feat: add auth middleware

savannahghi · Jan 17, 2023 · dcb6b03 · dcb6b03
1 parent 5587bcb
commit dcb6b03
Show file tree

Hide file tree

Showing 6 changed files with 1,024 additions and 28 deletions.
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -26,12 +26,12 @@ jobs:
       - name: Install Go dependencies
         run: |
           curl -sSfL https://raw.githubusercontent.com/golangci/golangci-lint/master/install.sh | sh -s -- -b $(go env GOPATH)/bin v1.37.1
-          go get -u github.com/kisielk/errcheck
+          go install github.com/kisielk/errcheck@latest
           go get -u golang.org/x/lint/golint
-          go get -u honnef.co/go/tools/cmd/staticcheck
-          go get -u github.com/axw/gocov/gocov
-          go get -u github.com/securego/gosec/cmd/gosec
-          go get -u github.com/ory/go-acc
+          go install honnef.co/go/tools/cmd/staticcheck@2022.1
+          go install github.com/axw/gocov/gocov@latest
+          go install github.com/securego/gosec/v2/cmd/gosec@latest
+          go install github.com/ory/go-acc@latest
           go get -u github.com/client9/misspell/cmd/misspell
           go get -u github.com/gordonklaus/ineffassign
           go get github.com/fzipp/gocyclo
@@ -40,6 +40,8 @@ jobs:
           go get google.golang.org/grpc@v1.38.0
           go get google.golang.org/grpc/balancer/grpclb@v1.38.0
           go get google.golang.org/api/support/bundler@v0.48.0
+          go get contrib.go.opencensus.io/exporter/stackdriver@v0.13.6
+          go get github.com/savannahghi/firebasetools
 
       - name: Run lint and test
         run: |

diff --git a/client.go b/client.go
@@ -12,16 +12,18 @@ import (
 	"time"
 
 	"github.com/go-playground/validator"
+	"github.com/savannahghi/firebasetools"
+	"github.com/savannahghi/serverutils"
 	"moul.io/http2curl"
 )
 
-// Client bundles data needed by methods in order to interact with the casdoor API
+// Client bundles data needed by methods in order to interact with the slade360 auth server API
 type Client struct {
 	client         *http.Client
 	configurations Config
 }
 
-// Config holds the necessary authentication configurations for interacting with the casdoor service
+// Config holds the necessary authentication configurations for interacting with the slade360 auth server service
 type Config struct {
 	AuthServerEndpoint string `json:"authServerEndpoint"`
 	ClientID           string `json:"client_id"`
@@ -105,9 +107,9 @@ func (c *Client) Authenticate() error {
 	return nil
 }
 
-// VerifyAccessToken is used to introspect a token to determine the active state of the
+// verifyAccessToken is used to introspect a token to determine the active state of the
 // OAuth 2.0 access token and to determine meta-information about this token.
-func (c *Client) VerifyAccessToken(ctx context.Context, accessToken string) (*TokenIntrospectionResponse, error) {
+func (c *Client) verifyAccessToken(ctx context.Context, accessToken string) (*TokenIntrospectionResponse, error) {
 	if accessToken == "" {
 		return nil, fmt.Errorf("unable to get access token from the input")
 	}
@@ -141,6 +143,23 @@ func (c *Client) VerifyAccessToken(ctx context.Context, accessToken string) (*To
 	return introspectionResponse, nil
 }
 
+// hasValidSlade360BearerToken returns true with no errors if the request has a valid bearer token in the authorization header.
+// Otherwise, it returns false and the error in a map with the key "error"
+func (c *Client) hasValidSlade360BearerToken(ctx context.Context, r *http.Request) (bool, map[string]string, *TokenIntrospectionResponse) {
+	bearerToken, err := firebasetools.ExtractBearerToken(r)
+	if err != nil {
+		// this error here will only be returned to the user if all the verification functions in the chain fail
+		return false, serverutils.ErrorMap(err), nil
+	}
+
+	validToken, err := c.verifyAccessToken(ctx, bearerToken)
+	if err != nil {
+		return false, serverutils.ErrorMap(err), nil
+	}
+
+	return true, nil, validToken
+}
+
 // makeRequest is a helper function for making http requests
 func (c *Client) makeRequest(
 	ctx context.Context,

