Skip to content

feat: implement auth middleware with tenant manager #89

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Draft
onselakin wants to merge 26 commits into
base: main
Choose a base branch
from
Draft

feat: implement auth middleware with tenant manager #89

onselakin wants to merge 26 commits into from

Conversation

@onselakin
Copy link
Contributor

@onselakin onselakin commented Jul 1, 2025

This pull request introduces middleware components for authentication, authorization, service registration, and token management in the ESO-server project. These changes enhance the security and integration capabilities of the server with the tenant manager. The most important changes include the implementation of authentication and authorization middleware, service registration logic, token management functionality, and the integration of these components into the main application.

Middleware for Authentication and Authorization:

  • handlers/middleware/auth.go: Added AuthMiddleware to handle authentication and authorization, including JWT validation and tenant manager authorization checks. This includes methods like ValidateToken, CheckAuthorization, and callTenantManagerAuthz.

Service Registration:

  • handlers/middleware/service_registration.go: Implemented ServiceRegistration for ESO-server's self-registration with the tenant manager, including creating policies for authorization. Methods like RegisterWithTenantManager and SetupPolicies ensure the server registers itself and sets up necessary permissions.

Token Management:

  • handlers/middleware/token_manager.go: Added TokenManager to manage OAuth token exchange and refresh. This includes methods to ensure valid tokens (EnsureValidToken) and handle token exchange (exchangeToken).

Integration into Main Application:

  • main.go: Integrated the middleware package into the main application by adding it to the import statements.…nt manager integration

@linear
Copy link

linear bot commented Jul 1, 2025

ESS-2 Integrate ESO server with existing AuthZ on tenant-manager

In order for us to safely use ESO server, we need to be able to:

  • Authenticate user requests;
  • Authorize user requests;

Both of these activities need t obe checked by middleware-integrating ESO server with tenant-manager

onselakin added 2 commits July 27, 2025 13:02
@onselakin
feat: add permissions handler for managing policies with tenant-manag…
db95e7b 
…er integration
@onselakin
Resolve merge conflicts: integrate authorization with new features
05e4b71 
- Merged authorization implementation from HEAD with new features from main
- Added proper import aliases to avoid middleware naming conflicts
- Integrated tenant manager authentication with all new handlers
- Applied authorization middleware to all routes including:
  - Generator routes with CRUD operations
  - Scan job routes with CRUD operations
  - Scan finding routes with read operations
  - Target routes with CRUD operations
  - Generator state routes with read/delete operations
- Maintained permissions routes for tenant management
- Added new content route for secrets with authorization
- Unified function signature to include all handlers from both branches
@github-actions github-actions bot added size/XL and removed size/XL labels Jul 29, 2025
@github-actions github-actions bot added size/XL and removed size/XL labels Jul 31, 2025
@github-actions github-actions bot added size/XL and removed size/XL labels Jul 31, 2025
@github-actions github-actions bot added size/XL and removed size/XL labels Jul 31, 2025
@github-actions github-actions bot added size/XL and removed size/XL labels Jul 31, 2025
@github-actions github-actions bot added size/XL and removed size/XL labels Aug 1, 2025
@onselakin
Merge branch 'main' into onsel/ess-2-integrate-eso-server-with-existi…
92f6ac4 
…ng-authz-on-tenant-manager

# Conflicts:
#	Tiltfile
#	database/database.go
#	deploy/local/eso-server.yaml
#	go.mod
#	go.sum
@github-actions github-actions bot added size/XL and removed size/XL labels Aug 1, 2025
@github-actions github-actions bot added size/XL and removed size/XL labels Aug 1, 2025
@github-actions github-actions bot added size/XL and removed size/XL labels Aug 3, 2025
@github-actions github-actions bot added size/XL and removed size/XL labels Aug 3, 2025
@github-actions github-actions bot added size/XL and removed size/XL labels Aug 3, 2025
@github-actions github-actions bot added size/XL and removed size/XL labels Aug 3, 2025
@github-actions github-actions bot added size/XL and removed size/XL labels Aug 9, 2025
@github-actions github-actions bot added size/XL and removed size/XL labels Aug 9, 2025
@github-actions github-actions bot added size/XL and removed size/XL labels Aug 13, 2025
@github-actions github-actions bot added size/XL and removed size/XL labels Aug 14, 2025
@onselakin
feat(authz): add tenant configuration and environment variable suppor…
8c7f38d 
…t for service registration in Helm chart and middleware
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

size/XL

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@onselakin