#7: Add support for verify auth before scan

2025-12-10 00:22:08 -06:00 · 2023-03-10 10:33:41 +05:30 · 2023-03-10 10:33:41 +05:30 · 430d002c3c
commit 430d002c3c
parent 115b7e4f0b
3 changed files with 34 additions and 18 deletions
--- a/auth.go
+++ b/auth.go
@ -49,8 +49,9 @@ func configureAuthCommand() *cobra.Command {
 			}

 			err = auth.Configure(auth.Config{
-				ApiUrl: authInsightApiBaseUrl,
-				ApiKey: string(key),
+				ApiUrl:             authInsightApiBaseUrl,
+				ApiKey:             string(key),
+				ControlPlaneApiUrl: authControlPlaneApiBaseUrl,
 			})

 			if err != nil {
--- a/internal/auth/auth.go
+++ b/internal/auth/auth.go
@ -21,8 +21,9 @@ const (
 )

 type Config struct {
-	ApiUrl string `yaml:"api_url"`
-	ApiKey string `yaml:"api_key"`
+	ApiUrl             string `yaml:"api_url"`
+	ApiKey             string `yaml:"api_key"`
+	ControlPlaneApiUrl string `yaml:"cp_api_url"`
 }

 // Global config to be used during runtime
@ -42,6 +43,10 @@ func DefaultApiUrl() string {
 }

 func DefaultControlPlaneApiUrl() string {
+	if (globalConfig != nil) && (globalConfig.ControlPlaneApiUrl != "") {
+		return globalConfig.ControlPlaneApiUrl
+	}
+
 	return defaultControlPlaneApiUrl
 }

--- a/scan.go
+++ b/scan.go
@ -5,6 +5,7 @@ import (
 	"os"

 	"github.com/safedep/dry/utils"
+	"github.com/safedep/vet/internal/auth"
 	"github.com/safedep/vet/internal/ui"
 	"github.com/safedep/vet/pkg/analyzer"
 	"github.com/safedep/vet/pkg/models"
@ -15,20 +16,21 @@ import (
 )

 var (
-	lockfiles            []string
-	lockfileAs           string
-	baseDirectory        string
-	transitiveAnalysis   bool
-	transitiveDepth      int
-	concurrency          int
-	dumpJsonManifestDir  string
-	celFilterExpression  string
-	celFilterSuiteFile   string
-	celFilterFailOnMatch bool
-	markdownReportPath   string
-	consoleReport        bool
-	summaryReport        bool
-	silentScan           bool
+	lockfiles                   []string
+	lockfileAs                  string
+	baseDirectory               string
+	transitiveAnalysis          bool
+	transitiveDepth             int
+	concurrency                 int
+	dumpJsonManifestDir         string
+	celFilterExpression         string
+	celFilterSuiteFile          string
+	celFilterFailOnMatch        bool
+	markdownReportPath          string
+	consoleReport               bool
+	summaryReport               bool
+	silentScan                  bool
+	disableAuthVerifyBeforeScan bool
 )

 func newScanCommand() *cobra.Command {
@ -68,6 +70,8 @@ func newScanCommand() *cobra.Command {
 		"Filter packages using CEL Filter Suite from file")
 	cmd.Flags().BoolVarP(&celFilterFailOnMatch, "filter-fail", "", false,
 		"Fail the scan if the filter match any package (security gate)")
+	cmd.Flags().BoolVarP(&disableAuthVerifyBeforeScan, "no-verify-auth", "", false,
+		"Do not verify auth token before starting scan")
 	cmd.Flags().StringVarP(&markdownReportPath, "report-markdown", "", "",
 		"Generate consolidated markdown report to file")
 	cmd.Flags().BoolVarP(&consoleReport, "report-console", "", false,
@ -97,6 +101,12 @@ func listParsersCommand() *cobra.Command {
 }

 func startScan() {
+	if !disableAuthVerifyBeforeScan {
+		failOnError("auth/verify", auth.Verify(&auth.VerifyConfig{
+			ControlPlaneApiUrl: auth.DefaultControlPlaneApiUrl(),
+		}))
+	}
+
 	failOnError("scan", internalStartScan())
 }