diff --git a/horusec-analytic/cmd/app/main.go b/horusec-analytic/cmd/app/main.go index e19b7d3c7..c120daca3 100644 --- a/horusec-analytic/cmd/app/main.go +++ b/horusec-analytic/cmd/app/main.go @@ -32,6 +32,10 @@ import ( // @contact.name Horusec // @contact.url https://github.com/ZupIT/horusec // @contact.email horusec@zup.com.br + +// @securityDefinitions.apikey ApiKeyAuth +// @in header +// @name Authorization func main() { postgresRead := adapter.NewRepositoryRead() diff --git a/horusec-analytic/docs/docs.go b/horusec-analytic/docs/docs.go index d08b50f35..45e8cd3f9 100644 --- a/horusec-analytic/docs/docs.go +++ b/horusec-analytic/docs/docs.go @@ -46,6 +46,11 @@ var doc = `{ "paths": { "/api/dashboard/companies/{companyID}/all-vulnerabilities": { "get": { + "security": [ + { + "ApiKeyAuth": [] + } + ], "description": "get total vulnerabilities by severity", "consumes": [ "application/json" @@ -93,6 +98,11 @@ var doc = `{ }, "/api/dashboard/companies/{companyID}/details": { "get": { + "security": [ + { + "ApiKeyAuth": [] + } + ], "description": "get vuln details", "consumes": [ "application/json" @@ -143,6 +153,11 @@ var doc = `{ }, "/api/dashboard/companies/{companyID}/repositories/{repositoryID}/all-vulnerabilities": { "get": { + "security": [ + { + "ApiKeyAuth": [] + } + ], "description": "get vuln by severity", "consumes": [ "application/json" @@ -197,6 +212,11 @@ var doc = `{ }, "/api/dashboard/companies/{companyID}/repositories/{repositoryID}/total-developers": { "get": { + "security": [ + { + "ApiKeyAuth": [] + } + ], "description": "get total developers", "consumes": [ "application/json" @@ -251,6 +271,11 @@ var doc = `{ }, "/api/dashboard/companies/{companyID}/repositories/{repositoryID}/total-repositories": { "get": { + "security": [ + { + "ApiKeyAuth": [] + } + ], "description": "get total repositories", "consumes": [ "application/json" @@ -305,6 +330,11 @@ var doc = `{ }, "/api/dashboard/companies/{companyID}/repositories/{repositoryID}/vulnerabilities-by-author": { "get": { + "security": [ + { + "ApiKeyAuth": [] + } + ], "description": "get vuln by developer", "consumes": [ "application/json" @@ -359,6 +389,11 @@ var doc = `{ }, "/api/dashboard/companies/{companyID}/repositories/{repositoryID}/vulnerabilities-by-language": { "get": { + "security": [ + { + "ApiKeyAuth": [] + } + ], "description": "get vuln by language", "consumes": [ "application/json" @@ -413,6 +448,11 @@ var doc = `{ }, "/api/dashboard/companies/{companyID}/repositories/{repositoryID}/vulnerabilities-by-repository": { "get": { + "security": [ + { + "ApiKeyAuth": [] + } + ], "description": "get vuln by repository", "consumes": [ "application/json" @@ -467,6 +507,11 @@ var doc = `{ }, "/api/dashboard/companies/{companyID}/repositories/{repositoryID}/vulnerabilities-by-time": { "get": { + "security": [ + { + "ApiKeyAuth": [] + } + ], "description": "get vuln by time", "consumes": [ "application/json" @@ -521,6 +566,11 @@ var doc = `{ }, "/api/dashboard/companies/{companyID}/total-developers": { "get": { + "security": [ + { + "ApiKeyAuth": [] + } + ], "description": "get total developers", "consumes": [ "application/json" @@ -568,6 +618,11 @@ var doc = `{ }, "/api/dashboard/companies/{companyID}/total-repositories": { "get": { + "security": [ + { + "ApiKeyAuth": [] + } + ], "description": "get total repositories", "consumes": [ "application/json" @@ -615,6 +670,11 @@ var doc = `{ }, "/api/dashboard/companies/{companyID}/vulnerabilities-by-author": { "get": { + "security": [ + { + "ApiKeyAuth": [] + } + ], "description": "get total vulnerabilities by author", "consumes": [ "application/json" @@ -662,6 +722,11 @@ var doc = `{ }, "/api/dashboard/companies/{companyID}/vulnerabilities-by-language": { "get": { + "security": [ + { + "ApiKeyAuth": [] + } + ], "description": "get total vulnerabilities by language", "consumes": [ "application/json" @@ -709,6 +774,11 @@ var doc = `{ }, "/api/dashboard/companies/{companyID}/vulnerabilities-by-repository": { "get": { + "security": [ + { + "ApiKeyAuth": [] + } + ], "description": "get total vulnerabilities by repository", "consumes": [ "application/json" @@ -756,6 +826,11 @@ var doc = `{ }, "/api/dashboard/companies/{companyID}/vulnerabilities-by-time": { "get": { + "security": [ + { + "ApiKeyAuth": [] + } + ], "description": "get total vulnerabilities by time", "consumes": [ "application/json" @@ -870,6 +945,13 @@ var doc = `{ } } } + }, + "securityDefinitions": { + "ApiKeyAuth": { + "type": "apiKey", + "name": "Authorization", + "in": "header" + } } }` diff --git a/horusec-analytic/docs/swagger.json b/horusec-analytic/docs/swagger.json index 4a9ae883f..fd5960792 100644 --- a/horusec-analytic/docs/swagger.json +++ b/horusec-analytic/docs/swagger.json @@ -14,6 +14,11 @@ "paths": { "/api/dashboard/companies/{companyID}/all-vulnerabilities": { "get": { + "security": [ + { + "ApiKeyAuth": [] + } + ], "description": "get total vulnerabilities by severity", "consumes": [ "application/json" @@ -61,6 +66,11 @@ }, "/api/dashboard/companies/{companyID}/details": { "get": { + "security": [ + { + "ApiKeyAuth": [] + } + ], "description": "get vuln details", "consumes": [ "application/json" @@ -111,6 +121,11 @@ }, "/api/dashboard/companies/{companyID}/repositories/{repositoryID}/all-vulnerabilities": { "get": { + "security": [ + { + "ApiKeyAuth": [] + } + ], "description": "get vuln by severity", "consumes": [ "application/json" @@ -165,6 +180,11 @@ }, "/api/dashboard/companies/{companyID}/repositories/{repositoryID}/total-developers": { "get": { + "security": [ + { + "ApiKeyAuth": [] + } + ], "description": "get total developers", "consumes": [ "application/json" @@ -219,6 +239,11 @@ }, "/api/dashboard/companies/{companyID}/repositories/{repositoryID}/total-repositories": { "get": { + "security": [ + { + "ApiKeyAuth": [] + } + ], "description": "get total repositories", "consumes": [ "application/json" @@ -273,6 +298,11 @@ }, "/api/dashboard/companies/{companyID}/repositories/{repositoryID}/vulnerabilities-by-author": { "get": { + "security": [ + { + "ApiKeyAuth": [] + } + ], "description": "get vuln by developer", "consumes": [ "application/json" @@ -327,6 +357,11 @@ }, "/api/dashboard/companies/{companyID}/repositories/{repositoryID}/vulnerabilities-by-language": { "get": { + "security": [ + { + "ApiKeyAuth": [] + } + ], "description": "get vuln by language", "consumes": [ "application/json" @@ -381,6 +416,11 @@ }, "/api/dashboard/companies/{companyID}/repositories/{repositoryID}/vulnerabilities-by-repository": { "get": { + "security": [ + { + "ApiKeyAuth": [] + } + ], "description": "get vuln by repository", "consumes": [ "application/json" @@ -435,6 +475,11 @@ }, "/api/dashboard/companies/{companyID}/repositories/{repositoryID}/vulnerabilities-by-time": { "get": { + "security": [ + { + "ApiKeyAuth": [] + } + ], "description": "get vuln by time", "consumes": [ "application/json" @@ -489,6 +534,11 @@ }, "/api/dashboard/companies/{companyID}/total-developers": { "get": { + "security": [ + { + "ApiKeyAuth": [] + } + ], "description": "get total developers", "consumes": [ "application/json" @@ -536,6 +586,11 @@ }, "/api/dashboard/companies/{companyID}/total-repositories": { "get": { + "security": [ + { + "ApiKeyAuth": [] + } + ], "description": "get total repositories", "consumes": [ "application/json" @@ -583,6 +638,11 @@ }, "/api/dashboard/companies/{companyID}/vulnerabilities-by-author": { "get": { + "security": [ + { + "ApiKeyAuth": [] + } + ], "description": "get total vulnerabilities by author", "consumes": [ "application/json" @@ -630,6 +690,11 @@ }, "/api/dashboard/companies/{companyID}/vulnerabilities-by-language": { "get": { + "security": [ + { + "ApiKeyAuth": [] + } + ], "description": "get total vulnerabilities by language", "consumes": [ "application/json" @@ -677,6 +742,11 @@ }, "/api/dashboard/companies/{companyID}/vulnerabilities-by-repository": { "get": { + "security": [ + { + "ApiKeyAuth": [] + } + ], "description": "get total vulnerabilities by repository", "consumes": [ "application/json" @@ -724,6 +794,11 @@ }, "/api/dashboard/companies/{companyID}/vulnerabilities-by-time": { "get": { + "security": [ + { + "ApiKeyAuth": [] + } + ], "description": "get total vulnerabilities by time", "consumes": [ "application/json" @@ -838,5 +913,12 @@ } } } + }, + "securityDefinitions": { + "ApiKeyAuth": { + "type": "apiKey", + "name": "Authorization", + "in": "header" + } } } \ No newline at end of file diff --git a/horusec-analytic/docs/swagger.yaml b/horusec-analytic/docs/swagger.yaml index 47bcf7fae..45768c031 100644 --- a/horusec-analytic/docs/swagger.yaml +++ b/horusec-analytic/docs/swagger.yaml @@ -47,6 +47,8 @@ paths: description: BAD REQUEST "500": description: INTERNAL SERVER ERROR + security: + - ApiKeyAuth: [] tags: - Dashboard Company /api/dashboard/companies/{companyID}/details: @@ -80,6 +82,8 @@ paths: description: OK "400": description: BAD REQUEST + security: + - ApiKeyAuth: [] tags: - Dashboard Company /api/dashboard/companies/{companyID}/repositories/{repositoryID}/all-vulnerabilities: @@ -116,6 +120,8 @@ paths: description: BAD REQUEST "500": description: INTERNAL SERVER ERROR + security: + - ApiKeyAuth: [] tags: - Dashboard Repository /api/dashboard/companies/{companyID}/repositories/{repositoryID}/total-developers: @@ -152,6 +158,8 @@ paths: description: BAD REQUEST "500": description: INTERNAL SERVER ERROR + security: + - ApiKeyAuth: [] tags: - Dashboard Repository /api/dashboard/companies/{companyID}/repositories/{repositoryID}/total-repositories: @@ -188,6 +196,8 @@ paths: description: BAD REQUEST "500": description: INTERNAL SERVER ERROR + security: + - ApiKeyAuth: [] tags: - Dashboard Repository /api/dashboard/companies/{companyID}/repositories/{repositoryID}/vulnerabilities-by-author: @@ -224,6 +234,8 @@ paths: description: BAD REQUEST "500": description: INTERNAL SERVER ERROR + security: + - ApiKeyAuth: [] tags: - Dashboard Repository /api/dashboard/companies/{companyID}/repositories/{repositoryID}/vulnerabilities-by-language: @@ -260,6 +272,8 @@ paths: description: BAD REQUEST "500": description: INTERNAL SERVER ERROR + security: + - ApiKeyAuth: [] tags: - Dashboard Repository /api/dashboard/companies/{companyID}/repositories/{repositoryID}/vulnerabilities-by-repository: @@ -296,6 +310,8 @@ paths: description: BAD REQUEST "500": description: INTERNAL SERVER ERROR + security: + - ApiKeyAuth: [] tags: - Dashboard Repository /api/dashboard/companies/{companyID}/repositories/{repositoryID}/vulnerabilities-by-time: @@ -332,6 +348,8 @@ paths: description: BAD REQUEST "500": description: INTERNAL SERVER ERROR + security: + - ApiKeyAuth: [] tags: - Dashboard Repository /api/dashboard/companies/{companyID}/total-developers: @@ -363,6 +381,8 @@ paths: description: BAD REQUEST "500": description: INTERNAL SERVER