Merge pull request #33 from memphisdev/user-pass-based-auth

idanasulin2706 · web-flow · commit 40cb0d1efdf0 · 2023-03-27T13:55:46.000+03:00
add user-pass-based-auth
diff --git a/.vscode/launch.json b/.vscode/launch.json
@@ -18,6 +18,8 @@
                 "CLIENT_CERT_PATH": "",
                 "CLIENT_KEY_PATH": "",
                 "ROOT_CA_PATH": "",
+                "USER_PASS_BASED_AUTH": "true",
+                "ROOT_PASSWORD": "memphis"
             }
         }
     ]
diff --git a/README.md b/README.md
@@ -96,6 +96,7 @@ curl --location --request POST 'rest_gateway:4444/auth/authenticate' \
 --data-raw '{
     "username": "root",
     "connection_token": "memphis",
+    "password": "memphis, // connect with only one of the following methods: connection token / password
     "token_expiry_in_minutes": 60,
     "refresh_token_expiry_in_minutes": 10000092
 }'
diff --git a/conf/config.go b/conf/config.go
@@ -18,6 +18,8 @@ type Configuration struct {
 	CLIENT_CERT_PATH               string
 	CLIENT_KEY_PATH                string
 	ROOT_CA_PATH                   string
+	USER_PASS_BASED_AUTH           bool
+	ROOT_PASSWORD                  string
 }
 
 func GetConfig() Configuration {
diff --git a/handlers/auth.go b/handlers/auth.go
@@ -26,6 +26,18 @@ func (ah AuthHandler) Authenticate(c *fiber.Ctx) error {
 			"message": err.Error(),
 		})
 	}
+	if body.ConnectionToken != "" && body.Password != "" {
+		log.Errorf("Authenticate: You have to connect with only one of the following methods: connection token / password")
+		return c.Status(fiber.StatusInternalServerError).JSON(fiber.Map{
+			"message": "You have to connect with only one of the following methods: connection token / password",
+		})
+	}
+	if body.ConnectionToken == "" && body.Password == "" {
+		log.Errorf("Authenticate: You have to connect with one of the following methods: connection token / password")
+		return c.Status(fiber.StatusInternalServerError).JSON(fiber.Map{
+			"message": "You have to connect with one of the following methods: connection token / password",
+		})
+	}
 	if err := utils.Validate(body); err != nil {
 		return c.Status(400).JSON(fiber.Map{
 			"message": err,
@@ -34,16 +46,16 @@ func (ah AuthHandler) Authenticate(c *fiber.Ctx) error {
 
 	var conn *memphis.Conn
 	var err error
-	if configuration.CLIENT_CERT_PATH != "" && configuration.CLIENT_KEY_PATH != "" && configuration.ROOT_CA_PATH != "" {
-		conn, err = memphis.Connect(
-			configuration.MEMPHIS_HOST,
-			body.Username,
-			body.ConnectionToken,
-			memphis.Tls(configuration.CLIENT_CERT_PATH, configuration.CLIENT_KEY_PATH, configuration.ROOT_CA_PATH),
-		)
+	opts := []memphis.Option{memphis.Reconnect(true), memphis.MaxReconnect(10), memphis.ReconnectInterval(3 * time.Second)}
+	if configuration.USER_PASS_BASED_AUTH {
+		opts = append(opts, memphis.Password(body.Password))
 	} else {
-		conn, err = memphis.Connect(configuration.MEMPHIS_HOST, body.Username, body.ConnectionToken)
+		opts = append(opts, memphis.ConnectionToken(body.ConnectionToken))
+	}
+	if configuration.CLIENT_CERT_PATH != "" && configuration.CLIENT_KEY_PATH != "" && configuration.ROOT_CA_PATH != "" {
+		opts = append(opts, memphis.Tls(configuration.CLIENT_CERT_PATH, configuration.CLIENT_KEY_PATH, configuration.ROOT_CA_PATH))
 	}
+	conn, err = memphis.Connect(configuration.MEMPHIS_HOST, body.Username, opts...)
 
