added file browser to auth verify, setting up from clients
Some checks failed
Build and Push Docker Image / Build image (push) Has been cancelled
Some checks failed
Build and Push Docker Image / Build image (push) Has been cancelled
This commit is contained in:
parent
4ffaabd6e6
commit
ae12746ff2
49
auth/auth.go
49
auth/auth.go
@ -6,11 +6,11 @@ import (
|
||||
"fmt"
|
||||
"log"
|
||||
"net/http"
|
||||
"strings"
|
||||
"time"
|
||||
|
||||
"git.acooldomain.co/server-manager/backend/dbhandler"
|
||||
"git.acooldomain.co/server-manager/backend/factories"
|
||||
"git.acooldomain.co/server-manager/backend/instancemanager"
|
||||
"git.acooldomain.co/server-manager/backend/models"
|
||||
"github.com/gin-gonic/gin"
|
||||
"github.com/golang-jwt/jwt"
|
||||
@ -19,6 +19,7 @@ import (
|
||||
type AuthApi struct {
|
||||
config models.GlobalConfig
|
||||
|
||||
instanceManager instancemanager.InstanceManager
|
||||
tokenHandler dbhandler.InviteTokenDbHandler
|
||||
userAuthDbHandler dbhandler.UserPassAuthanticationDbHandler
|
||||
serverAuthDbHandler dbhandler.ServersAuthorizationDbHandler
|
||||
@ -169,31 +170,23 @@ func (con AuthApi) Verify(ctx *gin.Context) {
|
||||
|
||||
forwardedUri := ctx.Request.Header.Get("x-forwarded-uri")
|
||||
|
||||
pathSegments := strings.Split(forwardedUri, "/")
|
||||
fileBrowser, err := con.instanceManager.GetFileBrowserFromUrl(ctx, forwardedUri)
|
||||
if err != nil {
|
||||
ctx.AbortWithError(500, err)
|
||||
return
|
||||
}
|
||||
|
||||
serverId, service := pathSegments[2], pathSegments[1]
|
||||
|
||||
switch service {
|
||||
case "browsers":
|
||||
fmt.Printf("%#v %s", claims, serverId)
|
||||
serverPermissions, err := con.serverAuthDbHandler.GetPermissions(ctx, claims.Username, serverId)
|
||||
if err != nil {
|
||||
ctx.AbortWithError(500, err)
|
||||
return
|
||||
}
|
||||
if (claims.Permissions|serverPermissions)&models.Admin == models.Admin {
|
||||
ctx.Header("X-Auth-Username", claims.Username)
|
||||
log.Printf("Set header X-Username %s", claims.Username)
|
||||
ctx.Status(200)
|
||||
return
|
||||
}
|
||||
case "cloud":
|
||||
if claims.Permissions&models.Cloud == models.Cloud || claims.Permissions&models.Admin == models.Admin {
|
||||
log.Printf("Set header X-Username %s", claims.Username)
|
||||
ctx.Header("X-Auth-Username", claims.Username)
|
||||
ctx.Status(200)
|
||||
return
|
||||
}
|
||||
fmt.Printf("%#v %s", claims, fileBrowser.ServerId)
|
||||
serverPermissions, err := con.serverAuthDbHandler.GetPermissions(ctx, claims.Username, fileBrowser.ServerId)
|
||||
if err != nil {
|
||||
ctx.AbortWithError(500, err)
|
||||
return
|
||||
}
|
||||
if (claims.Permissions|serverPermissions)&models.Admin == models.Admin {
|
||||
ctx.Header("X-Auth-Username", claims.Username)
|
||||
log.Printf("Set header X-Username %s", claims.Username)
|
||||
ctx.Status(200)
|
||||
return
|
||||
}
|
||||
|
||||
ctx.Redirect(303, fmt.Sprintf("http://%s/login", con.config.Domain))
|
||||
@ -210,6 +203,11 @@ func LoadGroup(group *gin.RouterGroup, config models.GlobalConfig) gin.HandlerFu
|
||||
panic(err)
|
||||
}
|
||||
|
||||
instanceManager, err := factories.GetInstanceManager(config.InstanceManager, config.Domain)
|
||||
if err != nil {
|
||||
panic(err)
|
||||
}
|
||||
|
||||
inviteHandler, err := factories.GetInviteTokenDbHandler(config.Authentication.UserPass.InviteTokenDatabase)
|
||||
if err != nil {
|
||||
panic(err)
|
||||
@ -218,6 +216,7 @@ func LoadGroup(group *gin.RouterGroup, config models.GlobalConfig) gin.HandlerFu
|
||||
connection := AuthApi{
|
||||
userAuthDbHandler: userAuthHandler,
|
||||
serverAuthDbHandler: serverAuthDbHandler,
|
||||
instanceManager: instanceManager,
|
||||
tokenHandler: inviteHandler,
|
||||
config: config,
|
||||
}
|
||||
|
||||
@ -656,6 +656,10 @@ func (im *InstanceManager) StopFileBrowser(ctx context.Context, serverId string)
|
||||
return nil
|
||||
}
|
||||
|
||||
func (im *InstanceManager) GetFileBrowserFromUrl(ctx context.Context, url string) (*models.FileBrowser, error) {
|
||||
return im.GetFileBrowser(ctx, strings.Split(url, "/")[1])
|
||||
}
|
||||
|
||||
func NewInstanceManager(config models.DockerInstanceManagerConfig, siteDomain string) (*InstanceManager, error) {
|
||||
apiClient, err := client.NewClientWithOpts(client.FromEnv, client.WithAPIVersionNegotiation())
|
||||
if err != nil {
|
||||
|
||||
@ -59,6 +59,7 @@ type InstanceManager interface {
|
||||
|
||||
// Read Only
|
||||
GetFileBrowser(ctx context.Context, serverId string) (*models.FileBrowser, error)
|
||||
GetFileBrowserFromUrl(ctx context.Context, url string) (*models.FileBrowser, error)
|
||||
ListFileBrowsers(ctx context.Context) ([]models.FileBrowser, error)
|
||||
|
||||
// Status Changing
|
||||
|
||||
@ -299,6 +299,18 @@ func (i *InstanceManager) GetFileBrowser(ctx context.Context, serverId string) (
|
||||
return &models.FileBrowser{ServerId: serverManager.Name, Id: serverManager.Name, Url: serverManager.Status.Browser.Url}, nil
|
||||
}
|
||||
|
||||
func (i *InstanceManager) GetFileBrowserFromUrl(ctx context.Context, url string) (*models.FileBrowser, error) {
|
||||
serverManager := &servermanagerv1.ServerManager{}
|
||||
urlSegments := strings.Split(url, "/")
|
||||
namespace, serverId := urlSegments[1], urlSegments[2]
|
||||
err := i.client.Get(ctx, client.ObjectKey{Namespace: namespace, Name: serverId}, serverManager)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
return &models.FileBrowser{ServerId: serverManager.Name, Id: serverManager.Name, Url: serverManager.Status.Browser.Url}, nil
|
||||
}
|
||||
|
||||
func (i *InstanceManager) ListFileBrowsers(ctx context.Context) ([]models.FileBrowser, error) {
|
||||
serverManagers := &servermanagerv1.ServerManagerList{}
|
||||
err := i.client.List(ctx, serverManagers, &client.ListOptions{Namespace: i.Config.Namespace})
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user