feat: make hooks endpoint secured (#1987)

Co-authored-by: Alex <AlexanderFux83@gmail.com>

services/gateway/go.mod

@@ -19,7 +19,7 @@ require (
 	github.com/open-policy-agent/opa v0.28.0
 	github.com/prometheus/client_golang v1.10.0
 	github.com/rs/cors v1.7.0
-	github.com/sirupsen/logrus v1.8.1
+	github.com/sirupsen/logrus v1.9.0
 	github.com/urfave/negroni v1.0.0
 	github.com/vulcand/oxy v1.3.0
 	golang.org/x/crypto v0.0.0-20201217014255-9d1352758620

services/gateway/go.sum

@@ -338,6 +338,8 @@ github.com/sirupsen/logrus v1.4.2/go.mod h1:tLMulIdttU9McNUspp0xgXVQah82FyeX6Mwd
 github.com/sirupsen/logrus v1.6.0/go.mod h1:7uNnSEd1DgxDLC74fIahvMZmmYsHGZGEOFrfsX/uA88=
 github.com/sirupsen/logrus v1.8.1 h1:dJKuHgqk1NNQlqoA6BTlM1Wf9DOH3NBjQyu0h9+AZZE=
 github.com/sirupsen/logrus v1.8.1/go.mod h1:yWOB1SBYBC5VeMP7gHvWumXLIWorT60ONWic61uBYv0=
+github.com/sirupsen/logrus v1.9.0 h1:trlNQbNUG3OdDrDil03MCb1H2o9nJ1x4/5LYw7byDE0=
+github.com/sirupsen/logrus v1.9.0/go.mod h1:naHLuLoDiP4jHNo9R0sCBMtWGeIprob74mVsIT4qYEQ=
 github.com/smartystreets/assertions v0.0.0-20180927180507-b2de0cb4f26d h1:zE9ykElWQ6/NYmHa3jpm/yHnI4xSofP+UP6SpjHcSeM=
 github.com/smartystreets/assertions v0.0.0-20180927180507-b2de0cb4f26d/go.mod h1:OnSkiWE9lh6wB0YB77sQom3nweQdgAjqCqsofrRNTgc=
 github.com/smartystreets/goconvey v1.6.4 h1:fv0U8FUIMPNf1L9lnHLvLhgicrIVChEkdzIKYqbNC9s=
@@ -468,6 +470,8 @@ golang.org/x/sys v0.0.0-20210119212857-b64e53b001e4/go.mod h1:h1NjWce9XRLGQEsW7w
 golang.org/x/sys v0.0.0-20210124154548-22da62e12c0c/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20210309074719-68d13333faf2 h1:46ULzRKLh1CwgRq2dC5SlBzEqqNCi8rreOZnNrbqcIY=
 golang.org/x/sys v0.0.0-20210309074719-68d13333faf2/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8 h1:0A+M6Uqn+Eje4kHMK80dtF3JCXC4ykBgQG4Fe06QRhQ=
+golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/term v0.0.0-20201117132131-f5c789dd3221 h1:/ZHdbVpdR/jk3g30/d4yUL0JU9kksj8+F/bnQUVLGDM=
 golang.org/x/term v0.0.0-20201117132131-f5c789dd3221/go.mod h1:Nr5EML6q2oocZ2LXRh80K7BxOlk5/8JxuGnuhpl+muw=
 golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=

services/gateway/security/requestUtils.go

@@ -147,8 +147,11 @@ func extractResourceFromRepoRequest(r *http.Request, u UserInfo, kind string) (c
 	ctxs = PolicyResource{Contexts: map[string]string{}}
 	switch {
 	case r.Method == "GET":
-		ctxs.Item = "repo"
-		break
+		if kind != "hooks" {
+			ctxs.Item = "repo"
+			break
+		}
+		fallthrough
 	case r.Method == "POST":
 		fallthrough
 	case r.Method == "PUT":
@@ -157,10 +160,10 @@ func extractResourceFromRepoRequest(r *http.Request, u UserInfo, kind string) (c
 		fallthrough
 	case r.Method == "DELETE":
 		ctxs.Item = "repo/" + kind
-		break
 	default:
 		err = fmt.Errorf("Invalid method %s for %s", r.Method, kind)
 	}
+
 	return
 }
 

services/gateway/security/requestUtils_test.go

@@ -222,7 +222,7 @@ func TestExtractFromRequest(t *testing.T) {
 			args: args{
 				r: createTestRequest("GET", "https://gateway.tweek.com/api/v2/hooks", userInfo),
 			},
-			wantObj: PolicyResource{Item: "repo", Contexts: map[string]string{}},
+			wantObj: PolicyResource{Item: "repo/hooks", Contexts: map[string]string{}},
 			wantSub: &Subject{User: "A b sub", Group: "default"},
 			wantAct: "read",
 			wantErr: nil,

services/gateway/version.go

@@ -1,3 +1,3 @@
 package main
 
-const Version = "1.0.0-rc20"
+const Version = "1.0.0-rc21"

services/git-service/BareRepository/tests-source/security/policy.json

@@ -113,6 +113,14 @@
       "object": "*",
       "action": "*",
       "effect": "allow"
+    },
+    {
+      "group": "*",
+      "user": "*",
+      "contexts": {},
+      "object": "repo/hooks",
+      "action": "read",
+      "effect": "allow"
     }
   ]
 }