From 0b1ca6338f9cfe945312aba75c6fca7b94fb6ed1 Mon Sep 17 00:00:00 2001 From: Vargha Csongor Date: Fri, 17 May 2024 00:03:52 +0200 Subject: [PATCH] Create forward auth --- auth-service/auth.go | 23 ++++++++ auth-service/dockerfile | 3 + auth-service/go.mod | 10 ++++ auth-service/go.sum | 62 +++++++++++++++++++-- auth-service/main.go | 48 ++++++++++------ backend/dockerfile | 3 + backend/go.mod | 3 +- backend/go.sum | 4 ++ backend/handlers/viewFamilyTree.go | 2 +- backend/main.go | 4 +- deployment/auth-service/deployment.yaml | 5 ++ deployment/auth-service/forwardAuth.yaml | 11 ++++ deployment/auth-service/kustomization.yaml | 2 + deployment/backend/ingressRoute.yaml | 2 + frontend/src/lib/family_tree/dagreLayout.ts | 1 - 15 files changed, 156 insertions(+), 27 deletions(-) create mode 100644 auth-service/auth.go create mode 100644 deployment/auth-service/forwardAuth.yaml diff --git a/auth-service/auth.go b/auth-service/auth.go new file mode 100644 index 0000000..5e44d7b --- /dev/null +++ b/auth-service/auth.go @@ -0,0 +1,23 @@ +package main + +import ( + "net/http" + + "github.com/gin-gonic/gin" + "github.com/zitadel/zitadel-go/v3/pkg/authorization/oauth" + "github.com/zitadel/zitadel-go/v3/pkg/http/middleware" +) + +func auth(mw *middleware.Interceptor[*oauth.IntrospectionContext]) gin.HandlerFunc { + return func(c *gin.Context) { + mw.RequireAuthorization()(http.HandlerFunc(authHTTPHandler(mw, c))).ServeHTTP(c.Writer, c.Request) + } +} + +func authHTTPHandler(mw *middleware.Interceptor[*oauth.IntrospectionContext], c *gin.Context) func(w http.ResponseWriter, r *http.Request) { + return func(w http.ResponseWriter, r *http.Request) { + authCtx := mw.Context(r.Context()) + w.Header().Set("id", authCtx.UserID()) + c.JSON(http.StatusOK, gin.H{"id": authCtx.UserID(), "status": "ok"}) + } +} diff --git a/auth-service/dockerfile b/auth-service/dockerfile index 80c9381..fffd278 100644 --- a/auth-service/dockerfile +++ b/auth-service/dockerfile @@ -6,8 +6,11 @@ COPY . . RUN GOOS=linux GOARCH=arm64 go build -o auth-service +RUN apk update && apk add ca-certificates && update-ca-certificates + FROM arm64v8/busybox:1.36.1 +COPY --from=build /etc/ssl/certs /etc/ssl/certs COPY --from=build /app/auth-service /app/ CMD [ "/app/auth-service" ] \ No newline at end of file diff --git a/auth-service/go.mod b/auth-service/go.mod index 60d9bec..de346d4 100644 --- a/auth-service/go.mod +++ b/auth-service/go.mod @@ -6,6 +6,7 @@ require ( github.com/gin-contrib/cors v1.7.2 github.com/gin-gonic/gin v1.9.1 github.com/vcscsvcscs/GenerationsHeritage/utilities v0.0.0-20240414091827-ffde94d457cb + github.com/zitadel/zitadel-go/v3 v3.0.0-next.2 ) require ( @@ -15,10 +16,12 @@ require ( github.com/cloudwego/iasm v0.2.0 // indirect github.com/gabriel-vasile/mimetype v1.4.3 // indirect github.com/gin-contrib/sse v0.1.0 // indirect + github.com/go-jose/go-jose/v3 v3.0.1 // indirect github.com/go-playground/locales