From 6e1f50cac333b834530cc902e8c60f10984fff1f Mon Sep 17 00:00:00 2001 From: ACoolName Date: Thu, 23 May 2024 23:19:38 +0300 Subject: [PATCH] added cloud and verify --- auth/auth.go | 71 ++++++++++++++++++++++++++++++++++++++----- models/permissions.go | 1 + servers/servers.go | 49 ++++++----------------------- 3 files changed, 74 insertions(+), 47 deletions(-) diff --git a/auth/auth.go b/auth/auth.go index 75186d1..669c8c5 100644 --- a/auth/auth.go +++ b/auth/auth.go @@ -5,6 +5,7 @@ import ( "encoding/json" "fmt" "net/http" + "strings" "time" "acooldomain.co/backend/models" @@ -20,7 +21,7 @@ var secret []byte var method string type Connection struct { - connection *mongo.Client + databaseConnection *mongo.Client } type TokenInfo struct { @@ -112,7 +113,7 @@ func (con Connection) signUp(c *gin.Context) { var token InviteToken - err = con.connection.Database("Backend").Collection("Tokens").FindOne( + err = con.databaseConnection.Database("Backend").Collection("Tokens").FindOne( context.TODO(), bson.D{{}}, options.FindOne(), @@ -133,7 +134,7 @@ func (con Connection) signUp(c *gin.Context) { return } - _, err = con.connection.Database("Backend").Collection("Users").InsertOne(context.TODO(), &models.User{ + _, err = con.databaseConnection.Database("Backend").Collection("Users").InsertOne(context.TODO(), &models.User{ Username: request.Username, HashedPass: hashedPass, Permissions: token.Permissions, @@ -164,7 +165,7 @@ func (con Connection) signIn(c *gin.Context) { return } var userItem models.User - err = con.connection.Database("Backend").Collection("Users").FindOne(context.TODO(), bson.D{{Key: "Username", Value: request.Username}}).Decode(&userItem) + err = con.databaseConnection.Database("Backend").Collection("Users").FindOne(context.TODO(), bson.D{{Key: "Username", Value: request.Username}}).Decode(&userItem) if err != nil { c.AbortWithError(403, err) return @@ -190,23 +191,77 @@ func (con Connection) signIn(c *gin.Context) { c.IndentedJSON(http.StatusOK, signedToken) } -func (con Connection) test(c *gin.Context) { +func (con Connection) verify(c *gin.Context) { claims, exists := c.Get("claims") if !exists { fmt.Println("No Claims") c.AbortWithStatus(403) return } - c.IndentedJSON(http.StatusOK, claims) + + forwarded_host := c.Request.Header.Get("x-forwarded-host") + domainSegments := strings.Split(forwarded_host, ".") + + serverId, service := domainSegments[0], domainSegments[1] + c.AddParam("server_id", serverId) + + if service == "browsers" { + if claims.(*AuthClaims).Permissions&models.Browse == models.Browse || claims.(*AuthClaims).Permissions&models.Admin == models.Admin || con.ServerAuthorized(models.Browse)(c) { + c.Header("X-Username", claims.(*AuthClaims).Username) + c.Status(200) + return + } + + } + + if service == "cloud" { + if claims.(*AuthClaims).Permissions&models.Cloud == models.Cloud || claims.(*AuthClaims).Permissions&models.Admin == models.Admin { + c.Header("X-Username", claims.(*AuthClaims).Username) + c.Status(200) + return + } + } + + c.Redirect(303, "http://%s/login") +} + +func (con Connection) ServerAuthorized(permissions models.Permission) func(*gin.Context) bool { + return func(ctx *gin.Context) bool { + claims, exists := ctx.Get("claims") + if !exists { + return false + } + + server_id := ctx.Param("server_id") + if server_id == "" { + return false + } + + var serverData models.ServerData + + con.databaseConnection.Database("Backend").Collection("Servers").FindOne(context.TODO(), bson.D{{Key: "Id", Value: server_id}}).Decode(&serverData) + + if serverData.OwnerId == claims.(*AuthClaims).Username { + return true + } + + userPermissions := serverData.UserPermissions[claims.(*AuthClaims).Username] + + if userPermissions&permissions == permissions || userPermissions&models.Admin == models.Admin { + return true + } + + return false + } } func LoadGroup(group *gin.RouterGroup, client *mongo.Client, config models.GlobalConfig) { - connection := Connection{connection: client} + connection := Connection{databaseConnection: client} secret = []byte(config.Key) method = config.Algorithm group.POST("/signin", connection.signIn) group.POST("/signup", AuthorizedTo(models.Admin), connection.signUp) - group.GET("/test", AuthorizedTo(models.Admin), connection.test) + group.GET("/verify", AuthorizedTo(0), connection.verify) } diff --git