DevFW-CICD/garm
15
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 2
garm/auth/metrics.go
Gabriel Adrian Samfira e441b6ce89 Switch to log/slog 
This change switches GARM to the new structured logging standard
library. This will allow us to set log levels and reduce some of
the log spam.

Given that we introduced new knobs to tweak logging, the number of
config options for logging now warrants it's own section.

Signed-off-by: Gabriel Adrian Samfira <gsamfira@cloudbasesolutions.com>
2024-01-05 23:46:40 +00:00

69 lines
1.4 KiB
Go
Raw Blame History

package auth
import (
"context"
"fmt"
"net/http"
"strings"
"github.com/cloudbase/garm/config"
jwt "github.com/golang-jwt/jwt/v5"
)
type MetricsMiddleware struct {
cfg config.JWTAuth
}
func NewMetricsMiddleware(cfg config.JWTAuth) (*MetricsMiddleware, error) {
return &MetricsMiddleware{
cfg: cfg,
}, nil
}
func (m *MetricsMiddleware) Middleware(next http.Handler) http.Handler {
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
ctx := r.Context()
authorizationHeader := r.Header.Get("authorization")
if authorizationHeader == "" {
invalidAuthResponse(ctx, w)
return
}
bearerToken := strings.Split(authorizationHeader, " ")
if len(bearerToken) != 2 {
invalidAuthResponse(ctx, w)
return
}
claims := &JWTClaims{}
token, err := jwt.ParseWithClaims(bearerToken[1], claims, func(token *jwt.Token) (interface{}, error) {
if _, ok := token.Method.(*jwt.SigningMethodHMAC); !ok {
return nil, fmt.Errorf("invalid signing method")
}
return []byte(m.cfg.Secret), nil
})
if err != nil {
invalidAuthResponse(ctx, w)
return
}
if !token.Valid {
invalidAuthResponse(ctx, w)
return
}
// we fully trust the claims
if !claims.ReadMetrics {
invalidAuthResponse(ctx, w)
return
}
ctx = context.WithValue(ctx, isAdminKey, false)
ctx = context.WithValue(ctx, readMetricsKey, true)
next.ServeHTTP(w, r.WithContext(ctx))
})
}
Reference in a new issue View git blame Copy permalink