feat: add basic auth tutorial implementation as exemple

doc/fr/getting-started.md

@@ -59,7 +59,7 @@
 
     ```bash
     # Création du proxy nommé 'cadoles' vers https://www.cadoles.com
-    bouncer admin proxy create --to https://www.cadoles.com --proxy-name cadoles
+    bouncer admin proxy create --proxy-to https://www.cadoles.com --proxy-name cadoles
     ```
 
     Un message équivalent à celui ci devrait s'afficher:
@@ -77,7 +77,7 @@
 
     ```bash
     # Activation du proxy
-    bouncer admin proxy update --proxy-name cadoles --enabled=true
+    bouncer admin proxy update --proxy-name cadoles --proxy-enabled=true
     ```
 
     Un message équivalent à celui ci devrait s'afficher:

doc/fr/tutorials/add-queue-layer.md

@@ -22,7 +22,7 @@
 2. À ce stade, le calque est encore inactif. Définir la capacité de la file d'attente à 1 et activer le calque en utilisant le CLI
 
     ```bash
-    bouncer admin layer update --proxy-name cadoles --layer-name my-queue --enabled=true --options '{"capacity": 1}'
+    bouncer admin layer update --proxy-name cadoles --layer-name my-queue --layer-enabled=true --layer-options '{"capacity": 1}'
     ```
 
     Un message équivalent à celui ci devrait s'afficher:

internal/admin/layer_route.go

@@ -5,6 +5,7 @@ import (
 	"sort"
 
 	"forge.cadoles.com/cadoles/bouncer/internal/schema"
+	"forge.cadoles.com/cadoles/bouncer/internal/setup"
 	"forge.cadoles.com/cadoles/bouncer/internal/store"
 	"github.com/go-chi/chi/v5"
 	"github.com/pkg/errors"
@@ -155,13 +156,22 @@ func (s *Server) createLayer(w http.ResponseWriter, r *http.Request) {
 
 	layerName, err := store.ValidateName(createLayerReq.Name)
 	if err != nil {
-		logger.Error(r.Context(), "could not parse 'name' parameter", logger.E(errors.WithStack(err)))
-		api.ErrorResponse(w, http.StatusBadRequest, api.ErrCodeMalformedRequest, nil)
+		logger.Error(r.Context(), "invalid 'name' parameter", logger.E(errors.WithStack(err)))
+		api.ErrorResponse(w, http.StatusBadRequest, api.ErrCodeInvalidRequest, nil)
 
 		return
 	}
 
-	layer, err := s.layerRepository.CreateLayer(ctx, proxyName, store.LayerName(layerName), store.LayerType(createLayerReq.Type), createLayerReq.Options)
+	layerType := store.LayerType(createLayerReq.Type)
+
+	if !setup.LayerTypeExists(layerType) {
+		logger.Error(r.Context(), "unknown layer type", logger.E(errors.WithStack(err)), logger.F("layerType", layerType))
+		api.ErrorResponse(w, http.StatusBadRequest, api.ErrCodeInvalidRequest, nil)
+
+		return
+	}
+
+	layer, err := s.layerRepository.CreateLayer(ctx, proxyName, store.LayerName(layerName), layerType, createLayerReq.Options)
 	if err != nil {
 		if errors.Is(err, store.ErrAlreadyExist) {
 			api.ErrorResponse(w, http.StatusConflict, ErrCodeAlreadyExist, nil)
@@ -235,7 +245,19 @@ func (s *Server) updateLayer(w http.ResponseWriter, r *http.Request) {
 	}
 
 	if updateLayerReq.Options != nil {
-		if err := schema.ValidateLayerOptions(ctx, layer.Type, updateLayerReq.Options); err != nil {
+		layerOptionsSchema, err := setup.GetLayerOptionsSchema(layer.Type)
+		if err != nil {
+			logger.Error(r.Context(), "could not retrieve layer options schema", logger.E(errors.WithStack(err)))
+			api.ErrorResponse(w, http.StatusInternalServerError, api.ErrCodeUnknownError, nil)
+
+			return
+		}
+
+		rawOptions := func(opts *store.LayerOptions) map[string]any {
+			return *opts
+		}(updateLayerReq.Options)
+
+		if err := schema.Validate(ctx, layerOptionsSchema, rawOptions); err != nil {
 			logger.Error(r.Context(), "could not validate layer options", logger.E(errors.WithStack(err)))
 
 			var invalidDataErr *schema.InvalidDataError

internal/command/admin/layer/flag/flag.go

@@ -2,27 +2,22 @@ package flag
 
 import (
 	"encoding/json"
+	"fmt"
 
 	proxyFlag "forge.cadoles.com/cadoles/bouncer/internal/command/admin/proxy/flag"
+	"forge.cadoles.com/cadoles/bouncer/internal/setup"
 	"forge.cadoles.com/cadoles/bouncer/internal/store"
 	"github.com/pkg/errors"
 	"github.com/urfave/cli/v2"
 )
 
