✨ Update auth mapper

go-sigma · Dec 31, 2024 · 6576f46 · 6576f46
1 parent b427976
commit 6576f46
Show file tree

Hide file tree

Showing 13 changed files with 144 additions and 129 deletions.
diff --git a/.golangci.yml b/.golangci.yml
@@ -22,6 +22,7 @@ linters:
     - varnamelen
     - whitespace
     - asciicheck
+    - bodyclose
 
 linters-settings:
   whitespace:

diff --git a/cmd/builder/init.go b/cmd/builder/init.go
@@ -142,7 +142,7 @@ func (b Builder) initToken() error {
 	btConfig.Workers.OCI.Snapshotter = "auto"
 	btConfig.Workers.OCI.NoProcessSandbox = true
 	btConfig.Workers.OCI.GC = ptr.Of(true)
-	btConfig.Workers.OCI.GCKeepStorage.Bytes = 10 << 30 // 10GB
+	btConfig.Workers.OCI.GCReservedSpace.Bytes = 10 << 30 // 10GB
 	btConfig.Workers.OCI.MaxParallelism = 4
 	btConfig.Workers.OCI.CNIPoolSize = 16
 	btConfig.Workers.OCI.Rootless = true

diff --git a/go.mod b/go.mod
@@ -69,6 +69,7 @@ require (
 	github.com/wagslane/go-password-validator v0.3.0
 	github.com/xanzy/go-gitlab v0.115.0
 	github.com/xo/dburl v0.23.2
+	gitlab.com/gitlab-org/api/client-go v0.118.0
 	go.uber.org/dig v1.18.0
 	go.uber.org/mock v0.5.0
 	golang.org/x/crypto v0.31.0
@@ -316,7 +317,7 @@ require (
 	github.com/mattn/go-isatty v0.0.20 // indirect
 	github.com/mattn/go-runewidth v0.0.16 // indirect
 	github.com/mattn/go-sqlite3 v1.14.24 // indirect
-	github.com/microsoft/go-mssqldb v1.6.0 // indirect
+	github.com/microsoft/go-mssqldb v1.7.2 // indirect
 	github.com/miekg/pkcs11 v1.1.1 // indirect
 	github.com/mistifyio/go-zfs/v3 v3.0.1 // indirect
 	github.com/mitchellh/copystructure v1.2.0 // indirect
@@ -460,17 +461,17 @@ require (
 	google.golang.org/genproto/googleapis/rpc v0.0.0-20241104194629-dd2ea8efbc28 // indirect
 	google.golang.org/grpc v1.68.0 // indirect
 	google.golang.org/grpc/stats/opentelemetry v0.0.0-20240907200651-3ffb98b2c93a // indirect
-	google.golang.org/protobuf v1.35.2 // indirect
+	google.golang.org/protobuf v1.36.0 // indirect
 	gopkg.in/evanphx/json-patch.v4 v4.12.0 // indirect
 	gopkg.in/go-playground/assert.v1 v1.2.1 // indirect
 	gopkg.in/inf.v0 v0.9.1 // indirect
 	gopkg.in/ini.v1 v1.67.0 // indirect
 	gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7 // indirect
 	gopkg.in/warnings.v0 v0.1.2 // indirect
 	gopkg.in/yaml.v2 v2.4.0 // indirect
-	gorm.io/datatypes v1.2.0 // indirect
+	gorm.io/datatypes v1.2.5 // indirect
 	gorm.io/driver/sqlite v1.5.5 // indirect
-	gorm.io/driver/sqlserver v1.5.3 // indirect
+	gorm.io/driver/sqlserver v1.5.4 // indirect
 	gorm.io/hints v1.1.2 // indirect
 	helm.sh/helm/v3 v3.16.3 // indirect
 	k8s.io/apiextensions-apiserver v0.31.1 // indirect

diff --git a/go.sum b/go.sum
diff --git a/pkg/daemon/coderepo/gitlab.go b/pkg/daemon/coderepo/gitlab.go
@@ -20,7 +20,7 @@ import (
 	"strconv"
 
