Added token middleware for secured access to account API (#50)

Author: petruki

resources/postman/Switcher GitOps.postman_collection.json

@@ -12,6 +12,16 @@
 				{
 					"name": "Create",
 					"request": {
+						"auth": {
+							"type": "bearer",
+							"bearer": [
+								{
+									"key": "token",
+									"value": "{{gitopsToken}}",
+									"type": "string"
+								}
+							]
+						},
 						"method": "POST",
 						"header": [],
 						"body": {
@@ -38,6 +48,16 @@
 				{
 					"name": "Update",
 					"request": {
+						"auth": {
+							"type": "bearer",
+							"bearer": [
+								{
+									"key": "token",
+									"value": "{{gitopsToken}}",
+									"type": "string"
+								}
+							]
+						},
 						"method": "PUT",
 						"header": [],
 						"body": {
@@ -64,6 +84,16 @@
 				{
 					"name": "Update (token)",
 					"request": {
+						"auth": {
+							"type": "bearer",
+							"bearer": [
+								{
+									"key": "token",
+									"value": "{{gitopsToken}}",
+									"type": "string"
+								}
+							]
+						},
 						"method": "PUT",
 						"header": [],
 						"body": {
@@ -90,6 +120,16 @@
 				{
 					"name": "Update (force sync)",
 					"request": {
+						"auth": {
+							"type": "bearer",
+							"bearer": [
+								{
+									"key": "token",
+									"value": "{{gitopsToken}}",
+									"type": "string"
+								}
+							]
+						},
 						"method": "PUT",
 						"header": [],
 						"body": {
@@ -119,6 +159,16 @@
 						"disableBodyPruning": true
 					},
 					"request": {
+						"auth": {
+							"type": "bearer",
+							"bearer": [
+								{
+									"key": "token",
+									"value": "{{gitopsToken}}",
+									"type": "string"
+								}
+							]
+						},
 						"method": "GET",
 						"header": [],
 						"body": {
@@ -146,6 +196,16 @@
 				{
 					"name": "Fetch By Domain Id / Env",
 					"request": {
+						"auth": {
+							"type": "bearer",
+							"bearer": [
+								{
+									"key": "token",
+									"value": "{{gitopsToken}}",
+									"type": "string"
+								}
+							]
+						},
 						"method": "GET",
 						"header": [],
 						"url": {
@@ -165,6 +225,16 @@
 				{
 					"name": "Delete By Domain Id / Env",
 					"request": {
+						"auth": {
+							"type": "bearer",
+							"bearer": [
+								{
+									"key": "token",
+									"value": "{{gitopsToken}}",
+									"type": "string"
+								}
+							]
+						},
 						"method": "DELETE",
 						"header": [],
 						"body": {

resources/swagger.yaml

@@ -15,6 +15,11 @@ servers:
     description: Local
   - url: https://localhost:8000
     description: Remote
+tags:
+  - name: API
+    description: API status & docs
+  - name: Account API
+    description: Account management
 paths:
   /api/check:
     get:
@@ -64,6 +69,8 @@ paths:
         - Account API
       summary: Create a new account
       description: Create a new account and starts handler when active
+      security:
+        - bearerAuth: []
       requestBody:
         required: true
         content:
@@ -94,6 +101,8 @@ paths:
         - Account API
       summary: Update an existing account
       description: Update an existing account and starts handler when active
+      security:
+        - bearerAuth: []
       requestBody:
         required: true
         content:
@@ -125,6 +134,8 @@ paths:
         - Account API
       summary: Get All accounts by domain ID
       description: Get all accounts by domain ID
+      security:
+        - bearerAuth: []
       parameters:
         - name: domainId
           in: path
@@ -166,6 +177,8 @@ paths:
         - Account API
       summary: Get account by domain ID and environment
       description: Get account by domain ID and environment
+      security:
+        - bearerAuth: []
       parameters:
         - name: domainId
           in: path
@@ -210,6 +223,8 @@ paths:
         - Account API
       summary: Delete account by domain ID and environment
       description: Delete account by domain ID and environment
+      security:
+        - bearerAuth: []
       parameters:
         - name: domainId
           in: path
@@ -240,6 +255,11 @@ paths:
               schema:
                 $ref: '#/components/schemas/ErrorResponse'
 components:
+  securitySchemes:
+    bearerAuth:
+      type: http
+      scheme: bearer
+      bearerFormat: JWT
   schemas:
     AccountRequest:
       type: object

