h/golib
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: h:hws/v0.4.4
Branches Tags
h:master
h:tmdb/v0.10.0 h:hwsauth/v0.7.0 h:hws/v0.6.0 h:hlog/v0.11.0 h:ezconf/v0.2.1 h:ezconf/v0.2.0 h:hwsauth/v0.6.1 h:hwsauth/v0.6.0 h:hwsauth/v0.5.5 h:hws/v0.5.0 h:hwsauth/v0.5.4 h:hws/v0.4.4 h:hwsauth/v0.5.3 h:hws/v0.4.3 h:hws/v0.4.2 h:hws/v0.4.1 h:hws/v0.4.0 h:notify/v0.1.0 h:hws/v0.3.2 h:hwsauth/v0.5.2 h:hwsauth/v0.5.1 h:hws/v0.3.1 h:hwsauth/v0.5.0 h:hwsauth/v0.4.0 h:hws/v0.3.0 h:ezconf/v0.1.1 h:hlog/v0.10.4 h:tmdb/v0.9.2 h:hwsauth/v0.3.4 h:hws/v0.2.3 h:ezconf/v0.1.0 h:tmdb/v0.9.1 h:tmdb/v0.9.0 h:hwsauth/v0.3.3 h:jwt/v0.10.1 h:hwsauth/v0.3.2 h:hws/v0.2.2 h:hlog/v0.10.3 h:hlog/v0.10.2 h:hlog/v0.10.1 h:hws/v0.2.1 h:hwsauth/v0.3.1 h:hws/v0.2.0 h:hwsauth/v0.3.0 h:jwt/v0.10.0 h:hlog/v0.9.1 h:env/v0.9.1 h:hwsauth/v0.2.0 h:hwsauth/v0.1.0 h:hws/v0.1.0 h:env/v0.9.0 h:cookies/v0.9.0 h:jwt/v0.9.2 h:jwt/v0.9.1 h:tmdb/v0.8.0 h:jwt/v0.9.0 h:hlog/v0.9.0
...
compare: h:hwsauth/v0.5.4
Branches Tags
h:master
h:tmdb/v0.10.0 h:hwsauth/v0.7.0 h:hws/v0.6.0 h:hlog/v0.11.0 h:ezconf/v0.2.1 h:ezconf/v0.2.0 h:hwsauth/v0.6.1 h:hwsauth/v0.6.0 h:hwsauth/v0.5.5 h:hws/v0.5.0 h:hwsauth/v0.5.4 h:hws/v0.4.4 h:hwsauth/v0.5.3 h:hws/v0.4.3 h:hws/v0.4.2 h:hws/v0.4.1 h:hws/v0.4.0 h:notify/v0.1.0 h:hws/v0.3.2 h:hwsauth/v0.5.2 h:hwsauth/v0.5.1 h:hws/v0.3.1 h:hwsauth/v0.5.0 h:hwsauth/v0.4.0 h:hws/v0.3.0 h:ezconf/v0.1.1 h:hlog/v0.10.4 h:tmdb/v0.9.2 h:hwsauth/v0.3.4 h:hws/v0.2.3 h:ezconf/v0.1.0 h:tmdb/v0.9.1 h:tmdb/v0.9.0 h:hwsauth/v0.3.3 h:jwt/v0.10.1 h:hwsauth/v0.3.2 h:hws/v0.2.2 h:hlog/v0.10.3 h:hlog/v0.10.2 h:hlog/v0.10.1 h:hws/v0.2.1 h:hwsauth/v0.3.1 h:hws/v0.2.0 h:hwsauth/v0.3.0 h:jwt/v0.10.0 h:hlog/v0.9.1 h:env/v0.9.1 h:hwsauth/v0.2.0 h:hwsauth/v0.1.0 h:hws/v0.1.0 h:env/v0.9.0 h:cookies/v0.9.0 h:jwt/v0.9.2 h:jwt/v0.9.1 h:tmdb/v0.8.0 h:jwt/v0.9.0 h:hlog/v0.9.0