 	"github.com/rs/zerolog/log"
-	"github.com/xanzy/go-gitlab"
+	gitlab "gitlab.com/gitlab-org/api/client-go"
 
 	"github.com/go-sigma/sigma/pkg/dal/models"
 	"github.com/go-sigma/sigma/pkg/utils/ptr"

diff --git a/pkg/dal/retry.go b/pkg/dal/retry.go
@@ -15,8 +15,10 @@
 package dal
 
 import (
+	"crypto/rand"
 	"database/sql"
-	"math/rand"
+	"fmt"
+	"math/big"
 	"strings"
 	"time"
 
@@ -28,10 +30,14 @@ import (
 
 // TxnWithRetry ...
 func TxnWithRetry(fc func(tx *query.Query) error, opts ...*sql.TxOptions) error {
-	err := retry.Do(func() error {
+	randInt, err := rand.Int(rand.Reader, big.NewInt(300))
+	if err != nil {
+		return fmt.Errorf("failed to generate random number: %w", err)
+	}
+	err = retry.Do(func() error {
 		return query.Q.Transaction(fc, opts...)
 	}, retry.MaxDelay(time.Second*10), retry.Attempts(6), retry.LastErrorOnly(true),
-		retry.Delay(300*time.Millisecond+time.Duration(rand.Intn(300))*time.Millisecond),
+		retry.Delay(300*time.Millisecond+time.Duration(randInt.Int64())*time.Millisecond),
 		retry.RetryIf(func(err error) bool {
 			if err != nil && strings.Contains(err.Error(), "Deadlock") {
 				log.Debug().Err(err).Msg("transaction deadlock, retry again now")

diff --git a/pkg/handlers/oauth2/oauth2_callback.go b/pkg/handlers/oauth2/oauth2_callback.go
@@ -26,7 +26,7 @@ import (
 	"github.com/labstack/echo/v4"
 	gonanoid "github.com/matoous/go-nanoid/v2"
 	"github.com/rs/zerolog/log"
-	"github.com/xanzy/go-gitlab"
+	gitlab "gitlab.com/gitlab-org/api/client-go"
 	"go.uber.org/dig"
 	"golang.org/x/oauth2"
 	"gorm.io/gorm"

diff --git a/pkg/handlers/tokens/handler.go b/pkg/handlers/tokens/handler.go
@@ -24,7 +24,10 @@ import (
 	"github.com/go-sigma/sigma/pkg/configs"
 	"github.com/go-sigma/sigma/pkg/consts"
 	"github.com/go-sigma/sigma/pkg/handlers"
+	"github.com/go-sigma/sigma/pkg/middlewares/authn"
+	"github.com/go-sigma/sigma/pkg/middlewares/authz"
 	"github.com/go-sigma/sigma/pkg/utils"
+	"github.com/go-sigma/sigma/pkg/utils/echoplus"
 	"github.com/go-sigma/sigma/pkg/utils/ptr"
 	"github.com/go-sigma/sigma/pkg/utils/token"
 )
@@ -54,8 +57,8 @@ type factory struct{}
 func (f factory) Initialize(digCon *dig.Container) error {
 	handler := handlerNew(digCon)
 	echo := utils.MustGetObjFromDigCon[*echo.Echo](digCon)
-	tokenGroup := echo.Group(consts.APIV1)
-	tokenGroup.GET("/tokens", handler.Token)
+	plus := echoplus.New(echo.Group(consts.APIV1))
+	plus.Get("/tokens", &authn.AuthnConfig{Skip: false}, &authz.AuthzConfig{Skip: true}, handler.Token)
 	return nil
 }
 

diff --git a/pkg/handlers/validators/handler.go b/pkg/handlers/validators/handler.go
@@ -23,7 +23,10 @@ import (
 
