Skip to content
This repository has been archived by the owner on Dec 4, 2023. It is now read-only.

Per-Model Authentication #21

Open
wants to merge 53 commits into
base: main
Choose a base branch
from
Open

Per-Model Authentication #21

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
53 commits
Select commit Hold shift + click to select a range
a34b9f7
traefik routing, tls, dns feature
sekulicd Sep 20, 2023
fef0cae
Merge remote-tracking branch 'upstream/main'
sekulicd Sep 20, 2023
cad61ef
Merge remote-tracking branch 'upstream/main'
sekulicd Sep 21, 2023
3b9f806
Merge remote-tracking branch 'upstream/main'
sekulicd Sep 21, 2023
0b9e276
Merge remote-tracking branch 'upstream/main'
sekulicd Sep 25, 2023
8141310
Merge remote-tracking branch 'upstream/main'
sekulicd Oct 3, 2023
4532625
Merge remote-tracking branch 'upstream/main'
sekulicd Oct 3, 2023
5a19a8a
Merge remote-tracking branch 'upstream/main'
sekulicd Oct 3, 2023
bc6ca79
Merge remote-tracking branch 'upstream/main'
sekulicd Oct 4, 2023
444ad51
Merge remote-tracking branch 'upstream/main'
sekulicd Oct 5, 2023
8d291af
Merge remote-tracking branch 'upstream/main'
sekulicd Oct 9, 2023
d20c075
Merge remote-tracking branch 'upstream/main'
sekulicd Oct 12, 2023
d062d0c
Merge remote-tracking branch 'upstream/main'
sekulicd Oct 16, 2023
b78ac81
Merge remote-tracking branch 'upstream/main'
sekulicd Oct 17, 2023
33ff985
Merge remote-tracking branch 'upstream/main'
sekulicd Oct 19, 2023
fd7e41a
move dns make cmds
sekulicd Oct 19, 2023
0991e62
api key service
sekulicd Oct 23, 2023
61f2e3b
authd db layer
sekulicd Oct 24, 2023
6e014d6
http layer
sekulicd Oct 24, 2023
ec97b27
add api key auth traefik lables
sekulicd Oct 24, 2023
293aad6
refactor
sekulicd Oct 24, 2023
7ca944f
fix
sekulicd Oct 24, 2023
e4dd0c3
fix
sekulicd Oct 24, 2023
ac74ac5
fix
sekulicd Oct 24, 2023
1f12e06
fix
sekulicd Oct 24, 2023
825fee0
fix
sekulicd Oct 24, 2023
0f678c0
fix
sekulicd Oct 24, 2023
044c83a
fix
sekulicd Oct 24, 2023
5974f70
fix
sekulicd Oct 24, 2023
b944509
fix
sekulicd Oct 24, 2023
c20305e
test
sekulicd Oct 24, 2023
a22d767
fix
sekulicd Oct 24, 2023
c1cdf7c
logging
sekulicd Oct 24, 2023
51d3f71
fix
sekulicd Oct 25, 2023
fc3ccea
fix
sekulicd Oct 25, 2023
0adedeb
panic recovery
sekulicd Oct 25, 2023
d4e893f
fix
sekulicd Oct 25, 2023
dff5247
fix
sekulicd Oct 25, 2023
54a24f5
fix
sekulicd Oct 25, 2023
dfaefdf
fix
sekulicd Oct 25, 2023
0fec59a
fix
sekulicd Oct 25, 2023
effba8d
fix test, auth handlers
sekulicd Oct 25, 2023
7da44a2
fix
sekulicd Oct 25, 2023
17c6aba
fix
sekulicd Oct 25, 2023
ec167c4
fix
sekulicd Oct 25, 2023
e92fb14
fix
sekulicd Oct 25, 2023
f889e81
fix
sekulicd Oct 25, 2023
e64e90c
fix
sekulicd Oct 25, 2023
7af2184
fix
sekulicd Oct 25, 2023
8652ff2
auth readme
sekulicd Oct 25, 2023
a6f362a
update e2e test
sekulicd Oct 26, 2023
43e699c
remove basic auth
sekulicd Oct 26, 2023
e0a8531
auth http test
sekulicd Oct 26, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
146 changes: 4 additions & 142 deletions Makefile
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,127 +1,11 @@
PONY: build-dns run-dns pg droppg createdb dropdb createtestdb droptestdb recreatedb recreatetestdb pgcreatetestdb psql mig_file mig_up_test mig_up mig_down_test mig_down mig_down_yes vet_db sqlc doc dev up down