 	if err != nil {
 		if strings.Contains(err.Error(), "Authorization Violation") {
diff --git a/logger/log.go b/logger/log.go
@@ -4,29 +4,29 @@ import (
 	"crypto/tls"
 	"crypto/x509"
 	"fmt"
-	"rest-gateway/conf"
 	"io/ioutil"
 	"log"
 	"os"
+	"rest-gateway/conf"
 	"time"
 
 	"github.com/gofiber/fiber/v2"
 	"github.com/nats-io/nats.go"
 )
 
 const (
-	restGwSourceName = "rest-gateway"
-	syslogsStreamName   = "$memphis_syslogs"
-	syslogsInfoSubject  = "extern.info"
-	syslogsWarnSubject  = "extern.warn"
-	syslogsErrSubject   = "extern.err"
-	labelLen            = 3
-	infoLabel           = "[INF] "
-	debugLabel          = "[DBG] "
-	warnLabel           = "[WRN] "
-	errorLabel          = "[ERR] "
-	fatalLabel          = "[FTL] "
-	traceLabel          = "[TRC] "
+	restGwSourceName   = "rest-gateway"
+	syslogsStreamName  = "$memphis_syslogs"
+	syslogsInfoSubject = "extern.info"
+	syslogsWarnSubject = "extern.warn"
+	syslogsErrSubject  = "extern.err"
+	labelLen           = 3
+	infoLabel          = "[INF] "
+	debugLabel         = "[DBG] "
+	warnLabel          = "[WRN] "
+	errorLabel         = "[ERR] "
+	fatalLabel         = "[FTL] "
+	traceLabel         = "[TRC] "
 )
 
 type streamWriter struct {
@@ -58,7 +58,7 @@ func (sw streamWriter) Write(p []byte) (int, error) {
 	return len(p), nil
 }
 
-func CreateLogger(hostname string, username string, token string) (*Logger, error) {
+func CreateLogger(hostname string, username string, creds string) (*Logger, error) {
 	configuration := conf.GetConfig()
 	var nc *nats.Conn
 	var err error
@@ -68,10 +68,16 @@ func CreateLogger(hostname string, username string, token string) (*Logger, erro
 		AllowReconnect: true,
 		MaxReconnect:   10,
 		ReconnectWait:  3 * time.Second,
-		Token:          username + "::" + token,
 		Name:           "MEMPHIS HTTP LOGGER",
 	}
 
+	if configuration.USER_PASS_BASED_AUTH {
+		natsOpts.Password = creds
+		natsOpts.User = username
+	} else {
+		natsOpts.Token = username + "::" + creds
+	}
+
 	if configuration.CLIENT_CERT_PATH != "" && configuration.CLIENT_KEY_PATH != "" && configuration.ROOT_CA_PATH != "" {
 		cert, err := tls.LoadX509KeyPair(configuration.CLIENT_CERT_PATH, configuration.CLIENT_KEY_PATH)
 		if err != nil {
diff --git a/main.go b/main.go
@@ -18,26 +18,16 @@ func main() {
 		select {
 		case <-ticker.C:
 			var err error
-			if configuration.CLIENT_CERT_PATH != "" && configuration.CLIENT_KEY_PATH != "" && configuration.ROOT_CA_PATH != "" {
-				conn, err = memphis.Connect(
-					configuration.MEMPHIS_HOST,
-					configuration.ROOT_USER,
-					configuration.CONNECTION_TOKEN,
-					memphis.Reconnect(true),
-					memphis.MaxReconnect(10),
-					memphis.ReconnectInterval(3*time.Second),
-					memphis.Tls(configuration.CLIENT_CERT_PATH, configuration.CLIENT_KEY_PATH, configuration.ROOT_CA_PATH),
-				)
+			opts := []memphis.Option{memphis.Reconnect(true), memphis.MaxReconnect(10), memphis.ReconnectInterval(3 * time.Second)}
+			if configuration.USER_PASS_BASED_AUTH {
+				opts = append(opts, memphis.Password(configuration.ROOT_PASSWORD))
 			} else {
-				conn, err = memphis.Connect(
-					configuration.MEMPHIS_HOST,
-					configuration.ROOT_USER,
-					configuration.CONNECTION_TOKEN,
-					memphis.Reconnect(true),
-					memphis.MaxReconnect(10),
-					memphis.ReconnectInterval(3*time.Second),
-				)
+				opts = append(opts, memphis.ConnectionToken(configuration.CONNECTION_TOKEN))
+			}
+			if configuration.CLIENT_CERT_PATH != "" && configuration.CLIENT_KEY_PATH != "" && configuration.ROOT_CA_PATH != "" {
+				opts = append(opts, memphis.Tls(configuration.CLIENT_CERT_PATH, configuration.CLIENT_KEY_PATH, configuration.ROOT_CA_PATH))
 			}
+			conn, err = memphis.Connect(configuration.MEMPHIS_HOST, configuration.ROOT_USER, opts...)
 			if err == nil {
 				ticker.Stop()
 				goto serverInit
@@ -48,7 +38,11 @@ func main() {
 	}
 
