From da584104bab0a1b4f1c1bd65d70479c79a73608f Mon Sep 17 00:00:00 2001 From: Jan Gottschick Date: Fri, 11 Oct 2024 10:47:25 +0200 Subject: [PATCH] * if no user & staff in env the authorized * update .env, ENVIRONMENT.md --- core/version | 2 +- templates/ENVIRONMENT.md.tmpl | 22 +++++++++++----------- templates/core/app.env.tmpl | 18 +++++++++++------- templates/middleware/policy.go.tmpl | 7 +++++++ 4 files changed, 30 insertions(+), 19 deletions(-) diff --git a/core/version b/core/version index 6678432..940ac09 100644 --- a/core/version +++ b/core/version @@ -1 +1 @@ -0.3.8 +0.3.9 diff --git a/templates/ENVIRONMENT.md.tmpl b/templates/ENVIRONMENT.md.tmpl index bdad774..f22646f 100644 --- a/templates/ENVIRONMENT.md.tmpl +++ b/templates/ENVIRONMENT.md.tmpl @@ -3,21 +3,21 @@ {{ upper ( snakecase .ModuleName ) }}_NAME set the name of the instance of the service {{ upper ( snakecase .ModuleName ) }}_TITLE set the title in the web page {{ upper ( snakecase .ModuleName ) }}_PORT_NB the local port of the web service (default=8080) -{{ upper ( snakecase .ModuleName ) }}_APIKEYS space separated list of valid API keys -{{ upper ( snakecase .ModuleName ) }}_SESSIONKEY +{{ upper ( snakecase .ModuleName ) }}_API_KEYS space separated list of valid API keys +{{ upper ( snakecase .ModuleName ) }}_SESSION_KEY {{ upper ( snakecase .ModuleName ) }}_POLICY OPA policy for access control {{ upper ( snakecase .ModuleName ) }}_OPASVC OPA service port to get the OPA policy for access control {{ upper ( snakecase .ModuleName ) }}_REALM Basic authentication realm -{{ upper ( snakecase .ModuleName ) }}_STAFFUSER username of the administrator -{{ upper ( snakecase .ModuleName ) }}_STAFFPASSWORD password of the administrator -{{ upper ( snakecase .ModuleName ) }}_PARTICIPANTUSER username of the user -{{ upper ( snakecase .ModuleName ) }}_PARTICIPANTPASSWORD password of the user -{{ upper ( snakecase .ModuleName ) }}_CERTPEM certificate for TLS (HTTPS) communication -{{ upper ( snakecase .ModuleName ) }}_KEYPEM key for TLS (HTTPS) communication +{{ upper ( snakecase .ModuleName ) }}_STAFF_USER username of the administrator +{{ upper ( snakecase .ModuleName ) }}_STAFF_PASSWORD password of the administrator +{{ upper ( snakecase .ModuleName ) }}_PARTICIPANT_USER username of the user +{{ upper ( snakecase .ModuleName ) }}_PARTICIPANT_PASSWORD password of the user +{{ upper ( snakecase .ModuleName ) }}_CERT_PEM certificate for TLS (HTTPS) communication +{{ upper ( snakecase .ModuleName ) }}_KEY_PEM key for TLS (HTTPS) communication {{ upper ( snakecase .ModuleName ) }}_LOGFILE filename of the logging file {{ upper ( snakecase .ModuleName ) }}_LANGUAGE {{ upper ( snakecase .ModuleName ) }}_LANGUAGES {{ upper ( snakecase .ModuleName ) }}_USESSE enable support for _server side event_ communication (default=false) -{{ upper ( snakecase .ModuleName ) }}_PROGRESSDURATION default duration of the progress bar (default=100ms) -{{ upper ( snakecase .ModuleName ) }}_RAPIDOCDOC enable Rapidoc for the OpenAPI viewer (default=false) -{{ upper ( snakecase .ModuleName ) }}_ELEMENTSDOC enable Elements for the OpenAPI viewer (default=false) +{{ upper ( snakecase .ModuleName ) }}_PROGRESS_DURATION default duration of the progress bar (default=100ms) +{{ upper ( snakecase .ModuleName ) }}_RAPIDOC_DOC enable Rapidoc for the OpenAPI viewer (default=false) +{{ upper ( snakecase .ModuleName ) }}_ELEMENTS_DOC enable Elements for the OpenAPI viewer (default=false) diff --git a/templates/core/app.env.tmpl b/templates/core/app.env.tmpl index 1314249..f1afd4b 100644 --- a/templates/core/app.env.tmpl +++ b/templates/core/app.env.tmpl @@ -1,7 +1,11 @@ -{{ lcfirst ( camelcase .ModuleName ) }}_PORT={{.Port}} -{{ lcfirst ( camelcase .ModuleName ) }}_API_KEYS= -{{ lcfirst ( camelcase .ModuleName ) }}_POLICY= -{{ lcfirst ( camelcase .ModuleName ) }}_OPA_SRV= -{{ lcfirst ( camelcase .ModuleName ) }}_REALM= -{{ lcfirst ( camelcase .ModuleName ) }}_CERT_PEM= -{{ lcfirst ( camelcase .ModuleName ) }}_KEY_PEM= +{{ upper ( snakecase .ModuleName ) }}_PORT={{.Port}} +{{ upper ( snakecase .ModuleName ) }}_API_KEYS= +{{ upper ( snakecase .ModuleName ) }}_POLICY= +{{ upper ( snakecase .ModuleName ) }}_OPA_SRV= +{{ upper ( snakecase .ModuleName ) }}_REALM= +{{ upper ( snakecase .ModuleName ) }}_CERT_PEM= +{{ upper ( snakecase .ModuleName ) }}_KEY_PEM= +{{ upper ( snakecase .ModuleName ) }}_STAFF_USER= +{{ upper ( snakecase .ModuleName ) }}_STAFF_PASSWORD= +{{ upper ( snakecase .ModuleName ) }}_PARTICIPANT_USER= +{{ upper ( snakecase .ModuleName ) }}_PARTICIPANT_PASSWORD= diff --git a/templates/middleware/policy.go.tmpl b/templates/middleware/policy.go.tmpl index e785009..6240c55 100644 --- a/templates/middleware/policy.go.tmpl +++ b/templates/middleware/policy.go.tmpl @@ -62,6 +62,13 @@ type Input map[string]interface{} func checkAuthorization(authorizationHeader string) (string, bool) { log.Debug().Msg("Check authorization") + + // If no user and no staff is configured, the role user is authorized by default + if core.AppConfig.ParticipantUser == "" && core.AppConfig.StaffUser == "" { + log.Debug().Msg("assign user") + return "user", true + } + parts := strings.Split(authorizationHeader, " ") if len(parts) < 2 { log.Debug().Msg("No authorizationHeader")