Skip to content

feat: API key authentication middleware #6

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 13 commits into from
Sep 6, 2024
Merged

feat: API key authentication middleware #6

merged 13 commits into from
Sep 6, 2024

Conversation

alexluong
Copy link
Collaborator

No description provided.

alexluong
alexluong commented Aug 28, 2024
View reviewed changes
internal/services/api/auth_middleware.go
Comment on lines +20 to +31
if err != nil {
// TODO: Consider sending a more detailed error message.
// Currently we don't have clear specs on how to send back error message.
c.AbortWithStatus(http.StatusUnauthorized)
return
}
if authorizationToken != apiKey {
// TODO: Consider sending a more detailed error message.
// Currently we don't have clear specs on how to send back error message.
c.AbortWithStatus(http.StatusUnauthorized)
return
}
Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I want to point this out as the spec hasn't mentioned errors yet, afaik. Do you want to circle back on this later?

Happy to sort this out now if you can share what you have in mind or provide the OpenAPI schema spec or something like that.

alexluong
alexluong commented Aug 28, 2024
View reviewed changes
internal/services/api/auth_middleware_test.go
func setupRouter(apiKey string) *gin.Engine {
gin.SetMode(gin.TestMode)
r := gin.Default()
r.Use(apiKeyAuthMiddleware(apiKey))
Copy link
Collaborator Author

@alexluong alexluong Aug 28, 2024
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Sooo in the spec I saw you mentioned JWT token but I'm not super super clear on that just yet.

My understanding:

  • optional API key auth mechanism for internal purposes
  • JWT auth mechanism for portal / per-tenant usage

Please correct me if there's any misunderstanding here. Will tackle the Tenant API now and implement the JWT mechanism in another PR.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

That's correct, we'll need to think through how that works since the tenant is implied with the JWT really the endpoint wouldn't be have /:tenant_id

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It's more of a API design concern, because if you'd like to remove the /:tenant_id path param we can get the tenant ID from the JWT tokentoo.

@alexluong alexluong changed the title feat: Authentication middleware feat: API key authentication middleware Aug 28, 2024
alexbouchardd
alexbouchardd approved these changes Aug 28, 2024
View reviewed changes
internal/services/api/auth_middleware_test.go
func setupRouter(apiKey string) *gin.Engine {
gin.SetMode(gin.TestMode)
r := gin.Default()
r.Use(apiKeyAuthMiddleware(apiKey))
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

That's correct, we'll need to think through how that works since the tenant is implied with the JWT really the endpoint wouldn't be have /:tenant_id

Base automatically changed from testing to main September 6, 2024 15:45
@alexluong
Merge branch 'main' of github.com:hookdeck/EventKit into auth
9012587 
# Conflicts:
#	internal/config/config.go
#	internal/services/api/router.go
@alexluong alexluong merged commit c5944c7 into main Sep 6, 2024
@alexluong alexluong deleted the auth branch September 6, 2024 15:48
@claude claude bot mentioned this pull request Oct 10, 2025
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@alexbouchardd alexbouchardd alexbouchardd approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@alexluong @alexbouchardd