(generalMiddlewares[0]);
+            if (index < middlewares.length - 1) {
+                const gen = middlewares.splice(index, 1);
+                middlewares.push(gen[0]);
+            }
+        }
+        return middlewares;
+    }
 }
diff --git a/src/config/api.ts b/src/config/api.ts
@@ -53,7 +53,7 @@ export interface ApiConfig {
     /**
      * Configuration for API authentication.
      */
-    authentication?: ApiAuthenticationConfig;
+    authentication?: Array<ApiAuthenticationConfig>;
     /**
      * Configuration for API cache.
      */
@@ -97,7 +97,7 @@ export interface ApiConfig {
 }
 
 export let apiConfigValidatorSchema = Joi.object().keys({
-    authentication: apiAuthenticationValidatorSchema,
+    authentication: Joi.alternatives([Joi.array().items(apiAuthenticationValidatorSchema), apiAuthenticationValidatorSchema]),
     cache: Joi.alternatives([Joi.array().items(apiCacheConfigValidatorSchema), apiCacheConfigValidatorSchema]),
     circuitBreaker: Joi.alternatives([Joi.array().items(apiCircuitBreakerConfigValidatorSchema), apiCircuitBreakerConfigValidatorSchema]),
     cors: Joi.alternatives([Joi.array().items(apiCorsConfigSchema), apiCorsConfigSchema]),

diff --git a/src/service/redis/api.ts b/src/service/redis/api.ts
@@ -194,9 +194,12 @@ export class RedisApiService implements ApiService {
                 });
             });
         }
-        castArray(api, 'authentication.group'); // TODO aceitar array de autenticators
         castArray(api, 'proxy.target.allow');
         castArray(api, 'proxy.target.deny');
+        if (_.has(api, 'authentication')) {
+            castArray(api, 'authentication');
+            api.authentication.forEach(config => castArray(config, 'group'));
+        }
         if (_.has(api, 'cache')) {
             castArray(api, 'cache');
             api.cache.forEach(config => {