Flamenco/internal/manager/api_impl/openapi_auth.go

// Package api_impl implements the OpenAPI API from pkg/api/flamenco-openapi.yaml.
package api_impl

// SPDX-License-Identifier: GPL-3.0-or-later

import (
	"context"
	"errors"
	"regexp"

	oapi_middle "github.com/deepmap/oapi-codegen/pkg/middleware"
	"github.com/getkin/kin-openapi/openapi3"
	"github.com/getkin/kin-openapi/openapi3filter"
	"github.com/labstack/echo/v4"
	"github.com/rs/zerolog/log"
)

// Regexp to find variables in `/path/:task_id` or `/path/:variable/subpath`.
var urlVariablesReplacer = regexp.MustCompile("/:([^/]+)(/?)")

// SwaggerValidator constructs the OpenAPI validator, which also handles authentication.
func SwaggerValidator(swagger *openapi3.T, persist PersistenceService) echo.MiddlewareFunc {
	options := oapi_middle.Options{
		Options: openapi3filter.Options{
			AuthenticationFunc: func(ctx context.Context, authInfo *openapi3filter.AuthenticationInput) error {
				return authenticator(ctx, authInfo, persist)
			},
		},

		// Skip OAPI validation when the request is not for the OAPI interface.
		Skipper: func(e echo.Context) bool {
			isOapi := isOpenAPIPath(swagger, e.Path())
			log.Trace().
				Bool("isOpenAPI", isOapi).
				Str("path", e.Path()).
				Msg("checking validation skipperoo")
			return !isOapi
		},
	}

	validator := oapi_middle.OapiRequestValidatorWithOptions(swagger, &options)
	return validator
}

// authenticator runs the appropriate authentication function given the security
// scheme name.
func authenticator(ctx context.Context, authInfo *openapi3filter.AuthenticationInput, persist PersistenceService) error {
	switch authInfo.SecuritySchemeName {
	case "worker_auth":
		return WorkerAuth(ctx, authInfo, persist)
	default:
		log.Warn().Str("scheme", authInfo.SecuritySchemeName).Msg("unknown security scheme")
		return errors.New("unknown security scheme")
	}
}

func isOpenAPIPath(swagger *openapi3.T, urlPath string) bool {
	oapiPath := replaceURLPathVariables(urlPath)
	found := swagger.Paths.Find(oapiPath) != nil
	return found
}

// replaceURLPathVariables replaces variable style (`:task_id` to `{task_id}`)
// to suit the swagger.Paths path list.
func replaceURLPathVariables(urlPath string) string {
	pathBytes := []byte(urlPath)
	replacement := []byte("/{$1}$2")
	oapiPathBytes := urlVariablesReplacer.ReplaceAll(pathBytes, replacement)
	return string(oapiPathBytes)
}
OAPI: rename `pkg/api/flamenco-manager.yaml` to `flamenco-openapi.yaml` Rename `pkg/api/flamenco-manager.yaml` to `flamenco-openapi.yaml`, to distinguish the OpenAPI definition file from the Flamenco Manager configuration file of the same name (but in a different directory). No functional changes. 2022-05-19 13:22:37 +00:00			`// Package api_impl implements the OpenAPI API from pkg/api/flamenco-openapi.yaml.`
Move code out of main.go and add better check for OpenAPI paths 2022-02-17 12:58:04 +00:00			`package api_impl`

License: license all code under "GPL-3.0-or-later" The add-on code was copy-pasted from other addons and used the GPL v2 license, whereas by accident the LICENSE text file had the GNU "Affero" GPL license v3 (instead of regular GPL v3). This is now all streamlined, and all code is licensed as "GPL v3 or later". Furthermore, the code comments just show a SPDX License Identifier instead of an entire license block. 2022-03-07 14:26:46 +00:00			`// SPDX-License-Identifier: GPL-3.0-or-later`
Move code out of main.go and add better check for OpenAPI paths 2022-02-17 12:58:04 +00:00
			`import (`
			`"context"`
			`"errors"`
			`"regexp"`

			`oapi_middle "github.com/deepmap/oapi-codegen/pkg/middleware"`
			`"github.com/getkin/kin-openapi/openapi3"`
			`"github.com/getkin/kin-openapi/openapi3filter"`
			`"github.com/labstack/echo/v4"`
			`"github.com/rs/zerolog/log"`
			`)`

			// Regexp to find variables in `/path/:task_id` or `/path/:variable/subpath`.
			`var urlVariablesReplacer = regexp.MustCompile("/:([^/]+)(/?)")`

			`// SwaggerValidator constructs the OpenAPI validator, which also handles authentication.`
			`func SwaggerValidator(swagger *openapi3.T, persist PersistenceService) echo.MiddlewareFunc {`
			`options := oapi_middle.Options{`
			`Options: openapi3filter.Options{`
			`AuthenticationFunc: func(ctx context.Context, authInfo *openapi3filter.AuthenticationInput) error {`
			`return authenticator(ctx, authInfo, persist)`
			`},`
			`},`

			`// Skip OAPI validation when the request is not for the OAPI interface.`
			`Skipper: func(e echo.Context) bool {`
			`isOapi := isOpenAPIPath(swagger, e.Path())`
Tweak some logging 2022-03-01 14:30:51 +00:00			`log.Trace().`
Move code out of main.go and add better check for OpenAPI paths 2022-02-17 12:58:04 +00:00			`Bool("isOpenAPI", isOapi).`
			`Str("path", e.Path()).`
			`Msg("checking validation skipperoo")`
			`return !isOapi`
			`},`
			`}`

			`validator := oapi_middle.OapiRequestValidatorWithOptions(swagger, &options)`
			`return validator`
			`}`

			`// authenticator runs the appropriate authentication function given the security`
			`// scheme name.`
			`func authenticator(ctx context.Context, authInfo *openapi3filter.AuthenticationInput, persist PersistenceService) error {`
			`switch authInfo.SecuritySchemeName {`
			`case "worker_auth":`
			`return WorkerAuth(ctx, authInfo, persist)`
			`default:`
			`log.Warn().Str("scheme", authInfo.SecuritySchemeName).Msg("unknown security scheme")`
			`return errors.New("unknown security scheme")`
			`}`
			`}`

			`func isOpenAPIPath(swagger *openapi3.T, urlPath string) bool {`
			`oapiPath := replaceURLPathVariables(urlPath)`
			`found := swagger.Paths.Find(oapiPath) != nil`
			`return found`
			`}`

			// replaceURLPathVariables replaces variable style (`:task_id` to `{task_id}`)
			`// to suit the swagger.Paths path list.`
			`func replaceURLPathVariables(urlPath string) string {`
			`pathBytes := []byte(urlPath)`
			`replacement := []byte("/{$1}$2")`
			`oapiPathBytes := urlVariablesReplacer.ReplaceAll(pathBytes, replacement)`
			`return string(oapiPathBytes)`
			`}`