rarime-auth-svc

command module
v0.0.1-rc9 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jan 24, 2024 License: MIT Imports: 2 Imported by: 0

README

rarime-auth-svc

Description

RariMe Auth service designed to authorize users with ZK-proofs of role-claim ownership and issue JWT tokens based on it. This JWT can be used on other internal or external service to authenticate user for executing endpoints.

Usage

To integrate on other service use the pkg/auth package. It contains client and client config to execute v1/validate requests and example of grants that can be used with Authenticates method to check uses access.

Example:

Add middleware to endpoints that require auth:

package middleware

import (
	"net/http"
	
	"github.com/rarimo/rarime-auth-svc/pkg/auth"
	"gitlab.com/distributed_lab/ape"
	"gitlab.com/distributed_lab/ape/problems"
)

func AuthMiddleware(client *auth.Client) func(http.Handler) http.Handler {
	return func(next http.Handler) http.Handler {
		return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
			claim, code, err := client.ValidateJWT(r.Header)
			if err != nil {
				if code == http.StatusUnauthorized {
					ape.RenderErr(w, problems.Unauthorized())	
					return
                }

				// Log err and render internal
				
				ape.RenderErr(w, problems.InternalError())
				return
			}


			// Save claims somewhere (probably in request context)
			ctx := handlers.CtxClaim(claim)(r.Context())
			next.ServeHTTP(w, r.WithContext(ctx))
		})
	}
}

How protected endpoints definition looks like:

r.Route("/integrations/your-service", func(r chi.Router) {
		r.Route("/v1", func(r chi.Router) {
			r.Post("/unprotected", handlers.Unprotected)
			r.With(middleware.AuthMiddleware(s.client)).Get("/protected", handlers.Protected)
		})
	})

Then, use parsed claims in handler to allow users execute business logic:

if !auth.Authenticates([]resources.Claim{claim}, auth.GroupRoleGrant("did", "org", role, group)) {
    ape.RenderErr(w, problems.Unauthorized())
    return
}

Install

git clone github.com/rarimo/rarime-auth-svc
cd rarime-auth-svc
go build main.go
export KV_VIPER_FILE=./config.yaml
./main run service

Documentation

We do use openapi:json standard for API. We use swagger for documenting our API.

To open online documentation, go to swagger editor here is how you can start it

  cd docs
  npm install
  npm start

To build documentation use npm run build command, that will create open-api documentation in web_deploy folder.

To generate resources for Go models run ./generate.sh script in root folder. use ./generate.sh --help to see all available options.

Note: if you are using Gitlab for building project docs/spec/paths folder must not be empty, otherwise only Build and Publish job will be passed.

Running from docker

Make sure that docker installed.

use docker run with -p 8080:80 to expose port 80 to 8080

docker build -t github.com/rarimo/rarime-auth-svc .
docker run -e KV_VIPER_FILE=/config.yaml github.com/rarimo/rarime-auth-svc

Running from Source

  • Set up environment value with config file path KV_VIPER_FILE=./config.yaml
  • Provide valid config file
  • Launch the service with run service command

Contact

Responsible Oleg Fomenko The primary contact for this project is t.me/of_dl

Documentation

The Go Gopher

There is no documentation for this package.

Directories

Path Synopsis
internal
pkg

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL