Skip to content

Commit

Permalink
feat(oidc_auth): Add backend support for OIDC Auth
Browse files Browse the repository at this point in the history
Signed-off-by: deo002 <[email protected]>
  • Loading branch information
deo002 committed Dec 3, 2024
1 parent d3058ba commit 48b092e
Show file tree
Hide file tree
Showing 22 changed files with 1,245 additions and 167 deletions.
17 changes: 16 additions & 1 deletion .env.example
Original file line number Diff line number Diff line change
Expand Up @@ -5,4 +5,19 @@
TOKEN_HOUR_LIFESPAN=24
# Secret key to sign tokens (openssl rand -hex 32)
API_SECRET=some-random-string
READ_API_AUTHENTICATION_ENABLED=false
READ_API_AUTHENTICATION_ENABLED=false

PORT=8080

# OIDC Provider
# The URL for retrieving keys for Token Parsing
JWKS_URI=https://provider/keys

# The field in ID Token that is to be used as username
OIDC_USERNAME_KEY=display_name

# The field in ID Token that is to be used as email
OIDC_EMAIL_KEY=mail

# The issuer url
OIDC_ISSUER=https://provider
4 changes: 2 additions & 2 deletions .github/workflows/api-swagger.yml
Original file line number Diff line number Diff line change
Expand Up @@ -19,7 +19,7 @@ jobs:
- name: Set up Go
uses: actions/setup-go@v4
with:
go-version: '1.20'
go-version: '1.21'
check-latest: true
cache: true

Expand Down Expand Up @@ -54,7 +54,7 @@ jobs:
- name: Set up Go
uses: actions/setup-go@v4
with:
go-version: '1.20'
go-version: '1.21'
check-latest: true
cache: true

Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/go.yml
Original file line number Diff line number Diff line change
Expand Up @@ -20,7 +20,7 @@ jobs:
- name: Set up Go
uses: actions/setup-go@v4
with:
go-version: '1.20'
go-version: '1.21'
check-latest: true
cache: true

Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/golangci.yml
Original file line number Diff line number Diff line change
Expand Up @@ -23,7 +23,7 @@ jobs:
- name: Set up Go
uses: actions/setup-go@v4
with:
go-version: '1.20'
go-version: '1.21'
check-latest: true
cache: true

Expand Down
2 changes: 1 addition & 1 deletion Dockerfile
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
# SPDX-FileCopyrightText: 2024 Kaushlendra Pratap <[email protected]>
# SPDX-License-Identifier: GPL-2.0-only
FROM golang:1.20 AS build
FROM golang:1.21 AS build