 	"github.com/go-sigma/sigma/pkg/consts"
 	"github.com/go-sigma/sigma/pkg/handlers"
+	"github.com/go-sigma/sigma/pkg/middlewares/authn"
+	"github.com/go-sigma/sigma/pkg/middlewares/authz"
 	"github.com/go-sigma/sigma/pkg/utils"
+	"github.com/go-sigma/sigma/pkg/utils/echoplus"
 )
 
 // Handler ...
@@ -45,22 +48,22 @@ var _ Handler = &handler{}
 type handler struct{}
 
 // handlerNew creates a new instance of the distribution handlers
-func handlerNew(_ *dig.Container) Handler {
+func handlerNew() Handler {
 	return &handler{}
 }
 
 type factory struct{}
 
 // Initialize initializes the namespace handlers
 func (f factory) Initialize(digCon *dig.Container) error {
-	e := utils.MustGetObjFromDigCon[*echo.Echo](digCon)
-	validatorGroup := e.Group(consts.APIV1 + "/validators")
-	repositoryHandler := handlerNew(digCon)
-	validatorGroup.GET("/reference", repositoryHandler.GetReference)
-	validatorGroup.GET("/tag", repositoryHandler.GetTag)
-	validatorGroup.POST("/password", repositoryHandler.GetPassword)
-	validatorGroup.POST("/cron", repositoryHandler.ValidateCron)
-	validatorGroup.POST("/regexp", repositoryHandler.ValidateRegexp)
+	handler := handlerNew()
+	echo := utils.MustGetObjFromDigCon[*echo.Echo](digCon)
+	plus := echoplus.New(echo.Group(consts.APIV1 + "/validators"))
+	plus.Get("/reference", &authn.AuthnConfig{Skip: true}, &authz.AuthzConfig{Skip: true}, handler.GetReference)
+	plus.Get("/tag", &authn.AuthnConfig{Skip: true}, &authz.AuthzConfig{Skip: true}, handler.GetTag)
+	plus.Post("/password", &authn.AuthnConfig{Skip: true}, &authz.AuthzConfig{Skip: true}, handler.GetPassword)
+	plus.Post("/cron", &authn.AuthnConfig{Skip: true}, &authz.AuthzConfig{Skip: true}, handler.ValidateCron)
+	plus.Post("/regexp", &authn.AuthnConfig{Skip: true}, &authz.AuthzConfig{Skip: true}, handler.ValidateRegexp)
 	return nil
 }
 

diff --git a/pkg/middlewares/authn/authn.go b/pkg/middlewares/authn/authn.go
@@ -16,6 +16,7 @@ package authn
 
 import (
 	"fmt"
+	"regexp"
 	"strings"
 
 	"github.com/google/uuid"
@@ -43,6 +44,14 @@ type Config struct {
 	DigCon *dig.Container
 }
 
+// AuthnConfig ...
+type AuthnConfig struct {
+	Skip bool
+}
+
+// AuthMapper ...
+var AuthMapper = make(map[*regexp.Regexp]*AuthnConfig)
+
 // AuthnWithConfig returns a middleware which authenticates requests.
 func AuthnWithConfig(config Config) echo.MiddlewareFunc {
 	return func(next echo.HandlerFunc) echo.HandlerFunc {

diff --git a/pkg/middlewares/authz/authz.go b/pkg/middlewares/authz/authz.go
@@ -18,6 +18,7 @@
 package authz
 
 import (
+	"regexp"
 	"strconv"
 	"strings"
 
@@ -41,6 +42,21 @@ type (
 	}
 )
 
