feat: use validate-token endpoint in MustServer

cmd/vela-worker/server.go

@@ -30,6 +30,7 @@ func (w *Worker) server() (http.Handler, *tls.Config) {
 	// https://pkg.go.dev/github.com/go-vela/worker/router?tab=doc#Load
 	_server := router.Load(
 		middleware.RequestVersion,
+		middleware.ServerAddress(w.Config.Server.Address),
 		middleware.Executors(w.Executors),
 		middleware.Secret(w.Config.Server.Secret),
 		middleware.Logger(logrus.StandardLogger(), time.RFC3339, true),

go.mod

@@ -10,7 +10,7 @@ require (
 	github.com/gin-gonic/gin v1.9.0
 	github.com/go-vela/sdk-go v0.18.1
 	github.com/go-vela/server v0.18.1
-	github.com/go-vela/types v0.18.1
+	github.com/go-vela/types v0.18.2-0.20230321015315-6c723879639c
 	github.com/google/go-cmp v0.5.9
 	github.com/joho/godotenv v1.5.1
 	github.com/opencontainers/image-spec v1.0.2
@@ -34,7 +34,7 @@ require (
 	github.com/alicebob/gopher-json v0.0.0-20200520072559-a9ecdc9d1d3a // indirect
 	github.com/alicebob/miniredis/v2 v2.30.0 // indirect
 	github.com/beorn7/perks v1.0.1 // indirect
-	github.com/buildkite/yaml v0.0.0-20210326113714-4a3f40911396 // indirect
+	github.com/buildkite/yaml v0.0.0-20230306222819-0e4e032d4835 // indirect
 	github.com/bytedance/sonic v1.8.0 // indirect
 	github.com/cespare/xxhash/v2 v2.2.0 // indirect
 	github.com/chenzhuoyu/base64x v0.0.0-20221115062448-fe3a3abad311 // indirect

go.sum

@@ -68,8 +68,8 @@ github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM=
 github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6rlkpw=
 github.com/bsm/ginkgo/v2 v2.5.0 h1:aOAnND1T40wEdAtkGSkvSICWeQ8L3UASX7YVCqQx+eQ=
 github.com/bsm/gomega v1.20.0 h1:JhAwLmtRzXFTx2AkALSLa8ijZafntmhSoU63Ok18Uq8=
-github.com/buildkite/yaml v0.0.0-20210326113714-4a3f40911396 h1:qLN32md48xyTEqw6XEZMyNMre7njm0XXvDrea6NVwOM=
-github.com/buildkite/yaml v0.0.0-20210326113714-4a3f40911396/go.mod h1:AV5wtJnn1/CRaRGlJ8xspkMWfKXV0/pkJVgGleTIrfk=
+github.com/buildkite/yaml v0.0.0-20230306222819-0e4e032d4835 h1:Zfkih+Opdv9y5AOob+8iMsaMYnans+Ozrkb8wiPHbj0=
+github.com/buildkite/yaml v0.0.0-20230306222819-0e4e032d4835/go.mod h1:AV5wtJnn1/CRaRGlJ8xspkMWfKXV0/pkJVgGleTIrfk=
 github.com/bytedance/sonic v1.5.0/go.mod h1:ED5hyg4y6t3/9Ku1R6dU/4KyJ48DZ4jPhfY1O2AihPM=
 github.com/bytedance/sonic v1.8.0 h1:ea0Xadu+sHlu7x5O3gKhRpQ1IKiMrSiHttPF0ybECuA=
 github.com/bytedance/sonic v1.8.0/go.mod h1:i736AoUSYt75HyZLoJW9ERYxcy6eaN6h4BZXU064P/U=
@@ -160,8 +160,8 @@ github.com/go-vela/sdk-go v0.18.1 h1:qsm8XWjr9btNDL8c58JC93sstRUybL/TklWgeeft860
 github.com/go-vela/sdk-go v0.18.1/go.mod h1:QmfXBAdJ9prgE78TK13XJI8YjvGZA5hc+h79CbvgYGU=
 github.com/go-vela/server v0.18.1 h1:INd+nwLh0c+WA+8diIh4scLkByGBGZHiyVd5doLSolQ=
 github.com/go-vela/server v0.18.1/go.mod h1:WyJEXyJYYASfqN9PDuHqlBTbhsSRIzOn1E7tM2phZMA=
-github.com/go-vela/types v0.18.1 h1:V/luHLnCEaJhD1m9PZCZicIasg8Op6MCK+utkz+gQiU=
-github.com/go-vela/types v0.18.1/go.mod h1:6MzMhLaXKSZ9wiJveieqnBd2+4ZMS7yv7+POGSITyS8=
+github.com/go-vela/types v0.18.2-0.20230321015315-6c723879639c h1:lnCL1knUGvgZQG4YBHSs/CZnxNBfqFUBlGhyq9LO9uk=
+github.com/go-vela/types v0.18.2-0.20230321015315-6c723879639c/go.mod h1:6MzMhLaXKSZ9wiJveieqnBd2+4ZMS7yv7+POGSITyS8=
 github.com/goccy/go-json v0.10.0 h1:mXKd9Qw4NuzShiRlOXKews24ufknHO7gx30lsDyokKA=
 github.com/goccy/go-json v0.10.0/go.mod h1:6MelG93GURQebXPDq3khkgXZkazVtN9CRI+MGFi0w8I=
 github.com/gogo/protobuf v1.1.1/go.mod h1:r8qH/GZQm5c6nD/R0oafs1akxWv10x8SbQlK7atdtwQ=

