diff --git a/internal/api/middleware/authn/authn.go b/internal/api/middleware/authn/authn.go index 8194e6e45..d127530a9 100644 --- a/internal/api/middleware/authn/authn.go +++ b/internal/api/middleware/authn/authn.go @@ -18,14 +18,14 @@ import ( // Attempt returns an http.HandlerFunc middleware that authenticates // the http.Request if authentication payload is available. -func Attempt(authenticator authn.Authenticator) func(http.Handler) http.Handler { - return performAuthentication(authenticator, false, authn.AuthGitCaller) +func Attempt(authenticator authn.Authenticator, sourceRouter authn.SourceRouter) func(http.Handler) http.Handler { + return performAuthentication(authenticator, false, sourceRouter) } // Required returns an http.HandlerFunc middleware that authenticates // the http.Request and fails the request if no auth data was available. -func Required(authenticator authn.Authenticator) func(http.Handler) http.Handler { - return performAuthentication(authenticator, true, authn.AuthAPICaller) +func Required(authenticator authn.Authenticator, sourceRouter authn.SourceRouter) func(http.Handler) http.Handler { + return performAuthentication(authenticator, true, sourceRouter) } // performAuthentication returns an http.HandlerFunc middleware that authenticates @@ -33,14 +33,14 @@ func Required(authenticator authn.Authenticator) func(http.Handler) http.Handler // Depending on whether it is required or not, the request will be failed. func performAuthentication( authenticator authn.Authenticator, - required bool, caller authn.APICaller, + required bool, sourceRouter authn.SourceRouter, ) func(http.Handler) http.Handler { return func(next http.Handler) http.Handler { return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { ctx := r.Context() log := hlog.FromRequest(r) - session, err := authenticator.Authenticate(r, caller) + session, err := authenticator.Authenticate(r, sourceRouter) if errors.Is(err, authn.ErrNoAuthData) { if required { diff --git a/internal/auth/authn/authenticator.go b/internal/auth/authn/authenticator.go index 1988c26a9..21006718b 100644 --- a/internal/auth/authn/authenticator.go +++ b/internal/auth/authn/authenticator.go @@ -19,11 +19,11 @@ var ( ErrNotAcceptedAuthMethod = errors.New("the request contains auth method that is not accepted by the Authorizer") ) -type APICaller string +type SourceRouter string const ( - AuthAPICaller APICaller = "api" - AuthGitCaller APICaller = "git" + SourceRouterAPI SourceRouter = "api" + SourceRouterGIT SourceRouter = "git" ) // Authenticator is an abstraction of an entity that's responsible for authenticating principals @@ -36,5 +36,5 @@ type Authenticator interface { * (nil, ErrNoAuthData) - request doesn't contain any auth data * (nil, err) - request contains auth data but verification failed */ - Authenticate(r *http.Request, caller APICaller) (*auth.Session, error) + Authenticate(r *http.Request, sourceRouter SourceRouter) (*auth.Session, error) } diff --git a/internal/auth/authn/token.go b/internal/auth/authn/token.go index b2dc748f3..2781713a9 100644 --- a/internal/auth/authn/token.go +++ b/internal/auth/authn/token.go @@ -38,7 +38,7 @@ func NewTokenAuthenticator( } } -func (a *TokenAuthenticator) Authenticate(r *http.Request, caller APICaller) (*auth.Session, error) { +func (a *TokenAuthenticator) Authenticate(r *http.Request, sourceRouter SourceRouter) (*auth.Session, error) { ctx := r.Context() str := extractToken(r) diff --git a/internal/router/api.go b/internal/router/api.go index 9747989cd..382979ff8 100644 --- a/internal/router/api.go +++ b/internal/router/api.go @@ -82,7 +82,7 @@ func NewAPIHandler( r.Use(corsHandler(config)) // for now always attempt auth - enforced per operation. - r.Use(middlewareauthn.Attempt(authenticator)) + r.Use(middlewareauthn.Attempt(authenticator, authn.SourceRouterAPI)) r.Route("/v1", func(r chi.Router) { setupRoutesV1(r, repoCtrl, spaceCtrl, pullreqCtrl, webhookCtrl, githookCtrl, saCtrl, userCtrl, principalCtrl) diff --git a/internal/router/git.go b/internal/router/git.go index 42d6aec90..b6dd33abf 100644 --- a/internal/router/git.go +++ b/internal/router/git.go @@ -53,7 +53,7 @@ func NewGitHandler( r.Use(logging.HLogAccessLogHandler()) r.Route(fmt.Sprintf("/{%s}", request.PathParamRepoRef), func(r chi.Router) { - r.Use(middlewareauthn.Attempt(authenticator)) + r.Use(middlewareauthn.Attempt(authenticator, authn.SourceRouterGIT)) // smart protocol r.Handle("/git-upload-pack", handlerrepo.GetUploadPack(client, urlProvider, repoStore, authorizer))