v0.14.1 // indirect github.com/go-playground/universal-translator v0.18.1 // indirect github.com/go-playground/validator/v10 v10.20.0 // indirect github.com/goccy/go-json v0.10.2 // indirect + github.com/gorilla/securecookie v1.1.2 // indirect github.com/json-iterator/go v1.1.12 // indirect github.com/klauspost/cpuid/v2 v2.2.7 // indirect github.com/kr/text v0.2.0 // indirect @@ -26,12 +29,19 @@ require ( github.com/mattn/go-isatty v0.0.20 // indirect github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect github.com/modern-go/reflect2 v1.0.2 // indirect + github.com/muhlemmer/gu v0.3.1 // indirect github.com/pelletier/go-toml/v2 v2.2.1 // indirect + github.com/sirupsen/logrus v1.9.3 // indirect github.com/twitchyliquid64/golang-asm v0.15.1 // indirect github.com/ugorji/go/codec v1.2.12 // indirect + github.com/zitadel/logging v0.5.0 // indirect + github.com/zitadel/oidc/v3 v3.5.1 // indirect + github.com/zitadel/schema v1.3.0 // indirect golang.org/x/arch v0.7.0 // indirect golang.org/x/crypto v0.22.0 // indirect + golang.org/x/exp v0.0.0-20240506185415-9bf2ced13842 // indirect golang.org/x/net v0.24.0 // indirect + golang.org/x/oauth2 v0.19.0 // indirect golang.org/x/sys v0.19.0 // indirect golang.org/x/text v0.14.0 // indirect google.golang.org/protobuf v1.34.0 // indirect diff --git a/auth-service/go.sum b/auth-service/go.sum index a5f84a3..d70d67b 100644 --- a/auth-service/go.sum +++ b/auth-service/go.sum @@ -18,6 +18,14 @@ github.com/gin-contrib/sse v0.1.0 h1:Y/yl/+YNO8GZSjAhjMsSuLt29uWRFHdHYUb5lYOV9qE github.com/gin-contrib/sse v0.1.0/go.mod h1:RHrZQHXnP2xjPF+u1gW/2HnVO7nvIa9PG3Gm+fLHvGI= github.com/gin-gonic/gin v1.9.1 h1:4idEAncQnU5cB7BeOkPtxjfCSye0AAm1R0RVIqJ+Jmg= github.com/gin-gonic/gin v1.9.1/go.mod h1:hPrL7YrpYKXt5YId3A/Tnip5kqbEAP+KLuI3SUcPTeU= +github.com/go-chi/chi/v5 v5.0.10 h1:rLz5avzKpjqxrYwXNfmjkrYYXOyLJd37pz53UFHC6vk= +github.com/go-chi/chi/v5 v5.0.10/go.mod h1:DslCQbL2OYiznFReuXYUmQ2hGd1aDpCnlMNITLSKoi8= +github.com/go-jose/go-jose/v3 v3.0.1 h1:pWmKFVtt+Jl0vBZTIpz/eAKwsm6LkIxDVVbFHKkchhA= +github.com/go-jose/go-jose/v3 v3.0.1/go.mod h1:RNkWWRld676jZEYoV3+XK8L2ZnNSvIsxFMht0mSX+u8= +github.com/go-logr/logr v1.3.0 h1:2y3SDp0ZXuc6/cjLSZ+Q3ir+QB9T/iG5yYRXqsagWSY= +github.com/go-logr/logr v1.3.0/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY= +github.com/go-logr/stdr v1.2.2 h1:hSWxHoqTgW2S2qGc0LTAI563KZ5YKYRhT3MFKZMbjag= +github.com/go-logr/stdr v1.2.2/go.mod h1:mMo/vtBO5dYbehREoey6XUKy/eSumjCCveDpRre4VKE= github.com/go-playground/assert/v2 v2.2.0 h1:JvknZsQTYeFEAhQwI4qEt9cyV5ONwRHC+lYKSsYSR8s= github.com/go-playground/assert/v2 v2.2.0/go.mod h1:VDjEfimB/XKnb+ZQfWdccd7VUvScMdVu0Titje2rxJ4= github.com/go-playground/locales v0.14.1 h1:EWaQ/wswjilfKLTECiXz7Rh+3BjFhfDFKv/oXslEjJA= @@ -28,9 +36,18 @@ github.com/go-playground/validator/v10 v10.20.0 h1:K9ISHbSaI0lyB2eWMPJo+kOS/FBEx github.com/go-playground/validator/v10 v10.20.0/go.mod h1:dbuPbCMFw/DrkbEynArYaCwl3amGuJotoKCe95atGMM= github.com/goccy/go-json v0.10.2 h1:CrxCmQqYDkv1z7lO7Wbh2HN93uovUHgrECaO5ZrCXAU= github.com/goccy/go-json v0.10.2/go.mod h1:6MelG93GURQebXPDq3khkgXZkazVtN9CRI+MGFi0w8I= -github.com/google/go-cmp v0.5.5 h1:Khx7svrCpmxxtHBq5j2mp/xVjsi8hQMfNLvJFAlrGgU= -github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= +github.com/google/go-cmp v0.5.