github/drone
5
0
Fork 0
mirror of https://github.com/harness/drone.git synced 2025-05-04 18:30:59 +08:00
Code Issues Packages Projects Releases Wiki Activity
4668e94027
drone/internal/router/web.go
Johannes Batzill 4668e94027 [Harness] Adding JWT/PAT/SAT Support, Harness Clients, Inline User/ServiceAccount Creation, harness Build flag, ... (#22) 
This change adds the initial stepping stones for harness integration:
- Authentication: JWT/PAT/SAT support
- Authorization: ACL integration (acl currently denies requests as gitness hasn't been integrated yet)
- Remote Clients for Token, User, ServiceAccount, ACL
- User Integration: Syncs harness users during authentication if unknown
- SA integration: syncs harness service accounts during authentication if unknown
- Initial harness API: THIS WILL BE CHANGED IN THE FUTURE!
- single harness subpackage (all marked with harness build flag)
- harness & standalone wire + make build commands
2022-09-30 16:22:12 -07:00

59 lines
1.9 KiB
Go
Raw Blame History

package router
import (
"context"
"net/http"
"github.com/harness/gitness/internal/store"
"github.com/harness/gitness/web"
"github.com/swaggest/swgui/v3emb"
"github.com/unrolled/secure"
"github.com/go-chi/chi"
)
/*
* newWebHandler returns a new http handler for handling WEB calls.
*/
func newWebHandler(systemStore store.SystemStore) http.Handler {
config := systemStore.Config(context.Background())
// Use go-chi router for inner routing (restricted to mountPath!)
r := chi.NewRouter()
// create middleware to enforce security best practices for
// the user interface. note that theis middleware is only used
// when serving the user interface (not found handler, below).
sec := secure.New(
secure.Options{
AllowedHosts: config.Secure.AllowedHosts,
HostsProxyHeaders: config.Secure.HostsProxyHeaders,
SSLRedirect: config.Secure.SSLRedirect,
SSLTemporaryRedirect: config.Secure.SSLTemporaryRedirect,
SSLHost: config.Secure.SSLHost,
SSLProxyHeaders: config.Secure.SSLProxyHeaders,
STSSeconds: config.Secure.STSSeconds,
STSIncludeSubdomains: config.Secure.STSIncludeSubdomains,
STSPreload: config.Secure.STSPreload,
ForceSTSHeader: config.Secure.ForceSTSHeader,
FrameDeny: config.Secure.FrameDeny,
ContentTypeNosniff: config.Secure.ContentTypeNosniff,
BrowserXssFilter: config.Secure.BrowserXSSFilter,
ContentSecurityPolicy: config.Secure.ContentSecurityPolicy,
ReferrerPolicy: config.Secure.ReferrerPolicy,
},
)
// openapi playground endpoints
swagger := v3emb.NewHandler("API Definition", "/api/v1/swagger.yaml", "/swagger")
r.With(sec.Handler).Handle("/swagger", swagger)
r.With(sec.Handler).Handle("/swagger/*", swagger)
// serve all other routes from the embedded filesystem,
// which in turn serves the user interface.
r.With(sec.Handler).NotFound(
web.Handler(),
)
return r
}
Reference in New Issue View Git Blame Copy Permalink