Identity middleware

Middleware component that authenticates requests against zebedee.

The identity and permissions returned from the identity endpoint are added to the request context.

Getting started

Initialise the identity middleware and add it into the HTTP handler chain using alice:

    router := mux.NewRouter()
    alice := alice.New(identity.Handler(true)).Then(router)
    httpServer := server.New(config.BindAddr, alice)

Wrap authenticated endpoints using the identity.Check(handler) function to check that a request identity exists.

    router.Path("/jobs").Methods("POST").HandlerFunc(identity.Check(api.addJob))

Add required headers to outbound requests to other services

    import "github.com/ONSdigital/go-ns/common"

    common.AddServiceTokenHeader(req, api.AuthToken)
    common.AddUserHeader(req, "UserA")

or, put less portably:

    req.Header.Add("Authorization", api.AuthToken)
    req.Header.Add("User-Identity", "UserA")

But most of this should be done by go-ns/rchttp and dp-api-clients-go/....

Testing

If you need to use the middleware component in unit tests you can call the constructor function that allows injection of the HTTP client

import clientsidentity "github.com/ONSdigital/go-ns/clients/identity"
import "github.com/ONSdigital/go-ns/common/commontest"

httpClient := &rchttp.ClienterMock{
    DoFunc: func(ctx context.Context, req *http.Request) (*http.Response, error) {
        return &http.Response{
            StatusCode: http.StatusOK,
        }, nil
    },
}
// set last argument to secretKey if you want to support legacy headers
clientsidentity.NewAPIClient(httpClient, zebedeeURL, "")

identityHandler := identity.HandlerForHTTPClient(doAuth, httpClient)