diff --git a/go.mod b/go.mod index fe11be86..9dcb7446 100644 --- a/go.mod +++ b/go.mod @@ -18,21 +18,24 @@ require ( github.com/spf13/afero v1.14.0 github.com/stretchr/objx v0.5.2 // indirect github.com/stretchr/testify v1.10.0 - golang.org/x/net v0.35.0 // indirect + golang.org/x/net v0.37.0 // indirect golang.org/x/sys v0.31.0 // indirect gopkg.in/yaml.v3 v3.0.1 ) require ( github.com/PuerkitoBio/goquery v1.10.2 + github.com/coreos/go-oidc/v3 v3.13.0 github.com/go-chi/chi/v5 v5.2.1 github.com/go-chi/jwtauth/v5 v5.3.3 + github.com/gorilla/websocket v1.5.3 github.com/puzpuzpuz/xsync/v3 v3.5.1 github.com/rs/zerolog v1.34.0 github.com/samber/lo v1.49.1 github.com/wk8/go-ordered-map/v2 v2.1.8 github.com/yuin/goldmark v1.7.8 golang.org/x/crypto v0.36.0 + golang.org/x/oauth2 v0.28.0 golang.org/x/sync v0.12.0 google.golang.org/grpc v1.71.0 google.golang.org/protobuf v1.36.6 @@ -55,6 +58,7 @@ require ( github.com/emicklei/go-restful/v3 v3.12.1 // indirect github.com/felixge/httpsnoop v1.0.4 // indirect github.com/fxamacker/cbor/v2 v2.7.0 // indirect + github.com/go-jose/go-jose/v4 v4.0.5 // indirect github.com/go-logr/logr v1.4.2 // indirect github.com/go-logr/stdr v1.2.2 // indirect github.com/go-openapi/jsonpointer v0.21.0 // indirect @@ -66,7 +70,6 @@ require ( github.com/google/go-cmp v0.6.0 // indirect github.com/google/gofuzz v1.2.0 // indirect github.com/google/uuid v1.6.0 // indirect - github.com/gorilla/websocket v1.5.3 // indirect github.com/josharian/intern v1.0.0 // indirect github.com/json-iterator/go v1.1.12 // indirect github.com/lestrrat-go/blackmagic v1.0.2 // indirect @@ -93,7 +96,6 @@ require ( go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.22.0 // indirect go.opentelemetry.io/otel/metric v1.34.0 // indirect go.opentelemetry.io/otel/trace v1.34.0 // indirect - golang.org/x/oauth2 v0.26.0 // indirect golang.org/x/term v0.30.0 // indirect golang.org/x/text v0.23.0 // indirect golang.org/x/time v0.10.0 // indirect diff --git a/go.sum b/go.sum index 46de12e0..f6bcefeb 100644 --- a/go.sum +++ b/go.sum @@ -20,6 +20,8 @@ github.com/cenkalti/backoff/v4 v4.3.0 h1:MyRJ/UdXutAwSAT+s3wNd7MfTIcy71VQueUuFK3 github.com/cenkalti/backoff/v4 v4.3.0/go.mod h1:Y3VNntkOUPxTVeUxJ/G5vcM//AlwfmyYozVcomhLiZE= github.com/containerd/log v0.1.0 h1:TCJt7ioM2cr/tfR8GPbGf9/VRAX8D2B4PjzCpfX540I= github.com/containerd/log v0.1.0/go.mod h1:VRRf09a7mHDIRezVKTRCrOq78v577GXq3bSa3EhrzVo= +github.com/coreos/go-oidc/v3 v3.13.0 h1:M66zd0pcc5VxvBNM4pB331Wrsanby+QomQYjN8HamW8= +github.com/coreos/go-oidc/v3 v3.13.0/go.mod h1:HaZ3szPaZ0e4r6ebqvsLWlk2Tn+aejfmrfah6hnSYEU= github.com/coreos/go-systemd/v22 v22.5.0/go.mod h1:Y58oyj3AT4RCenI/lSvhwexgC+NSVTIJ3seZv2GcEnc= github.com/creack/pty v1.1.11/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E= github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= @@ -30,12 +32,6 @@ github.com/decred/dcrd/dcrec/secp256k1/v4 v4.4.0 h1:NMZiJj8QnKe1LgsbDayM4UoHwbvw github.com/decred/dcrd/dcrec/secp256k1/v4 v4.4.0/go.mod h1:ZXNYxsqcloTdSy/rNShjYzMhyjf0LaoftYK0p+A3h40= github.com/distribution/reference v0.6.0 h1:0IXCQ5g4/QMHHkarYzh5l+u8T3t73zM5QvfrDyIgxBk= github.com/distribution/reference v0.6.0/go.mod h1:BbU0aIcezP1/5jX/8MP0YiH4SdvB5Y4f/wlDRiLyi3E= -github.com/docker/docker v28.0.0+incompatible h1:Olh0KS820sJ7nPsBKChVhk5pzqcwDR15fumfAd/p9hM= -github.com/docker/docker v28.0.0+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk= -github.com/docker/docker v28.0.1+incompatible h1:FCHjSRdXhNRFjlHMTv4jUNlIBbTeRjrWfeFuJp7jpo0= -github.com/docker/docker v28.0.1+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk= -github.com/docker/docker v28.0.2+incompatible h1:9BILleFwug5FSSqWBgVevgL3ewDJfWWWyZVqlDMttE8= -github.com/docker/docker v28.0.2+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk= github.com/docker/docker v28.0.4+incompatible h1:JNNkBctYKurkw6FrHfKqY0nKIDf5nrbxjVBtS+cdcok= github.com/docker/docker v28.0.4+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk= github.com/docker/go-connections v0.5.0 h1:USnMq7hx7gwdVZq1L49hLXaFtUdTADjXGp+uj1Br63c= @@ -52,10 +48,10 @@ github.com/fxamacker/cbor/v2 v2.7.0 h1:iM5WgngdRBanHcxugY4JySA0nk1wZorNOpTgCMedv github.com/fxamacker/cbor/v2 v2.7.0/go.mod h1:pxXPTn3joSm21Gbwsv0w9OSA2y1HFR9qXEeXQVeNoDQ= github.com/go-chi/chi/v5 v5.2.1 h1:KOIHODQj58PmL80G2Eak4WdvUzjSJSm0vG72crDCqb8= github.com/go-chi/chi/v5 