Skip to content

Commit

Permalink
fix: add auditor middleware to primary routes
Browse files Browse the repository at this point in the history 
Integrates the functionality, making it available to other components.
  • Loading branch information
@jamestelfer
jamestelfer committed Oct 4, 2024
1 parent 4516bad commit 788592e
Showing 1 changed file with 7 additions and 3 deletions.
10 changes: 7 additions & 3 deletions main.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -10,6 +10,7 @@ import (
"time"

jwtmiddleware "github.com/auth0/go-jwt-middleware/v2"
"github.com/jamestelfer/chinmina-bridge/internal/audit"
"github.com/jamestelfer/chinmina-bridge/internal/buildkite"
"github.com/jamestelfer/chinmina-bridge/internal/config"
"github.com/jamestelfer/chinmina-bridge/internal/github"
Expand All @@ -28,6 +29,8 @@ func configureServerRoutes(ctx context.Context, cfg config.Config) (http.Handler
mux := observe.NewMux(muxWithoutTelemetry)

// configure middleware
auditor := audit.Middleware()

authorizer, err := jwt.Middleware(cfg.Authorization, jwtmiddleware.WithErrorHandler(jwt.LogErrorHandler()))
if err != nil {
return nil, fmt.Errorf("authorizer configuration failed: %w", err)
Expand All @@ -36,8 +39,9 @@ func configureServerRoutes(ctx context.Context, cfg config.Config) (http.Handler
// The request body size is fairly limited to prevent accidental or
// deliberate abuse. Given the current API shape, this is not configurable.
requestLimitBytes := int64(20 << 10) // 20 KB
requestLimiter := maxRequestSize(requestLimitBytes)

authorized := alice.New(maxRequestSize(requestLimitBytes), authorizer)
authorizedRouteMiddleware := alice.New(requestLimiter, auditor, authorizer)

// setup token handler and dependencies
bk, err := buildkite.New(cfg.Buildkite)
Expand All @@ -57,8 +61,8 @@ func configureServerRoutes(ctx context.Context, cfg config.Config) (http.Handler

tokenVendor := vendorCache(vendor.New(bk.RepositoryLookup, gh.CreateAccessToken))

mux.Handle("POST /token", authorized.Then(handlePostToken(tokenVendor)))
mux.Handle("POST /git-credentials", authorized.Then(handlePostGitCredentials(tokenVendor)))
mux.Handle("POST /token", authorizedRouteMiddleware.Then(handlePostToken(tokenVendor)))
mux.Handle("POST /git-credentials", authorizedRouteMiddleware.Then(handlePostGitCredentials(tokenVendor)))

// healthchecks are not included in telemetry
muxWithoutTelemetry.Handle("GET /healthcheck", handleHealthCheck())
Expand Down

0 comments on commit 788592e

Please sign in to comment.