Authentication sample

The full code of this example is here.

Define the following security scheme (in swagger.yml specification document):

securityDefinitions:
  key:
    type: apiKey
    in: header
    name: x-token

Specify the following security requirements for all endpoints: so by default, all endpoints use the API key auth.

security:
  - key: []

Add security princial model definition:

definitions:

...

  principal:
    type: string

Generate the code with a security principal:

swagger generate server -A AuthSample -P models.Principal -f ./swagger.yml

Edit the ./restapi/configure_auth_sample.go file

func configureAPI(api *operations.AuthSampleAPI) http.Handler {
    // configure the api here
    api.ServeError = errors.ServeError

    // Set your custom logger if needed. Default one is log.Printf
    // Expected interface func(string, ...interface{})
    //
    // Example:
    api.Logger = log.Printf

    api.JSONConsumer = runtime.JSONConsumer()

    api.JSONProducer = runtime.JSONProducer()

    // Applies when the "x-token" header is set
    api.KeyAuth = func(token string) (*models.Principal, error) {
        if token == "abcdefuvwxyz" {
            prin := models.Principal(token)
            return &prin, nil
        }
        api.Logger("Access attempt with incorrect api key auth: %s", token)
        return nil, errors.New(401, "incorrect api key auth")
    }

    api.CustomersCreateHandler = customers.CreateHandlerFunc(func(params customers.CreateParams, principal *models.Principal) middleware.Responder {
        return middleware.NotImplemented("operation customers.Create has not yet been implemented")
    })
    api.CustomersGetIDHandler = customers.GetIDHandlerFunc(func(params customers.GetIDParams, principal *models.Principal) middleware.Responder {
        return middleware.NotImplemented("operation customers.GetID has not yet been implemented")
    })

    api.ServerShutdown = func() {}

    return setupGlobalMiddleware(api.Serve(setupMiddlewares))
}

Run the server:

go run ./cmd/auth-sample-server/main.go --port 35307

Exercise auth:

± ivan@avalon:~  
 » curl -i -H 'Content-Type: application/keyauth.api.v1+json' -H 'X-Token: abcdefuvwxyz' http://127.0.0.1:35307/api/customers

HTTP/1.1 501 Not Implemented
Content-Type: application/keyauth.api.v1+json
Date: Fri, 25 Nov 2016 19:14:14 GMT
Content-Length: 57

"operation customers.GetID has not yet been implemented"

± ivan@avalon:~  
 » curl -i -H 'Content-Type: application/keyauth.api.v1+json' -H 'X-Token: abcdefu' http://127.0.0.1:35307/api/customers

HTTP/1.1 401 Unauthorized
Content-Type: application/keyauth.api.v1+json
Date: Fri, 25 Nov 2016 19:16:49 GMT
Content-Length: 47

{"code":401,"message":"incorrect api key auth"}

results matching ""

    No results matching ""