server-manager/backend
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

added cloud and verify

Browse Source
This commit is contained in:
ACoolName 2024-05-23 23:19:38 +03:00
parent 293d0f71ce
commit 6e1f50cac3
3 changed files with 74 additions and 47 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

71
auth/auth.go
View File

@ -5,6 +5,7 @@ import (
"encoding/json" "encoding/json"
"fmt" "fmt"
"net/http" "net/http"
"strings"
"time" "time"
"acooldomain.co/backend/models" "acooldomain.co/backend/models"
@ -20,7 +21,7 @@ var secret []byte
var method string var method string
type Connection struct { type Connection struct {
connection *mongo.Client databaseConnection *mongo.Client
} }
type TokenInfo struct { type TokenInfo struct {
@ -112,7 +113,7 @@ func (con Connection) signUp(c *gin.Context) {
var token InviteToken var token InviteToken
err = con.connection.Database("Backend").Collection("Tokens").FindOne( err = con.databaseConnection.Database("Backend").Collection("Tokens").FindOne(
context.TODO(), context.TODO(),
bson.D{{}}, bson.D{{}},
options.FindOne(), options.FindOne(),
@ -133,7 +134,7 @@ func (con Connection) signUp(c *gin.Context) {
return return
} }
_, err = con.connection.Database("Backend").Collection("Users").InsertOne(context.TODO(), &models.User{ _, err = con.databaseConnection.Database("Backend").Collection("Users").InsertOne(context.TODO(), &models.User{
Username: request.Username, Username: request.Username,
HashedPass: hashedPass, HashedPass: hashedPass,
Permissions: token.Permissions, Permissions: token.Permissions,
@ -164,7 +165,7 @@ func (con Connection) signIn(c *gin.Context) {
return return
} }
var userItem models.User var userItem models.User
err = con.connection.Database("Backend").Collection("Users").FindOne(context.TODO(), bson.D{{Key: "Username", Value: request.Username}}).Decode(&userItem) err = con.databaseConnection.Database("Backend").Collection("Users").FindOne(context.TODO(), bson.D{{Key: "Username", Value: request.Username}}).Decode(&userItem)
if err != nil { if err != nil {
c.AbortWithError(403, err) c.AbortWithError(403, err)
return return
@ -190,23 +191,77 @@ func (con Connection) signIn(c *gin.Context) {
c.IndentedJSON(http.StatusOK, signedToken) c.IndentedJSON(http.StatusOK, signedToken)
} }
func (con Connection) test(c *gin.Context) { func (con Connection) verify(c *gin.Context) {
claims, exists := c.Get("claims") claims, exists := c.Get("claims")
if !exists { if !exists {
fmt.Println("No Claims") fmt.Println("No Claims")
c.AbortWithStatus(403) c.AbortWithStatus(403)
return return
} }
c.IndentedJSON(http.StatusOK, claims)
forwarded_host := c.Request.Header.Get("x-forwarded-host")
domainSegments := strings.Split(forwarded_host, ".")
serverId, service := domainSegments[0], domainSegments[1]
c.AddParam("server_id", serverId)
if service == "browsers" {
if claims.(*AuthClaims).Permissions&models.Browse == models.Browse || claims.(*AuthClaims).Permissions&models.Admin == models.Admin || con.ServerAuthorized(models.Browse)(c) {
c.Header("X-Username", claims.(*AuthClaims).Username)
c.Status(200)
return
}
}
if service == "cloud" {
if claims.(*AuthClaims).Permissions&models.Cloud == models.Cloud || claims.(*AuthClaims).Permissions&models.Admin == models.Admin {
c.Header("X-Username", claims.(*AuthClaims).Username)
c.Status(200)
return
}
}
c.Redirect(303, "http://%s/login")
}
func (con Connection) ServerAuthorized(permissions models.Permission) func(*gin.Context) bool {
return func(ctx *gin.Context) bool {
claims, exists := ctx.Get("claims")
if !exists {
return false
}
server_id := ctx.Param("server_id")
if server_id == "" {
return false
}
var serverData models.ServerData
con.databaseConnection.Database("Backend").Collection("Servers").FindOne(context.TODO(), bson.D{{Key: "Id", Value: server_id}}).Decode(&serverData)
if serverData.OwnerId == claims.(*AuthClaims).Username {
return true
}
userPermissions := serverData.UserPermissions[claims.(*AuthClaims).Username]
if userPermissions&permissions == permissions || userPermissions&models.Admin == models.Admin {
return true
}
return false
}
} }
func LoadGroup(group *gin.RouterGroup, client *mongo.Client, config models.GlobalConfig) { func LoadGroup(group *gin.RouterGroup, client *mongo.Client, config models.GlobalConfig) {
connection := Connection{connection: client} connection := Connection{databaseConnection: client}
secret = []byte(config.Key) secret = []byte(config.Key)
method = config.Algorithm method = config.Algorithm
group.POST("/signin", connection.signIn) group.POST("/signin", connection.signIn)
group.POST("/signup", AuthorizedTo(models.Admin), connection.signUp) group.POST("/signup", AuthorizedTo(models.Admin), connection.signUp)
group.GET("/test", AuthorizedTo(models.Admin), connection.test) group.GET("/verify", AuthorizedTo(0), connection.verify)
} }