##### DNS Daemon #####

## build-dns prem-gateway dns service
build-dns:
@echo "Building prem-gateway dns service..."
@export GO111MODULE=on; \
env go build -tags netgo -ldflags="-s -w" -o bin/dnsd ./dns/cmd/dnsd/main.go

## run-dns runs prem-gateway dns service
run-dns:
@echo "Running prem-gateway dns service..."
./bin/dnsd

##### DNS Daemon #####


#### Postgres database ####

## pg: starts postgres db inside docker container
pg:
docker run --name dnsd-db-pg -p 5432:5432 -e POSTGRES_USER=root -e POSTGRES_PASSWORD=secret -d postgres

## droppg: stop and remove postgres container
droppg:
docker stop dnsd-db-pg
docker rm dnsd-db-pg

## createdb: create db inside docker container
createdb:
docker exec dnsd-db-pg createdb --username=root --owner=root dnsd-db

## dropdb: drops db inside docker container
dropdb:
docker exec dnsd-db-pg dropdb dnsd-db

## createtestdb: create test db inside docker container
createtestdb:
docker exec dnsd-db-pg createdb --username=root --owner=root dnsd-db-test

## droptestdb: drops test db inside docker container
droptestdb:
docker exec dnsd-db-pg dropdb dnsd-db-test

## recreatedb: drop and create main and test db
recreatedb: dropdb createdb droptestdb createtestdb

## recreatetestdb: drop and create test db
recreatetestdb: droptestdb createtestdb

## pgcreatetestdb: starts docker container and creates test db, used in CI
pgcreatetestdb:
chmod u+x ./script/create_testdb
./script/create_testdb

## psql: connects to postgres terminal running inside docker container
psql:
docker exec -it dnsd-db-pg psql -U root -d dnsd-db


## mig_file: creates pg migration file(eg. make FILE=init mig_file)
mig_file:
@migrate create -ext sql -dir ./dns/internal/infrastructure/storage/pg/migration/ $(FILE)

## mig_up_test: creates test db schema
mig_up_test:
@echo "creating db schema..."
@migrate -database "postgres://root:secret@localhost:5432/dnsd-db-test?sslmode=disable" -path ./dns/internal/infrastructure/storage/pg/migration/ up

## mig_up: creates db schema
mig_up:
@echo "creating db schema..."
@migrate -database "postgres://root:secret@localhost:5432/dnsd-db?sslmode=disable" -path ./dns/internal/infrastructure/storage/pg/migration/ up

## mig_down_test: apply down migration on test db
mig_down_test:
@echo "migration down on test db..."
@migrate -database "postgres://root:secret@localhost:5432/dnsd-db-test?sslmode=disable" -path ./dns/internal/infrastructure/storage/pg/migration/ down

## mig_down: apply down migration
mig_down:
@echo "migration down..."
@migrate -database "postgres://root:secret@localhost:5432/dnsd-db?sslmode=disable" -path ./dns/internal/infrastructure/storage/pg/migration/ down

## mig_down_yes: apply down migration without prompt
mig_down_yes:
@echo "migration down..."
@"yes" | migrate -database "postgres://root:secret@localhost:5432/dnsd-db?sslmode=disable" -path ./dns/internal/infrastructure/storage/pg/migration/ down

## vet_db: check if mig_up and mig_down are ok
vet_db: recreatedb mig_up mig_down_yes
@echo "vet db migration scripts..."

## sqlc: gen sql
sqlc:
@echo "gen sql..."
cd ./dns/internal/infrastructure/storage/pg; sqlc generate

#### Postgres database ####


#### Swagger doc ####

## doc: generate swagger doc
doc:
@echo "generating swagger doc..."
swag init -g ./dns/cmd/dnsd/main.go -o ./dns/docs

#### Swagger doc ####

## dev-dns: run dnsd and postgres
dev-dns:
export POSTGRES_USER=root; \
export POSTGRES_PASSWORD=secret; \
export POSTGRES_DB=dnsd-db; \
cd ./dns; \
DOCKER_BUILDKIT=0 docker-compose up -d --build
PONY: up down runall stopall

## up: run prem-gateway
up:
export POSTGRES_USER=root; \
export POSTGRES_PASSWORD=secret; \
export POSTGRES_DB=dnsd-db; \
export DNSD_POSTGRES_DB=dnsd-db; \
export AUTHD_POSTGRES_DB=authd-db; \
DOCKER_BUILDKIT=0 docker-compose up -d --build