src/controller/account.go

@@ -31,18 +31,21 @@ func NewAccountController(repo repository.AccountRepository, coreHandler *core.C
 }
 
 func (controller *AccountController) RegisterRoutes(r *mux.Router) http.Handler {
-	r.NewRoute().Path(controller.routeAccountPath).Name("CreateAccount").HandlerFunc(controller.CreateAccountHandler).Methods(http.MethodPost)
-	r.NewRoute().Path(controller.routeAccountPath).Name("UpdateAccount").HandlerFunc(controller.UpdateAccountHandler).Methods(http.MethodPut)
-	r.NewRoute().Path(controller.routeAccountPath + "/{domainId}").Name("GelAllAccountsByDomainId").HandlerFunc(controller.FetchAllAccountsByDomainIdHandler).Methods(http.MethodGet)
-	r.NewRoute().Path(controller.routeAccountPath + "/{domainId}/{enviroment}").Name("GetAccount").HandlerFunc(controller.FetchAccountHandler).Methods(http.MethodGet)
-	r.NewRoute().Path(controller.routeAccountPath + "/{domainId}/{enviroment}").Name("DeleteAccount").HandlerFunc(controller.DeleteAccountHandler).Methods(http.MethodDelete)
+	r.NewRoute().Path(controller.routeAccountPath).Name("CreateAccount").Handler(
+		ValidateToken(http.HandlerFunc(controller.CreateAccountHandler))).Methods(http.MethodPost)
+	r.NewRoute().Path(controller.routeAccountPath).Name("UpdateAccount").Handler(
+		ValidateToken(http.HandlerFunc(controller.UpdateAccountHandler))).Methods(http.MethodPut)
+	r.NewRoute().Path(controller.routeAccountPath + "/{domainId}").Name("GelAllAccountsByDomainId").Handler(
+		ValidateToken(http.HandlerFunc(controller.FetchAllAccountsByDomainIdHandler))).Methods(http.MethodGet)
+	r.NewRoute().Path(controller.routeAccountPath + "/{domainId}/{enviroment}").Name("GetAccount").Handler(
+		ValidateToken(http.HandlerFunc(controller.FetchAccountHandler))).Methods(http.MethodGet)
+	r.NewRoute().Path(controller.routeAccountPath + "/{domainId}/{enviroment}").Name("DeleteAccount").Handler(
+		ValidateToken(http.HandlerFunc(controller.DeleteAccountHandler))).Methods(http.MethodDelete)
 
 	return r
 }
 
 func (controller *AccountController) CreateAccountHandler(w http.ResponseWriter, r *http.Request) {
-	ConfigureHeaders(w)
-
 	var accountRequest model.Account
 	err := json.NewDecoder(r.Body).Decode(&accountRequest)
 	if err != nil {
@@ -71,8 +74,6 @@ func (controller *AccountController) CreateAccountHandler(w http.ResponseWriter,
 }
 
 func (controller *AccountController) FetchAccountHandler(w http.ResponseWriter, r *http.Request) {
-	ConfigureHeaders(w)
-
 	domainId := mux.Vars(r)["domainId"]
 	enviroment := mux.Vars(r)["enviroment"]
 
@@ -88,8 +89,6 @@ func (controller *AccountController) FetchAccountHandler(w http.ResponseWriter,
 }
 
 func (controller *AccountController) FetchAllAccountsByDomainIdHandler(w http.ResponseWriter, r *http.Request) {
-	ConfigureHeaders(w)
-
 	domainId := mux.Vars(r)["domainId"]
 
 	accounts := controller.accountRepository.FetchAllByDomainId(domainId)
@@ -109,8 +108,6 @@ func (controller *AccountController) FetchAllAccountsByDomainIdHandler(w http.Re
 }
 
 func (controller *AccountController) UpdateAccountHandler(w http.ResponseWriter, r *http.Request) {
-	ConfigureHeaders(w)
-
 	var accountRequest model.Account
 	err := json.NewDecoder(r.Body).Decode(&accountRequest)
 	if err != nil {
@@ -136,8 +133,6 @@ func (controller *AccountController) UpdateAccountHandler(w http.ResponseWriter,
 }
 
 func (controller *AccountController) DeleteAccountHandler(w http.ResponseWriter, r *http.Request) {
-	ConfigureHeaders(w)
-
 	domainId := mux.Vars(r)["domainId"]
 	enviroment := mux.Vars(r)["enviroment"]