feat: added skip validtion on given endpoint

FIS2425 · Nov 17, 2024 · f1a9f1c · f1a9f1c
1 parent f5ed3d2
commit f1a9f1c
Show file tree

Hide file tree

Showing 3 changed files with 24 additions and 6 deletions.
diff --git a/config.yaml b/config.yaml
@@ -5,3 +5,6 @@ services:
   - path: "/auth/api/v1"
     target_service: "http://localhost"
     target_port: "3001"
+endpoints_without_auth:
+  - endpoint: "/auth/api/v1/login"
+    method: "POST"
diff --git a/src/config/parser.rs b/src/config/parser.rs
@@ -9,11 +9,18 @@ pub struct ServiceConfig {
     pub target_port: String,
 }
 
+#[derive(Debug, Deserialize, Serialize, Clone)]
+pub struct NoAuthEndpoints {
+    pub endpoint: String,
+    pub method: String,
+}
+
 #[derive(Debug, Deserialize, Serialize, Clone)]
 pub struct GatewayConfig {
     pub api_gateway_url: String,
     pub authorization_api_url: String,
     pub services: Vec<ServiceConfig>,
+    pub endpoints_without_auth: Vec<NoAuthEndpoints>,
 }
 
 pub fn load_config(path: &str) -> GatewayConfig {

diff --git a/src/main.rs b/src/main.rs
@@ -1,6 +1,6 @@
 mod config;
 
-use config::parser::{load_config, GatewayConfig, ServiceConfig};
+use config::parser::{load_config, GatewayConfig, NoAuthEndpoints, ServiceConfig};
 use http_body_util::{BodyExt, Full};
 use hyper::body::{Bytes, Incoming};
 use hyper::http::request::Parts;
@@ -51,11 +51,13 @@ async fn handle_request(
         }
     };
 
-    match authorize_user(req.headers(), &config.authorization_api_url).await {
-        Ok(res) if !res.status().is_success() => return Ok(res),
-        Ok(_) => (),
-        Err(_) => return service_unavailable("Failed to connect to Authorization API"),
-    };
+    if needs_auth(path, req.method().as_str(), &config.endpoints_without_auth) {
+        match authorize_user(req.headers(), &config.authorization_api_url).await {
+            Ok(res) if !res.status().is_success() => return Ok(res),
+            Ok(_) => (),
+            Err(_) => return service_unavailable("Failed to connect to Authorization API"),
+        };
+    }
 
     let (parts, body) = req.into_parts();
     let downstream_req = build_downstream_request(parts, body, service_config).await?;
@@ -70,6 +72,12 @@ fn get_service_config<'a>(path: &str, services: &'a [ServiceConfig]) -> Option<&
     services.iter().find(|c| path.starts_with(&c.path))
 }
 
+fn needs_auth(path: &str, method: &str, no_auth_endpoints: &[NoAuthEndpoints]) -> bool {
+    !no_auth_endpoints
+        .iter()
+        .any(|e| e.endpoint == path && e.method == method)
+}
+
 async fn authorize_user(headers: &HeaderMap, auth_api_url: &str) -> Result<Response<BoxBody>, ()> {
     let cookies_header_value = match headers.get(COOKIE) {
         Some(value) => value.to_str().unwrap_or_default(),