From b7d7750b2d49fe92cd53d74f5f55432f7b7eea76 Mon Sep 17 00:00:00 2001 From: Victor Roest Date: Tue, 10 Nov 2020 16:32:20 +0100 Subject: [PATCH 1/3] Add aurum --- .run/Control server.run.xml | 12 ----- go.mod | 5 ++- go.sum | 38 ++++++++++++++++ pkg/auth/aurum.go | 53 ++++++++++++++++++++++ pkg/auth/auth.go | 55 ++++++++++++++++++++++- pkg/auth/store.go | 30 +++++++++++-- pkg/dependency/dep_resolver.go | 2 +- services/control_server/main.go | 19 ++++---- services/control_server/routes/package.go | 8 ++-- services/control_server/routes/routes.go | 4 +- services/control_server/routes/user.go | 4 +- 11 files changed, 192 insertions(+), 38 deletions(-) delete mode 100644 .run/Control server.run.xml create mode 100644 pkg/auth/aurum.go diff --git a/.run/Control server.run.xml b/.run/Control server.run.xml deleted file mode 100644 index 805bb51..0000000 --- a/.run/Control server.run.xml +++ /dev/null @@ -1,12 +0,0 @@ - - - - - - - - - - - - \ No newline at end of file diff --git a/go.mod b/go.mod index 1692e4c..2624a95 100644 --- a/go.mod +++ b/go.mod @@ -14,6 +14,7 @@ require ( github.com/docker/docker v17.12.0-ce-rc1.0.20200916142827-bd33bbf0497b+incompatible github.com/docker/go-connections v0.4.0 // indirect github.com/docker/go-units v0.4.0 // indirect + github.com/finitum/aurum v0.0.0-20201110134241-2af7867ae837 github.com/go-chi/chi v4.1.2+incompatible github.com/go-chi/jwtauth v4.0.4+incompatible github.com/go-chi/render v1.0.1 @@ -26,9 +27,9 @@ require ( github.com/pkg/errors v0.9.1 github.com/sirupsen/logrus v1.7.0 github.com/stretchr/testify v1.6.1 - golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9 + golang.org/x/crypto v0.0.0-20201016220609-9e8e0b390897 golang.org/x/net v0.0.0-20201031054903-ff519b6c9102 // indirect - golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f + golang.org/x/sys v0.0.0-20201020230747-6e5568b54d1a golang.org/x/time v0.0.0-20200630173020-3af7569d3a1e // indirect google.golang.org/grpc v1.33.1 // indirect gotest.tools v2.2.0+incompatible // indirect diff --git a/go.sum b/go.sum index 967c620..91fce1b 100644 --- a/go.sum +++ b/go.sum @@ -44,14 +44,18 @@ github.com/anmitsu/go-shlex v0.0.0-20161002113705-648efa622239/go.mod h1:2FmKhYU github.com/armon/consul-api v0.0.0-20180202201655-eb2c6b5be1b6/go.mod h1:grANhF5doyWs3UAsr3K4I6qtAmlQcZDesFNEHPZAzj8= github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5 h1:0CwZNZbxp69SHPdPJAN/hZIm0C4OItdklCFmMRWYpio= github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5/go.mod h1:wHh0iHkYZB8zMSxRWpUBQtwG5a7fFgvEO+odwuTv2gs= +github.com/atotto/clipboard v0.1.2/go.mod h1:ZY9tmq7sm5xIbd9bOK4onWV4S6X0u6GY7Vn0Yu86PYI= github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU= github.com/cespare/xxhash v1.1.0 h1:a6HrQnmkObjyL+Gs60czilIUGqrzKutQD6XZog3p+ko= github.com/cespare/xxhash v1.1.0/go.mod h1:XrSqR1VqqWfGrhpAt58auRo0WTKS1nRRg3ghfAqPWnc= +github.com/charmbracelet/bubbles v0.7.4/go.mod h1:IRTORFvhEI6OUH7WhN2Ks8Z8miNGimk1BE6cmHijOkM= +github.com/charmbracelet/bubbletea v0.12.2/go.mod h1:3gZkYELUOiEUOp0bTInkxguucy/xRbGSOcbMs1geLxg= github.com/chzyer/logex v1.1.10/go.mod h1:+Ywpsq7O8HXn0nuIou7OrIPyXbp3wmkHB+jjWRnGsAI= github.com/chzyer/readline v0.0.0-20180603132655-2972be24d48e/go.mod h1:nSuG5e5PlCu98SY8svDHJxuZscDgtXS6KTTbou5AhLI= github.com/chzyer/test v0.0.0-20180213035817-a1ea475d72b1/go.mod h1:Q3SI9o4m/ZMnBNeIyt5eFwwo7qiLfzFZmjNmxjkiQlU= github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw= github.com/cncf/udpa/go v0.0.0-20191209042840-269d4d468f6f/go.mod h1:M8M6+tZqaGXZJjfX53e64911xZQV5JYwmTeXPW+k8Sc= +github.com/containerd/console v1.0.1/go.mod h1:XUsP6YE/mKtz6bxc+I8UiKKTP04qjQL4qcS3XoQ5xkw= github.com/containerd/containerd v1.4.1 h1:pASeJT3R3YyVn+94qEPk0SnU1OQ20Jd/T+SPKy9xehY= github.com/containerd/containerd v1.4.1/go.mod h1:bC6axHOhabU15QhwfG7w5PipXdVtMXFTttgp+kVtyUA= github.com/coreos/etcd v3.3.10+incompatible/go.mod h1:uF7uidLiAD3TWHmW31ZFd/JWoc32PjwdhPthX9715RE= @@ -62,6 +66,8 @@ github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ3 github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= +github.com/deanishe/go-env v0.4.0/go.mod h1:RgEcGAqdRnt8ybQteAbv1Ys2lWIRE7TlgON/sbdjuaY= +github.com/denisenkom/go-mssqldb v0.0.0-20191124224453-732737034ffd/go.mod h1:xbL0rPBG9cCiLr28tMa8zpbdarY27NDyej4t/EjAShU= github.com/dgraph-io/badger/v2 v2.2007.2 h1:EjjK0KqwaFMlPin1ajhP943VPENHJdEz1KLIegjaI3k= github.com/dgraph-io/badger/v2 v2.2007.2/go.mod h1:26P/7fbL4kUZVEVKLAKXkBXKOydDmM2p1e+NhhnBCAE= github.com/dgraph-io/ristretto v0.0.3-0.20200630154024-f66de99634de h1:t0UHb5vdojIDUqktM6+xJAfScFBsVpXZmqC9dsgJmeA= @@ -72,6 +78,7 @@ github.com/dgrijalva/jwt-go v3.2.0+incompatible h1:7qlOGliEKZXTDg6OTjfoBKDXWrumC github.com/dgrijalva/jwt-go v3.2.0+incompatible/go.mod h1:E3ru+11k8xSBh+hMPgOLZmtrrCbhqsmaPHjLKYnJCaQ= github.com/dgryski/go-farm v0.0.0-20190423205320-6a90982ecee2 h1:tdlZCpZ/P9DhczCTSixgIKmwPv6+wP5DGjqLYw5SUiA= github.com/dgryski/go-farm v0.0.0-20190423205320-6a90982ecee2/go.mod h1:SqUrOPUnsFjfmXRMNPybcSiG0BgUW2AuFH8PAnS2iTw= +github.com/dlclark/regexp2 v1.4.0/go.mod h1:2pZnwuY/m+8K6iRw6wQdMtk+rH5tNGR1i55kozfMjCc= github.com/docker/distribution v2.7.1+incompatible h1:a5mlkVzth6W5A4fOsS3D2EO5BUmsJpcB+cRlLU7cSug= github.com/docker/distribution v2.7.1+incompatible/go.mod h1:J2gT2udsDAN96Uj4KfcMRqY0/ypR+oyYUYmja8H+y+w= github.com/docker/docker v17.12.0-ce-rc1.0.20200916142827-bd33bbf0497b+incompatible h1:SiUATuP//KecDjpOK2tvZJgeScYAklvyjfK8JZlU6fo= @@ -92,7 +99,10 @@ github.com/envoyproxy/go-control-plane v0.9.0/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymF github.com/envoyproxy/go-control-plane v0.9.1-0.20191026205805-5f8ba28d4473/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4= github.com/envoyproxy/go-control-plane v0.9.4/go.mod h1:6rpuAdCZL397s3pYoYcLgu1mIlRU8Am5FuJP05cCM98= github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c= +github.com/erikstmartin/go-testdb v0.0.0-20160219214506-8d10e4a1bae5/go.mod h1:a2zkGnVExMxdzMo3M0Hi/3sEU+cWnZpSni0O6/Yb/P0= github.com/evanphx/json-patch v4.9.