 const (
-	FlagLayerName    = "layer-name"
-	FlagLayerType    = "layer-type"
-	FlagLayerOptions = "layer-options"
+	FlagKeyLayerType = "layer-type"
 )
 
 func WithLayerFlags(flags ...cli.Flag) []cli.Flag {
 	baseFlags := proxyFlag.WithProxyFlags(
-		&cli.StringFlag{
-			Name:     FlagLayerName,
-			Usage:    "use `LAYER_NAME` as targeted layer",
-			Value:    "",
-			Required: true,
-		},
+		LayerName(),
 	)
 
 	flags = append(flags, baseFlags...)
@@ -32,22 +27,63 @@ func WithLayerFlags(flags ...cli.Flag) []cli.Flag {
 
 func WithLayerCreateFlags(flags ...cli.Flag) []cli.Flag {
 	return WithLayerFlags(
-		&cli.StringFlag{
-			Name:     FlagLayerType,
-			Usage:    "Set `LAYER_TYPE` as layer's type",
-			Value:    "",
-			Required: true,
-		},
-		&cli.StringFlag{
-			Name:  FlagLayerOptions,
-			Usage: "Set `LAYER_OPTIONS` as layer's options",
-			Value: "{}",
-		},
+		LayerType(),
+		LayerOptions(),
 	)
 }
 
+const KeyLayerName = "layer-name"
+
+func LayerName() cli.Flag {
+	return &cli.StringFlag{
+		Name:     KeyLayerName,
+		Usage:    "use `LAYER_NAME` as targeted layer",
+		Value:    "",
+		Required: true,
+	}
+}
+
+const KeyLayerType = "layer-type"
+
+func LayerType() cli.Flag {
+	return &cli.StringFlag{
+		Name:     KeyLayerType,
+		Usage:    fmt.Sprintf("Set `LAYER_TYPE` as layer's type (available: %v)", setup.GetLayerTypes()),
+		Value:    "",
+		Required: true,
+	}
+}
+
+const KeyLayerOptions = "layer-options"
+
+func LayerOptions() cli.Flag {
+	return &cli.StringFlag{
+		Name:  KeyLayerOptions,
+		Usage: "Set `LAYER_OPTIONS` as layer's options",
+		Value: "{}",
+	}
+}
+
+const KeyLayerWeight = "layer-weight"
+
+func LayerWeight() cli.Flag {
+	return &cli.IntFlag{
+		Name:  KeyLayerWeight,
+		Usage: "Set `LAYER_WEIGHT` as layer's weight",
+	}
+}
+
+const KeyLayerEnabled = "layer-enabled"
+
+func LayerEnabled() cli.Flag {
+	return &cli.BoolFlag{
+		Name:  KeyLayerEnabled,
+		Usage: "Enable or disable layer",
+	}
+}
+
 func AssertLayerName(ctx *cli.Context) (store.LayerName, error) {
-	rawLayerName := ctx.String(FlagLayerName)
+	rawLayerName := ctx.String(KeyLayerName)
 
 	name, err := store.ValidateName(rawLayerName)
 	if err != nil {
@@ -58,13 +94,18 @@ func AssertLayerName(ctx *cli.Context) (store.LayerName, error) {
 }
 
 func AssertLayerType(ctx *cli.Context) (store.LayerType, error) {
-	rawLayerType := ctx.String(FlagLayerType)
+	rawLayerType := ctx.String(FlagKeyLayerType)
 
-	return store.LayerType(rawLayerType), nil
+	layerType := store.LayerType(rawLayerType)
+	if !setup.LayerTypeExists(layerType) {
+		return "", errors.Errorf("unknown layer type '%s'", layerType)
+	}
+
+	return layerType, nil
 }
 
 func AssertLayerOptions(ctx *cli.Context) (store.LayerOptions, error) {
-	rawLayerOptions := ctx.String(FlagLayerOptions)
+	rawLayerOptions := ctx.String(KeyLayerOptions)
 
