RESTful API for authentication

[stevapple]

This PR adds a new RESTful API for authentication and authorization. It is meant to be stateless and allows for customizing multi-round challenges for required information. It provides a path for sshmux to be a completely generic MitM without wiring Vlab system logic.

Closes #6

[stevapple]

@iBug @taoky Request for an early review & try-out. The new API is in parity of the legacy one, but some functionalities are implemented in a slightly different way.

[taoky]

It looks like when logger is disabled, it would trigger a panic:

Aug 24 19:29:00 web sshmux-pr12[3869518]: panic: runtime error: invalid memory address or nil pointer dereference
Aug 24 19:29:00 web sshmux-pr12[3869518]: [signal SIGSEGV: segmentation violation code=0x1 addr=0x0 pc=0x6d1f4f]
Aug 24 19:29:00 web sshmux-pr12[3869518]: goroutine 8 [running]:
Aug 24 19:29:00 web sshmux-pr12[3869518]: log/slog.(*Logger).clone(...)
Aug 24 19:29:00 web sshmux-pr12[3869518]:         log/slog/logger.go:117
Aug 24 19:29:00 web sshmux-pr12[3869518]: log/slog.(*Logger).With(0x0, {0xc000109f40, 0x3, 0x3})
Aug 24 19:29:00 web sshmux-pr12[3869518]:         log/slog/logger.go:131 +0x4f
Aug 24 19:29:00 web sshmux-pr12[3869518]: main.(*Server).handler(0xc00011a2c0, {0x80d198, 0xc000052108})
Aug 24 19:29:00 web sshmux-pr12[3869518]:         github.com/USTC-vlab/sshmux/sshmux.go:155 +0x325
Aug 24 19:29:00 web sshmux-pr12[3869518]: created by main.(*Server).serve in goroutine 7
Aug 24 19:29:00 web sshmux-pr12[3869518]:         github.com/USTC-vlab/sshmux/sshmux.go:136 +0x125

[stevapple]

It looks like when logger is disabled, it would trigger a panic:

Aug 24 19:29:00 web sshmux-pr12[3869518]: panic: runtime error: invalid memory address or nil pointer dereference

Aug 24 19:29:00 web sshmux-pr12[3869518]: [signal SIGSEGV: segmentation violation code=0x1 addr=0x0 pc=0x6d1f4f]

Aug 24 19:29:00 web sshmux-pr12[3869518]: goroutine 8 [running]:

Aug 24 19:29:00 web sshmux-pr12[3869518]: log/slog.(*Logger).clone(...)

Aug 24 19:29:00 web sshmux-pr12[3869518]:         log/slog/logger.go:117

Aug 24 19:29:00 web sshmux-pr12[3869518]: log/slog.(*Logger).With(0x0, {0xc000109f40, 0x3, 0x3})

Aug 24 19:29:00 web sshmux-pr12[3869518]:         log/slog/logger.go:131 +0x4f

Aug 24 19:29:00 web sshmux-pr12[3869518]: main.(*Server).handler(0xc00011a2c0, {0x80d198, 0xc000052108})

Aug 24 19:29:00 web sshmux-pr12[3869518]:         github.com/USTC-vlab/sshmux/sshmux.go:155 +0x325

Aug 24 19:29:00 web sshmux-pr12[3869518]: created by main.(*Server).serve in goroutine 7

Aug 24 19:29:00 web sshmux-pr12[3869518]:         github.com/USTC-vlab/sshmux/sshmux.go:136 +0x125

Is this problem dedicated to this PR?

[taoky]

Is this problem dedicated to this PR?

I don't think so... I could try workaround it locally and continue testing.

[taoky]

Tested with a debug server and the legacy auth works as intended.

[stevapple]

Have verified that API server is working🎉 Now the only left piece is documentation.

[stevapple]

Have you tested the V1 API against Vlab infrastructure? @taoky @iBug

[taoky]

Have you tested the V1 API against Vlab infrastructure? @taoky @iBug

Not yet, I would do that later today.

[taoky]

How does current v1 API handles recovery usernames? @stevapple

[stevapple]

How does current v1 API handles recovery usernames? @stevapple

Recovery is handled by the API server (it returns recovery upstream information if it should). You can refer to legacy_auth.go, which is a compatibility layer for legacy API to v1.

[taoky]

I have implemented a v1 auth API server on vlab debug server and it also works as intended.

[iBug]

Apart from these minor issues, actually amazing work you've done!

[stevapple]

If possible, I wish the PR can be merged as a single squash commit — despite that the commit history is clear, some of them doesn't make sense by themselves alone.

If you think it is too big, I can cherry-pick some commits as separate PRs to make it more dedicated.

[stevapple]

Ping @iBug