Merge pull request #3 from kriten-io/feat/api-tokens

Feat/api tokens
kriten-io · Jun 6, 2024 · 3d75ff1 · 3d75ff1
2 parents 645aa9f + fe16a22
commit 3d75ff1
Show file tree

Hide file tree

Showing 23 changed files with 605 additions and 56 deletions.
diff --git a/.env b/.env
@@ -14,9 +14,10 @@ LDAP_FQDN      = ""
 LDAP_PORT      = 389  # 636 for TLS
 LDAP_BASE_DN   = ""
 
-# JWT configs
+# JWT and API configs
 JWT_KEY = ""
 JWT_EXPIRY_SECONDS = 3600 # value in seconds, 3600 seconds = 1 hour
+API_SECRET_KEY = ""
 
 # Postgres connection config
 DB_NAME = ""

diff --git a/config/config.go b/config/config.go
@@ -42,24 +42,24 @@ type DBConfig struct {
 // }
 
 type Config struct {
-	Environment  string
-	AdminsSecret string
-	RootSecret   string
-	DebugMode    bool // Not currently used
-	LDAP         LDAPConfig
-	Kube         KubeConfig
-	JWT          JWTConfig
-	DB           DBConfig
+	Environment string
+	RootSecret  string
+	APISecret   string
+	DebugMode   bool // Not currently used
+	LDAP        LDAPConfig
+	Kube        KubeConfig
+	JWT         JWTConfig
+	DB          DBConfig
 	// ElasticSearch    ESConfig
 }
 
 // New returns a new Config struct
 func NewConfig(gitBranch string) Config {
 	return Config{
-		Environment:  getEnv("ENV", "development"),
-		AdminsSecret: getEnv("ADMINS_SECRET", "kriten-admins"),
-		RootSecret:   getEnv("ROOT_SECRET", "kriten-root"),
-		DebugMode:    getEnvAsBool("DEBUG_MODE", true),
+		Environment: getEnv("ENV", "development"),
+		RootSecret:  getEnv("ROOT_SECRET", "kriten-root"),
+		APISecret:   getEnv("API_SECRET_KEY", "api-secret"),
+		DebugMode:   getEnvAsBool("DEBUG_MODE", true),
 		LDAP: LDAPConfig{
 			BindUser: getEnv("LDAP_BIND_USER", ""),
 			BindPass: getEnv("LDAP_BIND_PASS", ""),

diff --git a/config/db.go b/config/db.go
@@ -15,6 +15,7 @@ func InitDB(db *gorm.DB) {
 		&models.Role{},
 		&models.RoleBinding{},
 		&models.User{},
+		&models.ApiToken{},
 	)
 	if err != nil {
 		log.Println("Error during Postgres AutoMigrate")

diff --git a/controllers/audit.go b/controllers/audit.go
@@ -25,7 +25,7 @@ func NewAuditController(als services.AuditService, as services.AuthService) Audi
 
 func (ac *AuditController) SetAuditRoutes(rg *gin.RouterGroup, config config.Config) {
 	r := rg.Group("").Use(
-		middlewares.AuthenticationMiddleware(config.JWT))
+		middlewares.AuthenticationMiddleware(ac.AuthService, config.JWT))
 
 	r.Use(middlewares.AuthorizationMiddleware(ac.AuthService, "audit", "read"))
 	{

diff --git a/controllers/cronjobs.go b/controllers/cronjobs.go
@@ -29,7 +29,7 @@ func NewCronJobController(js services.CronJobService, as services.AuthService, a
 
 func (jc *CronJobController) SetCronJobRoutes(rg *gin.RouterGroup, config config.Config) {
 	r := rg.Group("").Use(
-		middlewares.AuthenticationMiddleware(config.JWT))
+		middlewares.AuthenticationMiddleware(jc.AuthService, config.JWT))
 
 	r.GET("", middlewares.SetAuthorizationListMiddleware(jc.AuthService, "cronjobs"), jc.ListCronJobs)
 	r.GET("/:id", middlewares.AuthorizationMiddleware(jc.AuthService, "cronjobs", "read"), jc.GetCronJob)

diff --git a/controllers/groups.go b/controllers/groups.go
@@ -33,7 +33,7 @@ func NewGroupController(groupService services.GroupService, as services.AuthServ
 
