First stable version 0.1

Prometheus support * New /metric handler with custom metrics Header Authorizer * New Authorizer to restrict access too requests with correct Header/Value Refactoring and Renaming
dpattmann · Oct 23, 2021 · f9e8410 · f9e8410
1 parent 2f9a6d3
commit f9e8410
Show file tree

Hide file tree

Showing 21 changed files with 373 additions and 145 deletions.
diff --git a/.github/workflows/default.yml b/.github/workflows/default.yml
@@ -6,10 +6,11 @@ jobs:
     steps:
       - name: Checkout
         uses: actions/checkout@v2
-      - name: Run go tests and benchmark
+      - name: Setup go env
         uses: actions/setup-go@v2.1.4
         with:
           go-version: '1.16'
+      - name: Run tests
         run: go test -v ./... -bench=.
       - name: Release new package on tag
         uses: goreleaser/goreleaser-action@v2

diff --git a/.goreleaser.yml b/.goreleaser.yml
@@ -2,7 +2,9 @@ before:
   hooks:
     - go mod tidy
 builds:
-  - env:
+  -
+    main: ./cmd/furby
+    env:
       - CGO_ENABLED=0
     goos:
       - linux

diff --git a/Dockerfile b/Dockerfile
@@ -1,13 +1,17 @@
-FROM golang:1.17.1-alpine3.14
+FROM golang:1.17.1-alpine3.14 as build
 
 WORKDIR /go/src/github.com/dpattmann/furby
 
-EXPOSE 8443
-
-COPY . .
+COPY . /go/src/github.com/dpattmann/furby
 
 RUN apk add -U --no-cache curl jq
 
-RUN cd /go/src/github.com/dpattmann/furby/cmd/furby ; go install
+RUN CGO_ENABLED=0 GOOS=linux GOARCH=amd64 go build -installsuffix 'static' /go/src/github.com/dpattmann/furby/cmd/furby/furby.go
+
+FROM scratch
+
+EXPOSE 8443
+
+COPY --from=build /go/src/github.com/dpattmann/furby/furby /bin/furby
 
-ENTRYPOINT [ "/bin/sh", "-c", "/go/src/github.com/dpattmann/furby/start.sh" ]
+ENTRYPOINT [ "/bin/furby" ]
diff --git a/README.md b/README.md
@@ -15,6 +15,14 @@ go build cmd/furby/furby.go
 
 Configuration can be passed with json or yaml file by command line argument "--path" or "-p". See example configs.
 
