add user basic authentication (#332)

susarlanikhilesh · dfarr · web-flow · commit 80db12e89d72 · 2024-05-21T11:10:04.000-07:00
* add user basic authentication

* add test which expects unauthorised on basic auth

* Consolidate tests and config

* Add basic auth to cli

---------

Co-authored-by: David Farr &lt;david@resonatehq.io&gt;
diff --git a/cmd/promises/complete.go b/cmd/promises/complete.go
@@ -84,7 +84,7 @@ func CompletePromiseCmds(c client.ResonateClient) []*cobra.Command {
 				} else if resp.StatusCode() == 200 {
 					cmd.Printf("%s promise: %s (deduplicated)\n", state.PastT, id)
 				} else {
-					cmd.PrintErrln(string(resp.Body))
+					cmd.PrintErrln(resp.Status(), string(resp.Body))
 				}
 			},
 		}
diff --git a/cmd/promises/complete_test.go b/cmd/promises/complete_test.go
diff --git a/cmd/promises/create.go b/cmd/promises/create.go
@@ -77,7 +77,7 @@ func CreatePromiseCmd(c client.ResonateClient) *cobra.Command {
 			} else if resp.StatusCode() == 200 {
 				cmd.Printf("Created promise: %s (deduplicated)\n", id)
 			} else {
-				cmd.PrintErrln(string(resp.Body))
+				cmd.PrintErrln(resp.Status(), string(resp.Body))
 			}
 		},
 	}
diff --git a/cmd/promises/get.go b/cmd/promises/get.go
@@ -36,7 +36,7 @@ func GetPromiseCmd(c client.ResonateClient) *cobra.Command {
 			}
 
 			if resp.StatusCode() != 200 {
-				cmd.PrintErrln(string(resp.Body))
+				cmd.PrintErrln(resp.Status(), string(resp.Body))
 				return
 			}
 
diff --git a/cmd/promises/promises.go b/cmd/promises/promises.go
@@ -12,13 +12,24 @@ import (
 )
 
 func NewCmd(c client.ResonateClient) *cobra.Command {
+	var (
+		username string
+		password string
+	)
+
 	cmd := &cobra.Command{
 		Use:     "promises",
 		Aliases: []string{"promise"},
 		Short:   "Manage durable promises",
 		Run: func(cmd *cobra.Command, args []string) {
 			_ = cmd.Help()
 		},
+		PersistentPreRun: func(cmd *cobra.Command, args []string) {
+			// Set basic auth if provided
+			if username != "" || password != "" {
+				c.SetBasicAuth(username, password)
+			}
+		},
 	}
 
 	// Add subcommands
@@ -27,6 +38,10 @@ func NewCmd(c client.ResonateClient) *cobra.Command {
 	cmd.AddCommand(CreatePromiseCmd(c))
 	cmd.AddCommand(CompletePromiseCmds(c)...)
 
+	// Flags
+	cmd.PersistentFlags().StringVarP(&username, "username", "U", "", "Basic auth username")
+	cmd.PersistentFlags().StringVarP(&password, "password", "P", "", "Basic auth password")
+
 	return cmd
 }
 
diff --git a/cmd/promises/search.go b/cmd/promises/search.go
@@ -69,7 +69,7 @@ func SearchPromisesCmd(c client.ResonateClient) *cobra.Command {
 			}
 
 			if resp.StatusCode() != 200 {
-				cmd.PrintErr(string(resp.Body))
+				cmd.PrintErrln(resp.Status(), string(resp.Body))
 				return
 			}
 
diff --git a/cmd/schedules/create.go b/cmd/schedules/create.go
@@ -82,7 +82,7 @@ func CreateScheduleCmd(c client.ResonateClient) *cobra.Command {
 			} else if resp.StatusCode() == 200 {
 				cmd.Printf("Created schedule: %s (deduplicated)\n", id)
 			} else {
-				cmd.PrintErrln(string(resp.Body))
+				cmd.PrintErrln(resp.Status(), string(resp.Body))
 			}
 		},
 	}
diff --git a/cmd/schedules/delete.go b/cmd/schedules/delete.go
@@ -34,7 +34,7 @@ func DeleteScheduleCmd(c client.ResonateClient) *cobra.Command {
 			}
 
