From 4beee46dc6c7642316e118a4d3aa51e4b407256e Mon Sep 17 00:00:00 2001
From: mo khan <mo@mokhan.ca>
Date: Tue, 20 May 2025 14:28:06 -0600
Subject: feat: add external authorization service (authzd) with JWT
 authentication

- Add new authzd gRPC service implementing Envoy's external authorization API
- Integrate JWT authentication filter in Envoy configuration with claim extraction
- Update middleware to support both cookie-based and header-based user authentication
- Add comprehensive test coverage for authorization service and server
- Configure proper service orchestration with authzd, sparkled, and Envoy
- Update build system and Docker configuration for multi-service deployment
- Add grpcurl tool for gRPC service debugging and testing

This enables fine-grained authorization control through Envoy's ext_authz filter
while maintaining backward compatibility with existing cookie-based authentication.
---
 Dockerfile | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

(limited to 'Dockerfile')

diff --git a/Dockerfile b/Dockerfile
index 23c5b67..030b528 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -4,11 +4,13 @@ ENV CGO_ENABLED=0
 WORKDIR /app
 COPY . ./
 RUN go build -o /bin/sparkled ./cmd/sparkled/main.go
+RUN go build -o /bin/authzd ./cmd/authzd/main.go
 
 FROM envoyproxy/envoy:v1.34-latest
-EXPOSE 8080 9901 10000
+EXPOSE 8080 9901 10000 10003
 WORKDIR /opt/sparkle/
 RUN mkdir -p bin etc public
+COPY --from=build /bin/authzd bin/authzd
 COPY --from=build /bin/sparkled bin/sparkled
 COPY --from=build /app/public public
 COPY etc/ etc
-- 
cgit v1.2.3