feat(docker): Add Dockerfile and compose file
This commit is contained in:
Björn Benouarets
21
Dockerfile
Normal file
21
Dockerfile
Normal file
@@ -0,0 +1,21 @@
|
|||||||
|
FROM golang:1.25.3-alpine AS builder
|
||||||
|
|
||||||
|
WORKDIR /app
|
||||||
|
|
||||||
|
COPY ./app/go.mod ./app/go.sum ./
|
||||||
|
|
||||||
|
RUN go mod download
|
||||||
|
|
||||||
|
RUN go mod verify
|
||||||
|
|
||||||
|
COPY ./app ./.
|
||||||
|
|
||||||
|
RUN go build -o app .
|
||||||
|
|
||||||
|
FROM alpine:latest AS runner
|
||||||
|
|
||||||
|
WORKDIR /app
|
||||||
|
|
||||||
|
COPY --from=builder /app/app /app/app
|
||||||
|
|
||||||
|
CMD ["./app"]
|
||||||
@@ -18,7 +18,7 @@ func main() {
|
|||||||
pseudonymizer := masterlog.NewPseudonymizerFromString("1234567890")
|
pseudonymizer := masterlog.NewPseudonymizerFromString("1234567890")
|
||||||
|
|
||||||
masterlog.SetPseudonymizer(pseudonymizer)
|
masterlog.SetPseudonymizer(pseudonymizer)
|
||||||
masterlog.AddSensitiveFields("password", "token", "email")
|
masterlog.AddSensitiveFields("password", "token", "email", "token_value", "key_value")
|
||||||
|
|
||||||
if config.Debug {
|
if config.Debug {
|
||||||
masterlog.SetLevel(masterlog.LevelDebug)
|
masterlog.SetLevel(masterlog.LevelDebug)
|
||||||
@@ -26,8 +26,6 @@ func main() {
|
|||||||
masterlog.SetLevel(masterlog.LevelInfo)
|
masterlog.SetLevel(masterlog.LevelInfo)
|
||||||
}
|
}
|
||||||
|
|
||||||
// resetAdminApiKey := utils.GetEnvBool("RESET_ADMIN_API_KEY", false)
|
|
||||||
|
|
||||||
masterlog.AddEncoder(&masterlog.JSONEncoder{})
|
masterlog.AddEncoder(&masterlog.JSONEncoder{})
|
||||||
|
|
||||||
allModels := []interface{}{
|
allModels := []interface{}{
|
||||||
@@ -67,9 +65,12 @@ func main() {
|
|||||||
// Controllers
|
// Controllers
|
||||||
app.Post("/login", controllers.LoginController)
|
app.Post("/login", controllers.LoginController)
|
||||||
app.Post("/register", controllers.RegisterController)
|
app.Post("/register", controllers.RegisterController)
|
||||||
app.Get("/api_keys", controllers.CreateApiKeyController)
|
|
||||||
app.Post("/session/info", controllers.SessionInfoController)
|
app.Post("/session/info", controllers.SessionInfoController)
|
||||||
|
|
||||||
|
if config.ENV == "development" {
|
||||||
|
app.Get("/api_keys", controllers.CreateApiKeyController)
|
||||||
|
}
|
||||||
|
|
||||||
masterlog.Info("Starting server", map[string]interface{}{"address": config.Address})
|
masterlog.Info("Starting server", map[string]interface{}{"address": config.Address})
|
||||||
if err := app.Listen(config.Address); err != nil {
|
if err := app.Listen(config.Address); err != nil {
|
||||||
masterlog.Error("failed to start server", map[string]interface{}{"error": err.Error()})
|
masterlog.Error("failed to start server", map[string]interface{}{"error": err.Error()})
|
||||||
|
|||||||
@@ -8,26 +8,31 @@ import (
|
|||||||
"git.secnex.io/secnex/auth-api/config"
|
"git.secnex.io/secnex/auth-api/config"
|
||||||
"git.secnex.io/secnex/auth-api/repositories"
|
"git.secnex.io/secnex/auth-api/repositories"
|
||||||
"git.secnex.io/secnex/auth-api/utils"
|
"git.secnex.io/secnex/auth-api/utils"
|
||||||
|
"git.secnex.io/secnex/masterlog"
|
||||||
"github.com/gofiber/fiber/v2"
|
"github.com/gofiber/fiber/v2"
|
||||||
)
|
)
|
||||||
|
|
||||||
func AuthMiddleware() fiber.Handler {
|
func AuthMiddleware() fiber.Handler {
|
||||||
return func(c *fiber.Ctx) error {
|
return func(c *fiber.Ctx) error {
|
||||||
if slices.Contains(config.CONFIG.UNPROTECTED_ENDPOINTS, c.Path()) {
|
if slices.Contains(config.CONFIG.UNPROTECTED_ENDPOINTS, c.Path()) {
|
||||||
|
masterlog.Debug("Unprotected endpoint", map[string]interface{}{"path": c.Path()})
|
||||||
return c.Next()
|
return c.Next()
|
||||||
}
|
}
|
||||||
token := c.Get("Authorization")
|
token := c.Get("Authorization")
|
||||||
if token == "" {
|
if token == "" {
|
||||||
|
