Refactor auth to identity for code a purpose clarity

docs/configs/settings.md

@@ -492,21 +492,21 @@ or per service widget (`services.yaml`) with:
 
 If either value is set to true, the error message will be hidden.
 
-## Authentication
+## User ID based visibiltiy
 
-Basic auth integration is implemeted via an `auth` section. An auth provider can be configured using the `provider` section with the given type. Currently the only provider supported is `proxy`, where the users identification and group membership are passed via HTTP Request headers (in plaintext). The expectation is that the application will be accessed only via an authenticating proxy (i.e treafik ).
+Basic user identity integration is implemeted via an `identity` section. An identity provider can be configured using the `provider` section with the given type. Currently the only provider supported is `proxy`, where the users identification and group membership are passed via HTTP Request headers (in plaintext). The expectation is that the application will be accessed only via an authenticating proxy (i.e treafik ).
 
 The group and user headers are both configurable like so:
 
 ```yaml
-auth:
+identity:
   provider:
     type: proxy
     groupHeader: "X-group-header"
     userHeader: "X-user-header"
 ```
 
-Auth can be configured on the service, bookmark, and widget level using the `allowUsers` and `allowGroups` list.
+Identity based visibility can be configured on the service, bookmark, and widget level using the `allowUsers` and `allowGroups` list.
 
 ```yaml
 - Example Servie:
@@ -520,11 +520,11 @@ Auth can be configured on the service, bookmark, and widget level using the `all
     - User3
 ```
 
-Auth for groups can be set in the `groups` under `auth`. In general the `groups` tag follows the format of the `layout`
+Identity visibility for groups can be set in the `groups` under `identity`. In general the `groups` tag follows the format of the `layout`
 section. For example:
 
 ```yaml
-auth:
+identity:
   groups:
     - My Service Group:
       allowGroups: ["Group1", "Group2"]

src/pages/api/auth.js

@@ -1,17 +1,17 @@
-import { checkAllowedGroup, readAuthSettings } from "utils/auth/auth-helpers";
+import { checkAllowedGroup, readIdentitySettings } from "utils/identity/identity-helpers";
 import { getSettings } from "utils/config/config";
 
 export default async function handler(req, res) {
   const { group } = req.query;
-  const { provider, groups } = readAuthSettings(getSettings().auth);
+  const { provider, groups } = readIdentitySettings(getSettings().identity);
 
   try {
-    if (checkAllowedGroup(provider.authorize(req), groups, group)) {
+    if (checkAllowedGroup(provider.getIdentity(req), groups, group)) {
       res.json({ group });
     } else {
       res.status(401).json({ message: "Group unathorized" });
     }
   } catch (err) {
-    res.status(500).send("Error authenticating");
+    res.status(500).send("Error getting user identitiy");
   }
 }

src/pages/api/bookmarks.js

@@ -1,8 +1,8 @@
-import { readAuthSettings } from "utils/auth/auth-helpers";
+import { readAuthSettings } from "utils/identitiy/identity-helpers";
 import { bookmarksResponse } from "utils/config/api-response";
 import { getSettings } from "utils/config/config";
 
 export default async function handler(req, res) {
-  const { provider, groups } = readAuthSettings(getSettings().auth);
+  const { provider, groups } = readAuthSettings(getSettings().identity);
   res.send(await bookmarksResponse(provider.authorize(req), groups));
 }

src/pages/api/services/index.js

@@ -1,8 +1,8 @@
-import { readAuthSettings } from "utils/auth/auth-helpers";
+import { readAuthSettings } from "utils/identity/identity-helpers";
 import { servicesResponse } from "utils/config/api-response";
 import { getSettings } from "utils/config/config";
 
