Add support for API-KEY authentication (#372)

...
Co-authored-by: umang01-hash <[email protected]>
Co-authored-by: mehrotra234 <[email protected]>

Author: 3 people

docs/advanced-guide/auth/page.md

@@ -0,0 +1,128 @@
+# HTTP Authentication
+Authentication is a crucial aspect of web applications, controlling access to resources based on user roles or permissions. 
+Authentication is the process of verifying a user's identity to grant access to protected resources. It ensures only
+authorized users can perform certain actions or access sensitive data within an application.
+
+GoFr offer various approaches to implement authorization.
+
+## 1. HTTP Basic Auth
+*Basic Authentication* is a simple HTTP authentication scheme where the user's credentials (username and password) are 
+transmitted in the request header in a Base64-encoded format.
+
+Basic auth is the simplest way to authenticate your APIs.  It's built on
+[HTTP protocol authentication scheme](https://datatracker.ietf.org/doc/html/rfc7617). It involves sending the term 
+`Basic` trailed by the Base64-encoded `<username>:<password>` within the standard `Authorization` header.
+
+### Basic Authentication in GoFr
+
+GoFr offers two ways to implement basic authentication:
+
+**1. Predefined Credentials**
+
+Use `EnableBasicAuth(username, password)` to configure Gofr with pre-defined credentials.
+
+```go
+func main() {
+	app := gofr.New()
+    
+	app.EnableBasicAuth("admin", "secret_password") // Replace with your credentials
+    
+	app.GET("/protected-resource", func(c *gofr.Context) (interface{}, error) {
+		// Handle protected resource access 
+		return nil, nil
+	})
+
+	app.Run()
+}
+```
+
+**2. Custom Validation Function**
+
+Use `EnableBasicAuthWithFunc(validationFunc)` to implement your own validation logic for credentials. The `validationFunc` takes the username and password as arguments and returns true if valid, false otherwise.
+
+```go
+func validateUser(username string, password string) bool {
+	// Implement your credential validation logic here 
+	// This example uses hardcoded credentials for illustration only   
+	return username == "john" && password == "doe123" 
+} 
+
+func main() { 
+	app := gofr.New() 
+
+	app.EnableBasicAuthWithFunc(validateUser) 
+
+	app.GET("/secure-data", func(c *gofr.Context) (interface{}, error) { 
+		// Handle access to secure data 
+		return nil, nil
+	})
+
+	app.Run()
+}
+```
+
+### Adding Basic Authentication to HTTP Services
+
+This code snippet demonstrates how to add basic authentication to an HTTP service in GoFr and make a request with the appropriate Authorization header:
+
+```go
+app.AddHTTPService("cat-facts", "https://catfact.ninja",
+    &service.Authentication{UserName: "abc", Password: "pass"},
+)
+```
+
+
+## 2. API Keys Auth
+Users include a unique API key in the request header for validation against a store of authorized keys.
+
+### Usage:
+GoFr offers two ways to implement API Keys authentication.
+
+**1. Framework Default Validation**
+- Users can select the framework's default validation using **_EnableAPIKeyAuth(apiKeys ...string)_**
+
+```go
+package main
+
+func main() {
+	// initialise gofr object
+	app := gofr.New()
+
+	app.EnableAPIKeyAuth("9221e451-451f-4cd6-a23d-2b2d3adea9cf", "0d98ecfe-4677-48aa-b463-d43505766915")
+
+	app.GET("/customer", Customer)
+
+	app.Run()
+}
+```
+
+**2. Custom Validation Function**
+- Users can create their own validator function `apiKeyValidator(apiKey string) bool` for validating APIKeys and pass the func in **_EnableAPIKeyAuthWithFunc(validator)_**
+
+```go
+package main
+
+func apiKeyValidator(apiKey string) bool {
+	validKeys := []string{"f0e1dffd-0ff0-4ac8-92a3-22d44a1464e4", "d7e4b46e-5b04-47b2-836c-2c7c91250f40"}
+
+	return slices.Contains(validKeys, apiKey)
+}
+
+func main() {
+	// initialise gofr object
+	app := gofr.New()
+
+	app.EnableAPIKeyAuthWithFunc(apiKeyValidator)
+
+	app.GET("/customer", Customer)
+
+	app.Run()
+}
+```
+
+### Adding Basic Authentication to HTTP Services
+This code snippet demonstrates how to add API Key authentication to an HTTP service in GoFr and make a request with the appropriate Authorization header:
+
+```go
+app.AddHTTPService("http-server-using-redis", "http://localhost:8000", &service.APIKeyAuth{APIKey: "9221e451-451f-4cd6-a23d-2b2d3adea9cf"})
+```

