github.com/circl-dev/go-swagger@v0.31.0/examples/authentication/README.md (about)

     1  # Authentication sample
     2  
     3  Define the following security scheme (in `swagger.yml` specification document):
     4  
     5  ```yaml
     6  securityDefinitions:
     7    key:
     8      type: apiKey
     9      in: header
    10      name: x-token
    11  ```
    12  
    13  Specify the following security requirements for all endpoints: so by default,
    14  all endpoints use the API key auth.
    15  
    16  ```yaml
    17  security:
    18    - key: []
    19  ```
    20  
    21  Add security princial model definition:
    22  
    23  ```yaml
    24  definitions:
    25  
    26  ...
    27  
    28    principal:
    29      type: string
    30  ```
    31  
    32  Generate the code with a security principal:
    33  
    34  ```shell
    35  swagger generate server -A AuthSample -P models.Principal -f ./swagger.yml
    36  ```
    37  
    38  Edit the ./restapi/configure_auth_sample.go file
    39  
    40  ```go
    41  func configureAPI(api *operations.AuthSampleAPI) http.Handler {
    42  	// configure the api here
    43  	api.ServeError = errors.ServeError
    44  
    45  	// Set your custom logger if needed. Default one is log.Printf
    46  	// Expected interface func(string, ...interface{})
    47  	//
    48  	// Example:
    49  	api.Logger = log.Printf
    50  
    51  	api.JSONConsumer = runtime.JSONConsumer()
    52  
    53  	api.JSONProducer = runtime.JSONProducer()
    54  
    55  	// Applies when the "x-token" header is set
    56  	api.KeyAuth = func(token string) (*models.Principal, error) {
    57  		if token == "abcdefuvwxyz" {
    58  			prin := models.Principal(token)
    59  			return &prin, nil
    60  		}
    61  		api.Logger("Access attempt with incorrect api key auth: %s", token)
    62  		return nil, errors.New(401, "incorrect api key auth")
    63  	}
    64  
    65  	api.CustomersCreateHandler = customers.CreateHandlerFunc(func(params customers.CreateParams, principal *models.Principal) middleware.Responder {
    66  		return middleware.NotImplemented("operation customers.Create has not yet been implemented")
    67  	})
    68  	api.CustomersGetIDHandler = customers.GetIDHandlerFunc(func(params customers.GetIDParams, principal *models.Principal) middleware.Responder {
    69  		return middleware.NotImplemented("operation customers.GetID has not yet been implemented")
    70  	})
    71  
    72  	api.ServerShutdown = func() {}
    73  
    74  	return setupGlobalMiddleware(api.Serve(setupMiddlewares))
    75  }
    76  ```
    77  
    78  Run the server:
    79  
    80  ```shell
    81  go run ./cmd/auth-sample-server/main.go --port 35307
    82  ```
    83  
    84  Exercise auth:
    85  
    86  ```shellsession
    87  ± ivan@avalon:~  
    88   » curl -i -H 'Content-Type: application/keyauth.api.v1+json' -H 'X-Token: abcdefuvwxyz' http://127.0.0.1:35307/api/customers
    89  ```
    90  ```http
    91  HTTP/1.1 501 Not Implemented
    92  Content-Type: application/keyauth.api.v1+json
    93  Date: Fri, 25 Nov 2016 19:14:14 GMT
    94  Content-Length: 57
    95  
    96  "operation customers.GetID has not yet been implemented"
    97  ```
    98  ```shellsession
    99  ± ivan@avalon:~  
   100   » curl -i -H 'Content-Type: application/keyauth.api.v1+json' -H 'X-Token: abcdefu' http://127.0.0.1:35307/api/customers
   101  ```
   102  ```http
   103  HTTP/1.1 401 Unauthorized
   104  Content-Type: application/keyauth.api.v1+json
   105  Date: Fri, 25 Nov 2016 19:16:49 GMT
   106  Content-Length: 47
   107  
   108  {"code":401,"message":"incorrect api key auth"}
   109  ```