 export default async function handler(req, res) {
-  const { provider, groups } = readAuthSettings(getSettings().auth);
+  const { provider, groups } = readIdentitySettings(getSettings().identity);
-  res.send(await servicesResponse(provider.authorize(req), groups));
+  res.send(await servicesResponse(provider.getIdentity(req), groups));
 }

src/pages/api/widgets/index.js

@@ -1,8 +1,8 @@
-import { readAuthSettings } from "utils/auth/auth-helpers";
+import { readAuthSettings } from "utils/identitiy/identitiy-helpers";
 import { widgetsResponse } from "utils/config/api-response";
 import { getSettings } from "utils/config/config";
 
 export default async function handler(req, res) {
-  const { provider } = readAuthSettings(getSettings().auth);
+  const { provider } = readAuthSettings(getSettings().identity);
-  res.send(await widgetsResponse(provider.authorize(req)));
+  res.send(await widgetsResponse(provider.getIdentity(req)));
 }

src/pages/index.jsx

@@ -10,7 +10,7 @@ import { BiError } from "react-icons/bi";
 import { serverSideTranslations } from "next-i18next/serverSideTranslations";
 import { useRouter } from "next/router";
 
-import NullAuthProvider from "utils/auth/null";
+import NullIdentityProvider from "utils/identity/null";
 import Tab, { slugifyAndEncode } from "components/tab";
 import ServicesGroup from "components/services/group";
 import BookmarksGroup from "components/bookmarks/group";
@@ -28,7 +28,7 @@ import ErrorBoundary from "components/errorboundry";
 import themes from "utils/styles/themes";
 import QuickLaunch from "components/quicklaunch";
 import { getStoredProvider, searchProviders } from "components/widgets/search/search";
-import { fetchWithAuth, readAuthSettings } from "utils/auth/auth-helpers";
+import { fetchWithIdentity, readIdentitySettings } from "utils/identity/identity-helpers";
 
 const ThemeToggle = dynamic(() => import("components/toggles/theme"), {
   ssr: false,
@@ -48,24 +48,24 @@ export async function getServerSideProps({ req }) {
   let logger;
   try {
     logger = createLogger("index");
-    const { providers, auth, ...settings } = getSettings();
+    const { providers, identity, ...settings } = getSettings();
-    const { provider, groups } = readAuthSettings(auth);
+    const { provider, groups } = readIdentitySettings(identity);
 
-    const services = await servicesResponse(provider.authorize(req), groups);
+    const services = await servicesResponse(provider.getIdentity(req), groups);
-    const bookmarks = await bookmarksResponse(provider.authorize(req), groups);
+    const bookmarks = await bookmarksResponse(provider.getIdentity(req), groups);
-    const widgets = await widgetsResponse(provider.authorize(req));
+    const widgets = await widgetsResponse(provider.getIdentity(req));
-    const authContext = provider.getContext(req);
+    const identityContext = provider.getContext(req);
 
     return {
       props: {
         initialSettings: settings,
         fallback: {
-          [unstableSerialize(["/api/services", authContext])]: services,
+          [unstableSerialize(["/api/services", identityContext])]: services,
-          [unstableSerialize(["/api/bookmarks", authContext])]: bookmarks,
+          [unstableSerialize(["/api/bookmarks", identityContext])]: bookmarks,
-          [unstableSerialize(["/api/widgets", authContext])]: widgets,
+          [unstableSerialize(["/api/widgets", identityContext])]: widgets,
           "/api/hash": false,
         },
-        authContext,
+        identityContext,
         ...(await serverSideTranslations(settings.language ?? "en")),
       },
     };
@@ -73,24 +73,24 @@ export async function getServerSideProps({ req }) {
     if (logger && e) {
       logger.error(e);
     }
-    const authContext = NullAuthProvider.create().getContext(req);
+    const identityContext = NullIdentityProvider.create().getContext(req);
