Feat: Add authentication for the test report page

Dockerfile

@@ -9,6 +9,9 @@ ARG TARGETARCH
 ENV GO111MODULE=on \
     CGO_ENABLED=0
 
+RUN apk --no-cache add ca-certificates \
+  && update-ca-certificates
+
 # Set the working directory inside the container
 WORKDIR /app
 

Dockerfile-local

@@ -11,6 +11,11 @@ ENV POSTGRES_DB=fern
 ENV POSTGRES_USER=fern
 ENV POSTGRES_PASSWORD=fern
 
+RUN apt-get update && apt-get install -y \
+    ca-certificates \
+    && rm -rf /var/lib/apt/lists/*
+
+
 # Initialize the database and create the user and database (adjust commands as needed)
 RUN service postgresql start && \
     su postgres -c "createuser --superuser $POSTGRES_USER" && \

config/config.go

@@ -5,13 +5,15 @@ import (
 	"embed"
 	"fmt"
 	"os"
+	"strconv"
 
 	"github.com/spf13/viper"
 )
 
 type config struct {
 	Db     *dbConfig
 	Server *serverConfig
+	Auth   *authConfig
 	Header string
 }
 
@@ -31,6 +33,13 @@ type serverConfig struct {
 	Port string `mapstructure:"port"`
 }
 
+type authConfig struct {
+	JSONWebKeysEndpoint string `mapstructure:"json-web-keys-endpoint"`
+	TokenEndpoint       string `mapstructure:"token-endpoint"`
+	Enabled             bool   `mapstructure:"enabled"`
+	ScopeClaimName      string `mapstructure:"scope-claim-name"`
+}
+
 var configuration *config
 
 //go:embed config.yaml
@@ -70,6 +79,15 @@ func LoadConfig() (*config, error) {
 	if os.Getenv("FERN_DATABASE") != "" {
 		configuration.Db.Database = os.Getenv("FERN_DATABASE")
 	}
+	if os.Getenv("AUTH_JSON_WEB_KEYS_ENDPOINT") != "" {
+		configuration.Auth.JSONWebKeysEndpoint = os.Getenv("AUTH_JSON_WEB_KEYS_ENDPOINT")
+	}
+	if os.Getenv("AUTH_ENABLED") != "" {
+		configuration.Auth.Enabled, _ = strconv.ParseBool(os.Getenv("AUTH_ENABLED"))
+	}
+	if os.Getenv("SCOPE_CLAIM_NAME") != "" {
+		configuration.Auth.ScopeClaimName = os.Getenv("SCOPE_CLAIM_NAME")
+	}
 	if os.Getenv("FERN_HEADER_NAME") != "" {
 		configuration.Header = os.Getenv("FERN_HEADER_NAME")
 	}
@@ -85,6 +103,10 @@ func GetServer() *serverConfig {
 	return configuration.Server
 }
 
+func GetAuth() *authConfig {
+	return configuration.Auth
+}
+
 func GetHeaderName() string {
 	return configuration.Header
 }

config/config.yaml

@@ -10,4 +10,8 @@ db:
   max-idle-conns: 10
 server:
   port: :8080
+auth:
+  json-web-keys-endpoint: ""
+  enabled: "true"
+  scope-claim-name: "scope"
 header: "Fern Acceptance Test Report"

config/config_test.go

@@ -26,6 +26,7 @@ var _ = Describe("When LoadConfig is invoked", func() {
 			appConfig, err := config.LoadConfig()
 			Expect(err).NotTo(HaveOccurred())
 
+			Expect(appConfig.Auth.JSONWebKeysEndpoint).To(Equal(""))
 			Expect(appConfig.Server.Port).To(Equal(":8080"))
 			Expect(appConfig.Db.Driver).To(Equal("postgres"))
 			Expect(appConfig.Db.Host).To(Equal("localhost"))
@@ -59,6 +60,9 @@ var _ = Describe("When LoadConfig is invoked", func() {
 