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= +github.com/google/go-cmp v0.6.0 h1:ofyhxvXcZhMsU5ulbFiLKl/XBFqE1GSq7atu8tAmTRI= +github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= +github.com/google/gofuzz v1.2.0 h1:xRy4A+RhZaiKjJ1bPfwQ8sedCA+YS2YcCHW6ec7JMi0= +github.com/google/gofuzz v1.2.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= +github.com/google/uuid v1.5.0 h1:1p67kYwdtXjb0gL0BPiP1Av9wiZPo5A8z2cWkTZ+eyU= +github.com/google/uuid v1.5.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= +github.com/gorilla/securecookie v1.1.2 h1:YCIWL56dvtr73r6715mJs5ZvhtnY73hBvEF8kXD8ePA= +github.com/gorilla/securecookie v1.1.2/go.mod h1:NfCASbcHqRSY+3a8tlWJwsQap2VX5pwzwo4h3eOamfo= +github.com/jeremija/gosubmit v0.2.7 h1:At0OhGCFGPXyjPYAsCchoBUhE099pcBXmsb4iZqROIc= +github.com/jeremija/gosubmit v0.2.7/go.mod h1:Ui+HS073lCFREXBbdfrJzMB57OI/bdxTiLtrDHHhFPI= github.com/json-iterator/go v1.1.12 h1:PV8peI4a0ysnczrg+LtxykD8LfKY9ML6u2jnxaEnrnM= github.com/json-iterator/go v1.1.12/go.mod h1:e30LSqwooZae/UwlEbR2852Gd8hjQvJoHmT4TnhNGBo= github.com/klauspost/cpuid/v2 v2.0.9/go.mod h1:FInQzS24/EEf25PyTYn52gqo7WaD8xa0213Md/qVLRg= @@ -50,17 +67,26 @@ github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd h1:TRLaZ9cD/w github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q= github.com/modern-go/reflect2 v1.0.2 h1:xBagoLtFs94CBntxluKeaWgTMpvLxC4ur3nMaC9Gz0M= github.com/modern-go/reflect2 v1.0.2/go.mod h1:yWuevngMOJpCy52FWWMvUC8ws7m/LJsjYzDa0/r8luk= +github.com/muhlemmer/gu v0.3.1 h1:7EAqmFrW7n3hETvuAdmFmn4hS8W+z3LgKtrnow+YzNM= +github.com/muhlemmer/gu v0.3.1/go.mod h1:YHtHR+gxM+bKEIIs7Hmi9sPT3ZDUvTN/i88wQpZkrdM= +github.com/muhlemmer/httpforwarded v0.1.0 h1:x4DLrzXdliq8mprgUMR0olDvHGkou5BJsK/vWUetyzY= +github.com/muhlemmer/httpforwarded v0.1.0/go.mod h1:yo9czKedo2pdZhoXe+yDkGVbU0TJ0q9oQ90BVoDEtw0= github.com/pelletier/go-toml/v2 v2.2.1 h1:9TA9+T8+8CUCO2+WYnDLCgrYi9+omqKXyjDtosvtEhg= github.com/pelletier/go-toml/v2 v2.2.1/go.mod h1:1t835xjRzz80PqgE6HHgN2JOsmgYu/h4qDAS4n929Rs= github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= -github.com/rogpeppe/go-internal v1.8.0 h1:FCbCCtXNOY3UtUuHUYaghJg4y7Fd14rXifAYUAtL9R8= -github.com/rogpeppe/go-internal v1.8.0/go.mod h1:WmiCO8CzOY8rg0OYDC4/i/2WRWAB6poM+XZ2dLUbcbE= +github.com/rogpeppe/go-internal v1.11.0 h1:cWPaGQEPrBb5/AsnsZesgZZ9yb1OQ+GOISoDNXVBh4M= +github.com/rogpeppe/go-internal v1.11.0/go.mod h1:ddIwULY96R17DhadqLgMfk9H9tvdUzkipdSkR5nkCZA= +github.com/rs/cors v1.10.1 h1:L0uuZVXIKlI1SShY2nhFfo44TYvDPQ1w4oFkUJNfhyo= +github.com/rs/cors