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk= +github.com/finitum/aurum v0.0.0-20201110134241-2af7867ae837 h1:qUpvESHENZfjqMA4KkaV3LZh+IyUKaesxxBUBUManZM= +github.com/finitum/aurum v0.0.0-20201110134241-2af7867ae837/go.mod h1:vVg8E1DVhap8RVRcuOj1qSc4HY9R4oLCHjgu/pCULZ0= github.com/flynn/go-shlex v0.0.0-20150515145356-3f9db97f8568 h1:BHsljHzVlRcyQhjrss6TZTdY2VfCqZPbv5k3iBFa2ZQ= github.com/flynn/go-shlex v0.0.0-20150515145356-3f9db97f8568/go.mod h1:xEzjJPgXI435gkrCt3MPfRiAkVrwSbHsst4LCFVfpJc= github.com/fsnotify/fsnotify v1.4.7/go.mod h1:jwhsz4b93w/PPRr/qN1Yymfu8t87LnFCMoQvtojpjFo= @@ -122,8 +132,10 @@ github.com/go-openapi/jsonpointer v0.0.0-20160704185906-46af16f9f7b1/go.mod h1:+ github.com/go-openapi/jsonreference v0.0.0-20160704190145-13c6e3589ad9/go.mod h1:W3Z9FmVs9qj+KR4zFKmDPGiLdk1D9Rlm7cyMvf57TTg= github.com/go-openapi/spec v0.0.0-20160808142527-6aced65f8501/go.mod h1:J8+jY1nAiCcj+friV/PDoE1/3eeccG9LYBs0tYvLOWc= github.com/go-openapi/swag v0.0.0-20160704191624-1d0bd113de87/go.mod h1:DXUve3Dpr1UfpPtxFw+EFuQ41HhCWZfha5jSVRG7C7I= +github.com/go-sql-driver/mysql v1.4.1/go.mod h1:zAC/RDZ24gD3HViQzih4MyKcchzm+sOG5ZlKdlhCg5w= github.com/gogo/protobuf v1.3.1 h1:DqDEcV5aeaTmdFBePNpYsp3FlcVH/2ISVVM9Qf8PSls= github.com/gogo/protobuf v1.3.1/go.mod h1:SlYgWuQ5SjCEi6WLHjHCa1yvBfUnHcTbrrZtXPKa29o= +github.com/golang-sql/civil v0.0.0-20190719163853-cb61b32ac6fe/go.mod h1:8vg3r2VgvsThLBIFL93Qb5yWzgyZWhEmBwUJWevAkK0= github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q= github.com/golang/groupcache v0.0.0-20190702054246-869f871628b6/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= github.com/golang/groupcache v0.0.0-20191227052852-215e87163ea7/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= @@ -152,10 +164,12 @@ github.com/google/go-cmp v0.3.0/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMyw github.com/google/go-cmp v0.3.1/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU= github.com/google/go-cmp v0.4.0 h1:xsAVV57WRhGj6kEIi8ReJzQlHHqcBYCElAvkovg3B/4= github.com/google/go-cmp v0.4.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= +github.com/google/go-cmp v0.5.2/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= github.com/google/gofuzz v1.1.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= github.com/google/gofuzz v1.2.0 h1:xRy4A+RhZaiKjJ1bPfwQ8sedCA+YS2YcCHW6ec7JMi0= github.com/google/gofuzz v1.2.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= +github.com/google/goterm v0.0.0-20190703233501-fc88cf888a3f/go.mod h1:nOFQdrUlIlx6M6ODdSpBj1NVA+VgLC6kmw60mkw34H4= github.com/google/martian v2.1.0+incompatible/go.mod h1:9I4somxYTbIHy5NJKHRl3wXiIaQGbYVAs8BPL6v8lEs= github.com/google/pprof v0.0.0-20181206194817-3ea8567a2e57/go.mod h1:zfwlbNMJ+OItoe0UupaVj+oy1omPYYDuagoSzA8v9mc= github.com/google/pprof v0.0.0-20190515194954-54271f7e092f/go.mod h1:zfwlbNMJ+OItoe0UupaVj+oy1omPYYDuagoSzA8v9mc= @@ -182,6 +196,9 @@ github.com/inconshreveable/mousetrap v1.0.0/go.mod h1:PxqpIevigyE2G7u3NXJIT2ANyt github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99 h1:BQSFePA1RWJOlocH6Fxy8MmwDt+yVQYULKfN0RoTN8A= github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99/go.mod h1:1lJo3i6rXxKeerYnT8Nvf0QmHCRC1n8sfWVwXF2Frvo= github.com/jessevdk/go-flags v1.4.0/go.mod h1:4FA24M0QyGHXBuZZK/XkWh8h0e1EYbRYJSGM75WSRxI= +github.com/jinzhu/gorm v1.9.12/go.mod h1:vhTjlKSJUTWNtcbQtrMBFCxy7eXTzeCAzfL5fBZT/Qs= +github.com/jinzhu/inflection v1.0.0/go.mod h1:h+uFLlag+Qp1Va5pdKtLDYj+kHp5pxUVkryuEj+Srlc= +github.com/jinzhu/now v1.0.1/go.mod h1:d3SSVoowX0Lcu0IBviAWJpolVfI5UJVZZ7cO71lE/z8= github.com/json-iterator/go v1.1.6/go.mod h1:+SdeFBvtyEkXs7REEP0seUULqWtbJapLOCVDaaPEHmU= github.com/json-iterator/go v1.1.10 h1:Kz6Cvnvv2wGdaG/V8yMvfkmNiXq9Ya2KUv4rouJJr68= github.com/json-iterator/go v1.1.10/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4= @@ -198,8 +215,13 @@ github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ= github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI= github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY= github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE= +github.com/lib/pq v1.1.1/go.mod h1:5WUZQaWbwv1U+lTReE5YruASi9Al49XbQIvNi/34Woo= +github.com/lucasb-eyer/go-colorful v1.0.3/go.mod h1:R4dSotOR9KMtayYi1e77YzuveK+i7ruzyGqttikkLy0= github.com/magiconair/properties v1.8.0/go.mod h1:PppfXfuXeibc/6YijjN8zIbojt8czPbwD3XqdrwzmxQ= github.com/mailru/easyjson v0.0.0-20160728113105-d5b7844b561a/go.mod h1:C1wdFJiN94OJF2b5HbByQZoLdCWB1Yqtg26g4irojpc= +github.com/mattn/go-isatty v0.0.12/go.mod h1:cbi8OIDigv2wuxKPP5vlRcQ1OAZbq2CE4Kysco4FUpU= +github.com/mattn/go-runewidth v0.0.9/go.mod h1:H031xJmbD/WCDINGzjvQ9THkh0rPKHF+m2gUSrubnMI= +github.com/mattn/go-sqlite3 v2.0.1+incompatible/go.mod