fix: Define SecretStoreAuth in separate file

Define SecretStoreAuthenticationHandlerFunc in separate file

Signed-off-by: Lindsey Cheng <[email protected]>

bootstrap/container/clients.go

@@ -1,6 +1,6 @@
 //
 // Copyright (c) 2022 Intel Corporation
-// Copyright (C) 2024 IOTech Ltd
+// Copyright (C) 2024-2025 IOTech Ltd
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.

bootstrap/controller/commonapi.go

@@ -1,5 +1,5 @@
 //
-// Copyright (C) 2023 IOTech Ltd
+// Copyright (C) 2023-2025 IOTech Ltd
 //
 // SPDX-License-Identifier: Apache-2.0
 

bootstrap/handlers/auth_func.go

@@ -1,5 +1,5 @@
 /*******************************************************************************
- * Copyright 2024 IOTech Ltd
+ * Copyright 2024-2025 IOTech Ltd
  *
  * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except
  * in compliance with the License. You may obtain a copy of the License at

bootstrap/handlers/auth_middleware.go

@@ -2,7 +2,7 @@
 
 /*******************************************************************************
  * Copyright 2023 Intel Corporation
- * Copyright 2023-2024 IOTech Ltd
+ * Copyright 2023-2025 IOTech Ltd
  *
  * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except
  * in compliance with the License. You may obtain a copy of the License at
@@ -24,20 +24,15 @@ import (
 
 	"github.com/edgexfoundry/go-mod-bootstrap/v4/bootstrap/container"
 	"github.com/edgexfoundry/go-mod-bootstrap/v4/bootstrap/handlers/headers"
-	"github.com/edgexfoundry/go-mod-bootstrap/v4/bootstrap/interfaces"
 	"github.com/edgexfoundry/go-mod-bootstrap/v4/bootstrap/zerotrust"
 	"github.com/edgexfoundry/go-mod-bootstrap/v4/di"
-	"github.com/edgexfoundry/go-mod-core-contracts/v4/clients/logger"
 	dtoCommon "github.com/edgexfoundry/go-mod-core-contracts/v4/dtos/common"
 
 	"github.com/golang-jwt/jwt/v5"
 	"github.com/labstack/echo/v4"
 	"github.com/openziti/sdk-golang/ziti/edge"
 )
 
-// openBaoIssuer defines the issuer if JWT was issued from OpenBao
-const openBaoIssuer = "/v1/identity/oidc"
-
 // AuthenticationHandlerFunc prefixes an existing HandlerFunc,
 // performing authentication checks based on OpenBao-issued JWTs or external JWTs by checking the Authorization header. Usage:
 //
@@ -111,24 +106,3 @@ func AuthenticationHandlerFunc(dic *di.Container) echo.MiddlewareFunc {
 		}
 	}
 }
-
-// SecretStoreAuthenticationHandlerFunc verifies the JWT with a OpenBao-based JWT authentication check
-func SecretStoreAuthenticationHandlerFunc(secretProvider interfaces.SecretProviderExt, lc logger.LoggingClient, token string, c echo.Context) error {
-	r := c.Request()
-	w := c.Response()
-
-	validToken, err := secretProvider.IsJWTValid(token)
-	if err != nil {
-		lc.Errorf("Error checking JWT validity by the secret provider: %v ", err)
-		// set Response.Committed to true in order to rewrite the status code
-		w.Committed = false
-		return echo.NewHTTPError(http.StatusInternalServerError, http.StatusText(http.StatusInternalServerError))
-	} else if !validToken {
-		lc.Warnf("Request to '%s' UNAUTHORIZED", r.URL.Path)
-		// set Response.Committed to true in order to rewrite the status code
-		w.Committed = false
-		return echo.NewHTTPError(http.StatusUnauthorized, http.StatusText(http.StatusUnauthorized))
-	}
-	lc.Debugf("Request to '%s' authorized", r.URL.Path)
-	return nil
-}

bootstrap/handlers/auth_middleware_no_ziti.go

@@ -1,7 +1,7 @@
 //go:build no_openziti
 
 /*******************************************************************************
- * Copyright 2024 IOTech Ltd
+ * Copyright 2024-2025 IOTech Ltd
  *
  * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except
  * in compliance with the License. You may obtain a copy of the License at
@@ -23,9 +23,7 @@ import (
 
 	"github.com/edgexfoundry/go-mod-bootstrap/v4/bootstrap/container"
 	"github.com/edgexfoundry/go-mod-bootstrap/v4/bootstrap/handlers/headers"
-	"github.com/edgexfoundry/go-mod-bootstrap/v4/bootstrap/interfaces"
 	"github.com/edgexfoundry/go-mod-bootstrap/v4/di"
-	"github.com/edgexfoundry/go-mod-core-contracts/v4/clients/logger"
 	dtoCommon "github.com/edgexfoundry/go-mod-core-contracts/v4/dtos/common"
 