 	layerOptions := store.LayerOptions{}
 

internal/command/admin/layer/update.go

@@ -7,6 +7,7 @@ import (
 	"forge.cadoles.com/cadoles/bouncer/internal/client"
 	"forge.cadoles.com/cadoles/bouncer/internal/command/admin/apierr"
 	clientFlag "forge.cadoles.com/cadoles/bouncer/internal/command/admin/flag"
+	"forge.cadoles.com/cadoles/bouncer/internal/command/admin/layer/flag"
 	layerFlag "forge.cadoles.com/cadoles/bouncer/internal/command/admin/layer/flag"
 	proxyFlag "forge.cadoles.com/cadoles/bouncer/internal/command/admin/proxy/flag"
 	"forge.cadoles.com/cadoles/bouncer/internal/format"
@@ -20,18 +21,9 @@ func UpdateCommand() *cli.Command {
 		Name:  "update",
 		Usage: "Update layer",
 		Flags: layerFlag.WithLayerFlags(
-			&cli.BoolFlag{
-				Name:  "enabled",
-				Usage: "Enable or disable proxy",
-			},
-			&cli.IntFlag{
-				Name:  "weight",
-				Usage: "Set `WEIGHT` as proxy's weight",
-			},
-			&cli.StringFlag{
-				Name:  "options",
-				Usage: "Set `OPTIONS` as proxy's options",
-			},
+			flag.LayerEnabled(),
+			flag.LayerWeight(),
+			flag.LayerOptions(),
 		),
 		Action: func(ctx *cli.Context) error {
 			baseFlags := clientFlag.GetBaseFlags(ctx)
@@ -53,22 +45,22 @@ func UpdateCommand() *cli.Command {
 
 			opts := &client.UpdateLayerOptions{}
 
-			if ctx.IsSet("options") {
+			if ctx.IsSet(flag.KeyLayerOptions) {
 				var options store.LayerOptions
-				if err := json.Unmarshal([]byte(ctx.String("options")), &options); err != nil {
-					return errors.Wrap(err, "could not parse options")
+				if err := json.Unmarshal([]byte(ctx.String(flag.KeyLayerOptions)), &options); err != nil {
+					return errors.Wrap(err, "could not parse layer's options")
 				}
 
 				opts.Options = &options
 			}
 
-			if ctx.IsSet("weight") {
-				weight := ctx.Int("weight")
+			if ctx.IsSet(flag.KeyLayerWeight) {
+				weight := ctx.Int(flag.KeyLayerWeight)
 				opts.Weight = &weight
 			}
 
-			if ctx.IsSet("enabled") {
-				enabled := ctx.Bool("enabled")
+			if ctx.IsSet(flag.KeyLayerEnabled) {
+				enabled := ctx.Bool(flag.KeyLayerEnabled)
 				opts.Enabled = &enabled
 			}
 

internal/command/admin/proxy/create.go

@@ -7,6 +7,7 @@ import (
 	"forge.cadoles.com/cadoles/bouncer/internal/client"
 	"forge.cadoles.com/cadoles/bouncer/internal/command/admin/apierr"
 	clientFlag "forge.cadoles.com/cadoles/bouncer/internal/command/admin/flag"
+	"forge.cadoles.com/cadoles/bouncer/internal/command/admin/proxy/flag"
 	proxyFlag "forge.cadoles.com/cadoles/bouncer/internal/command/admin/proxy/flag"
 	"forge.cadoles.com/cadoles/bouncer/internal/format"
 	"github.com/pkg/errors"
@@ -18,17 +19,8 @@ func CreateCommand() *cli.Command {
 		Name:  "create",
 		Usage: "Create proxy",
 		Flags: proxyFlag.WithProxyFlags(
-			&cli.StringFlag{
-				Name:     "to",
-				Usage:    "Set `TO` as proxy's destination url",
-				Value:    "",
-				Required: true,
-			},
-			&cli.StringSliceFlag{
-				Name:  "from",
-				Usage: "Set `FROM` as proxy's patterns to match incoming requests",
-				Value: cli.NewStringSlice("*"),
-			},
+			flag.ProxyTo(),
+			flag.ProxyFrom(),
 		),
 		Action: func(ctx *cli.Context) error {
 			baseFlags := clientFlag.GetBaseFlags(ctx)
@@ -43,12 +35,12 @@ func CreateCommand() *cli.Command {
 				return errors.Wrap(err, "'to' parameter should be a valid url")
 			}
 
-			to, err := url.Parse(ctx.String("to"))
+			to, err := url.Parse(ctx.String(flag.KeyProxyTo))
 			if err != nil {
 				return errors.Wrap(err, "'to' parameter should be a valid url")
 			}
 
-			from := ctx.StringSlice("from")
+			from := ctx.StringSlice(flag.KeyProxyFrom)
 
 			client := client.New(baseFlags.ServerURL, client.WithToken(token))
 

internal/command/admin/proxy/flag/flag.go

@@ -7,16 +7,9 @@ import (
 	"github.com/urfave/cli/v2"
 )
 
-const FlagProxyName = "proxy-name"
-
 func WithProxyFlags(flags ...cli.Flag) []cli.Flag {
 	baseFlags := clientFlag.ComposeFlags(
-		&cli.StringFlag{
-			Name:     FlagProxyName,
-			Usage:    "use `PROXY_NAME` as targeted proxy",
-			Value:    "",
-			Required: true,
-		},
+		ProxyName(),
 	)
 
 	flags = append(flags, baseFlags...)
@@ -24,8 +17,58 @@ func WithProxyFlags(flags ...cli.Flag) []cli.Flag {
 	return flags
 }
 