h1:FPy6KqzDD04eiIsT53CuJW3U88zkxoIYsOqkbpncsNc= github.com/mitchellh/go-homedir v1.1.0 h1:lukF9ziXFxDFPkA1vsr5zpc1XuPDn/wFntq5mG+4E0Y= github.com/mitchellh/go-homedir v1.1.0/go.mod h1:SfyaCUpYCn1Vlf4IUYiD9fPX4A5wJrkLzIz1N1q0pr0= github.com/mitchellh/mapstructure v1.1.2/go.mod h1:FVVH3fgwuzCH5S8UJGiWEs2h04kUh9fWfEaFds41c1Y= @@ -211,6 +233,8 @@ github.com/modern-go/reflect2 v1.0.1 h1:9f412s+6RmYXLWZSEzVVgPGK7C2PphHj5RJrvfx9 github.com/modern-go/reflect2 v1.0.1/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3RllmbCylyMrvgv0= github.com/morikuni/aec v1.0.0 h1:nP9CBfwrvYnBRgY6qfDQkygYDmYwOilePFkwzv4dU8A= github.com/morikuni/aec v1.0.0/go.mod h1:BbKIizmSmc5MMPqRYbxO4ZU0S0+P200+tUnFx7PXmsc= +github.com/muesli/termenv v0.7.2/go.mod h1:ct2L5N2lmix82RaY3bMWwVu/jUFc9Ule0KGDCiKYPh8= +github.com/muesli/termenv v0.7.4/go.mod h1:pZ7qY9l3F7e5xsAOS0zCew2tME+p7bWeBkotCEcIIcc= github.com/munnerz/goautoneg v0.0.0-20120707110453-a547fc61f48d/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ= github.com/mxk/go-flowrate v0.0.0-20140419014527-cca7078d478f/go.mod h1:ZdcZmHo+o7JKHSa8/e818NopupXU1YMK5fe1lsApnBw= github.com/niemeyer/pretty v0.0.0-20200227124842-a10e7caefd8e h1:fD57ERR4JtEqsWbfPhv4DMiApHyliiK5xCTNVSPiaAs= @@ -237,6 +261,7 @@ github.com/russross/blackfriday v1.5.2/go.mod h1:JO/DiYxRf+HjHt06OyowR9PTA263kcR github.com/sergi/go-diff v1.1.0 h1:we8PVUC3FE2uYfodKH/nBHMSetSfHDR6scGdBi+erh0= github.com/sergi/go-diff v1.1.0/go.mod h1:STckp+ISIX8hZLjrqAeVduY0gWCT9IjLuqbuNXdaHfM= github.com/sirupsen/logrus v1.4.1/go.mod h1:ni0Sbl8bgC9z8RoU9G6nDWqqs/fq4eDPysMBDgk/93Q= +github.com/sirupsen/logrus v1.4.2/go.mod h1:tLMulIdttU9McNUspp0xgXVQah82FyeX6MwdIuYE2rE= github.com/sirupsen/logrus v1.7.0 h1:ShrD1U9pZB12TX0cVy0DtePoCH97K8EtX+mg7ZARUtM= github.com/sirupsen/logrus v1.7.0/go.mod h1:yWOB1SBYBC5VeMP7gHvWumXLIWorT60ONWic61uBYv0= github.com/spaolacci/murmur3 v0.0.0-20180118202830-f09979ecbc72/go.mod h1:JwIasOWyU6f++ZhiEuf87xNszmSA2myDM2Kzu9HwQUA= @@ -260,6 +285,8 @@ github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UV github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4= github.com/stretchr/testify v1.6.1 h1:hDPOHmpOpP40lSULcqw7IrRb/u7w6RpDC9399XyoNd0= github.com/stretchr/testify v1.6.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= +github.com/test-go/testify v1.1.4/go.mod h1:rH7cfJo/47vWGdi4GPj16x3/t1xGOj2YxzmNQzk2ghU= +github.com/trustelem/zxcvbn v1.0.1/go.mod h1:zonUyKeh7sw6psPf/e3DtRqkRyZvAbOfjNz/aO7YQ5s= github.com/ugorji/go/codec v0.0.0-20181204163529-d75b2dcb6bc8/go.mod h1:VFNgLljTbGfSG7qAOspJ7OScBnGdDN/yBr0sguwnwf0= github.com/xanzy/ssh-agent v0.2.1 h1:TCbipTQL2JiiCprBWx9frJ2eJlCYT00NmctrHxVAr70= github.com/xanzy/ssh-agent v0.2.1/go.mod h1:mLlQY/MoOhWBj+gOGMQkOeiEvkx+8pJSI+0Bx9h2kr4= @@ -270,14 +297,19 @@ go.opencensus.io v0.22.2/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw= golang.org/x/crypto v0.0.0-20181203042331-505ab145d0a9/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4= golang.org/x/crypto v0.0.0-20190219172222-a4c6cb3142f2/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4= golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= +golang.org/x/crypto v0.0.0-20190325154230-a5d413f7728c/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= golang.org/x/crypto v0.0.0-20190510104115-cbcb75029529/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= golang.org/x/crypto v0.0.0-20190605123033-f99c8df09eb5/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= +golang.org/x/crypto v0.0.0-20191205180655-e7c4368fe9dd/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= golang.org/x/crypto v0.0.0-20191206172530-e9b2fee46413/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= golang.org/x/crypto v0.0.0-20200302210943-78000ba7a073 h1:xMPOj6Pz6UipU1wXLkrtqpHbR0AVFnyPEQq/wRWz9lM= golang.org/x/crypto v0.0.0-20200302210943-78000ba7a073/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9 h1:psW17arqaxU48Z5kZ0CQnkZWQJsqcURM6tKiBApRjXI= golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= +golang.org/x/crypto v0.0.0-20201012173705-84dcc777aaee/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= +golang.org/x/crypto v0.0.0-20201016220609-9e8e0b390897 h1:pLI5jrR7OSLijeIDcmRxNmw2api+jEfxLoykJVice/E= +golang.org/x/crypto v0.0.0-20201016220609-9e8e0b390897/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190510132918-efd6b22b2522/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8= @@ -338,6 +370,7 @@ golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5h golang.org/x/sys v0.0.0-20190221075227-b4e8571b14e0/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190312061237-fead79001313/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20190422165155-953cdadca894/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190502145724-3ef323f4f1fd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190507160741-ecd444e8653b/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190606165138-5da285871e9c/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= @@ -347,13 +380,18 @@ golang.org/x/sys v0.0.0-20191005200804-aed5e4c7ecf9/go.mod h1:h1NjWce9XRLGQEsW7w golang.org/x/sys v0.0.0-20191026070338-33540a1f6037/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20191204072324-ce4227a45e2e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20191228213918-04cbcbbfeed8/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20200116001909-b77594299b42/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200302150141-5c8b2ff67527 