v5.2.1/go.mod h1:L2yAIGWB3H+phAw1NxKwWM+7eUH/lU8pOMm5hHcoops= -github.com/go-chi/jwtauth/v5 v5.3.2 h1:s+ON3ATyyMs3Me0kqyuua6Rwu+2zqIIkL0GCaMarwvs= -github.com/go-chi/jwtauth/v5 v5.3.2/go.mod h1:O4QvPRuZLZghl9WvfVaON+ARfGzpD2PBX/QY5vUz7aQ= github.com/go-chi/jwtauth/v5 v5.3.3 h1:50Uzmacu35/ZP9ER2Ht6SazwPsnLQ9LRJy6zTZJpHEo= github.com/go-chi/jwtauth/v5 v5.3.3/go.mod h1:O4QvPRuZLZghl9WvfVaON+ARfGzpD2PBX/QY5vUz7aQ= +github.com/go-jose/go-jose/v4 v4.0.5 h1:M6T8+mKZl/+fNNuFHvGIzDz7BTLQPIounk/b9dw3AaE= +github.com/go-jose/go-jose/v4 v4.0.5/go.mod h1:s3P1lRrkT8igV8D9OjyL4WRyHvjB6a4JSllnOrmmBOA= github.com/go-logr/logr v1.2.2/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A= github.com/go-logr/logr v1.4.2 h1:6pFjapn8bFcIbiKo3XT4j/BhANplGihG6tvd+8rYgrY= github.com/go-logr/logr v1.4.2/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY= @@ -161,10 +157,7 @@ github.com/puzpuzpuz/xsync/v3 v3.5.1 h1:GJYJZwO6IdxN/IKbneznS6yPkVC+c3zyY/j19c++ github.com/puzpuzpuz/xsync/v3 v3.5.1/go.mod h1:VjzYrABPabuM4KyBh1Ftq6u8nhwY5tBPKP9jpmh0nnA= github.com/rogpeppe/go-internal v1.13.1 h1:KvO1DLK/DRN07sQ1LQKScxyZJuNnedQ5/wKSR38lUII= github.com/rogpeppe/go-internal v1.13.1/go.mod h1:uMEvuHeurkdAXX61udpOXGD/AzZDWNMNyH2VO9fmH0o= -github.com/rs/xid v1.5.0/go.mod h1:trrq9SKmegXys3aeAKXMUTdJsYXVwGY3RLcfgqegfbg= github.com/rs/xid v1.6.0/go.mod h1:7XoLgs4eV+QndskICGsho+ADou8ySMSjJKDIan90Nz0= -github.com/rs/zerolog v1.33.0 h1:1cU2KZkvPxNyfgEmhHAz/1A9Bz+llsdYzklWFzgp0r8= -github.com/rs/zerolog v1.33.0/go.mod h1:/7mN4D5sKwJLZQ2b/znpjC3/GQWY/xaDXUM0kKWRHss= github.com/rs/zerolog v1.34.0 h1:k43nTLIwcTVQAncfCw4KZ2VY6ukYoZaBPNOE8txlOeY= github.com/rs/zerolog v1.34.0/go.mod h1:bJsvje4Z08ROH4Nhs5iH600c3IkWhwp44iRc54W6wYQ= github.com/samber/lo v1.49.1 h1:4BIFyVfuQSEpluc7Fua+j1NolZHiEHEpaSEKdsH0tew= @@ -175,8 +168,6 @@ github.com/sergi/go-diff v1.3.1 h1:xkr+Oxo4BOQKmkn/B9eMK0g5Kg/983T9DqqPHwYqD+8= github.com/sergi/go-diff v1.3.1/go.mod h1:aMJSSKb2lpPvRNec0+w3fl7LP9IOFzdc9Pa4NFbPK1I= github.com/sirupsen/logrus v1.9.3 h1:dueUQJ1C2q9oE3F7wvmSGAaVtTmUizReu6fjN8uqzbQ= github.com/sirupsen/logrus v1.9.3/go.mod h1:naHLuLoDiP4jHNo9R0sCBMtWGeIprob74mVsIT4qYEQ= -github.com/spf13/afero v1.12.0 h1:UcOPyRBYczmFn6yvphxkn9ZEOY65cpwGKb5mL36mrqs= -github.com/spf13/afero v1.12.0/go.mod h1:ZTlWwG4/ahT8W7T0WQ5uYmjI9duaLQGy3Q2OAl4sk/4= github.com/spf13/afero v1.14.0 h1:9tH6MapGnn/j0eb0yIXiLjERO8RB6xIVZRDCX7PtqWA= github.com/spf13/afero v1.14.0/go.mod h1:acJQ8t0ohCGuMN3O+Pv0V0hgMxNYDlvdk+VTfyZmbYo= github.com/spf13/pflag v1.0.3/go.mod h1:DYY7MBk1bdzusC3SYhjObp+wFpr4gzcvqqNjLnInEg4= @@ -213,10 +204,10 @@ go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.22.0 h1:FyjCy go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.22.0/go.mod h1:hYwym2nDEeZfG/motx0p7L7J1N1vyzIThemQsb4g2qY= go.opentelemetry.io/otel/metric v1.34.0 h1:+eTR3U0MyfWjRDhmFMxe2SsW64QrZ84AOhvqS7Y+PoQ= go.opentelemetry.io/otel/metric v1.34.0/go.mod h1:CEDrp0fy2D0MvkXE+dPV7cMi8tWZwX3dmaIhwPOaqHE= -go.opentelemetry.io/otel/sdk v1.32.0 h1:RNxepc9vK59A8XsgZQouW8ue8Gkb4jpWtJm9ge5lEG4= -go.opentelemetry.io/otel/sdk v1.32.0/go.mod h1:LqgegDBjKMmb2GC6/PrTnteJG39I8/vJCAP9LlJXEjU= -go.opentelemetry.io/otel/sdk/metric v1.32.0 h1:rZvFnvmvawYb0alrYkjraqJq0Z4ZUJAiyYCU9snn1CU= -go.opentelemetry.io/otel/sdk/metric v1.32.0/go.mod h1:PWeZlq0zt9YkYAp3gjKZ0eicRYvOh1Gd+X99x6GHpCQ= +go.opentelemetry.io/otel/sdk v1.34.0 h1:95zS4k/2GOy069d321O8jWgYsW3MzVV+KuSPKp7Wr1A= +go.opentelemetry.io/otel/sdk v1.34.0/go.mod h1:0e/pNiaMAqaykJGKbi+tSjWfNNHMTxoC9qANsCzbyxU= +go.opentelemetry.io/otel/sdk/metric v1.34.0 h1:5CeK9ujjbFVL5c1PhLuStg1wxA7vQv7ce1EK0Gyvahk= +go.opentelemetry.io/otel/sdk/metric v1.34.0/go.mod h1:jQ/r8Ze28zRKoNRdkjCZxfs6YvBTG1+YIqyFVFYec5w= go.opentelemetry.io/otel/trace v1.34.0 h1:+ouXS2V8Rd4hp4580a8q23bg0azF2nI8cqLYnC8mh/k= go.opentelemetry.io/otel/trace v1.34.0/go.mod h1:Svm7lSjQD7kG7KJ/MUHPVXSDGz2OX4h0M2jHBhmSfRE= go.opentelemetry.io/proto/otlp v1.0.0 h1:T0TX0tmXU8a3CbNXzEKGeU5mIVOdf0oykP+u2lIVU/I= @@ -229,12 +220,6 @@ golang.org/x/crypto v0.13.0/go.mod h1:y6Z2r+Rw4iayiXXAIxJIDAJ1zMW4yaTpebo8fPOliY golang.org/x/crypto v0.19.0/go.mod h1:Iy9bg/ha4yyC70EfRS8jz+B6ybOBKMaSxLj6P6oBDfU= golang.org/x/crypto v0.23.0/go.mod h1:CKFgDieR+mRhux2Lsu27y0fO304Db0wZe70UKqHu0v8= golang.org/x/crypto v0.31.0/go.mod h1:kDsLvtWBEx7MV9tJOj9bnXsPbxwJQ6csT/x4KIN4Ssk= -golang.org/x/crypto