+const KeyProxyName = "proxy-name"
+
+func ProxyName() cli.Flag {
+	return &cli.StringFlag{
+		Name:     KeyProxyName,
+		Usage:    "use `PROXY_NAME` as targeted proxy",
+		Value:    "",
+		Required: true,
+	}
+}
+
+const KeyProxyTo = "proxy-to"
+
+func ProxyTo() cli.Flag {
+	return &cli.StringFlag{
+		Name:     KeyProxyTo,
+		Usage:    "Set `PROXY_TO` as proxy's destination url",
+		Value:    "",
+		Required: true,
+	}
+}
+
+const KeyProxyFrom = "proxy-from"
+
+func ProxyFrom() cli.Flag {
+	return &cli.StringSliceFlag{
+		Name:  KeyProxyFrom,
+		Usage: "Set `PROXY_FROM` as proxy's patterns to match incoming requests",
+		Value: cli.NewStringSlice("*"),
+	}
+}
+
+const KeyProxyWeight = "proxy-weight"
+
+func ProxyWeight() cli.Flag {
+	return &cli.IntFlag{
+		Name:  KeyProxyWeight,
+		Usage: "Set `PROXY_WEIGHT` as proxy's weight",
+	}
+}
+
+const KeyProxyEnabled = "proxy-enabled"
+
+func ProxyEnabled() cli.Flag {
+	return &cli.BoolFlag{
+		Name:  KeyProxyEnabled,
+		Usage: "Enable or disable proxy",
+	}
+}
+
 func AssertProxyName(ctx *cli.Context) (store.ProxyName, error) {
-	rawProxyName := ctx.String(FlagProxyName)
+	rawProxyName := ctx.String(KeyProxyName)
 
 	name, err := store.ValidateName(rawProxyName)
 	if err != nil {

internal/command/admin/proxy/update.go

@@ -7,6 +7,7 @@ import (
 	"forge.cadoles.com/cadoles/bouncer/internal/client"
 	"forge.cadoles.com/cadoles/bouncer/internal/command/admin/apierr"
 	clientFlag "forge.cadoles.com/cadoles/bouncer/internal/command/admin/flag"
+	"forge.cadoles.com/cadoles/bouncer/internal/command/admin/proxy/flag"
 	proxyFlag "forge.cadoles.com/cadoles/bouncer/internal/command/admin/proxy/flag"
 	"forge.cadoles.com/cadoles/bouncer/internal/format"
 	"github.com/pkg/errors"
@@ -18,22 +19,10 @@ func UpdateCommand() *cli.Command {
 		Name:  "update",
 		Usage: "Update proxy",
 		Flags: proxyFlag.WithProxyFlags(
-			&cli.StringFlag{
-				Name:  "to",
-				Usage: "Set `TO` as proxy's destination url",
-			},
-			&cli.StringSliceFlag{
-				Name:  "from",
-				Usage: "Set `FROM` as proxy's patterns to match incoming requests",
-			},
-			&cli.BoolFlag{
-				Name:  "enabled",
-				Usage: "Enable or disable proxy",
-			},
-			&cli.IntFlag{
-				Name:  "weight",
-				Usage: "Set `WEIGHT` as proxy's weight",
-			},
+			flag.ProxyTo(),
+			flag.ProxyFrom(),
+			flag.ProxyEnabled(),
+			flag.ProxyWeight(),
 		),
 		Action: func(ctx *cli.Context) error {
 			baseFlags := clientFlag.GetBaseFlags(ctx)
@@ -50,27 +39,29 @@ func UpdateCommand() *cli.Command {
 
 			opts := &client.UpdateProxyOptions{}
 
-			if ctx.IsSet("to") {
-				to := ctx.String("to")
+			if ctx.IsSet(flag.KeyProxyTo) {
+				to := ctx.String(flag.KeyProxyTo)
 				if _, err := url.Parse(to); err != nil {
-					return errors.Wrap(err, "'to' parameter should be a valid url")
+					return errors.Wrapf(err, "'%s' parameter should be a valid url", flag.KeyProxyTo)
 				}
 
 				opts.To = &to
 			}
 
-			from := ctx.StringSlice("from")
-			if from != nil {
-				opts.From = from
+			if ctx.IsSet(flag.KeyProxyFrom) {
+				from := ctx.StringSlice(flag.KeyProxyFrom)
+				if from != nil {
+					opts.From = from
+				}
 			}
 
-			if ctx.IsSet("weight") {
-				weight := ctx.Int("weight")
+			if ctx.IsSet(flag.KeyProxyWeight) {
+				weight := ctx.Int(flag.KeyProxyWeight)
 				opts.Weight = &weight
 			}
 