h1:uYVVQ9WP/Ds2ROhcaGPeIdVq0RIXVLwsHlnvJ+cT1So= golang.org/x/sys v0.0.0-20200302150141-5c8b2ff67527/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200323222414-85ca7c5b95cd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200622214017-ed371f2e16b4 h1:5/PjkGUjvEU5Gl6BxmvKRPpqo2uNMv4rcHBMwzk/st8= golang.org/x/sys v0.0.0-20200622214017-ed371f2e16b4/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20200916030750-2334cc1a136f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f h1:+Nyd8tzPX9R7BWHguqsrbFdRx3WQ/1ib8I44HXV5yTA= golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20201009025420-dfb3f7c4e634/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20201020230747-6e5568b54d1a h1:e3IU37lwO4aq3uoRKINC7JikojFmE5gO7xhfxs8VC34= +golang.org/x/sys v0.0.0-20201020230747-6e5568b54d1a/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.2 h1:tW2bmiBqwgJj/UpqtC8EpXEZVYOwU0yG4iWbprSVAcs= diff --git a/pkg/auth/aurum.go b/pkg/auth/aurum.go new file mode 100644 index 0000000..ad9795c --- /dev/null +++ b/pkg/auth/aurum.go @@ -0,0 +1,53 @@ +package auth + +import ( + "github.com/finitum/AAAAA/pkg/models" + "github.com/finitum/aurum/clients/go" + "github.com/pkg/errors" +) + +type Aurum struct { + au *aurum.Aurum +} + +func NewAurum(url string) (*Aurum, error) { + au, err := aurum.Connect(url) + if err != nil { + return nil, errors.Wrap(err, "connecting to aurum failed") + } + + return &Aurum{ au }, nil +} + +func (a *Aurum) Login(user *models.User) (string, error) { + tp, err := a.au.Login(user.Username, user.Password) + if err != nil { + return "", err + } + + return tp.LoginToken, nil +} + +func (a *Aurum) Register(user *models.User) error { + return errors.Wrap(a.au.Register(user.Username, user.Password, "nomail@AAAAA"), "aurum signup failed") +} + +func (a *Aurum) Update(user *models.User, token string) error { + return errors.New("unsupported") +} + +func (a *Aurum) Verify(token string) (Claims, bool) { + claims, err := a.au.Verify(token) + if err != nil { + return Claims{}, false + } + + if err := claims.Valid(); err != nil { + return Claims{}, false + } + + return Claims{ + Username: claims.Username, + RawToken: token, + }, !claims.Refresh +} diff --git a/pkg/auth/auth.go b/pkg/auth/auth.go index 18caf59..bb2a528 100644 --- a/pkg/auth/auth.go +++ b/pkg/auth/auth.go @@ -1,9 +1,60 @@ package auth -import "github.com/finitum/AAAAA/pkg/models" +import ( + "context" + "github.com/finitum/AAAAA/pkg/models" + "net/http" + "strings" +) + +type Claims struct { + Username string + RawToken string +} + +const VerifierContextKey = "AAAAA jwt verification key" type AuthenticationService interface { Login(user *models.User) (string, error) Register(user *models.User) error - Update(user *models.User) error + Update(user *models.User, token string) error + + // Verify verifies a jwt token returns claims, true if success nil, false otherwise + Verify(token string) (Claims, bool) +} + +// VerificationMiddleware calls AuthenticationService.Verify, 401s on failure and puts the claims in the request context +// on success, these can be retrieved with FromContext +func VerificationMiddleware(a AuthenticationService) func (next http.Handler) http.Handler { + return func(next http.Handler) http.Handler { + return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { + auth := r.Header.Get("Authorization") + if !strings.HasPrefix(auth, "Bearer ") { + http.Error(w, http.StatusText(http.StatusUnauthorized), http.StatusUnauthorized) + return + } + auth = strings.TrimPrefix(auth, "Bearer ") + + claims, valid := a.Verify(auth) + if !valid { + http.Error(w, http.StatusText(http.StatusUnauthorized), http.StatusUnauthorized) + return + } + + claims.RawToken = auth + + ctx := context.WithValue(r.Context(), VerifierContextKey, claims) + + next.ServeHTTP(w, r.WithContext(ctx)) + }) + } +} + +// FromContext retrieves the Claims from a request context, returns Claims, true on success nil, false otherwise +func FromContext(ctx context.Context) (Claims, bool) { + claims, ok := ctx.Value(VerifierContextKey).(Claims) + if !ok { + return Claims{}, false + } + return claims, true } diff --git a/pkg/auth/store.go b/pkg/auth/store.go index b1aa25c..3b6a7ea 100644 --- a/pkg/auth/store.go +++ b/pkg/auth/store.go @@ -14,7 +14,32 @@ type StoreAuth struct { jwt *jwtauth.JWTAuth } -func (s *StoreAuth) Update(user *models.User) error { +func NewStoreAuth(db store.Store, jwtkey string) *StoreAuth { + return &StoreAuth{ + db: db, + jwt: jwtauth.New(jwt.SigningMethodHS384.Name, []byte(jwtkey), nil), + } +} + +func (s *StoreAuth) Verify(token string) (Claims, bool) { + dec, err := s.jwt.Decode(token) + if err != nil { + return Claims{}, false + } + + if !dec.Valid { + return Claims{}, false + } + + claims := dec.Claims.