Improve Auth module (#36)

* Expose NewSessionContext function When auth middleware or interceptor is being mocked by other service then they can take help of `session.NewSessionContext` to store mocked session data to request context. * Initialize _log in auth at creating * Allow excluding URLs in Auth middleware
2026-05-06 08:26:53 +00:00 · 2022-03-07 16:40:03 +05:30
parent c66bdc25cd
commit 274cfe7c4f
4 changed files with 22 additions and 8 deletions
--- a/pkg/auth/v3/auth.go
+++ b/pkg/auth/v3/auth.go
@@ -7,11 +7,7 @@ import (
 	kclient "github.com/ory/kratos-client-go"
 )

-var _log *logv2.Logger
-
-func init() {
-	_log = logv2.GetLogger()
-}
+var _log = logv2.GetLogger()

 type Option struct {
 	// ExcludeRPCMethods is a list of full RPC method string in
@@ -19,6 +15,10 @@ type Option struct {
 	// /rafay.dev.rpc.v3.Idp/ListIdps). These RPC methods are to
 	// be excluded from the auth interceptor.
 	ExcludeRPCMethods []string
+
+	// ExcludeURLs is a list of URL regular expressions that are
+	// excluded from the auth middleware.
+	ExcludeURLs []string
 }

 type authContext struct {
--- a/pkg/auth/v3/interceptor.go
+++ b/pkg/auth/v3/interceptor.go
@@ -58,7 +58,7 @@ func (ac authContext) NewAuthUnaryInterceptor(opt Option) grpc.UnaryServerInterc
 		s := res.GetStatus()
 		switch s {
 		case commonpbv3.RequestStatus_RequestAllowed:
-			ctx := newSessionContext(ctx, res.SessionData)
+			ctx := NewSessionContext(ctx, res.SessionData)
 			return handler(ctx, req)
 		case commonpbv3.RequestStatus_RequestMethodOrURLNotAllowed:
 			return nil, status.Error(codes.PermissionDenied, res.GetReason())
--- a/pkg/auth/v3/middleware.go
+++ b/pkg/auth/v3/middleware.go
@@ -2,6 +2,7 @@ package authv3

 import (
 	"net/http"
+	"regexp"

 	commonpbv3 "github.com/RafaySystems/rcloud-base/proto/types/commonpb/v3"
 	"github.com/urfave/negroni"
@@ -20,6 +21,18 @@ func NewAuthMiddleware(opt Option) negroni.Handler {
 }

 func (am *authMiddleware) ServeHTTP(rw http.ResponseWriter, r *http.Request, next http.HandlerFunc) {
+	for _, ex := range am.opt.ExcludeURLs {
+		match, err := regexp.MatchString(ex, r.URL.Path)
+		if err != nil {
+			_log.Errorf("failed to match URL expression", err)
+			http.Error(rw, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError)
+			return
+		}
+		if match {
+			next(rw, r)
+			return
+		}
+	}
 	req := &commonpbv3.IsRequestAllowedRequest{
 		Url:           r.URL.String(),
 		Method:        r.Method,
@@ -36,8 +49,9 @@ func (am *authMiddleware) ServeHTTP(rw http.ResponseWriter, r *http.Request, nex
 	s := res.GetStatus()
 	switch s {
 	case commonpbv3.RequestStatus_RequestAllowed:
-		ctx := newSessionContext(r.Context(), res.SessionData)
+		ctx := NewSessionContext(r.Context(), res.SessionData)
 		next(rw, r.WithContext(ctx))
+		return
 	case commonpbv3.RequestStatus_RequestMethodOrURLNotAllowed:
 		http.Error(rw, res.GetReason(), http.StatusForbidden)
 		return
--- a/pkg/auth/v3/session.go
+++ b/pkg/auth/v3/session.go
@@ -10,7 +10,7 @@ type contextKey struct{}

 var sessionDataKey contextKey

-func newSessionContext(ctx context.Context, s *commonv3.SessionData) context.Context {
+func NewSessionContext(ctx context.Context, s *commonv3.SessionData) context.Context {
 	return context.WithValue(ctx, sessionDataKey, s)
 }