feat: auth (#5)

feat: auth

fix: only protect api with api key

test: fix integration tests

.github/workflows/test.yml

@@ -11,11 +11,11 @@ jobs:
     runs-on: ${{ matrix.os }}
     steps:
       - name: Install Go
-        uses: actions/setup-go@v2
+        uses: actions/setup-go@v3
         with:
           go-version: ${{ matrix.go-version }}
       - name: Checkout code
-        uses: actions/checkout@v2
+        uses: actions/checkout@v3
       - name: Test
         run: go test ./...
       - name: Integration test

auth/validator.go

@@ -0,0 +1,25 @@
+package auth
+
+import (
+	unkey "github.com/WilfredAlmeida/unkey-go/features"
+	"github.com/labstack/echo/v4"
+)
+
+const ContextKey = "auth"
+
+func KeyValidator(key string, c echo.Context) (bool, error) {
+	resp, err := unkey.KeyVerify(key)
+	if err != nil {
+		return false, err
+	}
+	if !resp.Valid {
+		return false, nil
+	}
+
+	c.Set(ContextKey, resp)
+	return true, nil
+}
+
+func FromContext(c echo.Context) unkey.KeyVerifyResponse {
+	return c.Get(ContextKey).(unkey.KeyVerifyResponse)
+}

cli/cmd/up.go

@@ -1,8 +1,16 @@
 package cmd
 
 import (
+	"github.com/dotindustries/moar/auth"
+	"github.com/labstack/echo/v4"
+	"github.com/labstack/echo/v4/middleware"
+	"github.com/newrelic/go-agent/v3/integrations/nrecho-v4"
+	"github.com/newrelic/go-agent/v3/newrelic"
 	"net/http"
 	"os"
+	"strconv"
+	"sync"
+	"time"
 
 	"github.com/dotindustries/moar/internal/registry"
 	"github.com/dotindustries/moar/internal/storage/s3"
@@ -12,7 +20,6 @@ import (
 	"github.com/sirupsen/logrus"
 	"github.com/spf13/cobra"
 	"github.com/twitchtv/twirp"
-	"go.elastic.co/apm/module/apmhttp"
 )
 
 var (
@@ -48,18 +55,83 @@ var upCmd = &cobra.Command{
 			VersionOverwriteEnabled: versionOverwriteEnabled,
 		})
 
-		twirpHandler := moarpb.NewModuleRegistryServer(server, twirp.WithServerPathPrefix(""))
-		tracedHandler := apmhttp.Wrap(twirpHandler)
-		loggingHandler := handlers.CombinedLoggingHandler(os.Stdout, tracedHandler)
+		// Echo instance
+		app, err := apm()
+		if err != nil {
+			panic(err)
+		}
+
+		twirpHandler := moarpb.NewModuleRegistryServer(server,
+			twirp.WithServerPathPrefix(""),
+		)
+		loggingHandler := handlers.CombinedLoggingHandler(os.Stdout, twirpHandler)
+
+		e := echo.New()
+
+		s := NewStats()
+		e.Use(s.Process)
+		e.GET("/stats", s.Handle) // Endpoint to get stats
+
+		e.Use(middleware.RequestID())
+		e.Use(nrecho.Middleware(app))
+		e.GET("/", func(c echo.Context) error {
+			return c.JSON(http.StatusOK, "I'm up")
+		})
+		e.Any("*", echo.WrapHandler(loggingHandler), middleware.KeyAuth(auth.KeyValidator))
 		logrus.Infof("Registry listening on http://%s/", host)
-		if err := http.ListenAndServe(host, loggingHandler); err != nil {
+		if err := http.ListenAndServe(host, e); err != nil {
 			logrus.Fatal(err)
 		}
 
 		server.Shutdown()
 	},
 }
 
+func apm() (*newrelic.Application, error) {
+	return newrelic.NewApplication(
+		newrelic.ConfigAppLogForwardingEnabled(true),
+		newrelic.ConfigFromEnvironment(),
+	)
+}
+
+type (
+	Stats struct {
+		Uptime       time.Time      `json:"uptime"`
+		RequestCount uint64         `json:"requestCount"`
+		Statuses     map[string]int `json:"statuses"`
+		mutex        sync.RWMutex
+	}
+)
+
+func NewStats() *Stats {
+	return &Stats{
+		Uptime:   time.Now(),
+		Statuses: map[string]int{},
+	}
+}
+
+// Process is the middleware function.
+func (s *Stats) Process(next echo.HandlerFunc) echo.HandlerFunc {
+	return func(c echo.Context) error {
+		if err := next(c); err != nil {
+			c.Error(err)
+		}
+		s.mutex.Lock()
+		defer s.mutex.Unlock()
+		s.RequestCount++
+		status := strconv.Itoa(c.Response().Status)
+		s.Statuses[status]++
+		return nil
+	}
+}
+
+// Handle is the endpoint to get stats.
+func (s *Stats) Handle(c echo.Context) error {
+	s.mutex.RLock()
+	defer s.mutex.RUnlock()
+	return c.JSON(http.StatusOK, s)
+}
+
 func init() {
 	upCmd.Flags().StringVar(&moduleStorageType, "storage_type", "s3", "Defines what storage type to use. Possible values: s3")
 	upCmd.Flags().StringVar(&storageAddress, "storage_addr", "", "The address to reach the storage")

