add support for some basic authentication methods

2026-04-19 00:36:38 +00:00 · 2026-01-29 16:34:52 +00:00
parent 0d480071b6
commit e95cfa1a00
12 changed files with 867 additions and 449 deletions
--- a/proxy/internal/auth/pin.go
+++ b/proxy/internal/auth/pin.go
@@ -1,22 +1,26 @@
 package auth

 import (
-	"crypto/subtle"
 	"net/http"
+
+	"github.com/netbirdio/netbird/shared/management/proto"
 )

 const (
-	userId = "pin-user"
-	formId = "pin"
+	pinUserId = "pin-user"
+	pinFormId = "pin"
 )

 type Pin struct {
-	pin string
+	id, accountId string
+	client        authenticator
 }

-func NewPin(pin string) Pin {
+func NewPin(client authenticator, id, accountId string) Pin {
 	return Pin{
-		pin: pin,
+		id:        id,
+		accountId: accountId,
+		client:    client,
 	}
 }

@@ -30,14 +34,27 @@ func (Pin) Type() Method {
 // so that it can be injected into a request from the UI so that
 // authentication may be successful.
 func (p Pin) Authenticate(r *http.Request) (string, bool, any) {
-	pin := r.FormValue(formId)
+	pin := r.FormValue(pinFormId)

-	// Compare the passed pin with the expected pin.
-	if subtle.ConstantTimeCompare([]byte(pin), []byte(p.pin)) == 1 {
-		return userId, false, nil
+	res, err := p.client.Authenticate(r.Context(), &proto.AuthenticateRequest{
+		Id:        p.id,
+		AccountId: p.accountId,
+		Request: &proto.AuthenticateRequest_Pin{
+			Pin: &proto.PinRequest{
+				Pin: pin,
+			},
+		},
+	})
+	if err != nil {
+		// TODO: log error here
+		return "", false, pinFormId
 	}

-	return "", false, formId
+	if res.GetSuccess() {
+		return pinUserId, true, nil
+	}
+
+	return "", false, pinFormId
 }

 func (p Pin) Middleware(next http.Handler) http.Handler {