add gitea authn

auth_server/Makefile

@@ -22,7 +22,7 @@ generate:
 	  github.com/cesanta/docker_auth/auth_server/server/...
 
 build:
-	CGO_ENABLED=0 go build -v --ldflags=--s
+	CGO_ENABLED=0 go build -v --ldflags=--s -pkgdir /tmp/go
 
 ca-certificates.crt:
 	cp $(CA_BUNDLE) .

auth_server/authn/gitea_auth.go

@@ -0,0 +1,121 @@
+/*
+   Copyright 2016 Cesanta Software Ltd.
+
+   Licensed under the Apache License, Version 2.0 (the "License");
+   you may not use this file except in compliance with the License.
+   You may obtain a copy of the License at
+
+       https://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.
+*/
+
+package authn
+
+import (
+	"encoding/json"
+	"fmt"
+	"io/ioutil"
+	"net/http"
+	"time"
+
+	"github.com/cesanta/docker_auth/auth_server/api"
+)
+
+type GiteaAuthConfig struct {
+	HTTPTimeout     time.Duration `yaml:"http_timeout,omitempty"`
+	RevalidateAfter time.Duration `yaml:"revalidate_after,omitempty"`
+	GiteaWebUri     string        `yaml:"github_web_uri,omitempty"`
+	GiteaApiUri     string        `yaml:"github_api_uri,omitempty"`
+}
+
+type GiteaAuth struct {
+	config *GiteaAuthConfig
+	client *http.Client
+}
+
+type GiteaOrg struct {
+	Username string
+}
+
+func NewGiteaAuth(c *GiteaAuthConfig) (*GiteaAuth, error) {
+	return &GiteaAuth{
+		config: c,
+		client: &http.Client{Timeout: 10 * time.Second},
+	}, nil
+}
+
+func (gha *GiteaAuth) getGiteaApiUri() string {
+	if gha.config.GiteaApiUri != "" {
+		return gha.config.GiteaApiUri
+	} else {
+		return "https://git2.groschupp.org/api"
+	}
+}
+
+func (gha *GiteaAuth) getGiteaWebUri() string {
+	if gha.config.GiteaWebUri != "" {
+		return gha.config.GiteaWebUri
+	} else {
+		return "https://git2.groschupp.org"
+	}
+}
+
+//func (gha *GiteaAuth) authUser(user string, password PasswordString) (err error, l Labels) {
+func (gha *GiteaAuth) Authenticate(user string, password api.PasswordString) (bool, api.Labels, error) {
+	url := fmt.Sprintf("%s/v1/user/orgs", gha.getGiteaApiUri())
+	req, err := http.NewRequest("GET", url, nil)
+	if err != nil {
+		err = fmt.Errorf("unable to auth: %s", err)
+		return false, nil, err
+	}
+	req.SetBasicAuth(user, string(password))
+	resp, err := gha.client.Do(req)
+
+	if err != nil {
+		return false, nil, err
+	}
+
+	if resp.StatusCode == 401 {
+		return false, nil, nil
+	} else if resp.StatusCode != 200 {
+		err = fmt.Errorf("wrong error code %s", resp.StatusCode)
+		return false, nil, err
+	}
+
+	body, _ := ioutil.ReadAll(resp.Body)
+	resp.Body.Close()
+
+	temp := make([]GiteaOrg, 0)
+	err = json.Unmarshal(body, &temp)
+
+	if err != nil {
+		err = fmt.Errorf("could not unmarshal token user info %s: %s", body, err)
+		return false, nil, err
+	}
+
+	l := make(map[string][]string)
+
+	temp3 := make([]string, len(temp))
+
+	for _, element := range temp {
+		temp3 = append(temp3, element.Username)
+	}
+
+	if len(temp3) > 0 {
+		l["project"] = temp3
+	}
+
+	return true, l, nil
+}
+
+func (gha *GiteaAuth) Stop() {
+}
+
+func (gha *GiteaAuth) Name() string {
+	return "Gitea"
+}

auth_server/go.mod

@@ -31,7 +31,6 @@ require (
 	golang.org/x/tools v0.0.0-20201011145850-ed2f50202694 // indirect
 	google.golang.org/api v0.32.0
 	google.golang.org/genproto v0.0.0-20201009135657-4d944d34d83c // indirect
-	google.golang.org/grpc v1.33.0 // indirect
 	gopkg.in/asn1-ber.v1 v1.0.0-20181015200546-f715ec2f112d // indirect
 	gopkg.in/fsnotify.v1 v1.4.7
 	gopkg.in/mgo.v2 v2.0.0-20190816093944-a6b53ec6cb22