+// AuthzConfig ...
+type AuthzConfig struct {
+	Skip   bool
+	Source []AuthzConfigSource
+}
+
+// AuthzConfigSource ...
+type AuthzConfigSource struct {
+	Name     string `json:"name"`
+	Position string `json:"position"`
+}
+
+// AuthMapper ...
+var AuthMapper = make(map[*regexp.Regexp]*AuthzConfig)
+
 // AuthzWithConfig returns a CasbinAuth middleware with config
 func AuthzWithConfig(config Config) echo.MiddlewareFunc {
 	if config.Enforcer == nil {

diff --git a/pkg/tests/database.go b/pkg/tests/database.go
diff --git a/pkg/utils/echoplus/echoplus.go b/pkg/utils/echoplus/echoplus.go
@@ -1,90 +1,83 @@
 package echoplus
 
 import (
+	"regexp"
+
 	"github.com/labstack/echo/v4"
+
+	"github.com/go-sigma/sigma/pkg/middlewares/authn"
+	"github.com/go-sigma/sigma/pkg/middlewares/authz"
 )
 
+// Plus ...
 type Plus interface {
+	// Get ...
+	Get(path string, authnConfig *authn.AuthnConfig, authzConfig *authz.AuthzConfig, h echo.HandlerFunc, m ...echo.MiddlewareFunc) *echo.Route
+	// Post ...
+	Post(path string, authnConfig *authn.AuthnConfig, authzConfig *authz.AuthzConfig, h echo.HandlerFunc, m ...echo.MiddlewareFunc) *echo.Route
+	// Put ...
+	Put(path string, authnConfig *authn.AuthnConfig, authzConfig *authz.AuthzConfig, h echo.HandlerFunc, m ...echo.MiddlewareFunc) *echo.Route
+	// Delete ...
+	Delete(path string, authnConfig *authn.AuthnConfig, authzConfig *authz.AuthzConfig, h echo.HandlerFunc, m ...echo.MiddlewareFunc) *echo.Route
+	// Patch ...
+	Patch(path string, authnConfig *authn.AuthnConfig, authzConfig *authz.AuthzConfig, h echo.HandlerFunc, m ...echo.MiddlewareFunc) *echo.Route
+}
+
+type engine interface {
+	// Get ...
+	GET(path string, h echo.HandlerFunc, m ...echo.MiddlewareFunc) *echo.Route
+	// POST ...
+	POST(path string, h echo.HandlerFunc, m ...echo.MiddlewareFunc) *echo.Route
+	// PUT ...
+	PUT(path string, h echo.HandlerFunc, m ...echo.MiddlewareFunc) *echo.Route
+	// DELETE ...
+	DELETE(path string, h echo.HandlerFunc, m ...echo.MiddlewareFunc) *echo.Route
+	// PATCH ...
+	PATCH(path string, h echo.HandlerFunc, m ...echo.MiddlewareFunc) *echo.Route
 }
 
 type plus struct {
-	*echo.Echo
+	engine engine
 }
 
 // New ...
-func New(echo *echo.Echo) Plus {
+func New(e engine) Plus {
 	return &plus{
-		Echo: echo,
+		engine: e,
 	}
 }
 
-// AuthzConfig ...
-type AuthzConfig struct {
-	Skip   bool
-	Source []AuthzConfigSource
-}
-
-// AuthzConfigSource ...
-type AuthzConfigSource struct {
-	Name     string `json:"name"`
-	Position string `json:"position"`
-}
-
-// AuthnConfig ...
-type AuthnConfig struct {
-	Skip bool
-}
-
-// AuthConfig ...
-type AuthConfig struct {
-	AuthnConfig *AuthnConfig
-	AuthzConfig *AuthzConfig
-}
-
-// AuthMapper ...
-var AuthMapper = make(map[string]AuthConfig)
-
 // Get ...
-func (p *plus) Get(path string, authnConfig *AuthnConfig, authzConfig *AuthzConfig, h echo.HandlerFunc, m ...echo.MiddlewareFunc) *echo.Route {
-	AuthMapper[path] = AuthConfig{
-		AuthnConfig: authnConfig,
-		AuthzConfig: authzConfig,
-	}
-	return p.Echo.GET(path, h, m...)
+func (p *plus) Get(path string, authnConfig *authn.AuthnConfig, authzConfig *authz.AuthzConfig, h echo.HandlerFunc, m ...echo.MiddlewareFunc) *echo.Route {
+	authn.AuthMapper[regexp.MustCompile(path)] = authnConfig
+	authz.AuthMapper[regexp.MustCompile(path)] = authzConfig
+	return p.engine.GET(path, h, m...)
 }
 
