Merge branch 'code281' of _OKE5H2PQKOUfzFFDuD4FA/default/CODE/gitness (#67)

2025-05-06 04:19:58 +08:00 · 2023-05-18 02:11:51 +00:00 · 2023-05-18 02:11:51 +00:00 · ce533985c4
commit ce533985c4
parent 2e8fa1e006 7d18a2b56a
3 changed files with 16 additions and 6 deletions
--- a/internal/api/middleware/authn/authn.go
+++ b/internal/api/middleware/authn/authn.go
@ -19,25 +19,25 @@ import (
 // Attempt returns an http.HandlerFunc middleware that authenticates
 // the http.Request if authentication payload is available.
 func Attempt(authenticator authn.Authenticator) func(http.Handler) http.Handler {
-	return performAuthentication(authenticator, false)
+	return performAuthentication(authenticator, false, authn.AuthGitCaller)
 }

 // Required returns an http.HandlerFunc middleware that authenticates
 // the http.Request and fails the request if no auth data was available.
 func Required(authenticator authn.Authenticator) func(http.Handler) http.Handler {
-	return performAuthentication(authenticator, true)
+	return performAuthentication(authenticator, true, authn.AuthAPICaller)
 }

 // performAuthentication returns an http.HandlerFunc middleware that authenticates
 // the http.Request if authentication payload is available.
 // Depending on whether it is required or not, the request will be failed.
-func performAuthentication(authenticator authn.Authenticator, required bool) func(http.Handler) http.Handler {
+func performAuthentication(authenticator authn.Authenticator, required bool, caller authn.APICaller) func(http.Handler) http.Handler {
 	return func(next http.Handler) http.Handler {
 		return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
 			ctx := r.Context()
 			log := hlog.FromRequest(r)

-			session, err := authenticator.Authenticate(r)
+			session, err := authenticator.Authenticate(r, caller)

 			if errors.Is(err, authn.ErrNoAuthData) {
 				if required {
--- a/internal/auth/authn/authenticator.go
+++ b/internal/auth/authn/authenticator.go
@ -14,6 +14,16 @@ import (
 var (
 	// ErrNoAuthData that is returned if the authorizer doesn't find any data in the request that can be used for auth.
 	ErrNoAuthData = errors.New("the request doesn't contain any auth data that can be used by the Authorizer")
+	// ErrNotAcceptedAuthData that is returned if the request is using an auth data that is not accepted by the authorizer.
+	// e.g, don't accept jwt (without allowedURI field) for git clone/pull request.
+	ErrNotAcceptedAuthMethod = errors.New("the request contains auth method that is not accepted by the Authorizer")
+)
+
+type APICaller string
+
+const (
+	AuthAPICaller APICaller = "api"
+	AuthGitCaller APICaller = "git"
 )

 // Authenticator is an abstraction of an entity that's responsible for authenticating principals
@ -26,5 +36,5 @@ type Authenticator interface {
 	 *		(nil, ErrNoAuthData)	- request doesn't contain any auth data
 	 *		(nil, err)  			- request contains auth data but verification failed
 	 */
-	Authenticate(r *http.Request) (*auth.Session, error)
+	Authenticate(r *http.Request, caller APICaller) (*auth.Session, error)
 }
--- a/internal/auth/authn/token.go
+++ b/internal/auth/authn/token.go
@ -38,7 +38,7 @@ func NewTokenAuthenticator(
 	}
 }

-func (a *TokenAuthenticator) Authenticate(r *http.Request) (*auth.Session, error) {
+func (a *TokenAuthenticator) Authenticate(r *http.Request, caller APICaller) (*auth.Session, error) {
 	ctx := r.Context()
 	str := extractToken(r)