fix providerlink requirement even if auth is disabled

COSSAS · Jan 20, 2025 · 64bfdda · 64bfdda
1 parent 61a0486
commit 64bfdda
Showing 1 changed file with 18 additions and 8 deletions.
diff --git a/routes/routes.go b/routes/routes.go
@@ -15,31 +15,41 @@ import (
 	"github.com/gin-gonic/gin"
 )
 
+const requiredGroupPermission = "soarca_admin"
+
 func Setup(app *gin.Engine) {
 	app.GET("/404-page", handlers.ErrorPage)
 	app.NoRoute(func(ctx *gin.Context) {
 		ctx.Redirect(http.StatusTemporaryRedirect, "/404-page")
 	})
 
 	authEnabled, _ := strconv.ParseBool(utils.GetEnv("AUTH_ENABLED", "false"))
-
 	reporter := soarca.NewReport(utils.GetEnv("SOARCA_URI", "http://localhost:8080"), &http.Client{}, authEnabled)
 	status := soarca.NewStatus(utils.GetEnv("SOARCA_URI", "http://localhost:8080"), &http.Client{}, authEnabled)
 
-	auth, err := gauth.New(gauth.OIDCRedirectConfig())
-	authHandler := handlers.NewOIDCAuthHandler(auth)
-	if err != nil {
-		log.Fatal("could not configure oidc redirect config: ", err)
+	var auth *gauth.Authenticator
+	var authHandler *handlers.OIDCAuthHandler
+	var err error
+
+	if authEnabled {
+		auth, err = gauth.New(gauth.OIDCRedirectConfig())
+		if err != nil {
+			log.Fatal("could not configure oidc redirect config: ", err)
+		}
+		authHandler = handlers.NewOIDCAuthHandler(auth)
 	}
+
 	publicRoutes := app.Group("/")
 	protectedRoutes := app.Group("/")
-	protectedRoutes.Use(auth.LoadAuthContext())
 
 	PublicRoutes(publicRoutes, authEnabled, authHandler)
 
-	protectedRoutes.Use(auth.Middleware([]string{"soarca_admin"}))
-	DashboardRoutes(protectedRoutes, authHandler)
+	if authEnabled {
+		protectedRoutes.Use(auth.LoadAuthContext())
+		protectedRoutes.Use(auth.Middleware([]string{requiredGroupPermission}))
+	}
 
+	DashboardRoutes(protectedRoutes, authHandler)
 	ReportingRoutes(reporter, protectedRoutes, authEnabled)
 	StatusRoutes(status, protectedRoutes, authEnabled)
 	SettingsRoutes(protectedRoutes)