feat(gateway): disable api key requirement by default

missingstudio · Mar 1, 2024 · df78aff · df78aff
1 parent 2643655
commit df78aff
Show file tree

Hide file tree

Showing 6 changed files with 18 additions and 5 deletions.
diff --git a/gateway/cmd/serve.go b/gateway/cmd/serve.go
@@ -79,6 +79,7 @@ func Serve(cfg *config.Config) error {
 		connectionService,
 		promptService,
 		apikeyService,
+		cfg.App.Authentication.Enabled,
 	)
 
 	if err := server.Serve(ctx, logger, cfg.App, deps); err != nil {

diff --git a/gateway/internal/api/deps.go b/gateway/internal/api/deps.go
@@ -19,6 +19,7 @@ type Deps struct {
 	ConnectionService *connection.Service
 	PromptService     *prompt.Service
 	APIKeyService     *apikey.Service
+	AuthEnabled       bool
 }
 
 func NewDeps(
@@ -29,6 +30,7 @@ func NewDeps(
 	cs *connection.Service,
 	pms *prompt.Service,
 	aks *apikey.Service,
+	authEnabled bool,
 ) *Deps {
 	return &Deps{
 		Logger:            logger,
@@ -38,5 +40,6 @@ func NewDeps(
 		ConnectionService: cs,
 		PromptService:     pms,
 		APIKeyService:     aks,
+		AuthEnabled:       authEnabled,
 	}
 }
diff --git a/gateway/internal/api/v1/v1.go b/gateway/internal/api/v1/v1.go
@@ -55,7 +55,7 @@ func Register(d *api.Deps) (http.Handler, error) {
 	stdInterceptors := []connect.Interceptor{
 		validateInterceptor,
 		otelconnectInterceptor,
-		interceptor.NewAPIKeyInterceptor(d.Logger, d.APIKeyService),
+		interceptor.NewAPIKeyInterceptor(d.Logger, d.APIKeyService, d.AuthEnabled),
 		interceptor.HeadersInterceptor(),
 		interceptor.RateLimiterInterceptor(d.RateLimiter),
 		interceptor.RetryInterceptor(),

diff --git a/gateway/internal/errors/errors.go b/gateway/internal/errors/errors.go
@@ -11,7 +11,7 @@ var (
 	ErrProviderHeaderNotExit = errors.NewBadRequest(fmt.Sprintf("%s header is required", constants.XMSProvider))
 	ErrRequiredHeaderNotExit = errors.NewBadRequest(fmt.Sprintf("either %s or %s header is required", constants.XMSProvider, constants.XMSConfig))
 	ErrRateLimitExceeded     = errors.NewForbidden("rate limit exceeded")
-	ErrUnauthenticated       = errors.NewUnauthorized("unauthenticated")
+	ErrUnauthenticated       = errors.NewUnauthorized("you are not authorized to access APIs")
 	ErrProviderNotFound      = errors.NewNotFound("provider is not found")
 	ErrRouterConfigNotValid  = errors.NewNotFound("router config is not valid")
 )
diff --git a/gateway/internal/interceptor/auth.go b/gateway/internal/interceptor/auth.go
@@ -11,9 +11,13 @@ import (
 )
 
 // NewAPIKeyInterceptor returns interceptor which is checking if api key exits
-func NewAPIKeyInterceptor(logger *slog.Logger, aks *apikey.Service) connect.UnaryInterceptorFunc {
+func NewAPIKeyInterceptor(logger *slog.Logger, aks *apikey.Service, authEnabled bool) connect.UnaryInterceptorFunc {
 	return connect.UnaryInterceptorFunc(func(next connect.UnaryFunc) connect.UnaryFunc {
 		return connect.UnaryFunc(func(ctx context.Context, req connect.AnyRequest) (connect.AnyResponse, error) {
+			if !authEnabled {
+				return next(ctx, req)
+			}
+
 			if authenticationSkipList[req.Spec().Procedure] {
 				return next(ctx, req)
 			}

diff --git a/gateway/internal/server/config.go b/gateway/internal/server/config.go
@@ -1,6 +1,11 @@
 package server
 
 type Config struct {
-	Host string `yaml:"host" json:"host,omitempty" mapstructure:"host" default:"0.0.0.0"`
-	Port int    `yaml:"port" json:"port,omitempty" mapstructure:"port" default:"8080"`
+	Host           string               `yaml:"host" json:"host,omitempty" mapstructure:"host" default:"0.0.0.0"`
+	Port           int                  `yaml:"port" json:"port,omitempty" mapstructure:"port" default:"8080"`
+	Authentication AuthenticationConfig `yaml:"authentication" mapstructure:"authentication"`
+}
+
+type AuthenticationConfig struct {
+	Enabled bool `yaml:"enabled" json:"enabled,omitempty" mapstructure:"enabled" default:"false"`
 }