[Dembo] Add env flag for auth

gopaytech · Sep 3, 2019 · 97948fd · 97948fd
1 parent aef8bcf
commit 97948fd
Show file tree

Hide file tree

Showing 8 changed files with 76 additions and 1 deletion.
diff --git a/.env.sample b/.env.sample
@@ -28,4 +28,5 @@ export PROCTOR_MAIL_SERVER_HOST="smtp.mail.com"
 export PROCTOR_MAIL_SERVER_PORT="123"
 export PROCTOR_JOB_POD_ANNOTATIONS="{\"key.one\":\"true\"}"
 export PROCTOR_SENTRY_DSN="foo"
-export PROCTOR_DOCS_PATH="/path/to/docs/dir"
+export PROCTOR_DOCS_PATH="/path/to/docs/dir"
+export PROCTOR_AUTH_ENABLED=true
diff --git a/.env.test b/.env.test
@@ -35,3 +35,4 @@ export PROCTOR_SENTRY_DSN=foo
 export PROCTOR_DOCS_PATH=/path/to/docs/dir
 export PROCTOR_AUTH_PLUGIN_BINARY=
 export PROCTOR_AUTH_PLUGIN_EXPORTED=GateAuth
+export PROCTOR_AUTH_ENABLED=true
diff --git a/internal/app/service/infra/config/config.go b/internal/app/service/infra/config/config.go
@@ -14,6 +14,11 @@ func GetStringDefault(viper *viper.Viper, key string, defaultValue string) strin
 	return viper.GetString(key)
 }
 
+func GetBoolDefault(viper *viper.Viper, key string, defaultValue bool) bool {
+	viper.SetDefault(key, defaultValue)
+	return viper.GetBool(key)
+}
+
 func GetInt64Ref(viper *viper.Viper, key string) *int64 {
 	value := viper.GetInt64(key)
 	return &value
@@ -74,6 +79,7 @@ type ProctorConfig struct {
 	SentryDSN                        string
 	DocsPath                         string
 	AuthPluginBinary                 string
+	AuthEnabled                      bool
 }
 
 func Load() ProctorConfig {
@@ -115,6 +121,7 @@ func Load() ProctorConfig {
 		DocsPath:                         fang.GetString("DOCS_PATH"),
 		AuthPluginBinary:                 fang.GetString("AUTH_PLUGIN_BINARY"),
 		AuthPluginExported:               GetStringDefault(fang, "AUTH_PLUGIN_EXPORTED", "Auth"),
+		AuthEnabled:                      GetBoolDefault(fang, "AUTH_ENABLED", true),
 	}
 
 	return proctorConfig

diff --git a/internal/app/service/infra/config/config_test.go b/internal/app/service/infra/config/config_test.go
@@ -202,3 +202,9 @@ func TestAuthPluginExported(t *testing.T) {
 
 	assert.Equal(t, "path1", Load().AuthPluginExported)
 }
+
+func TestAuthEnabled(t *testing.T) {
+	_ = os.Setenv("PROCTOR_AUTH_ENABLED", "false")
+
+	assert.Equal(t, false, Load().AuthEnabled)
+}
diff --git a/internal/app/service/security/middleware/authentication.go b/internal/app/service/security/middleware/authentication.go
@@ -4,17 +4,23 @@ import (
 	"context"
 	"net/http"
 
+	"proctor/internal/app/service/infra/config"
 	"proctor/internal/app/service/infra/logger"
 	"proctor/internal/app/service/security/service"
 	"proctor/internal/pkg/constant"
 )
 
 type authenticationMiddleware struct {
 	service service.SecurityService
+	enabled bool
 }
 
 func (middleware *authenticationMiddleware) MiddlewareFunc(next http.Handler) http.Handler {
 	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		if !middleware.enabled {
+			next.ServeHTTP(w, r)
+			return
+		}
 		token := r.Header.Get(constant.AccessTokenHeaderKey)
 		userEmail := r.Header.Get(constant.UserEmailHeaderKey)
 		if token == "" || userEmail == "" {
@@ -33,7 +39,9 @@ func (middleware *authenticationMiddleware) MiddlewareFunc(next http.Handler) ht
 }
 
 func NewAuthenticationMiddleware(securityService service.SecurityService) Middleware {
+	proctorConfig := config.Load()
 	return &authenticationMiddleware{
 		service: securityService,
+		enabled: proctorConfig.AuthEnabled,
 	}
 }
diff --git a/internal/app/service/security/middleware/authentication_test.go b/internal/app/service/security/middleware/authentication_test.go
@@ -23,6 +23,7 @@ func (context *testContext) setUp(t *testing.T) {
 	context.authMiddleware = authenticationMiddleware{}
 	context.securityService = &service.SecurityServiceMock{}
 	context.authMiddleware.service = context.securityService
+	context.authMiddleware.enabled = true
 	fn := func(w http.ResponseWriter, r *http.Request) {
 	}
 	context.testHandler = fn
@@ -144,3 +145,23 @@ func TestAuthenticationMiddleware_MiddlewareFuncAuthFailed(t *testing.T) {
 
