1200 add auth on response gh

.bicep/webapp/parameters.json

@@ -22,6 +22,7 @@
                 "TENANT_ID":"",
                 "CLIENT_ID":"",
                 "CLIENT_SECRET":"",
+                "SCOPE":"",
 
                 "NOTIFICATION_TENANT_ID":"",
                 "NOTIFICATION_CLIENT_ID":"",

.github/workflows/setup-appservice-resource.yml

@@ -41,6 +41,7 @@ jobs:
           parameters.appServiceSettings.value.TENANT_ID : ${{ secrets.TENANT_ID }}
           parameters.appServiceSettings.value.CLIENT_ID : ${{ secrets.CLIENT_ID }}
           parameters.appServiceSettings.value.CLIENT_SECRET : ${{ secrets.CLIENT_SECRET }}
+          parameters.appServiceSettings.value.SCOPE : ${{ secrets.SCOPE }}
           parameters.appServiceSettings.value.NOTIFICATION_TENANT_ID : ${{ secrets.NOTIFICATION_TENANT_ID }}
           parameters.appServiceSettings.value.NOTIFICATION_CLIENT_ID : ${{ secrets.NOTIFICATION_CLIENT_ID }}
           parameters.appServiceSettings.value.NOTIFICATION_CLIENT_SECRET : ${{ secrets.NOTIFICATION_CLIENT_SECRET }}

src/goapp/.env.template

@@ -2,6 +2,7 @@ PORT=<Port. Defaults to 8080>
 TENANT_ID=<Tenant Id>
 CLIENT_ID=<Client Id>
 CLIENT_SECRET=<Client Secret>
+SCOPE=<Scope>
 NOTIFICATION_TENANT_ID=<Tenant Id>
 NOTIFICATION_CLIENT_ID=<Client Id>
 NOTIFICATION_CLIENT_SECRET=<Client Secret>

src/goapp/pkg/authentication/authentication.go

@@ -3,13 +3,17 @@ package authentication
 import (
 	"context"
 	"crypto/rsa"
+	"encoding/json"
 	"errors"
 	"fmt"
 	"log"
 	"main/pkg/envvar"
 	"net/http"
+	"net/url"
 	"os"
+	"strconv"
 	"strings"
+	"time"
 
 	oidc "github.com/coreos/go-oidc"
 	"github.com/golang-jwt/jwt"
@@ -91,3 +95,44 @@ func VerifyAccessToken(r *http.Request) (*jwt.Token, error) {
 
 	return token, nil
 }
+
+func GenerateToken() (string, error) {
+
+	urlPath := fmt.Sprintf("https://login.microsoftonline.com/%s/oauth2/v2.0/token", os.Getenv("TENANT_ID"))
+	client := &http.Client{
+		Timeout: time.Second * 10,
+	}
+
+	data := url.Values{}
+	data.Set("client_id", os.Getenv("CLIENT_ID"))
+	data.Set("scope", os.Getenv("SCOPE"))
+	data.Set("client_secret", os.Getenv("CLIENT_SECRET"))
+	data.Set("grant_type", "client_credentials")
+	encodedData := data.Encode()
+
+	req, err := http.NewRequest("POST", urlPath, strings.NewReader(encodedData))
+	if err != nil {
+		return "", err
+	}
+
+	req.Header.Add("Content-Type", "application/x-www-form-urlencoded")
+	req.Header.Add("Content-Length", strconv.Itoa(len(data.Encode())))
+	response, err := client.Do(req)
+	if err != nil {
+		return "", err
+	}
+	defer response.Body.Close()
+
+	var token struct {
+		TokenType    string `json:"token_type"`
+		ExpiresIn    int    `json:"expires_in"`
+		ExtExpiresIn int    `json:"ext_expires_in"`
+		AccessToken  string `json:"access_token"`
+	}
+	err = json.NewDecoder(response.Body).Decode(&token)
+	if err != nil {
+		return "", err
+	}
+
+	return token.AccessToken, nil
+}

src/goapp/routes.go

@@ -144,9 +144,9 @@ func setApiRoutes() {
 	httpRouter.GET("/api/communities/{id}/related-communities", m.Chain(rtApi.GetRelatedCommunitiesByCommunityId, m.AzureAuth()))
 