     return {
       props: {
         initialSettings: {},
         fallback: {
-          [unstableSerialize(["/api/services", authContext])]: [],
+          [unstableSerialize(["/api/services", identityContext])]: [],
-          [unstableSerialize(["/api/bookmarks", authContext])]: [],
+          [unstableSerialize(["/api/bookmarks", identityContext])]: [],
-          [unstableSerialize(["/api/widgets", authContext])]: [],
+          [unstableSerialize(["/api/widgets", identityContext])]: [],
           "/api/hash": false,
         },
-        authContext,
+        identityContext,
         ...(await serverSideTranslations("en")),
       },
     };
   }
 }
 
-function Index({ initialSettings, fallback, authContext }) {
+function Index({ initialSettings, fallback, identityContext }) {
   const windowFocused = useWindowFocus();
   const [stale, setStale] = useState(false);
   const { data: errorsData } = useSWR("/api/validate");
@@ -160,7 +160,7 @@ function Index({ initialSettings, fallback, authContext }) {
   return (
     <SWRConfig value={{ fallback, fetcher: (resource, init) => fetch(resource, init).then((res) => res.json()) }}>
       <ErrorBoundary>
-        <Home initialSettings={initialSettings} authContext={authContext} />
+        <Home initialSettings={initialSettings} identityContext={identityContext} />
       </ErrorBoundary>
     </SWRConfig>
   );
@@ -174,7 +174,7 @@ const headerStyles = {
   boxedWidgets: "m-5 mb-0 sm:m-9 sm:mb-0 sm:mt-1",
 };
 
-function Home({ initialSettings, authContext }) {
+function Home({ initialSettings, identityContext }) {
   const { i18n } = useTranslation();
   const { theme, setTheme } = useContext(ThemeContext);
   const { color, setColor } = useContext(ColorContext);
@@ -186,9 +186,9 @@ function Home({ initialSettings, authContext }) {
     setSettings(initialSettings);
   }, [initialSettings, setSettings]);
 
-  const { data: services } = useSWR(["/api/services", authContext], fetchWithAuth);
+  const { data: services } = useSWR(["/api/services", identityContext], fetchWithIdentity);
-  const { data: bookmarks } = useSWR(["/api/bookmarks", authContext], fetchWithAuth);
+  const { data: bookmarks } = useSWR(["/api/bookmarks", identityContext], fetchWithIdentity);
-  const { data: widgets } = useSWR(["/api/widgets", authContext], fetchWithAuth);
+  const { data: widgets } = useSWR(["/api/widgets", identityContext], fetchWithIdentity);
 
   const servicesAndBookmarks = [
     ...services.map((sg) => sg.services).flat(),
@@ -461,7 +461,7 @@ function Home({ initialSettings, authContext }) {
   );
 }
 
-export default function Wrapper({ initialSettings, fallback, authContext }) {
+export default function Wrapper({ initialSettings, fallback, identityContext }) {
   const wrappedStyle = {};
   let backgroundBlur = false;
   let backgroundSaturate = false;
@@ -512,7 +512,7 @@ export default function Wrapper({ initialSettings, fallback, authContext }) {
             backgroundBrightness && `backdrop-brightness-${initialSettings.background.brightness}`,
           )}
         >
-          <Index initialSettings={initialSettings} fallback={fallback} authContext={authContext} />
+          <Index initialSettings={initialSettings} fallback={fallback} identityContext={identityContext} />
         </div>
       </div>
     </div>

src/utils/config/api-response.js

@@ -12,7 +12,7 @@ import {
   servicesFromKubernetes,
 } from "utils/config/service-helpers";
 import { cleanWidgetGroups, widgetsFromConfig } from "utils/config/widget-helpers";
-import { filterAllowedBookmarks, filterAllowedServices, filterAllowedWidgets } from "utils/auth/auth-helpers";
+import { filterAllowedBookmarks, filterAllowedServices, filterAllowedWidgets } from "utils/identity/identity-helpers";
 
 /**
  * Compares services by weight then by name.
