Hop

cmd/authentication.go

@@ -2,11 +2,13 @@ package cmd
 
 import (
 	"context"
+	"fmt"
 	"net/http"
 	"strings"
 
 	"github.com/coreos/go-oidc/v3/oidc"
 	"github.com/gin-gonic/gin"
+	"github.com/inseefrlab/onyxia-api/internal/configuration"
 	pkg "github.com/inseefrlab/onyxia-api/pkg"
 )
 
@@ -19,28 +21,30 @@ type Claims struct {
 
 func AuthMiddleware(ctx context.Context, verifier *oidc.IDTokenVerifier) gin.HandlerFunc {
 	return func(c *gin.Context) {
-		if !strings.HasPrefix(c.Request.URL.Path, "/public") {
-			tokenHeader := strings.TrimPrefix(c.Request.Header.Get("Authorization"), "Bearer ")
-			token, err := verifier.Verify(ctx, tokenHeader)
-			if err != nil {
-				c.Status(http.StatusForbidden)
-				return
-			}
-			var IDTokenClaims Claims // ID Token payload is just JSON.
-			if err := token.Claims(&IDTokenClaims); err != nil {
-				c.Status(http.StatusForbidden)
-				return
-			}
-			c.Set("claims", IDTokenClaims)
-			c.Set("user", pkg.UserInfo{
-				Email:    IDTokenClaims.Email,
-				ID:       IDTokenClaims.ID,
-				Name:     IDTokenClaims.Name,
-				Groups:   IDTokenClaims.Groups,
-				IP:       c.RemoteIP(),
-				Projects: []pkg.Project{{Name: "todo"}},
-			})
+		tokenHeader := strings.TrimPrefix(c.Request.Header.Get("Authorization"), "Bearer ")
+		token, err := verifier.Verify(ctx, tokenHeader)
+		if err != nil {
+			c.AbortWithStatus(http.StatusForbidden)
+			return
 		}
+		var IDTokenClaims Claims // ID Token payload is just JSON.
+		if err := token.Claims(&IDTokenClaims); err != nil {
+			c.AbortWithStatus(http.StatusForbidden)
+			return
+		}
+		var allClaims map[string]interface{}
+		token.Claims(&allClaims)
+		c.Set("claims", IDTokenClaims)
+		region, _ := c.Get("region")
+		fmt.Println(region.(configuration.Region).ID)
+		c.Set("user", pkg.UserInfo{
+			Email:    IDTokenClaims.Email,
+			ID:       IDTokenClaims.ID,
+			Name:     IDTokenClaims.Name,
+			Groups:   IDTokenClaims.Groups,
+			IP:       c.RemoteIP(),
+			Projects: []pkg.Project{{Name: "todo"}},
+		})
 
 		c.Next()
 	}

cmd/region-resolver.go

@@ -0,0 +1,33 @@
+package cmd
+
+import (
+	"net/http"
+
+	"github.com/gin-gonic/gin"
+	"github.com/inseefrlab/onyxia-api/internal/configuration"
+)
+
+func RegionResolver() gin.HandlerFunc {
+	if len(configuration.Config.Regions) == 0 {
+		panic("No region configured")
+	}
+	defaultRegion := configuration.Config.Regions[0]
+	return func(c *gin.Context) {
+		headerRegion := c.GetHeader("ONYXIA-REGION")
+		if headerRegion == "" {
+			c.Set("region", defaultRegion)
+		} else {
+			var foundRegion configuration.Region
+			for _, region := range configuration.Config.Regions {
+				if region.ID == headerRegion {
+					foundRegion = region
+					c.Set("region", foundRegion)
+				}
+			}
+			if foundRegion.ID == "" {
+				c.AbortWithStatusJSON(http.StatusBadRequest, gin.H{"error": "Requested region not found"})
+			}
+		}
+		c.Next()
+	}
+}

main.go

@@ -36,7 +36,7 @@ func main() {
 	baseRoutes.GET("/swagger/*any", ginSwagger.WrapHandler(swaggerfiles.Handler))
 	privateRoutes := baseRoutes.Group("/")
 	publicRoutes := baseRoutes.Group("/public")
-
+	privateRoutes.Use(cmd.RegionResolver())
 	zap.ReplaceGlobals(zap.Must(zap.NewProduction()))
 	if strings.EqualFold(configuration.Config.Authentication.Mode, "openidconnect") {
 		fmt.Printf("Using OIDC authentication with issuer %s", configuration.Config.OIDC.IssuerURI)