Skip to content

Add basic auth support #894

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 2 commits into from
Jul 12, 2022
Merged

Add basic auth support #894

merged 2 commits into from
Jul 12, 2022

Conversation

@nguyer
Copy link
Contributor

@nguyer nguyer commented Jul 8, 2022
edited
Loading

This PR adds basic auth support for:

  • HTTP listeners
  • All HTTP requests within a namespace (including WebSocket upgrades)
  • start requests over an open WebSocket connection

Example config:

plugins:
  auth:
  - name: basicauth
    type: basic
      basic:
        passwordfile: /etc/firefly/allowed_users

Where passwordfile: /etc/firefly/allowed_users is a file created with htpasswd using bcrypt hashed passwords. For example, you can create such a file by running:

htpasswd -cB allowed_users firefly

Prerequisites for merge:

@nguyer
Add basic auth support
80a330d 
Signed-off-by: Nicko Guyer <nicko.guyer@kaleido.io>
@nguyer
Upgrade to firefly-common v0.1.14
e8cad05 
Signed-off-by: Nicko Guyer <nicko.guyer@kaleido.io>
@codecov-commenter
Copy link

codecov-commenter commented Jul 11, 2022

Codecov Report

Merging #894 (e8cad05) into main (68a7c47) will increase coverage by 0.00%.
The diff coverage is 100.00%.

@@           Coverage Diff            @@
##             main     #894    +/-   ##
========================================
  Coverage   99.96%   99.96%            
========================================
  Files         298      298            
  Lines       19255    19405   +150     
========================================
+ Hits        19249    19399   +150     
  Misses          5        5            
  Partials        1        1
Impacted Files Coverage Δ
internal/coreconfig/coreconfig.go 100.00% <ø> (ø)
internal/apiserver/server.go 100.00% <100.00%> (ø)
internal/events/websockets/websocket_connection.go 100.00% <100.00%> (ø)
internal/events/websockets/websockets.go 100.00% <100.00%> (ø)
internal/namespace/manager.go 100.00% <100.00%> (ø)
internal/orchestrator/orchestrator.go 100.00% <100.00%> (ø)
internal/blockchain/fabric/fabric.go 100.00% <0.00%> (ø)
internal/blockchain/ethereum/ethereum.go 100.00% <0.00%> (ø)
internal/blockchain/fabric/eventstream.go 100.00% <0.00%> (ø)
... and 1 more

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 68a7c47...e8cad05. Read the comment docs.

awrichar
awrichar reviewed Jul 12, 2022
View reviewed changes
internal/namespace/manager.go
return plugins, err
}

func (nm *namespaceManager) Authorize(ctx context.Context, authReq *fftypes.AuthReq) error {
Copy link
Contributor

@awrichar awrichar Jul 12, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Who calls this? I see that the routes in the apiserver also call directly to orchestrator.

Copy link
Contributor

@awrichar awrichar Jul 12, 2022
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Oh looks like websocketConnection calls here.

@nguyer nguyer merged commit 09d431f into hyperledger:main Jul 12, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@awrichar awrichar awrichar approved these changes

@peterbroadhurst peterbroadhurst Awaiting requested review from peterbroadhurst

@shorsher shorsher Awaiting requested review from shorsher

@nickgaski nickgaski Awaiting requested review from nickgaski

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@nguyer @codecov-commenter @awrichar