adding basic auth to the endpoints

schematic-service-go/api/basicauth.go

@@ -0,0 +1,35 @@
+package api
+
+import (
+	"crypto/md5"
+	"fmt"
+	"net/http"
+
+	"github.com/willie68/schematic-service-go/dao"
+)
+
+// BasicAuth implements a simple middleware handler for adding basic http auth to a route.
+func BasicAuth(realm string) func(next http.Handler) http.Handler {
+	return func(next http.Handler) http.Handler {
+		return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+			user, pass, ok := r.BasicAuth()
+			hash := md5.Sum([]byte(pass))
+			pass = fmt.Sprintf("md5:%x", hash)
+			if !ok {
+				basicAuthFailed(w, realm)
+				return
+			}
+			fmt.Printf("user: %s, password: %s\n", user, pass)
+			if !dao.CheckUser(user, pass) {
+				basicAuthFailed(w, realm)
+				return
+			}
+			next.ServeHTTP(w, r)
+		})
+	}
+}
+
+func basicAuthFailed(w http.ResponseWriter, realm string) {
+	w.Header().Add("WWW-Authenticate", fmt.Sprintf(`Basic realm="%s"`, realm))
+	w.WriteHeader(http.StatusUnauthorized)
+}

schematic-service-go/api/schematicapi.go

@@ -35,6 +35,11 @@ func GetSchematicHandler(response http.ResponseWriter, req *http.Request) {
 		Msg(response, http.StatusBadRequest, err.Error())
 		return
 	}
+	owner, _, _ := req.BasicAuth()
+	if schematic.PrivateFile && schematic.Owner != owner {
+		Msg(response, http.StatusForbidden, "you don't have the permission to see this file")
+		return
+	}
 	render.JSON(response, req, schematic)
 }
 
@@ -74,8 +79,9 @@ func GetSchematicsEndpoint(response http.ResponseWriter, req *http.Request) {
 		}
 	}
 	log.Printf("query: %s, offset: %d, limit: %d\n", query, offset, limit)
+	owner, _, _ := req.BasicAuth()
 
-	schematics, err := dao.GetSchematics(query, offset, limit)
+	schematics, err := dao.GetSchematics(query, offset, limit, owner)
 	if err != nil {
 		Msg(response, http.StatusBadRequest, err.Error())
 		return
@@ -90,6 +96,10 @@ func PostSchematicEndpoint(response http.ResponseWriter, req *http.Request) {
 		Msg(response, http.StatusBadRequest, err.Error())
 		return
 	}
+	username, _, _ := req.BasicAuth()
+	if username != "" {
+		schematic.Owner = username
+	}
 	schematic.CreatedAt = time.Now()
 	schematic.LastModifiedAt = time.Now()
 	id, err := dao.CreateSchematic(schematic)

schematic-service-go/cmd/service.go

@@ -66,7 +66,7 @@ func init() {
 }
 
 func routes() *chi.Mux {
-	myHandler := api.NewSysAPIHandler(apikey)
+	//myHandler := api.NewSysAPIHandler(apikey)
 	baseURL := fmt.Sprintf("/api/v%s", apiVersion)
 	router := chi.NewRouter()
 	router.Use(
@@ -74,7 +74,8 @@ func routes() *chi.Mux {
 		middleware.Logger,
 		middleware.DefaultCompress,
 		middleware.Recoverer,
-		myHandler.Handler,
+		//myHandler.Handler,
+		api.BasicAuth("schematic"),
 	)
 
 	router.Route("/", func(r chi.Router) {
@@ -289,6 +290,9 @@ func importData() {
 				if !os.IsNotExist(err) {
 					count++
 					schematic := getSchematic(filepath)
+					if schematic.Owner == "" {
+						schematic.Owner = "w.klaas@gmx.de"
+					}
 					fileids := make([]string, 0)
 					for _, filename := range schematic.Files {
 						file := path + "/" + filename

schematic-service-go/configs/serviceLocal.yaml

@@ -23,5 +23,5 @@ mongodb:
     port: 27017
     username:
     password:
-    authdb: schematic
-    database: schematic
+    authdb: schematics
+    database: schematics

schematic-service-go/dao/mongodao.go

@@ -2,6 +2,7 @@ package dao
 
 import (
 	"context"
+	"crypto/md5"
 	"fmt"
 	"io"
 	"log"
@@ -24,6 +25,7 @@ const attachmentsCollectionName = "attachments"
 const schematicsCollectionName = "schematics"
 const tagsCollectionName = "tags"
 const manufacturersCollectionName = "manufacturers"
+const usersCollectionName = "users"
 
 var client *mongo.Client
 var mongoConfig config.MongoDB
@@ -31,6 +33,7 @@ var bucket gridfs.Bucket
 var database mongo.Database
 var tags []string
 var manufacturers []string
+var users map[string]string
 