## down: stop prem-gateway
Expand All @@ -133,31 +17,9 @@ runall:
chmod +x ./script/run_all.sh
export PREMD_IMAGE=$(PREMD_IMAGE); \
export PREMAPP_IMAGE=$(PREMAPP_IMAGE); \
export BASIC_AUTH_CREDENTIALS=$(BASIC_AUTH_CREDENTIALS); \
./script/run_all.sh

## stopall: stop prem-gateway and prem-box
stopall:
chmod +x ./script/stop_all.sh
./script/stop_all.sh

#### Go lint ####

## vetdnsd: run go vet on dnsd
vetdnsd:
@echo "go vet dnsd..."
@cd dns && go vet ./...

#### Go lint ####

#### Go mock ####

## mockdnsd: generater mocks
mockdnsd:
cd ./dns/internal/core/port/; \
mockery --name=ControllerdWrapper --structname=MockControllerdWrapper \
--output=./ --outpkg=port --filename=controllerd_wrapper_mock.go --inpackage; \
mockery --name=IpService --structname=MockIpService \
--output=./ --outpkg=port --filename=ip_service_mock.go --inpackage;

#### Go mock ####
./script/stop_all.sh
6 changes: 3 additions & 3 deletions README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,10 +8,10 @@ It is responsible for routing requests from the frontend `prem-app` to either th
## Features

- [x] API Gateway
- [ ] Authentication/Authorization
- [x] Authentication/Authorization
- [x] Domain Management
- [x] TLS
- [ ] Rate Limiting
- [x] Rate Limiting
- [ ] Logging
- [ ] Metrics

Expand Down Expand Up @@ -48,7 +48,7 @@ make down

#### In order to restart services outside prem-gateway and to assign them with subdomain/tls certificate, use bellow command.
```bash
make up LETSENCRYPT_PROD=true SERVICES=premd,premapp
make up LETSENCRYPT_PROD=true
```

#### Run prem-gateway with prem-app and prem-daemon:
Expand Down
2 changes: 2 additions & 0 deletions auth/Dockerfile
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -26,6 +26,8 @@ ARG DIR=/home/authd
RUN apt-get update && apt-get install -y --no-install-recommends ca-certificates

COPY --from=builder /app/bin/* /usr/local/bin/
COPY --from=builder /app/internal/infrastructure/storage/pg/migration/* /
ENV PREM_GATEWAY_AUTH_DB_MIGRATION_PATH=file://

# NOTE: Default GID == UID == 1000
RUN adduser --disabled-password \
Expand Down
131 changes: 131 additions & 0 deletions auth/Makefile
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,131 @@
PONY: build run pg droppg createdb dropdb createtestdb droptestdb recreatedb recreatetestdb pgcreatetestdb psql mig_file mig_up_test mig_up mig_down_test mig_down mig_down_yes vet_db sqlc doc up vet

## build authd
build:
@echo "Building authd..."
@export GO111MODULE=on; \
env go build -tags netgo -ldflags="-s -w" -o bin/authd ./cmd/authd/main.go

## run authd
run:
@echo "Running dns service..."
./bin/authd

#### Postgres database ####

## pg: starts postgres db inside docker container
pg:
docker run --name authd-db-pg -p 5432:5432 -e POSTGRES_USER=root -e POSTGRES_PASSWORD=secret -d postgres

## droppg: stop and remove postgres container
droppg:
docker stop authd-db-pg
docker rm authd-db-pg

## createdb: create db inside docker container
createdb:
docker exec authd-db-pg createdb --username=root --owner=root authd-db

## dropdb: drops db inside docker container
dropdb:
docker exec authd-db-pg dropdb authd-db

## createtestdb: create test db inside docker container
createtestdb:
docker exec authd-db-pg createdb --username=root --owner=root authd-db-test

## droptestdb: drops test db inside docker container
droptestdb:
docker exec authd-db-pg dropdb authd-db-test

## recreatedb: drop and create main and test db
recreatedb: dropdb createdb droptestdb createtestdb

## recreatetestdb: drop and create test db
recreatetestdb: droptestdb createtestdb

## pgcreatetestdb: starts docker container and creates test db, used in CI
pgcreatetestdb:
chmod u+x ./script/create_testdb
./script/create_testdb

## psql: connects to postgres terminal running inside docker container
psql:
docker exec -it authd-db-pg psql -U root -d authd-db


## mig_file: creates pg migration file(eg. make FILE=init mig_file)
mig_file:
@migrate create -ext sql -dir ./internal/infrastructure/storage/pg/migration/ $(FILE)