-			if ctx.IsSet("enabled") {
-				enabled := ctx.Bool("enabled")
+			if ctx.IsSet(flag.KeyProxyEnabled) {
+				enabled := ctx.Bool(flag.KeyProxyEnabled)
 				opts.Enabled = &enabled
 			}
 

internal/command/server/proxy/run.go

@@ -1,16 +1,11 @@
 package proxy
 
 import (
-	"context"
 	"fmt"
 	"strings"
-	"time"
 
 	"forge.cadoles.com/cadoles/bouncer/internal/command/common"
-	"forge.cadoles.com/cadoles/bouncer/internal/config"
 	"forge.cadoles.com/cadoles/bouncer/internal/proxy"
-	"forge.cadoles.com/cadoles/bouncer/internal/proxy/director"
-	"forge.cadoles.com/cadoles/bouncer/internal/queue"
 	"forge.cadoles.com/cadoles/bouncer/internal/setup"
 	"github.com/pkg/errors"
 	"github.com/urfave/cli/v2"
@@ -33,7 +28,7 @@ func RunCommand() *cli.Command {
 			logger.SetFormat(logger.Format(conf.Logger.Format))
 			logger.SetLevel(logger.Level(conf.Logger.Level))
 
-			layers, err := initDirectorLayers(ctx.Context, conf)
+			layers, err := setup.GetLayers(ctx.Context, conf)
 			if err != nil {
 				return errors.Wrap(err, "could not initialize director layers")
 			}
@@ -64,36 +59,3 @@ func RunCommand() *cli.Command {
 		},
 	}
 }
-
-func initDirectorLayers(ctx context.Context, conf *config.Config) ([]director.Layer, error) {
-	layers := make([]director.Layer, 0)
-
-	queue, err := initQueueLayer(ctx, conf)
-	if err != nil {
-		return nil, errors.Wrap(err, "could not initialize queue layer")
-	}
-
-	layers = append(layers, queue)
-
-	return layers, nil
-}
-
-func initQueueLayer(ctx context.Context, conf *config.Config) (*queue.Queue, error) {
-	adapter, err := setup.NewQueueAdapter(ctx, conf.Redis)
-	if err != nil {
-		return nil, errors.WithStack(err)
-	}
-
-	options := []queue.OptionFunc{
-		queue.WithTemplateDir(string(conf.Layers.Queue.TemplateDir)),
-	}
-
-	if conf.Layers.Queue.DefaultKeepAlive != nil {
-		options = append(options, queue.WithDefaultKeepAlive(time.Duration(*conf.Layers.Queue.DefaultKeepAlive)))
-	}
-
-	return queue.New(
-		adapter,
-		options...,
-	), nil
-}

internal/proxy/director/layer/basicauth/basicauth.go

@@ -0,0 +1,112 @@
+package basicauth
+
+import (
+	"crypto/sha256"
+	"crypto/subtle"
+	"net/http"
+
+	proxy "forge.cadoles.com/Cadoles/go-proxy"
+	"forge.cadoles.com/cadoles/bouncer/internal/proxy/director"
+	"forge.cadoles.com/cadoles/bouncer/internal/store"
+	"gitlab.com/wpetit/goweb/logger"
+)
+
+const LayerType store.LayerType = "basicauth"
+
+type BasicAuth struct{}
+
+// LayerType implements director.MiddlewareLayer.
+func (*BasicAuth) LayerType() store.LayerType {
+	return LayerType
+}
+
+// Middleware implements director.MiddlewareLayer.
+func (*BasicAuth) Middleware(layer *store.Layer) proxy.Middleware {
+	// La méthode doit retourner un "Middleware" qui est un alias
+	// pour les fonctions généralement utilisées
+	// dans les librairies http en Go pour créer
+	// une fonction d'interception/transformation de requête.
+	return func(next http.Handler) http.Handler {
+		fn := func(w http.ResponseWriter, r *http.Request) {
+			// On récupère les identifiants "basic auth" transmis (ou non)
+			// avec la requête
+			username, password, ok := r.BasicAuth()
+
+			// On créait une méthode locale pour gérer le cas d'une erreur d'authentification.
+			unauthorized := func() {
+				// On ajoute cette entête HTTP à la réponse pour déclencher l'affichage
+				// de la popup d'authentification dans le navigateur web de l'utilisateur.
+				w.Header().Set("WWW-Authenticate", `Basic realm="restricted", charset="UTF-8"`)
+
+				// On retoure un code d'erreur HTTP 401 (Unauthorized)
+				http.Error(w, http.StatusText(http.StatusUnauthorized), http.StatusUnauthorized)
+			}
+
+			if !ok {
+				// L'entête Authorization est absente ou ne correspondant
+				// pas à du Basic Auth, on retourne une erreur HTTP 401 et
+				// on interrompt le traitement de la requête ici
+				unauthorized()
+
+				return
+			}
+
+			// On extrait les identifiants des options associées
+			// à notre layer
+			expectedUsername, usernameExists := layer.Options["username"].(string)
+			expectedPassword, passwordExists := layer.Options["password"].(string)
+
+			// Si le nom d'utilisateur ou le mot de passe attendu n'existe pas
+			// alors on retourne une erreur HTTP 500 à l'utilisateur.
+			if !usernameExists || !passwordExists {
+				logger.Error(r.Context(), "basicauth layer missing password or username option")
+				http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError)
+
+				return
+			}
+
+			// On vérifie les identifiants associés à la requête
+			isAuthenticated := authenticate(username, password, expectedUsername, expectedPassword)
+
+			// Si les identifiants sont non reconnus alors
+			// on interrompt le traitement de la requête
+			if !isAuthenticated {
+				unauthorized()
+
+				return
+			}
+
+			// L'authentification a réussie ! On passe la main au handler HTTP suivant
+			next.ServeHTTP(w, r)
+		}
+
+		return http.HandlerFunc(fn)
+	}
+}
+
+func authenticate(username, password string, expectedUsername, expectedPassword string) bool {
+	// On génère une empreinte au format sha256 pour nos identifiants
+	usernameHash := sha256.Sum256([]byte(username))
+	passwordHash := sha256.Sum256([]byte(password))
+
+	// On effectue de même avec les identifiants attendus.
+	// Pour l'instant, on utilise un couple d'identifiants en "dur".
+	expectedUsernameHash := sha256.Sum256([]byte(expectedUsername))
+	expectedPasswordHash := sha256.Sum256([]byte(expectedPassword))
+
+	// On utilise la méthode subtle.ConstantTimeCompare()
+	// pour faire la comparaison des identifiants en temps constant
+	// et ainsi éviter les attaques par timing.
+	usernameMatch := (subtle.ConstantTimeCompare(usernameHash[:], expectedUsernameHash[:]) == 1)
+	passwordMatch := (subtle.ConstantTimeCompare(passwordHash[:], expectedPasswordHash[:]) == 1)
+
+	// L'utilisateur est authentifié si son nom et son mot de passe
+	// correspondent avec ceux attendus.
+	return usernameMatch && passwordMatch
+}
+
+func New() *BasicAuth {
+	return &BasicAuth{}
+}
+
+var _ director.MiddlewareLayer = &BasicAuth{}