v0.33.0 h1:IOBPskki6Lysi0lo9qQvbxiQ+FvsCC/YWOecCHAixus= -golang.org/x/crypto v0.33.0/go.mod h1:bVdXmD7IV/4GdElGPozy6U7lWdRXA4qyRVGJV57uQ5M= -golang.org/x/crypto v0.34.0 h1:+/C6tk6rf/+t5DhUketUbD1aNGqiSX3j15Z6xuIDlBA= -golang.org/x/crypto v0.34.0/go.mod h1:dy7dXNW32cAb/6/PRuTNsix8T+vJAqvuIy5Bli/x0YQ= -golang.org/x/crypto v0.35.0 h1:b15kiHdrGCHrP6LvwaQ3c03kgNhhiMgvlhxHQhmg2Xs= -golang.org/x/crypto v0.35.0/go.mod h1:dy7dXNW32cAb/6/PRuTNsix8T+vJAqvuIy5Bli/x0YQ= golang.org/x/crypto v0.36.0 h1:AnAEvhDddvBdpY+uR+MyHmuZzzNqXSe/GvuDeob5L34= golang.org/x/crypto v0.36.0/go.mod h1:Y4J0ReaxCR1IMaabaSMugxJES1EpwhBHhv2bDHklZvc= golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= @@ -257,10 +242,10 @@ golang.org/x/net v0.15.0/go.mod h1:idbUs1IY1+zTqbi8yxTbhexhEEk5ur9LInksu6HrEpk= golang.org/x/net v0.21.0/go.mod h1:bIjVDfnllIU7BJ2DNgfnXvpSvtn8VRwhlsaeUTyUS44= golang.org/x/net v0.25.0/go.mod h1:JkAGAh7GEvH74S6FOH42FLoXpXbE/aqXSrIQjXgsiwM= golang.org/x/net v0.33.0/go.mod h1:HXLR5J+9DxmrqMwG9qjGCxZ+zKXxBru04zlTvWlWuN4= -golang.org/x/net v0.35.0 h1:T5GQRQb2y08kTAByq9L4/bz8cipCdA8FbRTXewonqY8= -golang.org/x/net v0.35.0/go.mod h1:EglIi67kWsHKlRzzVMUD93VMSWGFOMSZgxFjparz1Qk= -golang.org/x/oauth2 v0.26.0 h1:afQXWNNaeC4nvZ0Ed9XvCCzXM6UHJG7iCg0W4fPqSBE= -golang.org/x/oauth2 v0.26.0/go.mod h1:XYTD2NtWslqkgxebSiOHnXEap4TF09sJSc7H1sXbhtI= +golang.org/x/net v0.37.0 h1:1zLorHbz+LYj7MQlSf1+2tPIIgibq2eL5xkrGk6f+2c= +golang.org/x/net v0.37.0/go.mod h1:ivrbrMbzFq5J41QOQh0siUuly180yBYtLp+CKbEaFx8= +golang.org/x/oauth2 v0.28.0 h1:CrgCKl8PPAVtLnU3c+EDw6x11699EWlsDeWNWKdIOkc= +golang.org/x/oauth2 v0.28.0/go.mod h1:onh5ek6nERTohokkhCD/y2cV4Do3fxFHFuAejCkRWT8= golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= @@ -270,8 +255,6 @@ golang.org/x/sync v0.3.0/go.mod h1:FU7BRWz2tNW+3quACPkgCx/L+uEAv1htQ0V83Z9Rj+Y= golang.org/x/sync v0.6.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk= golang.org/x/sync v0.7.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk= golang.org/x/sync v0.10.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk= -golang.org/x/sync v0.11.0 h1:GGz8+XQP4FvTTrjZPzNKTMFtSXH80RAzG+5ghFPgK9w= -golang.org/x/sync v0.11.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk= golang.org/x/sync v0.12.0 h1:MHc5BpPuC30uJk597Ri8TV3CNZcTLu6B6z4lJy+g6Jw= golang.org/x/sync v0.12.0/go.mod h1:1dzgHSNfp02xaA81J2MS99Qcpr2w7fw1gpm99rleRqA= golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= @@ -290,8 +273,6 @@ golang.org/x/sys v0.12.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.17.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/sys v0.20.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/sys v0.28.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= -golang.org/x/sys v0.30.0 h1:QjkSwP/36a20jFYWkSue1YwXzLmsV5Gfq7Eiy72C1uc= -golang.org/x/sys v0.30.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/sys v0.31.0 h1:ioabZlmFYtWhL+TRYpcnNlLwhyxaM9kWTDEmfnprqik= golang.org/x/sys v0.31.0/go.mod h1:BJP2sWEmIv4KK5OTEluFJCKSidICx8ciO85XgH3Ak8k= golang.org/x/telemetry v0.0.0-20240228155512-f48c80bd79b2/go.mod h1:TeRTkGYfJXctD9OcfyVLyj2J3IxLnKwHJR8f4D8a3YE= @@ -303,8 +284,6 @@ golang.org/x/term v0.12.0/go.mod h1:owVbMEjm3cBLCHdkQu9b1opXd4ETQWc3BhuQGKgXgvU= golang.org/x/term v0.17.0/go.mod h1:lLRBjIVuehSbZlaOtGMbcMncT+aqLLLmKrsjNrUguwk= golang.org/x/term v0.20.0/go.mod h1:8UkIAJTvZgivsXaD6/pH6U9ecQzZ45awqEOzuCvwpFY= golang.org/x/term v0.27.0/go.mod h1:iMsnZpn0cago0GOrHO2+Y7u7JPn5AylBrcoWkElMTSM= -golang.org/x/term v0.29.0 h1:L6pJp37ocefwRRtYPKSWOWzOtWSxVajvz2ldH/xi3iU= -golang.org/x/term v0.29.0/go.mod h1:6bl4lRlvVuDgSf3179VpIxBF0o10JUpXWOnI7nErv7s= golang.org/x/term v0.30.0 h1:PQ39fJZ+mfadBm0y5WlL4vlM7Sx1Hgf13sMIY2+QS9Y= golang.org/x/term v0.30.0/go.mod h1:NYYFdzHoI5wRh/h5tDMdMqCqPJZEuNqVR5xJLd/n67g= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= @@ -316,8 +295,6 @@ golang.org/x/text v0.13.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE= golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU= golang.org/x/text v0.15.