feat!: Apply JWT authentication to incoming calls (#1343)

BREAKING CHANGE: Incoming REST API calls must have a JWT authentication token, with the exception of /api/v2/ping. This change is related to the implementation of the microservice authentication (token-based) ADR. Signed-off-by: Bryon Nevis <bryon.nevis@intel.com>
edgexfoundry · Mar 7, 2023 · 774c203 · 774c203
1 parent 384d7c5
commit 774c203
Showing 1 changed file with 13 additions and 6 deletions.
diff --git a/internal/controller/http/restrouter.go b/internal/controller/http/restrouter.go
@@ -13,7 +13,9 @@ import (
 	"fmt"
 	"net/http"
 
+	"github.com/edgexfoundry/go-mod-bootstrap/v3/bootstrap/container"
 	bootstrapContainer "github.com/edgexfoundry/go-mod-bootstrap/v3/bootstrap/container"
+	"github.com/edgexfoundry/go-mod-bootstrap/v3/bootstrap/handlers"
 	"github.com/edgexfoundry/go-mod-bootstrap/v3/bootstrap/interfaces"
 	"github.com/edgexfoundry/go-mod-bootstrap/v3/di"
 	"github.com/edgexfoundry/go-mod-core-contracts/v3/clients/logger"
@@ -55,17 +57,22 @@ func (c *RestController) InitRestRoutes() {
 	c.lc.Info("Registering v2 routes...")
 	// router.UseEncodedPath() tells the router to match the encoded original path to the routes
 	c.router.UseEncodedPath()
+
+	lc := container.LoggingClientFrom(c.dic.Get)
+	secretProvider := container.SecretProviderFrom(c.dic.Get)
+	authenticationHook := handlers.AutoConfigAuthenticationFunc(secretProvider, lc)
+
 	// common
 	c.addReservedRoute(common.ApiPingRoute, c.Ping).Methods(http.MethodGet)
-	c.addReservedRoute(common.ApiVersionRoute, c.Version).Methods(http.MethodGet)
-	c.addReservedRoute(common.ApiConfigRoute, c.Config).Methods(http.MethodGet)
+	c.addReservedRoute(common.ApiVersionRoute, authenticationHook(c.Version)).Methods(http.MethodGet)
+	c.addReservedRoute(common.ApiConfigRoute, authenticationHook(c.Config)).Methods(http.MethodGet)
 	// secret
-	c.addReservedRoute(common.ApiSecretRoute, c.Secret).Methods(http.MethodPost)
+	c.addReservedRoute(common.ApiSecretRoute, authenticationHook(c.Secret)).Methods(http.MethodPost)
 	// discovery
-	c.addReservedRoute(common.ApiDiscoveryRoute, c.Discovery).Methods(http.MethodPost)
+	c.addReservedRoute(common.ApiDiscoveryRoute, authenticationHook(c.Discovery)).Methods(http.MethodPost)
 	// device command
-	c.addReservedRoute(common.ApiDeviceNameCommandNameRoute, c.GetCommand).Methods(http.MethodGet)
-	c.addReservedRoute(common.ApiDeviceNameCommandNameRoute, c.SetCommand).Methods(http.MethodPut)
+	c.addReservedRoute(common.ApiDeviceNameCommandNameRoute, authenticationHook(c.GetCommand)).Methods(http.MethodGet)
+	c.addReservedRoute(common.ApiDeviceNameCommandNameRoute, authenticationHook(c.SetCommand)).Methods(http.MethodPut)
 
 	c.router.Use(correlation.ManageHeader)
 	c.router.Use(correlation.LoggingMiddleware(c.lc))