 	assert.Equal(t, http.StatusUnauthorized, resp.StatusCode)
 }
+
+func TestAuthenticationMiddleware_MiddlewareFuncDisabled(t *testing.T) {
+	ctx := newContext()
+	ctx.setUp(t)
+	defer ctx.tearDown()
+
+	authMiddleware := ctx.instance().authMiddleware
+	authMiddleware.enabled = false
+	testHandler := ctx.instance().testHandler
+	ts := httptest.NewServer(authMiddleware.MiddlewareFunc(testHandler))
+	defer ts.Close()
+
+	client := &http.Client{}
+	req, _ := http.NewRequest("GET", ts.URL, nil)
+
+	resp, _ := client.Do(req)
+	defer resp.Body.Close()
+
+	assert.Equal(t, http.StatusOK, resp.StatusCode)
+}
diff --git a/internal/app/service/security/middleware/authorization.go b/internal/app/service/security/middleware/authorization.go
@@ -9,6 +9,7 @@ import (
 	"github.com/gorilla/mux"
 
 	"proctor/internal/app/service/execution/handler/parameter"
+	"proctor/internal/app/service/infra/config"
 	"proctor/internal/app/service/infra/logger"
 	"proctor/internal/app/service/metadata/repository"
 	"proctor/internal/app/service/schedule/model"
@@ -19,6 +20,7 @@ import (
 type authorizationMiddleware struct {
 	service            service.SecurityService
 	metadataRepository repository.MetadataRepository
+	enabled            bool
 }
 
 func (middleware *authorizationMiddleware) Secure(router *mux.Router, path string, handler http.Handler) *mux.Route {
@@ -27,6 +29,10 @@ func (middleware *authorizationMiddleware) Secure(router *mux.Router, path strin
 
 func (middleware *authorizationMiddleware) MiddlewareFunc(next http.Handler) http.Handler {
 	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		if !middleware.enabled {
+			next.ServeHTTP(w, r)
+			return
+		}
 		jobName, err := extractName(r)
 		logger.LogErrors(err, "decode json", r.Body)
 		if jobName == "" {
@@ -82,8 +88,10 @@ func extractName(r *http.Request) (string, error) {
 }
 
 func NewAuthorizationMiddleware(securityService service.SecurityService, metadataRepository repository.MetadataRepository) AuthorizationMiddleware {
+	proctorConfig := config.Load()
 	return &authorizationMiddleware{
 		service:            securityService,
 		metadataRepository: metadataRepository,
+		enabled:            proctorConfig.AuthEnabled,
 	}
 }
diff --git a/internal/app/service/security/middleware/authorization_test.go b/internal/app/service/security/middleware/authorization_test.go
@@ -37,6 +37,7 @@ func (context *authorizationContext) setUp(t *testing.T) {
 	context.authorizationMiddleware.metadataRepository = context.metadataRepository
 	context.securityService = &service.SecurityServiceMock{}
 	context.authorizationMiddleware.service = context.securityService
+	context.authorizationMiddleware.enabled = true
 	context.jobMetadata = &metadata.Metadata{
 		Name:             "a-job",
 		Description:      "jobMetadata of a job",
@@ -251,6 +252,28 @@ func TestAuthorizationMiddleware_MiddlewareFuncFailed(t *testing.T) {
 	assert.Equal(t, http.StatusForbidden, responseResult.StatusCode)
 }
 
+func TestAuthorizationMiddleware_MiddlewareFuncDisabled(t *testing.T) {
+	ctx := newAuthorizationContext()
+	ctx.setUp(t)
+	defer ctx.tearDown()
+
+	authzMiddleware := ctx.instance().authorizationMiddleware
+	authzMiddleware.enabled = false
+	testHandler := http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		w.WriteHeader(http.StatusOK)
+	})
+	ts := httptest.NewServer(authzMiddleware.MiddlewareFunc(testHandler))
+	defer ts.Close()
+
+	client := &http.Client{}
+	req, _ := http.NewRequest("GET", ts.URL, nil)
+
+	resp, _ := client.Do(req)
+	defer resp.Body.Close()
+
+	assert.Equal(t, http.StatusOK, resp.StatusCode)
+}
+
 func TestAuthorizationMiddleware_Secure(t *testing.T) {
 	ctx := newAuthorizationContext()
 	ctx.setUp(t)