+## Authorizer
+
+| Name | Value | Description | 
+| --- | --- | --- |
+| noop | --- | Default authorizer |
+| user-agent | User-Agents (case insensitive) | Restrict access to specified user-agents |
+| header | Header name and values | Restrict access by specifying own header and values  |
+
 ## Testing
 
 ```bash

diff --git a/cmd/furby/furby.go b/cmd/furby/furby.go
@@ -1,28 +1,27 @@
 package main
 
 import (
+	"log"
+	"net/http"
+
 	"github.com/dpattmann/furby/internal/auth"
 	"github.com/dpattmann/furby/internal/config"
-	"github.com/dpattmann/furby/internal/server"
+	"github.com/dpattmann/furby/internal/handler"
+	"github.com/dpattmann/furby/internal/metrics"
 	"github.com/dpattmann/furby/internal/store"
+
+	"github.com/prometheus/client_golang/prometheus/promhttp"
 	flag "github.com/spf13/pflag"
-	"log"
-	"net/http"
 )
 
 var (
 	authorizer auth.Authorizer
 )
 
 func main() {
-	path := flag.StringP("path", "p", "./furby_config.json", "parameter file")
+	path := flag.StringP("path", "p", "/etc/furby/config.yaml", "parameter file")
 	flag.Parse()
 
-	if flag.NFlag() == 0 {
-		flag.PrintDefaults()
-		log.Fatal("Please pass parameter(s)")
-	}
-
 	c, err := config.NewConfig(*path)
 
 	if err != nil {
@@ -37,19 +36,24 @@ func main() {
 	switch c.Auth.Type {
 	case "user-agent":
 		authorizer = auth.NewUserAgentAuthorizer(c.Auth.UserAgents)
+	case "header":
+		authorizer = auth.NewHeaderAuthorizer(c.Auth.HeaderName, c.Auth.HeaderValues)
 	default:
 		authorizer = auth.NewNoOpAuthorizer()
 	}
 
-	handler := server.NewHandler(memoryStore, authorizer)
+	tokenHandler := handler.NewTokenHandler(memoryStore, authorizer)
+
+	http.Handle("/metrics", promhttp.HandlerFor(metrics.PrometheusRegister, promhttp.HandlerOpts{}))
+	http.Handle("/", tokenHandler)
 
 	if c.Server.Tls {
-		if err := http.ListenAndServeTLS(":8443", c.Server.Cert, c.Server.Key, handler); err != nil {
+		if err := http.ListenAndServeTLS(":8443", c.Server.Cert, c.Server.Key, nil); err != nil {
 			log.Fatal("Error running server")
 		}
 	}
 
-	if err := http.ListenAndServe(":8443", handler); err != nil {
+	if err := http.ListenAndServe(":8443", nil); err != nil {
 		log.Fatal("Error running server")
 	}
 }
diff --git a/configs/furby_config_example.json b/configs/furby_config_example.json
@@ -1,22 +1,15 @@
 {
     "auth" : {
         "type": "noop",
-        "user-agents": [
-            "my-best-agent",
-            "firefox 3005",
-            "Chrome 500.1"
-        ]
+        "user-agents": []
     },
     "client_credentials" : {
-        "id": "111abc",
-        "scopes": [
-            "scope1",
-            "scope2"
-        ],
-        "secret": "i_am_totally_confident",
-        "url": "https://somedomain.com/oauth2/token"
+        "id": "ClientId",
+        "scopes": [],
+        "secret": "ClientSecret",
+        "url": "https://oauth.server/oauth2/token"
     },
-    "storage": {
+    "store": {
         "interval": 300
     },
     "server": {

diff --git a/configs/furby_config_example.yaml b/configs/furby_config_example.yaml
@@ -2,18 +2,13 @@
 
 auth:
     type: "noop"
-    user-agents:
-        - "my-best-agent"
-        - "firefox 3005"
-        - "Chrome 500.1"
+    user-agents: []
 
 client_credentials:
-    id: "111abc"
-    scopes:
-        - "scope1"
-        - "scope2"
-    secret: "i_am_totally_confident"
-    url: "https://somedomain.com/oauth2/token"
+    id: "ClientId"
+    scopes: []
+    secret: "ClientSecret"
+    url: "https://oauth.server/oauth2/token"
 
 store:
     interval: 300

diff --git a/docker-compose.yml b/docker-compose.yml
@@ -1,50 +1,14 @@
 version: '3.7'
 
 services:
-
   hydra:
-    depends_on:
-      - hydra-migrate
-      - hydra-postgresd
-    image: oryd/hydra:v1.10.6
+    image: oryd/hydra:v1.10.6-sqlite
     environment:
-      DSN: postgres://hydra:secret@hydra-postgresd:5432/hydra?sslmode=disable
+      DSN: memory
       SECRETS_SYSTEM: hydra-secret-system
+      STRATEGIES_ACCESS_TOKEN: jwt
     ports:
-      - 4444:4444
-      - 4445:4445
+      - "4444:4444"
+      - "4445:4445"
     command: serve all --dangerous-force-http
     restart: on-failure
-    logging:
-      driver: none
-
-  hydra-migrate:
-    depends_on:
-      - hydra-postgresd
-    image: oryd/hydra:v1.10.6
-    environment:
-      - DSN=postgres://hydra:secret@hydra-postgresd:5432/hydra?sslmode=disable&max_conns=20&max_idle_conns=4
-    command:
-      migrate sql -e --yes
-    restart: on-failure
-    logging:
-      driver: none
-
-  hydra-postgresd:
-    image: postgres:12.4
-    ports:
-      - "5432:5432"
-    environment:
-      - POSTGRES_USER=hydra
-      - POSTGRES_PASSWORD=secret
-      - POSTGRES_DB=hydra
-    logging:
-      driver: none
-
-  furby:
-    depends_on:
-      - hydra
-    build:
-      context: .
-    ports:
-      - "8443:8443"
diff --git a/go.mod b/go.mod
@@ -6,6 +6,7 @@ require (
 	github.com/go-playground/validator/v10 v10.9.0
 	github.com/jarcoal/httpmock v1.0.8
 	github.com/knadh/koanf v1.3.0
+	github.com/prometheus/client_golang v1.11.0
 	github.com/spf13/pflag v1.0.5
 	github.com/stretchr/testify v1.7.0
 	golang.org/x/oauth2 v0.0.0-20210819190943-2bc19b11175f
-Original file line number
+Diff line change
@@ Expand Up / @@ -2,7 +2,9 @@ before: @@
       hooks:
         - go mod tidy
     builds:
-      - env:
+      -
+        main: ./cmd/furby
+        env:
           - CGO_ENABLED=0
         goos:
           - linux
@@ Expand Down @@