(*jwt.StandardClaims) + + return Claims{ + Username: claims.Subject, + RawToken: token, + }, dec.Valid +} + +func (s *StoreAuth) Update(user *models.User, _ string) error { _, err := s.db.GetUser(user.Username) if err == store.ErrNotExists { return errors.New("user doesn't exists") @@ -33,9 +58,6 @@ func (s *StoreAuth) Update(user *models.User) error { return nil } -func NewStoreAuth(db store.Store, jwt *jwtauth.JWTAuth) *StoreAuth { - return &StoreAuth{db, jwt} -} func (s *StoreAuth) Login(user *models.User) (string, error) { dbUser, err := s.db.GetUser(user.Username) diff --git a/pkg/dependency/dep_resolver.go b/pkg/dependency/dep_resolver.go index cfa112e..3c676ef 100644 --- a/pkg/dependency/dep_resolver.go +++ b/pkg/dependency/dep_resolver.go @@ -39,7 +39,7 @@ type Dependency struct { } /* -Resolver represents an a resolver, which is able to resolve all dependencies of a given package with the given name. +Resolver represents a resolver, which is able to resolve all dependencies of a given package with the given name. Most use cases can be solved by using a custom InfoResolveFunction in combination with a custom URL, but it is possible to provide an alternative implementation of the default resolver by implementing this interface. diff --git a/services/control_server/main.go b/services/control_server/main.go index 973c1b4..c299c9f 100644 --- a/services/control_server/main.go +++ b/services/control_server/main.go @@ -3,7 +3,6 @@ package main import ( "crypto/rand" "encoding/base64" - "github.com/dgrijalva/jwt-go" "github.com/finitum/AAAAA/internal/cors" "github.com/finitum/AAAAA/pkg/auth" "github.com/finitum/AAAAA/pkg/executor" @@ -13,7 +12,6 @@ import ( "github.com/finitum/AAAAA/services/control_server/routes" "github.com/go-chi/chi" "github.com/go-chi/chi/middleware" - "github.com/go-chi/jwtauth" "github.com/go-chi/render" log "github.com/sirupsen/logrus" "net/http" @@ -32,13 +30,16 @@ func main() { } defer db.Close() - tokenAuth := jwtauth.New(jwt.SigningMethodHS384.Name, []byte(cfg.JWTKey), nil) // Auth service - auths := auth.NewStoreAuth(db, tokenAuth) + //auths := auth.NewStoreAuth(db, cfg.JWTKey) + auths, err := auth.NewAurum("http://localhost:8042") + if err != nil { + log.Fatal(err) + } // Create initial user - initialUser(db, auths) + //initialUser(db, auths) // Executor var exec executor.Executor @@ -73,11 +74,9 @@ func main() { // Protected Routes r.Group(func(r chi.Router) { - // Seek, verify and validate JWT tokens - r.Use(jwtauth.Verifier(tokenAuth)) + // Veirfy jwt tokens + r.Use(auth.VerificationMiddleware(auths)) - // Handle valid / invalid tokens. - r.Use(jwtauth.Authenticator) //r.Use(corsHandler) r.Post("/user", rs.AddUser) @@ -97,7 +96,7 @@ func main() { log.Fatal(http.ListenAndServe(cfg.Address, r)) } -func initialUser(db store.Store, auths auth.AuthenticationService) { +func initialUser(db store.Store, auths auth.StoreAuth) { users, err := db.AllUserNames() if err != nil { log.Fatal(err) diff --git a/services/control_server/routes/package.go b/services/control_server/routes/package.go index ef2b6cb..c5d95b1 100644 --- a/services/control_server/routes/package.go +++ b/services/control_server/routes/package.go @@ -3,13 +3,13 @@ package routes import ( "context" "errors" + "github.com/finitum/AAAAA/pkg/auth" "github.com/finitum/AAAAA/pkg/executor" "github.com/finitum/AAAAA/pkg/git" "github.com/finitum/AAAAA/pkg/models" "github.com/finitum/AAAAA/pkg/repo_add" "github.com/finitum/AAAAA/pkg/store" "github.com/go-chi/chi" - "github.com/go-chi/jwtauth" "github.com/go-chi/render" "github.com/go-git/go-git/v5/plumbing" log "github.com/sirupsen/logrus" @@ -104,13 +104,13 @@ func (rs *Routes) TriggerBuild(w http.ResponseWriter, r *http.Request) { return } - token, _, err := jwtauth.FromContext(r.Context()) - if err != nil { + claims, success := auth.FromContext(r.Context()) + if !success { _ = render.Render(w, r, ErrServerError(err)) return } - tokenStr := token.Raw + tokenStr := claims.RawToken go func() { ctx := context.Background() diff --git a/services/control_server/routes/routes.go b/services/control_server/routes/routes.go index 9475bdf..625f769 100644 --- a/services/control_server/routes/routes.go +++ b/services/control_server/routes/routes.go @@ -10,12 +10,12 @@ import ( type Routes struct { cfg *config.Config - db store.Store + db store.PackageStore auth auth.AuthenticationService exec executor.Executor } -func New(cfg *config.Config, db store.Store, auth auth.AuthenticationService, exec executor.Executor) *Routes { +func New(cfg *config.Config, db store.PackageStore, auth auth.AuthenticationService, exec executor.Executor) *Routes { return &Routes{cfg, db, auth, exec} } diff --git a/services/control_server/routes/user.go b/services/control_server/routes/user.go index 216373d..ab18214 100644 --- a/services/control_server/routes/user.go +++ b/services/control_server/routes/user.go @@ -2,6 +2,7 @@ package routes import ( "encoding/json" + "github.com/finitum/AAAAA/pkg/auth" "github.com/finitum/AAAAA/pkg/models" "github.com/go-chi/chi" "github.com/go-chi/render" @@ -101,7 +102,8 @@ func (rs *Routes) UpdateUser(w http.ResponseWriter, r *http.Request) { return } - err := rs.auth.Update(&user) + claims, _ := auth.FromContext(r.Context()) + err := rs.auth.Update(&user, claims.RawToken) if err != nil { _ = render.Render(w, r, ErrServerError(err)) return From 30db4d4a5f86b3e9cee1c0ed852bf9d73e0cce2c Mon Sep 17 00:00:00 2001 From: Victor Roest Date: Tue, 10 Nov 2020 16:32:59 +0100 Subject: [PATCH 2/3] re-add run config --- .run/Control server.run.xml | 12 ++++++++++++ 1 file changed, 12 insertions(+) create mode 100644 .run/Control server.run.xml diff --git a/.run/Control server.run.xml b/.run/Control server.run.xml new file mode 100644 index 0000000..77cda7e --- /dev/null +++ b/.run/Control server.run.xml @@ -0,0 +1,12 @@ + + + + + + + + + + + + \ No newline at end of file From d89b3b4771da380dd3d38889eb75a44a6b100993 Mon Sep 17 