docs/navigation.js

@@ -16,6 +16,7 @@ export const navigation = [
             { title: 'Publishing Custom Metrics', href: '/docs/advanced-guide/publishing-custom-metrics' },
             { title: 'Custom Spans in Tracing', href: '/docs/advanced-guide/custom-spans-in-tracing' },
             { title: 'HTTP Communication', href: '/docs/advanced-guide/http-communication' },
+            { title: 'HTTP Authentication', href: '/docs/advanced-guide/auth' },
             { title: 'Circuit Breaker Support', href: '/docs/advanced-guide/circuit-breaker' },
             { title: 'Monitoring Service Health', href: '/docs/advanced-guide/monitoring-service-health' },
             { title: 'Handling Data Migrations', href: '/docs/advanced-guide/handling-data-migrations' },

pkg/gofr/gofr.go

@@ -228,17 +228,6 @@ func (a *App) Migrate(migrationsMap map[int64]migration.Migrate) {
 	migration.Run(migrationsMap, a.container)
 }
 
-func (a *App) EnableOAuth(jwksEndpoint string, refreshInterval int) {
-	a.AddHTTPService("gofr_oauth", jwksEndpoint)
-
-	oauthOption := middleware.OauthConfigs{
-		Provider:        a.container.GetHTTPService("gofr_oauth"),
-		RefreshInterval: time.Second * time.Duration(refreshInterval),
-	}
-
-	a.httpServer.router.Use(middleware.OAuth(middleware.NewOAuth(oauthOption)))
-}
-
 func (a *App) initTracer() {
 	tracerHost := a.Config.Get("TRACER_HOST")
 	tracerPort := a.Config.GetOrDefault("TRACER_PORT", "9411")
@@ -293,6 +282,25 @@ func (a *App) EnableBasicAuthWithFunc(validateFunc func(username, password strin
 	a.httpServer.router.Use(middleware.BasicAuthMiddleware(middleware.BasicAuthProvider{ValidateFunc: validateFunc}))
 }
 
+func (a *App) EnableAPIKeyAuth(apiKeys ...string) {
+	a.httpServer.router.Use(middleware.APIKeyAuthMiddleware(nil, apiKeys...))
+}
+
+func (a *App) EnableAPIKeyAuthWithFunc(validator func(apiKey string) bool) {
+	a.httpServer.router.Use(middleware.APIKeyAuthMiddleware(validator))
+}
+
+func (a *App) EnableOAuth(jwksEndpoint string, refreshInterval int) {
+	a.AddHTTPService("gofr_oauth", jwksEndpoint)
+
+	oauthOption := middleware.OauthConfigs{
+		Provider:        a.container.GetHTTPService("gofr_oauth"),
+		RefreshInterval: time.Second * time.Duration(refreshInterval),
+	}
+
+	a.httpServer.router.Use(middleware.OAuth(middleware.NewOAuth(oauthOption)))
+}
+
 func (a *App) Subscribe(topic string, handler SubscribeFunc) {
 	if a.container.GetSubscriber() == nil {
 		a.container.Logger.Errorf("Subscriber not initialized in the container")

pkg/gofr/http/middleware/apikey_auth.go

@@ -0,0 +1,41 @@
+package middleware
+
+import (
+	"net/http"
+)
+
+func APIKeyAuthMiddleware(validator func(apiKey string) bool, apiKeys ...string) func(handler http.Handler) http.Handler {
+	return func(handler http.Handler) http.Handler {
+		return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+			authKey := r.Header.Get("X-API-KEY")
+			if authKey == "" {
+				http.Error(w, "Unauthorized", http.StatusUnauthorized)
+				return
+			}
+
+			if validator != nil {
+				if !validator(authKey) {
+					http.Error(w, "Unauthorized", http.StatusUnauthorized)
+					return
+				}
+			} else {
+				if !isPresent(authKey, apiKeys...) {
+					http.Error(w, "Unauthorized", http.StatusUnauthorized)
+					return
+				}
+			}
+
+			handler.ServeHTTP(w, r)
+		})
+	}
+}
+
+func isPresent(authKey string, apiKeys ...string) bool {
+	for _, key := range apiKeys {
+		if authKey == key {
+			return true
+		}
+	}
+
+	return false
+}