ERROR + security: + - ApiKeyAuth: [] tags: - Dashboard Company /api/dashboard/companies/{companyID}/total-repositories: @@ -394,6 +414,8 @@ paths: description: BAD REQUEST "500": description: INTERNAL SERVER ERROR + security: + - ApiKeyAuth: [] tags: - Dashboard Company /api/dashboard/companies/{companyID}/vulnerabilities-by-author: @@ -425,6 +447,8 @@ paths: description: BAD REQUEST "500": description: INTERNAL SERVER ERROR + security: + - ApiKeyAuth: [] tags: - Dashboard Company /api/dashboard/companies/{companyID}/vulnerabilities-by-language: @@ -456,6 +480,8 @@ paths: description: BAD REQUEST "500": description: INTERNAL SERVER ERROR + security: + - ApiKeyAuth: [] tags: - Dashboard Company /api/dashboard/companies/{companyID}/vulnerabilities-by-repository: @@ -487,6 +513,8 @@ paths: description: BAD REQUEST "500": description: INTERNAL SERVER ERROR + security: + - ApiKeyAuth: [] tags: - Dashboard Company /api/dashboard/companies/{companyID}/vulnerabilities-by-time: @@ -518,6 +546,8 @@ paths: description: BAD REQUEST "500": description: INTERNAL SERVER ERROR + security: + - ApiKeyAuth: [] tags: - Dashboard Company /api/health: @@ -549,4 +579,9 @@ paths: type: object tags: - Health +securityDefinitions: + ApiKeyAuth: + in: header + name: Authorization + type: apiKey swagger: "2.0" diff --git a/horusec-analytic/internal/handlers/dashboard/dashboard.go b/horusec-analytic/internal/handlers/dashboard/dashboard.go index c18ce3882..6ab6bbb09 100644 --- a/horusec-analytic/internal/handlers/dashboard/dashboard.go +++ b/horusec-analytic/internal/handlers/dashboard/dashboard.go @@ -57,6 +57,7 @@ func (h *Handler) Options(w netHTTP.ResponseWriter, r *netHTTP.Request) { // @Success 200 "OK" // @Failure 400 "BAD REQUEST" // @Router /api/dashboard/companies/{companyID}/details [get] +// @Security ApiKeyAuth func (h *Handler) GetVulnDetails(w netHTTP.ResponseWriter, r *netHTTP.Request) { query := r.URL.Query().Get("query") if query == "" { @@ -85,6 +86,7 @@ func (h *Handler) GetVulnDetails(w netHTTP.ResponseWriter, r *netHTTP.Request) { // @Failure 400 "BAD REQUEST" // @Failure 500 "INTERNAL SERVER ERROR" // @Router /api/dashboard/companies/{companyID}/total-developers [get] +// @Security ApiKeyAuth func (h *Handler) GetCompanyTotalDevelopers(w netHTTP.ResponseWriter, r *netHTTP.Request) { companyID, _ := uuid.Parse(chi.URLParam(r, "companyID")) initialDate, finalDate, err := getDateRangeFromRequestQuery(r) @@ -114,6 +116,7 @@ func (h *Handler) GetCompanyTotalDevelopers(w netHTTP.ResponseWriter, r *netHTTP // @Failure 400 "BAD REQUEST" // @Failure 500 "INTERNAL SERVER ERROR" // @Router /api/dashboard/companies/{companyID}/total-repositories [get] +// @Security ApiKeyAuth func (h *Handler) GetCompanyTotalRepositories(w netHTTP.ResponseWriter, r *netHTTP.Request) { companyID, _ := uuid.Parse(chi.URLParam(r, "companyID")) initialDate, finalDate, err := getDateRangeFromRequestQuery(r) @@ -143,6 +146,7 @@ func (h *Handler) GetCompanyTotalRepositories(w netHTTP.ResponseWriter, r *netHT // @Failure 400 "BAD REQUEST" // @Failure 500 "INTERNAL SERVER ERROR" // @Router /api/dashboard/companies/{companyID}/vulnerabilities-by-author [get] +// @Security ApiKeyAuth func (h *Handler) GetCompanyVulnByDeveloper(w netHTTP.ResponseWriter, r *netHTTP.Request) { companyID, _ := uuid.Parse(chi.URLParam(r, "companyID")) initialDate, finalDate, err := getDateRangeFromRequestQuery(r) @@ -172,6 +176,7 @@ func (h *Handler) GetCompanyVulnByDeveloper(w netHTTP.ResponseWriter, r *netHTTP // @Failure 400 "BAD REQUEST" // @Failure 500 "INTERNAL SERVER ERROR" // @Router /api/dashboard/companies/{companyID}/vulnerabilities-by-language [get] +// @Security ApiKeyAuth func (h *Handler) GetCompanyVulnByLanguage(w netHTTP.ResponseWriter, r *netHTTP.Request) { companyID, _ := uuid.Parse(chi.URLParam(r, "companyID")) initialDate, finalDate, err := getDateRangeFromRequestQuery(r) @@ -201,6 +206,7 @@ func (h *Handler) GetCompanyVulnByLanguage(w netHTTP.ResponseWriter, r *netHTTP. // @Failure 400 "BAD REQUEST" // @Failure 500 "INTERNAL SERVER ERROR" // @Router /api/dashboard/companies/{companyID}/vulnerabilities-by-repository [get] +// @Security ApiKeyAuth func (h *Handler) GetCompanyVulnByRepository(w netHTTP.ResponseWriter, r *netHTTP.Request) { companyID, _ := uuid.Parse(chi.URLParam(r, "companyID")) initialDate, finalDate, err := getDateRangeFromRequestQuery(r) @@ -230,6 +236,7 @@ func (h *Handler) GetCompanyVulnByRepository(w netHTTP.ResponseWriter, r *netHTT // @Failure 400 "BAD REQUEST" // @Failure 500 "INTERNAL SERVER ERROR" // @Router /api/dashboard/companies/{companyID}/vulnerabilities-by-time [get] +// @Security ApiKeyAuth func (h *Handler) GetCompanyVulnByTime(w netHTTP.ResponseWriter, r *netHTTP.Request) { companyID, _ := uuid.Parse(chi.URLParam(r, "companyID")) initialDate, finalDate, err := getDateRangeFromRequestQuery(r) @@ -259,6 +266,7 @@ func (h *Handler) GetCompanyVulnByTime(w netHTTP.ResponseWriter, r *netHTTP.Requ // @Failure 400 "BAD REQUEST" // @Failure 500 "INTERNAL SERVER ERROR" // @Router /api/dashboard/companies/{companyID}/all-vulnerabilities [get] +// @Security ApiKeyAuth func (h *Handler) GetCompanyVulnBySeverity(w netHTTP.ResponseWriter, r *netHTTP.Request) { companyID, _ := uuid.Parse(chi.URLParam(r, "companyID")) initialDate, finalDate, err := getDateRangeFromRequestQuery(r) @@ -289,6 +297,7 @@ func (h *Handler) GetCompanyVulnBySeverity(w netHTTP.ResponseWriter, r *netHTTP. // @Failure 400 "BAD REQUEST" // @Failure 500 "INTERNAL SERVER ERROR" // @Router /api/dashboard/companies/{companyID}/repositories/{repositoryID}/total-developers [get] +// @Security ApiKeyAuth func (h *Handler) GetRepositoryTotalDevelopers(w netHTTP.ResponseWriter, r *netHTTP.Request) { repositoryID, _ := uuid.Parse(chi.URLParam(r, "repositoryID")) initialDate, finalDate, err := getDateRangeFromRequestQuery(r) @@ -319,6 +328,7 @@ func (h *Handler) GetRepositoryTotalDevelopers(w netHTTP.ResponseWriter, r *netH // @Failure 400 "BAD REQUEST" // @Failure 500 "INTERNAL SERVER ERROR" // @Router /api/dashboard/companies/{companyID}/repositories/{repositoryID}/total-repositories [get] +// @Security ApiKeyAuth func (h *Handler) GetRepositoryTotalRepositories(w netHTTP.ResponseWriter, r *netHTTP.Request) { repositoryID, _ := uuid.Parse(chi.URLParam(r, "repositoryID")) initialDate, finalDate, err := getDateRangeFromRequestQuery(r) @@ -349,6 +359,7 @@ func (h *Handler) GetRepositoryTotalRepositories(w netHTTP.ResponseWriter, r *ne // @Failure 400 "BAD REQUEST" // @Failure 500 "INTERNAL SERVER ERROR" // @Router /api/dashboard/companies/{companyID}/repositories/{repositoryID}/vulnerabilities-by-author [get] +// @Security ApiKeyAuth func (h *Handler) GetRepositoryVulnByDeveloper(w netHTTP.ResponseWriter, r *netHTTP.Request) { repositoryID, _ := uuid.Parse(chi.URLParam(r, "repositoryID")) initialDate, finalDate, err := getDateRangeFromRequestQuery(r) @@ -379,6 +390,7 @@ func (h *Handler) GetRepositoryVulnByDeveloper(w netHTTP.ResponseWriter, r *netH // @Failure 400 "BAD REQUEST" // @Failure 500 "INTERNAL SERVER ERROR" // @Router /api/dashboard/companies/{companyID}/repositories/{repositoryID}/vulnerabilities-by-language [get] +// @Security ApiKeyAuth func (h *Handler) GetRepositoryVulnByLanguage(w netHTTP.ResponseWriter, r *netHTTP.Request) { repositoryID, _ := uuid.Parse(chi.URLParam(r, "repositoryID")) initialDate, finalDate, err := getDateRangeFromRequestQuery(r) @@ -409,6 +421,7 @@ func (h *Handler) GetRepositoryVulnByLanguage(w netHTTP.ResponseWriter, r *netHT // @Failure 400 "BAD REQUEST" // @Failure 500 "INTERNAL SERVER ERROR" // @Router /api/dashboard/companies/{companyID}/repositories/{repositoryID}/vulnerabilities-by-repository [get] +// @Security ApiKeyAuth func (h *Handler) GetRepositoryVulnByRepository(w netHTTP.ResponseWriter, r *netHTTP.Request) { repositoryID, _ := uuid.Parse(chi.URLParam(r, "repositoryID")) initialDate, finalDate, err := getDateRangeFromRequestQuery(r) @@ -439,6 +452,7 @@ func (h *Handler) GetRepositoryVulnByRepository(w netHTTP.ResponseWriter, r *net // @Failure 400 "BAD REQUEST" // @Failure 500 "INTERNAL SERVER ERROR" // @Router /api/dashboard/companies/{companyID}/repositories/{repositoryID}/vulnerabilities-by-time [get] +// @Security ApiKeyAuth func (h *Handler) GetRepositoryVulnByTime(w netHTTP.ResponseWriter, r *netHTTP.Request) { repositoryID, _ := uuid.Parse(chi.URLParam(r, "repositoryID")) initialDate, finalDate, err := getDateRangeFromRequestQuery(r) @@ -469,6 +483,7 @@ func (h *Handler) GetRepositoryVulnByTime(w netHTTP.ResponseWriter, r *netHTTP.R // @Failure 400 "BAD REQUEST" // @Failure 500 "INTERNAL SERVER ERROR" // @Router /api/dashboard/companies/{companyID}/repositories/{repositoryID}/all-vulnerabilities [get] +// @Security ApiKeyAuth func (h *Handler) GetRepositoryVulnBySeverity(w netHTTP.ResponseWriter, r *netHTTP.Request) { repositoryID, _ := uuid.Parse(chi.URLParam(r, "repositoryID")) initialDate, finalDate, err := getDateRangeFromRequestQuery(r) diff --git a/horusec-analytic/internal/router/router.go b/horusec-analytic/internal/router/router.go index 6f9eef6e6..eaa231119 100644 --- a/horusec-analytic/internal/router/router.go +++ b/horusec-analytic/internal/router/router.go @@ -46,7 +46,6 @@ func (r *Router) setMiddleware() { r.EnableTimeout() r.EnableCompress() r.EnableRequestID() - r.EnableJWTAuth() r.EnableCORS() r.RouterMetrics() } @@ -89,11 +88,6 @@ func (r *Router) EnableRequestID() *Router { return r } -func (r *Router) EnableJWTAuth() *Router { - r.router.Use(jwt.AuthMiddleware) - return r -} - func (r *Router) EnableCORS() *Router { r.router.Use(r.config.Cors) return r @@ -119,6 +113,7 @@ func (r *Router) RouterCompanyAnalytic(postgresRead relational.InterfaceRead) *R handler := dashboard.NewDashboardHandler(postgresRead) authz := middlewares.NewCompanyAuthzMiddleware(postgresRead, nil) r.router.Route(routes.CompanyHandler, func(router chi.Router) { + router.Use(jwt.AuthMiddleware) router.With(authz.IsCompanyMember).Get("/{companyID}/details", handler.GetVulnDetails) router.With(authz.IsCompanyMember).Get("/{companyID}/total-developers", handler.GetCompanyTotalDevelopers) router.With(authz.IsCompanyMember).Get("/{companyID}/total-repositories", handler.GetCompanyTotalRepositories) @@ -139,6 +134,7 @@ func (r *Router) RouterRepositoryAnalytic(postgresRead relational.InterfaceRead) handler := dashboard.NewDashboardHandler(postgresRead) authz := middlewares.NewRepositoryAuthzMiddleware(postgresRead, nil) r.router.Route(routes.RepositoryHandler, func(router chi.Router) { + router.Use(jwt.AuthMiddleware) router.With(authz.IsRepositoryMember).Get("/{repositoryID}/details", handler.GetVulnDetails) router.With(authz.IsRepositoryMember).Get("/{repositoryID}/total-developers", handler.GetRepositoryTotalDevelopers) router.With(authz.IsRepositoryMember).Get(