 	// COMMUNITY APPROVERS API
-	httpRouter.POST("/api/community-approvers", rtApi.SubmitCommunityApprover)
-	httpRouter.GET("/api/community-approvers", rtApi.GetCommunityApproversList)
-	httpRouter.GET("/api/community-approvers/active", rtApi.GetAllActiveCommunityApprovers)
+	httpRouter.POST("/api/community-approvers", m.Chain(rtApi.SubmitCommunityApprover, m.AzureAuth(), m.GitHubAuth()))
+	httpRouter.GET("/api/community-approvers", m.Chain(rtApi.GetCommunityApproversList, m.AzureAuth(), m.GitHubAuth()))
+	httpRouter.GET("/api/community-approvers/active", m.Chain(rtApi.GetAllActiveCommunityApprovers, m.AzureAuth(), m.GitHubAuth()))
 
 	// CONTRIBUTION AREAS API
 	httpRouter.POST("/api/contribution-areas", m.Chain(cont.ContributionArea.CreateContributionAreas, m.AzureAuth(), m.GitHubAuth()))
@@ -218,16 +218,16 @@ func setApiRoutes() {
 
 	// REGIONAL ORGANIZATIONS API
 	httpRouter.GET("/api/enterprise-organizations", m.Chain(rtApi.GetEnterpriseOrganizations, m.AzureAuth()))
-	httpRouter.GET("/api/regional-organizations", m.Chain(rtApi.GetRegionalOrganizationByOption))
-	httpRouter.GET("/api/regional-organizations/{id}", m.Chain(rtApi.GetRegionalOrganizationById))
-	httpRouter.POST("/api/regional-organizations", m.Chain(rtApi.InsertRegionalOrganization))
-	httpRouter.PUT("/api/regional-organizations/{id}", m.Chain(rtApi.UpdateRegionalOrganization))
+	httpRouter.GET("/api/regional-organizations", m.Chain(rtApi.GetRegionalOrganizationByOption, m.AzureAuth()))
+	httpRouter.GET("/api/regional-organizations/{id}", m.Chain(rtApi.GetRegionalOrganizationById, m.AzureAuth()))
+	httpRouter.POST("/api/regional-organizations", m.Chain(rtApi.InsertRegionalOrganization, m.AzureAuth()))
+	httpRouter.PUT("/api/regional-organizations/{id}", m.Chain(rtApi.UpdateRegionalOrganization, m.AzureAuth()))
 
 	// OTHER REQUESTS
 	httpRouter.POST("/api/github-organization", m.Chain(rtApi.AddOrganization, m.AzureAuth(), m.GitHubAuth()))
 	httpRouter.GET("/api/github-organization", m.Chain(rtApi.GetAllOrganizationRequest, m.AzureAuth(), m.GitHubAuth()))
 	httpRouter.GET("/api/github-organization/region", m.Chain(rtApi.GetAllRegionalOrganizations, m.AzureAuth(), m.GitHubAuth()))
-	httpRouter.GET("/api/github-organization/region/name", m.Chain(rtApi.GetAllRegionalOrganizationsName))
+	httpRouter.GET("/api/github-organization/region/name", m.Chain(rtApi.GetAllRegionalOrganizationsName, m.GuidAuth()))
 	httpRouter.GET("/api/github-organization/{id}/status", m.Chain(rtApi.GetOrganizationApprovalRequests, m.AzureAuth(), m.GitHubAuth()))
 
 	httpRouter.POST("/api/github-copilot", m.Chain(rtApi.AddGitHubCopilot, m.AzureAuth(), m.GitHubAuth()))
@@ -242,14 +242,14 @@ func setApiRoutes() {
 	httpRouter.GET("/api/github-organization-approvers/active", m.Chain(rtApi.GetAllActiveOrganizationApprovers, m.AzureAuth(), m.GitHubAuth()))
 