WORKDIR /LicenseDb

Expand Down
233 changes: 214 additions & 19 deletions cmd/laas/docs/docs.go
Original file line number Diff line number Diff line change
Expand Up @@ -790,6 +790,12 @@ const docTemplate = `{
}
}
}
},
"409": {
"description": "User registered only with OIDC authentication",
"schema": {
"$ref": "#/definitions/models.LicenseError"
}
}
}
}
Expand Down Expand Up @@ -1859,6 +1865,12 @@ const docTemplate = `{
"summary": "Get users",
"operationId": "GetAllUsers",
"parameters": [
{
"type": "boolean",
"description": "Active user only",
"name": "active",
"in": "query"
},
{
"type": "integer",
"description": "Page number",
Expand Down Expand Up @@ -1912,7 +1924,54 @@ const docTemplate = `{
"in": "body",
"required": true,
"schema": {
"$ref": "#/definitions/models.UserInput"
"$ref": "#/definitions/models.UserCreate"
}
}
],
"responses": {
"201": {
"description": "Created",
"schema": {
"$ref": "#/definitions/models.UserResponse"
}
},
"400": {
"description": "Invalid json body",
"schema": {
"$ref": "#/definitions/models.LicenseError"
}
},
"409": {
"description": "User already exists",
"schema": {
"$ref": "#/definitions/models.LicenseError"
}
}
}
}
},
"/users/oidc": {
"post": {
"description": "Create a new service user via oidc",
"consumes": [
"application/json"
],
"produces": [
"application/json"
],
"tags": [
"Users"
],
"summary": "Create new user via oidc",
"operationId": "CreateOidcUser",
"parameters": [
{
"description": "User to create",
"name": "user",
"in": "body",
"required": true,
"schema": {
"$ref": "#/definitions/models.OidcUserCreate"
}
}
],
Expand All @@ -1938,14 +1997,14 @@ const docTemplate = `{
}
}
},
"/users/{id}": {
"/users/{username}": {
"get": {
"security": [
{
"ApiKeyAuth": []
}
],
"description": "Get a single user by ID",
"description": "Get a single user by username",
"consumes": [
"application/json"
],
Expand All @@ -1959,9 +2018,9 @@ const docTemplate = `{
"operationId": "GetUser",
"parameters": [
{
"type": "integer",
"description": "User ID",
"name": "id",
"type": "string",
"description": "Username",
"name": "username",
"in": "path",
"required": true
}
Expand All @@ -1986,6 +2045,102 @@ const docTemplate = `{
}
}
}
},
"delete": {
"security": [
{
"ApiKeyAuth": []
}
],
"description": "Deactivate an user",
"consumes": [
"application/json"
],
"produces": [
"application/json"
],
"tags": [
"Users"
],
"summary": "Deactivate user",
"operationId": "DeleteUser",
"parameters": [
{
"type": "string",
"description": "Username of the user to be marked as inactive",
"name": "username",
"in": "path",
"required": true
}
],
"responses": {
"204": {
"description": "No Content"
},
"404": {
"description": "No user with given username found",
"schema": {
"$ref": "#/definitions/models.LicenseError"
}
}
}
},
"patch": {
"security": [
{
"ApiKeyAuth": []
}
],
"description": "Update a service user",
"consumes": [
"application/json"
],
"produces": [
"application/json"
],
"tags": [
"Users"
],
"summary": "Update user",
"operationId": "UpdateUser",
"parameters": [
{
"type": "string",
"description": "username of the user to be updated",
"name": "username",
"in": "path",
"required": true
},
{
"description": "User to update",
"name": "user",
"in": "body",
"required": true,
"schema": {
"$ref": "#/definitions/models.UserUpdate"
}
}
],
"responses": {
"200": {
"description": "OK",
"schema": {
"$ref": "#/definitions/models.UserResponse"
}
},
"400": {
"description": "Invalid json body",
"schema": {
"$ref": "#/definitions/models.LicenseError"
}
},
"403": {
"description": "This resource requires elevated access rights",
"schema": {
"$ref": "#/definitions/models.LicenseError"
}
}
}
}
}
},
Expand Down Expand Up @@ -2756,6 +2911,14 @@ const docTemplate = `{
}
}
},
"models.OidcUserCreate": {
"type": "object",
"properties": {
"token": {
"type": "string"
}
}
},
"models.PaginationMeta": {
"type": "object",
"properties": {
Expand Down Expand Up @@ -2829,40 +2992,49 @@ const docTemplate = `{
},
"models.User": {
"type": "object",
"required": [
"userlevel",
"username"
],
"properties": {
"id": {
"type": "integer",
"example": 123
},
"userlevel": {
"user_email": {
"type": "string",
"example": "admin"
"example": "[email protected]"
},
"user_level": {
"type": "string",
"example": "USER"
},
"username": {
"type": "string",
"example": "fossy"
}
}
},
"models.UserInput": {
"models.UserCreate": {
"type": "object",
"required": [
"password",
"userlevel",
"user_email",
"user_level",
"user_password",
"username"
],
"properties": {
"password": {
"user_email": {
"type": "string",
"example": "fossy"
"example": "fossy@org.com"
},
"userlevel": {
"user_level": {
"type": "string",
"example": "admin"
"enum": [
"USER",
"ADMIN"
],
"example": "ADMIN"
},
"user_password": {
"type": "string",
"example": "fossy"
},
"username": {
"type": "string",
Expand Down Expand Up @@ -2904,6 +3076,29 @@ const docTemplate = `{
"example": 200
}
}
},
"models.UserUpdate": {
"type": "object",
"properties": {
"active": {
"type": "boolean"
},
"user_level": {
"type": "string",
"enum": [
"USER",
"ADMIN"
],
"example": "ADMIN"
},
"user_password": {
"type": "string"
},
"username": {
"type": "string",
"example": "fossy"
}
}
}
},
"securityDefinitions": {
Expand Down
Loading

0 comments on commit 48b092e

Please sign in to comment.