Create forward auth

auth-service/main.go

@@ -9,24 +9,27 @@ import (
 	"syscall"
 	"time"
 
-	"github.com/gin-contrib/cors"
 	"github.com/gin-gonic/gin"
 	"github.com/vcscsvcscs/GenerationsHeritage/utilities"
 	"github.com/vcscsvcscs/GenerationsHeritage/utilities/gin_liveness"
+
+	"github.com/zitadel/zitadel-go/v3/pkg/authorization"
+	"github.com/zitadel/zitadel-go/v3/pkg/authorization/oauth"
+	"github.com/zitadel/zitadel-go/v3/pkg/http/middleware"
+	"github.com/zitadel/zitadel-go/v3/pkg/zitadel"
 )
 
 var (
-	cert            = flag.String("cert", "/etc/gh-backend/ssl/tls.crt", "Specify the path of TLS cert")
-	key             = flag.String("key", "/etc/gh-backend/ssl/tls.key", "Specify the path of TLS key")
-	httpsPort       = flag.String("https", ":443", "Specify port for http secure hosting(example for format :443)")
-	httpPort        = flag.String("http", ":80", "Specify port for http hosting(example for format :80)")
-	memgraphURI     = flag.String("memgraph", "bolt+ssc://memgraph:7687", "Specify the Memgraph database URI")
-	memgraphUser    = flag.String("memgraph-user", "", "Specify the Memgraph database user")
-	memgraphPass    = flag.String("memgraph-pass", "", "Specify the Memgraph database password")
-	release         = flag.Bool("release", false, "Set true to release build")
-	logToFile       = flag.Bool("log-to-file", false, "Set true to log to file")
-	logToFileAndStd = flag.Bool("log-to-file-and-std", false, "Set true to log to file and std")
-	requestTimeout  = time.Duration(*flag.Int("request-timeout", 20, "Set request timeout in seconds"))
+	cert             = flag.String("cert", "/etc/gh-auth-service/ssl/tls.crt", "Specify the path of TLS cert")
+	key              = flag.String("key", "/etc/gh-auth-service/ssl/tls.key", "Specify the path of TLS key")
+	zitadelAccessKey = flag.String("zitadel-access-key", "/etc/gh-auth-service/zitadel/api-key.json", "Specify the path of Zitadel access key")
+	httpsPort        = flag.String("https", ":443", "Specify port for http secure hosting(example for format :443)")
+	httpPort         = flag.String("http", ":80", "Specify port for http hosting(example for format :80)")
+	zitadelURI       = flag.String("zitadel-uri", "zitadel.varghacsongor.hu", "Specify the Zitadel URI")
+	release          = flag.Bool("release", false, "Set true to release build")
+	logToFile        = flag.Bool("log-to-file", false, "Set true to log to file")
+	logToFileAndStd  = flag.Bool("log-to-file-and-std", false, "Set true to log to file and std")
+	requestTimeout   = time.Duration(*flag.Int("request-timeout", 20, "Set request timeout in seconds"))
 )
 
 func main() {
@@ -40,12 +43,23 @@ func main() {
 	hc := gin_liveness.New()
 
 	router := gin.Default()
-	router.Use(cors.New(cors.Config{
-		AllowOrigins:     []string{"http://localhost:5173", "http://localhost"},
-		AllowCredentials: true,
-		MaxAge:           12 * time.Hour,
-	}))
+	router.Use(gin.Recovery())
+
+	ctx := context.Background()
+
+	// Initiate the authorization by providing a zitadel configuration and a verifier.
+	// This example will use OAuth2 Introspection for this, therefore you will also need to provide the downloaded api key.json
+	authZ, err := authorization.New(ctx, zitadel.New(*zitadelURI), oauth.DefaultAuthorization(*zitadelAccessKey))
+	if err != nil {
+		log.Println("zitadel sdk could not initialize", "error", err)
+		os.Exit(1)
+	}
+
+	// Initialize the HTTP middleware by providing the authorization
+	mw := middleware.New(authZ)
+
 	router.GET("/health", hc.HealthCheckHandler())
+	router.GET("/auth", auth(mw))
 
 	server := utilities.SetupHttpsServer(router, *cert, *key, *httpsPort, *httpPort, requestTimeout)