diff options
| author | mo khan <mo@mokhan.ca> | 2025-05-20 14:28:06 -0600 |
|---|---|---|
| committer | mo khan <mo@mokhan.ca> | 2025-05-23 14:49:19 -0600 |
| commit | 4beee46dc6c7642316e118a4d3aa51e4b407256e (patch) | |
| tree | 039bdf57b99061844aeb0fe55ad0bc1c864166af /app/app.go | |
| parent | 0ba49bfbde242920d8675a193d7af89420456fc0 (diff) | |
feat: add external authorization service (authzd) with JWT authentication
- Add new authzd gRPC service implementing Envoy's external authorization API
- Integrate JWT authentication filter in Envoy configuration with claim extraction
- Update middleware to support both cookie-based and header-based user authentication
- Add comprehensive test coverage for authorization service and server
- Configure proper service orchestration with authzd, sparkled, and Envoy
- Update build system and Docker configuration for multi-service deployment
- Add grpcurl tool for gRPC service debugging and testing
This enables fine-grained authorization control through Envoy's ext_authz filter
while maintaining backward compatibility with existing cookie-based authentication.
Diffstat (limited to 'app/app.go')
| -rw-r--r-- | app/app.go | 18 |
1 files changed, 12 insertions, 6 deletions
@@ -8,6 +8,7 @@ import ( "github.com/rs/zerolog" "github.com/xlgmokha/x/pkg/ioc" "github.com/xlgmokha/x/pkg/log" + "github.com/xlgmokha/x/pkg/x" "gitlab.com/gitlab-org/software-supply-chain-security/authorization/sparkled/app/cfg" "gitlab.com/gitlab-org/software-supply-chain-security/authorization/sparkled/app/controllers/dashboard" "gitlab.com/gitlab-org/software-supply-chain-security/authorization/sparkled/app/controllers/sparkles" @@ -35,10 +36,15 @@ func New(rootDir string) http.Handler { logger := ioc.MustResolve[*zerolog.Logger](ioc.Default) users := ioc.MustResolve[domain.Repository[*domain.User]](ioc.Default) - chain := middleware.IDToken( - ioc.MustResolve[*oidc.Provider](ioc.Default), - ioc.MustResolve[*oidc.Config](ioc.Default), - middleware.FromCookie(cfg.IDTokenCookie), - )(middleware.User(users)(mux)) - return log.HTTP(logger)(chain) + + return x.Middleware[http.Handler]( + mux, + log.HTTP(logger), + middleware.IDToken( + ioc.MustResolve[*oidc.Provider](ioc.Default), + ioc.MustResolve[*oidc.Config](ioc.Default), + middleware.FromCookie(cfg.IDTokenCookie), + ), + middleware.User(users), + ) } |