Skip to content

Commit

Permalink
Added JS Middleware auth plgin support
Browse files Browse the repository at this point in the history
  • Loading branch information
@lonelycode
lonelycode committed Sep 29, 2016
1 parent 1874df1 commit a91e081
Show file tree
Hide file tree
Showing 5 changed files with 77 additions and 2 deletions.
4 changes: 4 additions & 0 deletions js/tyk.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -47,6 +47,10 @@ TykJS.TykMiddleware.NewMiddleware.prototype.ReturnData = function(request, sessi
return {Request: request, SessionMeta: session}
};

TykJS.TykMiddleware.NewMiddleware.prototype.ReturnAuthData = function(request, session) {
return {Request: request, Session: session}
};

// ---- End middleware implementation for global context ----

// -- Start Event Handler implementation ----
Expand Down
18 changes: 16 additions & 2 deletions main.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -429,6 +429,10 @@ func loadCustomMiddleware(referenceSpec *APISpec) ([]string, tykcommon.Middlewar
// Set AuthCheck hook
if referenceSpec.APIDefinition.CustomMiddleware.AuthCheck.Name != "" {
mwAuthCheckFunc = referenceSpec.APIDefinition.CustomMiddleware.AuthCheck
if referenceSpec.APIDefinition.CustomMiddleware.AuthCheck.Path != "" {
// Feed a JS file to Otto
mwPaths = append(mwPaths, referenceSpec.APIDefinition.CustomMiddleware.AuthCheck.Path)
}
}

// Load form the configuration
Expand Down Expand Up @@ -969,6 +973,8 @@ func loadApps(APISpecs *[]*APISpec, Muxer *mux.Router) {

useCoProcessAuth := EnableCoProcess && mwDriver != tykcommon.OttoDriver && referenceSpec.EnableCoProcessAuth

useOttoAuth := mwDriver == tykcommon.OttoDriver && referenceSpec.APIDefinition.CustomMiddleware.AuthCheck.Name != "" && referenceSpec.EnableCoProcessAuth

if referenceSpec.APIDefinition.UseBasicAuth {
// Basic Auth
log.WithFields(logrus.Fields{
Expand Down Expand Up @@ -1007,7 +1013,7 @@ func loadApps(APISpecs *[]*APISpec, Muxer *mux.Router) {
// TODO: check if mwAuthCheckFunc is available/valid
log.WithFields(logrus.Fields{
"prefix": "main",
}).Info("----> Checking security policy: CoProcess")
}).Info("----> Checking security policy: CoProcess Plugin")

log.WithFields(logrus.Fields{
"prefix": "coprocess",
Expand All @@ -1016,7 +1022,15 @@ func loadApps(APISpecs *[]*APISpec, Muxer *mux.Router) {
authArray = append(authArray, CreateCoProcessMiddleware(mwAuthCheckFunc.Name, coprocess.HookType_CustomKeyCheck, mwDriver, tykMiddleware))
}

if referenceSpec.UseStandardAuth || (!referenceSpec.UseOpenID && !referenceSpec.EnableJWT && !referenceSpec.EnableSignatureChecking && !referenceSpec.APIDefinition.UseBasicAuth && !referenceSpec.APIDefinition.UseOauth2 && !useCoProcessAuth) {
if useOttoAuth {
log.WithFields(logrus.Fields{
"prefix": "main",
}).Info("----> Checking security policy: JS Plugin")

authArray = append(authArray, CreateDynamicAuthMiddleware(mwAuthCheckFunc.Name, tykMiddleware))
}

if referenceSpec.UseStandardAuth || (!referenceSpec.UseOpenID && !referenceSpec.EnableJWT && !referenceSpec.EnableSignatureChecking && !referenceSpec.APIDefinition.UseBasicAuth && !referenceSpec.APIDefinition.UseOauth2 && !useCoProcessAuth && !useOttoAuth) {
// Auth key
log.WithFields(logrus.Fields{
"prefix": "main",
Expand Down
11 changes: 11 additions & 0 deletions middleware.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -26,6 +26,17 @@ func CreateDynamicMiddleware(MiddlewareName string, IsPre, UseSession bool, tykM
return CreateMiddleware(dMiddleware, tykMwSuper)
}

func CreateDynamicAuthMiddleware(MiddlewareName string, tykMwSuper *TykMiddleware) func(http.Handler) http.Handler {
dMiddleware := &DynamicMiddleware{
TykMiddleware: tykMwSuper,
MiddlewareClassName: MiddlewareName,
Auth: true,
UseSession: false,
}

return CreateMiddleware(dMiddleware, tykMwSuper)
}

// Generic middleware caller to make extension easier
func CreateMiddleware(mw TykMiddlewareImplementation, tykMwSuper *TykMiddleware) func(http.Handler) http.Handler {
// construct a new instance
Expand Down
36 changes: 36 additions & 0 deletions middleware/otto_auth_mw_example.js
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,36 @@
log("====> JS Auth initialising");

var OttoAuthExample = new TykJS.TykMiddleware.NewMiddleware({});

OttoAuthExample.NewProcessRequest(function(request, session) {
log("----> Running OttoAuthExample JSVM Auth Middleware")

var thisToken = request.Params["auth"];

if (thisToken == undefined) {
// no token at all?
request.ReturnOverrides.ResponseCode = 401
request.ReturnOverrides.ResponseError = 'Header missing (JS middleware)'
return OttoAuthExample.ReturnData(request, {});
}

if (thisToken != "foobar") {
request.ReturnOverrides.ResponseCode = 401
request.ReturnOverrides.ResponseError = 'Not authorized (JS middleware)'
return OttoAuthExample.ReturnData(request, {});
}

var thisSession = {
"allowance": 100,
"rate": 100,
"per": 1,
"quota_max": -1,
"quota_renews": 1406121006,
"access_rights": {}
};

return OttoAuthExample.ReturnAuthData(request, thisSession);
});

// Ensure init with a post-declaration log message
log("====> JS Auth initialised");
10 changes: 10 additions & 0 deletions plugins.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -40,6 +40,8 @@ type MiniRequestObject struct {
type VMReturnObject struct {
Request MiniRequestObject
SessionMeta map[string]string
Session SessionState
AuthValue string
}

type nopCloser struct {
Expand All @@ -56,6 +58,7 @@ type DynamicMiddleware struct {
MiddlewareClassName string
Pre bool
UseSession bool
Auth bool
}

type DynamicMiddlewareConfig struct {
Expand Down Expand Up @@ -150,6 +153,7 @@ func (d *DynamicMiddleware) ProcessRequest(w http.ResponseWriter, r *http.Reques

// Decode the return object
newRequestData := VMReturnObject{}

decErr := json.Unmarshal([]byte(returnDataStr), &newRequestData)

if decErr != nil {
Expand Down Expand Up @@ -212,6 +216,12 @@ func (d *DynamicMiddleware) ProcessRequest(w http.ResponseWriter, r *http.Reques
if newRequestData.Request.ReturnOverrides.ResponseCode != 0 {
return errors.New(newRequestData.Request.ReturnOverrides.ResponseError), newRequestData.Request.ReturnOverrides.ResponseCode
}

if d.Auth {
context.Set(r, SessionData, newRequestData.Session)
context.Set(r, AuthHeaderValue, newRequestData.AuthValue)
}

return nil, 200
}

Expand Down

0 comments on commit a91e081

Please sign in to comment.