Add auth config option and attache authentication middleware for jwt tokens

346feba7 · Lyuben Penkovski · 97f0db85 · 346feba7 · 346feba7
Commit 346feba7 authored 2 years ago by Lyuben Penkovski
--- a/cmd/task/main.go
+++ b/cmd/task/main.go
@@ -21,6 +21,7 @@ import (
 	"golang.org/x/oauth2/clientcredentials"
 	"golang.org/x/sync/errgroup"

+	"gitlab.com/gaia-x/data-infrastructure-federation-services/tsa/golib/auth"
 	"gitlab.com/gaia-x/data-infrastructure-federation-services/tsa/golib/graceful"
 	goahealth "gitlab.com/gaia-x/data-infrastructure-federation-services/tsa/task/gen/health"
 	goahealthsrv "gitlab.com/gaia-x/data-infrastructure-federation-services/tsa/task/gen/http/health/server"
@@ -74,6 +75,8 @@ func main() {
 	// create storage
 	storage := storage.New(db)

+	httpClient := httpClient()
+
 	// create an HTTP Client which uses an authentication token
 	// Create an HTTP Client which uses an authentication token.
 	// The token will auto-refresh as necessary.
@@ -95,7 +98,7 @@ func main() {
 		cfg.Executor.Workers,
 		cfg.Executor.PollInterval,
 		cfg.Executor.MaxTaskRetries,
-		httpClient(),
+		httpClient,
 		logger,
 	)

@@ -106,7 +109,7 @@ func main() {
 		cache,
 		cfg.ListExecutor.Workers,
 		cfg.ListExecutor.PollInterval,
-		httpClient(),
+		httpClient,
 		logger,
 	)

@@ -166,6 +169,16 @@ func main() {
 		openapiServer = goaopenapisrv.New(openapiEndpoints, mux, dec, enc, nil, errFormatter, nil, nil)
 	}

+	// Apply Authentication middleware if enabled.
+	if cfg.Auth.Enabled {
+		m, err := auth.NewMiddleware(cfg.Auth.JwkURL, cfg.Auth.RefreshInterval, httpClient)
+		if err != nil {
+			log.Fatalf("failed to create authentication middleware: %v", err)
+		}
+		taskServer.Use(m.Handler())
+		taskListServer.Use(m.Handler())
+	}
+
 	// Configure the mux.
 	goatasksrv.Mount(mux, taskServer)
 	goatasklistsrv.Mount(mux, taskListServer)
@@ -231,14 +244,14 @@ func httpClient() *http.Client {
 		Transport: &http.Transport{
 			Proxy: http.ProxyFromEnvironment,
 			DialContext: (&net.Dialer{
-				Timeout: 30 * time.Second,
+				Timeout: 10 * time.Second,
 			}).DialContext,
 			MaxIdleConns:        100,
 			MaxIdleConnsPerHost: 100,
 			TLSHandshakeTimeout: 10 * time.Second,
 			IdleConnTimeout:     60 * time.Second,
 		},
-		Timeout: 30 * time.Second,
+		Timeout: 20 * time.Second,
 	}
 }


--- a/internal/config/config.go
+++ b/internal/config/config.go
@@ -4,6 +4,7 @@ import "time"

 type Config struct {
 	HTTP         httpConfig
+	Auth         authConfig
 	Mongo        mongoConfig
 	Policy       policyConfig
 	Executor     executorConfig
@@ -23,6 +24,12 @@ type httpConfig struct {
 	WriteTimeout time.Duration `envconfig:"HTTP_WRITE_TIMEOUT" default:"10s"`
 }

+type authConfig struct {
+	Enabled         bool          `envconfig:"AUTH_ENABLED" default:"true"`
+	JwkURL          string        `envconfig:"AUTH_JWK_URL"`
+	RefreshInterval time.Duration `envconfig:"AUTH_REFRESH_INTERVAL" default:"1h"`
+}
+
 type mongoConfig struct {
 	Addr string `envconfig:"MONGO_ADDR" required:"true"`
 	User string `envconfig:"MONGO_USER" required:"true"`