 			if resp.StatusCode() != 204 {
-				cmd.PrintErrln(string(resp.Body))
+				cmd.PrintErrln(resp.Status(), string(resp.Body))
 				return
 			}
 
diff --git a/cmd/schedules/get.go b/cmd/schedules/get.go
@@ -37,7 +37,7 @@ func GetScheduleCmd(c client.ResonateClient) *cobra.Command {
 			}
 
 			if resp.StatusCode() != 200 {
-				cmd.PrintErrln(string(resp.Body))
+				cmd.PrintErrln(resp.Status(), string(resp.Body))
 				return
 			}
 
diff --git a/cmd/schedules/schedules.go b/cmd/schedules/schedules.go
@@ -12,13 +12,24 @@ import (
 )
 
 func NewCmd(c client.ResonateClient) *cobra.Command {
+	var (
+		username string
+		password string
+	)
+
 	cmd := &cobra.Command{
 		Use:     "schedules",
 		Aliases: []string{"schedule"},
 		Short:   "Manage durable schedules",
 		Run: func(cmd *cobra.Command, args []string) {
 			_ = cmd.Help()
 		},
+		PersistentPreRun: func(cmd *cobra.Command, args []string) {
+			// Set basic auth if provided
+			if username != "" || password != "" {
+				c.SetBasicAuth(username, password)
+			}
+		},
 	}
 
 	// Add subcommands
@@ -27,6 +38,10 @@ func NewCmd(c client.ResonateClient) *cobra.Command {
 	cmd.AddCommand(CreateScheduleCmd(c))
 	cmd.AddCommand(DeleteScheduleCmd(c))
 
+	// Flags
+	cmd.PersistentFlags().StringVarP(&username, "username", "U", "", "Basic auth username")
+	cmd.PersistentFlags().StringVarP(&password, "password", "P", "", "Basic auth password")
+
 	return cmd
 }
 
diff --git a/cmd/schedules/search.go b/cmd/schedules/search.go
@@ -54,7 +54,7 @@ func SearchSchedulesCmd(c client.ResonateClient) *cobra.Command {
 			}
 
 			if resp.StatusCode() != 200 {
-				cmd.PrintErr(string(resp.Body))
+				cmd.PrintErrln(resp.Status(), string(resp.Body))
 				return
 			}
 
diff --git a/cmd/serve/serve.go b/cmd/serve/serve.go
@@ -184,22 +184,22 @@ func ServeCmd() *cobra.Command {
 		},
 	}
 
-	// assert
-	cmd.Flags().Bool("ignore-asserts", false, "ignore-asserts mode")
-	_ = viper.BindPFlag("ignore-asserts", cmd.Flags().Lookup("ignore-asserts"))
-
 	// api
 	cmd.Flags().Int("api-size", 100, "size of the submission queue buffered channel")
 	cmd.Flags().String("api-http-addr", "0.0.0.0:8001", "http server address")
 	cmd.Flags().Duration("api-http-timeout", 10*time.Second, "http server graceful shutdown timeout")
 	cmd.Flags().String("api-grpc-addr", "0.0.0.0:50051", "grpc server address")
 	cmd.Flags().String("api-base-url", "http://localhost:8001", "base url to automatically generate absolute URLs for the server's resources")
+	cmd.Flags().String("api-http-auth-username", "", "username for basic auth")
+	cmd.Flags().String("api-http-auth-password", "", "password for basic auth")
 
 	_ = viper.BindPFlag("api.size", cmd.Flags().Lookup("api-size"))
 	_ = viper.BindPFlag("api.subsystems.http.addr", cmd.Flags().Lookup("api-http-addr"))
 	_ = viper.BindPFlag("api.subsystems.http.timeout", cmd.Flags().Lookup("api-http-timeout"))
 	_ = viper.BindPFlag("api.subsystems.grpc.addr", cmd.Flags().Lookup("api-grpc-addr"))
 	_ = viper.BindPFlag("api.baseUrl", cmd.Flags().Lookup("api-base-url"))
+	_ = viper.BindPFlag("api.subsystems.http.auth.username", cmd.Flags().Lookup("api-http-auth-username"))
+	_ = viper.BindPFlag("api.subsystems.http.auth.password", cmd.Flags().Lookup("api-http-auth-password"))
 
