resonatehq · hkiiita · May 20, 2024 · May 20, 2024 · May 20, 2024 · May 20, 2024
diff --git a/cmd/root.go b/cmd/root.go
@@ -1,6 +1,7 @@
 package cmd
 
 import (
+	"github.com/resonatehq/resonate/internal/creds"
 	"log/slog"
 	"os"
 	"strings"
@@ -16,7 +17,7 @@ import (
 )
 
 var (
-	server, cfgFile string
+	server, cfgFile, credFile string
 )
 
 var rootCmd = &cobra.Command{
@@ -48,7 +49,32 @@ func init() {
 	rootCmd.SetErr(os.Stderr)
 }
 
+func initCreds() {
+	if credFile != "" {
+		viper.SetConfigFile(credFile)
+	} else {
+		viper.SetConfigName("sample-creds")
+		viper.AddConfigPath(".")
+		viper.AddConfigPath("$HOME")
+	}
+
+	err := viper.ReadInConfig()
+	if err != nil {
+		slog.Error("Error reading creds file", "error", err)
+		return
+	}
+
+	err = viper.Unmarshal(&creds.CredsFromFile)
+	if err != nil {
+		slog.Error("Unable to decode creds from file into struct", "error", err)
+		return
+	}
+}
+
 func initConfig() {
+	initCreds()
+	viper.Reset()
+
 	if cfgFile != "" {
 		viper.SetConfigFile(cfgFile)
 	} else {

diff --git a/cmd/serve/serve.go b/cmd/serve/serve.go
@@ -2,6 +2,7 @@ package serve
 
 import (
 	"fmt"
+	"github.com/resonatehq/resonate/internal/creds"
 	"log/slog"
 	netHttp "net/http"
 	"os"
@@ -56,6 +57,13 @@ func ServeCmd() *cobra.Command {
 			api := api.New(config.API.Size, metrics)
 			aio := aio.New(config.AIO.Size, metrics)
 
+			creds, err := creds.GetCredentials()
+			if err != nil {
+				slog.Error("failed to get credentials.", "error", err)
+				return err
+			}
+			config.API.Subsystems.Http.Auth = creds
+
 			// instantiate api subsystems
 			http := http.New(api, config.API.Subsystems.Http)
 			grpc := grpc.New(api, config.API.Subsystems.Grpc)

diff --git a/internal/app/subsystems/api/http/http.go b/internal/app/subsystems/api/http/http.go
@@ -2,12 +2,12 @@ package http
 
 import (
 	"context"
+	"github.com/resonatehq/resonate/internal/creds"
 	"net/http"
 	"time"
 
 	"github.com/go-playground/validator/v10"
 	"github.com/resonatehq/resonate/internal/app/subsystems/api/service"
-
 	"log/slog"
 
 	"github.com/gin-gonic/gin"
@@ -18,13 +18,22 @@ import (
 type Config struct {
 	Addr    string
 	Timeout time.Duration
+	Auth    creds.CredentialsList
 }
 
 type Http struct {
 	config *Config
 	server *http.Server
 }
 
+func BasicAuthMiddleware(config *Config) gin.HandlerFunc {
+	credentials := creds.GetProcessedCreds(config.Auth)
+	if credentials != nil {
+		return gin.BasicAuth(credentials)
+	}
+	return nil
+}
+
 func New(api api.API, config *Config) api.Subsystem {
 	gin.SetMode(gin.ReleaseMode)
 
@@ -38,27 +47,29 @@ func New(api api.API, config *Config) api.Subsystem {
 
 	// Middleware
 	r.Use(s.log)
+	authorized := r.Group("/")
+	authorized.Use(BasicAuthMiddleware(config))
 
 	// Promises API
-	r.POST("/promises", s.createPromise)
-	r.GET("/promises", s.searchPromises)
-	r.GET("/promises/*id", s.readPromise)
-	r.PATCH("/promises/*id", s.completePromise)
+	authorized.POST("/promises", s.createPromise)
+	authorized.GET("/promises", s.searchPromises)
+	authorized.GET("/promises/*id", s.readPromise)
+	authorized.PATCH("/promises/*id", s.completePromise)
 
 	// Schedules API
-	r.POST("/schedules", s.createSchedule)
-	r.GET("/schedules", s.searchSchedules)
-	r.GET("/schedules/*id", s.readSchedule)
-	r.DELETE("/schedules/*id", s.deleteSchedule)
+	authorized.POST("/schedules", s.createSchedule)
+	authorized.GET("/schedules", s.searchSchedules)
+	authorized.GET("/schedules/*id", s.readSchedule)
+	authorized.DELETE("/schedules/*id", s.deleteSchedule)
 
 	// Distributed Locks API
-	r.POST("/locks/acquire", s.acquireLock)
-	r.POST("/locks/heartbeat", s.heartbeatLocks)
-	r.POST("/locks/release", s.releaseLock)
+	authorized.POST("/locks/acquire", s.acquireLock)
+	authorized.POST("/locks/heartbeat", s.heartbeatLocks)
+	authorized.POST("/locks/release", s.releaseLock)
 
 	// Task API
-	r.POST("/tasks/claim", s.claimTask)
-	r.POST("/tasks/complete", s.completeTask)
+	authorized.POST("/tasks/claim", s.claimTask)
+	authorized.POST("/tasks/complete", s.completeTask)
 
 	return &Http{
 		config: config,