1 Commits
hws/v0.4.4 ... hwsauth/v0

Author SHA1 Message Date
Haelnorr
95a17597cf added glob matching to auth middleware 2026-02-01 19:55:04 +11:00
5 changed files with 41 additions and 5 deletions
Expand all files Collapse all files

3
hwsauth/authenticator.go
View File

@@ -9,6 +9,7 @@ import (
"git.haelnorr.com/h/golib/hlog" "git.haelnorr.com/h/golib/hlog"
"git.haelnorr.com/h/golib/hws" "git.haelnorr.com/h/golib/hws"
"git.haelnorr.com/h/golib/jwt" "git.haelnorr.com/h/golib/jwt"
"github.com/gobwas/glob"
"github.com/pkg/errors" "github.com/pkg/errors"
) )
@@ -16,7 +17,7 @@ type Authenticator[T Model, TX DBTransaction] struct {
tokenGenerator *jwt.TokenGenerator tokenGenerator *jwt.TokenGenerator
load LoadFunc[T, TX] load LoadFunc[T, TX]
beginTx BeginTX beginTx BeginTX
ignoredPaths []string ignoredPaths []glob.Glob
logger *hlog.Logger logger *hlog.Logger
server *hws.Server server *hws.Server
errorPage hws.ErrorPageFunc errorPage hws.ErrorPageFunc

1
hwsauth/go.mod
View File

@@ -16,6 +16,7 @@ require (
require ( require (
github.com/davecgh/go-spew v1.1.1 // indirect github.com/davecgh/go-spew v1.1.1 // indirect
github.com/go-logr/logr v1.4.3 // indirect github.com/go-logr/logr v1.4.3 // indirect
github.com/gobwas/glob v0.2.3
github.com/golang-jwt/jwt v3.2.2+incompatible // indirect github.com/golang-jwt/jwt v3.2.2+incompatible // indirect
github.com/google/uuid v1.6.0 // indirect github.com/google/uuid v1.6.0 // indirect
github.com/mattn/go-colorable v0.1.14 // indirect github.com/mattn/go-colorable v0.1.14 // indirect

2
hwsauth/go.sum
View File

@@ -15,6 +15,8 @@ github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c
github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
github.com/go-logr/logr v1.4.3 h1:CjnDlHq8ikf6E492q6eKboGOC0T8CDaOvkHCIg8idEI= github.com/go-logr/logr v1.4.3 h1:CjnDlHq8ikf6E492q6eKboGOC0T8CDaOvkHCIg8idEI=
github.com/go-logr/logr v1.4.3/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY= github.com/go-logr/logr v1.4.3/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY=
github.com/gobwas/glob v0.2.3 h1:A4xDbljILXROh+kObIiy5kIaPYD8e96x1tgBhUI5J+Y=
github.com/gobwas/glob v0.2.3/go.mod h1:d3Ez4x06l9bZtSvzIay5+Yzi0fmZzPgnTbPcKjJAkT8=
github.com/godbus/dbus/v5 v5.0.4/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5xrFpKfA= github.com/godbus/dbus/v5 v5.0.4/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5xrFpKfA=
github.com/golang-jwt/jwt v3.2.2+incompatible h1:IfV12K8xAKAnZqdXVzCZ+TOjboZ2keLg81eXfW3O+oY= github.com/golang-jwt/jwt v3.2.2+incompatible h1:IfV12K8xAKAnZqdXVzCZ+TOjboZ2keLg81eXfW3O+oY=
github.com/golang-jwt/jwt v3.2.2+incompatible/go.mod h1:8pz2t5EyA70fFQQSrl6XZXzqecmYZeUEB8OUGHkxJ+I= github.com/golang-jwt/jwt v3.2.2+incompatible/go.mod h1:8pz2t5EyA70fFQQSrl6XZXzqecmYZeUEB8OUGHkxJ+I=