internal/proxy/director/layer/basicauth/layer-options.json

@@ -0,0 +1,14 @@
+{
+    "$id": "https://forge.cadoles.com/cadoles/bouncer/schemas/basicauth-layer-options",
+    "title": "BasicAuth layer options",
+    "type": "object",
+    "properties": {
+        "username": {
+            "type": "string"
+        },
+        "password": {
+            "type": "string"
+        }
+    },
+    "additionalProperties": false
+}

internal/proxy/director/layer/basicauth/layer_options.go

@@ -0,0 +1,8 @@
+package basicauth
+
+import (
+	_ "embed"
+)
+
+//go:embed layer-options.json
+var RawLayerOptionsSchema []byte

internal/proxy/director/layer/queue/redis/adapter.go

@@ -6,7 +6,7 @@ import (
 	"strings"
 	"time"
 
-	"forge.cadoles.com/cadoles/bouncer/internal/queue"
+	"forge.cadoles.com/cadoles/bouncer/internal/proxy/director/layer/queue"
 	"github.com/pkg/errors"
 	"github.com/redis/go-redis/v9"
 )

internal/proxy/director/layer/queue/schema.go

@@ -0,0 +1,8 @@
+package queue
+
+import (
+	_ "embed"
+)
+
+//go:embed schema/layer-options.json
+var RawLayerOptionsSchema []byte

internal/queue/schema.go

@@ -1,20 +0,0 @@
-package queue
-
-import (
-	_ "embed"
-
-	"forge.cadoles.com/cadoles/bouncer/internal/schema"
-	"github.com/pkg/errors"
-)
-
-//go:embed schema/layer-options.json
-var rawLayerOptionsSchema []byte
-
-func init() {
-	layerOptionsSchema, err := schema.Parse(rawLayerOptionsSchema)
-	if err != nil {
-		panic(errors.Wrap(err, "could not parse queue layer options schema"))
-	}
-
-	schema.RegisterLayerOptionsSchema(LayerType, layerOptionsSchema)
-}

internal/schema/load.go

@@ -7,8 +7,10 @@ import (
 	"github.com/qri-io/jsonschema"
 )
 
