From c6d0cf1981701353c5514dd966840b05bbb87265 Mon Sep 17 00:00:00 2001 From: adranwit Date: Thu, 2 Jan 2025 10:03:37 -0800 Subject: [PATCH] enhanced auth --- cmd/options/auth.go | 4 ++-- doc/security/README.md | 5 ++++- go.mod | 6 ++---- go.sum | 10 ++++++++-- internal/translator/oauth.go | 17 ++++++++++------- internal/translator/view.go | 4 ---- view/extension/codec/bauth.go | 1 + 7 files changed, 27 insertions(+), 20 deletions(-) diff --git a/cmd/options/auth.go b/cmd/options/auth.go index b97c4fb4..c91ff72b 100644 --- a/cmd/options/auth.go +++ b/cmd/options/auth.go @@ -9,8 +9,8 @@ type ( Auth struct { HMAC string `short:"A" long:"jwtHMAC" description:"HMACKeyPath|EncKey" ` RSA string `short:"J" long:"jwtRSA" description:"PublicKeyPath|EncKey" ` - Firebase string `short:"F" long:"firebase" description:"Firebase secrets" ` - Cognito string `short:"T" long:"cognito" description:"Cognito pollId|secrets" ` + Firebase string `short:"F" long:"firebase" description:"Firebase secrets;WebAPIKey secret" ` + Cognito string `short:"T" long:"cognito" description:"secrets|EncKey" ` Custom CustomAuth `short:"E" long:"customAuth" description:"Custom AuthSQL" ` } ) diff --git a/doc/security/README.md b/doc/security/README.md index 771231ba..0e014a7d 100644 --- a/doc/security/README.md +++ b/doc/security/README.md @@ -36,6 +36,7 @@ Datly uses Oauth Identity token with JWT Claims verification with one of the fol - **config.JWTValidator** allows you to specify RSA, HMAC or Public OAth Certificate base authentication. - **config.Cognito** allows you to specify Cognito integration settings. + The following dql examples, defines $Jwt header based parameter with JWTClaim codec and Authentication data view parameters to check if UserID from JWT Claims exists in USERS table. @@ -134,7 +135,9 @@ or Cognito to get certificate generate for the AWS user pool. }, "CertURL": "public_cert_url" }, - "Cognito": {} + "Cognito": { + + } } ``` diff --git a/go.mod b/go.mod index a4975921..c9a8ce9a 100644 --- a/go.mod +++ b/go.mod @@ -30,7 +30,7 @@ require ( github.com/viant/godiff v0.4.1 github.com/viant/parsly v0.3.3-0.20240717150634-e1afaedb691b github.com/viant/pgo v0.11.0 - github.com/viant/scy v0.14.0 + github.com/viant/scy v0.15.1 github.com/viant/sqlx v0.16.2 github.com/viant/structql v0.5.2 github.com/viant/toolbox v0.36.0 @@ -52,7 +52,7 @@ require ( github.com/viant/aerospike v0.2.11-0.20241108195857-ed524b97800d github.com/viant/structology v0.6.1 github.com/viant/tagly v0.2.1-0.20240521205717-55de744e893c - github.com/viant/xdatly v0.5.4-0.20241017200152-dec35dd60752 + github.com/viant/xdatly v0.5.4-0.20241231172300-89f1db57f47a github.com/viant/xdatly/extension v0.0.0-20231013204918-ecf3c2edf259 github.com/viant/xdatly/handler v0.0.0-20241231172300-89f1db57f47a github.com/viant/xdatly/types/core v0.0.0-20240109065401-9758ebacb4bb @@ -146,5 +146,3 @@ require ( google.golang.org/protobuf v1.33.0 // indirect gopkg.in/yaml.v2 v2.4.0 // indirect ) - -replace github.com/viant/xdatly/handler => ../xdatly/handler diff --git a/go.sum b/go.sum index b888c249..d1f7cf4c 100644 --- a/go.sum +++ b/go.sum @@ -1115,8 +1115,10 @@ github.com/viant/parsly v0.3.3-0.20240717150634-e1afaedb691b h1:3q166tV28yFdbFV+ github.com/viant/parsly v0.3.3-0.20240717150634-e1afaedb691b/go.mod h1:85fneXJbErKMGhSQto3A5ElTQCwl3t74U9cSV0waBHw= github.com/viant/pgo v0.11.0 h1:PNuYVhwTfyrAHGBO6lxaMFuHP4NkjKV8ULecz3OWk8c= github.com/viant/pgo v0.11.0/go.mod h1:MFzHmkRFZlciugEgUvpl/3grK789PBSH4dUVSLOSo+Q= -github.com/viant/scy v0.14.0 h1:lk5gYVEQCSttvQEtj3Pz4Z54OYzbShhkt31gzIi22A0= -github.com/viant/scy v0.14.0/go.mod h1:yHDc9YmfDqhxiMPZcCRS+rb9KUjMNZniWZ9LMQoM0KI= +github.com/viant/scy v0.15.0 h1:xu5WJXZcpJbPccc8ahsWjKZWGgx0TM81t8pNmvMnHd4= +github.com/viant/scy v0.15.0/go.mod