1
models/permissions.go
View File

@ -10,4 +10,5 @@ const (
Delete Delete
RunCommand RunCommand
Admin Admin
Cloud
) )

49
servers/servers.go
View File

@ -744,36 +744,6 @@ func (con Connection) BrowseServer(ctx *gin.Context) {
ctx.JSON(200, browserInfo.Url) ctx.JSON(200, browserInfo.Url)
} }
func (con Connection) serverAuthorized(permissions models.Permission) func(*gin.Context) bool {
return func(ctx *gin.Context) bool {
claims, exists := ctx.Get("claims")
if !exists {
return false
}
server_id := ctx.Param("server_id")
if server_id == "" {
return false
}
var serverData models.ServerData
con.databaseConnection.Database("Backend").Collection("Servers").FindOne(context.TODO(), bson.D{{Key: "Id", Value: server_id}}).Decode(&serverData)
if serverData.OwnerId == claims.(*auth.AuthClaims).Username {
return true
}
userPermissions := serverData.UserPermissions[claims.(*auth.AuthClaims).Username]
if userPermissions&permissions == permissions || userPermissions&models.Admin == models.Admin {
return true
}
return false
}
}
func (con Connection) GetServerUserPermissions(ctx *gin.Context) { func (con Connection) GetServerUserPermissions(ctx *gin.Context) {
claims, exists := ctx.Get("claims") claims, exists := ctx.Get("claims")
if !exists { if !exists {
@ -828,15 +798,16 @@ func LoadGroup(group *gin.RouterGroup, mongo_client *mongo.Client, config models
defer apiClient.Close() defer apiClient.Close()
connection := Connection{databaseConnection: mongo_client, dockerClient: apiClient} connection := Connection{databaseConnection: mongo_client, dockerClient: apiClient}
group.POST("/:server_id/start", auth.AuthorizedTo(models.Start, connection.serverAuthorized(models.Start)), connection.StartServer) authConnection := auth.Connection{databaseConnection: mongo_client, dockerClient: apiClient}
group.POST("/:server_id/start", auth.AuthorizedTo(models.Start, authConnection.serverAuthorized(models.Start)), connection.StartServer)
group.POST("/", auth.AuthorizedTo(models.Create), connection.CreateServer) group.POST("/", auth.AuthorizedTo(models.Create), connection.CreateServer)
group.GET("/", auth.AuthorizedTo(0), connection.GetServers) group.GET("/", auth.AuthorizedTo(0), connection.GetServers)
group.POST("/:server_id/stop", auth.AuthorizedTo(models.Stop, connection.serverAuthorized(models.Stop)), connection.StopServer) group.POST("/:server_id/stop", auth.AuthorizedTo(models.Stop, authConnection.serverAuthorized(models.Stop)), connection.StopServer)
group.DELETE("/:server_id", auth.AuthorizedTo(models.Delete, connection.serverAuthorized(models.Delete)), connection.DeleteServer) group.DELETE("/:server_id", auth.AuthorizedTo(models.Delete, authConnection.serverAuthorized(models.Delete)), connection.DeleteServer)
group.POST("/:server_id/run_command", auth.AuthorizedTo(models.RunCommand, connection.serverAuthorized(models.RunCommand)), connection.RunCommand) group.POST("/:server_id/run_command", auth.AuthorizedTo(models.RunCommand, authConnection.serverAuthorized(models.RunCommand)), connection.RunCommand)
group.GET("/:server_id/attach", auth.AuthorizedTo(models.RunCommand, connection.serverAuthorized(models.RunCommand)), connection.AttachServer) group.GET("/:server_id/attach", auth.AuthorizedTo(models.RunCommand, authConnection.serverAuthorized(models.RunCommand)), connection.AttachServer)
group.PATCH("/:server_id", auth.AuthorizedTo(models.Admin, connection.serverAuthorized(models.Admin)), connection.UpdateServer) group.PATCH("/:server_id", auth.AuthorizedTo(models.Admin, authConnection.serverAuthorized(models.Admin)), connection.UpdateServer)
group.POST("/:server_id/browse", auth.AuthorizedTo(models.Browse, connection.serverAuthorized(models.Admin)), connection.BrowseServer) group.POST("/:server_id/browse", auth.AuthorizedTo(models.Browse, authConnection.serverAuthorized(models.Admin)), connection.BrowseServer)
group.GET("/:server_id/permissions", auth.AuthorizedTo(models.Browse, connection.serverAuthorized(models.Admin)), connection.GetServerUserPermissions) group.GET("/:server_id/permissions", auth.AuthorizedTo(models.Browse, authConnection.serverAuthorized(models.Admin)), connection.GetServerUserPermissions)
group.POST("/:server_id/permissions", auth.AuthorizedTo(models.Browse, connection.serverAuthorized(models.Admin)), connection.SetServerUserPermissions) group.POST("/:server_id/permissions", auth.AuthorizedTo(models.Browse, authConnection.serverAuthorized(models.Admin)), connection.SetServerUserPermissions)
} }