17
hwsauth/ignorepaths.go
View File

@@ -3,6 +3,8 @@ package hwsauth
import ( import (
"fmt" "fmt"
"net/url" "net/url"
"github.com/gobwas/glob"
) )
// IgnorePaths excludes specified paths from authentication middleware. // IgnorePaths excludes specified paths from authentication middleware.
@@ -25,6 +27,19 @@ func (auth *Authenticator[T, TX]) IgnorePaths(paths ...string) error {
return fmt.Errorf("Invalid path: '%s'", path) return fmt.Errorf("Invalid path: '%s'", path)
} }
} }
auth.ignoredPaths = paths auth.ignoredPaths = prepareGlobs(paths)
return nil return nil
} }
func prepareGlobs(paths []string) []glob.Glob {
compiledGlobs := make([]glob.Glob, 0, len(paths))
for _, pattern := range paths {
g, err := glob.Compile(pattern)
if err != nil {
// If pattern fails to compile, skip it
continue
}
compiledGlobs = append(compiledGlobs, g)
}
return compiledGlobs
}

23
hwsauth/middleware.go
View File

@@ -3,10 +3,10 @@ package hwsauth
import ( import (
"context" "context"
"net/http" "net/http"
"slices"
"time" "time"
"git.haelnorr.com/h/golib/hws" "git.haelnorr.com/h/golib/hws"
"github.com/gobwas/glob"
"github.com/pkg/errors" "github.com/pkg/errors"
) )
@@ -23,7 +23,7 @@ func (auth *Authenticator[T, TX]) Authenticate() hws.Middleware {
func (auth *Authenticator[T, TX]) authenticate() hws.MiddlewareFunc { func (auth *Authenticator[T, TX]) authenticate() hws.MiddlewareFunc {
return func(w http.ResponseWriter, r *http.Request) (*http.Request, *hws.HWSError) { return func(w http.ResponseWriter, r *http.Request) (*http.Request, *hws.HWSError) {
if slices.Contains(auth.ignoredPaths, r.URL.Path) { if globTest(r.URL.Path, auth.ignoredPaths) {
return r, nil return r, nil
} }
ctx, cancel := context.WithTimeout(r.Context(), 10*time.Second) ctx, cancel := context.WithTimeout(r.Context(), 10*time.Second)
@@ -38,6 +38,7 @@ func (auth *Authenticator[T, TX]) authenticate() hws.MiddlewareFunc {
Error: errors.Wrap(err, "auth.beginTx"), Error: errors.Wrap(err, "auth.beginTx"),
} }
} }
defer tx.Rollback()
// Type assert to TX - safe because user's beginTx should return their TX type // Type assert to TX - safe because user's beginTx should return their TX type
txTyped, ok := tx.(TX) txTyped, ok := tx.(TX)
if !ok { if !ok {
@@ -49,7 +50,14 @@ func (auth *Authenticator[T, TX]) authenticate() hws.MiddlewareFunc {
} }
model, err := auth.getAuthenticatedUser(txTyped, w, r) model, err := auth.getAuthenticatedUser(txTyped, w, r)
if err != nil { if err != nil {
tx.Rollback() rberr := tx.Rollback()
if rberr != nil {
return nil, &hws.HWSError{
Message: "Failed rolling back after error",
StatusCode: http.StatusInternalServerError,
Error: errors.Wrap(err, "tx.Rollback"),
}
}
auth.logger.Debug(). auth.logger.Debug().
Str("remote_addr", r.RemoteAddr). Str("remote_addr", r.RemoteAddr).
Err(err). Err(err).
@@ -62,3 +70,12 @@ func (auth *Authenticator[T, TX]) authenticate() hws.MiddlewareFunc {
return newReq, nil return newReq, nil
} }
} }
func globTest(testPath string, globs []glob.Glob) bool {
for _, g := range globs {
if g.Match(testPath) {
return true
}
}
return false
}