Update to optionally enable/disable authentication

- Perform skipping BasicAuth separated from AUTH enablement
cloud-barista · Nov 16, 2023 · f4c8cc2 · f4c8cc2
1 parent 727be82
commit f4c8cc2
Show file tree

Hide file tree

Showing 3 changed files with 29 additions and 24 deletions.
diff --git a/Dockerfile b/Dockerfile
@@ -52,7 +52,8 @@ ENV DB_PASSWORD cm_beetle
 # API Setting
 # ALLOW_ORIGINS (ex: https://cloud-barista.org,xxx.xxx.xxx.xxx or * for all)
 ENV ALLOW_ORIGINS *
-ENV SKIP_BASIC_AUTH false
+## Set ENABLE_AUTH=true currently for basic auth for all routes (i.e., url or path)
+ENV ENABLE_AUTH true
 ENV API_USERNAME default
 ENV API_PASSWORD default
 

diff --git a/conf/setup.env b/conf/setup.env
@@ -19,8 +19,8 @@ export DB_PASSWORD=cm_beetle
 # Set API access config
 ## ALLOW_ORIGINS (ex: https://cloud-barista.org,http://localhost:8080 or * for all)
 export ALLOW_ORIGINS=*
-## Set SKIP_BASIC_AUTH=true to skip basic auth for all routes (i.e., url or path)
-export SKIP_BASIC_AUTH=false
+## Set ENABLE_AUTH=true currently for basic auth for all routes (i.e., url or path)
+export ENABLE_AUTH=true
 export API_USERNAME=default
 export API_PASSWORD=default
 

diff --git a/pkg/api/rest/server/server.go b/pkg/api/rest/server/server.go
@@ -97,30 +97,32 @@ func RunServer(port string) {
 		AllowMethods: []string{http.MethodGet, http.MethodPut, http.MethodPost, http.MethodDelete},
 	}))
 
-	skipBasicAuthOption := os.Getenv("SKIP_BASIC_AUTH") == "true"
+	// Conditions to prevent abnormal operation due to typos (e.g., ture, falss, etc.)
+	enableAuth := os.Getenv("ENABLE_AUTH") == "true"
 
 	apiUser := os.Getenv("API_USERNAME")
 	apiPass := os.Getenv("API_PASSWORD")
 
-	e.Use(middleware.BasicAuthWithConfig(middleware.BasicAuthConfig{
-		Skipper: func(c echo.Context) bool {
-			if skipBasicAuthOption ||
-				c.Path() == "/beetle/health" ||
-				c.Path() == "/beetle/httpVersion" {
-				// c.Path() == "/beetle/swagger/*" {
-				return true
-			}
-			return false
-		},
-		Validator: func(username, password string, c echo.Context) (bool, error) {
-			// Be careful to use constant time comparison to prevent timing attacks
-			if subtle.ConstantTimeCompare([]byte(username), []byte(apiUser)) == 1 &&
-				subtle.ConstantTimeCompare([]byte(password), []byte(apiPass)) == 1 {
-				return true, nil
-			}
-			return false, nil
-		},
-	}))
+	if enableAuth {
+		e.Use(middleware.BasicAuthWithConfig(middleware.BasicAuthConfig{
+			// Skip authentication for some routes that do not require authentication
+			Skipper: func(c echo.Context) bool {
+				if c.Path() == "/beetle/health" ||
+					c.Path() == "/beetle/httpVersion" {
+					return true
+				}
+				return false
+			},
+			Validator: func(username, password string, c echo.Context) (bool, error) {
+				// Be careful to use constant time comparison to prevent timing attacks
+				if subtle.ConstantTimeCompare([]byte(username), []byte(apiUser)) == 1 &&
+					subtle.ConstantTimeCompare([]byte(password), []byte(apiPass)) == 1 {
+					return true, nil
+				}
+				return false, nil
+			},
+		}))
+	}
 
 	fmt.Println("\n \n ")
 	fmt.Print(banner)
@@ -173,7 +175,9 @@ func RunServer(port string) {
 	selfEndpoint := os.Getenv("SELF_ENDPOINT")
 	apidashboard := " http://" + selfEndpoint + "/beetle/swagger/index.html"
 
-	fmt.Println(" Access to API dashboard" + " (username: " + apiUser + " / password: " + apiPass + ")")
+	if enableAuth {
+		fmt.Println(" Access to API dashboard" + " (username: " + apiUser + " / password: " + apiPass + ")")
+	}
 	fmt.Printf(noticeColor, apidashboard)
 	fmt.Println("\n ")