Google Git
Sign in
apache / apisix-dashboard / 1a107ec052a4e2d2f055647eabef7b44986dc3e6^! / .
commit1a107ec052a4e2d2f055647eabef7b44986dc3e6[log] [tgz]
authorZeping Bai <bzp2010@apache.org>Mon Nov 28 20:30:30 2022 +0800
committerGitHub <noreply@github.com>Mon Nov 28 20:30:30 2022 +0800
treee9b8e5c97cab4c29446f8d468fbbe53cdc31d32b
parent8dcadcea202656396cb6b79aba84999e0767f311 [diff]
feat: add enable flag to oidc function (#2672)


diff --git a/.github/workflows/backend-e2e-test.yml b/.github/workflows/backend-e2e-test.yml
index d99ab23..0d427ee 100644
--- a/.github/workflows/backend-e2e-test.yml
+++ b/.github/workflows/backend-e2e-test.yml

@@ -45,7 +45,7 @@
           sed -i '/172.16.238.10:2379/a\      - 172.16.238.11:2379' ./api/conf/conf.yaml
           sed -i '/172.16.238.10:2379/a\      - 172.16.238.12:2379' ./api/conf/conf.yaml
           sed -i 's@0.0.0.0/0:9000@127.0.0.1:9000@' ./api/conf/conf.yaml
-
+          sed -i 's/enabled: false/enabled: true/' ./api/conf/conf.yaml
 
       - name: download file Dockerfile-apisix
         working-directory: ./api/test/docker

diff --git a/api/conf/conf.yaml b/api/conf/conf.yaml
index 28a542b..13ce71b 100644
--- a/api/conf/conf.yaml
+++ b/api/conf/conf.yaml

@@ -81,6 +81,7 @@
       password: user
 
 oidc:
+  enabled: false
   expire_time: 3600
   client_id: dashboard
   client_secret: dashboard

diff --git a/api/internal/conf/conf.go b/api/internal/conf/conf.go
index 077a178..3879eaf 100644
--- a/api/internal/conf/conf.go
+++ b/api/internal/conf/conf.go

@@ -43,7 +43,7 @@
 	WebDir = "html/"
 
 	DefaultCSP = "default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; img-src 'self' data:"
-	State  = "123456"
+	State      = "123456"
 )
 
 var (
@@ -69,6 +69,7 @@
 	Plugins          = map[string]bool{}
 	SecurityConf     Security
 	CookieStore      = sessions.NewCookieStore([]byte("oidc"))
+	OidcEnabled      = false
 	OidcId           string
 	OidcConfig       oauth2.Config
 	OidcExpireTime   int
@@ -137,6 +138,7 @@
 }
 
 type Oidc struct {
+	Enabled      bool   `mapstructure:"enabled"`
 	ExpireTime   int    `mapstructure:"expire_time" yaml:"expire_time"`
 	ClientID     string `mapstructure:"client_id"`
 	ClientSecret string `mapstructure:"client_secret"`
@@ -309,6 +311,7 @@
 }
 
 func initOidc(conf Oidc) {
+	OidcEnabled = conf.Enabled
 	OidcExpireTime = conf.ExpireTime
 	OidcConfig.ClientID = conf.ClientID
 	OidcConfig.ClientSecret = conf.ClientSecret

diff --git a/api/internal/route.go b/api/internal/route.go
index 0b9809e..37015dd 100644
--- a/api/internal/route.go
+++ b/api/internal/route.go

@@ -58,7 +58,13 @@
 	r := gin.New()
 	logger := log.GetLogger(log.AccessLog)
 	// security
-	r.Use(filter.RequestLogHandler(logger), filter.IPFilter(), filter.InvalidRequest(), filter.Oidc(), filter.Authentication())
+	r.Use(filter.RequestLogHandler(logger), filter.IPFilter(), filter.InvalidRequest())
+
+	// authenticate
+	if conf.OidcEnabled {
+		r.Use(filter.Oidc())
+	}
+	r.Use(filter.Authentication())
 
 	// misc
 	r.Use(gzip.Gzip(gzip.DefaultCompression), filter.CORS(), filter.RequestId(), filter.SchemaCheck(), filter.RecoverHandler())