Improve auth handling of rest apis used in frontend for compatibility

2025-07-23 04:51:39 +02:00 · 2024-07-04 11:16:45 +02:00
parent 61eebc9fbd
commit 1072d7b449
5 changed files with 96 additions and 13 deletions
--- a/internal/api/rest.go
+++ b/internal/api/rest.go
@@ -92,23 +92,25 @@ func (api *RestApi) MountUserApiRoutes(r *mux.Router) {
 	r.HandleFunc("/jobs/{id}", api.getJobById).Methods(http.MethodPost)
 	r.HandleFunc("/jobs/{id}", api.getCompleteJobById).Methods(http.MethodGet)
 	r.HandleFunc("/jobs/metrics/{id}", api.getJobMetrics).Methods(http.MethodGet)
-
-	if api.Authentication != nil {
-		r.HandleFunc("/jwt/", api.getJWT).Methods(http.MethodGet)
-	}
 }

 func (api *RestApi) MountConfigApiRoutes(r *mux.Router) {
-	r = r.PathPrefix("/config").Subrouter()
 	r.StrictSlash(true)

 	if api.Authentication != nil {
-		r.HandleFunc("/jwt/", api.getJWT).Methods(http.MethodGet)
 		r.HandleFunc("/roles/", api.getRoles).Methods(http.MethodGet)
 		r.HandleFunc("/users/", api.createUser).Methods(http.MethodPost, http.MethodPut)
 		r.HandleFunc("/users/", api.getUsers).Methods(http.MethodGet)
 		r.HandleFunc("/users/", api.deleteUser).Methods(http.MethodDelete)
 		r.HandleFunc("/user/{id}", api.updateUser).Methods(http.MethodPost)
+	}
+}
+
+func (api *RestApi) MountUserConfigApiRoutes(r *mux.Router) {
+	r.StrictSlash(true)
+
+	if api.Authentication != nil {
+		r.HandleFunc("/jwt/", api.getJWT).Methods(http.MethodGet) // Role:Admin Check in
 		r.HandleFunc("/configuration/", api.updateConfiguration).Methods(http.MethodPost)
 	}
 }
--- a/internal/auth/auth.go
+++ b/internal/auth/auth.go
@@ -314,6 +314,48 @@ func (auth *Authentication) AuthUserApi(
 	})
 }

+func (auth *Authentication) AuthConfigApi(
+	onsuccess http.Handler,
+	onfailure func(rw http.ResponseWriter, r *http.Request, authErr error),
+) http.Handler {
+	return http.HandlerFunc(func(rw http.ResponseWriter, r *http.Request) {
+		user, err := auth.AuthViaSession(rw, r)
+		if err != nil {
+			log.Infof("authentication failed: %s", err.Error())
+			http.Error(rw, err.Error(), http.StatusUnauthorized)
+			return
+		}
+		if user != nil && user.HasRole(schema.RoleAdmin) {
+			ctx := context.WithValue(r.Context(), repository.ContextUserKey, user)
+			onsuccess.ServeHTTP(rw, r.WithContext(ctx))
+			return
+		}
+		log.Debug("authentication failed")
+		onfailure(rw, r, errors.New("unauthorized (no auth)"))
+	})
+}
+
+func (auth *Authentication) AuthUserConfigApi(
+	onsuccess http.Handler,
+	onfailure func(rw http.ResponseWriter, r *http.Request, authErr error),
+) http.Handler {
+	return http.HandlerFunc(func(rw http.ResponseWriter, r *http.Request) {
+		user, err := auth.AuthViaSession(rw, r)
+		if err != nil {
+			log.Infof("authentication failed: %s", err.Error())
+			http.Error(rw, err.Error(), http.StatusUnauthorized)
+			return
+		}
+		if user != nil {
+			ctx := context.WithValue(r.Context(), repository.ContextUserKey, user)
+			onsuccess.ServeHTTP(rw, r.WithContext(ctx))
+			return
+		}
+		log.Debug("authentication failed")
+		onfailure(rw, r, errors.New("unauthorized (no auth)"))
+	})
+}
+
 func (auth *Authentication) Logout(onsuccess http.Handler) http.Handler {
 	return http.HandlerFunc(func(rw http.ResponseWriter, r *http.Request) {
 		session, err := auth.sessionStore.Get(r, "session")