pkg/gofr/http/middleware/apikey_auth_test.go

@@ -0,0 +1,53 @@
+package middleware
+
+import (
+	"context"
+	"net/http"
+	"net/http/httptest"
+	"testing"
+
+	"github.com/stretchr/testify/assert"
+)
+
+func Test_ApiKeyAuthMiddleware(t *testing.T) {
+	testHandler := http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		_, _ = w.Write([]byte("Success"))
+	})
+
+	validator := func(apiKey string) bool {
+		return apiKey == "valid-key"
+	}
+
+	req, err := http.NewRequestWithContext(context.Background(), "GET", "/", http.NoBody)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	testCases := []struct {
+		desc         string
+		validator    func(apiKey string) bool
+		apiKey       string
+		responseCode int
+		responseBody string
+	}{
+		{"missing api-key", nil, "", 401, "Unauthorized\n"},
+		{"invalid api-key", nil, "invalid-key", 401, "Unauthorized\n"},
+		{"valid api-key", nil, "valid-key-1", 200, "Success"},
+		{"another valid api-key", nil, "valid-key-2", 200, "Success"},
+		{"custom validator valid key", validator, "valid-key", 200, "Success"},
+		{"custom validator in-valid key", validator, "invalid-key", 401, "Unauthorized\n"},
+	}
+
+	for i, tc := range testCases {
+		rr := httptest.NewRecorder()
+
+		req.Header.Set("X-API-KEY", tc.apiKey)
+
+		wrappedHandler := APIKeyAuthMiddleware(tc.validator, "valid-key-1", "valid-key-2")(testHandler)
+		wrappedHandler.ServeHTTP(rr, req)
+
+		assert.Equal(t, tc.responseCode, rr.Code, "TEST[%d], Failed.\n%s", i, tc.desc)
+
+		assert.Equal(t, tc.responseBody, rr.Body.String(), "TEST[%d], Failed.\n%s", i, tc.desc)
+	}
+}

pkg/gofr/service/apikey_auth.go

@@ -0,0 +1,89 @@
+package service
+
+import (
+	"context"
+	"net/http"
+)
+
+type APIKeyConfig struct {
+	APIKey string
+}
+
+func (a *APIKeyConfig) addOption(h HTTP) HTTP {
+	return &APIKeyAuthProvider{
+		apiKey: a.APIKey,
+		HTTP:   h,
+	}
+}
+
+type APIKeyAuthProvider struct {
+	apiKey string
+
+	HTTP
+}
+
+func (a *APIKeyAuthProvider) Get(ctx context.Context, path string, queryParams map[string]interface{}) (*http.Response, error) {
+	return a.GetWithHeaders(ctx, path, queryParams, nil)
+}
+
+func (a *APIKeyAuthProvider) GetWithHeaders(ctx context.Context, path string, queryParams map[string]interface{},
+	headers map[string]string) (*http.Response, error) {
+	setXApiKey(headers, a.apiKey)
+
+	return a.HTTP.GetWithHeaders(ctx, path, queryParams, headers)
+}
+
+func (a *APIKeyAuthProvider) Post(ctx context.Context, path string, queryParams map[string]interface{},
+	body []byte) (*http.Response, error) {
+	return a.PostWithHeaders(ctx, path, queryParams, body, nil)
+}
+
+func (a *APIKeyAuthProvider) PostWithHeaders(ctx context.Context, path string, queryParams map[string]interface{}, body []byte,
+	headers map[string]string) (*http.Response, error) {
+	setXApiKey(headers, a.apiKey)
+
+	return a.HTTP.PostWithHeaders(ctx, path, queryParams, body, headers)
+}
+
+func (a *APIKeyAuthProvider) Put(ctx context.Context, api string, queryParams map[string]interface{}, body []byte) (
+	*http.Response, error) {
+	return a.PutWithHeaders(ctx, api, queryParams, body, nil)
+}
+
+func (a *APIKeyAuthProvider) PutWithHeaders(ctx context.Context, path string, queryParams map[string]interface{}, body []byte,
+	headers map[string]string) (*http.Response, error) {
+	setXApiKey(headers, a.apiKey)
+
+	return a.HTTP.PutWithHeaders(ctx, path, queryParams, body, headers)
+}
+
+func (a *APIKeyAuthProvider) Patch(ctx context.Context, path string, queryParams map[string]interface{}, body []byte) (
+	*http.Response, error) {
+	return a.PatchWithHeaders(ctx, path, queryParams, body, nil)
+}
+
+func (a *APIKeyAuthProvider) PatchWithHeaders(ctx context.Context, path string, queryParams map[string]interface{}, body []byte,
+	headers map[string]string) (*http.Response, error) {
+	setXApiKey(headers, a.apiKey)
+
+	return a.HTTP.PatchWithHeaders(ctx, path, queryParams, body, headers)
+}
+
+func (a *APIKeyAuthProvider) Delete(ctx context.Context, path string, body []byte) (*http.Response, error) {
+	return a.DeleteWithHeaders(ctx, path, body, nil)
+}
+
+func (a *APIKeyAuthProvider) DeleteWithHeaders(ctx context.Context, path string, body []byte, headers map[string]string) (
+	*http.Response, error) {
+	setXApiKey(headers, a.apiKey)
+
+	return a.HTTP.DeleteWithHeaders(ctx, path, body, headers)
+}
+
+func setXApiKey(headers map[string]string, apiKey string) {
+	if headers == nil {
+		headers = make(map[string]string)
+	}
+
+	headers["X-API-KEY"] = apiKey
+}