#nosmoke Add organization plugin (#479)

* added company plugin to janus to pair users with a company

* changed plugin term from company to organization, updated plugin to handle authentication separete from basic auth plugin.

* fixed wrong log type. updated debug entry script to start janus properly

* added page to doc

Author: tuxranger

cassandra/schema.sql

@@ -15,3 +15,9 @@ CREATE TABLE IF NOT EXISTS janus.oauth (
     name text,
     oauth text,
     PRIMARY KEY (name));
+
+CREATE TABLE IF NOT EXISTS janus.organization (
+    username text,
+    password text,
+    organization text,
+    PRIMARY KEY (username));

cassandra/wrapper/init.go

@@ -213,7 +213,7 @@ func createAppKeyspaceIfRequired(clusterHostName, systemKeyspace, appKeyspace st
 		// execute statement
 		err = session.Query(stmt).Exec()
 		if err != nil {
-			log.Error("statement error: %v", err)
+			log.Errorf("statement error: %v", err)
 			return err
 		}
 		log.Debug("Statement executed")

cmd/server.go

@@ -16,6 +16,7 @@ import (
 	_ "github.com/hellofresh/janus/pkg/plugin/compression"
 	_ "github.com/hellofresh/janus/pkg/plugin/cors"
 	_ "github.com/hellofresh/janus/pkg/plugin/oauth2"
+	_ "github.com/hellofresh/janus/pkg/plugin/organization"
 	_ "github.com/hellofresh/janus/pkg/plugin/rate"
 	_ "github.com/hellofresh/janus/pkg/plugin/requesttransformer"
 	_ "github.com/hellofresh/janus/pkg/plugin/responsetransformer"

docs/SUMMARY.md

@@ -27,6 +27,7 @@
     * [Conclusion](proxy/conclusion.md)
 * [Plugins](plugins/README.md)
     * [Basic](plugins/basic.md)
+    * [Organization](plugins/organization_auth.md)
     * [Body Limit](plugins/body_limit.md)
     * [Circuit Breaker](plugins/cb.md)
     * [Compression](plugins/compression.md)

docs/plugins/organization_auth.md

@@ -0,0 +1,62 @@
+# Organization Auth
+
+Create users with organizations and add an organization header to upstream requests.
+The plugin works similarly to basic auth with the exception that it also tracks an organization for users.
+It will also add the organization of the users to the header of upstream requests.
+
+**Limitations**
+1. This plugin only works as a Basic Authentication not Oauth.
+2. This plugin only works with Cassandra DB repo.
+
+## Configuration
+
+The plain organization header config:
+
+```json
+{
+  "name": "organization_header",
+  "enabled":  true
+}
+```
+
+Here is a simple definition of the available configurations.
+
+| Configuration                 | Description                                                         |
+|-------------------------------|---------------------------------------------------------------------|
+| name                          | Name of the plugin to use, in this case: organization_header        |
+| enabled                       | Is the plugin enabled?  |
+
+## Usage
+
+You need to create an user that will be used to authenticate. To create an user you can execute the following request:
+
+{% codetabs name="HTTPie", type="bash" -%}
+http -v POST http://localhost:8081/credentials/basic_auth "Authorization:Bearer yourToken" username=lanister password=pay-your-debt organization=motiv
+{%- language name="CURL", type="bash" -%}
+curl -X POST http://localhost:8081/credentials/basic_auth -H 'authorization: Bearer yourToken' -H 'content-type: application/json' -d '{"username": "lanister", "password": "pay-your-debt", "organization": "motiv"}'
+{%- endcodetabs %}
+
+| FORM PARAMETER | Description                                     |
+|----------------|-------------------------------------------------|
+| username       | The username to use in the Basic Authentication |
+| password       | The password to use in the Basic Authentication |
+| organization   | The organization of the user                    |
+
+## Using the Credential
+
+The authorization header must be base64 encoded. For example, if the credential uses `lanister` as the username and `pay-your-debt` as the password, then the field's value is the base64-encoding of lanister:pay-your-debt, or bGFuaXN0ZXI6cGF5LXlvdXItZGVidA==.
+
+Then the `Authorization` header must appear as:
+
+Authorization: Basic bGFuaXN0ZXI6cGF5LXlvdXItZGVidA==
+Simply make a request with the header:
+
+{% codetabs name="HTTPie", type="bash" -%}
+http -v http://localhost:8080/example "Authorization:Basic bGFuaXN0ZXI6cGF5LXlvdXItZGVidA=="
+{%- language name="CURL", type="bash" -%}
+curl -v http://localhost:8080/example -H 'Authorization:Basic bGFuaXN0ZXI6cGF5LXlvdXItZGVidA=='
+{%- endcodetabs %}
+
+## Using the Header
+
+Once the organization has been paired with a user any request that proxies through Janus will contain the `X-Organization` header with a value equal to the organization paired with the user.

entry-dev.sh

@@ -11,5 +11,5 @@ echo "compile finished"
 if [ "$debug" == 1 ]; then
   dlv --listen=:40000 --headless=true --continue --accept-multiclient --api-version=2 exec ./main start
 else
-  ./main
+  ./main start
 fi