feat: add enable flag to oidc function (#2672)
diff --git a/.github/workflows/backend-e2e-test.yml b/.github/workflows/backend-e2e-test.yml
index d99ab23..0d427ee 100644
--- a/.github/workflows/backend-e2e-test.yml
+++ b/.github/workflows/backend-e2e-test.yml
@@ -45,7 +45,7 @@
sed -i '/172.16.238.10:2379/a\ - 172.16.238.11:2379' ./api/conf/conf.yaml
sed -i '/172.16.238.10:2379/a\ - 172.16.238.12:2379' ./api/conf/conf.yaml
sed -i 's@0.0.0.0/0:9000@127.0.0.1:9000@' ./api/conf/conf.yaml
-
+ sed -i 's/enabled: false/enabled: true/' ./api/conf/conf.yaml
- name: download file Dockerfile-apisix
working-directory: ./api/test/docker
diff --git a/api/conf/conf.yaml b/api/conf/conf.yaml
index 28a542b..13ce71b 100644
--- a/api/conf/conf.yaml
+++ b/api/conf/conf.yaml
@@ -81,6 +81,7 @@
password: user
oidc:
+ enabled: false
expire_time: 3600
client_id: dashboard
client_secret: dashboard
diff --git a/api/internal/conf/conf.go b/api/internal/conf/conf.go
index 077a178..3879eaf 100644
--- a/api/internal/conf/conf.go
+++ b/api/internal/conf/conf.go
@@ -43,7 +43,7 @@
WebDir = "html/"
DefaultCSP = "default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; img-src 'self' data:"
- State = "123456"
+ State = "123456"
)
var (
@@ -69,6 +69,7 @@
Plugins = map[string]bool{}
SecurityConf Security
CookieStore = sessions.NewCookieStore([]byte("oidc"))
+ OidcEnabled = false
OidcId string
OidcConfig oauth2.Config
OidcExpireTime int
@@ -137,6 +138,7 @@
}
type Oidc struct {
+ Enabled bool `mapstructure:"enabled"`
ExpireTime int `mapstructure:"expire_time" yaml:"expire_time"`
ClientID string `mapstructure:"client_id"`
ClientSecret string `mapstructure:"client_secret"`
@@ -309,6 +311,7 @@
}
func initOidc(conf Oidc) {
+ OidcEnabled = conf.Enabled
OidcExpireTime = conf.ExpireTime
OidcConfig.ClientID = conf.ClientID
OidcConfig.ClientSecret = conf.ClientSecret
diff --git a/api/internal/route.go b/api/internal/route.go
index 0b9809e..37015dd 100644
--- a/api/internal/route.go
+++ b/api/internal/route.go
@@ -58,7 +58,13 @@
r := gin.New()
logger := log.GetLogger(log.AccessLog)
// security
- r.Use(filter.RequestLogHandler(logger), filter.IPFilter(), filter.InvalidRequest(), filter.Oidc(), filter.Authentication())
+ r.Use(filter.RequestLogHandler(logger), filter.IPFilter(), filter.InvalidRequest())
+
+ // authenticate
+ if conf.OidcEnabled {
+ r.Use(filter.Oidc())
+ }
+ r.Use(filter.Authentication())
// misc
r.Use(gzip.Gzip(gzip.DefaultCompression), filter.CORS(), filter.RequestId(), filter.SchemaCheck(), filter.RecoverHandler())