00:00:00 2001 From: Victor Roest Date: Tue, 10 Nov 2020 19:15:38 +0100 Subject: [PATCH 3/3] Further integrate aurum --- pkg/auth/aurum.go | 28 +++-- pkg/auth/auth.go | 134 +++++++++++++++++------ pkg/auth/store.go | 99 ----------------- pkg/models/models.go | 5 +- pkg/store/badger_store_test.go | 3 - services/control_server/main.go | 38 +------ services/control_server/routes/routes.go | 6 +- services/control_server/routes/user.go | 19 ++-- 8 files changed, 136 insertions(+), 196 deletions(-) delete mode 100644 pkg/auth/store.go diff --git a/pkg/auth/aurum.go b/pkg/auth/aurum.go index ad9795c..1a7814d 100644 --- a/pkg/auth/aurum.go +++ b/pkg/auth/aurum.go @@ -1,9 +1,9 @@ package auth import ( - "github.com/finitum/AAAAA/pkg/models" "github.com/finitum/aurum/clients/go" "github.com/pkg/errors" + log "github.com/sirupsen/logrus" ) type Aurum struct { @@ -19,8 +19,8 @@ func NewAurum(url string) (*Aurum, error) { return &Aurum{ au }, nil } -func (a *Aurum) Login(user *models.User) (string, error) { - tp, err := a.au.Login(user.Username, user.Password) +func (a *Aurum) Login(user string, pass string) (string, error) { + tp, err := a.au.Login(user, pass) if err != nil { return "", err } @@ -28,15 +28,21 @@ func (a *Aurum) Login(user *models.User) (string, error) { return tp.LoginToken, nil } -func (a *Aurum) Register(user *models.User) error { - return errors.Wrap(a.au.Register(user.Username, user.Password, "nomail@AAAAA"), "aurum signup failed") +func (a *Aurum) Register(user FullUser) error { + if user.Email == "" { + user.Email = "no-email" + } + + err := a.au.Register(user.Username, user.Password, user.Email) + return errors.Wrap(err, "aurum signup failed") } -func (a *Aurum) Update(user *models.User, token string) error { +func (a *Aurum) Update(user FullUser, token string) error { + log.Error("updating user unsupported") return errors.New("unsupported") } -func (a *Aurum) Verify(token string) (Claims, bool) { +func (a *Aurum) Verify(token string) (ret Claims, _ bool) { claims, err := a.au.Verify(token) if err != nil { return Claims{}, false @@ -46,8 +52,8 @@ func (a *Aurum) Verify(token string) (Claims, bool) { return Claims{}, false } - return Claims{ - Username: claims.Username, - RawToken: token, - }, !claims.Refresh + + ret.Username = claims.Username + ret.RawToken = token + return ret, !claims.Refresh } diff --git a/pkg/auth/auth.go b/pkg/auth/auth.go index bb2a528..5e01b7c 100644 --- a/pkg/auth/auth.go +++ b/pkg/auth/auth.go @@ -3,53 +3,45 @@ package auth import ( "context" "github.com/finitum/AAAAA/pkg/models" + "github.com/finitum/AAAAA/pkg/store" + "github.com/pkg/errors" "net/http" "strings" ) +const VerifierContextKey = "AAAAA jwt verification key" + +type FullUser struct { + models.User + Password string + Email string `json:"-,omitempty"` +} + +func (u *FullUser) Bind(*http.Request) error { + if u.Username == "" || u.Password == "" { + return errors.New("invalid user") + } + + return nil +} + type Claims struct { - Username string + models.User RawToken string } -const VerifierContextKey = "AAAAA jwt verification key" - type AuthenticationService interface { - Login(user *models.User) (string, error) - Register(user *models.User) error - Update(user *models.User, token string) error + // Login should login a user and return a token + Login(user string, pass string) (string, error) + // Register should create a user in the service + Register(user FullUser) error + // Update should update the email and password on the service + Update(user FullUser, token string) error // Verify verifies a jwt token returns claims, true if success nil, false otherwise Verify(token string) (Claims, bool) } -// VerificationMiddleware calls AuthenticationService.Verify, 401s on failure and puts the claims in the request context -// on success, these can be retrieved with FromContext -func VerificationMiddleware(a AuthenticationService) func (next http.Handler) http.Handler { - return func(next http.Handler) http.Handler { - return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { - auth := r.Header.Get("Authorization") - if !strings.HasPrefix(auth, "Bearer ") { - http.Error(w, http.StatusText(http.StatusUnauthorized), http.StatusUnauthorized) - return - } - auth = strings.TrimPrefix(auth, "Bearer ") - - claims, valid := a.Verify(auth) - if !valid { - http.Error(w, http.StatusText(http.StatusUnauthorized), http.StatusUnauthorized) - return - } - - claims.RawToken = auth - - ctx := context.WithValue(r.Context(), VerifierContextKey, claims) - - next.ServeHTTP(w, r.WithContext(ctx)) - }) - } -} - // FromContext retrieves the Claims from a request context, returns Claims, true on success nil, false otherwise func FromContext(ctx context.Context) (Claims, bool) { claims, ok := ctx.Value(VerifierContextKey).