From df78aff01e2cf6a743e946e3ee7e943a5ab8f735 Mon Sep 17 00:00:00 2001 From: Praveen Yadav Date: Fri, 1 Mar 2024 18:24:58 +0530 Subject: [PATCH] feat(gateway): disable api key requirement by default --- gateway/cmd/serve.go | 1 + gateway/internal/api/deps.go | 3 +++ gateway/internal/api/v1/v1.go | 2 +- gateway/internal/errors/errors.go | 2 +- gateway/internal/interceptor/auth.go | 6 +++++- gateway/internal/server/config.go | 9 +++++++-- 6 files changed, 18 insertions(+), 5 deletions(-) diff --git a/gateway/cmd/serve.go b/gateway/cmd/serve.go index 3fe40af..104185b 100644 --- a/gateway/cmd/serve.go +++ b/gateway/cmd/serve.go @@ -79,6 +79,7 @@ func Serve(cfg *config.Config) error { connectionService, promptService, apikeyService, + cfg.App.Authentication.Enabled, ) if err := server.Serve(ctx, logger, cfg.App, deps); err != nil { diff --git a/gateway/internal/api/deps.go b/gateway/internal/api/deps.go index b2cfcf1..47fbd01 100644 --- a/gateway/internal/api/deps.go +++ b/gateway/internal/api/deps.go @@ -19,6 +19,7 @@ type Deps struct { ConnectionService *connection.Service PromptService *prompt.Service APIKeyService *apikey.Service + AuthEnabled bool } func NewDeps( @@ -29,6 +30,7 @@ func NewDeps( cs *connection.Service, pms *prompt.Service, aks *apikey.Service, + authEnabled bool, ) *Deps { return &Deps{ Logger: logger, @@ -38,5 +40,6 @@ func NewDeps( ConnectionService: cs, PromptService: pms, APIKeyService: aks, + AuthEnabled: authEnabled, } } diff --git a/gateway/internal/api/v1/v1.go b/gateway/internal/api/v1/v1.go index 6933f22..9448722 100644 --- a/gateway/internal/api/v1/v1.go +++ b/gateway/internal/api/v1/v1.go @@ -55,7 +55,7 @@ func Register(d *api.Deps) (http.Handler, error) { stdInterceptors := []connect.Interceptor{ validateInterceptor, otelconnectInterceptor, - interceptor.NewAPIKeyInterceptor(d.Logger, d.APIKeyService), + interceptor.NewAPIKeyInterceptor(d.Logger, d.APIKeyService, d.AuthEnabled), interceptor.HeadersInterceptor(), interceptor.RateLimiterInterceptor(d.RateLimiter), interceptor.RetryInterceptor(), diff --git a/gateway/internal/errors/errors.go b/gateway/internal/errors/errors.go index 91bc33a..1216fa5 100644 --- a/gateway/internal/errors/errors.go +++ b/gateway/internal/errors/errors.go @@ -11,7 +11,7 @@ var ( ErrProviderHeaderNotExit = errors.NewBadRequest(fmt.Sprintf("%s header is required", constants.XMSProvider)) ErrRequiredHeaderNotExit = errors.NewBadRequest(fmt.Sprintf("either %s or %s header is required", constants.XMSProvider, constants.XMSConfig)) ErrRateLimitExceeded = errors.NewForbidden("rate limit exceeded") - ErrUnauthenticated = errors.NewUnauthorized("unauthenticated") + ErrUnauthenticated = errors.NewUnauthorized("you are not authorized to access APIs") ErrProviderNotFound = errors.NewNotFound("provider is not found") ErrRouterConfigNotValid = errors.NewNotFound("router config is not valid") ) diff --git a/gateway/internal/interceptor/auth.go b/gateway/internal/interceptor/auth.go index 5f0e6da..18a4798 100644 --- a/gateway/internal/interceptor/auth.go +++ b/gateway/internal/interceptor/auth.go @@ -11,9 +11,13 @@ import ( ) // NewAPIKeyInterceptor returns interceptor which is checking if api key exits -func NewAPIKeyInterceptor(logger *slog.Logger, aks *apikey.Service) connect.UnaryInterceptorFunc { +func NewAPIKeyInterceptor(logger *slog.Logger, aks *apikey.Service, authEnabled bool) connect.UnaryInterceptorFunc { return connect.UnaryInterceptorFunc(func(next connect.UnaryFunc) connect.UnaryFunc { return connect.UnaryFunc(func(ctx context.Context, req connect.AnyRequest) (connect.AnyResponse, error) { + if !authEnabled { + return next(ctx, req) + } + if authenticationSkipList[req.Spec().Procedure] { return next(ctx, req) } diff --git a/gateway/internal/server/config.go b/gateway/internal/server/config.go index 89777a3..d99c756 100644 --- a/gateway/internal/server/config.go +++ b/gateway/internal/server/config.go @@ -1,6 +1,11 @@ package server type Config struct { - Host string `yaml:"host" json:"host,omitempty" mapstructure:"host" default:"0.0.0.0"` - Port int `yaml:"port" json:"port,omitempty" mapstructure:"port" default:"8080"` + Host string `yaml:"host" json:"host,omitempty" mapstructure:"host" default:"0.0.0.0"` + Port int `yaml:"port" json:"port,omitempty" mapstructure:"port" default:"8080"` + Authentication AuthenticationConfig `yaml:"authentication" mapstructure:"authentication"` +} + +type AuthenticationConfig struct { + Enabled bool `yaml:"enabled" json:"enabled,omitempty" mapstructure:"enabled" default:"false"` }