diff --git a/go.mod b/go.mod
@@ -4,16 +4,70 @@ go 1.18
 
 require (
 	github.com/go-playground/validator v9.31.0+incompatible
+	github.com/savannahghi/firebasetools v0.0.19
+	github.com/savannahghi/serverutils v0.0.7
 	moul.io/http2curl v1.0.0
 )
 
 require (
+	cloud.google.com/go v0.100.2 // indirect
+	cloud.google.com/go/compute v1.5.0 // indirect
+	cloud.google.com/go/container v1.2.0 // indirect
+	cloud.google.com/go/errorreporting v0.2.0 // indirect
+	cloud.google.com/go/firestore v1.6.1 // indirect
+	cloud.google.com/go/iam v0.3.0 // indirect
+	cloud.google.com/go/logging v1.4.2 // indirect
+	cloud.google.com/go/monitoring v1.4.0 // indirect
+	cloud.google.com/go/profiler v0.2.0 // indirect
+	cloud.google.com/go/storage v1.18.2 // indirect
+	cloud.google.com/go/trace v1.2.0 // indirect
+	contrib.go.opencensus.io/exporter/stackdriver v0.13.6 // indirect
+	firebase.google.com/go v3.13.0+incompatible // indirect
+	github.com/99designs/gqlgen v0.13.0 // indirect
+	github.com/agnivade/levenshtein v1.0.3 // indirect
+	github.com/aws/aws-sdk-go v1.37.0 // indirect
+	github.com/census-instrumentation/opencensus-proto v0.3.0 // indirect
 	github.com/davecgh/go-spew v1.1.1 // indirect
+	github.com/getsentry/sentry-go v0.11.0 // indirect
 	github.com/go-playground/locales v0.14.1 // indirect
 	github.com/go-playground/universal-translator v0.18.0 // indirect
+	github.com/gofrs/uuid v4.2.0+incompatible // indirect
+	github.com/golang/groupcache v0.0.0-20200121045136-8c9f03a8e57e // indirect
+	github.com/golang/protobuf v1.5.2 // indirect
+	github.com/google/go-cmp v0.5.7 // indirect
+	github.com/google/pprof v0.0.0-20220113144219-d25a53d42d00 // indirect
+	github.com/google/uuid v1.3.0 // indirect
+	github.com/googleapis/gax-go/v2 v2.1.1 // indirect
+	github.com/jmespath/go-jmespath v0.4.0 // indirect
 	github.com/leodido/go-urn v1.2.1 // indirect
+	github.com/lithammer/shortuuid v3.0.0+incompatible // indirect
+	github.com/pkg/errors v0.9.1 // indirect
+	github.com/pmezard/go-difflib v1.0.0 // indirect
+	github.com/savannahghi/enumutils v0.0.3 // indirect
+	github.com/savannahghi/errorcodeutil v0.0.5 // indirect
+	github.com/sirupsen/logrus v1.8.1 // indirect
 	github.com/smartystreets/goconvey v1.7.2 // indirect
 	github.com/stretchr/testify v1.7.0 // indirect
-	gopkg.in/go-playground/assert.v1 v1.2.1 // indirect
+	github.com/vektah/gqlparser/v2 v2.1.0 // indirect
+	github.com/vmihailenco/msgpack v4.0.4+incompatible // indirect
+	go.opencensus.io v0.23.0 // indirect
+	go.opentelemetry.io/otel v1.0.0-RC1 // indirect
+	go.opentelemetry.io/otel/exporters/jaeger v1.0.0-RC1 // indirect
+	go.opentelemetry.io/otel/sdk v1.0.0-RC1 // indirect
+	go.opentelemetry.io/otel/trace v1.0.0-RC1 // indirect
+	golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4 // indirect
+	golang.org/x/net v0.0.0-20220722155237-a158d28d115b // indirect
+	golang.org/x/oauth2 v0.0.0-20220223155221-ee480838109b // indirect
+	golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4 // indirect
+	golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f // indirect
+	golang.org/x/text v0.3.8 // indirect
+	golang.org/x/tools v0.1.12 // indirect
+	golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1 // indirect
+	google.golang.org/api v0.71.0 // indirect
+	google.golang.org/appengine v1.6.7 // indirect
+	google.golang.org/genproto v0.0.0-20220304144024-325a89244dc8 // indirect
+	google.golang.org/grpc v1.44.0 // indirect
+	google.golang.org/protobuf v1.27.1 // indirect
+	gopkg.in/yaml.v2 v2.4.0 // indirect
 	gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b // indirect
 )