add support for some basic authentication methods

2026-04-16 15:26:40 +00:00 · 2026-01-29 16:34:52 +00:00
parent 0d480071b6
commit e95cfa1a00
12 changed files with 867 additions and 449 deletions
--- a/shared/management/proto/proxy_service.pb.go
+++ b/shared/management/proto/proxy_service.pb.go
--- a/shared/management/proto/proxy_service.proto
+++ b/shared/management/proto/proxy_service.proto
@@ -12,6 +12,8 @@ service ProxyService {
  rpc GetMappingUpdate(GetMappingUpdateRequest) returns (stream GetMappingUpdateResponse);

  rpc SendAccessLog(SendAccessLogRequest) returns (SendAccessLogResponse);
+
+  rpc Authenticate(AuthenticateRequest) returns (AuthenticateResponse);
 }

 // GetMappingUpdateRequest is sent to initialise a mapping stream.
@@ -40,35 +42,18 @@ message PathMapping {
 }

 message Authentication {
-  Password password = 1;
-  Pin pin = 2;
-  OIDC oidc = 3;
-  Link link = 4;
-}
-
-message Password {
-  bool enabled = 1;
-  string password = 2;
-}
-
-message Pin {
-  bool enabled = 1;
-  string pin = 2;
-}
-
-message Link {
-  bool enabled = 1;
-  string link_url = 2;
+  bool password = 1;
+  bool pin = 2;
+  optional OIDC oidc = 3;
+  bool link = 4;
 }

 message OIDC {
-  bool enabled = 1;
-  string oidc_provider_url = 2;
-  string oidc_client_id = 3;
-  string oidc_client_secret = 4;
-  string oidc_redirect_url = 5;
-  repeated string oidc_scopes = 6;
-  string session_cookie_name = 7;
+  string oidc_provider_url = 1;
+  string oidc_client_id = 2;
+  string oidc_client_secret = 3;
+  string oidc_redirect_url = 4;
+  repeated string oidc_scopes = 5;
 }

 message ProxyMapping {
@@ -104,3 +89,30 @@ message AccessLog {
  string user_id = 12;
  bool auth_success = 13;
 }
+
+message AuthenticateRequest {
+  string id = 1;
+  string account_id = 2;
+  oneof request {
+    PasswordRequest password = 3;
+    PinRequest pin = 4;
+    LinkRequest link = 5;
+  }
+}
+
+message PasswordRequest {
+  string password = 1;
+}
+
+message PinRequest {
+  string pin = 1;
+}
+
+message LinkRequest {
+  string email = 1;
+  string redirect = 2;
+}
+
+message AuthenticateResponse {
+  bool success = 1;
+}
--- a/shared/management/proto/proxy_service_grpc.pb.go
+++ b/shared/management/proto/proxy_service_grpc.pb.go
@@ -20,6 +20,7 @@ const _ = grpc.SupportPackageIsVersion7
 type ProxyServiceClient interface {
 	GetMappingUpdate(ctx context.Context, in *GetMappingUpdateRequest, opts ...grpc.CallOption) (ProxyService_GetMappingUpdateClient, error)
 	SendAccessLog(ctx context.Context, in *SendAccessLogRequest, opts ...grpc.CallOption) (*SendAccessLogResponse, error)
+	Authenticate(ctx context.Context, in *AuthenticateRequest, opts ...grpc.CallOption) (*AuthenticateResponse, error)
 }

 type proxyServiceClient struct {
@@ -71,12 +72,22 @@ func (c *proxyServiceClient) SendAccessLog(ctx context.Context, in *SendAccessLo
 	return out, nil
 }

+func (c *proxyServiceClient) Authenticate(ctx context.Context, in *AuthenticateRequest, opts ...grpc.CallOption) (*AuthenticateResponse, error) {
+	out := new(AuthenticateResponse)
+	err := c.cc.Invoke(ctx, "/management.ProxyService/Authenticate", in, out, opts...)
+	if err != nil {
+		return nil, err
+	}
+	return out, nil
+}
+
 // ProxyServiceServer is the server API for ProxyService service.
 // All implementations must embed UnimplementedProxyServiceServer
 // for forward compatibility
 type ProxyServiceServer interface {
 	GetMappingUpdate(*GetMappingUpdateRequest, ProxyService_GetMappingUpdateServer) error
 	SendAccessLog(context.Context, *SendAccessLogRequest) (*SendAccessLogResponse, error)
+	Authenticate(context.Context, *AuthenticateRequest) (*AuthenticateResponse, error)
 	mustEmbedUnimplementedProxyServiceServer()
 }

@@ -90,6 +101,9 @@ func (UnimplementedProxyServiceServer) GetMappingUpdate(*GetMappingUpdateRequest
 func (UnimplementedProxyServiceServer) SendAccessLog(context.Context, *SendAccessLogRequest) (*SendAccessLogResponse, error) {
 	return nil, status.Errorf(codes.Unimplemented, "method SendAccessLog not implemented")
 }
+func (UnimplementedProxyServiceServer) Authenticate(context.Context, *AuthenticateRequest) (*AuthenticateResponse, error) {
+	return nil, status.Errorf(codes.Unimplemented, "method Authenticate not implemented")
+}
 func (UnimplementedProxyServiceServer) mustEmbedUnimplementedProxyServiceServer() {}

 // UnsafeProxyServiceServer may be embedded to opt out of forward compatibility for this service.
@@ -142,6 +156,24 @@ func _ProxyService_SendAccessLog_Handler(srv interface{}, ctx context.Context, d
 	return interceptor(ctx, in, info, handler)
 }

+func _ProxyService_Authenticate_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
+	in := new(AuthenticateRequest)
+	if err := dec(in); err != nil {
+		return nil, err
+	}
+	if interceptor == nil {
+		return srv.(ProxyServiceServer).Authenticate(ctx, in)
+	}
+	info := &grpc.UnaryServerInfo{
+		Server:     srv,
+		FullMethod: "/management.ProxyService/Authenticate",
+	}
+	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
+		return srv.(ProxyServiceServer).Authenticate(ctx, req.(*AuthenticateRequest))
+	}
+	return interceptor(ctx, in, info, handler)
+}
+
 // ProxyService_ServiceDesc is the grpc.ServiceDesc for ProxyService service.
 // It's only intended for direct use with grpc.RegisterService,
 // and not to be introspected or modified (even as a copy)
@@ -153,6 +185,10 @@ var ProxyService_ServiceDesc = grpc.ServiceDesc{
 			MethodName: "SendAccessLog",
 			Handler:    _ProxyService_SendAccessLog_Handler,
 		},
+		{
+			MethodName: "Authenticate",
+			Handler:    _ProxyService_Authenticate_Handler,
+		},
 	},
 	Streams: []grpc.StreamDesc{
 		{