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU= golang.org/x/text v0.21.0/go.mod h1:4IBbMaMmOPCJ8SecivzSH54+73PCFmPWxNTLm+vZkEQ= -golang.org/x/text v0.22.0 h1:bofq7m3/HAFvbF51jz3Q9wLg3jkvSPuiZu/pD1XwgtM= -golang.org/x/text v0.22.0/go.mod h1:YRoo4H8PVmsu+E3Ou7cqLVH8oXWIHVoX0jqUWALQhfY= golang.org/x/text v0.23.0 h1:D71I7dUrlY+VX0gQShAThNGHFxZ13dGLBHQLVl1mJlY= golang.org/x/text v0.23.0/go.mod h1:/BLNzu4aZCJ1+kcD0DNRotWKage4q2rGVAg4o22unh4= golang.org/x/time v0.10.0 h1:3usCWA8tQn0L8+hFJQNgzpWbd89begxN66o1Ojdn5L4= @@ -337,17 +314,12 @@ golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8T golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= -google.golang.org/genproto v0.0.0-20241118233622-e639e219e697 h1:ToEetK57OidYuqD4Q5w+vfEnPvPpuTwedCNVohYJfNk= -google.golang.org/genproto/googleapis/api v0.0.0-20241209162323-e6fa225c2576 h1:CkkIfIt50+lT6NHAVoRYEyAvQGFM7xEwXUUywFvEb3Q= -google.golang.org/genproto/googleapis/api v0.0.0-20241209162323-e6fa225c2576/go.mod h1:1R3kvZ1dtP3+4p4d3G8uJ8rFk/fWlScl38vanWACI08= +google.golang.org/genproto/googleapis/api v0.0.0-20250106144421-5f5ef82da422 h1:GVIKPyP/kLIyVOgOnTwFOrvQaQUzOzGMCxgFUOEmm24= +google.golang.org/genproto/googleapis/api v0.0.0-20250106144421-5f5ef82da422/go.mod h1:b6h1vNKhxaSoEI+5jc3PJUCustfli/mRab7295pY7rw= google.golang.org/genproto/googleapis/rpc v0.0.0-20250219182151-9fdb1cabc7b2 h1:DMTIbak9GhdaSxEjvVzAeNZvyc03I61duqNbnm3SU0M= google.golang.org/genproto/googleapis/rpc v0.0.0-20250219182151-9fdb1cabc7b2/go.mod h1:LuRYeWDFV6WOn90g357N17oMCaxpgCnbi/44qJvDn2I= -google.golang.org/grpc v1.70.0 h1:pWFv03aZoHzlRKHWicjsZytKAiYCtNS0dHbXnIdq7jQ= -google.golang.org/grpc v1.70.0/go.mod h1:ofIJqVKDXx/JiXrwr2IG4/zwdH9txy3IlF40RmcJSQw= google.golang.org/grpc v1.71.0 h1:kF77BGdPTQ4/JZWMlb9VpJ5pa25aqvVqogsxNHHdeBg= google.golang.org/grpc v1.71.0/go.mod h1:H0GRtasmQOh9LkFoCPDu3ZrwUtD1YGE+b2vYBYd/8Ec= -google.golang.org/protobuf v1.36.5 h1:tPhr+woSbjfYvY6/GPufUoYizxw1cF/yFoxJ2fmpwlM= -google.golang.org/protobuf v1.36.5/go.mod h1:9fA7Ob0pmnwhb644+1+CVWFRbNajQ6iRojtC/QF5bRE= google.golang.org/protobuf v1.36.6 h1:z1NpPI8ku2WgiWnf+t9wTPsn6eP1L7ksHUlkfLvd9xY= google.golang.org/protobuf v1.36.6/go.mod h1:jduwjTPXsFjZGTmRluh+L6NjiWu7pchiJ2/5YcXBHnY= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= @@ -366,24 +338,16 @@ gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= gotest.tools/v3 v3.0.2/go.mod h1:3SzNCllyD9/Y+b5r9JIKQ474KzkZyqLqEfYqMsX94Bk= gotest.tools/v3 v3.0.3 h1:4AuOwCGf4lLR9u3YOe2awrHygurzhO/HeQ6laiA6Sx0= gotest.tools/v3 v3.0.3/go.mod h1:Z7Lb0S5l+klDB31fvDQX8ss/FlKDxtlFlw3Oa8Ymbl8= -k8s.io/api v0.32.2 h1:bZrMLEkgizC24G9eViHGOPbW+aRo9duEISRIJKfdJuw= -k8s.io/api v0.32.2/go.mod h1:hKlhk4x1sJyYnHENsrdCWw31FEmCijNGPJO5WzHiJ6Y= k8s.io/api v0.32.3 h1:Hw7KqxRusq+6QSplE3NYG4MBxZw1BZnq4aP4cJVINls= k8s.io/api v0.32.3/go.mod h1:2wEDTXADtm/HA7CCMD8D8bK4yuBUptzaRhYcYEEYA3k= -k8s.io/apimachinery v0.32.2 h1:yoQBR9ZGkA6Rgmhbp/yuT9/g+4lxtsGYwW6dR6BDPLQ= -k8s.io/apimachinery v0.32.2/go.mod h1:GpHVgxoKlTxClKcteaeuF1Ul/lDVb74KpZcxcmLDElE= k8s.io/apimachinery v0.32.3 h1:JmDuDarhDmA/Li7j3aPrwhpNBA94Nvk5zLeOge9HH1U= k8s.io/apimachinery v0.32.3/go.mod h1:GpHVgxoKlTxClKcteaeuF1Ul/lDVb74KpZcxcmLDElE= -k8s.io/client-go v0.32.2 h1:4dYCD4Nz+9RApM2b/3BtVvBHw54QjMFUl1OLcJG5yOA= -k8s.io/client-go v0.32.2/go.mod h1:fpZ4oJXclZ3r2nDOv+Ux3XcJutfrwjKTCHz2H3sww94= k8s.io/client-go v0.32.3 h1:RKPVltzopkSgHS7aS98QdscAgtgah/+zmpAogooIqVU= k8s.io/client-go v0.32.3/go.mod h1:3v0+3k4IcT9bXTc4V2rt+d2ZPPG700Xy6Oi0Gdl2PaY= k8s.io/klog/v2 v2.130.1 h1:n9Xl7H1Xvksem4KFG4PYbdQCQxqc/tTUyrgXaOhHSzk= k8s.io/klog/v2 v2.130.1/go.mod h1:3Jpz1GvMt720eyJH1ckRHK1EDfpxISzJ7I9OYgaDtPE= k8s.io/kube-openapi v0.0.0-20241212222426-2c72e554b1e7 h1:hcha5B1kVACrLujCKLbr8XWMxCxzQx42DY8QKYJrDLg= k8s.io/kube-openapi v0.0.0-20241212222426-2c72e554b1e7/go.mod h1:GewRfANuJ70iYzvn+i4lezLDAFzvjxZYK1gn1lWcfas= -k8s.io/metrics v0.32.2 h1:7t/rZzTHFrGa9f94XcgLlm3ToAuJtdlHANcJEHlYl9g= -k8s.io/metrics v0.32.2/go.mod h1:VL3nJpzcgB6L5nSljkkzoE0nilZhVgcjCfNRgoylaIQ= k8s.io/metrics v0.32.3 h1:2vsBvw0v8rIIlczZ/lZ8Kcqk9tR6Fks9h+dtFNbc2a4= k8s.io/metrics v0.32.3/go.mod h1:9R1Wk5cb+qJpCQon9h52mgkVCcFeYxcY+YkumfwHVCU= k8s.io/utils v0.0.0-20241210054802-24370beab758 h1:sdbE21q2nlQtFh65saZY+rRM6x6aJJI8IUa1AmH/qa0= diff --git a/internal/auth/openid.go b/internal/auth/openid.go new file mode 100644 index 00000000..57236fde --- /dev/null +++ b/internal/auth/openid.go @@ -0,0 +1,60 @@ +package auth + +import ( + "context" + "fmt" + "net/http" + + "github.com/coreos/go-oidc/v3/oidc" + "golang.org/x/oauth2" +) + +type OpenID struct { + provider *oidc.Provider +} + +func NewOpenID(ctx