router/middleware/perm/perm.go

@@ -7,10 +7,10 @@ package perm
 import (
 	"fmt"
 	"net/http"
-	"strings"
 
+	"github.com/go-vela/sdk-go/vela"
 	"github.com/go-vela/types"
-	"github.com/go-vela/worker/router/middleware/user"
+	"github.com/go-vela/worker/router/middleware/token"
 
 	"github.com/gin-gonic/gin"
 	"github.com/sirupsen/logrus"
@@ -19,19 +19,62 @@ import (
 // MustServer ensures the user is the vela server.
 func MustServer() gin.HandlerFunc {
 	return func(c *gin.Context) {
-		u := user.Retrieve(c)
+		tkn, err := token.Retrieve(c.Request)
+		if err != nil {
+			msg := fmt.Sprintf("error parsing token")
+
+			err := c.Error(fmt.Errorf(msg))
+			if err != nil {
+				logrus.Error(err)
+			}
+
+			c.AbortWithStatusJSON(http.StatusUnauthorized, err.Error())
 
-		if strings.EqualFold(u.GetName(), "vela-server") {
 			return
 		}
 
-		msg := fmt.Sprintf("User %s is not a platform admin", u.GetName())
+		addr, ok := c.MustGet("server-address").(string)
+		if !ok {
+			msg := fmt.Sprintf("error retrieving server address")
+
+			err := c.Error(fmt.Errorf(msg))
+			if err != nil {
+				logrus.Error(err)
+			}
+
+			c.AbortWithStatusJSON(http.StatusInternalServerError, types.Error{Message: &msg})
 
-		err := c.Error(fmt.Errorf(msg))
+			return
+		}
+
+		vela, err := vela.NewClient(addr, "", nil)
 		if err != nil {
-			logrus.Error(err)
+			msg := fmt.Sprintf("error creating vela client")
+
+			err := c.Error(fmt.Errorf(msg))
+			if err != nil {
+				logrus.Error(err)
+			}
+
+			c.AbortWithStatusJSON(http.StatusInternalServerError, types.Error{Message: &msg})
+
+			return
 		}
 
-		c.AbortWithStatusJSON(http.StatusUnauthorized, types.Error{Message: &msg})
+		vela.Authentication.SetTokenAuth(tkn)
+
+		_, err = vela.Authentication.ValidateToken()
+		if err != nil {
+			msg := fmt.Sprintf("error validating token: %s", err)
+
+			err := c.Error(fmt.Errorf(msg))
+			if err != nil {
+				logrus.Error(err)
+			}
+
+			c.AbortWithStatusJSON(http.StatusInternalServerError, types.Error{Message: &msg})
+
+			return
+		}
 	}
 }

router/middleware/server.go

@@ -0,0 +1,18 @@
+// Copyright (c) 2023 Target Brands, Inc. All rights reserved.
+//
+// Use of this source code is governed by the LICENSE file in this repository.
+
+package middleware
+
+import (
+	"github.com/gin-gonic/gin"
+)
+
+// ServerAddress is a middleware function that attaches the
+// server address to the context of every http.Request.
+func ServerAddress(addr string) gin.HandlerFunc {
+	return func(c *gin.Context) {
+		c.Set("server-address", addr)
+		c.Next()
+	}
+}