 	// APPROVALS API
-	httpRouter.POST("/api/approvals/community/callback", rtApi.UpdateApprovalStatusCommunity)
-	httpRouter.POST("/api/approvals/organization/callback", rtApi.UpdateApprovalStatusOrganization)
-	httpRouter.POST("/api/approvals/github-copilot/callback", rtApi.UpdateApprovalStatusCopilot)
-	httpRouter.POST("/api/approvals/organization-access/callback", rtApi.UpdateApprovalStatusOrganizationAccess)
-	httpRouter.POST("/api/approvals/community/reassign/callback", rtApi.UpdateCommunityApprovalReassignApprover)
-	httpRouter.POST("/api/approvals/project/callback", rtApi.UpdateApprovalStatusProjects)
-	httpRouter.POST("/api/approvals/project/reassign/callback", rtApi.UpdateApprovalReassignApprover)
-	httpRouter.GET("/api/users/{username}/approvals", m.Chain(rtApi.DownloadProjectApprovalsByUsername))
+	httpRouter.POST("/api/approvals/community/callback", m.Chain(rtApi.UpdateApprovalStatusCommunity, m.GuidAuth()))
+	httpRouter.POST("/api/approvals/organization/callback", m.Chain(rtApi.UpdateApprovalStatusOrganization, m.GuidAuth()))
+	httpRouter.POST("/api/approvals/github-copilot/callback", m.Chain(rtApi.UpdateApprovalStatusCopilot, m.GuidAuth()))
+	httpRouter.POST("/api/approvals/organization-access/callback", m.Chain(rtApi.UpdateApprovalStatusOrganizationAccess, m.GuidAuth()))
+	httpRouter.POST("/api/approvals/community/reassign/callback", m.Chain(rtApi.UpdateCommunityApprovalReassignApprover, m.GuidAuth()))
+	httpRouter.POST("/api/approvals/project/callback", m.Chain(rtApi.UpdateApprovalStatusProjects, m.GuidAuth()))
+	httpRouter.POST("/api/approvals/project/reassign/callback", m.Chain(rtApi.UpdateApprovalReassignApprover, m.GuidAuth()))
+	httpRouter.GET("/api/users/{username}/approvals", m.Chain(rtApi.DownloadProjectApprovalsByUsername, m.GuidAuth()))
 
 	// LEGACY APIS
 	httpRouter.GET("/api/searchresult/{searchText}", m.Chain(rtApi.LegacySearchHandler, m.GuidAuth()))

src/goapp/routes/api/projects.go

@@ -16,6 +16,7 @@ import (
 	"time"
 
 	"main/pkg/appinsights_wrapper"
+	"main/pkg/authentication"
 	"main/pkg/email"
 	ev "main/pkg/envvar"
 	db "main/pkg/ghmgmtdb"
@@ -1703,6 +1704,7 @@ func ApprovalSystemRequest(data db.ProjectApprovalApprovers, logger *appinsights
 		go getHttpPostResponseStatus(url, postParams, ch, logger)
 		r := <-ch
 		if r != nil {
+			defer r.Body.Close()
 			var res ProjectApprovalSystemPostResponseDto
 			err := json.NewDecoder(r.Body).Decode(&res)
 			if err != nil {
@@ -1735,12 +1737,33 @@ func getHttpPostResponseStatus(url string, data interface{}, ch chan *http.Respo
 		logger.LogException(err)
 		ch <- nil
 	}
-	res, err := http.Post(url, "application/json; charset=utf-8", bytes.NewBuffer(jsonReq))
+	token, err := authentication.GenerateToken()
 	if err != nil {
 		logger.LogException(err)
 		ch <- nil
 	}
-	ch <- res
+
+	req, err := http.NewRequest("POST", url, bytes.NewBuffer(jsonReq))
+	if err != nil {
+		ch <- nil
+	}
+
+	req.Header.Add("Authorization", "Bearer "+token)
+	req.Header.Add("Content-Type", "application/json")
+
+	client := &http.Client{
+		Timeout: time.Second * 60,
+	}
+
+	response, err := client.Do(req)
+	if err != nil {
+		ch <- nil
+	}
+	if response.StatusCode == http.StatusUnauthorized {
+		ch <- nil
+	}
+
+	ch <- response
 }
 
 func ReprocessRequestApproval() {

src/goapp/routes/pages/notFound.go

@@ -7,6 +7,5 @@ import (
 )
 
 func NotFoundHandler(w http.ResponseWriter, r *http.Request) {
-	w.WriteHeader(http.StatusBadRequest)
 	template.UseTemplate(&w, r, "notfound", nil)
 }