feat(api): add root, favicon and version routes to basic auth middleware if enabled

This commit is contained in:
Julien Neuhart
2025-01-17 14:08:01 +01:00
parent 8e0cc7dd2f
commit 19c91aff19
3 changed files with 20 additions and 6 deletions
+1 -1
View File
@@ -36,7 +36,7 @@ API_BIND_IP=
API_START_TIMEOUT=30s
API_TIMEOUT=30s
API_BODY_LIMIT=
API_ROOT_PATH=/
API_ROOT_PATH="/"
API_TRACE_HEADER=Gotenberg-Trace
API_ENABLE_BASIC_AUTH=false
GOTENBERG_API_BASIC_AUTH_USERNAME=
+16 -5
View File
@@ -456,14 +456,22 @@ func (a *Api) Start() error {
hardTimeout := a.timeout + (time.Duration(5) * time.Second)
// Basic auth?
var securityMiddleware echo.MiddlewareFunc
if a.basicAuthUsername != "" {
securityMiddleware = basicAuthMiddleware(a.basicAuthUsername, a.basicAuthPassword)
} else {
securityMiddleware = func(next echo.HandlerFunc) echo.HandlerFunc {
return func(c echo.Context) error {
return next(c)
}
}
}
// Add the modules' routes and their specific middlewares.
for _, route := range a.routes {
var middlewares []echo.MiddlewareFunc
// Basic auth?
if a.basicAuthUsername != "" {
middlewares = append(middlewares, basicAuthMiddleware(a.basicAuthUsername, a.basicAuthPassword))
}
middlewares = append(middlewares, securityMiddleware)
if route.IsMultipart {
middlewares = append(middlewares, contextMiddleware(a.fs, a.timeout, a.bodyLimit, a.downloadFromCfg))
@@ -489,6 +497,7 @@ func (a *Api) Start() error {
func(c echo.Context) error {
return c.HTML(http.StatusOK, `Hey, Gotenberg has no UI, it's an API. Head to the <a href="https://gotenberg.dev">documentation</a> to learn how to interact with it 🚀`)
},
securityMiddleware,
)
// Favicon route.
@@ -497,6 +506,7 @@ func (a *Api) Start() error {
func(c echo.Context) error {
return c.NoContent(http.StatusNoContent)
},
securityMiddleware,
)
// Let's not forget the health check routes...
@@ -525,6 +535,7 @@ func (a *Api) Start() error {
func(c echo.Context) error {
return c.String(http.StatusOK, gotenberg.Version)
},
securityMiddleware,
)
// Wait for all modules to be ready.
+3
View File
@@ -869,6 +869,7 @@ func TestApi_Start(t *testing.T) {
// root request.
recorder := httptest.NewRecorder()
rootRequest := httptest.NewRequest(http.MethodGet, "/", nil)
rootRequest.SetBasicAuth(mod.basicAuthUsername, mod.basicAuthPassword)
mod.srv.ServeHTTP(recorder, rootRequest)
if recorder.Code != http.StatusOK {
t.Errorf("expected %d status code but got %d", http.StatusOK, recorder.Code)
@@ -877,6 +878,7 @@ func TestApi_Start(t *testing.T) {
// favicon request.
recorder = httptest.NewRecorder()
faviconRequest := httptest.NewRequest(http.MethodGet, "/favicon.ico", nil)
faviconRequest.SetBasicAuth(mod.basicAuthUsername, mod.basicAuthPassword)
mod.srv.ServeHTTP(recorder, faviconRequest)
if recorder.Code != http.StatusNoContent {
t.Errorf("expected %d status code but got %d", http.StatusNoContent, recorder.Code)
@@ -900,6 +902,7 @@ func TestApi_Start(t *testing.T) {
// version request.
recorder = httptest.NewRecorder()
versionRequest := httptest.NewRequest(http.MethodGet, "/version", nil)
versionRequest.SetBasicAuth(mod.basicAuthUsername, mod.basicAuthPassword)
mod.srv.ServeHTTP(recorder, versionRequest)
if recorder.Code != http.StatusOK {
t.Errorf("expected %d status code but got %d", http.StatusOK, recorder.Code)