Skip to content

Commit dae878f

Browse files
authored
fix cli token auth (#1406)
1 parent bf7c83c commit dae878f

File tree

4 files changed

+677
-23
lines changed

4 files changed

+677
-23
lines changed

backend/middleware/basic.go

Lines changed: 14 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -51,10 +51,23 @@ func HttpBasicApiAuth() gin.HandlerFunc {
5151
return
5252
}
5353

54-
if token == os.Getenv("BEARER_AUTH_TOKEN") {
54+
if strings.HasPrefix(token, "cli:") {
55+
if jobToken, err := CheckJobToken(c, token); err != nil {
56+
c.String(http.StatusForbidden, err.Error())
57+
c.Abort()
58+
return
59+
} else {
60+
setDefaultOrganisationId(c)
61+
c.Set(ACCESS_LEVEL_KEY, jobToken.Type)
62+
}
63+
} else if token == os.Getenv("BEARER_AUTH_TOKEN") {
5564
setDefaultOrganisationId(c)
5665
c.Set(ACCESS_LEVEL_KEY, models.AdminPolicyType)
5766
c.Next()
67+
} else {
68+
c.String(http.StatusForbidden, "Invalid Bearer token")
69+
c.Abort()
70+
return
5871
}
5972
return
6073
}

backend/middleware/jwt.go

Lines changed: 5 additions & 22 deletions
Original file line numberDiff line numberDiff line change
@@ -10,7 +10,6 @@ import (
1010
"net/http"
1111
"os"
1212
"strings"
13-
"time"
1413
)
1514

1615
func SetContextParameters(c *gin.Context, auth services.Auth, token *jwt.Token) error {
@@ -195,30 +194,14 @@ func JWTBearerTokenAuth(auth services.Auth) gin.HandlerFunc {
195194
}
196195

197196
if strings.HasPrefix(token, "cli:") {
198-
var dbToken models.Token
199-
200-
jobToken, err := models.DB.GetJobToken(token)
201-
if jobToken == nil {
202-
c.String(http.StatusForbidden, "Invalid bearer token")
203-
c.Abort()
204-
return
205-
}
206-
207-
if time.Now().After(jobToken.Expiry) {
208-
log.Printf("Token has already expired: %v", err)
209-
c.String(http.StatusForbidden, "Token has expired")
210-
c.Abort()
211-
return
212-
}
213-
214-
if err != nil {
215-
log.Printf("Error while fetching token from database: %v", err)
216-
c.String(http.StatusInternalServerError, "Error occurred while fetching database")
197+
if jobToken, err := CheckJobToken(c, token); err != nil {
198+
c.String(http.StatusForbidden, err.Error())
217199
c.Abort()
218200
return
201+
} else {
202+
c.Set(ORGANISATION_ID_KEY, jobToken.OrganisationID)
203+
c.Set(ACCESS_LEVEL_KEY, jobToken.Type)
219204
}
220-
c.Set(ORGANISATION_ID_KEY, dbToken.OrganisationID)
221-
c.Set(ACCESS_LEVEL_KEY, dbToken.Type)
222205
} else if strings.HasPrefix(token, "t:") {
223206
var dbToken models.Token
224207

backend/middleware/middleware.go

Lines changed: 29 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1,11 +1,14 @@
11
package middleware
22

33
import (
4+
"fmt"
5+
"github.com/diggerhq/digger/backend/models"
46
"github.com/diggerhq/digger/backend/services"
57
"github.com/gin-gonic/gin"
68
"log"
79
"net/http"
810
"os"
11+
"time"
912
)
1013

1114
func GetWebMiddleware() gin.HandlerFunc {
@@ -50,3 +53,29 @@ func GetApiMiddleware() gin.HandlerFunc {
5053
return nil
5154
}
5255
}
56+
57+
func CheckJobToken(c *gin.Context, token string) (*models.JobToken, error) {
58+
jobToken, err := models.DB.GetJobToken(token)
59+
if jobToken == nil {
60+
c.String(http.StatusForbidden, "Invalid bearer token")
61+
c.Abort()
62+
return nil, fmt.Errorf("invalid bearer token")
63+
}
64+
65+
if time.Now().After(jobToken.Expiry) {
66+
log.Printf("Token has already expired: %v", err)
67+
c.String(http.StatusForbidden, "Token has expired")
68+
c.Abort()
69+
return nil, fmt.Errorf("token has expired")
70+
}
71+
72+
if err != nil {
73+
log.Printf("Error while fetching token from database: %v", err)
74+
c.String(http.StatusInternalServerError, "Error occurred while fetching database")
75+
c.Abort()
76+
return nil, fmt.Errorf("could not fetch cli token")
77+
}
78+
79+
log.Printf("Token: %v access level: %v", jobToken.Value, jobToken.Type)
80+
return jobToken, nil
81+
}

0 commit comments

Comments
 (0)