 	It("should override configuration with environment variables", func() {
 
+		os.Setenv("AUTH_JSON_WEB_KEYS_ENDPOINT", "https://test-idp-base-url.com/oauth2/abc123/v1/keys")
+		os.Setenv("AUTH_ENABLED", "false")
+		os.Setenv("SCOPE_CLAIM_NAME", "fern_scope")
 		os.Setenv("FERN_USERNAME", "fern")
 		os.Setenv("FERN_PASSWORD", "fern")
 		os.Setenv("FERN_HOST", "localhost")
@@ -76,6 +80,10 @@ var _ = Describe("When LoadConfig is invoked", func() {
 		Expect(result.Db.Host).To(Equal("localhost"))
 		Expect(result.Db.Port).To(Equal("5432"))
 		Expect(result.Db.Database).To(Equal("fern"))
+		Expect(result.Auth.JSONWebKeysEndpoint).To(Equal("https://test-idp-base-url.com/oauth2/abc123/v1/keys"))
+		Expect(result.Auth.Enabled).To(Equal(false))
+		Expect(result.Auth.ScopeClaimName).To(Equal("fern_scope"))
+		Expect(result.Header).To(Equal("Custom Fern Report Header"))
 		Expect(result.Header).To(Equal("Custom Fern Report Header"))
 	})
 

go.mod

@@ -7,6 +7,9 @@ require (
 	github.com/gin-contrib/cors v1.7.1
 	github.com/gin-gonic/gin v1.9.1
 	github.com/golang-migrate/migrate/v4 v4.17.1
+	github.com/lestrrat-go/iter v1.0.2
+	github.com/lestrrat-go/jwx v1.2.29
+	github.com/lestrrat-go/jwx/v2 v2.0.21
 	github.com/markbates/pkger v0.17.1
 	github.com/onsi/ginkgo/v2 v2.13.2
 	github.com/onsi/gomega v1.30.0
@@ -19,11 +22,10 @@ require (
 require (
 	github.com/bytedance/sonic v1.11.6 // indirect
 	github.com/bytedance/sonic/loader v0.1.1 // indirect
-	github.com/chenzhuoyu/base64x v0.0.0-20230717121745-296ad89f973d // indirect
-	github.com/chenzhuoyu/iasm v0.9.1 // indirect
 	github.com/cloudwego/base64x v0.1.4 // indirect
 	github.com/cloudwego/iasm v0.2.0 // indirect
 	github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect
+	github.com/decred/dcrd/dcrec/secp256k1/v4 v4.2.0 // indirect
 	github.com/fsnotify/fsnotify v1.7.0 // indirect
 	github.com/gabriel-vasile/mimetype v1.4.3 // indirect
 	github.com/gin-contrib/sse v0.1.0 // indirect
@@ -48,17 +50,24 @@ require (
 	github.com/json-iterator/go v1.1.12 // indirect
 	github.com/klauspost/cpuid/v2 v2.2.7 // indirect
 	github.com/leodido/go-urn v1.4.0 // indirect
+	github.com/lestrrat-go/backoff/v2 v2.0.8 // indirect
+	github.com/lestrrat-go/blackmagic v1.0.2 // indirect
+	github.com/lestrrat-go/httpcc v1.0.1 // indirect
+	github.com/lestrrat-go/httprc v1.0.5 // indirect
+	github.com/lestrrat-go/option v1.0.1 // indirect
 	github.com/lib/pq v1.10.9 // indirect
 	github.com/magiconair/properties v1.8.7 // indirect
 	github.com/mattn/go-isatty v0.0.20 // indirect
 	github.com/mitchellh/mapstructure v1.5.0 // indirect
 	github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect
 	github.com/modern-go/reflect2 v1.0.2 // indirect
 	github.com/pelletier/go-toml/v2 v2.2.1 // indirect
+	github.com/pkg/errors v0.9.1 // indirect
 	github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 // indirect
 	github.com/rogpeppe/go-internal v1.11.0 // indirect
 	github.com/sagikazarmark/locafero v0.4.0 // indirect
 	github.com/sagikazarmark/slog-shim v0.1.0 // indirect
+	github.com/segmentio/asm v1.2.0 // indirect
 	github.com/sourcegraph/conc v0.3.0 // indirect
 	github.com/spf13/afero v1.11.0 // indirect
 	github.com/spf13/cast v1.6.0 // indirect