 // Post ...
-func (p *plus) Post(path string, authnConfig *AuthnConfig, authzConfig *AuthzConfig, h echo.HandlerFunc, m ...echo.MiddlewareFunc) *echo.Route {
-	AuthMapper[path] = AuthConfig{
-		AuthnConfig: authnConfig,
-		AuthzConfig: authzConfig,
-	}
-	return p.Echo.POST(path, h, m...)
+func (p *plus) Post(path string, authnConfig *authn.AuthnConfig, authzConfig *authz.AuthzConfig, h echo.HandlerFunc, m ...echo.MiddlewareFunc) *echo.Route {
+	authn.AuthMapper[regexp.MustCompile(path)] = authnConfig
+	authz.AuthMapper[regexp.MustCompile(path)] = authzConfig
+	return p.engine.POST(path, h, m...)
 }
 
 // Put ...
-func (p *plus) Put(path string, authnConfig *AuthnConfig, authzConfig *AuthzConfig, h echo.HandlerFunc, m ...echo.MiddlewareFunc) *echo.Route {
-	AuthMapper[path] = AuthConfig{
-		AuthnConfig: authnConfig,
-		AuthzConfig: authzConfig,
-	}
-	return p.Echo.PUT(path, h, m...)
+func (p *plus) Put(path string, authnConfig *authn.AuthnConfig, authzConfig *authz.AuthzConfig, h echo.HandlerFunc, m ...echo.MiddlewareFunc) *echo.Route {
+	authn.AuthMapper[regexp.MustCompile(path)] = authnConfig
+	authz.AuthMapper[regexp.MustCompile(path)] = authzConfig
+	return p.engine.PUT(path, h, m...)
 }
 
 // Delete ...
-func (p *plus) Delete(path string, authnConfig *AuthnConfig, authzConfig *AuthzConfig, h echo.HandlerFunc, m ...echo.MiddlewareFunc) *echo.Route {
-	AuthMapper[path] = AuthConfig{
-		AuthnConfig: authnConfig,
-		AuthzConfig: authzConfig,
-	}
-	return p.Echo.DELETE(path, h, m...)
+func (p *plus) Delete(path string, authnConfig *authn.AuthnConfig, authzConfig *authz.AuthzConfig, h echo.HandlerFunc, m ...echo.MiddlewareFunc) *echo.Route {
+	authn.AuthMapper[regexp.MustCompile(path)] = authnConfig
+	authz.AuthMapper[regexp.MustCompile(path)] = authzConfig
+	return p.engine.DELETE(path, h, m...)
 }
 
 // Patch ...
-func (p *plus) Patch(path string, authnConfig *AuthnConfig, authzConfig *AuthzConfig, h echo.HandlerFunc, m ...echo.MiddlewareFunc) *echo.Route {
-	AuthMapper[path] = AuthConfig{
-		AuthnConfig: authnConfig,
-		AuthzConfig: authzConfig,
-	}
-	return p.Echo.PATCH(path, h, m...)
+func (p *plus) Patch(path string, authnConfig *authn.AuthnConfig, authzConfig *authz.AuthzConfig, h echo.HandlerFunc, m ...echo.MiddlewareFunc) *echo.Route {
+	authn.AuthMapper[regexp.MustCompile(path)] = authnConfig
+	authz.AuthMapper[regexp.MustCompile(path)] = authzConfig
+	return p.engine.PATCH(path, h, m...)
 }