Initial working authentication with SigV4

2026-04-05 01:36:25 +00:00 · 2026-02-27 01:35:20 +01:00
parent 79819ad2d0
commit 678c10a3ad
18 changed files with 1385 additions and 10 deletions
--- a/main.go
+++ b/main.go
@@ -3,6 +3,7 @@ package main
 import (
 	"context"
 	"fs/api"
+	"fs/auth"
 	"fs/logging"
 	"fs/metadata"
 	"fs/service"
@@ -19,6 +20,16 @@ import (
 func main() {
 	config := utils.NewConfig()
 	logConfig := logging.ConfigFromValues(config.LogLevel, config.LogFormat, config.AuditLog)
+	authConfig := auth.ConfigFromValues(
+		config.AuthEnabled,
+		config.AuthRegion,
+		config.AuthSkew,
+		config.AuthMaxPresign,
+		config.AuthMasterKey,
+		config.AuthBootstrapAccessKey,
+		config.AuthBootstrapSecretKey,
+		config.AuthBootstrapPolicy,
+	)
 	logger := logging.NewLogger(logConfig)
 	logger.Info("boot",
 		"log_level", logConfig.LevelName,
@@ -26,6 +37,8 @@ func main() {
 		"audit_log", logConfig.Audit,
 		"data_path", config.DataPath,
 		"multipart_retention_hours", int(config.MultipartCleanupRetention/time.Hour),
+		"auth_enabled", authConfig.Enabled,
+		"auth_region", authConfig.Region,
 	)

 	if err := os.MkdirAll(config.DataPath, 0o755); err != nil {
@@ -47,7 +60,19 @@ func main() {
 	}

 	objectService := service.NewObjectService(metadataHandler, blobHandler, config.MultipartCleanupRetention)
-	handler := api.NewHandler(objectService, logger, logConfig)
+	authService, err := auth.NewService(authConfig, metadataHandler)
+	if err != nil {
+		_ = metadataHandler.Close()
+		logger.Error("failed_to_initialize_auth_service", "error", err)
+		return
+	}
+	if err := authService.EnsureBootstrap(); err != nil {
+		_ = metadataHandler.Close()
+		logger.Error("failed_to_ensure_bootstrap_auth_identity", "error", err)
+		return
+	}
+
+	handler := api.NewHandler(objectService, logger, logConfig, authService)
 	addr := config.Address + ":" + strconv.Itoa(config.Port)

 	ctx, stop := signal.NotifyContext(context.Background(), os.Interrupt, syscall.SIGTERM)