From d1779ea2ee35b673ee9488913d007d56007377a7 Mon Sep 17 00:00:00 2001
From: Lucas Ritzdorf <42657792+LRitzdorf@users.noreply.github.com>
Date: Mon, 8 Jul 2024 12:26:29 -0600
Subject: [PATCH] Implement second HTTP route, to be protected via JWT
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

The actual verification isn't yet implemented — this work forms a base
for that.
---
 CHANGELOG.md                  |  4 ++++
 cmd/cloud-init-server/main.go | 35 ++++++++++++++++++++++++++---------
 2 files changed, 30 insertions(+), 9 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index af9fb84..0db6bea 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -7,6 +7,10 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ## [Unreleased]
 
+### Added
+
+- Added an additional URL endpoint (`/cloud-init-secure`) which will require JWT authentication for access
+
 ### Changed
 
 - Switched from [Gin](https://github.com/gin-gonic/gin) HTTP router to [Chi](https://github.com/go-chi/chi)
diff --git a/cmd/cloud-init-server/main.go b/cmd/cloud-init-server/main.go
index 4b9187c..8209aa1 100644
--- a/cmd/cloud-init-server/main.go
+++ b/cmd/cloud-init-server/main.go
@@ -21,19 +21,36 @@ func main() {
 	flag.StringVar(&smdToken, "smd-token", smdToken, "JWT token for SMD access")
 	flag.Parse()
 
+	// Primary router and shared SMD client
 	router := chi.NewRouter()
-	store := memstore.NewMemStore()
 	sm := smdclient.NewSMDClient(smdEndpoint, smdToken)
+
+	// Unsecured datastore and router
+	store := memstore.NewMemStore()
 	ciHandler := NewCiHandler(store, sm)
+	router_unsec := newCiRouter(ciHandler)
+	router.Mount("/cloud-init", router_unsec)
 
-	router.Get("/cloud-init", ciHandler.ListEntries)
-	router.Post("/cloud-init", ciHandler.AddEntry)
-	router.Get("/cloud-init/{id}", ciHandler.GetEntry)
-	router.Get("/cloud-init/{id}/user-data", ciHandler.GetUserData)
-	router.Get("/cloud-init/{id}/meta-data", ciHandler.GetMetaData)
-	router.Get("/cloud-init/{id}/vendor-data", ciHandler.GetVendorData)
-	router.Put("/cloud-init/{id}", ciHandler.UpdateEntry)
-	router.Delete("/cloud-init/{id}", ciHandler.DeleteEntry)
+	// Secured datastore and router
+	store_sec := memstore.NewMemStore()
+	ciHandler_sec := NewCiHandler(store_sec, sm)
+	router_sec := newCiRouter(ciHandler_sec)
+	router.Mount("/cloud-init-secure", router_sec)
 
+	// Serve all routes
 	http.ListenAndServe(ciEndpoint, router)
 }
+
+func newCiRouter(handler *CiHandler) chi.Router {
+	// Create a fresh Router with cloud-init endpoints
+	router := chi.NewRouter()
+	router.Get("/", handler.ListEntries)
+	router.Post("/", handler.AddEntry)
+	router.Get("/{id}", handler.GetEntry)
+	router.Get("/{id}/user-data", handler.GetUserData)
+	router.Get("/{id}/meta-data", handler.GetMetaData)
+	router.Get("/{id}/vendor-data", handler.GetVendorData)
+	router.Put("/{id}", handler.UpdateEntry)
+	router.Delete("/{id}", handler.DeleteEntry)
+	return router
+}