 serverInit:
-	l, err := logger.CreateLogger(configuration.MEMPHIS_HOST, configuration.ROOT_USER, configuration.CONNECTION_TOKEN)
+	creds := configuration.CONNECTION_TOKEN
+	if configuration.USER_PASS_BASED_AUTH {
+		creds = configuration.ROOT_PASSWORD
+	}
+	l, err := logger.CreateLogger(configuration.MEMPHIS_HOST, configuration.ROOT_USER, creds)
 	if err != nil {
 		panic("Logger creation failed - " + err.Error())
 	}
diff --git a/models/auth.go b/models/auth.go
@@ -2,7 +2,8 @@ package models
 
 type AuthSchema struct {
 	Username               string `json:"username" validate:"required"`
-	ConnectionToken        string `json:"connection_token" validate:"required"`
+	ConnectionToken        string `json:"connection_token"`
+	Password               string `json:"password"`
 	TokenExpiryMins        int    `json:"token_expiry_in_minutes"`
 	RefreshTokenExpiryMins int    `json:"refresh_token_expiry_in_minutes"`
 }

Original file line number	Diff line number	Diff line change
`@@ -18,6 +18,8 @@`
`18`	`18`	`"CLIENT_CERT_PATH": "",`
`19`	`19`	`"CLIENT_KEY_PATH": "",`
`20`	`20`	`"ROOT_CA_PATH": "",`
	`21`	`+ "USER_PASS_BASED_AUTH": "true",`
	`22`	`+ "ROOT_PASSWORD": "memphis"`
`21`	`23`	`}`
`22`	`24`	`}`
`23`	`25`	`]`
Original file line number	Diff line number	Diff line change
`@@ -18,6 +18,8 @@ type Configuration struct {`
`18`	`18`	`CLIENT_CERT_PATH string`
`19`	`19`	`CLIENT_KEY_PATH string`
`20`	`20`	`ROOT_CA_PATH string`
	`21`	`+ USER_PASS_BASED_AUTH bool`
	`22`	`+ ROOT_PASSWORD string`
`21`	`23`	`}`
`22`	`24`
`23`	`25`	`func GetConfig() Configuration {`
Original file line number	Diff line number	Diff line change
`@@ -2,7 +2,8 @@ package models`
`2`	`2`
`3`	`3`	`type AuthSchema struct {`
`4`	`4`	Username string `json:"username" validate:"required"`
`5`		- ConnectionToken string `json:"connection_token" validate:"required"`
	`5`	+ ConnectionToken string `json:"connection_token"`
	`6`	+ Password string `json:"password"`
`6`	`7`	TokenExpiryMins int `json:"token_expiry_in_minutes"`
`7`	`8`	RefreshTokenExpiryMins int `json:"refresh_token_expiry_in_minutes"`
`8`	`9`	`}`