Add simple auth (#186)

cmd/cmd.go

@@ -8,6 +8,7 @@ import (
 	"golang.org/x/oauth2"
 
 	"github.com/SecurityBrewery/catalyst"
+	"github.com/SecurityBrewery/catalyst/auth"
 	"github.com/SecurityBrewery/catalyst/database"
 	"github.com/SecurityBrewery/catalyst/role"
 	"github.com/SecurityBrewery/catalyst/storage"
@@ -18,7 +19,17 @@ type CLI struct {
 	ExternalAddress string `env:"EXTERNAL_ADDRESS" required:""`
 	CatalystAddress string `env:"CATALYST_ADDRESS" default:"http://catalyst:8000"`
 	Network         string `env:"CATALYST_NETWORK" default:"catalyst"`
+	Port            int    `env:"PORT"             default:"8000"`
 
+	AuthBlockNew     bool     `env:"AUTH_BLOCK_NEW"     default:"true" help:"Block newly created users"`
+	AuthDefaultRoles []string `env:"AUTH_DEFAULT_ROLES"               help:"Default roles for new users"`
+	AuthAdminUsers   []string `env:"AUTH_ADMIN_USERS"                 help:"Username of admins"`
+	InitialAPIKey    string   `env:"INITIAL_API_KEY"`
+
+	SimpleAuthEnable bool `env:"SIMPLE_AUTH_ENABLE" default:"true"`
+	APIKeyAuthEnable bool `env:"API_KEY_AUTH_ENABLE" default:"true"`
+
+	OIDCEnable        bool     `env:"OIDC_ENABLE"         default:"false"`
 	OIDCIssuer        string   `env:"OIDC_ISSUER"         required:""`
 	OIDCClientID      string   `env:"OIDC_CLIENT_ID"      default:"catalyst"`
 	OIDCClientSecret  string   `env:"OIDC_CLIENT_SECRET"  required:""`
@@ -26,9 +37,6 @@ type CLI struct {
 	OIDCClaimUsername string   `env:"OIDC_CLAIM_USERNAME" default:"preferred_username" help:"username field in the OIDC claim"`
 	OIDCClaimEmail    string   `env:"OIDC_CLAIM_EMAIL"    default:"email"              help:"email field in the OIDC claim"`
 	OIDCClaimName     string   `env:"OIDC_CLAIM_NAME"     default:"name"               help:"name field in the OIDC claim"`
-	AuthBlockNew      bool     `env:"AUTH_BLOCK_NEW"      default:"true"               help:"Block newly created users"`
-	AuthDefaultRoles  []string `env:"AUTH_DEFAULT_ROLES"                               help:"Default roles for new users"`
-	AuthAdminUsers    []string `env:"AUTH_ADMIN_USERS"                                 help:"Username of admins"`
 
 	IndexPath string `env:"INDEX_PATH" default:"index.bleve" help:"Path for the bleve index"`
 
@@ -39,8 +47,6 @@ type CLI struct {
 	S3Host     string `env:"S3_HOST"     default:"http://minio:9000" name:"s3-host"`
 	S3User     string `env:"S3_USER"     default:"minio"             name:"s3-user"`
 	S3Password string `env:"S3_PASSWORD" required:""                 name:"s3-password"`
-
-	InitialAPIKey string `env:"INITIAL_API_KEY"`
 }
 
 func ParseCatalystConfig() (*catalyst.Config, error) {
@@ -61,22 +67,37 @@ func MapConfig(cli CLI) (*catalyst.Config, error) {
 
 	scopes := slices.Compact(append([]string{oidc.ScopeOpenID, "profile", "email"}, cli.OIDCScopes...))
 	config := &catalyst.Config{
-		IndexPath:       cli.IndexPath,
-		Network:         cli.Network,
-		DB:              &database.Config{Host: cli.ArangoDBHost, User: cli.ArangoDBUser, Password: cli.ArangoDBPassword},
+		IndexPath: cli.IndexPath,
+		Network:   cli.Network,
+		DB: &database.Config{
+			Host:     cli.ArangoDBHost,
+			User:     cli.ArangoDBUser,
+			Password: cli.ArangoDBPassword,
+		},
 		Storage:         &storage.Config{Host: cli.S3Host, User: cli.S3User, Password: cli.S3Password},
 		Secret:          []byte(cli.Secret),
 		ExternalAddress: cli.ExternalAddress,
 		InternalAddress: cli.CatalystAddress,
-		Auth: &catalyst.AuthConfig{
-			OIDCIssuer:        cli.OIDCIssuer,
-			OAuth2:            &oauth2.Config{ClientID: cli.OIDCClientID, ClientSecret: cli.OIDCClientSecret, RedirectURL: cli.ExternalAddress + "/callback", Scopes: scopes},
-			OIDCClaimUsername: cli.OIDCClaimUsername,
-			OIDCClaimEmail:    cli.OIDCClaimEmail,
-			OIDCClaimName:     cli.OIDCClaimName,
-			AuthBlockNew:      cli.AuthBlockNew,
-			AuthDefaultRoles:  roles,
-			AuthAdminUsers:    cli.AuthAdminUsers,
+		Port:            cli.Port,
+		Auth: &auth.Config{
+			SimpleAuthEnable: cli.SimpleAuthEnable,
+			APIKeyAuthEnable: cli.APIKeyAuthEnable,
+			OIDCAuthEnable:   cli.OIDCEnable,
+			OIDCIssuer:       cli.OIDCIssuer,
+			OAuth2: &oauth2.Config{
+				ClientID:     cli.OIDCClientID,
+				ClientSecret: cli.OIDCClientSecret,
+				RedirectURL:  cli.ExternalAddress + "/auth/callback",
+				Scopes:       scopes,
+			},
+			UserCreateConfig: &auth.UserCreateConfig{
+				AuthBlockNew:      cli.AuthBlockNew,
+				AuthDefaultRoles:  roles,
+				AuthAdminUsers:    cli.AuthAdminUsers,
+				OIDCClaimUsername: cli.OIDCClaimUsername,
+				OIDCClaimEmail:    cli.OIDCClaimEmail,
+				OIDCClaimName:     cli.OIDCClaimName,
+			},
 		},
 		InitialAPIKey: cli.InitialAPIKey,
 	}