first draft for configuring user agent multiplex on ocis

2026-03-03 14:57:22 -05:00 · 2020-12-02 12:04:09 +01:00
parent 28e8f75ebd
commit 752cd4f626
6 changed files with 34 additions and 6 deletions
--- a/ocis/pkg/command/storagefrontend.go
+++ b/ocis/pkg/command/storagefrontend.go
@@ -21,6 +21,10 @@ func StorageFrontendCommand(cfg *config.Config) *cli.Command {
 		Action: func(c *cli.Context) error {
 			scfg := configureStorageFrontend(cfg)

+			if err := command.Frontend(scfg).Before(c); err != nil {
+				return err
+			}
+
 			return cli.HandleAction(
 				command.Frontend(scfg).Action,
 				c,
--- a/proxy/pkg/middleware/authentication.go
+++ b/proxy/pkg/middleware/authentication.go
@@ -64,7 +64,6 @@ func Authentication(opts ...Option) func(next http.Handler) http.Handler {
 			if options.OIDCIss == "" && options.EnableBasicAuth {
 				basic(next).ServeHTTP(w, r)
 			}
-
 		})
 	}
 }
--- a/proxy/pkg/middleware/basic_auth.go
+++ b/proxy/pkg/middleware/basic_auth.go
@@ -61,8 +61,6 @@ func BasicAuth(optionSetters ...Option) func(next http.Handler) http.Handler {
 					Iss:    oidcIss,
 				}

-				fmt.Printf("\n\nHGAHAHAHA\n\n")
-
 				next.ServeHTTP(w, req.WithContext(oidc.NewContext(req.Context(), claims)))
 			},
 		)
--- a/storage/pkg/command/frontend.go
+++ b/storage/pkg/command/frontend.go
@@ -6,6 +6,7 @@ import (
 	"os"
 	"os/signal"
 	"path"
+	"strings"
 	"time"

 	"github.com/cs3org/reva/cmd/revad/runtime"
@@ -26,6 +27,17 @@ func Frontend(cfg *config.Config) *cli.Command {
 		Before: func(c *cli.Context) error {
 			cfg.Reva.Frontend.Services = c.StringSlice("service")

+			cfg.Reva.Frontend.Middleware.Auth.CredentialsByUserAgent = make(map[string]string, 0)
+			uaw := c.StringSlice("user-agent-whitelist")
+			for _, v := range uaw {
+				parts := strings.Split(v, ":")
+				if len(parts) != 2 {
+					return fmt.Errorf("unexpected config value for user-agent whitelist: %v, expected format is user-agent:challenge", v) // TODO wording + error wrapping?
+				}
+
+				cfg.Reva.Frontend.Middleware.Auth.CredentialsByUserAgent[parts[0]] = parts[1]
+			}
+
 			return nil
 		},
 		Action: func(c *cli.Context) error {
@@ -116,9 +128,7 @@ func Frontend(cfg *config.Config) *cli.Command {
 								"allow_credentials": true,
 							},
 							"auth": map[string]interface{}{
-								"credentials_by_user_agent": map[string]string{
-									"mirall": "basic",
-								},
+								"credentials_by_user_agent": cfg.Reva.Frontend.Middleware.Auth.CredentialsByUserAgent,
 							},
 						},
 						// TODO build services dynamically
--- a/storage/pkg/config/config.go
+++ b/storage/pkg/config/config.go
@@ -83,6 +83,15 @@ type FrontendPort struct {
 	OCDavPrefix       string
 	OCSPrefix         string
 	PublicURL         string
+	Middleware        Middleware
+}
+
+type Middleware struct {
+	Auth Auth
+}
+
+type Auth struct {
+	CredentialsByUserAgent map[string]string
 }

 // DataGatewayPort has a public url
--- a/storage/pkg/flagset/frontend.go
+++ b/storage/pkg/flagset/frontend.go
@@ -133,6 +133,14 @@ func FrontendWithConfig(cfg *config.Config) []cli.Flag {
 			EnvVars:     []string{"STORAGE_FRONTEND_UPLOAD_HTTP_METHOD_OVERRIDE"},
 			Destination: &cfg.Reva.UploadHTTPMethodOverride,
 		},
+
+		// Middlewares
+		&cli.StringSliceFlag{
+			Name:    "user-agent-whitelist", // TODO naming?
+			Value:   cli.NewStringSlice("test"),
+			Usage:   "TODO",
+			EnvVars: []string{"STORAGE_FRONTEND_MIDDLEWARE_AUTH_CREDENTIALS_BY_USER_AGENT"},
+		},
 	}

 	flags = append(flags, TracingWithConfig(cfg)...)