feat(gateway): disable api key requirement by default

pyadav · pyadav · commit df78aff01e2c · 2024-03-01T18:24:58.000+05:30
diff --git a/gateway/cmd/serve.go b/gateway/cmd/serve.go
@@ -79,6 +79,7 @@ func Serve(cfg *config.Config) error {
 		connectionService,
 		promptService,
 		apikeyService,
+		cfg.App.Authentication.Enabled,
 	)
 
 	if err := server.Serve(ctx, logger, cfg.App, deps); err != nil {
diff --git a/gateway/internal/api/deps.go b/gateway/internal/api/deps.go
@@ -19,6 +19,7 @@ type Deps struct {
 	ConnectionService *connection.Service
 	PromptService     *prompt.Service
 	APIKeyService     *apikey.Service
+	AuthEnabled       bool
 }
 
 func NewDeps(
@@ -29,6 +30,7 @@ func NewDeps(
 	cs *connection.Service,
 	pms *prompt.Service,
 	aks *apikey.Service,
+	authEnabled bool,
 ) *Deps {
 	return &Deps{
 		Logger:            logger,
@@ -38,5 +40,6 @@ func NewDeps(
 		ConnectionService: cs,
 		PromptService:     pms,
 		APIKeyService:     aks,
+		AuthEnabled:       authEnabled,
 	}
 }
diff --git a/gateway/internal/api/v1/v1.go b/gateway/internal/api/v1/v1.go
@@ -55,7 +55,7 @@ func Register(d *api.Deps) (http.Handler, error) {
 	stdInterceptors := []connect.Interceptor{
 		validateInterceptor,
 		otelconnectInterceptor,
-		interceptor.NewAPIKeyInterceptor(d.Logger, d.APIKeyService),
+		interceptor.NewAPIKeyInterceptor(d.Logger, d.APIKeyService, d.AuthEnabled),
 		interceptor.HeadersInterceptor(),
 		interceptor.RateLimiterInterceptor(d.RateLimiter),
 		interceptor.RetryInterceptor(),
diff --git a/gateway/internal/errors/errors.go b/gateway/internal/errors/errors.go
@@ -11,7 +11,7 @@ var (
 	ErrProviderHeaderNotExit = errors.NewBadRequest(fmt.Sprintf("%s header is required", constants.XMSProvider))
 	ErrRequiredHeaderNotExit = errors.NewBadRequest(fmt.Sprintf("either %s or %s header is required", constants.XMSProvider, constants.XMSConfig))
 	ErrRateLimitExceeded     = errors.NewForbidden("rate limit exceeded")
-	ErrUnauthenticated       = errors.NewUnauthorized("unauthenticated")
+	ErrUnauthenticated       = errors.NewUnauthorized("you are not authorized to access APIs")
 	ErrProviderNotFound      = errors.NewNotFound("provider is not found")
 	ErrRouterConfigNotValid  = errors.NewNotFound("router config is not valid")
 )
diff --git a/gateway/internal/interceptor/auth.go b/gateway/internal/interceptor/auth.go
@@ -11,9 +11,13 @@ import (
 )
 
 // NewAPIKeyInterceptor returns interceptor which is checking if api key exits
-func NewAPIKeyInterceptor(logger *slog.Logger, aks *apikey.Service) connect.UnaryInterceptorFunc {
+func NewAPIKeyInterceptor(logger *slog.Logger, aks *apikey.Service, authEnabled bool) connect.UnaryInterceptorFunc {
 	return connect.UnaryInterceptorFunc(func(next connect.UnaryFunc) connect.UnaryFunc {
 		return connect.UnaryFunc(func(ctx context.Context, req connect.AnyRequest) (connect.AnyResponse, error) {
+			if !authEnabled {
+				return next(ctx, req)
+			}
+
 			if authenticationSkipList[req.Spec().Procedure] {
 				return next(ctx, req)
 			}
diff --git a/gateway/internal/server/config.go b/gateway/internal/server/config.go
@@ -1,6 +1,11 @@
 package server
 
 type Config struct {
-	Host string `yaml:"host" json:"host,omitempty" mapstructure:"host" default:"0.0.0.0"`
-	Port int    `yaml:"port" json:"port,omitempty" mapstructure:"port" default:"8080"`
+	Host           string               `yaml:"host" json:"host,omitempty" mapstructure:"host" default:"0.0.0.0"`
+	Port           int                  `yaml:"port" json:"port,omitempty" mapstructure:"port" default:"8080"`
+	Authentication AuthenticationConfig `yaml:"authentication" mapstructure:"authentication"`
+}
+
+type AuthenticationConfig struct {
+	Enabled bool `yaml:"enabled" json:"enabled,omitempty" mapstructure:"enabled" default:"false"`
 }

Original file line number	Diff line number	Diff line change
`@@ -79,6 +79,7 @@ func Serve(cfg *config.Config) error {`
`79`	`79`	`connectionService,`
`80`	`80`	`promptService,`
`81`	`81`	`apikeyService,`
	`82`	`+ cfg.App.Authentication.Enabled,`
`82`	`83`	`)`
`83`	`84`
`84`	`85`	`if err := server.Serve(ctx, logger, cfg.App, deps); err != nil {`
Original file line number	Diff line number	Diff line change
`@@ -11,7 +11,7 @@ var (`
`11`	`11`	`ErrProviderHeaderNotExit = errors.NewBadRequest(fmt.Sprintf("%s header is required", constants.XMSProvider))`
`12`	`12`	`ErrRequiredHeaderNotExit = errors.NewBadRequest(fmt.Sprintf("either %s or %s header is required", constants.XMSProvider, constants.XMSConfig))`
`13`	`13`	`ErrRateLimitExceeded = errors.NewForbidden("rate limit exceeded")`
`14`		`- ErrUnauthenticated = errors.NewUnauthorized("unauthenticated")`
	`14`	`+ ErrUnauthenticated = errors.NewUnauthorized("you are not authorized to access APIs")`
`15`	`15`	`ErrProviderNotFound = errors.NewNotFound("provider is not found")`
`16`	`16`	`ErrRouterConfigNotValid = errors.NewNotFound("router config is not valid")`
`17`	`17`	`)`
Original file line number	Diff line number	Diff line change
`@@ -11,9 +11,13 @@ import (`
`11`	`11`	`)`
`12`	`12`
`13`	`13`	`// NewAPIKeyInterceptor returns interceptor which is checking if api key exits`
`14`		`-func NewAPIKeyInterceptor(logger slog.Logger, aks apikey.Service) connect.UnaryInterceptorFunc {`
	`14`	`+func NewAPIKeyInterceptor(logger slog.Logger, aks apikey.Service, authEnabled bool) connect.UnaryInterceptorFunc {`
`15`	`15`	`return connect.UnaryInterceptorFunc(func(next connect.UnaryFunc) connect.UnaryFunc {`
`16`	`16`	`return connect.UnaryFunc(func(ctx context.Context, req connect.AnyRequest) (connect.AnyResponse, error) {`
	`17`	`+ if !authEnabled {`
	`18`	`+ return next(ctx, req)`
	`19`	`+ }`
	`20`	`+`
`17`	`21`	`if authenticationSkipList[req.Spec().Procedure] {`
`18`	`22`	`return next(ctx, req)`
`19`	`23`	`}`