diff --git a/auth/auth.go b/auth/auth.go deleted file mode 100644 index a19a122..0000000 --- a/auth/auth.go +++ /dev/null @@ -1,123 +0,0 @@ -// Copyright © 2025 Prabhjot Singh Sethi, All Rights reserved -// Author: Prabhjot Singh Sethi - -package auth - -import ( - "context" - "encoding/base64" - "encoding/json" - "net/http" - - "google.golang.org/grpc/metadata" - - "github.com/go-core-stack/core/errors" -) - -// Auth construct obtained as part of the auth action being performed -// while processing a request, this is json tagged to allow passing -// the inforamtion internally in the system between the microservices -// we can validate entities like user, devices, service accounts etc -type AuthInfo struct { - Realm string `json:"realm,omitempty"` - UserName string `json:"preferred_username"` - Email string `json:"email,omitempty"` - EmailVerified bool `json:"email_verified,omitempty"` - FullName string `json:"name,omitempty"` - FirstName string `json:"given_name,omitempty"` - LastName string `json:"family_name,omitempty"` - SessionID string `json:"sid"` -} - -// struct identifier for the context -type authInfo struct{} - -// Sets Auth Info Header in the provided Http Request typically will -// be used only by the entity that has performed that authentication -// on the given http request already and has the relevant Auth Info -// Context. -func SetAuthInfoHeader(r *http.Request, info *AuthInfo) error { - b, err := json.Marshal(info) - if err != nil { - return errors.Wrapf(errors.InvalidArgument, "failed to generate user info: %s", err) - } - val := base64.RawURLEncoding.EncodeToString(b) - r.Header.Set(HttpClientAuthContext, val) - return nil -} - -// gets Auth Info Header available in the Http Request -func GetAuthInfoHeader(r *http.Request) (*AuthInfo, error) { - val := r.Header.Get(HttpClientAuthContext) - if val == "" { - return nil, errors.Wrapf(errors.NotFound, "Auth info not available in the http request") - } - b, err := base64.RawURLEncoding.DecodeString(val) - if err != nil { - return nil, errors.Wrapf(errors.InvalidArgument, "invalid user info received: %s", err) - } - info := &AuthInfo{} - err = json.Unmarshal(b, info) - if err != nil { - return nil, errors.Wrapf(errors.InvalidArgument, "failed to get user info from header: %s", err) - } - return info, nil -} - -// extract the header information from the GRPC context -func extractHeader(ctx context.Context, header string) (string, error) { - md, ok := metadata.FromIncomingContext(ctx) - if !ok { - return "", errors.Wrapf(errors.NotFound, "No Metadata available in incoming message") - } - - hValue, ok := md[header] - if !ok { - return "", errors.Wrapf(errors.NotFound, "missing header: %s", header) - } - - if len(hValue) != 1 { - return "", errors.Wrapf(errors.NotFound, "no value associated with header: %s", header) - } - - return hValue[0], nil -} - -// Processes the headers available in context, to validate that the authentication is already performed -func ProcessAuthInfo(ctx context.Context) (context.Context, error) { - val, err := extractHeader(ctx, GrpcClientAuthContext) - if err != nil { - return ctx, errors.Wrapf(errors.Unauthorized, "failed to extract auth info header: %s", err) - } - - b, err := base64.RawURLEncoding.DecodeString(val) - if err != nil { - return ctx, errors.Wrapf(errors.Unauthorized, "invalid user info received: %s", err) - } - - info := &AuthInfo{} - err = json.Unmarshal(b, info) - if err != nil { - return ctx, errors.Wrapf(errors.Unauthorized, "failed to get user info from header: %s", err) - } - - // create new context with value of the auth info - authCtx := context.WithValue(ctx, authInfo{}, info) - return authCtx, nil -} - -// gets Auth Info from Context available in the Http Request -func GetAuthInfoFromContext(ctx context.Context) (*AuthInfo, error) { - val := ctx.Value(authInfo{}) - switch info := val.(type) { - case *AuthInfo: - return info, nil - default: - return nil, errors.Wrapf(errors.NotFound, "auth info not found") - } -} - -// delete the Auth info header from the given HTTP request -func DeleteAuthInfoHeader(r *http.Request) { - r.Header.Del(HttpClientAuthContext) -} diff --git a/auth/auth_test.go b/auth/auth_test.go deleted file mode 100644 index 50a49c0..0000000 --- a/auth/auth_test.go +++ /dev/null @@ -1,38 +0,0 @@ -// Copyright © 2025 Prabhjot Singh Sethi, All Rights reserved -// Author: Prabhjot Singh Sethi - -package auth - -import ( - "fmt" - "net/http" - "testing" -) - -func Test_ErrorValidations(t *testing.T) { - r := &http.Request{ - Header: http.Header{}, - } - info := &AuthInfo{ - Realm: "root", - UserName: "admin", - Email: "admin@example.com", - FullName: "Test Admin", - SessionID: "abc", - } - _ = SetAuthInfoHeader(r, info) - fmt.Printf("Got - Encoded Auth Info: %s\n", r.Header[HttpClientAuthContext][0]) - if r.Header[HttpClientAuthContext][0] != "eyJyZWFsbSI6InJvb3QiLCJwcmVmZXJyZWRfdXNlcm5hbWUiOiJhZG1pbiIsImVtYWlsIjoiYWRtaW5AZXhhbXBsZS5jb20iLCJuYW1lIjoiVGVzdCBBZG1pbiIsInNpZCI6ImFiYyJ9" { - t.Errorf("failed to set the auth info in the header, found invalid value in header") - } - found, err := GetAuthInfoHeader(r) - if err != nil { - t.Errorf("got error while getting auth info: %s", err) - } - if found.Realm != info.Realm { - t.Errorf("expected realm to be %s, but got %s", info.Realm, found.Realm) - } - if found.UserName != info.UserName { - t.Errorf("expected UserName to be %s, but got %s", info.UserName, found.UserName) - } -} diff --git a/auth/const.go b/auth/const.go deleted file mode 100644 index 6edb598..0000000 --- a/auth/const.go +++ /dev/null @@ -1,20 +0,0 @@ -// Copyright © 2025 Prabhjot Singh Sethi, All Rights reserved -// Author: Prabhjot Singh Sethi - -package auth - -const ( - // Internal Auth Context Header, carries information of the - // client that has been authenticated. - // Where content itself will be of usual string format, which - // is obtained by json marshaling of struct AuthInfo followed - // by base64 encoding of the json marshaled content. - // - // This is usually Added by Auth Gateway, if present it - // indicates that authentication is successfully performed - // by Auth Gateway. - HttpClientAuthContext = "Auth-Info" - - // grpc gateway will typically move the header to lowercase - GrpcClientAuthContext = "auth-info" -)