github/drone
5
0
Fork 0
mirror of https://github.com/harness/drone.git synced 2025-05-06 00:31:34 +08:00
Code Issues Packages Projects Releases Wiki Activity
4668e94027
drone/internal/api/middleware/authn/authn.go
Johannes Batzill 4668e94027 [Harness] Adding JWT/PAT/SAT Support, Harness Clients, Inline User/ServiceAccount Creation, harness Build flag, ... (#22) 
This change adds the initial stepping stones for harness integration:
- Authentication: JWT/PAT/SAT support
- Authorization: ACL integration (acl currently denies requests as gitness hasn't been integrated yet)
- Remote Clients for Token, User, ServiceAccount, ACL
- User Integration: Syncs harness users during authentication if unknown
- SA integration: syncs harness service accounts during authentication if unknown
- Initial harness API: THIS WILL BE CHANGED IN THE FUTURE!
- single harness subpackage (all marked with harness build flag)
- harness & standalone wire + make build commands
2022-09-30 16:22:12 -07:00

65 lines
1.8 KiB
Go
Raw Blame History

// Copyright 2021 Harness Inc. All rights reserved.
// Use of this source code is governed by the Polyform Free Trial License
// that can be found in the LICENSE.md file for this repository.
package authn
import (
"errors"
"net/http"
"github.com/harness/gitness/internal/api/render"
"github.com/harness/gitness/internal/api/request"
"github.com/harness/gitness/internal/auth/authn"
"github.com/rs/zerolog"
"github.com/rs/zerolog/hlog"
)
// Attempt returns an http.HandlerFunc middleware that authenticates
// the http.Request if authentication payload is available.
func Attempt(authenticator authn.Authenticator) func(http.Handler) http.Handler {
return func(next http.Handler) http.Handler {
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
ctx := r.Context()
log := hlog.FromRequest(r)
session, err := authenticator.Authenticate(r)
if errors.Is(err, authn.ErrNoAuthData) {
// if there was no auth data in the request - continue as is
next.ServeHTTP(w, r)
return
}
if err != nil {
log.Warn().Msgf("Failed to authenticate request: %s", err)
// for any other error we fail
render.Unauthorized(w)
return
}
if session == nil {
// when err == nil session should never be nil!
log.Error().Msg("auth session is nil eventhough the authenticator didn't return any error!")
render.InternalError(w)
return
}
// Update the logging context and inject principal in context
log.UpdateContext(func(c zerolog.Context) zerolog.Context {
return c.
Str("principal_uid", session.Principal.UID).
Str("principal_type", string(session.Principal.Type)).
Bool("principal_admin", session.Principal.Admin)
})
next.ServeHTTP(w, r.WithContext(
request.WithAuthSession(ctx, session),
))
})
}
}
Reference in New Issue View Git Blame Copy Permalink