-func Parse(data []byte) (*jsonschema.Schema, error) {
-	var schema jsonschema.Schema
+type Schema = jsonschema.Schema
+
+func Parse(data []byte) (*Schema, error) {
+	var schema Schema
 	if err := json.Unmarshal(data, &schema); err != nil {
 		return nil, errors.WithStack(err)
 	}

internal/schema/registry.go

@@ -1,56 +0,0 @@
-package schema
-
-import (
-	"context"
-
-	"forge.cadoles.com/cadoles/bouncer/internal/store"
-	"github.com/pkg/errors"
-	"github.com/qri-io/jsonschema"
-)
-
-var defaultRegistry = NewRegistry()
-
-func RegisterLayerOptionsSchema(layerType store.LayerType, schema *jsonschema.Schema) {
-	defaultRegistry.RegisterLayerOptionsSchema(layerType, schema)
-}
-
-func ValidateLayerOptions(ctx context.Context, layerType store.LayerType, options *store.LayerOptions) error {
-	if err := defaultRegistry.ValidateLayerOptions(ctx, layerType, options); err != nil {
-		return errors.WithStack(err)
-	}
-
-	return nil
-}
-
-type Registry struct {
-	layerOptionSchemas map[store.LayerType]*jsonschema.Schema
-}
-
-func (r *Registry) RegisterLayerOptionsSchema(layerType store.LayerType, schema *jsonschema.Schema) {
-	r.layerOptionSchemas[layerType] = schema
-}
-
-func (r *Registry) ValidateLayerOptions(ctx context.Context, layerType store.LayerType, options *store.LayerOptions) error {
-	schema, exists := r.layerOptionSchemas[layerType]
-	if !exists {
-		return errors.WithStack(ErrSchemaNotFound)
-	}
-
-	rawOptions := func(opts *store.LayerOptions) map[string]any {
-		return *opts
-	}(options)
-
-	state := schema.Validate(ctx, rawOptions)
-
-	if len(*state.Errs) > 0 {
-		return errors.WithStack(NewInvalidDataError(*state.Errs...))
-	}
-
-	return nil
-}
-
-func NewRegistry() *Registry {
-	return &Registry{
-		layerOptionSchemas: make(map[store.LayerType]*jsonschema.Schema),
-	}
-}

internal/schema/validate.go

@@ -0,0 +1,17 @@
+package schema
+
+import (
+	"context"
+
+	"github.com/pkg/errors"
+)
+
+func Validate(ctx context.Context, schema *Schema, data map[string]any) error {
+	state := schema.Validate(ctx, data)
+
+	if len(*state.Errs) > 0 {
+		return errors.WithStack(NewInvalidDataError(*state.Errs...))
+	}
+
+	return nil
+}

internal/setup/basicauth_layer.go

@@ -0,0 +1,15 @@
+package setup
+
+import (
+	"forge.cadoles.com/cadoles/bouncer/internal/config"
+	"forge.cadoles.com/cadoles/bouncer/internal/proxy/director"
+	"forge.cadoles.com/cadoles/bouncer/internal/proxy/director/layer/basicauth"
+)
+
+func init() {
+	RegisterLayer(basicauth.LayerType, setupBasicAuthLayer, basicauth.RawLayerOptionsSchema)
+}
+
+func setupBasicAuthLayer(conf *config.Config) (director.Layer, error) {
+	return &basicauth.BasicAuth{}, nil
+}

internal/setup/default_registry.go

@@ -0,0 +1,43 @@
+package setup
+
+import (
+	"context"
+
+	"forge.cadoles.com/cadoles/bouncer/internal/config"
+	"forge.cadoles.com/cadoles/bouncer/internal/proxy/director"
+	"forge.cadoles.com/cadoles/bouncer/internal/store"
+	"github.com/pkg/errors"
+	"github.com/qri-io/jsonschema"
+)
+
+var defaultRegistry = NewRegistry()
+
+func RegisterLayer(layerType store.LayerType, setupFunc LayerSetupFunc, rawOptionsSchema []byte) {
+	defaultRegistry.RegisterLayer(layerType, setupFunc, rawOptionsSchema)
+}
+
+func GetLayerOptionsSchema(layerType store.LayerType) (*jsonschema.Schema, error) {
+	schema, err := defaultRegistry.GetLayerOptionsSchema(layerType)
+	if err != nil {
+		return nil, errors.WithStack(err)
+	}
+
+	return schema, nil
+}
+
+func GetLayers(ctx context.Context, conf *config.Config) ([]director.Layer, error) {
+	layers, err := defaultRegistry.GetLayers(ctx, conf)
+	if err != nil {
+		return nil, errors.WithStack(err)
+	}
+
+	return layers, nil
+}
+
+func GetLayerTypes() []store.LayerType {
+	return defaultRegistry.GetLayerTypes()
+}
+
+func LayerTypeExists(layerType store.LayerType) bool {
+	return defaultRegistry.LayerTypeExists(layerType)
+}

internal/setup/error.go

@@ -0,0 +1,5 @@
+package setup
+
+import "errors"
+
+var ErrNotFound = errors.New("not found")