 	// aio
 	// Store
@@ -272,10 +272,15 @@ func ServeCmd() *cobra.Command {
 	_ = viper.BindPFlag("system.submissionBatchSize", cmd.Flags().Lookup("system-submission-batch-size"))
 	_ = viper.BindPFlag("system.completionBatchSize", cmd.Flags().Lookup("system-completion-batch-size"))
 	_ = viper.BindPFlag("system.scheduleBatchSize", cmd.Flags().Lookup("system-schedule-batch-size"))
+
 	// metrics
 	cmd.Flags().Int("metrics-port", 9090, "prometheus metrics server port")
 	_ = viper.BindPFlag("metrics.port", cmd.Flags().Lookup("metrics-port"))
 
+	// assert
+	cmd.Flags().Bool("ignore-asserts", false, "ignore-asserts mode")
+	_ = viper.BindPFlag("ignore-asserts", cmd.Flags().Lookup("ignore-asserts"))
+
 	cmd.Flags().SortFlags = false
 
 	return cmd
diff --git a/internal/app/subsystems/api/http/http.go b/internal/app/subsystems/api/http/http.go
@@ -7,6 +7,7 @@ import (
 
 	"github.com/go-playground/validator/v10"
 	"github.com/resonatehq/resonate/internal/app/subsystems/api/service"
+	"github.com/resonatehq/resonate/internal/util"
 
 	"log/slog"
 
@@ -15,8 +16,14 @@ import (
 	"github.com/resonatehq/resonate/internal/api"
 )
 
+type Auth struct {
+	Username string
+	Password string
+}
+
 type Config struct {
 	Addr    string
+	Auth    *Auth
 	Timeout time.Duration
 }
 
@@ -39,26 +46,39 @@ func New(api api.API, config *Config) api.Subsystem {
 	// Middleware
 	r.Use(s.log)
 
+	// Authentication
+	authorized := r.Group("/")
+	if config.Auth.Username != "" || config.Auth.Password != "" {
+		util.Assert(config.Auth.Username != "", "http basic auth username is required")
+		util.Assert(config.Auth.Password != "", "http basic auth password is required")
+
+		accounts := gin.Accounts{
+			config.Auth.Username: config.Auth.Password,
+		}
+		basicAuthMiddleware := gin.BasicAuth(accounts)
+		authorized.Use(basicAuthMiddleware)
+	}
+
 	// Promises API
-	r.POST("/promises", s.createPromise)
-	r.GET("/promises", s.searchPromises)
-	r.GET("/promises/*id", s.readPromise)
-	r.PATCH("/promises/*id", s.completePromise)
+	authorized.POST("/promises", s.createPromise)
+	authorized.GET("/promises", s.searchPromises)
+	authorized.GET("/promises/*id", s.readPromise)
+	authorized.PATCH("/promises/*id", s.completePromise)
 
 	// Schedules API
-	r.POST("/schedules", s.createSchedule)
-	r.GET("/schedules", s.searchSchedules)
-	r.GET("/schedules/*id", s.readSchedule)
-	r.DELETE("/schedules/*id", s.deleteSchedule)
+	authorized.POST("/schedules", s.createSchedule)
+	authorized.GET("/schedules", s.searchSchedules)
+	authorized.GET("/schedules/*id", s.readSchedule)
+	authorized.DELETE("/schedules/*id", s.deleteSchedule)
 
 	// Distributed Locks API
-	r.POST("/locks/acquire", s.acquireLock)
-	r.POST("/locks/heartbeat", s.heartbeatLocks)
-	r.POST("/locks/release", s.releaseLock)
+	authorized.POST("/locks/acquire", s.acquireLock)
+	authorized.POST("/locks/heartbeat", s.heartbeatLocks)
+	authorized.POST("/locks/release", s.releaseLock)
 
 	// Task API
-	r.POST("/tasks/claim", s.claimTask)
-	r.POST("/tasks/complete", s.completeTask)
+	authorized.POST("/tasks/claim", s.claimTask)
+	authorized.POST("/tasks/complete", s.completeTask)
 
 	return &Http{
 		config: config,
diff --git a/internal/app/subsystems/api/http/http_test.go b/internal/app/subsystems/api/http/http_test.go
diff --git a/pkg/client/client.go b/pkg/client/client.go

