feat(dev): add local auth bypass mode
Some checks failed
continuous-integration/drone/pr Build is failing
Some checks failed
continuous-integration/drone/pr Build is failing
This commit is contained in:
@@ -6,6 +6,7 @@ import (
|
||||
"io/fs"
|
||||
"net/http"
|
||||
|
||||
log "github.com/sirupsen/logrus"
|
||||
"reichard.io/antholume/config"
|
||||
"reichard.io/antholume/database"
|
||||
)
|
||||
@@ -28,6 +29,10 @@ func NewServer(db *database.DBManager, cfg *config.Config, assets fs.FS) *Server
|
||||
assets: assets,
|
||||
}
|
||||
|
||||
if cfg.DisableAuth {
|
||||
log.Warn("DISABLE_AUTH is set — all API requests will bypass authentication")
|
||||
}
|
||||
|
||||
// Create strict handler with authentication middleware
|
||||
strictHandler := NewStrictHandler(s, []StrictMiddlewareFunc{s.authMiddleware})
|
||||
|
||||
@@ -51,6 +56,22 @@ func (s *Server) authMiddleware(handler StrictHandlerFunc, operationID string) S
|
||||
return handler(ctx, w, r, request)
|
||||
}
|
||||
|
||||
// Dev Auth Bypass - Inject an admin session when DISABLE_AUTH is set.
|
||||
// This avoids repeated logins during local development. Uses the
|
||||
// first user in the database so that DB queries using the user ID
|
||||
// return real data.
|
||||
if s.cfg.DisableAuth {
|
||||
devAuth, ok := s.resolveDevAuth(ctx)
|
||||
if !ok {
|
||||
w.Header().Set("Content-Type", "application/json")
|
||||
w.WriteHeader(500)
|
||||
json.NewEncoder(w).Encode(ErrorResponse{Code: 500, Message: "DISABLE_AUTH: no users in database; register one first"})
|
||||
return nil, nil
|
||||
}
|
||||
ctx = context.WithValue(ctx, "auth", devAuth)
|
||||
return handler(ctx, w, r, request)
|
||||
}
|
||||
|
||||
auth, ok := s.getSession(r)
|
||||
if !ok {
|
||||
// Write 401 response directly
|
||||
@@ -89,6 +110,26 @@ func (s *Server) authMiddleware(handler StrictHandlerFunc, operationID string) S
|
||||
}
|
||||
}
|
||||
|
||||
// resolveDevAuth determines the dev user identity when DISABLE_AUTH is set.
|
||||
// If DISABLE_AUTH_USER is specified, that user is looked up; otherwise the
|
||||
// first user in the database is used.
|
||||
func (s *Server) resolveDevAuth(ctx context.Context) (authData, bool) {
|
||||
if s.cfg.DisableAuthUser != "" {
|
||||
user, err := s.db.Queries.GetUser(ctx, s.cfg.DisableAuthUser)
|
||||
if err != nil {
|
||||
log.Errorf("DISABLE_AUTH_USER=%q not found in database: %v", s.cfg.DisableAuthUser, err)
|
||||
return authData{}, false
|
||||
}
|
||||
return authData{UserName: user.ID, IsAdmin: user.Admin}, true
|
||||
}
|
||||
|
||||
users, err := s.db.Queries.GetUsers(ctx)
|
||||
if err != nil || len(users) == 0 {
|
||||
return authData{}, false
|
||||
}
|
||||
return authData{UserName: users[0].ID, IsAdmin: users[0].Admin}, true
|
||||
}
|
||||
|
||||
// GetInfo returns server information
|
||||
func (s *Server) GetInfo(ctx context.Context, request GetInfoRequestObject) (GetInfoResponseObject, error) {
|
||||
return GetInfo200JSONResponse{
|
||||
|
||||
Reference in New Issue
Block a user