auth_server/go.sum

@@ -142,7 +142,6 @@ github.com/google/pprof v0.0.0-20200430221834-fc25d7d30c6d/go.mod h1:ZgVRPoUq/hf
 github.com/google/pprof v0.0.0-20200708004538-1a94d8640e99/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM=
 github.com/google/pprof v0.0.0-20200905233945-acf8798be1f7/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM=
 github.com/google/renameio v0.1.0/go.mod h1:KWCgfxg9yswjAJkECMjeO8J8rahYeXnNhOm40UhjYkI=
-github.com/google/uuid v1.1.2/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
 github.com/googleapis/gax-go/v2 v2.0.4/go.mod h1:0Wqv26UfaUD9n4G6kQubkQ+KchISgw+vpHVxEJEs9eg=
 github.com/googleapis/gax-go/v2 v2.0.5 h1:sjZBwGj9Jlw33ImPtvFviGYvseOtDM7hkSKB7+Tv3SM=
 github.com/googleapis/gax-go/v2 v2.0.5/go.mod h1:DWXyrwAJ9X0FpwwEdw+IPEYBICEFu5mhpdKc/us6bOk=
@@ -456,9 +455,8 @@ google.golang.org/grpc v1.29.1/go.mod h1:itym6AZVZYACWQqET3MqgPpjcuV5QH3BxFS3Iji
 google.golang.org/grpc v1.30.0/go.mod h1:N36X2cJ7JwdamYAgDz+s+rVMFjt3numwzf/HckM8pak=
 google.golang.org/grpc v1.31.0/go.mod h1:N36X2cJ7JwdamYAgDz+s+rVMFjt3numwzf/HckM8pak=
 google.golang.org/grpc v1.31.1/go.mod h1:N36X2cJ7JwdamYAgDz+s+rVMFjt3numwzf/HckM8pak=
+google.golang.org/grpc v1.32.0 h1:zWTV+LMdc3kaiJMSTOFz2UgSBgx8RNQoTGiZu3fR9S0=
 google.golang.org/grpc v1.32.0/go.mod h1:N36X2cJ7JwdamYAgDz+s+rVMFjt3numwzf/HckM8pak=
-google.golang.org/grpc v1.33.0 h1:IBKSUNL2uBS2DkJBncPP+TwT0sp9tgA8A75NjHt6umg=
-google.golang.org/grpc v1.33.0/go.mod h1:fr5YgcSWrqhRRxogOsw7RzIpsmvOZ6IcH4kBYTpR3n0=
 google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8=
 google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0=
 google.golang.org/protobuf v0.0.0-20200228230310-ab0ca4ff8a60/go.mod h1:cfTl7dwQJ+fmap5saPgwCLgHXTUD7jkjRqWcaiX5VyM=

auth_server/server/config.go

@@ -39,6 +39,7 @@ type Config struct {
 	Users       map[string]*authn.Requirements `yaml:"users,omitempty"`
 	GoogleAuth  *authn.GoogleAuthConfig        `yaml:"google_auth,omitempty"`
 	GitHubAuth  *authn.GitHubAuthConfig        `yaml:"github_auth,omitempty"`
+	GiteaAuth   *authn.GiteaAuthConfig         `yaml:"gitea_auth,omitempty"`
 	LDAPAuth    *authn.LDAPAuthConfig          `yaml:"ldap_auth,omitempty"`
 	MongoAuth   *authn.MongoAuthConfig         `yaml:"mongo_auth,omitempty"`
 	ExtAuth     *authn.ExtAuthConfig           `yaml:"ext_auth,omitempty"`
@@ -157,7 +158,7 @@ func validate(c *Config) error {
 	if c.Token.Expiration <= 0 {
 		return fmt.Errorf("expiration must be positive, got %d", c.Token.Expiration)
 	}
-	if c.Users == nil && c.ExtAuth == nil && c.GoogleAuth == nil && c.GitHubAuth == nil && c.LDAPAuth == nil && c.MongoAuth == nil && c.PluginAuthn == nil {
+	if c.Users == nil && c.ExtAuth == nil && c.GoogleAuth == nil && c.GitHubAuth == nil && c.GiteaAuth == nil && c.LDAPAuth == nil && c.MongoAuth == nil && c.PluginAuthn == nil {
 		return errors.New("no auth methods are configured, this is probably a mistake. Use an empty user map if you really want to deny everyone.")
 	}
 	if c.MongoAuth != nil {
@@ -208,6 +209,16 @@ func validate(c *Config) error {
 			ghac.RevalidateAfter = time.Duration(1 * time.Hour)
 		}
 	}
+	if gtac := c.GiteaAuth; gtac != nil {
+		if gtac.HTTPTimeout <= 0 {
+			gtac.HTTPTimeout = time.Duration(10 * time.Second)
+		}
+		if gtac.RevalidateAfter == 0 {
+			// Token expires after 1 hour by default
+			gtac.RevalidateAfter = time.Duration(1 * time.Hour)
+		}
+	}
+
 	if c.ExtAuth != nil {
 		if err := c.ExtAuth.Validate(); err != nil {
 			return fmt.Errorf("bad ext_auth config: %s", err)

auth_server/server/server.go

@@ -94,6 +94,14 @@ func NewAuthServer(c *Config) (*AuthServer, error) {
 		as.authenticators = append(as.authenticators, gha)
 		as.gha = gha
 	}
+        if c.GiteaAuth != nil {
+		gta, err := authn.NewGiteaAuth(c.GiteaAuth)
+		if err != nil {
+			return nil, err
+		}
+		as.authenticators = append(as.authenticators, gta)
+	}
+
 	if c.LDAPAuth != nil {
 		la, err := authn.NewLDAPAuth(c.LDAPAuth)
 		if err != nil {