kevin/calapi
1
0
Fork 0
mirror of https://github.com/Unkn0wnCat/calapi.git synced 2025-06-09 03:31:38 +02:00
Code Issues Projects Releases Packages Wiki Activity

Add authentication and metrics

Browse source
This commit is contained in:
Kevin Kandlbinder 2023-03-07 15:14:08 +01:00
parent 7667ea7b90
commit 6abea91d7c
Signed by: kevin
GPG key ID: 1460B586646E180D
16 changed files with 894 additions and 31 deletions
Download patch file Download diff file Expand all files Collapse all files

88
internal/auth/challenges.go Normal file
View file

@ -0,0 +1,88 @@
package auth
import (
"context"
"errors"
"github.com/99designs/gqlgen/graphql"
"github.com/Unkn0wnCat/calapi/internal/logger"
"github.com/go-chi/chi/middleware"
"github.com/spf13/viper"
"github.com/vektah/gqlparser/v2/gqlerror"
"go.uber.org/zap"
)
func ChallengeQuery(ctx context.Context) error {
if viper.GetBool("auth.anonymous_read") == true || viper.GetString("auth.type") == AuthTypeNone {
return nil // Anonymous querying is allowed. Anyone is allowed.
}
user := ForContext(ctx)
if user == nil {
logger.Logger.Warn("unauthorized query attempt",
zap.String("requestId", middleware.GetReqID(ctx)),
zap.String("gqlPath", graphql.GetPath(ctx).String()),
)
graphql.AddError(ctx, &gqlerror.Error{
Message: "A login token is required, but was not provided.",
Path: graphql.GetPath(ctx),
})
return errors.New("no user found")
}
if user.ID == "ANON-NO-AUTH" {
// This login was done when auth was turned off.
logger.Logger.Warn("anonymous query attempt",
zap.String("requestId", middleware.GetReqID(ctx)),
zap.String("gqlPath", graphql.GetPath(ctx).String()),
)
graphql.AddError(ctx, &gqlerror.Error{
Message: "The provided login token was anonymous, but this was since disabled. Please reauthenticate.",
Path: graphql.GetPath(ctx),
})
return errors.New("anonymous auth disabled")
}
return nil // User is set.
}
func ChallengeMutation(ctx context.Context) error {
if viper.GetString("auth.type") == AuthTypeNone {
return nil // Anonymous mutations are allowed. Anyone is allowed.
}
user := ForContext(ctx)
if user == nil {
logger.Logger.Warn("unauthorized mutation attempt",
zap.String("requestId", middleware.GetReqID(ctx)),
zap.String("gqlPath", graphql.GetPath(ctx).String()),
)
graphql.AddError(ctx, &gqlerror.Error{
Message: "A login token is required, but was not provided.",
Path: graphql.GetPath(ctx),
})
return errors.New("no user found")
}
if user.ID == "ANON-NO-AUTH" {
// This login was done when auth was turned off.
logger.Logger.Warn("anonymous mutation attempt",
zap.String("requestId", middleware.GetReqID(ctx)),
zap.String("gqlPath", graphql.GetPath(ctx).String()),
)
graphql.AddError(ctx, &gqlerror.Error{
Message: "The provided login token was anonymous, but this was since disabled. Please reauthenticate.",
Path: graphql.GetPath(ctx),
})
return errors.New("anonymous auth disabled")
}
return nil // User is set.
}