fix: add authentication to public key routes (#52)

* fix: add authentication to public key routes

* fix: minor fixes

Author: bietkul

model/category/category.go

@@ -32,6 +32,7 @@ const (
 	Rules
 	Templates
 	Suggestions
+	Auth
 )
 
 // String is an implementation of Stringer interface that returns the string representation of category.Categories.
@@ -50,6 +51,7 @@ func (c Category) String() string {
 		"rules",
 		"templates",
 		"suggestions",
+		"auth",
 	}[c]
 }
 
@@ -87,6 +89,8 @@ func (c *Category) UnmarshalJSON(bytes []byte) error {
 		*c = Templates
 	case Suggestions.String():
 		*c = Suggestions
+	case Auth.String():
+		*c = Auth
 	default:
 		return fmt.Errorf("invalid category encountered: %v", category)
 	}
@@ -123,6 +127,8 @@ func (c Category) MarshalJSON() ([]byte, error) {
 		category = Templates.String()
 	case Suggestions:
 		category = Suggestions.String()
+	case Auth:
+		category = Auth.String()
 	default:
 		return nil, fmt.Errorf("invalid category encountered: %v" + c.String())
 	}

model/permission/defaults.go

@@ -26,6 +26,7 @@ var (
 		category.Rules,
 		category.Templates,
 		category.Suggestions,
+		category.Auth,
 	}
 
 	defaultOps = []op.Operation{
@@ -53,6 +54,7 @@ var (
 		TemplatesLimit:   10,
 		SuggestionsLimit: 10,
 		StreamsLimit:     10,
+		AuthLimit:        10,
 	}
 
 	defaultAdminLimits = Limits{
@@ -70,5 +72,6 @@ var (
 		TemplatesLimit:   30,
 		SuggestionsLimit: 30,
 		StreamsLimit:     30,
+		AuthLimit:        30,
 	}
 )

model/permission/permission.go

@@ -66,6 +66,7 @@ type Limits struct {
 	TemplatesLimit   int64 `json:"templates_limit"`
 	SuggestionsLimit int64 `json:"suggestions_limit"`
 	StreamsLimit     int64 `json:"streams_limit"`
+	AuthLimit        int64 `json:"auth_limit"`
 }
 
 // Options is a function type used to define a permission's properties.
@@ -458,6 +459,8 @@ func (p *Permission) GetLimitFor(c category.Category) (int64, error) {
 		return p.Limits.TemplatesLimit, nil
 	case category.Suggestions:
 		return p.Limits.SuggestionsLimit, nil
+	case category.Auth:
+		return p.Limits.AuthLimit, nil
 	case category.Streams:
 		return p.Limits.StreamsLimit, nil
 	default:
@@ -569,6 +572,9 @@ func (p *Permission) GetPatch(rolePatched bool) (map[string]interface{}, error)
 		if p.Limits.StreamsLimit != 0 {
 			limits["streams_limit"] = p.Limits.StreamsLimit
 		}
+		if p.Limits.AuthLimit != 0 {
+			limits["streams_limit"] = p.Limits.AuthLimit
+		}
 
 		patch["limits"] = limits
 	}

model/user/defaults.go

@@ -26,6 +26,7 @@ var (
 		category.Rules,
 		category.Templates,
 		category.Suggestions,
+		category.Auth,
 	}
 
 	defaultOps = []op.Operation{

plugins/auth/middleware.go

@@ -5,10 +5,14 @@ import (
 	"fmt"
 	"log"
 	"net/http"
+	"os"
 
 	"github.com/appbaseio/arc/middleware"
+	"github.com/appbaseio/arc/middleware/classify"
+	"github.com/appbaseio/arc/middleware/validate"
 	"github.com/appbaseio/arc/model/category"
 	"github.com/appbaseio/arc/model/credential"
+	"github.com/appbaseio/arc/model/index"
 	"github.com/appbaseio/arc/model/op"
 	"github.com/appbaseio/arc/model/permission"
 	"github.com/appbaseio/arc/model/user"
@@ -19,6 +23,48 @@ import (
 	"golang.org/x/crypto/bcrypt"
 )
 
+type chain struct {
+	middleware.Fifo
+}
+
+func (c *chain) Wrap(h http.HandlerFunc) http.HandlerFunc {
+	return c.Adapt(h, list()...)
+}
+
+func list() []middleware.Middleware {
+	return []middleware.Middleware{
+		classifyCategory,
+		classifyIndices,
+		classify.Op(),
+		BasicAuth(),
+		validate.Operation(),
+		validate.Category(),
+	}
+}
+
+func classifyIndices(h http.HandlerFunc) http.HandlerFunc {
+	return func(w http.ResponseWriter, req *http.Request) {
+		publicKeyIndex := os.Getenv(envPublicKeyEsIndex)
+		if publicKeyIndex == "" {
+			publicKeyIndex = defaultPublicKeyEsIndex
+		}
+		ctx := index.NewContext(req.Context(), []string{publicKeyIndex})
+		req = req.WithContext(ctx)
+		h(w, req)
+	}
+}
+
+func classifyCategory(h http.HandlerFunc) http.HandlerFunc {
+	return func(w http.ResponseWriter, req *http.Request) {
+		permissionCategory := category.Auth
+
+		ctx := category.NewContext(req.Context(), &permissionCategory)
+		req = req.WithContext(ctx)
+
+		h(w, req)
+	}
+}
+
 // BasicAuth middleware authenticates each requests against the basic auth credentials.
 func BasicAuth() middleware.Middleware {
 	return Instance().basicAuth

plugins/auth/routes.go

@@ -7,19 +7,20 @@ import (
 )
 
 func (a *Auth) routes() []plugins.Route {
+	middleware := (&chain{}).Wrap
 	routes := []plugins.Route{
 		{
 			Name:        "Get public key",
 			Methods:     []string{http.MethodGet},
 			Path:        "/_public_key",
-			HandlerFunc: a.getPublicKey(),
+			HandlerFunc: middleware(a.getPublicKey()),
 			Description: "GET the public key",
 		},
 		{
 			Name:        "Put public key",
 			Methods:     []string{http.MethodPut},
 			Path:        "/_public_key",
-			HandlerFunc: a.setPublicKey(),
+			HandlerFunc: middleware(a.setPublicKey()),
 			Description: "Create or Update the public key",
 		},
 	}

plugins/permissions/e2e_test.go

@@ -49,6 +49,7 @@ var defaultAdminLimits = permission.Limits{
 	TemplatesLimit:   30,
 	SuggestionsLimit: 30,
 	StreamsLimit:     30,
+	AuthLimit:        30,
 }
 
 var createPermissionResponse = map[string]interface{}{