Original file line number	Diff line number	Diff line change
`@@ -84,7 +84,7 @@ func CompletePromiseCmds(c client.ResonateClient) []*cobra.Command {`
`84`	`84`	`} else if resp.StatusCode() == 200 {`
`85`	`85`	`cmd.Printf("%s promise: %s (deduplicated)\n", state.PastT, id)`
`86`	`86`	`} else {`
`87`		`- cmd.PrintErrln(string(resp.Body))`
	`87`	`+ cmd.PrintErrln(resp.Status(), string(resp.Body))`
`88`	`88`	`}`
`89`	`89`	`},`
`90`	`90`	`}`
Original file line number	Diff line number	Diff line change
`@@ -77,7 +77,7 @@ func CreatePromiseCmd(c client.ResonateClient) *cobra.Command {`
`77`	`77`	`} else if resp.StatusCode() == 200 {`
`78`	`78`	`cmd.Printf("Created promise: %s (deduplicated)\n", id)`
`79`	`79`	`} else {`
`80`		`- cmd.PrintErrln(string(resp.Body))`
	`80`	`+ cmd.PrintErrln(resp.Status(), string(resp.Body))`
`81`	`81`	`}`
`82`	`82`	`},`
`83`	`83`	`}`
Original file line number	Diff line number	Diff line change
`@@ -36,7 +36,7 @@ func GetPromiseCmd(c client.ResonateClient) *cobra.Command {`
`36`	`36`	`}`
`37`	`37`
`38`	`38`	`if resp.StatusCode() != 200 {`
`39`		`- cmd.PrintErrln(string(resp.Body))`
	`39`	`+ cmd.PrintErrln(resp.Status(), string(resp.Body))`
`40`	`40`	`return`
`41`	`41`	`}`
`42`	`42`
Original file line number	Diff line number	Diff line change
`@@ -69,7 +69,7 @@ func SearchPromisesCmd(c client.ResonateClient) *cobra.Command {`
`69`	`69`	`}`
`70`	`70`
`71`	`71`	`if resp.StatusCode() != 200 {`
`72`		`- cmd.PrintErr(string(resp.Body))`
	`72`	`+ cmd.PrintErrln(resp.Status(), string(resp.Body))`
`73`	`73`	`return`
`74`	`74`	`}`
`75`	`75`
Original file line number	Diff line number	Diff line change
`@@ -82,7 +82,7 @@ func CreateScheduleCmd(c client.ResonateClient) *cobra.Command {`
`82`	`82`	`} else if resp.StatusCode() == 200 {`
`83`	`83`	`cmd.Printf("Created schedule: %s (deduplicated)\n", id)`
`84`	`84`	`} else {`
`85`		`- cmd.PrintErrln(string(resp.Body))`
	`85`	`+ cmd.PrintErrln(resp.Status(), string(resp.Body))`
`86`	`86`	`}`
`87`	`87`	`},`
`88`	`88`	`}`
Original file line number	Diff line number	Diff line change
`@@ -34,7 +34,7 @@ func DeleteScheduleCmd(c client.ResonateClient) *cobra.Command {`
`34`	`34`	`}`
`35`	`35`
`36`	`36`	`if resp.StatusCode() != 204 {`
`37`		`- cmd.PrintErrln(string(resp.Body))`
	`37`	`+ cmd.PrintErrln(resp.Status(), string(resp.Body))`
`38`	`38`	`return`
`39`	`39`	`}`
`40`	`40`
Original file line number	Diff line number	Diff line change
`@@ -37,7 +37,7 @@ func GetScheduleCmd(c client.ResonateClient) *cobra.Command {`
`37`	`37`	`}`
`38`	`38`
`39`	`39`	`if resp.StatusCode() != 200 {`
`40`		`- cmd.PrintErrln(string(resp.Body))`
	`40`	`+ cmd.PrintErrln(resp.Status(), string(resp.Body))`
`41`	`41`	`return`
`42`	`42`	`}`
`43`	`43`