v1.10.1/go.mod h1:XyqrcTp5zjWr1wsJ8PIRZssZ8b/WMcMf71DJnit4EMU= +github.com/sirupsen/logrus v1.9.3 h1:dueUQJ1C2q9oE3F7wvmSGAaVtTmUizReu6fjN8uqzbQ= +github.com/sirupsen/logrus v1.9.3/go.mod h1:naHLuLoDiP4jHNo9R0sCBMtWGeIprob74mVsIT4qYEQ= github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw= github.com/stretchr/objx v0.5.0/go.mod h1:Yh+to48EsGEfYuaHDzXPcE3xhTkx73EhmCGUpEOglKo= github.com/stretchr/objx v0.5.2/go.mod h1:FRsXN1f5AsAjCGJKqEizvkpNtU+EGNCLh3NxZ/8L+MA= github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI= +github.com/stretchr/testify v1.6.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU= @@ -74,26 +100,52 @@ github.com/ugorji/go/codec v1.2.12 h1:9LC83zGrHhuUA9l16C9AHXAqEV/2wBQ4nkvumAE65E github.com/ugorji/go/codec v1.2.12/go.mod h1:UNopzCgEMSXjBc6AOMqYvWC1ktqTAfzJZUZgYf6w6lg= github.com/vcscsvcscs/GenerationsHeritage/utilities v0.0.0-20240414091827-ffde94d457cb h1:fU736we2gQQRMOWP/su7sCiUFmrXTKBN0s8LG5k7bOE= github.com/vcscsvcscs/GenerationsHeritage/utilities v0.0.0-20240414091827-ffde94d457cb/go.mod h1:aQlmG6BiGFmOFxzAkWTJDzm1EzdCJ4OEETXTUkWJaLk= +github.com/zitadel/logging v0.5.0 h1:Kunouvqse/efXy4UDvFw5s3vP+Z4AlHo3y8wF7stXHA= +github.com/zitadel/logging v0.5.0/go.mod h1:IzP5fzwFhzzyxHkSmfF8dsyqFsQRJLLcQmwhIBzlGsE= +github.com/zitadel/oidc/v3 v3.5.1 h1:7gyrxRNqX5eZYai2KhzPj8MhBZ7I3YpviQeX1Lp4j4U= +github.com/zitadel/oidc/v3 v3.5.1/go.mod h1:R8sF5DPR98QQnOoyySsaNqI4NcF/VFMkf/XoYiBUuXQ= +github.com/zitadel/schema v1.3.0 h1:kQ9W9tvIwZICCKWcMvCEweXET1OcOyGEuFbHs4o5kg0= +github.com/zitadel/schema v1.3.0/go.mod h1:NptN6mkBDFvERUCvZHlvWmmME+gmZ44xzwRXwhzsbtc= +github.com/zitadel/zitadel-go/v3 v3.0.0-next.2 h1:w0lnLvijwQwkrUEA74loenNR9udRAaq6rccjlMSA+4U= +github.com/zitadel/zitadel-go/v3 v3.0.0-next.2/go.mod h1:SY9IZuDw/766mwEobCX7JNwXawIQxVseo679JG1U0c0= +go.opentelemetry.io/otel v1.21.0 h1:hzLeKBZEL7Okw2mGzZ0cc4k/A7Fta0uoPgaJCr8fsFc= +go.opentelemetry.io/otel v1.21.0/go.mod h1:QZzNPQPm1zLX4gZK4cMi+71eaorMSGT3A4znnUvNNEo= +go.opentelemetry.io/otel/metric v1.21.0 h1:tlYWfeo+Bocx5kLEloTjbcDwBuELRrIFxwdQ36PlJu4= +go.opentelemetry.io/otel/metric v1.21.0/go.mod h1:o1p3CA8nNHW8j5yuQLdc1eeqEaPfzug24uvsyIEJRWM= +go.opentelemetry.io/otel/trace v1.21.0 h1:WD9i5gzvoUPuXIXH24ZNBudiarZDKuekPqi/E8fpfLc= +go.opentelemetry.io/otel/trace v1.21.0/go.mod h1:LGbsEB0f9LGjN+OZaQQ26sohbOmiMR+BaslueVtS/qQ= golang.org/x/arch v0.0.0-20210923205945-b76863e36670/go.mod h1:5om86z9Hs0C8fWVUuoMHwpExlXzs5Tkyp9hOrfG7pp8= golang.org/x/arch v0.7.0 h1:pskyeJh/3AmoQ8CPE95vxHLqp1G1GfGNXTmcl9NEKTc= golang.org/x/arch v0.7.0/go.mod h1:FEVrYAQjsQXMVJ1nsMoVVXPZg6p2JE2mx8psSWTDQys= +golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= +golang.org/x/crypto v0.0.0-20190911031432-227b76d455e7/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= golang.org/x/crypto v0.22.0 h1:g1v0xeRhjcugydODzvb3mEM9SQ0HGp9s/nh3COQ/C30= golang.org/x/crypto v0.22.0/go.mod h1:vr6Su+7cTlO45qkww3VDJlzDn0ctJvRgYbC2NvXHt+M= +golang.org/x/exp