Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Basic Auth #330

Open
dtornow opened this issue May 17, 2024 · 4 comments
Open

Basic Auth #330

dtornow opened this issue May 17, 2024 · 4 comments
Labels
enhancement New feature or request good first issue Good for newcomers

Comments

@dtornow
Copy link
Contributor

dtornow commented May 17, 2024

Describe the problem you are facing

Currently, the Resonate Server does not support authentication and authorization

Describe the solution you'd like

Add Basic Auth for authentication for the Resonate's http api

Additional context

This is a first step towards a mature authentication and authorization system. The design of the authentication and authorization system will be discussed in a separate issue
@dtornow dtornow added enhancement New feature or request good first issue Good for newcomers labels May 17, 2024
@dtornow
Copy link
Contributor Author

dtornow commented May 17, 2024
edited
Loading

Resonate uses the gin web framework so we can use the gin Basic Auth middleware. The (list of) user can be configured via the configuration file or command line arguments. E.g.

// Apply Basic Auth middleware conditionally
    authorized := r.Group("/")
    // username password pairs could also be a list to configure multiple accounts
    if config.AuthUsername != "" && config.AuthPassword != "" {
        accounts := gin.Accounts{
            config.AuthUsername: config.AuthPassword,
        }
        basicAuthMiddleware := gin.BasicAuth(accounts)
        authorized.Use(basicAuthMiddleware)
    }

    // Promises API
    authorized.POST("/promises", s.createPromise)
    authorized.GET("/promises", s.searchPromises)
    authorized.GET("/promises/*id", s.readPromise)
    authorized.PATCH("/promises/*id", s.completePromise)
    
    // ...

See source file

In subsequent iterations, we need to design how to attach authenticated user information to our api requests.

@dtornow
Copy link
Contributor Author

dtornow commented May 19, 2024

Additional information

  • Every API endpoint is registered on the authorized group

  • Config needs to be extended to contain AuthUsername and AuthPassword (if we only care about single user) or a list of Username Password pairs (if we want to support multiple users)

  • Username and password can be configured via config file or via cobra command line arguments

@susarlanikhilesh susarlanikhilesh mentioned this issue May 19, 2024
Merged
@hkiiita hkiiita mentioned this issue May 20, 2024
Closed
@RyanCarlisle
Copy link

Hi, is this issue already assigned to someone?

@hkiiita
Copy link

hkiiita commented May 20, 2024

@dtornow requesting your review on #333

@hkiiita hkiiita mentioned this issue Jun 19, 2024
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request good first issue Good for newcomers
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@dtornow @hkiiita @RyanCarlisle