 func (uc *GroupController) SetGroupRoutes(rg *gin.RouterGroup, config config.Config) {
 	r := rg.Group("").Use(
-		middlewares.AuthenticationMiddleware(config.JWT))
+		middlewares.AuthenticationMiddleware(uc.AuthService, config.JWT))
 
 	r.GET("", middlewares.SetAuthorizationListMiddleware(uc.AuthService, "groups"), uc.ListGroups)
 	r.GET("/:id", middlewares.AuthorizationMiddleware(uc.AuthService, "groups", "read"), uc.GetGroup)

diff --git a/controllers/job.go b/controllers/job.go
@@ -29,7 +29,7 @@ func NewJobController(js services.JobService, as services.AuthService, als servi
 
 func (jc *JobController) SetJobRoutes(rg *gin.RouterGroup, config config.Config) {
 	r := rg.Group("").Use(
-		middlewares.AuthenticationMiddleware(config.JWT))
+		middlewares.AuthenticationMiddleware(jc.AuthService, config.JWT))
 
 	r.GET("", middlewares.SetAuthorizationListMiddleware(jc.AuthService, "jobs"), jc.ListJobs)
 	r.GET("/:id", middlewares.AuthorizationMiddleware(jc.AuthService, "jobs", "read"), jc.GetJob)

diff --git a/controllers/role_bindings.go b/controllers/role_bindings.go
@@ -36,7 +36,7 @@ func NewRoleBindingController(rbs services.RoleBindingService, as services.AuthS
 
 func (rc *RoleBindingController) SetRoleBindingRoutes(rg *gin.RouterGroup, config config.Config) {
 	r := rg.Group("").Use(
-		middlewares.AuthenticationMiddleware(config.JWT))
+		middlewares.AuthenticationMiddleware(rc.AuthService, config.JWT))
 
 	r.GET("", middlewares.SetAuthorizationListMiddleware(rc.AuthService, "role_bindings"), rc.ListRoleBindings)
 	r.GET("/:id", middlewares.AuthorizationMiddleware(rc.AuthService, "role_bindings", "read"), rc.GetRoleBinding)

diff --git a/controllers/roles.go b/controllers/roles.go
@@ -35,7 +35,7 @@ func NewRoleController(rs services.RoleService, as services.AuthService, als ser
 
 func (rc *RoleController) SetRoleRoutes(rg *gin.RouterGroup, config config.Config) {
 	r := rg.Group("").Use(
-		middlewares.AuthenticationMiddleware(config.JWT))
+		middlewares.AuthenticationMiddleware(rc.AuthService, config.JWT))
 
 	r.GET("", middlewares.SetAuthorizationListMiddleware(rc.AuthService, "roles"), rc.ListRoles)
 	r.GET("/:id", middlewares.AuthorizationMiddleware(rc.AuthService, "roles", "read"), rc.GetRole)

diff --git a/controllers/runner.go b/controllers/runner.go
@@ -30,7 +30,7 @@ func NewRunnerController(rs services.RunnerService, as services.AuthService, als
 
 func (rc *RunnerController) SetRunnerRoutes(rg *gin.RouterGroup, config config.Config) {
 	r := rg.Group("").Use(
-		middlewares.AuthenticationMiddleware(config.JWT))
+		middlewares.AuthenticationMiddleware(rc.AuthService, config.JWT))
 
 	r.GET("", middlewares.SetAuthorizationListMiddleware(rc.AuthService, "runners"), rc.ListRunners)
 	r.GET("/:id", middlewares.AuthorizationMiddleware(rc.AuthService, "runners", "read"), rc.GetRunner)

diff --git a/controllers/task.go b/controllers/task.go
@@ -31,7 +31,7 @@ func NewTaskController(taskservice services.TaskService, as services.AuthService
 
 func (tc *TaskController) SetTaskRoutes(rg *gin.RouterGroup, config config.Config) {
 	r := rg.Group("").Use(
-		middlewares.AuthenticationMiddleware(config.JWT))
+		middlewares.AuthenticationMiddleware(tc.AuthService, config.JWT))
 
 	r.GET("", middlewares.SetAuthorizationListMiddleware(tc.AuthService, "tasks"), tc.ListTasks)
 	r.GET("/:id", middlewares.AuthorizationMiddleware(tc.AuthService, "tasks", "read"), tc.GetTask)