a/models/permissions.go b/models/permissions.go index 657863f..ac24ed2 100644 --- a/models/permissions.go +++ b/models/permissions.go @@ -10,4 +10,5 @@ const ( Delete RunCommand Admin + Cloud ) diff --git a/servers/servers.go b/servers/servers.go index 581a2fa..5e88f14 100644 --- a/servers/servers.go +++ b/servers/servers.go @@ -744,36 +744,6 @@ func (con Connection) BrowseServer(ctx *gin.Context) { ctx.JSON(200, browserInfo.Url) } -func (con Connection) serverAuthorized(permissions models.Permission) func(*gin.Context) bool { - return func(ctx *gin.Context) bool { - claims, exists := ctx.Get("claims") - if !exists { - return false - } - - server_id := ctx.Param("server_id") - if server_id == "" { - return false - } - - var serverData models.ServerData - - con.databaseConnection.Database("Backend").Collection("Servers").FindOne(context.TODO(), bson.D{{Key: "Id", Value: server_id}}).Decode(&serverData) - - if serverData.OwnerId == claims.(*auth.AuthClaims).Username { - return true - } - - userPermissions := serverData.UserPermissions[claims.(*auth.AuthClaims).Username] - - if userPermissions&permissions == permissions || userPermissions&models.Admin == models.Admin { - return true - } - - return false - } -} - func (con Connection) GetServerUserPermissions(ctx *gin.Context) { claims, exists := ctx.Get("claims") if !exists { @@ -828,15 +798,16 @@ func LoadGroup(group *gin.RouterGroup, mongo_client *mongo.Client, config models defer apiClient.Close() connection := Connection{databaseConnection: mongo_client, dockerClient: apiClient} - group.POST("/:server_id/start", auth.AuthorizedTo(models.Start, connection.serverAuthorized(models.Start)), connection.StartServer) + authConnection := auth.Connection{databaseConnection: mongo_client, dockerClient: apiClient} + group.POST("/:server_id/start", auth.AuthorizedTo(models.Start, authConnection.serverAuthorized(models.Start)), connection.StartServer) group.POST("/", auth.AuthorizedTo(models.Create), connection.CreateServer) group.GET("/", auth.AuthorizedTo(0), connection.GetServers) - group.POST("/:server_id/stop", auth.AuthorizedTo(models.Stop, connection.serverAuthorized(models.Stop)), connection.StopServer) - group.DELETE("/:server_id", auth.AuthorizedTo(models.Delete, connection.serverAuthorized(models.Delete)), connection.DeleteServer) - group.POST("/:server_id/run_command", auth.AuthorizedTo(models.RunCommand, connection.serverAuthorized(models.RunCommand)), connection.RunCommand) - group.GET("/:server_id/attach", auth.AuthorizedTo(models.RunCommand, connection.serverAuthorized(models.RunCommand)), connection.AttachServer) - group.PATCH("/:server_id", auth.AuthorizedTo(models.Admin, connection.serverAuthorized(models.Admin)), connection.UpdateServer) - group.POST("/:server_id/browse", auth.AuthorizedTo(models.Browse, connection.serverAuthorized(models.Admin)), connection.BrowseServer) - group.GET("/:server_id/permissions", auth.AuthorizedTo(models.Browse, connection.serverAuthorized(models.Admin)), connection.GetServerUserPermissions) - group.POST("/:server_id/permissions", auth.AuthorizedTo(models.Browse, connection.serverAuthorized(models.Admin)), connection.SetServerUserPermissions) + group.POST("/:server_id/stop", auth.AuthorizedTo(models.Stop, authConnection.serverAuthorized(models.Stop)), connection.StopServer) + group.DELETE("/:server_id", auth.AuthorizedTo(models.Delete, authConnection.serverAuthorized(models.Delete)), connection.DeleteServer) + group.POST("/:server_id/run_command", auth.AuthorizedTo(models.RunCommand, authConnection.serverAuthorized(models.RunCommand)), connection.RunCommand) + group.GET("/:server_id/attach", auth.AuthorizedTo(models.RunCommand, authConnection.serverAuthorized(models.RunCommand)), connection.AttachServer) + group.PATCH("/:server_id", auth.AuthorizedTo(models.Admin, authConnection.serverAuthorized(models.Admin)), connection.UpdateServer) + group.POST("/:server_id/browse", auth.AuthorizedTo(models.Browse, authConnection.serverAuthorized(models.Admin)), connection.BrowseServer) + group.GET("/:server_id/permissions", auth.AuthorizedTo(models.Browse, authConnection.serverAuthorized(models.Admin)), connection.GetServerUserPermissions) + group.POST("/:server_id/permissions", auth.AuthorizedTo(models.Browse, authConnection.serverAuthorized(models.Admin)), connection.SetServerUserPermissions) }