feat: use validate-token endpoint in MustServer

go-vela · plyr4 · Mar 28, 2023 · Mar 17, 2023 · Mar 17, 2023 · Mar 17, 2023
commit 02fed7f99266f77577b269a1b31935c71a373c03
@@ -30,6 +30,7 @@ func (w *Worker) server() (http.Handler, *tls.Config) {
 	// https://pkg.go.dev/github.com/go-vela/worker/router?tab=doc#Load
 	_server := router.Load(
 		middleware.RequestVersion,
+		middleware.ServerAddress(w.Config.Server.Address),
 		middleware.Executors(w.Executors),
 		middleware.Secret(w.Config.Server.Secret),
 		middleware.Logger(logrus.StandardLogger(), time.RFC3339, true),

@@ -7,10 +7,10 @@ package perm
 import (
 	"fmt"
 	"net/http"
-	"strings"
 
+	"github.com/go-vela/sdk-go/vela"
 	"github.com/go-vela/types"
-	"github.com/go-vela/worker/router/middleware/user"
+	"github.com/go-vela/worker/router/middleware/token"
 
 	"github.com/gin-gonic/gin"
 	"github.com/sirupsen/logrus"
@@ -19,19 +19,75 @@ import (
 // MustServer ensures the user is the vela server.
 func MustServer() gin.HandlerFunc {
 	return func(c *gin.Context) {
-		u := user.Retrieve(c)
+		tkn, err := token.Retrieve(c.Request)
+		if err != nil {
+			msg := fmt.Sprintf("error parsing token")
+
+			err := c.Error(fmt.Errorf(msg))
+			if err != nil {
+				logrus.Error(err)
+			}
+
+			c.AbortWithStatusJSON(http.StatusUnauthorized, err.Error())
 
-		if strings.EqualFold(u.GetName(), "vela-server") {
 			return
 		}
 
-		msg := fmt.Sprintf("User %s is not a platform admin", u.GetName())
+		addr, ok := c.MustGet("server-address").(string)
+		if !ok {
+			msg := fmt.Sprintf("error retrieving server address")
+
+			err := c.Error(fmt.Errorf(msg))
+			if err != nil {
+				logrus.Error(err)
+			}
 
-		err := c.Error(fmt.Errorf(msg))
+			c.AbortWithStatusJSON(http.StatusInternalServerError, types.Error{Message: &msg})
+
+			return
+		}
+
+		vela, err := vela.NewClient(addr, "", nil)
 		if err != nil {
-			logrus.Error(err)
+			msg := fmt.Sprintf("error creating vela client")
+
+			err := c.Error(fmt.Errorf(msg))
+			if err != nil {
+				logrus.Error(err)
+			}
+
+			c.AbortWithStatusJSON(http.StatusInternalServerError, types.Error{Message: &msg})
+
+			return
 		}
 
-		c.AbortWithStatusJSON(http.StatusUnauthorized, types.Error{Message: &msg})
+		vela.Authentication.SetTokenAuth(tkn)
+
+		ok, _, err = vela.Authentication.ValidateToken()
+		if err != nil {
+			msg := fmt.Sprintf("error validating token")
+
+			err := c.Error(fmt.Errorf(msg))
+			if err != nil {
+				logrus.Error(err)
+			}
+
+			c.AbortWithStatusJSON(http.StatusInternalServerError, types.Error{Message: &msg})
+
+			return
+		}
+
+		if !ok {
+			msg := fmt.Sprintf("unable to validate token")
+
+			err := c.Error(fmt.Errorf(msg))
+			if err != nil {
+				logrus.Error(err)
+			}
+
+			c.AbortWithStatusJSON(http.StatusUnauthorized, types.Error{Message: &msg})
+
+			return
+		}
 	}
 }
@@ -0,0 +1,18 @@
+// Copyright (c) 2023 Target Brands, Inc. All rights reserved.
+//
+// Use of this source code is governed by the LICENSE file in this repository.
+
+package middleware
+
+import (
+	"github.com/gin-gonic/gin"
+)
+
+// ServerAddress is a middleware function that attaches the
+// server address to the context of every http.Request.
+func ServerAddress(addr string) gin.HandlerFunc {
+	return func(c *gin.Context) {
+		c.Set("server-address", addr)
+		c.Next()
+	}
+}