v0.0.0-20240506185415-9bf2ced13842 h1:vr/HnozRka3pE4EsMEg1lgkXJkTFJCVUX+S/ZT6wYzM= +golang.org/x/exp v0.0.0-20240506185415-9bf2ced13842/go.mod h1:XtvwrStGgqGPLc4cjQfWqZHG1YFdYs6swckp8vpsjnc= +golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= golang.org/x/net v0.24.0 h1:1PcaxkF854Fu3+lvBIx5SYn9wRlBzzcnHZSiaFFAb0w= golang.org/x/net v0.24.0/go.mod h1:2Q7sJY5mzlzWjKtYUEXSlBWCdyaioyXzRB2RtU8KVE8= +golang.org/x/oauth2 v0.19.0 h1:9+E/EZBCbTLNrbN35fHv/a/d/mOBatymz1zbtQrXpIg= +golang.org/x/oauth2 v0.19.0/go.mod h1:vYi7skDa1x015PmRRYZ7+s1cWyPgrPiSYRe4rnsexc8= +golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= +golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.19.0 h1:q5f1RH2jigJ1MoAWp2KTp3gm5zAGFUTarQZ5U386+4o= golang.org/x/sys v0.19.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= +golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.14.0 h1:ScX5w1eTa3QqT8oi6+ziP7dTV1S2+ALU0bI+0zXKWiQ= golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU= -golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543 h1:E7g+9GITq07hpfrRu66IVDexMakfv52eLZ2CXBWiKr4= golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= google.golang.org/protobuf v1.34.0 h1:Qo/qEd2RZPCf2nKuorzksSknv0d3ERwp1vFG38gSmH4= google.golang.org/protobuf v1.34.0/go.mod h1:c6P6GXX6sHbq/GpV6MGZEdwhWPcYBgnhAHhKbcUYpos= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk= gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q= +gopkg.in/yaml.v2 v2.2.8 h1:obN1ZagJSUGI0Ek/LBmuj4SNLPfIny3KsKFopxRdj10= +gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA= gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= diff --git a/auth-service/main.go b/auth-service/main.go index ed92495..6e9da79 100644 --- a/auth-service/main.go +++ b/auth-service/main.go @@ -9,24 +9,27 @@ import ( "syscall" "time" - "github.com/gin-contrib/cors" "github.com/gin-gonic/gin" "github.com/vcscsvcscs/GenerationsHeritage/utilities" "github.com/vcscsvcscs/GenerationsHeritage/utilities/gin_liveness" + + "github.com/zitadel/zitadel-go/v3/pkg/authorization" + "github.com/zitadel/zitadel-go/v3/pkg/authorization/oauth" + "github.com/zitadel/zitadel-go/v3/pkg/http/middleware" + "github.com/zitadel/zitadel-go/v3/pkg/zitadel" ) var ( - cert = flag.String("cert", "/etc/gh-backend/ssl/tls.crt", "Specify the path of TLS cert") - key = flag.String("key", "/etc/gh-backend/ssl/tls.key", "Specify the path of TLS key") - httpsPort = flag.String("https", ":443", "Specify port for http secure hosting(example for format :443)") - httpPort = flag.String("http", ":80", "Specify port for http hosting(example for format :80)") - memgraphURI = flag.String("memgraph", "bolt+ssc://memgraph:7687", "Specify the Memgraph database URI") - memgraphUser = flag.String("memgraph-user", "", "Specify the Memgraph database user") - memgraphPass = flag.String("memgraph-pass", "", "Specify the Memgraph database password") - release = flag.Bool("release", false, "Set true to release build") - logToFile = flag.Bool("log-to-file", false, "Set true to log to file") - logToFileAndStd = flag.Bool("log-to-file-and-std", false, "Set true to log to file and std") - requestTimeout = time.Duration(*flag.Int("request-timeout", 20, "Set request timeout in seconds")) + cert = flag.String("cert", "/etc/gh-auth-service/ssl/tls.crt", "Specify the path of TLS cert") + key = flag.String("key", "/etc/gh-auth-service/ssl/tls.key", "Specify the path of TLS key") + zitadelAccessKey = flag.String("zitadel-access-key", "/etc/gh-auth-service/zitadel/api-key.json", "Specify the path of Zitadel access key") + httpsPort = flag.String("https", ":443", "Specify port for http secure hosting(example for format :443)") + httpPort = flag.String("http", ":80", "Specify port for http hosting(example for format :80)") + zitadelURI = flag.String("zitadel-uri", "zitadel.varghacsongor.hu", "Specify the Zitadel URI") + release = flag.Bool("release", false, "Set true to release build") + logToFile = flag.Bool("log-to-file", false, "Set true to log to file") + logToFileAndStd = flag.Bool("log-to-file-and-std", false, "Set true to log to file and std") + requestTimeout = time.Duration(*flag.Int("request-timeout", 20, "Set request timeout in seconds")) ) func main() { @@ -40,12 +43,23 @@ func main() { hc := gin_liveness.New() router := gin.Default() - router.Use(cors.New(cors.Config{ - AllowOrigins: []string{"http://localhost:5173", "http://localhost"}, - AllowCredentials: true, - MaxAge: 12 * time.Hour, - })) + router.Use(gin.Recovery()) + + ctx := context.Background() + + // Initiate the authorization by providing a zitadel configuration and a verifier. + // This example will use OAuth2 Introspection for this, therefore you will also need to provide the downloaded api key.json + authZ, err := authorization.New(ctx, zitadel.New(*zitadelURI), oauth.DefaultAuthorization(*zitadelAccessKey)) + if err != nil { + log.Println("zitadel sdk could not initialize", "error", err) + os.Exit(1) + } + + // Initialize the HTTP middleware by providing the authorization + mw := middleware.New(authZ) + router.GET("/health", hc.HealthCheckHandler()) + router.GET("/auth", auth(mw)) server := utilities.SetupHttpsServer(router, *cert, *key, *httpsPort, *httpPort, requestTimeout) diff --git a/backend/dockerfile b/backend/dockerfile index 2af4a37..d1ff741 100644 --- a/backend/dockerfile +++ b/backend/dockerfile @@ -6,8 +6,11 @@ COPY . . RUN GOOS=linux GOARCH=arm64 go build -o backend +RUN apk update && apk add ca-certificates && update-ca-certificates + FROM arm64v8/busybox:1.36.1 +COPY --from=build /etc/ssl/certs /etc/ssl/certs COPY --from=build /app/backend /app/ CMD [ "/app/backend" ] \ No newline at end of file diff --git a/backend/go.mod b/backend/go.mod index 90df4ad..fcf6ff7 100644 --- a/backend/go.mod +++ b/backend/go.mod @@ -7,7 +7,7 @@ require ( github.com/google/uuid