fix cli token auth (#1406)

Author: motatoes

backend/middleware/basic.go

@@ -51,10 +51,23 @@ func HttpBasicApiAuth() gin.HandlerFunc {
 			return
 		}
 
-		if token == os.Getenv("BEARER_AUTH_TOKEN") {
+		if strings.HasPrefix(token, "cli:") {
+			if jobToken, err := CheckJobToken(c, token); err != nil {
+				c.String(http.StatusForbidden, err.Error())
+				c.Abort()
+				return
+			} else {
+				setDefaultOrganisationId(c)
+				c.Set(ACCESS_LEVEL_KEY, jobToken.Type)
+			}
+		} else if token == os.Getenv("BEARER_AUTH_TOKEN") {
 			setDefaultOrganisationId(c)
 			c.Set(ACCESS_LEVEL_KEY, models.AdminPolicyType)
 			c.Next()
+		} else {
+			c.String(http.StatusForbidden, "Invalid Bearer token")
+			c.Abort()
+			return
 		}
 		return
 	}

backend/middleware/jwt.go

@@ -10,7 +10,6 @@ import (
 	"net/http"
 	"os"
 	"strings"
-	"time"
 )
 
 func SetContextParameters(c *gin.Context, auth services.Auth, token *jwt.Token) error {
@@ -195,30 +194,14 @@ func JWTBearerTokenAuth(auth services.Auth) gin.HandlerFunc {
 		}
 
 		if strings.HasPrefix(token, "cli:") {
-			var dbToken models.Token
-
-			jobToken, err := models.DB.GetJobToken(token)
-			if jobToken == nil {
-				c.String(http.StatusForbidden, "Invalid bearer token")
-				c.Abort()
-				return
-			}
-
-			if time.Now().After(jobToken.Expiry) {
-				log.Printf("Token has already expired: %v", err)
-				c.String(http.StatusForbidden, "Token has expired")
-				c.Abort()
-				return
-			}
-
-			if err != nil {
-				log.Printf("Error while fetching token from database: %v", err)
-				c.String(http.StatusInternalServerError, "Error occurred while fetching database")
+			if jobToken, err := CheckJobToken(c, token); err != nil {
+				c.String(http.StatusForbidden, err.Error())
 				c.Abort()
 				return
+			} else {
+				c.Set(ORGANISATION_ID_KEY, jobToken.OrganisationID)
+				c.Set(ACCESS_LEVEL_KEY, jobToken.Type)
 			}
-			c.Set(ORGANISATION_ID_KEY, dbToken.OrganisationID)
-			c.Set(ACCESS_LEVEL_KEY, dbToken.Type)
 		} else if strings.HasPrefix(token, "t:") {
 			var dbToken models.Token
 

backend/middleware/middleware.go

@@ -1,11 +1,14 @@
 package middleware
 
 import (
+	"fmt"
+	"github.com/diggerhq/digger/backend/models"
 	"github.com/diggerhq/digger/backend/services"
 	"github.com/gin-gonic/gin"
 	"log"
 	"net/http"
 	"os"
+	"time"
 )
 
 func GetWebMiddleware() gin.HandlerFunc {
@@ -50,3 +53,29 @@ func GetApiMiddleware() gin.HandlerFunc {
 		return nil
 	}
 }
+
+func CheckJobToken(c *gin.Context, token string) (*models.JobToken, error) {
+	jobToken, err := models.DB.GetJobToken(token)
+	if jobToken == nil {
+		c.String(http.StatusForbidden, "Invalid bearer token")
+		c.Abort()
+		return nil, fmt.Errorf("invalid bearer token")
+	}
+
+	if time.Now().After(jobToken.Expiry) {
+		log.Printf("Token has already expired: %v", err)
+		c.String(http.StatusForbidden, "Token has expired")
+		c.Abort()
+		return nil, fmt.Errorf("token has expired")
+	}
+
+	if err != nil {
+		log.Printf("Error while fetching token from database: %v", err)
+		c.String(http.StatusInternalServerError, "Error occurred while fetching database")
+		c.Abort()
+		return nil, fmt.Errorf("could not fetch cli token")
+	}
+
+	log.Printf("Token: %v access level: %v", jobToken.Value, jobToken.Type)
+	return jobToken, nil
+}