diff --git a/auth/auth.go b/auth/auth.go index 01cf25b..f6c1d83 100644 --- a/auth/auth.go +++ b/auth/auth.go @@ -6,11 +6,11 @@ import ( "fmt" "log" "net/http" - "strings" "time" "git.acooldomain.co/server-manager/backend/dbhandler" "git.acooldomain.co/server-manager/backend/factories" + "git.acooldomain.co/server-manager/backend/instancemanager" "git.acooldomain.co/server-manager/backend/models" "github.com/gin-gonic/gin" "github.com/golang-jwt/jwt" @@ -19,6 +19,7 @@ import ( type AuthApi struct { config models.GlobalConfig + instanceManager instancemanager.InstanceManager tokenHandler dbhandler.InviteTokenDbHandler userAuthDbHandler dbhandler.UserPassAuthanticationDbHandler serverAuthDbHandler dbhandler.ServersAuthorizationDbHandler @@ -169,31 +170,23 @@ func (con AuthApi) Verify(ctx *gin.Context) { forwardedUri := ctx.Request.Header.Get("x-forwarded-uri") - pathSegments := strings.Split(forwardedUri, "/") + fileBrowser, err := con.instanceManager.GetFileBrowserFromUrl(ctx, forwardedUri) + if err != nil { + ctx.AbortWithError(500, err) + return + } - serverId, service := pathSegments[2], pathSegments[1] - - switch service { - case "browsers": - fmt.Printf("%#v %s", claims, serverId) - serverPermissions, err := con.serverAuthDbHandler.GetPermissions(ctx, claims.Username, serverId) - if err != nil { - ctx.AbortWithError(500, err) - return - } - if (claims.Permissions|serverPermissions)&models.Admin == models.Admin { - ctx.Header("X-Auth-Username", claims.Username) - log.Printf("Set header X-Username %s", claims.Username) - ctx.Status(200) - return - } - case "cloud": - if claims.Permissions&models.Cloud == models.Cloud || claims.Permissions&models.Admin == models.Admin { - log.Printf("Set header X-Username %s", claims.Username) - ctx.Header("X-Auth-Username", claims.Username) - ctx.Status(200) - return - } + fmt.Printf("%#v %s", claims, fileBrowser.ServerId) + serverPermissions, err := con.serverAuthDbHandler.GetPermissions(ctx, claims.Username, fileBrowser.ServerId) + if err != nil { + ctx.AbortWithError(500, err) + return + } + if (claims.Permissions|serverPermissions)&models.Admin == models.Admin { + ctx.Header("X-Auth-Username", claims.Username) + log.Printf("Set header X-Username %s", claims.Username) + ctx.Status(200) + return } ctx.Redirect(303, fmt.Sprintf("http://%s/login", con.config.Domain)) @@ -210,6 +203,11 @@ func LoadGroup(group *gin.RouterGroup, config models.GlobalConfig) gin.HandlerFu panic(err) } + instanceManager, err := factories.GetInstanceManager(config.InstanceManager, config.Domain) + if err != nil { + panic(err) + } + inviteHandler, err := factories.GetInviteTokenDbHandler(config.Authentication.UserPass.InviteTokenDatabase) if err != nil { panic(err) @@ -218,6 +216,7 @@ func LoadGroup(group *gin.RouterGroup, config models.GlobalConfig) gin.HandlerFu connection := AuthApi{ userAuthDbHandler: userAuthHandler, serverAuthDbHandler: serverAuthDbHandler, + instanceManager: instanceManager, tokenHandler: inviteHandler, config: config, } diff --git a/instancemanager/docker/instance_manager.go b/instancemanager/docker/instance_manager.go index 532cd9b..0e9709b 100644 --- a/instancemanager/docker/instance_manager.go +++ b/instancemanager/docker/instance_manager.go @@ -656,6 +656,10 @@ func (im *InstanceManager) StopFileBrowser(ctx context.Context, serverId string) return nil } +func (im *InstanceManager) GetFileBrowserFromUrl(ctx context.Context, url string) (*models.FileBrowser, error) { + return im.GetFileBrowser(ctx, strings.Split(url, "/")[1]) +} + func NewInstanceManager(config models.DockerInstanceManagerConfig, siteDomain string) (*InstanceManager, error) { apiClient, err := client.NewClientWithOpts(client.FromEnv, client.WithAPIVersionNegotiation()) if err != nil { diff --git a/instancemanager/instance_manager.go b/instancemanager/instance_manager.go index 6c7a513..5e8f852 100644 --- a/instancemanager/instance_manager.go +++ b/instancemanager/instance_manager.go @@ -59,6 +59,7 @@ type InstanceManager interface { // Read Only GetFileBrowser(ctx context.Context, serverId string) (*models.FileBrowser, error) + GetFileBrowserFromUrl(ctx context.Context, url string) (*models.FileBrowser, error) ListFileBrowsers(ctx context.Context) ([]models.FileBrowser, error) // Status Changing diff --git a/instancemanager/kubernetes/instance_manager.go b/instancemanager/kubernetes/instance_manager.go index f9b2813..9747d90 100644 --- a/instancemanager/kubernetes/instance_manager.go +++ b/instancemanager/kubernetes/instance_manager.go @@ -299,6 +299,18 @@ func (i *InstanceManager) GetFileBrowser(ctx context.Context, serverId string) ( return &models.FileBrowser{ServerId: serverManager.Name, Id: serverManager.Name, Url: serverManager.Status.Browser.Url}, nil } +func (i *InstanceManager) GetFileBrowserFromUrl(ctx context.Context, url string) (*models.FileBrowser, error) { + serverManager := &servermanagerv1.ServerManager{} + urlSegments := strings.Split(url, "/") + namespace, serverId := urlSegments[1], urlSegments[2] + err := i.client.Get(ctx, client.ObjectKey{Namespace: namespace, Name: serverId}, serverManager) + if err != nil { + return nil, err + } + + return &models.FileBrowser{ServerId: serverManager.Name, Id: serverManager.Name, Url: serverManager.Status.Browser.Url}, nil +} + func (i *InstanceManager) ListFileBrowsers(ctx context.Context) ([]models.FileBrowser, error) { serverManagers := &servermanagerv1.ServerManagerList{} err := i.client.List(ctx, serverManagers, &client.ListOptions{Namespace: i.Config.Namespace})