v1.6.0 github.com/neo4j/neo4j-go-driver/v5 v5.19.0 github.com/vcscsvcscs/GenerationsHeritage/utilities v0.0.0-20240414091827-ffde94d457cb - golang.org/x/net v0.22.0 + golang.org/x/net v0.23.0 ) require ( @@ -30,6 +30,7 @@ require ( github.com/pelletier/go-toml/v2 v2.2.0 // indirect github.com/twitchyliquid64/golang-asm v0.15.1 // indirect github.com/ugorji/go/codec v1.2.12 // indirect + github.com/zitadel/zitadel-go/v2 v2.2.3 // indirect golang.org/x/arch v0.7.0 // indirect golang.org/x/crypto v0.21.0 // indirect golang.org/x/sys v0.18.0 // indirect diff --git a/backend/go.sum b/backend/go.sum index 6fa7052..ae6008d 100644 --- a/backend/go.sum +++ b/backend/go.sum @@ -76,6 +76,8 @@ github.com/vcscsvcscs/GenerationsHeritage/utilities v0.0.0-20240413225529-30321b github.com/vcscsvcscs/GenerationsHeritage/utilities v0.0.0-20240413225529-30321ba5d7e7/go.mod h1:8byGXK+Csy5RCmHrvdMIzS8oVuvkr9Ech2PqLrad7os= github.com/vcscsvcscs/GenerationsHeritage/utilities v0.0.0-20240414091827-ffde94d457cb h1:fU736we2gQQRMOWP/su7sCiUFmrXTKBN0s8LG5k7bOE= github.com/vcscsvcscs/GenerationsHeritage/utilities v0.0.0-20240414091827-ffde94d457cb/go.mod h1:aQlmG6BiGFmOFxzAkWTJDzm1EzdCJ4OEETXTUkWJaLk= +github.com/zitadel/zitadel-go/v2 v2.2.3 h1:A7XDaTQSkaMz4U/v0Il/c+POp946PowrotNDlOfQU1k= +github.com/zitadel/zitadel-go/v2 v2.2.3/go.mod h1:8cdeqkMW5nBqQLU8U3Ww5f6B92d9YkHeMd8Dhc+PpUs= golang.org/x/arch v0.0.0-20210923205945-b76863e36670/go.mod h1:5om86z9Hs0C8fWVUuoMHwpExlXzs5Tkyp9hOrfG7pp8= golang.org/x/arch v0.7.0 h1:pskyeJh/3AmoQ8CPE95vxHLqp1G1GfGNXTmcl9NEKTc= golang.org/x/arch v0.7.0/go.mod h1:FEVrYAQjsQXMVJ1nsMoVVXPZg6p2JE2mx8psSWTDQys= @@ -83,6 +85,8 @@ golang.org/x/crypto v0.21.0 h1:X31++rzVUdKhX5sWmSOFZxx8UW/ldWx55cbf08iNAMA= golang.org/x/crypto v0.21.0/go.mod h1:0BP7YvVV9gBbVKyeTG0Gyn+gZm94bibOW5BjDEYAOMs= golang.org/x/net v0.22.0 h1:9sGLhx7iRIHEiX0oAJ3MRZMUCElJgy7Br1nO+AMN3Tc= golang.org/x/net v0.22.0/go.mod h1:JKghWKKOSdJwpW2GEx0Ja7fmaKnMsbu+MWVZTokSYmg= +golang.org/x/net v0.23.0 h1:7EYJ93RZ9vYSZAIb2x3lnuvqO5zneoD6IvWjuhfxjTs= +golang.org/x/net v0.23.0/go.mod h1:JKghWKKOSdJwpW2GEx0Ja7fmaKnMsbu+MWVZTokSYmg= golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.18.0 h1:DBdB3niSjOA/O0blCZBqDefyWNYveAYMNF1Wum0DYQ4= diff --git a/backend/handlers/viewFamilyTree.go b/backend/handlers/viewFamilyTree.go index e013390..3f4cf27 100644 --- a/backend/handlers/viewFamilyTree.go +++ b/backend/handlers/viewFamilyTree.go @@ -18,7 +18,7 @@ func ViewFamiliyTree(driver neo4j.DriverWithContext) gin.HandlerFunc { session := driver.NewSession(ctx, neo4j.SessionConfig{AccessMode: neo4j.AccessModeRead}) defer session.Close(ctx) - id := c.Query("id") // change to c.GetHeader("User-ID") + id := c.Request.Header.Get("id") if id == "" { c.JSON(http.StatusBadRequest, gin.H{"error": "id is required"}) diff --git a/backend/main.go b/backend/main.go index 65155fe..a64c01d 100644 --- a/backend/main.go +++ b/backend/main.go @@ -45,9 +45,9 @@ func main() { router := gin.Default() router.Use(cors.New(cors.Config{ - AllowOrigins: []string{"http://localhost:5173", "http://localhost", "https://feature-add-frontend.generationsheritage.pages.dev/", "https://csalad.varghacsongor.hu/"}, + AllowOrigins: []string{"http://localhost:5173", "http://localhost", "https://heritagebackend.varghacsongor.hu", "https://feature-add-frontend.generationsheritage.pages.dev/", "https://csalad.varghacsongor.hu/"}, AllowCredentials: true, - AllowHeaders: []string{"Authorization"}, + AllowHeaders: []string{"Authorization", "id", "Content-Type"}, MaxAge: 12 * time.Hour, })) router.GET("/health", hc.HealthCheckHandler()) diff --git a/deployment/auth-service/deployment.yaml b/deployment/auth-service/deployment.yaml index 4305954..c1c4903 100644 --- a/deployment/auth-service/deployment.yaml +++ b/deployment/auth-service/deployment.yaml @@ -40,7 +40,12 @@ spec: volumeMounts: - name: gh-auth-service-certs mountPath: /etc/gh-auth-service/ssl + - name: zitadel-service-account + mountPath: /etc/gh-auth-service/zitadel volumes: - name: gh-auth-service-certs secret: secretName: gh-auth-service-tls + - name: zitadel-service-account + secret: + secretName: zitadel-service-account diff --git a/deployment/auth-service/forwardAuth.yaml b/deployment/auth-service/forwardAuth.yaml new file mode 100644 index 0000000..da3becd --- /dev/null +++ b/deployment/auth-service/forwardAuth.yaml @@ -0,0 +1,11 @@ +apiVersion: traefik.io/v1alpha1 +kind: Middleware +metadata: + name: auth-service +spec: + forwardAuth: + address: https://gh-auth-service/auth + authResponseHeaders: + - id + tls: + insecureSkipVerify: true \ No newline at end of file diff --git a/deployment/auth-service/kustomization.yaml b/deployment/auth-service/kustomization.yaml index 9f8832a..a44c068 100644 --- a/deployment/auth-service/kustomization.yaml +++ b/deployment/auth-service/kustomization.yaml @@ -4,6 +4,8 @@ namespace: generations-heritage resources: - ./certificate.yaml + - ./zitadel-acces-key.yaml - ./deployment.yaml - ./service.yaml - ./horizontalPodAutoScaler.yaml + - ./forwardAuth.yaml diff --git a/deployment/backend/ingressRoute.yaml b/deployment/backend/ingressRoute.yaml index 87ee565..e865c6b 100644 --- a/deployment/backend/ingressRoute.yaml +++ b/deployment/backend/ingressRoute.yaml @@ -11,6 +11,8 @@ spec: routes: - kind: Rule match: Host(`heritagebackend.varghacsongor.hu`) + middlewares: + - name: auth-service services: - name: gh-backend port: 443 diff --git a/frontend/src/lib/family_tree/dagreLayout.ts b/frontend/src/lib/family_tree/dagreLayout.ts index 1476561..7cf5557 100644 --- a/frontend/src/lib/family_tree/dagreLayout.ts +++ b/frontend/src/lib/family_tree/dagreLayout.ts @@ -1,6 +1,5 @@ import dagre from '@dagrejs/dagre'; import { Position, type Node, type Edge } from '@xyflow/svelte'; -import { onMount } from 'svelte'; const dagreGraph = new dagre.graphlib.Graph();