context.Context, issuer string) (*OpenID, error) { + provider, err := oidc.NewProvider(ctx, issuer) + if err != nil { + return nil, fmt.Errorf("failed to create provider: %w", err) + } + + return &OpenID{ + provider: provider, + }, nil +} + +func (o *OpenID) CreateToken(ctx context.Context, claims map[string]interface{}) (*oidc.IDToken, error) { + config := oauth2.Config{ + ClientID: clientID, + ClientSecret: clientSecret, + Endpoint: provider.Endpoint(), + RedirectURL: "http://127.0.0.1:5556/auth/google/callback", + Scopes: []string{oidc.ScopeOpenID, "profile", "email"}, + } + token, err := o.provider.NewIDToken(ctx, claims) + if err != nil { + return nil, fmt.Errorf("failed to create token: %w", err) + } + + return token, nil +} + +func (o *OpenID) AuthMiddleware(next http.Handler) http.Handler { + return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { + token, err := o.Verify(r.Context(), r) + if err != nil { + http.Error(w, err.Error(), http.StatusUnauthorized) + return + } + + userInfo, err := o.UserInfo(r.Context(), token) + if err != nil { + http.Error(w, err.Error(), http.StatusUnauthorized) + return + } + + ctx := context.WithValue(r.Context(), "user", userInfo) + next.ServeHTTP(w, r.WithContext(ctx)) + }) +} diff --git a/internal/web/actions.go b/internal/web/actions.go index df417f32..368d18a3 100644 --- a/internal/web/actions.go +++ b/internal/web/actions.go @@ -14,7 +14,7 @@ func (h *handler) containerActions(w http.ResponseWriter, r *http.Request) { id := chi.URLParam(r, "id") userLabels := h.config.Labels - if h.config.Authorization.Provider != NONE { + if h.config.Authorization.Provider != None { user := auth.UserFromContext(r.Context()) if user.ContainerLabels.Exists() { userLabels = user.ContainerLabels diff --git a/internal/web/actions_test.go b/internal/web/actions_test.go index 475847a5..cfaa784b 100644 --- a/internal/web/actions_test.go +++ b/internal/web/actions_test.go @@ -34,7 +34,7 @@ func mockedClient() *MockedClient { func Test_handler_containerActions_stop(t *testing.T) { mockedClient := mockedClient() - handler := createHandler(mockedClient, nil, Config{Base: "/", EnableActions: true, Authorization: Authorization{Provider: NONE}}) + handler := createHandler(mockedClient, nil, Config{Base: "/", EnableActions: true, Authorization: Authorization{Provider: None}}) req, err := http.NewRequest("POST", "/api/hosts/localhost/containers/123/actions/stop", nil) require.NoError(t, err, "Request should not return an error.") @@ -46,7 +46,7 @@ func Test_handler_containerActions_stop(t *testing.T) { func Test_handler_containerActions_restart(t *testing.T) { mockedClient := mockedClient() - handler := createHandler(mockedClient, nil, Config{Base: "/", EnableActions: true, Authorization: Authorization{Provider: NONE}}) + handler := createHandler(mockedClient, nil, Config{Base: "/", EnableActions: true, Authorization: Authorization{Provider: None}}) req, err := http.NewRequest("POST", "/api/hosts/localhost/containers/123/actions/restart", nil) require.NoError(t, err, "Request should not return an error.") @@ -58,7 +58,7 @@ func Test_handler_containerActions_restart(t *testing.T) { func Test_handler_containerActions_unknown_action(t *testing.T) { mockedClient := mockedClient() - handler := createHandler(mockedClient, nil, Config{Base: "/", EnableActions: true, Authorization: Authorization{Provider: NONE}}) + handler := createHandler(mockedClient, nil, Config{Base: "/", EnableActions: true, Authorization: Authorization{Provider: None}}) req, err := http.NewRequest("POST", "/api/hosts/localhost/containers/123/actions/something-else", nil) require.NoError(t, err, "Request should not return an error.") @@ -70,7 +70,7 @@ func Test_handler_containerActions_unknown_action(t *testing.T) { func Test_handler_containerActions_unknown_container(t *testing.T) { mockedClient := mockedClient() - handler := createHandler(mockedClient, nil, Config{Base: "/", EnableActions: true, Authorization: Authorization{Provider: NONE}}) + handler := createHandler(mockedClient, nil, Config{Base: "/", EnableActions: true, Authorization: Authorization{Provider: None}}) req, err := http.NewRequest("POST", "/api/hosts/localhost/containers/456/actions/start", nil) require.NoError(t, err, "Request should not return an error.") @@ -82,7 +82,7 @@ func