 // InitDB initialise the mongodb connection, build up all collections and indexes
 func InitDB(MongoConfig config.MongoDB) {
@@ -65,8 +68,10 @@ func InitDB(MongoConfig config.MongoDB) {
 
 	tags = make([]string, 0)
 	manufacturers = make([]string, 0)
+	users = make(map[string]string)
 	initTags()
 	initManufacturers()
+	initUsers()
 }
 
 func initIndexSchematics() {
@@ -250,6 +255,30 @@ func initManufacturers() {
 	}
 }
 
+func initUsers() {
+	ctx, _ := context.WithTimeout(context.Background(), timeout)
+	usersCollection := database.Collection(usersCollectionName)
+	cursor, err := usersCollection.Find(ctx, bson.M{})
+	if err != nil {
+		log.Fatal(err)
+	}
+	defer cursor.Close(ctx)
+	for cursor.Next(ctx) {
+		var user bson.M
+		if err = cursor.Decode(&user); err != nil {
+			log.Fatal(err)
+		} else {
+			username := user["name"].(string)
+			password := user["password"].(string)
+			if !strings.HasPrefix(password, "md5:") {
+				hash := md5.Sum([]byte(password))
+				password = fmt.Sprintf("md5:%x", hash)
+			}
+			users[username] = password
+		}
+	}
+}
+
 // AddFile adding a file to the storage, stream like
 func AddFile(filename string, reader io.Reader) (string, error) {
 	uploadOpts := options.GridFSUpload().SetMetadata(bson.D{{"tag", "tag"}})
@@ -328,7 +357,7 @@ func GetFile(fileid string, stream io.Writer) error {
 }
 
 // GetSchematics getting a sdingle schematic
-func GetSchematics(query string, offset int, limit int) ([]model.Schematic, error) {
+func GetSchematics(query string, offset int, limit int, owner string) ([]model.Schematic, error) {
 	ctx, _ := context.WithTimeout(context.Background(), timeout)
 	schematicCollection := database.Collection(schematicsCollectionName)
 	queryDoc := bson.M{}
@@ -354,8 +383,10 @@ func GetSchematics(query string, offset int, limit int) ([]model.Schematic, erro
 					log.Print(err)
 					return nil, err
 				} else {
-					schematics = append(schematics, schematic)
-					docs++
+					if !schematic.PrivateFile || schematic.Owner == owner {
+						schematics = append(schematics, schematic)
+						docs++
+					}
 				}
 			} else {
 				break
@@ -411,6 +442,16 @@ func GetManufacturersCount() int {
 	return len(manufacturers)
 }
 
+func CheckUser(username string, password string) bool {
+	pwd, ok := users[username]
+	if ok {
+		if pwd == password {
+			return true
+		}
+	}
+	return false
+}
+
 func DropAll() {
 	ctx, _ := context.WithTimeout(context.Background(), timeout)
 	collectionNames, err := database.ListCollectionNames(ctx, bson.D{}, &options.ListCollectionsOptions{})

schematic-service-go/devdata/mongo.txt

@@ -1,7 +1,12 @@
 use schematic
 db.createUser({ user: "schematic", pwd: "schematic", roles: [ "readWrite", "dbAdmin", { role: "dbOwner", db: "schematic" } ]})
 
+db.runCommand({compact: "attachments.files"})
+db.runCommand({compact: "attachments.chunks"})
+
+use admin
 
 query with Collation {locale: "en", strength : 2}
 
-{$or: [{$text : {$search : "blue"}} , { manufacturer: "swr"}, {model: "OM"}]}
+{$or: [{$text : {$search : "blue"}} , { manufacturer: "swr"}, {model: "OM"}]}
+

schematic-service-go/model/schematic.go

@@ -15,7 +15,7 @@ type Schematic struct {
 	Tags           []string           `json:"tags" bson:"tags,omitempty"`
 	Description    string             `json:"description" bson:"description,omitempty"`
 	PrivateFile    bool               `json:"privateFile" bson:"privateFile,omitempty"`
-	Owner          string             `json:"owner" bson:"Owner,omitempty"`
+	Owner          string             `json:"owner" bson:"owner,omitempty"`
 	Files          []string           `json:"files" bson:"files,omitempty"`
 	ForeignId      string             `json:"foreignId" bson:"foreignId,omitempty"`
 	CreatedAt      time.Time          `json:"createdAt" bson:"createdAt,omitempty"`