Middleware for authentication by access key and signed data

[ChristopherRabotin]

Implements #43 .

Below is the README of this middleware.

The signedauth middleware

Purpose

Allows to protect routes with a signature based authentication.

Features

Quite customizable, including the following custom settings.

• Hash used for signature (e.g. SHA-1), cf SignedAuthManager.HashFunction.
• Authorization header prefix (e.g. SAUTH), cf SignedAuthManager.AuthHeaderPrefix.
• Access key to secret key logic (e.g. hardcoded strings or database connection), cf SignedAuthManager.SecretKey.
• Additional request verifications apart from just the provided header (e.g. a Date header whose value must be in a given format and represent a recent time), cf SignedAuthManager.SecretKey.
• Data extraction for HMAC signature (e.g. date header on the first line, first four characters of the body on the second line), cf. SignedAuthManager.DataToSign.
• Allow unsigned requests, so they can be intercepted by another middleware for example, cf. SignedAuthManager.AuthHeaderRequired.
• Context key and value which can be used in the rest of the calls, cf. SignedAuthManager.ContextKey and cf. SignedAuthManager.ContextValue.

Examples

Refer to the tests and the example directory.

[ChristopherRabotin]

Anyone know why Travis is spitting out the following error? All goconvery, go test ., go build work on my side (and the example can also be ran).

github.com/ChristopherRabotin/gin-contrib (download)
package github.com/ChristopherRabotin/gin-contrib/signedauth
    imports github.com/ChristopherRabotin/gin-contrib/signedauth
    imports github.com/ChristopherRabotin/gin-contrib/signedauth: cannot find package "github.com/ChristopherRabotin/gin-contrib/signedauth" in any of:
    /home/travis/.gimme/versions/go1.4.2.linux.amd64/src/github.com/ChristopherRabotin/gin-contrib/signedauth (from $GOROOT)
    /home/travis/gopath/src/github.com/ChristopherRabotin/gin-contrib/signedauth (from $GOPATH)

[manucorporat]

@ChristopherRabotin can you pull the last changes?
also, can you update to Gin v1. it was release today! there some API changes:
https://github.com/gin-gonic/gin/releases/tag/v1.0rc1
c.Fail() ---> c.AbortWithError()

[manucorporat]

"github.com/ChristopherRabotin/gin-contrib/signedauth" does not exist in your master branch. and github.com/ChristopherRabotin/gin-contrib/signedauth should be changed to "github.com/gin-gonic/contrib/signedauth

Go sometimes sucks.

[manucorporat]

what is this?

[ChristopherRabotin]

Could you clarify your question so I can implement the changes you'd like so this PR can be merged? Thanks.

[ChristopherRabotin]

The ContextValue function allows to set a given value into the context provided an access string, and is only called once the signature was proven as valid. Hence, this function takes, as input, some uniquely user-identifiable string and sets a given value in the context for subsequent calls in the context. For example if user with ID 5 has access key user_id_5_access with a given secret key, and passed all the validation steps for the request, then this function will be called with user_id_5_access as its only parameter, and can set 5 in the user variable of the context. This is an example of course because everything is configurable in this plugin, as explained in the README.

[ChristopherRabotin]

@manucorporat , the build is failing from an auth failure. Any idea on the reasons?

# cd .; git clone https://github.com/gin-gonic/gin-contrib /home/travis/gopath/src/github.com/gin-gonic/gin-contrib
Cloning into '/home/travis/gopath/src/github.com/gin-gonic/gin-contrib'...
remote: Invalid username or password.
fatal: Authentication failed for 'https://github.com/gin-gonic/gin-contrib/'

[manucorporat]

@ChristopherRabotin "github.com/gin-gonic/gin-contrib" does not exist.

[ChristopherRabotin]

@manucorporat sorry, I wasn't awake enough when I wrote that comment. Fixing this now.

[manucorporat]

@ChristopherRabotin do not worry too much about travis ci, I will review it.

[ChristopherRabotin]

@manucorporat let me know if I can help for the review.

[ChristopherRabotin]

@manucorporat , I hope to use the code in this PR on a production system in the next week, so could you merge it in? Let me know how I can help you in reviewing this PR, maybe in explaining parts of the code for example. Thank you in advance.

[ChristopherRabotin]

This build just failed because of issues unrelated to this PR.

# github.com/gin-gonic/contrib/ginrus/example
ginrus/example/example.go:5: imported and not used: "io/ioutil"
ginrus/example/example.go:29: logger.SetOutput undefined (type *logrus.Logger has no field or method SetOutput)
github.com/gin-gonic/contrib/cache/example
The command "eval go get -t -v ./..." failed. Retrying, 2 of 3.
found packages example_cookie.go (maincookie) and example_redis.go (mainredis) in sessions/examples
found packages example_cookie.go (maincookie) and example_redis.go (mainredis) in sessions/examples
github.com/yvasiyarov/gorelic
# github.com/yvasiyarov/gorelic
../../yvasiyarov/gorelic/agent.go:133: not enough arguments in call to newrelic_platform_go.NewPluginComponent
The command "eval go get -t -v ./..." failed. Retrying, 3 of 3.
found packages example_cookie.go (maincookie) and example_redis.go (mainredis) in sessions/examples
found packages example_cookie.go (maincookie) and example_redis.go (mainredis) in sessions/examples
github.com/yvasiyarov/gorelic
# github.com/yvasiyarov/gorelic
../../yvasiyarov/gorelic/agent.go:133: not enough arguments in call to newrelic_platform_go.NewPluginComponent
The command "eval go get -t -v ./..." failed 3 times.
The command "go get -t -v ./..." failed and exited with 2 during .
Your build has been stopped.

[ChristopherRabotin]

Superseded by #56 .