Test_handler_containerActions_unknown_container(t *testing.T) { func Test_handler_containerActions_start(t *testing.T) { mockedClient := mockedClient() - handler := createHandler(mockedClient, nil, Config{Base: "/", EnableActions: true, Authorization: Authorization{Provider: NONE}}) + handler := createHandler(mockedClient, nil, Config{Base: "/", EnableActions: true, Authorization: Authorization{Provider: None}}) req, err := http.NewRequest("POST", "/api/hosts/localhost/containers/123/actions/start", nil) require.NoError(t, err, "Request should not return an error.") diff --git a/internal/web/auth_proxy_test.go b/internal/web/auth_proxy_test.go index cfe86b9a..d4aa255a 100644 --- a/internal/web/auth_proxy_test.go +++ b/internal/web/auth_proxy_test.go @@ -19,7 +19,7 @@ func Test_createRoutes_proxy_missing_headers(t *testing.T) { handler := createHandler(nil, afero.NewIOFS(fs), Config{Base: "/", Authorization: Authorization{ - Provider: FORWARD_PROXY, + Provider: ForwardProxy, Authorizer: auth.NewForwardProxyAuth("Remote-User", "Remote-Email", "Remote-Name", "Remote-Filter"), }, }) @@ -38,7 +38,7 @@ func Test_createRoutes_proxy_happy(t *testing.T) { handler := createHandler(nil, afero.NewIOFS(fs), Config{Base: "/", Authorization: Authorization{ - Provider: FORWARD_PROXY, + Provider: ForwardProxy, Authorizer: auth.NewForwardProxyAuth("Remote-User", "Remote-Email", "Remote-Name", "Remote-Filter"), }, }) diff --git a/internal/web/auth_simple_test.go b/internal/web/auth_simple_test.go index fa20a5f0..8f0fff23 100644 --- a/internal/web/auth_simple_test.go +++ b/internal/web/auth_simple_test.go @@ -25,7 +25,7 @@ func Test_createRoutes_simple_redirect(t *testing.T) { handler := createHandler(nil, afero.NewIOFS(fs), Config{Base: "/", Authorization: Authorization{ - Provider: SIMPLE, + Provider: Simple, Authorizer: auth.NewSimpleAuth(auth.UserDatabase{ Users: map[string]*auth.User{ "amir": { @@ -50,7 +50,7 @@ func Test_createRoutes_simple_valid_token(t *testing.T) { handler := createHandler(nil, afero.NewIOFS(fs), Config{Base: "/", Authorization: Authorization{ - Provider: SIMPLE, + Provider: Simple, Authorizer: auth.NewSimpleAuth(auth.UserDatabase{ Users: map[string]*auth.User{ "amir": { @@ -95,7 +95,7 @@ func Test_createRoutes_simple_bad_password(t *testing.T) { handler := createHandler(nil, afero.NewIOFS(fs), Config{Base: "/", Authorization: Authorization{ - Provider: SIMPLE, + Provider: Simple, Authorizer: auth.NewSimpleAuth(auth.UserDatabase{ Users: map[string]*auth.User{ "amir": { diff --git a/internal/web/auth_test.go b/internal/web/auth_test.go index 77f1a67f..9dbd8e9d 100644 --- a/internal/web/auth_test.go +++ b/internal/web/auth_test.go @@ -18,7 +18,7 @@ func Test_createRoutes_index(t *testing.T) { fs := afero.NewMemMapFs() require.NoError(t, afero.WriteFile(fs, "index.html", []byte("index page"), 0644), "WriteFile should have no error.") - handler := createHandler(nil, afero.NewIOFS(fs), Config{Base: "/", Authorization: Authorization{Provider: NONE}}) + handler := createHandler(nil, afero.NewIOFS(fs), Config{Base: "/", Authorization: Authorization{Provider: None}}) req, err := http.NewRequest("GET", "/", nil) require.NoError(t, err, "NewRequest should not return an error.") rr := httptest.NewRecorder() @@ -31,7 +31,7 @@ func Test_createRoutes_redirect(t *testing.T) { fs := afero.NewMemMapFs() require.NoError(t, afero.WriteFile(fs, "index.html", []byte("index page"), 0644), "WriteFile should have no error.") - handler := createHandler(nil, afero.NewIOFS(fs), Config{Base: "/foobar", Authorization: Authorization{Provider: NONE}}) + handler := createHandler(nil, afero.NewIOFS(fs), Config{Base: "/foobar", Authorization: Authorization{Provider: None}}) req, err := http.NewRequest("GET", "/foobar", nil) require.NoError(t, err, "NewRequest should not return an error.") rr := httptest.NewRecorder() @@ -44,7 +44,7 @@ func Test_createRoutes_foobar(t *testing.T) { fs := afero.NewMemMapFs() require.NoError(t, afero.WriteFile(fs, "index.html", []byte("foo page"), 0644), "WriteFile should have no error.") - handler := createHandler(nil, afero.NewIOFS(fs), Config{Base: "/foobar", Authorization: Authorization{Provider: NONE}}) + handler := createHandler(nil, afero.NewIOFS(fs), Config{Base: "/foobar", Authorization: Authorization{Provider: None}}) req, err := http.NewRequest("GET", "/foobar/", nil) require.NoError(t, err, "NewRequest should not return an error.") rr := httptest.NewRecorder() @@ -58,7 +58,7 @@ func Test_createRoutes_foobar_file(t *testing.T) { require.NoError(t, afero.WriteFile(fs, "index.html", []byte("index page"), 0644), "WriteFile should have no error.") require.NoError(t, afero.WriteFile(fs, "test", []byte("test page"), 0644), "WriteFile should have no error.") - handler := createHandler(nil, afero.NewIOFS(fs), Config{Base: "/foobar", Authorization: Authorization{Provider: NONE}}) + handler := createHandler(nil, afero.NewIOFS(fs), Config{Base: "/foobar", Authorization: Authorization{Provider: None}}) req, err := http.NewRequest("GET", "/foobar/test", nil) require.NoError(t, err, "NewRequest should not return an error.") rr := httptest.NewRecorder() @@ -70,7 +70,7 @@ func Test_createRoutes_foobar_file(t *testing.T) { func Test_createRoutes_version(t *testing.T) { fs := afero.NewMemMapFs() require.NoError(t, afero.WriteFile(fs, "index.html", []byte("index page"), 0644), "WriteFile should have no error.") - handler := createHandler(nil, afero.NewIOFS(fs), Config{Base: "/", Version: "dev", Authorization: Authorization{Provider: NONE}}) + handler := createHandler(nil, afero.NewIOFS(fs), Config{Base: "/", Version: "dev", Authorization: Authorization{Provider: None}}) req, err := http.NewRequest("GET", "/api/version", nil) require.NoError(t, err, "NewRequest should not return an error.") rr := httptest.NewRecorder() diff --git a/internal/web/download.go b/internal/web/download.go index 7a86b5d2..f2b8d28c 100644 --- a/internal/web/download.go +++ b/internal/web/download.go @@ -23,7 +23,7 @@ func (h *handler) downloadLogs(w http.ResponseWriter, r *http.Request) { } userLabels := h.config.Labels - if h.config.Authorization.Provider != NONE { + if h.config.Authorization.Provider != None { user := auth.UserFromContext(r.Context()) if user.ContainerLabels.Exists() { userLabels = user.ContainerLabels diff --git a/internal/web/events.go b/internal/web/events.go index 6f0754a6..b8488e4b 100644 --- a/internal/web/events.go +++ b/internal/web/events.go @@ -28,7 +28,7 @@ func (h *handler) streamEvents(w http.ResponseWriter, r *http.Request) { h.hostService.SubscribeAvailableHosts(r.Context(), availableHosts) userLabels := h.config.Labels - if h.config.Authorization.Provider != NONE { + if h.config.Authorization.Provider != None { user := auth.UserFromContext(r.Context()) if user.ContainerLabels.Exists() { userLabels = user.ContainerLabels diff --git a/internal/web/events_test.go b/internal/web/events_test.go index a32c1697..0700ff8d 100644 --- a/internal/web/events_test.go +++ b/internal/web/events_test.go @@ -57,7 +57,7 @@ func Test_handler_streamEvents_happy(t *testing.T) { manager := docker_support.NewRetriableClientManager(nil, 3*time.Second, tls.Certificate{}, docker_support.NewDockerClientService(mockedClient, container.ContainerLabels{})) multiHostService := docker_support.NewMultiHostService(manager, 3*time.Second) - server := CreateServer(multiHostService, nil, Config{Base: "/", Authorization: Authorization{Provider: NONE}}) + server := CreateServer(multiHostService, nil, Config{Base: "/", Authorization: Authorization{Provider: None}}) handler := server.Handler rr := httptest.NewRecorder() diff --git a/internal/web/index.go b/internal/web/index.go index 77ef2f10..f6d8d12c 100644 --- a/internal/web/index.go +++ b/internal/web/index.go @@ -54,7 +54,7 @@ func (h *handler) executeTemplate(w http.ResponseWriter, req *http.Request) { user := auth.UserFromContext(req.Context()) - if h.config.Authorization.Provider == NONE || user != nil { + if h.config.Authorization.Provider == None || user != nil { config["authProvider"] = h.config.Authorization.Provider config["version"] = h.config.Version config["hostname"] = h.config.Hostname @@ -69,7 +69,7 @@ func (h *handler) executeTemplate(w http.ResponseWriter, req *http.Request) { config["profile"] = struct{}{} } config["user"] = user - } else if h.config.Authorization.Provider == FORWARD_PROXY { + } else if h.config.Authorization.Provider == ForwardProxy { log.Error().Msg("Unable to find remote user. Please check your proxy configuration. Expecting headers Remote-Email, Remote-User, Remote-Name.") log.Debug().Str("url", req.URL.String()).Msg("Dumping all headers for request") for k, v := range