masterlog.Debug("No token provided", map[string]interface{}{"path": c.Path(), "authorization": c.Get("Authorization")})
|
||||||
return c.Status(fiber.StatusUnauthorized).JSON(fiber.Map{"message": "Unauthorized"})
|
return c.Status(fiber.StatusUnauthorized).JSON(fiber.Map{"message": "Unauthorized"})
|
||||||
}
|
}
|
||||||
|
|
||||||
tokenParts := strings.Split(token, " ")
|
tokenParts := strings.Split(token, " ")
|
||||||
if len(tokenParts) != 2 {
|
if len(tokenParts) != 2 {
|
||||||
|
masterlog.Debug("Invalid token parts", map[string]interface{}{"token_parts": tokenParts})
|
||||||
return c.Status(fiber.StatusUnauthorized).JSON(fiber.Map{"message": "Unauthorized"})
|
return c.Status(fiber.StatusUnauthorized).JSON(fiber.Map{"message": "Unauthorized"})
|
||||||
}
|
}
|
||||||
|
|
||||||
tokenPartType, tokenPartValue := tokenParts[0], tokenParts[1]
|
tokenPartType, tokenPartValue := tokenParts[0], tokenParts[1]
|
||||||
if tokenPartType != "Bearer" {
|
if tokenPartType != "Bearer" {
|
||||||
|
masterlog.Debug("Invalid token type", map[string]interface{}{"token_type": tokenPartType})
|
||||||
return c.Status(fiber.StatusUnauthorized).JSON(fiber.Map{"message": "Unauthorized"})
|
return c.Status(fiber.StatusUnauthorized).JSON(fiber.Map{"message": "Unauthorized"})
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -39,26 +44,32 @@ func AuthMiddleware() fiber.Handler {
|
|||||||
|
|
||||||
tokenValueParts := strings.Split(tokenValueString, ":")
|
tokenValueParts := strings.Split(tokenValueString, ":")
|
||||||
if len(tokenValueParts) != 2 {
|
if len(tokenValueParts) != 2 {
|
||||||
|
masterlog.Debug("Invalid API key format", map[string]interface{}{"token_value": tokenValueString})
|
||||||
return c.Status(fiber.StatusUnauthorized).JSON(fiber.Map{"message": "Unauthorized"})
|
return c.Status(fiber.StatusUnauthorized).JSON(fiber.Map{"message": "Unauthorized"})
|
||||||
}
|
}
|
||||||
keyId, keyValue := tokenValueParts[0], tokenValueParts[1]
|
keyId, keyValue := tokenValueParts[0], tokenValueParts[1]
|
||||||
apiKey, err := repositories.GetApiKey(keyId)
|
apiKey, err := repositories.GetApiKey(keyId)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
|
masterlog.Debug("Error getting API key", map[string]interface{}{"error": err.Error(), "key_id": keyId})
|
||||||
return c.Status(fiber.StatusUnauthorized).JSON(fiber.Map{"message": "Unauthorized"})
|
return c.Status(fiber.StatusUnauthorized).JSON(fiber.Map{"message": "Unauthorized"})
|
||||||
}
|
}
|
||||||
if apiKey == nil {
|
if apiKey == nil {
|
||||||
|
masterlog.Debug("API key not found", map[string]interface{}{"key_id": keyId})
|
||||||
return c.Status(fiber.StatusUnauthorized).JSON(fiber.Map{"message": "Unauthorized"})
|
return c.Status(fiber.StatusUnauthorized).JSON(fiber.Map{"message": "Unauthorized"})
|
||||||
}
|
}
|
||||||
|
|
||||||
valid, err := utils.Verify(keyValue, apiKey.Key)
|
valid, err := utils.Verify(keyValue, apiKey.Key)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
|
masterlog.Debug("Error verifying API key", map[string]interface{}{"error": err.Error(), "key_id": keyId})
|
||||||
return c.Status(fiber.StatusUnauthorized).JSON(fiber.Map{"message": "Unauthorized"})
|
return c.Status(fiber.StatusUnauthorized).JSON(fiber.Map{"message": "Unauthorized"})
|
||||||
}
|
}
|
||||||
if !valid {
|
if !valid {
|
||||||
|
masterlog.Debug("Invalid API key", map[string]interface{}{"key_id": keyId})
|
||||||
return c.Status(fiber.StatusUnauthorized).JSON(fiber.Map{"message": "Unauthorized"})
|
return c.Status(fiber.StatusUnauthorized).JSON(fiber.Map{"message": "Unauthorized"})
|
||||||
}
|
}
|
||||||
|
|
||||||
c.Locals("key", keyId)
|
c.Locals("key", keyId)
|
||||||
|
masterlog.Debug("API key verified successfully", map[string]interface{}{"key_id": keyId})
|
||||||
return c.Next()
|
return c.Next()
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|||||||
0
docker-compose.yml
Normal file
0
docker-compose.yml
Normal file
Reference in New Issue
Block a user