@@ -25,7 +25,7 @@ function compareServices(service1, service2) {
   return service1.name.localeCompare(service2.name);
 }
 
-export async function bookmarksResponse(perms, authGroups) {
+export async function bookmarksResponse(perms,  idGroups) {
   checkAndCopyConfig("bookmarks.yaml");
 
   const bookmarksYaml = path.join(CONF_DIR, "bookmarks.yaml");
@@ -48,7 +48,7 @@ export async function bookmarksResponse(perms, authGroups) {
   // map easy to write YAML objects into easy to consume JS arrays
   const bookmarksArray = filterAllowedBookmarks(
     perms,
-    authGroups,
+    idGroups,
     bookmarks.map((group) => ({
       name: Object.keys(group)[0],
       bookmarks: group[Object.keys(group)[0]].map((entries) => ({
@@ -89,14 +89,14 @@ export async function widgetsResponse(perms) {
   return configuredWidgets;
 }
 
-export async function servicesResponse(perms, authGroups) {
+export async function servicesResponse(perms, idGroups) {
   let discoveredDockerServices;
   let discoveredKubernetesServices;
   let configuredServices;
   let initialSettings;
 
   try {
-    discoveredDockerServices = filterAllowedServices(perms, authGroups, cleanServiceGroups(await servicesFromDocker()));
+    discoveredDockerServices = filterAllowedServices(perms, idGroups, cleanServiceGroups(await servicesFromDocker()));
     if (discoveredDockerServices?.length === 0) {
       console.debug("No containers were found with homepage labels.");
     }
@@ -109,7 +109,7 @@ export async function servicesResponse(perms, authGroups) {
   try {
     discoveredKubernetesServices = filterAllowedServices(
       perms,
-      authGroups,
+      idGroups,
       cleanServiceGroups(await servicesFromKubernetes()),
     );
   } catch (e) {
@@ -119,7 +119,7 @@ export async function servicesResponse(perms, authGroups) {
   }
 
   try {
-    configuredServices = filterAllowedServices(perms, authGroups, cleanServiceGroups(await servicesFromConfig()));
+    configuredServices = filterAllowedServices(perms, idGroups, cleanServiceGroups(await servicesFromConfig()));
   } catch (e) {
     console.error("Failed to load services.yaml, please check for errors");
     if (e) console.error(e.toString());

src/utils/identity/identity-helpers.js

@@ -1,16 +1,16 @@
-import ProxyAuthProvider from "./proxy";
+import ProxyIdentityProvider from "./proxy";
-import NullAuthProvider from "./null";
+import NullIdentityProvider from "./null";
 
-const AuthProviders = {
+const IdentityProviders = {
-  null: NullAuthProvider,
+  null: NullIdentityProvider,
-  proxy: ProxyAuthProvider,
+  proxy: ProxyIdentityProvider,
 };
 
 function getProviderByKey(key) {
-  return AuthProviders[key] || NullAuthProvider;
+  return IdentityProviders[key] || NullIdentityProvider;
 }
 
-function authAllow({ user, groups }, item) {
+function identityAllow({ user, groups }, item) {
   const groupAllow =
     "allowGroups" in item && item.allowGroups && groups.some((group) => item.allowGroups.includes(group));
   const userAllow = "allowUsers" in item && item.allowUsers && item.allowUsers.includes(user);
@@ -19,22 +19,22 @@ function authAllow({ user, groups }, item) {
   return userAllow || groupAllow || allowAll;
 }
 
-export function checkAllowedGroup(perms, authGroups, groupName) {
+export function checkAllowedGroup(perms, idGroups, groupName) {
-  const testGroup = authGroups.find((group) => group.name === groupName);
+  const testGroup = idGroups.find((group) => group.name === groupName);
-  return testGroup ? authAllow(perms, testGroup) : true;
+  return testGroup ? identityAllow(perms, testGroup) : true;
 }
 
-function filterAllowedItems(perms, authGroups, groups, groupKey) {
+function filterAllowedItems(perms, idGroups, groups, groupKey) {
   return groups
-    .filter((group) => checkAllowedGroup(perms, authGroups, group.name))
+    .filter((group) => checkAllowedGroup(perms, idGroups, group.name))
     .map((group) => ({
       name: group.name,
-      [groupKey]: group[groupKey].filter((item) => authAllow(perms, item)),
+      [groupKey]: group[groupKey].filter((item) => identityAllow(perms, item)),
     }))