 	"github.com/golang-jwt/jwt/v5"
@@ -99,24 +97,3 @@ func AuthenticationHandlerFunc(dic *di.Container) echo.MiddlewareFunc {
 		}
 	}
 }
-
-// SecretStoreAuthenticationHandlerFunc verifies the JWT with a OpenBao-based JWT authentication check
-func SecretStoreAuthenticationHandlerFunc(secretProvider interfaces.SecretProviderExt, lc logger.LoggingClient, token string, c echo.Context) error {
-	r := c.Request()
-	w := c.Response()
-
-	validToken, err := secretProvider.IsJWTValid(token)
-	if err != nil {
-		lc.Errorf("Error checking JWT validity by the secret provider: %v ", err)
-		// set Response.Committed to true in order to rewrite the status code
-		w.Committed = false
-		return echo.NewHTTPError(http.StatusInternalServerError, http.StatusText(http.StatusInternalServerError))
-	} else if !validToken {
-		lc.Warnf("Request to '%s' UNAUTHORIZED", r.URL.Path)
-		// set Response.Committed to true in order to rewrite the status code
-		w.Committed = false
-		return echo.NewHTTPError(http.StatusUnauthorized, http.StatusText(http.StatusUnauthorized))
-	}
-	lc.Debugf("Request to '%s' authorized", r.URL.Path)
-	return nil
-}

bootstrap/handlers/auth_secretstore.go

@@ -0,0 +1,36 @@
+//
+// Copyright (C) 2025 IOTech Ltd
+//
+// SPDX-License-Identifier: Apache-2.0
+
+package handlers
+
+import (
+	"net/http"
+
+	"github.com/edgexfoundry/go-mod-bootstrap/v4/bootstrap/interfaces"
+	"github.com/edgexfoundry/go-mod-core-contracts/v4/clients/logger"
+
+	"github.com/labstack/echo/v4"
+)
+
+// SecretStoreAuthenticationHandlerFunc verifies the JWT with a OpenBao-based JWT authentication check
+func SecretStoreAuthenticationHandlerFunc(secretProvider interfaces.SecretProviderExt, lc logger.LoggingClient, token string, c echo.Context) error {
+	r := c.Request()
+	w := c.Response()
+
+	validToken, err := secretProvider.IsJWTValid(token)
+	if err != nil {
+		lc.Errorf("Error checking JWT validity by the secret provider: %v ", err)
+		// set Response.Committed to true in order to rewrite the status code
+		w.Committed = false
+		return echo.NewHTTPError(http.StatusInternalServerError, http.StatusText(http.StatusInternalServerError))
+	} else if !validToken {
+		lc.Warnf("Request to '%s' UNAUTHORIZED", r.URL.Path)
+		// set Response.Committed to true in order to rewrite the status code
+		w.Committed = false
+		return echo.NewHTTPError(http.StatusUnauthorized, http.StatusText(http.StatusUnauthorized))
+	}
+	lc.Debugf("Request to '%s' authorized", r.URL.Path)
+	return nil
+}

bootstrap/handlers/constants.go

@@ -0,0 +1,9 @@
+//
+// Copyright (C) 2025 IOTech Ltd
+//
+// SPDX-License-Identifier: Apache-2.0
+
+package handlers
+
+// openBaoIssuer defines the issuer if JWT was issued from OpenBao
+const openBaoIssuer = "/v1/identity/oidc"

bootstrap/handlers/headers/jwt.go

@@ -1,5 +1,5 @@
 //
-// Copyright (C) 2024 IOTech Ltd
+// Copyright (C) 2025 IOTech Ltd
 //
 // SPDX-License-Identifier: Apache-2.0
 

bootstrap/handlers/headers/jwt_test.go

@@ -1,5 +1,5 @@
 //
-// Copyright (C) 2024 IOTech Ltd
+// Copyright (C) 2025 IOTech Ltd
 //
 // SPDX-License-Identifier: Apache-2.0
 

bootstrap/handlers/headers/key.go

@@ -1,5 +1,5 @@
 //
-// Copyright (C) 2024 IOTech Ltd
+// Copyright (C) 2025 IOTech Ltd
 //
 // SPDX-License-Identifier: Apache-2.0
 

bootstrap/handlers/headers/key_test.go

@@ -1,5 +1,5 @@
 //
-// Copyright (C) 2024 IOTech Ltd
+// Copyright (C) 2025 IOTech Ltd
 //
 // SPDX-License-Identifier: Apache-2.0