(Claims) @@ -58,3 +50,79 @@ func FromContext(ctx context.Context) (Claims, bool) { } return claims, true } + +/* Authenticator */ + +type Authenticator struct { + as AuthenticationService + us store.UserStore +} + +func NewAuthenticator(as AuthenticationService, us store.UserStore) *Authenticator { + return &Authenticator{as, us} +} + +func (a Authenticator) Login(username, password string) (string, error) { + if _, err := a.us.GetUser(username); err != nil { + return "", err + } + + return a.as.Login(username, password) +} + +func (a Authenticator) Register(user FullUser) error { + if err := a.as.Register(user); err != nil { + return err + } + + if err := a.us.AddUser(&user.User); err != nil { + return err + } + + return nil +} + +func (a Authenticator) Update(user FullUser, token string) error { + if _, err := a.us.GetUser(user.Username); err != nil { + return err + } + + return a.as.Update(user, token) +} + +func (a Authenticator) GetUsers() ([]*models.User, error) { + return a.us.AllUsers() +} + +func (a Authenticator) GetUserNames() ([]string, error) { + return a.us.AllUserNames() +} + +func (a Authenticator) DeleteUser(username string) error { + return a.us.DelUser(username) +} + +// VerificationMiddleware calls AuthenticationService.Verify, 401s on failure and puts the claims in the request context +// on success, these can be retrieved with FromContext +func (a Authenticator)VerificationMiddleware(next http.Handler) http.Handler { + return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { + auth := r.Header.Get("Authorization") + if !strings.HasPrefix(auth, "Bearer ") { + http.Error(w, http.StatusText(http.StatusUnauthorized), http.StatusUnauthorized) + return + } + auth = strings.TrimPrefix(auth, "Bearer ") + + claims, valid := a.as.Verify(auth) + if !valid { + http.Error(w, http.StatusText(http.StatusUnauthorized), http.StatusUnauthorized) + return + } + + claims.RawToken = auth + + ctx := context.WithValue(r.Context(), VerifierContextKey, claims) + + next.ServeHTTP(w, r.WithContext(ctx)) + }) +} diff --git a/pkg/auth/store.go b/pkg/auth/store.go deleted file mode 100644 index 3b6a7ea..0000000 --- a/pkg/auth/store.go +++ /dev/null @@ -1,99 +0,0 @@ -package auth - -import ( - "github.com/dgrijalva/jwt-go" - "github.com/finitum/AAAAA/pkg/models" - "github.com/finitum/AAAAA/pkg/store" - "github.com/go-chi/jwtauth" - "github.com/pkg/errors" - "golang.org/x/crypto/bcrypt" -) - -type StoreAuth struct { - db store.Store - jwt *jwtauth.JWTAuth -} - -func NewStoreAuth(db store.Store, jwtkey string) *StoreAuth { - return &StoreAuth{ - db: db, - jwt: jwtauth.New(jwt.SigningMethodHS384.Name, []byte(jwtkey), nil), - } -} - -func (s *StoreAuth) Verify(token string) (Claims, bool) { - dec, err := s.jwt.Decode(token) - if err != nil { - return Claims{}, false - } - - if !dec.Valid { - return Claims{}, false - } - - claims := dec.Claims.(*jwt.StandardClaims) - - return Claims{ - Username: claims.Subject, - RawToken: token, - }, dec.Valid -} - -func (s *StoreAuth) Update(user *models.User, _ string) error { - _, err := s.db.GetUser(user.Username) - if err == store.ErrNotExists { - return errors.New("user doesn't exists") - } - - hash, err := bcrypt.GenerateFromPassword([]byte(user.Password), bcrypt.DefaultCost) - if err != nil { - return errors.Wrap(err, "bcrypt generate") - } - user.Password = string(hash) - - if err := s.db.AddUser(user); err != nil { - return errors.Wrap(err, "adding user to db") - } - - return nil -} - - -func (s *StoreAuth) Login(user *models.User) (string, error) { - dbUser, err := s.db.GetUser(user.Username) - if err != nil { - return "", errors.Wrap(err, "user not in database") - } - - if err := bcrypt.CompareHashAndPassword([]byte(dbUser.Password), []byte(user.Password)); err != nil { - return "", errors.Wrap(err, "password wrong or invalid") - } - - _, tokenString, err := s.jwt.Encode(jwt.StandardClaims{Subject: dbUser.Username, Audience: "user"}) - if err != nil { - return "", errors.Wrap(err, "couldn't encode jwt token") - - } - - return tokenString, nil -} - -func (s StoreAuth) Register(user *models.User) error { - _, err := s.db.GetUser(user.Username) - if err != store.ErrNotExists { - return errors.New("user exists") - } - - hash, err := bcrypt.GenerateFromPassword([]byte(user.Password), bcrypt.DefaultCost) - if err != nil { - return errors.Wrap(err, "bcrypt generate") - } - - user.Password = string(hash) - - if err := s.db.AddUser(user); err != nil { - return errors.Wrap(err, "adding user to db") - } - - return nil -} diff --git a/pkg/models/models.go b/pkg/models/models.go index cfbf0b4..ea6b2d7 100644 --- a/pkg/models/models.go +++ b/pkg/models/models.go @@ -53,17 +53,14 @@ func (p *Pkg) Bind(*http.Request) error { type User struct { Username string - Password string } func (u *User) Render(w http.ResponseWriter, r *http.Request) error { - u.Password = "" - return nil } func (u *User) Bind(*http.Request) error { - if u.Username == "" || u.Password == "" { + if u.Username == "" { return errors.New("invalid user") } diff --git a/pkg/store/badger_store_test.go b/pkg/store/badger_store_test.go index 02a66c0..96caf20 100644 --- a/pkg/store/badger_store_test.go +++ b/pkg/store/badger_store_test.go @@ -80,7 +80,6 @@ func TestBadger_AllPackages(t *testing.T) { func TestBadger_AddGetDelUser(t *testing.T) { tstUser := models.User{ Username: "testkees", - Password: "encryptedyes?", } storePath := os.TempDir() + "/TestBadger_AddUser" @@ -103,11 +102,9 @@ func TestBadger_AddGetDelUser(t *testing.T) { func TestBadger_AllUserNames(t *testing.T) { tstUser := models.User{ Username: "yoink", - Password: "rot26bestencryption", } tstUser2 := models.User{ Username: "; DROP TABLE 'USERS';--", - Password: "2xrot13bestencryption", } storePath := os.TempDir() + "/TestBadger_AllUserNames" diff --git a/services/control_server/main.go b/services/control_server/main.go index c299c9f..59cea1a 100644 --- a/services/control_server/main.go +++ b/services/control_server/main.go @@ -1,12 +1,9 @@ package main import ( - "crypto/rand" - "encoding/base64" "github.com/finitum/AAAAA/internal/cors" "github.com/finitum/AAAAA/pkg/auth" "github.com/finitum/AAAAA/pkg/executor" - "github.com/finitum/AAAAA/pkg/models" "github.com/finitum/AAAAA/pkg/store" "github.com/finitum/AAAAA/services/control_server/config" "github.com/finitum/AAAAA/services/control_server/routes" @@ -33,11 +30,13 @@ func main() { // Auth service //auths := auth.NewStoreAuth(db, cfg.JWTKey) - auths, err := auth.NewAurum("http://localhost:8042") + as, err := auth.NewAurum("http://localhost:8042") if err != nil { log.Fatal(err) } + au := auth.NewAuthenticator(as, db) + // Create initial user //initialUser(db, auths) @@ -56,7 +55,7 @@ func main() { } // Router - rs := routes.New(cfg, db, auths, exec) + rs := routes.New(cfg, db, au, exec) r := chi.NewRouter() r.Use(middleware.StripSlashes) @@ -75,7 +74,7 @@ func main() { // Protected Routes r.Group(func(r chi.Router) { // Veirfy jwt tokens - r.Use(auth.VerificationMiddleware(auths)) + r.Use(au.VerificationMiddleware) //r.Use(corsHandler) @@ -95,30 +94,3 @@ func main() { log.Fatal(http.ListenAndServe(cfg.Address, r)) } - -func initialUser(db store.Store, auths auth.StoreAuth) { - users, err := db.AllUserNames() - if err != nil { - log.Fatal(err) - } - if len(users) != 0 { - return - } - - log.Info("Creating default admin user as no users were found") - buf := make([]byte, 32) - _, err = rand.Read(buf) - if err != nil { - log.Fatal(err) - } - pass := base64.StdEncoding.EncodeToString(buf) - - if err := auths.Register(&models.User{ - Username: "admin", - Password: pass, - }); err != nil { - log.Fatal(err) - } - - log.Infof("|> username: admin, password: %s \n", pass) -} diff --git a/services/control_server/routes/routes.go b/services/control_server/routes/routes.go index 625f769..d74d611 100644 --- a/services/control_server/routes/routes.go +++ b/services/control_server/routes/routes.go @@ -10,13 +10,13 @@ import ( type Routes struct { cfg *config.Config + auth *auth.Authenticator db store.PackageStore - auth auth.AuthenticationService exec executor.Executor } -func New(cfg *config.Config, db store.PackageStore, auth auth.AuthenticationService, exec executor.Executor) *Routes { - return &Routes{cfg, db, auth, exec} +func New(cfg *config.Config, db store.PackageStore, auth *auth.Authenticator, exec executor.Executor) *Routes { + return &Routes{cfg, auth, db, exec} } func (*Routes) HelloWorld(w http.ResponseWriter, r *http.Request) { diff --git a/services/control_server/routes/user.go b/services/control_server/routes/user.go index ab18214..5f515db 100644 --- a/services/control_server/routes/user.go +++ b/services/control_server/routes/user.go @@ -3,7 +3,6 @@ package routes import ( "encoding/json" "github.com/finitum/AAAAA/pkg/auth" - "github.com/finitum/AAAAA/pkg/models" "github.com/go-chi/chi" "github.com/go-chi/render" log "github.com/sirupsen/logrus" @@ -11,14 +10,14 @@ import ( ) func (rs *Routes) Login(w http.ResponseWriter, r *http.Request) { - var user models.User + var user auth.FullUser if err := render.Bind(r, &user); err != nil { _ = render.Render(w, r, ErrInvalidRequest(err)) return } - token, err := rs.auth.Login(&user) + token, err := rs.auth.Login(user.Username, user.Password) if err != nil { _ = render.Render(w, r, ErrUnauthorized()) return @@ -40,14 +39,14 @@ func (rs *Routes) Login(w http.ResponseWriter, r *http.Request) { } func (rs *Routes) AddUser(w http.ResponseWriter, r *http.Request) { - var user models.User + var user auth.FullUser if err := render.Bind(r, &user); err != nil { _ = render.Render(w, r, ErrInvalidRequest(err)) return } - if err := rs.auth.Register(&user); err != nil { + if err := rs.auth.Register(user); err != nil { _ = render.Render(w, r, ErrServerError(err)) return } @@ -56,7 +55,7 @@ func (rs *Routes) AddUser(w http.ResponseWriter, r *http.Request) { } func (rs *Routes) GetUsers(w http.ResponseWriter, r *http.Request) { - dbUsers, err := rs.db.AllUsers() + dbUsers, err := rs.auth.GetUsers() if err != nil { _ = render.Render(w, r, ErrServerError(err)) log.Errorf("failed to get users (%v)", err) @@ -74,7 +73,7 @@ func (rs *Routes) GetUsers(w http.ResponseWriter, r *http.Request) { func (rs *Routes) DeleteUser(w http.ResponseWriter, r *http.Request) { username := chi.URLParam(r, "username") - allUsers, err := rs.db.AllUserNames() + allUsers, err := rs.auth.GetUserNames() if err != nil { _ = render.Render(w, r, ErrServerError(err)) log.Errorf("failed to get users (%v)", err) @@ -86,7 +85,7 @@ func (rs *Routes) DeleteUser(w http.ResponseWriter, r *http.Request) { return } - err = rs.db.DelUser(username) + err = rs.auth.DeleteUser(username) if err != nil { _ = render.Render(w, r, ErrServerError(err)) log.Errorf("failed to remove user (%v)", err) @@ -95,7 +94,7 @@ func (rs *Routes) DeleteUser(w http.ResponseWriter, r *http.Request) { } func (rs *Routes) UpdateUser(w http.ResponseWriter, r *http.Request) { - var user models.User + var user auth.FullUser if err := render.Bind(r, &user); err != nil { _ = render.Render(w, r, ErrInvalidRequest(err)) @@ -103,7 +102,7 @@ func (rs *Routes) UpdateUser(w http.ResponseWriter, r *http.Request) { } claims, _ := auth.FromContext(r.Context()) - err := rs.auth.Update(&user, claims.RawToken) + err := rs.auth.Update(user, claims.RawToken) if err != nil { _ = render.Render(w, r, ErrServerError(err)) return