Add helper for clientauth

2 years ago · 39f9335852
parent f24ff5298c
commit 39f9335852
5 changed files with 9 additions and 8 deletions
--- a/component.go
+++ b/component.go
@ -25,6 +25,11 @@ func ClientAuthMustReg(cReg *components.Registry) *AuthRegistry[ClientPlugin] {
 	return cReg.Must(ClientAuthName).(*AuthRegistry[ClientPlugin])
 }

+func RegHasClientAuth(cReg *components.Registry) error {
+	_, err := cReg.Get(ClientAuthName)
+	return err
+}
+
 func RouterAuthComponent() *AuthRegistry[RouterPlugin] {
 	c := &AuthRegistry[RouterPlugin]{initialized: false, kind: "router", name: RouterAuthName, plugins: make(map[string]RouterPlugin)}
 	c.Register(newNoopRouterPlugin())
--- a/docker/microauth2sqld/Dockerfile
+++ b/docker/microauth2sqld/Dockerfile
@ -24,7 +24,6 @@ LABEL maintainer="René Jochum <rene@jochum.dev>"
 COPY --from=builder /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/
 COPY --from=builder /etc/passwd /etc/passwd
 COPY --from=builder /usr/local/bin/microauth2sqld /usr/local/bin/microauth2sqld
-RUN chmod +x /usr/local/bin/microauth2sqld

 COPY ./cmd/microauth2sqld/migrations /migrations

--- a/go.mod
+++ b/go.mod
@ -17,7 +17,7 @@ require (
 	golang.org/x/crypto v0.0.0-20220924013350-4ba4fb4dd9e7
 	google.golang.org/protobuf v1.28.1
 	jochum.dev/jo-micro/buncomponent v0.0.6
-	jochum.dev/jo-micro/components v0.3.0
+	jochum.dev/jo-micro/components v0.3.2
 	jochum.dev/jo-micro/logruscomponent v0.0.4
 	jochum.dev/jo-micro/router v0.4.8
 )
--- a/go.sum
+++ b/go.sum
@ -1918,8 +1918,8 @@ honnef.co/go/tools v0.0.1-2020.1.3/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9
 honnef.co/go/tools v0.0.1-2020.1.4/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k=
 jochum.dev/jo-micro/buncomponent v0.0.6 h1:Kj3BMXiDoA7LznfppqnRk2vHMbluyiGJPCgkhaYIae0=
 jochum.dev/jo-micro/buncomponent v0.0.6/go.mod h1:saW250HcLcDWTCvQRSsSLw4C/d0ly6KmHZ/P48Azek8=
-jochum.dev/jo-micro/components v0.3.0 h1:mo9IzK6UVbQuIit+vp74RFeT/VtS5mVv0ggBZ9q0tiE=
-jochum.dev/jo-micro/components v0.3.0/go.mod h1:Yvn0Qz1zctUQUI6WIjq7PbfLY87Qvywpw+KxnVZeCvA=
+jochum.dev/jo-micro/components v0.3.2 h1:Z6Od76Uh2C2+bKhfZvaDLbry8vWGe4Ie/rDfrObE1pg=
+jochum.dev/jo-micro/components v0.3.2/go.mod h1:MXpsIY5Gut4/wDNquiCN+e4zYtATVwn+7uiNKj4nlKk=
 jochum.dev/jo-micro/logruscomponent v0.0.4 h1:KkJhLIM0mm2tlk+z+gZdpb5vCeuBs6bhG3bncGhCqoQ=
 jochum.dev/jo-micro/logruscomponent v0.0.4/go.mod h1:NVy+eN3Xm2SlzdsQGuC/9/+MwU+8BwxFZuaTprmLguU=
 jochum.dev/jo-micro/router v0.4.8 h1:LLrozHtNAAtFRcvhlxNo+xnHfIZI3pR19ptDA1fWUpM=
--- a/plugins/verifier/endpointroles/verifier.go
+++ b/plugins/verifier/endpointroles/verifier.go
@ -54,16 +54,13 @@ func (v *EndpointRolesVerifier) Verify(ctx context.Context, u *auth2.User, req s
 		}

 		if v.options.DefaultDeny {
-			v.logrus().WithField("endpoint", req.Endpoint()).WithField("user_roles", u.Roles).WithField("roles_allow", ep.RolesAllow).Debug("DefaultDeny: No matching role")
 			return errors.Unauthorized("auth2/plugins/verifier/endpointroles/EndpointRolesVerifier.Verify|No matching role", "Unauthorized"), true
 		}
 	}

 	if !v.options.DefaultDeny {
-		v.logrus().WithField("endpoint", req.Endpoint()).WithField("endpoints", v.endpointnames).Trace("DefaultAllow: No rule")
 		return nil, true
 	}

-	v.logrus().WithField("endpoint", req.Endpoint()).WithField("endpoints", v.endpointnames).Debug("DefaultDeny: no rule")
-	return errors.Unauthorized("auth2/plugins/verifier/endpointroles/EndpointRolesVerifier.Verify|No rule", "Unauthorized"), false
+	return errors.Unauthorized("auth2/plugins/verifier/endpointroles/EndpointRolesVerifier.Verify|No rule", "Unauthorized"), true
 }