Factor out authenticators into a separate package

Just shuffling stuff around, no real changes

Author: rojer

auth_server/.gitignore

@@ -0,0 +1 @@
+auth_server

auth_server/Makefile

@@ -1,6 +1,6 @@
 .PHONY: update-deps build docker-build
 
-all: docker-build
+all: build
 
 update-deps:
 	go get -v -u -f github.com/jteeuwen/go-bindata/... .

auth_server/authn/authn.go

@@ -0,0 +1,41 @@
+/*
+   Copyright 2015 Cesanta Software Ltd.
+
+   Licensed under the Apache License, Version 2.0 (the "License");
+   you may not use this file except in compliance with the License.
+   You may obtain a copy of the License at
+
+       https://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.
+*/
+
+package authn
+
+// Authentication plugin interface.
+// Implementations must be goroutine-safe.
+type Authenticator interface {
+	// Given a user name and a password (plain text), responds with nil on success
+	// or with any other error on failure.
+	Authenticate(user string, password PasswordString) error
+
+	// Finalize resources in preparation for shutdown.
+	// When this call is made there are guaranteed to be no Authenticate requests in flight
+	// and there will be no more calls made to this instance.
+	Stop()
+}
+
+//go:generate go-bindata -pkg authn -modtime 1 -mode 420 data/
+
+type PasswordString string
+
+func (ps PasswordString) String() string {
+	if len(ps) == 0 {
+		return ""
+	}
+	return "***"
+}

auth_server/server/bindata.go renamed to auth_server/authn/bindata.go

@@ -14,7 +14,7 @@
    limitations under the License.
 */
 
-package server
+package authn
 
 import (
 	"encoding/json"
@@ -33,7 +33,14 @@ import (
 	"golang.org/x/crypto/bcrypt"
 )
 
-//go:generate go-bindata -pkg server -modtime 1 -mode 420 data/google_auth.tmpl
+type GoogleAuthConfig struct {
+	Domain           string `yaml:"domain,omitempty"`
+	ClientId         string `yaml:"client_id,omitempty"`
+	ClientSecret     string `yaml:"client_secret,omitempty"`
+	ClientSecretFile string `yaml:"client_secret_file,omitempty"`
+	TokenDB          string `yaml:"token_db,omitempty"`
+	HTTPTimeout      int    `yaml:"http_timeout,omitempty"`
+}
 
 type GoogleAuthRequest struct {
 	Action string `json:"action,omitempty"`
@@ -150,7 +157,7 @@ func NewGoogleAuth(c *GoogleAuthConfig) (*GoogleAuth, error) {
 	}, nil
 }
 
-func (ga *GoogleAuth) doGoogleAuth(rw http.ResponseWriter, req *http.Request) {
+func (ga *GoogleAuth) DoGoogleAuth(rw http.ResponseWriter, req *http.Request) {
 	if req.Method == "GET" {
 		ga.doGoogleAuthPage(rw, req)
 		return

auth_server/server/data/google_auth.tmpl renamed to auth_server/authn/data/google_auth.tmpl

@@ -14,18 +14,38 @@
    limitations under the License.
 */
 
-package server
+package authn
 
 import (
+	"encoding/json"
 	"errors"
 	"golang.org/x/crypto/bcrypt"
 )
 
-type StaticUsersAuth struct {
+type Requirements struct {
+	Password *PasswordString `yaml:"password,omitempty" json:"password,omitempty"`
+}
+
+type staticUsersAuth struct {
 	users map[string]*Requirements
 }
 
-func (sua *StaticUsersAuth) Authenticate(user string, password PasswordString) error {
+func (r Requirements) String() string {
+	p := r.Password
+	if p != nil {
+		pm := PasswordString("***")
+		r.Password = &pm
+	}
+	b, _ := json.Marshal(r)
+	r.Password = p
+	return string(b)
+}
+
+func NewStaticUserAuth(users map[string]*Requirements) *staticUsersAuth {
+	return &staticUsersAuth{users: users}
+}
+
+func (sua *staticUsersAuth) Authenticate(user string, password PasswordString) error {
 	reqs := sua.users[user]
 	if reqs == nil {
 		return errors.New("unknown user")
@@ -38,5 +58,5 @@ func (sua *StaticUsersAuth) Authenticate(user string, password PasswordString) e
 	return nil
 }
 
-func (sua *StaticUsersAuth) Stop() {
+func (sua *staticUsersAuth) Stop() {
 }

auth_server/server/google_auth.go renamed to auth_server/authn/google_auth.go

@@ -28,17 +28,18 @@ import (
 	"sort"
 	"strings"
 