go.mod

@@ -4,39 +4,40 @@ go 1.20
 
 require (
 	github.com/Masterminds/semver v1.5.0
+	github.com/WilfredAlmeida/unkey-go v0.2.0
 	github.com/gorilla/handlers v1.5.1
 	github.com/jedib0t/go-pretty/v6 v6.2.4
+	github.com/labstack/echo/v4 v4.11.4
 	github.com/minio/minio-go/v7 v7.0.14
 	github.com/mitchellh/go-homedir v1.1.0
-	github.com/sirupsen/logrus v1.8.1
+	github.com/newrelic/go-agent/v3 v3.30.0
+	github.com/newrelic/go-agent/v3/integrations/nrecho-v4 v1.0.4
+	github.com/sirupsen/logrus v1.9.0
 	github.com/spf13/cobra v1.1.3
 	github.com/spf13/viper v1.7.0
 	github.com/twitchtv/twirp v8.1.0+incompatible
-	go.elastic.co/apm/module/apmhttp v1.13.1
 	go.etcd.io/etcd/client/v3 v3.5.0
-	google.golang.org/protobuf v1.27.1
+	google.golang.org/protobuf v1.30.0
 )
 
 require (
-	github.com/armon/go-radix v1.0.0 // indirect
 	github.com/coreos/go-semver v0.3.0 // indirect
 	github.com/coreos/go-systemd/v22 v22.3.2 // indirect
 	github.com/dustin/go-humanize v1.0.0 // indirect
-	github.com/elastic/go-licenser v0.3.1 // indirect
-	github.com/elastic/go-sysinfo v1.1.1 // indirect
-	github.com/elastic/go-windows v1.0.0 // indirect
 	github.com/felixge/httpsnoop v1.0.1 // indirect
 	github.com/fsnotify/fsnotify v1.4.7 // indirect
 	github.com/gogo/protobuf v1.3.2 // indirect
-	github.com/golang/protobuf v1.5.2 // indirect
-	github.com/google/uuid v1.1.2 // indirect
+	github.com/golang-jwt/jwt v3.2.2+incompatible // indirect
+	github.com/golang/protobuf v1.5.3 // indirect
+	github.com/google/uuid v1.3.0 // indirect
 	github.com/hashicorp/hcl v1.0.0 // indirect
 	github.com/inconshreveable/mousetrap v1.0.0 // indirect
-	github.com/jcchavezs/porto v0.1.0 // indirect
-	github.com/joeshaw/multierror v0.0.0-20140124173710-69b34d4ec901 // indirect
 	github.com/json-iterator/go v1.1.11 // indirect
 	github.com/klauspost/cpuid v1.3.1 // indirect
+	github.com/labstack/gommon v0.4.2 // indirect
 	github.com/magiconair/properties v1.8.1 // indirect
+	github.com/mattn/go-colorable v0.1.13 // indirect
+	github.com/mattn/go-isatty v0.0.20 // indirect
 	github.com/mattn/go-runewidth v0.0.9 // indirect
 	github.com/minio/md5-simd v1.1.0 // indirect
 	github.com/minio/sha256-simd v0.1.1 // indirect
@@ -45,32 +46,26 @@ require (
 	github.com/modern-go/reflect2 v1.0.1 // indirect
 	github.com/pelletier/go-toml v1.2.0 // indirect
 	github.com/pkg/errors v0.9.1 // indirect
-	github.com/prometheus/procfs v0.6.0 // indirect
 	github.com/rs/xid v1.2.1 // indirect
-	github.com/santhosh-tekuri/jsonschema v1.2.4 // indirect
 	github.com/spf13/afero v1.1.2 // indirect
 	github.com/spf13/cast v1.3.0 // indirect
 	github.com/spf13/jwalterweatherman v1.0.0 // indirect
 	github.com/spf13/pflag v1.0.5 // indirect
 	github.com/subosito/gotenv v1.2.0 // indirect
-	go.elastic.co/apm v1.13.1 // indirect
-	go.elastic.co/fastjson v1.1.0 // indirect
+	github.com/valyala/bytebufferpool v1.0.0 // indirect
+	github.com/valyala/fasttemplate v1.2.2 // indirect
 	go.etcd.io/etcd/api/v3 v3.5.0 // indirect
 	go.etcd.io/etcd/client/pkg/v3 v3.5.0 // indirect
 	go.uber.org/atomic v1.7.0 // indirect
 	go.uber.org/multierr v1.6.0 // indirect
 	go.uber.org/zap v1.17.0 // indirect
-	golang.org/x/crypto v0.0.0-20201216223049-8b5274cf687f // indirect
-	golang.org/x/lint v0.0.0-20210508222113-6edffad5e616 // indirect
-	golang.org/x/mod v0.4.2 // indirect
-	golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4 // indirect
-	golang.org/x/sys v0.0.0-20210603081109-ebe580a85c40 // indirect
-	golang.org/x/text v0.3.5 // indirect
-	golang.org/x/tools v0.1.2 // indirect
-	golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1 // indirect
-	google.golang.org/genproto v0.0.0-20210602131652-f16073e35f0c // indirect
-	google.golang.org/grpc v1.38.0 // indirect
+	golang.org/x/crypto v0.17.0 // indirect
+	golang.org/x/net v0.19.0 // indirect
+	golang.org/x/sys v0.15.0 // indirect
+	golang.org/x/text v0.14.0 // indirect
+	golang.org/x/time v0.5.0 // indirect
+	google.golang.org/genproto v0.0.0-20230410155749-daa745c078e1 // indirect
+	google.golang.org/grpc v1.56.3 // indirect
 	gopkg.in/ini.v1 v1.57.0 // indirect
 	gopkg.in/yaml.v2 v2.4.0 // indirect
-	howett.net/plist v0.0.0-20181124034731-591f970eefbb // indirect
 )