Merge pull request #20 from ninth-realm/develop

Release v0.1.1

Author: mattmeyers

CHANGELOG.md

@@ -5,11 +5,18 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.1.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
+## [0.1.1] - 2023-08-23
+
+### Added
+
+- `-setup-mode` flag to disable auth checks for initial user creation
+
 ## [0.1.0] - 2023-08-22
 
 ### Added
 
 - Add base users, clients, and auth endpoints
 
+[0.1.1]: https://github.com/ninth-realm/heimdall/compare/v0.1.0...v0.1.1
 [0.1.0]: https://github.com/ninth-realm/heimdall/releases/tag/v0.1.0
 

cmd/heimdall/config.go

@@ -2,10 +2,17 @@ package main
 
 import (
 	"encoding/json"
+	"flag"
 	"os"
 )
 
 type Config struct {
+	port          int
+	logLevel      string
+	runMigrations bool
+	configPath    string
+	setupMode     bool
+
 	Driver string        `json:"driver"`
 	SQLite *SQLiteConfig `json:"sqlite"`
 }
@@ -14,13 +21,37 @@ type SQLiteConfig struct {
 	Path string `json:"path"`
 }
 
-func readConfig(path string) (Config, error) {
+func loadConfig() (Config, error) {
+	config := initFlags()
+
+	return readConfig(config, config.configPath)
+}
+
+func initFlags() Config {
+	var config Config
+
+	flag.IntVar(&config.port, "port", 8080, "Port to run on.")
+	flag.BoolVar(&config.runMigrations, "migrate", false, "Run db migrations. Ignored for mem driver.")
+	flag.StringVar(&config.logLevel, "log-level", "info", "Min log level: debug, info, warn, error, fatal")
+	flag.StringVar(&config.configPath, "config", "./config.json", "Path to the config file.")
+	flag.BoolVar(
+		&config.setupMode,
+		"setup-mode",
+		false,
+		"Removes security checks. This should only be used for initial setup when the service is not exposed to the internet.",
+	)
+
+	flag.Parse()
+
+	return config
+}
+
+func readConfig(config Config, path string) (Config, error) {
 	fileContents, err := os.ReadFile(path)
 	if err != nil {
 		return Config{}, err
 	}
 
-	var config Config
 	err = json.Unmarshal(fileContents, &config)
 	if err != nil {
 		return Config{}, err

cmd/heimdall/main.go

@@ -2,7 +2,6 @@ package main
 
 import (
 	"errors"
-	"flag"
 	"fmt"
 	"os"
 
@@ -28,9 +27,9 @@ func main() {
 }
 
 func run() error {
-	flags := initFlags()
+	config, err := loadConfig()
 
-	logLevel, err := level.ParseLevel(flags.logLevel)
+	logLevel, err := level.ParseLevel(config.logLevel)
 	if err != nil {
 		return err
 	}
@@ -40,11 +39,6 @@ func run() error {
 		return err
 	}
 
-	config, err := readConfig(flags.configPath)
-	if err != nil {
-		return err
-	}
-
 	var db sqlite.DB
 	switch config.Driver {
 	case "mem":
@@ -53,7 +47,7 @@ func run() error {
 	case "sqlite":
 		db, err = getSqliteDB(
 			fmt.Sprintf("file:%s?mode=rwc", config.SQLite.Path),
-			flags.runMigrations,
+			config.runMigrations,
 		)
 		db.UUIDGenerator = uuidV4Fn(uuid.NewV4)
 	default:
@@ -66,32 +60,13 @@ func run() error {
 
 	logger.Info("Using DB driver: %s", config.Driver)
 
-	return buildServer(db).ListenAndServe(fmt.Sprintf(":%d", flags.port))
-}
-
-type flags struct {
-	port          int
-	logLevel      string
-	runMigrations bool
-	configPath    string
-}
-
-func initFlags() flags {
-	var fs flags
-
-	flag.IntVar(&fs.port, "port", 8080, "Port to run on.")
-	flag.BoolVar(&fs.runMigrations, "migrate", false, "Run db migrations. Ignored for mem driver.")
-	flag.StringVar(&fs.logLevel, "log-level", "info", "Min log level: debug, info, warn, error, fatal")
-	flag.StringVar(&fs.configPath, "config", "./config.json", "Path to the config file.")
-
-	flag.Parse()
-
-	return fs
+	return buildServer(config, db).ListenAndServe(fmt.Sprintf(":%d", config.port))
 }
 
-func buildServer(db store.Repository) *http.Server {
+func buildServer(config Config, db store.Repository) *http.Server {
 	srv := http.NewServer()
 	srv.Logger, _ = level.NewBasicLogger(level.Info, nil)
+	srv.DisableAuth = config.setupMode
 	srv.UserService = user.Service{Repo: db}
 	srv.ClientService = client.Service{Repo: db}
 	srv.AuthService = auth.Service{Repo: db}

http/auth.go

@@ -13,6 +13,11 @@ var authErr = errors.New("missing or invalid auth token")
 
 func (s *Server) authenticateRoute(next http.Handler) http.Handler {
 	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		if s.DisableAuth {
+			next.ServeHTTP(w, r)
+			return
+		}
+
 		err := s.authenticateAPIKey(r)
 		if err == nil {
 			next.ServeHTTP(w, r)

http/server.go

@@ -20,6 +20,11 @@ type Server struct {
 	Logger level.Logger
 	Router chi.Router
 
+	// DisableAuth skips all configured auth checks on all routes. This setting
+	// is intended to be used in setup mode to allow initial users and clients
+	// to be created.
+	DisableAuth bool
+
 	UserService   UserService
 	ClientService ClientService
 	AuthService   AuthService
@@ -78,6 +83,10 @@ func (s *Server) ListenAndServe(addr string) error {
 		s.Logger, _ = level.NewBasicLogger(level.Info, nil)
 	}
 
+	if s.DisableAuth {
+		s.Logger.Warn("Starting server in setup mode. All routes are unprotected.")
+	}
+
 	s.Logger.Info("Server listening on %s", addr)
 	return http.ListenAndServe(addr, s)
 }