     .filter((group) => group[groupKey].length);
 }
 
-export function readAuthSettings({ provider, groups } = {}) {
+export function readIdentitySettings({ provider, groups } = {}) {
   let groupArray = [];
   if (groups) {
     if (Array.isArray(groups)) {
@@ -53,17 +53,17 @@ export function readAuthSettings({ provider, groups } = {}) {
   }
 
   return {
-    provider: provider ? getProviderByKey(provider.type).create(provider) : NullAuthProvider.create(),
+    provider: provider ? getProviderByKey(provider.type).create(provider) : NullIdentityProvider.create(),
     groups: groupArray,
   };
 }
 
-export async function fetchWithAuth(key, context) {
+export async function fetchWithIdentity(key, context) {
   return getProviderByKey(context.provider).fetch([key, context]);
 }
 
-export const filterAllowedServices = (perms, authGroups, services) =>
+export const filterAllowedServices = (perms, idGroups, services) =>
-  filterAllowedItems(perms, authGroups, services, "services");
+  filterAllowedItems(perms, idGroups, services, "services");
-export const filterAllowedBookmarks = (perms, authGroups, bookmarks) =>
+export const filterAllowedBookmarks = (perms, idGroups, bookmarks) =>
-  filterAllowedItems(perms, authGroups, bookmarks, "bookmarks");
+  filterAllowedItems(perms, idGroups, bookmarks, "bookmarks");
-export const filterAllowedWidgets = (perms, widgets) => widgets.filter((widget) => authAllow(perms, widget.options));
+export const filterAllowedWidgets = (perms, widgets) => widgets.filter((widget) => identityAllow(perms, widget.options));

src/utils/identity/null.js

@@ -1,6 +1,6 @@
 const NullPermissions = { user: null, groups: [] };
 
-function createNullAuth() {
+function createNullIdentity() {
   return {
     authorize: () => NullPermissions,
     getContext: () => ({
@@ -9,13 +9,13 @@ function createNullAuth() {
   };
 }
 
-async function fetchNullAuth([key]) {
+async function fetchNullIdentity([key]) {
   return fetch(key).then((res) => res.json());
 }
 
-const NullAuthProvider = {
+const NullIdentityProvider = {
-  create: createNullAuth,
+  create: createNullIdentity,
-  fetch: fetchNullAuth,
+  fetch: fetchNullIdentity,
 };
 
-export default NullAuthProvider;
+export default NullIdentityProvider;

src/utils/identity/proxy.js

@@ -1,5 +1,5 @@
-// 'proxy' auth provider is meant to be used by a reverse proxy that injects permission headers into the origin
+// 'proxy' identity provider is meant to be used by a reverse proxy that injects permission headers into the origin
-// request. In this case we are relying on our proxy to authenitcate our users and validate.
+// request. In this case we are relying on our proxy to authenitcate our users and validate their identity.
 function getProxyPermissions(userHeader, groupHeader, request) {
   const user =
     userHeader && request.headers[userHeader.toLowerCase()] ? request.headers[userHeader.toLowerCase()] : null;
@@ -9,7 +9,7 @@ function getProxyPermissions(userHeader, groupHeader, request) {
   return { user, groups: groupsString ? groupsString.split("|").map((v) => v.trim()) : [] };
 }
 
-function createProxyAuth({ groupHeader, userHeader }) {
+function createProxyIdentity({ groupHeader, userHeader }) {
   return {
     getContext: (request) => ({
       provider: "proxy",
@@ -18,17 +18,17 @@ function createProxyAuth({ groupHeader, userHeader }) {
       ...(groupHeader &&
         request.headers[groupHeader] && { [groupHeader.toLowerCase()]: request.headers[groupHeader.toLowerCase()] }),
     }),
-    authorize: (request) => getProxyPermissions(userHeader, groupHeader, request),
+    getIdentity: (request) => getProxyPermissions(userHeader, groupHeader, request),
   };
 }
 
-async function fetchProxyAuth([key, context]) {
+async function fetchProxyIdentity([key, context]) {
   return fetch(key, { headers: context.headers }).then((res) => res.json());
 }
 
-const ProxyAuthProvider = {
+const ProxyIdentityProvider = {
-  create: createProxyAuth,
+  create: createProxyIdentity,
-  fetch: fetchProxyAuth,
+  fetch: fetchProxyIdentity,
 };
 
-export default ProxyAuthProvider;
+export default ProxyIdentityProvider;