Refactor git proxy implementation

go.mod

@@ -12,7 +12,7 @@ require (
 	github.com/prometheus/client_golang v1.14.0
 	github.com/spf13/afero v1.9.5
 	github.com/stretchr/testify v1.8.2
-	github.com/xenitab/pkg/gin v0.0.7
+	github.com/xenitab/pkg/gin v0.0.9
 	github.com/xenitab/pkg/kubernetes v0.0.3
 	go.uber.org/zap v1.24.0
 	golang.org/x/sync v0.1.0
@@ -65,6 +65,7 @@ require (
 	github.com/prometheus/client_model v0.3.0 // indirect
 	github.com/prometheus/common v0.42.0 // indirect
 	github.com/prometheus/procfs v0.9.0 // indirect
+	github.com/rogpeppe/go-internal v1.10.0 // indirect
 	github.com/slok/go-http-metrics v0.10.0 // indirect
 	github.com/spf13/pflag v1.0.5 // indirect
 	github.com/twitchyliquid64/golang-asm v0.15.1 // indirect

go.sum

@@ -220,8 +220,8 @@ github.com/klauspost/cpuid/v2 v2.2.4/go.mod h1:RVVoqg1df56z8g3pUjL/3lE5UfnlrJX8t
 github.com/kr/fs v0.1.0/go.mod h1:FFnZGqtBN9Gxj7eW1uZ42v5BccTP0vu6NEaFoC2HwRg=
 github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo=
 github.com/kr/pretty v0.2.0/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI=
-github.com/kr/pretty v0.2.1 h1:Fmg33tUaq4/8ym9TJN1x7sLJnHVwhP33CNkpYV/7rwI=
 github.com/kr/pretty v0.2.1/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI=
+github.com/kr/pretty v0.3.1 h1:flRD4NNwYAUpkphVc1HcthR4KEIFJ65n8Mw5qdRn3LE=
 github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ=
 github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI=
 github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY=
@@ -262,6 +262,8 @@ github.com/prometheus/procfs v0.9.0 h1:wzCHvIvM5SxWqYvwgVL7yJY8Lz3PKn49KQtpgMYJf
 github.com/prometheus/procfs v0.9.0/go.mod h1:+pB4zwohETzFnmlpe6yd2lSc+0/46IYZRB/chUwxUZY=
 github.com/rogpeppe/fastuuid v1.2.0/go.mod h1:jVj6XXZzXRy/MSR5jhDC/2q6DgLz+nrA6LYCDYWNEvQ=
 github.com/rogpeppe/go-internal v1.3.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4=
+github.com/rogpeppe/go-internal v1.10.0 h1:TMyTOH3F/DB16zRVcYyreMH6GnZZrwQVAoYjRBZyWFQ=
+github.com/rogpeppe/go-internal v1.10.0/go.mod h1:UQnix2H7Ngw/k4C5ijL5+65zddjncjaFoBhdsK/akog=
 github.com/rwtodd/Go.Sed v0.0.0-20210816025313-55464686f9ef/go.mod h1:8AEUvGVi2uQ5b24BIhcr0GCcpd/RNAFWaN2CJFrWIIQ=
 github.com/slok/go-http-metrics v0.10.0 h1:rh0LaYEKza5eaYRGDXujKrOln57nHBi4TtVhmNEpbgM=
 github.com/slok/go-http-metrics v0.10.0/go.mod h1:lFqdaS4kWMfUKCSukjC47PdCeTk+hXDUVm8kLHRqJ38=
@@ -293,8 +295,8 @@ github.com/ugorji/go/codec v1.2.11/go.mod h1:UNopzCgEMSXjBc6AOMqYvWC1ktqTAfzJZUZ
 github.com/xeipuuv/gojsonpointer v0.0.0-20180127040702-4e3ac2762d5f/go.mod h1:N2zxlSyiKSe5eX1tZViRH5QA0qijqEDrYZiPEAiq3wU=
 github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415/go.mod h1:GwrjFmJcFw6At/Gs6z4yjiIwzuJ1/+UwLxMQDVQXShQ=
 github.com/xeipuuv/gojsonschema v1.2.0/go.mod h1:anYRn/JVcOK2ZgGU+IjEV4nwlhoK5sQluxsYJ78Id3Y=
-github.com/xenitab/pkg/gin v0.0.7 h1:laVd20nzWXVQFGiWMOEbFxh+Uc6IHSGZ+2i7TdxuHPA=
-github.com/xenitab/pkg/gin v0.0.7/go.mod h1:pnHYJpj9OM+RXRecdH7mj2VoNfNpNQQpogeaOGY10SQ=
+github.com/xenitab/pkg/gin v0.0.9 h1:BGdxnKoXAJBkthQTwQdaRdN7jTiNO+/C8hIexBrasfU=
+github.com/xenitab/pkg/gin v0.0.9/go.mod h1:8rzqJ8X5KJOo31PBOD4/Wtlt2ac8hCjN1mpOf1YAFs4=
 github.com/xenitab/pkg/kubernetes v0.0.3 h1:u7qQC1I13QQ9rgRgxNfzXsjvf36fLUEYoRsmdup6PSI=
 github.com/xenitab/pkg/kubernetes v0.0.3/go.mod h1:yde/gLI1Pvnh0HKcXQikULlF330ANu0TI4p8rrbfDBI=
 github.com/yuin/goldmark v1.1.25/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=

main.go

@@ -87,9 +87,10 @@ func run(ctx context.Context, addr, metricsAddr, cfgPath, kubeconfigPath string)
 		return nil
 	})
 
