-
Notifications
You must be signed in to change notification settings - Fork 0
/
kuzzle.go
103 lines (85 loc) · 3.31 KB
/
kuzzle.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
package traefik_kuzzle_auth
import (
"bytes"
"encoding/json"
"fmt"
"io/ioutil"
"net/http"
)
// Routes used to request Kuzzle, can be customized
type Routes struct {
// Login route used to log in to Kuzzle using Auth Basic user/pass.
// The specified route must return 200 HTTP status code and a valid JWT when called by anonymous user.
// Default is '/_login/local' (see: https://docs.kuzzle.io/core/2/api/controllers/auth/login/)
// Login route using 'local' strtategy (see: https://docs.kuzzle.io/core/2/guides/main-concepts/authentication/#local-strategy)
// It must accept JSON body containing 'username' and 'password' string fields, for example:
// {
// "username": "myUser",
// "password": "myV3rys3cretP4ssw0rd"
// }
// You would like to update this route if you do not use 'local' strategy on your Kuzzle server
Login string `yaml:"login,omitempty"`
// GetCurrentUser route used to get logged in user KUID.
// Default is '/_me' but this a Kuzzle v2 route only so you would like update it if you still use Kuzzle v1
// (see: https://docs.kuzzle.io/core/2/api/controllers/auth/get-current-user/).
GetCurrentUser string `yaml:"getCurrentUser,omitempty"`
}
// Kuzzle info
type Kuzzle struct {
// URL use by the plugin to reach Kuzzle server.
// NOTE: Only HTTP(s) protocol is supported
// Examples:
// - HTTP: http://localhost:7512
// - HTTPS: https://localhost:7512
URL string `yaml:"url"`
Routes Routes `yaml:"routes,omitempty"`
// AllowedUsers contain users KUID allowed to connect using this plugin.
// It is empty by default so every user registered on your Kuzzle server can use this plugin.
// More about users KUID at https://docs.kuzzle.io/core/2/guides/main-concepts/authentication/#kuzzle-user-identifier-kuid
// NOTE: The user you used to log in need to be able to call `auth:getCurrentUser` Kuzzle API route
AllowedUsers []string `yaml:"allowedUsers,omitempty"`
JWT string
}
func (k *Kuzzle) login(user string, password string) error {
reqBody, _ := json.Marshal(map[string]string{
"username": user,
"password": password,
})
url := fmt.Sprintf("%s%s", k.URL, k.Routes.Login)
resp, err := http.Post(url, "application/json", bytes.NewBuffer(reqBody))
if err != nil {
return fmt.Errorf("Authentication request send to %s failed: %v", url, err)
}
if resp.StatusCode != 200 {
return fmt.Errorf("Authentication request send to %s failed: status code %d", url, resp.StatusCode)
}
var jsonBody map[string]interface{}
body, _ := ioutil.ReadAll(resp.Body)
if err := json.Unmarshal(body, &jsonBody); err != nil {
return err
}
k.JWT = jsonBody["result"].(map[string]interface{})["jwt"].(string)
return nil
}
func (k *Kuzzle) checkUser() error {
client := &http.Client{}
url := fmt.Sprintf("%s%s", k.URL, k.Routes.GetCurrentUser)
req, _ := http.NewRequest("GET", url, nil)
req.Header.Add("Authorization", fmt.Sprintf("Bearer %s", k.JWT))
resp, err := client.Do(req)
if err != nil {
return err
}
var jsonBody map[string]interface{}
body, _ := ioutil.ReadAll(resp.Body)
if err := json.Unmarshal(body, &jsonBody); err != nil {
return err
}
kuid := jsonBody["result"].(map[string]interface{})["_id"].(string)
for _, id := range k.AllowedUsers {
if kuid == id {
return nil
}
}
return fmt.Errorf("User %s do not be part of allowed users: %v", kuid, k.AllowedUsers)
}