internal/setup/queue_layer.go

@@ -0,0 +1,45 @@
+package setup
+
+import (
+	"time"
+
+	"forge.cadoles.com/cadoles/bouncer/internal/config"
+	"forge.cadoles.com/cadoles/bouncer/internal/proxy/director"
+	"forge.cadoles.com/cadoles/bouncer/internal/proxy/director/layer/queue"
+	queueRedis "forge.cadoles.com/cadoles/bouncer/internal/proxy/director/layer/queue/redis"
+	"github.com/pkg/errors"
+	"github.com/redis/go-redis/v9"
+)
+
+func init() {
+	RegisterLayer(queue.LayerType, setupQueueLayer, queue.RawLayerOptionsSchema)
+}
+
+func setupQueueLayer(conf *config.Config) (director.Layer, error) {
+	adapter, err := newQueueAdapter(conf.Redis)
+	if err != nil {
+		return nil, errors.WithStack(err)
+	}
+
+	options := []queue.OptionFunc{
+		queue.WithTemplateDir(string(conf.Layers.Queue.TemplateDir)),
+	}
+
+	if conf.Layers.Queue.DefaultKeepAlive != nil {
+		options = append(options, queue.WithDefaultKeepAlive(time.Duration(*conf.Layers.Queue.DefaultKeepAlive)))
+	}
+
+	return queue.New(
+		adapter,
+		options...,
+	), nil
+}
+
+func newQueueAdapter(redisConf config.RedisConfig) (queue.Adapter, error) {
+	rdb := redis.NewUniversalClient(&redis.UniversalOptions{
+		Addrs:      redisConf.Adresses,
+		MasterName: string(redisConf.Master),
+	})
+
+	return queueRedis.NewAdapter(rdb, 2), nil
+}

internal/setup/queue_repository.go

@@ -1,20 +0,0 @@
-package setup
-
-import (
-	"context"
-
-	"forge.cadoles.com/cadoles/bouncer/internal/config"
-	"forge.cadoles.com/cadoles/bouncer/internal/queue"
-	"github.com/redis/go-redis/v9"
-
-	queueRedis "forge.cadoles.com/cadoles/bouncer/internal/queue/redis"
-)
-
-func NewQueueAdapter(ctx context.Context, redisConf config.RedisConfig) (queue.Adapter, error) {
-	rdb := redis.NewUniversalClient(&redis.UniversalOptions{
-		Addrs:      redisConf.Adresses,
-		MasterName: string(redisConf.Master),
-	})
-
-	return queueRedis.NewAdapter(rdb, 2), nil
-}

internal/setup/registry.go

@@ -0,0 +1,80 @@
+package setup
+
+import (
+	"context"
+
+	"forge.cadoles.com/cadoles/bouncer/internal/config"
+	"forge.cadoles.com/cadoles/bouncer/internal/proxy/director"
+	"forge.cadoles.com/cadoles/bouncer/internal/schema"
+	"forge.cadoles.com/cadoles/bouncer/internal/store"
+	"github.com/pkg/errors"
+)
+
+type layerEntry struct {
+	setup            LayerSetupFunc
+	rawOptionsSchema []byte
+}
+
+type Registry struct {
+	layers map[store.LayerType]layerEntry
+}
+
+type LayerSetupFunc func(*config.Config) (director.Layer, error)
+
+func (r *Registry) RegisterLayer(layerType store.LayerType, layerSetup LayerSetupFunc, rawOptionsSchema []byte) {
+	r.layers[layerType] = layerEntry{
+		setup:            layerSetup,
+		rawOptionsSchema: rawOptionsSchema,
+	}
+}
+
+func (r *Registry) GetLayerOptionsSchema(layerType store.LayerType) (*schema.Schema, error) {
+	layerEntry, exists := r.layers[layerType]
+	if !exists {
+		return nil, errors.WithStack(ErrNotFound)
+	}
+
+	schema, err := schema.Parse(layerEntry.rawOptionsSchema)
+	if err != nil {
+		return nil, errors.WithStack(err)
+	}
+
+	return schema, nil
+}
+
+func (r *Registry) GetLayers(ctx context.Context, conf *config.Config) ([]director.Layer, error) {
+	layers := make([]director.Layer, 0, len(r.layers))
+
+	for layerType, layerEntry := range r.layers {
+		layer, err := layerEntry.setup(conf)
+		if err != nil {
+			return nil, errors.Wrapf(err, "could not create layer '%s'", layerType)
+		}
+
+		layers = append(layers, layer)
+	}
+
+	return layers, nil
+}
+
+func (r *Registry) LayerTypeExists(layerType store.LayerType) bool {
+	_, exists := r.layers[layerType]
+
+	return exists
+}
+
+func (r *Registry) GetLayerTypes() []store.LayerType {
+	layerTypes := make([]store.LayerType, 0, len(r.layers))
+
+	for layerType := range r.layers {
+		layerTypes = append(layerTypes, layerType)
+	}
+
+	return layerTypes
+}
+
+func NewRegistry() *Registry {
+	return &Registry{
+		layers: make(map[store.LayerType]layerEntry),
+	}
+}