AuthN: Rebuild Authenticate so we only have to call it once in context handler (#61705)

* API: Add reqSignedIn to router groups

* AuthN: Add fall through in context handler

* AuthN: Add IsAnonymous field

* AuthN: add priority to context aware clients

* ContextHandler: Add comment

* AuthN: Add a simple priority queue

* AuthN: Add Name to client interface

* AuthN: register clients with function

* AuthN: update mock and fake to implement interface

* AuthN: rewrite test without reflection

* AuthN: add comment

* AuthN: fix queue insert

* AuthN: rewrite tests

* AuthN: make the queue generic so we can reuse it for hooks

* ContextHandler: Add fixme for auth headers

* AuthN: remove unused variable

* AuthN: use multierror

* AuthN: write proper tests for queue

* AuthN: Add queue item that can store the value and priority

Co-authored-by: Jo <joao.guerreiro@grafana.com>

pkg/services/authn/clients/proxy.go

@@ -29,7 +29,7 @@ var (
 	errInvalidProxyHeader = errutil.NewBase(errutil.StatusInternal, "auth-proxy.invalid-proxy-header")
 )
 
-var _ authn.Client = new(Proxy)
+var _ authn.ContextAwareClient = new(Proxy)
 
 func ProvideProxy(cfg *setting.Cfg, clients ...authn.ProxyClient) (*Proxy, error) {
 	list, err := parseAcceptList(cfg.AuthProxyWhitelist)
@@ -45,6 +45,10 @@ type Proxy struct {
 	acceptedIPs []*net.IPNet
 }
 
+func (c *Proxy) Name() string {
+	return authn.ClientProxy
+}
+
 func (c *Proxy) Authenticate(ctx context.Context, r *authn.Request) (*authn.Identity, error) {
 	if !c.isAllowedIP(r) {
 		return nil, errNotAcceptedIP.Errorf("request ip is not in the configured accept list")
@@ -75,6 +79,10 @@ func (c *Proxy) Test(ctx context.Context, r *authn.Request) bool {
 	return len(getProxyHeader(r, c.cfg.AuthProxyHeaderName, c.cfg.AuthProxyHeadersEncoded)) != 0
 }
 
+func (c *Proxy) Priority() uint {
+	return 50
+}
+
 func (c *Proxy) isAllowedIP(r *authn.Request) bool {
 	if len(c.acceptedIPs) == 0 {
 		return true