## mig_up_test: creates test db schema
mig_up_test:
@echo "creating db schema..."
@migrate -database "postgres://root:secret@localhost:5432/authd-db-test?sslmode=disable" -path ./internal/infrastructure/storage/pg/migration/ up

## mig_up: creates db schema
mig_up:
@echo "creating db schema..."
@migrate -database "postgres://root:secret@localhost:5432/authd-db?sslmode=disable" -path ./internal/infrastructure/storage/pg/migration/ up

## mig_down_test: apply down migration on test db
mig_down_test:
@echo "migration down on test db..."
@migrate -database "postgres://root:secret@localhost:5432/authd-db-test?sslmode=disable" -path ./internal/infrastructure/storage/pg/migration/ down

## mig_down: apply down migration
mig_down:
@echo "migration down..."
@migrate -database "postgres://root:secret@localhost:5432/authd-db?sslmode=disable" -path ./internal/infrastructure/storage/pg/migration/ down

## mig_down_yes: apply down migration without prompt
mig_down_yes:
@echo "migration down..."
@"yes" | migrate -database "postgres://root:secret@localhost:5432/authd-db?sslmode=disable" -path ./internal/infrastructure/storage/pg/migration/ down

## vet_db: check if mig_up and mig_down are ok
vet_db: recreatedb mig_up mig_down_yes
@echo "vet db migration scripts..."

## sqlc: gen sql
sqlc:
@echo "gen sql..."
cd ./internal/infrastructure/storage/pg; sqlc generate

#### Postgres database ####


#### Swagger doc ####

## doc: generate swagger doc
doc:
@echo "generating swagger doc..."
swag init -g ./cmd/authd/main.go -o ./docs

#### Swagger doc ####

## up: run authd and postgres
up:
export POSTGRES_USER=root; \
export POSTGRES_PASSWORD=secret; \
export POSTGRES_DB=authd-db; \
DOCKER_BUILDKIT=0 docker-compose up -d --build

#### Go lint ####

## vet: run go vet on authd
vet:
@echo "go vet authd..."
go vet ./...

#### Go lint ####

#### Go mock ####

## mock: generater mocks
mock:
cd ./internal/core/domain/; \
mockery --name=ApiKeyRepository --structname=MockApiKeyRepository \
--output=./ --outpkg=port --filename=api_key_repository_mock.go --inpackage; \
mockery --name=RepositoryService --structname=MockRepositoryService \
--output=./ --outpkg=port --filename=repository_service_mock.go --inpackage;
56 changes: 52 additions & 4 deletions auth/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,6 +1,54 @@
# Auth Daemon
# Auth Daemon Microservice

## Description
Auth Daemon is a microservice which provides api key authentication.
Calls coming to prem-gateway are routed by traefik forward-auth middleware to auth daemon.
Auth daemon checks if the api key is valid and if it is, it forwards the request to the appropriate service.
Auth Daemon is a microservice designed to provide API key authentication.
Incoming calls to the `prem-gateway` are rerouted by the traefik forward-auth middleware to the Auth Daemon.
Once here, the Auth Daemon verifies the API key's validity.
If the key is found to be valid, the request is forwarded to the appropriate service.

## Exposed Paths

### 1. Login
- **Path**: `/auth/login`
- **Method**: `GET`
- **Description**: Endpoint for logging in.
- **Query Parameters**:
- `user`: The username.
- `pass`: The password.
- **Response**:
- `200 OK`: Contains the root `api_key`.
- `401 Unauthorized`: Contains error message.

### 2. Verify Request
- **Path**: `/auth/verify`
- **Method**: `GET`
- **Description**: Verifies if the request is allowed.
- **Headers**:
- `Authorization`: The root API key.
- **Response**:
- `200 OK`: If the request is authorized.
- `401 Unauthorized`: Contains error message.

### 3. Create API Key
- **Path**: `/auth/api-key`
- **Method**: `POST`
- **Description**: Endpoint to create a new API key.
- **Headers**:
- `Authorization`: The root API key.
- **Body**: JSON object.
- **Response**:
- `201 Created`: Contains the `api_key`.
- `400 Bad Request`: Contains error message.
- `500 Internal Server Error`: Contains error message.

### 4. Get Service API Key
- **Path**: `/auth/api-key/service`
- **Method**: `GET`
- **Description**: Retrieves the API key for a given service.
- **Headers**:
- `Authorization`: The root API key.
- **Query Parameters**:
- `name`: The service name.
- **Response**:
- `200 OK`: Contains the `api_key`.
- `500 Internal Server Error`: Contains error message.
Loading