diff --git a/ocis/pkg/command/storagefrontend.go b/ocis/pkg/command/storagefrontend.go index 5b7296d279..8f56ad64c4 100644 --- a/ocis/pkg/command/storagefrontend.go +++ b/ocis/pkg/command/storagefrontend.go @@ -21,6 +21,10 @@ func StorageFrontendCommand(cfg *config.Config) *cli.Command { Action: func(c *cli.Context) error { scfg := configureStorageFrontend(cfg) + if err := command.Frontend(scfg).Before(c); err != nil { + return err + } + return cli.HandleAction( command.Frontend(scfg).Action, c, diff --git a/proxy/pkg/middleware/authentication.go b/proxy/pkg/middleware/authentication.go index 16a0f5d3c6..61d8be138c 100644 --- a/proxy/pkg/middleware/authentication.go +++ b/proxy/pkg/middleware/authentication.go @@ -64,7 +64,6 @@ func Authentication(opts ...Option) func(next http.Handler) http.Handler { if options.OIDCIss == "" && options.EnableBasicAuth { basic(next).ServeHTTP(w, r) } - }) } } diff --git a/proxy/pkg/middleware/basic_auth.go b/proxy/pkg/middleware/basic_auth.go index cd20cf0b67..eb4cf7f3d5 100644 --- a/proxy/pkg/middleware/basic_auth.go +++ b/proxy/pkg/middleware/basic_auth.go @@ -61,8 +61,6 @@ func BasicAuth(optionSetters ...Option) func(next http.Handler) http.Handler { Iss: oidcIss, } - fmt.Printf("\n\nHGAHAHAHA\n\n") - next.ServeHTTP(w, req.WithContext(oidc.NewContext(req.Context(), claims))) }, ) diff --git a/storage/pkg/command/frontend.go b/storage/pkg/command/frontend.go index 9dd742a0cc..80e1225a61 100644 --- a/storage/pkg/command/frontend.go +++ b/storage/pkg/command/frontend.go @@ -6,6 +6,7 @@ import ( "os" "os/signal" "path" + "strings" "time" "github.com/cs3org/reva/cmd/revad/runtime" @@ -26,6 +27,17 @@ func Frontend(cfg *config.Config) *cli.Command { Before: func(c *cli.Context) error { cfg.Reva.Frontend.Services = c.StringSlice("service") + cfg.Reva.Frontend.Middleware.Auth.CredentialsByUserAgent = make(map[string]string, 0) + uaw := c.StringSlice("user-agent-whitelist") + for _, v := range uaw { + parts := strings.Split(v, ":") + if len(parts) != 2 { + return fmt.Errorf("unexpected config value for user-agent whitelist: %v, expected format is user-agent:challenge", v) // TODO wording + error wrapping? + } + + cfg.Reva.Frontend.Middleware.Auth.CredentialsByUserAgent[parts[0]] = parts[1] + } + return nil }, Action: func(c *cli.Context) error { @@ -116,9 +128,7 @@ func Frontend(cfg *config.Config) *cli.Command { "allow_credentials": true, }, "auth": map[string]interface{}{ - "credentials_by_user_agent": map[string]string{ - "mirall": "basic", - }, + "credentials_by_user_agent": cfg.Reva.Frontend.Middleware.Auth.CredentialsByUserAgent, }, }, // TODO build services dynamically diff --git a/storage/pkg/config/config.go b/storage/pkg/config/config.go index 69c48d8326..33d70c2148 100644 --- a/storage/pkg/config/config.go +++ b/storage/pkg/config/config.go @@ -83,6 +83,15 @@ type FrontendPort struct { OCDavPrefix string OCSPrefix string PublicURL string + Middleware Middleware +} + +type Middleware struct { + Auth Auth +} + +type Auth struct { + CredentialsByUserAgent map[string]string } // DataGatewayPort has a public url diff --git a/storage/pkg/flagset/frontend.go b/storage/pkg/flagset/frontend.go index dcada4d8bf..a3267ed736 100644 --- a/storage/pkg/flagset/frontend.go +++ b/storage/pkg/flagset/frontend.go @@ -133,6 +133,14 @@ func FrontendWithConfig(cfg *config.Config) []cli.Flag { EnvVars: []string{"STORAGE_FRONTEND_UPLOAD_HTTP_METHOD_OVERRIDE"}, Destination: &cfg.Reva.UploadHTTPMethodOverride, }, + + // Middlewares + &cli.StringSliceFlag{ + Name: "user-agent-whitelist", // TODO naming? + Value: cli.NewStringSlice("test"), + Usage: "TODO", + EnvVars: []string{"STORAGE_FRONTEND_MIDDLEWARE_AUTH_CREDENTIALS_BY_USER_AGENT"}, + }, } flags = append(flags, TracingWithConfig(cfg)...)