Skip to content

Commit

Permalink
feat: adopt new oauth2 integration
Browse files Browse the repository at this point in the history
  • Loading branch information
@BarcoMasile
BarcoMasile committed Jun 12, 2024
1 parent e054552 commit 912029c
Show file tree
Hide file tree
Showing 2 changed files with 34 additions and 2 deletions.
14 changes: 13 additions & 1 deletion cmd/serve.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -28,6 +28,7 @@ import (
"github.com/canonical/identity-platform-admin-ui/internal/openfga"
"github.com/canonical/identity-platform-admin-ui/internal/pool"
"github.com/canonical/identity-platform-admin-ui/internal/tracing"
"github.com/canonical/identity-platform-admin-ui/pkg/authentication"
"github.com/canonical/identity-platform-admin-ui/pkg/idp"
"github.com/canonical/identity-platform-admin-ui/pkg/rules"
"github.com/canonical/identity-platform-admin-ui/pkg/schemas"
Expand Down Expand Up @@ -137,9 +138,20 @@ func serve() {
}
}

oauth2Config := authentication.NewAuthenticationConfig(
specs.AuthenticationEnabled,
specs.OIDCIssuer,
specs.OAuth2ClientId,
specs.OAuth2ClientSecret,
specs.OAuth2RedirectURI,
specs.AccessTokenVerificationStrategy,
specs.OAuth2NonceCookieTTL,
specs.OAuth2CodeGrantScopes,
)

ollyConfig := web.NewO11yConfig(tracer, monitor, logger)

routerConfig := web.NewRouterConfig(specs.PayloadValidationEnabled, idpConfig, schemasConfig, rulesConfig, uiConfig, externalConfig, ollyConfig)
routerConfig := web.NewRouterConfig(specs.PayloadValidationEnabled, idpConfig, schemasConfig, rulesConfig, uiConfig, externalConfig, oauth2Config, ollyConfig)

wpool := pool.NewWorkerPool(specs.OpenFGAWorkersTotal, tracer, monitor, logger)
defer wpool.Stop()
Expand Down
22 changes: 21 additions & 1 deletion pkg/web/router.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,7 @@ package web
import (
"net/http"

"github.com/coreos/go-oidc/v3/oidc"
"github.com/go-chi/chi/v5"
"github.com/go-chi/chi/v5/middleware"

Expand All @@ -15,6 +16,7 @@ import (
"github.com/canonical/identity-platform-admin-ui/internal/pool"
"github.com/canonical/identity-platform-admin-ui/internal/tracing"
"github.com/canonical/identity-platform-admin-ui/internal/validation"
"github.com/canonical/identity-platform-admin-ui/pkg/authentication"
"github.com/canonical/identity-platform-admin-ui/pkg/clients"
"github.com/canonical/identity-platform-admin-ui/pkg/groups"
"github.com/canonical/identity-platform-admin-ui/pkg/identities"
Expand All @@ -34,17 +36,19 @@ type RouterConfig struct {
rules *rules.Config
ui *ui.Config
external ExternalClientsConfigInterface
oauth2 *authentication.Config
olly O11yConfigInterface
}

func NewRouterConfig(payloadValidationEnabled bool, idp *idp.Config, schemas *schemas.Config, rules *rules.Config, ui *ui.Config, external ExternalClientsConfigInterface, olly O11yConfigInterface) *RouterConfig {
func NewRouterConfig(payloadValidationEnabled bool, idp *idp.Config, schemas *schemas.Config, rules *rules.Config, ui *ui.Config, external ExternalClientsConfigInterface, oauth2 *authentication.Config, olly O11yConfigInterface) *RouterConfig {
return &RouterConfig{
payloadValidationEnabled: payloadValidationEnabled,
idp: idp,
schemas: schemas,
rules: rules,
ui: ui,
external: external,
oauth2: oauth2,
olly: olly,
}
}
Expand All @@ -57,6 +61,7 @@ func NewRouter(config *RouterConfig, wpool pool.WorkerPoolInterface) http.Handle
rulesConfig := config.rules
uiConfig := config.ui
externalConfig := config.external
oauth2Config := config.oauth2

logger := config.olly.Logger()
monitor := config.olly.Monitor()
Expand Down Expand Up @@ -132,6 +137,16 @@ func NewRouter(config *RouterConfig, wpool pool.WorkerPoolInterface) http.Handle
r.Use(authorizationMiddleware)
}).(*chi.Mux)

var oauth2Context *authentication.OAuth2Context

if oauth2Config.Enabled {
oauth2Context = authentication.NewOAuth2Context(config.oauth2, oidc.NewProvider, tracer, logger, monitor)

authenticationMiddleware := authentication.NewAuthenticationMiddleware(oauth2Context, tracer, logger)
authenticationMiddleware.SetAllowListedEndpoints("/api/v0/login", "/api/v0/status", "api/v0/metrics")
apiRouter.Use(authenticationMiddleware.OAuth2Authentication)
}

if config.payloadValidationEnabled {
validationRegistry := validation.NewRegistry(tracer, monitor, logger)
apiRouter.Use(validationRegistry.ValidationMiddleware)
Expand All @@ -157,6 +172,11 @@ func NewRouter(config *RouterConfig, wpool pool.WorkerPoolInterface) http.Handle
rolesAPI.RegisterEndpoints(apiRouter)
groupsAPI.RegisterEndpoints(apiRouter)

if oauth2Config.Enabled {
login := authentication.NewAPI(oauth2Context, tracer, logger)
login.RegisterEndpoints(apiRouter)
}

uiAPI.RegisterEndpoints(router)

return tracing.NewMiddleware(monitor, logger).OpenTelemetry(router)
Expand Down

0 comments on commit 912029c

Please sign in to comment.