h1:yHDc9YmfDqhxiMPZcCRS+rb9KUjMNZniWZ9LMQoM0KI= +github.com/viant/scy v0.15.1 h1:wHAjDu4dwwKGrHPrk+T7FiRwbCl52qIE3CXunlTkNjE= +github.com/viant/scy v0.15.1/go.mod h1:yHDc9YmfDqhxiMPZcCRS+rb9KUjMNZniWZ9LMQoM0KI= github.com/viant/sqlparser v0.7.5 h1:LLJ/Y2uaqDKm94U2mr6ewnBuNl3L3+nvkDFRolM6w5M= github.com/viant/sqlparser v0.7.5/go.mod h1:2QRGiGZYk2/pjhORGG1zLVQ9JO+bXFhqIVi31mkCRPg= github.com/viant/sqlx v0.16.2 h1:8IJiWrEt83kjcR4RplWtUDUodxyIo9p5lH0oL0693nk= @@ -1137,8 +1139,12 @@ github.com/viant/x v0.3.0 h1:/3A0z/uySGxMo6ixH90VAcdjI00w5e3REC1zg5hzhJA= github.com/viant/x v0.3.0/go.mod h1:54jP3qV+nnQdNDaWxEwGTAAzCu9sx9er9htiwTW/Mcw= github.com/viant/xdatly v0.5.4-0.20241017200152-dec35dd60752 h1:hAJkO/OOnaeF5ZrKbdJAhpFN0macbfxVWVYjNnV2py0= github.com/viant/xdatly v0.5.4-0.20241017200152-dec35dd60752/go.mod h1:YwNS31k5r1Ldw5s7wmQXUKaalN6BWcfX9qePO/b/ilc= +github.com/viant/xdatly v0.5.4-0.20241231172300-89f1db57f47a h1:oddMZ6BxJysW+PPJED6/3hngyH9+QvlP6fAc25i/YoA= +github.com/viant/xdatly v0.5.4-0.20241231172300-89f1db57f47a/go.mod h1:7PvSJ8wDt1nESDFZSkVxPo5GKuPrJdCk5a5jRhPPub8= github.com/viant/xdatly/extension v0.0.0-20231013204918-ecf3c2edf259 h1:9Yry3PUBDzc4rWacOYvAq/TKrTV0agvMF0gwm2gaoHI= github.com/viant/xdatly/extension v0.0.0-20231013204918-ecf3c2edf259/go.mod h1:fb8YgbVadk8X5ZLz49LWGzWmQlZd7Y/I5wE0ru44bIo= +github.com/viant/xdatly/handler v0.0.0-20241231172300-89f1db57f47a h1:ERyZGu1drynEIQ/NIBkY675hbulFjw8WpGKYILHXmn0= +github.com/viant/xdatly/handler v0.0.0-20241231172300-89f1db57f47a/go.mod h1:LRFkkkCHUPdvoVG1r6TdH98Z6CF86pLfzjfrLYhRNGY= github.com/viant/xdatly/types/core v0.0.0-20240109065401-9758ebacb4bb h1:X4emK6TIR6IXiFlQz9wEdCi5RJMG3dg3e8+VLQ2zhnM= github.com/viant/xdatly/types/core v0.0.0-20240109065401-9758ebacb4bb/go.mod h1:LJN2m8xJjtYNCvyvNrVanJwvzj8+hYCuPswL8H4qRG0= github.com/viant/xdatly/types/custom v0.0.0-20240801144911-4c2bfca4c23a h1:jecH7mH63gj1zJwD18SdvSHM9Ttr9FEOnhHkYfkCNkI= diff --git a/internal/translator/oauth.go b/internal/translator/oauth.go index 5e2cc44d..04db9ca5 100644 --- a/internal/translator/oauth.go +++ b/internal/translator/oauth.go @@ -32,19 +32,22 @@ func (c *Config) updateAuth(ctx context.Context) error { } if res := c.repository.Firebase; res != "" { + webAPIRes := "" + if idx := strings.Index(res, ";"); idx != -1 { + webAPIRes = res[idx+1:] + res = res[:idx] + } cfg.Firebase = &firebase.Config{ - WebAPIKey: getScyResource(res), + Secrets: getScyResource(res), + } + if webAPIRes != "" { + cfg.Firebase.WebAPIKey = getScyResource(webAPIRes) } } if res := c.repository.Cognito; res != "" { - parts := strings.Split(res, "|") - if len(parts) != 2 { - return fmt.Errorf("invalid cognito auth resource: %v, expected poolID|secret", res) - } cfg.Cognito = &cognito.Config{ - PoolID: parts[0], - Resource: getScyResource(parts[1]), + Resource: getScyResource(res), } } diff --git a/internal/translator/view.go b/internal/translator/view.go index cf38fcbf..2eb70080 100644 --- a/internal/translator/view.go +++ b/internal/translator/view.go @@ -77,10 +77,6 @@ func (v *View) applyShorthands(viewlet *Viewlet) { setter.SetStringIfEmpty(&v.Schema.DataType, v.DataType) } - if v.AsyncTableName != "" { - - } - if len(v.Warmup) > 0 { v.View.Cache.Warmup = v.buildCacheWarmup(v.Warmup, viewlet) } diff --git a/view/extension/codec/bauth.go b/view/extension/codec/bauth.go index 31df3e8a..719bddb5 100644 --- a/view/extension/codec/bauth.go +++ b/view/extension/codec/bauth.go @@ -61,6 +61,7 @@ type BasicAuthSecret struct { func (i *BasicAuthSecret) ResultType(paramType reflect.Type) (reflect.Type, error) { return reflect.TypeOf(""), nil } + func (i *BasicAuthSecret) Value(ctx context.Context, raw interface{}, options ...codec.Option) (interface{}, error) { _, secret, err := ExtractBasicAuth(raw.(string)) if err != nil {