req.Header { @@ -77,7 +77,7 @@ func (h *handler) executeTemplate(w http.ResponseWriter, req *http.Request) { } http.Error(w, "Unauthorized user", http.StatusUnauthorized) return - } else if h.config.Authorization.Provider == SIMPLE && req.URL.Path != "login" { + } else if h.config.Authorization.Provider == Simple && req.URL.Path != "login" { log.Debug().Str("url", req.URL.String()).Msg("Redirecting to login page") http.Redirect(w, req, path.Clean(h.config.Base+"/login")+"?redirectUrl=/"+req.URL.String(), http.StatusTemporaryRedirect) return diff --git a/internal/web/logs.go b/internal/web/logs.go index 0032e711..744ef3de 100644 --- a/internal/web/logs.go +++ b/internal/web/logs.go @@ -49,7 +49,7 @@ func (h *handler) fetchLogsBetweenDates(w http.ResponseWriter, r *http.Request) } usersLabels := h.config.Labels - if h.config.Authorization.Provider != NONE { + if h.config.Authorization.Provider != None { user := auth.UserFromContext(r.Context()) if user.ContainerLabels.Exists() { usersLabels = user.ContainerLabels @@ -246,7 +246,7 @@ func (h *handler) streamLogsForContainers(w http.ResponseWriter, r *http.Request } userLabels := h.config.Labels - if h.config.Authorization.Provider != NONE { + if h.config.Authorization.Provider != None { user := auth.UserFromContext(r.Context()) if user.ContainerLabels.Exists() { userLabels = user.ContainerLabels diff --git a/internal/web/routes.go b/internal/web/routes.go index 8ce7b83c..c2ba5b0d 100644 --- a/internal/web/routes.go +++ b/internal/web/routes.go @@ -20,9 +20,10 @@ import ( type AuthProvider string const ( - NONE AuthProvider = "none" - SIMPLE AuthProvider = "simple" - FORWARD_PROXY AuthProvider = "forward-proxy" + None AuthProvider = "none" + Simple AuthProvider = "simple" + ForwardProxy AuthProvider = "forward-proxy" + OpenID AuthProvider = "openid" ) // Config is a struct for configuring the web service @@ -89,19 +90,19 @@ func createRouter(h *handler) *chi.Mux { r.Use(cspHeaders) } - if h.config.Authorization.Provider != NONE && h.config.Authorization.Authorizer == nil { + if h.config.Authorization.Provider != None && h.config.Authorization.Authorizer == nil { log.Fatal().Msg("Authorization provider is set but no authorizer is provided") } r.Route(base, func(r chi.Router) { - if h.config.Authorization.Provider != NONE { + if h.config.Authorization.Provider != None { r.Use(h.config.Authorization.Authorizer.AuthMiddleware) } r.Route("/api", func(r chi.Router) { // Authenticated routes r.Group(func(r chi.Router) { - if h.config.Authorization.Provider != NONE { + if h.config.Authorization.Provider != None { r.Use(auth.RequireAuthentication) } r.Get("/hosts/{host}/containers/{id}/logs/stream", h.streamContainerLogs) @@ -128,7 +129,7 @@ func createRouter(h *handler) *chi.Mux { }) // Public API routes - if h.config.Authorization.Provider == SIMPLE { + if h.config.Authorization.Provider == Simple { r.Post("/token", h.createToken) r.Delete("/token", h.deleteToken) } diff --git a/internal/web/routes_test.go b/internal/web/routes_test.go index b720c8e7..7acaa7e0 100644 --- a/internal/web/routes_test.go +++ b/internal/web/routes_test.go @@ -96,5 +96,5 @@ func createHandler(client container.Client, content fs.FS, config Config) *chi.M } func createDefaultHandler(client container.Client) *chi.Mux { - return createHandler(client, nil, Config{Base: "/", Authorization: Authorization{Provider: NONE}}) + return createHandler(client, nil, Config{Base: "/", Authorization: Authorization{Provider: None}}) } diff --git a/main.go b/main.go index a77a18b3..7c260f5b 100644 --- a/main.go +++ b/main.go @@ -132,15 +132,15 @@ func main() { func createServer(args cli.Args, hostService web.HostService) *http.Server { _, dev := os.LookupEnv("DEV") - var provider web.AuthProvider = web.NONE + var provider web.AuthProvider = web.None var authorizer web.Authorizer if args.AuthProvider == "forward-proxy" { log.Debug().Msg("Using forward proxy authentication") - provider = web.FORWARD_PROXY + provider = web.ForwardProxy authorizer = auth.NewForwardProxyAuth(args.AuthHeaderUser, args.AuthHeaderEmail, args.AuthHeaderName, args.AuthHeaderFilter) } else if args.AuthProvider == "simple" { log.Debug().Msg("Using simple authentication") - provider = web.SIMPLE + provider = web.Simple path, err := filepath.Abs("./data/users.yml") if err != nil {