+	"github.com/cesanta/docker_auth/auth_server/authn"
 	mapset "github.com/deckarep/golang-set"
 	"github.com/docker/libtrust"
 	yaml "gopkg.in/yaml.v2"
 )
 
 type Config struct {
-	Server     ServerConfig             `yaml:"server"`
-	Token      TokenConfig              `yaml:"token"`
-	Users      map[string]*Requirements `yaml:"users,omitempty"`
-	GoogleAuth *GoogleAuthConfig        `yaml:"google_auth,omitempty"`
-	ACL        []*ACLEntry              `yaml:"acl"`
+	Server     ServerConfig                   `yaml:"server"`
+	Token      TokenConfig                    `yaml:"token"`
+	Users      map[string]*authn.Requirements `yaml:"users,omitempty"`
+	GoogleAuth *authn.GoogleAuthConfig        `yaml:"google_auth,omitempty"`
+	ACL        []*ACLEntry                    `yaml:"acl"`
 }
 
 type ServerConfig struct {
@@ -60,15 +61,6 @@ type TokenConfig struct {
 	privateKey libtrust.PrivateKey
 }
 
-type GoogleAuthConfig struct {
-	Domain           string `yaml:"domain,omitempty"`
-	ClientId         string `yaml:"client_id,omitempty"`
-	ClientSecret     string `yaml:"client_secret,omitempty"`
-	ClientSecretFile string `yaml:"client_secret_file,omitempty"`
-	TokenDB          string `yaml:"token_db,omitempty"`
-	HTTPTimeout      int    `yaml:"http_timeout,omitempty"`
-}
-
 type ACLEntry struct {
 	Match   *MatchConditions `yaml:"match"`
 	Actions *[]string        `yaml:"actions,flow"`
@@ -80,27 +72,13 @@ type MatchConditions struct {
 	Name    *string `yaml:"name,omitempty" json:"name,omitempty"`
 }
 
-type Requirements struct {
-	Password *PasswordString `yaml:"password,omitempty" json:"password,omitempty"`
-}
 type aclEntryJSON *ACLEntry
 
 func (e ACLEntry) String() string {
 	b, _ := json.Marshal(e)
 	return string(b)
 }
 
-func (r Requirements) String() string {
-	p := r.Password
-	if p != nil {
-		pm := PasswordString("***")
-		r.Password = &pm
-	}
-	b, _ := json.Marshal(r)
-	r.Password = p
-	return string(b)
-}
-
 func matchString(pp *string, s string) bool {
 	if pp == nil {
 		return true

auth_server/server/static_auth.go renamed to auth_server/authn/static_auth.go

@@ -27,14 +27,15 @@ import (
 	"strings"
 	"time"
 
+	"github.com/cesanta/docker_auth/auth_server/authn"
 	"github.com/docker/distribution/registry/auth/token"
 	"github.com/golang/glog"
 )
 
 type AuthRequest struct {
 	RemoteAddr string
 	User       string
-	Password   PasswordString
+	Password   authn.PasswordString
 
 	Account string
 	Type    string
@@ -47,33 +48,19 @@ func (ar AuthRequest) String() string {
 	return fmt.Sprintf("{%s:%s@%s %s %s %s %s}", ar.User, ar.Password, ar.RemoteAddr, ar.Account, strings.Join(ar.Actions, ","), ar.Type, ar.Name)
 }
 
-type PasswordString string
-
-func (ps PasswordString) String() string {
-	if len(ps) == 0 {
-		return ""
-	}
-	return "***"
-}
-
-type Authenticator interface {
-	Authenticate(user string, password PasswordString) error
-	Stop()
-}
-
 type AuthServer struct {
 	config         *Config
-	authenticators []Authenticator
-	ga             *GoogleAuth
+	authenticators []authn.Authenticator
+	ga             *authn.GoogleAuth
 }
 
 func NewAuthServer(c *Config) (*AuthServer, error) {
 	as := &AuthServer{config: c}
 	if c.Users != nil {
-		as.authenticators = append(as.authenticators, &StaticUsersAuth{c.Users})
+		as.authenticators = append(as.authenticators, authn.NewStaticUserAuth(c.Users))
 	}
 	if c.GoogleAuth != nil {
-		ga, err := NewGoogleAuth(c.GoogleAuth)
+		ga, err := authn.NewGoogleAuth(c.GoogleAuth)
 		if err != nil {
 			return nil, err
 		}
@@ -88,7 +75,7 @@ func (as *AuthServer) ParseRequest(req *http.Request) (*AuthRequest, error) {
 	user, password, haveBasicAuth := req.BasicAuth()
 	if haveBasicAuth {
 		ar.User = user
-		ar.Password = PasswordString(password)
+		ar.Password = authn.PasswordString(password)
 	}
 	ar.Account = req.FormValue("account")
 	if ar.Account == "" {
@@ -204,7 +191,7 @@ func (as *AuthServer) ServeHTTP(rw http.ResponseWriter, req *http.Request) {
 	case req.URL.Path == "/auth":
 		as.doAuth(rw, req)
 	case req.URL.Path == "/google_auth" && as.ga != nil:
-		as.ga.doGoogleAuth(rw, req)
+		as.ga.DoGoogleAuth(rw, req)
 	default:
 		http.Error(rw, "Not found", http.StatusNotFound)
 		return