-	srv := server.NewServer(ctx, addr, authz)
+	gp := server.NewGitProxy(authz)
+	proxySrv := gp.Server(ctx, addr)
 	g.Go(func() error {
-		if err := srv.ListenAndServe(); err != nil && !errors.Is(err, http.ErrServerClosed) {
+		if err := proxySrv.ListenAndServe(); err != nil && !errors.Is(err, http.ErrServerClosed) {
 			return err
 		}
 		return nil
@@ -98,7 +99,7 @@ func run(ctx context.Context, addr, metricsAddr, cfgPath, kubeconfigPath string)
 		<-ctx.Done()
 		shutdownCtx, cancel := context.WithTimeout(context.Background(), 30*time.Second)
 		defer cancel()
-		return srv.Shutdown(shutdownCtx)
+		return proxySrv.Shutdown(shutdownCtx)
 	})
 
 	logr.FromContextOrDiscard(ctx).Info("running git-auth-proxy")

pkg/server/server.go

@@ -14,32 +14,59 @@ import (
 	"github.com/xenitab/git-auth-proxy/pkg/auth"
 )
 
-type Server struct {
-	srv *http.Server
+type GitProxy struct {
+	authz *auth.Authorizer
 }
 
-func NewServer(ctx context.Context, addr string, authz *auth.Authorizer) *Server {
+func NewGitProxy(authz *auth.Authorizer) *GitProxy {
+	return &GitProxy{
+		authz: authz,
+	}
+}
+
+func (g *GitProxy) Server(ctx context.Context, addr string) *http.Server {
 	cfg := pkggin.DefaultConfig()
 	cfg.LogConfig.Logger = logr.FromContextOrDiscard(ctx)
 	cfg.MetricsConfig.HandlerID = "proxy"
 	router := pkggin.NewEngine(cfg)
 	router.GET("/readyz", readinessHandler)
 	router.GET("/healthz", livenessHandler)
-	router.NoRoute(proxyHandler(authz))
+	router.NoRoute(g.proxyHandler)
 	// The ReadTimeout is set to 5 min make sure that strange requests don't live forever
 	// But in general the external request should set a good timeout value for it's request.
 	srv := &http.Server{ReadTimeout: 5 * time.Minute, Addr: addr, Handler: router}
-	return &Server{
-		srv: srv,
-	}
+	return srv
 }
 
-func (s *Server) ListenAndServe() error {
-	return s.srv.ListenAndServe()
-}
+func (g *GitProxy) proxyHandler(c *gin.Context) {
+	// Get the token from the request
+	token, err := getTokenFromRequest(c.Request)
+	if err != nil {
+		c.Header("WWW-Authenticate", "Basic realm=\"Restricted\"")
+		c.String(http.StatusUnauthorized, "Missing basic authentication")
+		return
+	}
+	// Check basic auth with local auth configuration
+	err = g.authz.IsPermitted(c.Request.URL.EscapedPath(), token)
+	if err != nil {
+		//nolint: errcheck //ignore
+		c.Error(fmt.Errorf("Received unauthorized request: %w", err))
+		c.String(http.StatusForbidden, "User not permitted")
+		return
+	}
+	// Authenticate the request with the proper token
+	req, url, err := g.authz.UpdateRequest(c.Request.Context(), c.Request, token)
+	if err != nil {
+		//nolint: errcheck //ignore
+		c.Error(fmt.Errorf("Could not authenticate request: %w", err))
+		c.String(http.StatusInternalServerError, "Internal server error")
+		return
+	}
 
-func (s *Server) Shutdown(ctx context.Context) error {
-	return s.srv.Shutdown(ctx)
+	// TODO (Philip): Add caching of the proxy
+	// Forward the request to the correct proxy
+	proxy := httputil.NewSingleHostReverseProxy(url)
+	proxy.ServeHTTP(c.Writer, req)
 }
 
 func readinessHandler(c *gin.Context) {
@@ -49,36 +76,3 @@ func readinessHandler(c *gin.Context) {
 func livenessHandler(c *gin.Context) {
 	c.Status(http.StatusOK)
 }
-
-func proxyHandler(authz *auth.Authorizer) gin.HandlerFunc {
-	return func(c *gin.Context) {
-		// Get the token from the request
-		token, err := getTokenFromRequest(c.Request)
-		if err != nil {
-			c.Header("WWW-Authenticate", "Basic realm=\"Restricted\"")
-			c.String(http.StatusUnauthorized, "Missing basic authentication")
-			return
-		}
-		// Check basic auth with local auth configuration
-		err = authz.IsPermitted(c.Request.URL.EscapedPath(), token)
-		if err != nil {
-			//nolint: errcheck //ignore
-			c.Error(fmt.Errorf("Received unauthorized request: %w", err))
-			c.String(http.StatusForbidden, "User not permitted")
-			return
-		}
-		// Authenticate the request with the proper token
-		req, url, err := authz.UpdateRequest(c.Request.Context(), c.Request, token)
-		if err != nil {
-			//nolint: errcheck //ignore
-			c.Error(fmt.Errorf("Could not authenticate request: %w", err))
-			c.String(http.StatusInternalServerError, "Internal server error")
-			return
-		}
-
-		// TODO (Philip): Add caching of the proxy
-		// Forward the request to the correct proxy
-		proxy := httputil.NewSingleHostReverseProxy(url)
-		proxy.ServeHTTP(c.Writer, req)
-	}
-}