From 788592e8ce9ed47e7b5033f01fee29117ce7297e Mon Sep 17 00:00:00 2001 From: James Telfer <792299+jamestelfer@users.noreply.github.com> Date: Fri, 4 Oct 2024 14:14:11 +1000 Subject: [PATCH] fix: add auditor middleware to primary routes Integrates the functionality, making it available to other components. --- main.go | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/main.go b/main.go index 3b9e0ec..3a38146 100644 --- a/main.go +++ b/main.go @@ -10,6 +10,7 @@ import ( "time" jwtmiddleware "github.com/auth0/go-jwt-middleware/v2" + "github.com/jamestelfer/chinmina-bridge/internal/audit" "github.com/jamestelfer/chinmina-bridge/internal/buildkite" "github.com/jamestelfer/chinmina-bridge/internal/config" "github.com/jamestelfer/chinmina-bridge/internal/github" @@ -28,6 +29,8 @@ func configureServerRoutes(ctx context.Context, cfg config.Config) (http.Handler mux := observe.NewMux(muxWithoutTelemetry) // configure middleware + auditor := audit.Middleware() + authorizer, err := jwt.Middleware(cfg.Authorization, jwtmiddleware.WithErrorHandler(jwt.LogErrorHandler())) if err != nil { return nil, fmt.Errorf("authorizer configuration failed: %w", err) @@ -36,8 +39,9 @@ func configureServerRoutes(ctx context.Context, cfg config.Config) (http.Handler // The request body size is fairly limited to prevent accidental or // deliberate abuse. Given the current API shape, this is not configurable. requestLimitBytes := int64(20 << 10) // 20 KB + requestLimiter := maxRequestSize(requestLimitBytes) - authorized := alice.New(maxRequestSize(requestLimitBytes), authorizer) + authorizedRouteMiddleware := alice.New(requestLimiter, auditor, authorizer) // setup token handler and dependencies bk, err := buildkite.New(cfg.Buildkite) @@ -57,8 +61,8 @@ func configureServerRoutes(ctx context.Context, cfg config.Config) (http.Handler tokenVendor := vendorCache(vendor.New(bk.RepositoryLookup, gh.CreateAccessToken)) - mux.Handle("POST /token", authorized.Then(handlePostToken(tokenVendor))) - mux.Handle("POST /git-credentials", authorized.Then(handlePostGitCredentials(tokenVendor))) + mux.Handle("POST /token", authorizedRouteMiddleware.Then(handlePostToken(tokenVendor))) + mux.Handle("POST /git-credentials", authorizedRouteMiddleware.Then(handlePostGitCredentials(tokenVendor))) // healthchecks are not included in telemetry muxWithoutTelemetry.Handle("GET /healthcheck", handleHealthCheck())