added file browser to auth verify, setting up from clients
Some checks failed
Build and Push Docker Image / Build image (push) Has been cancelled
Some checks failed
Build and Push Docker Image / Build image (push) Has been cancelled
This commit is contained in:
49
auth/auth.go
49
auth/auth.go
@@ -6,11 +6,11 @@ import (
|
||||
"fmt"
|
||||
"log"
|
||||
"net/http"
|
||||
"strings"
|
||||
"time"
|
||||
|
||||
"git.acooldomain.co/server-manager/backend/dbhandler"
|
||||
"git.acooldomain.co/server-manager/backend/factories"
|
||||
"git.acooldomain.co/server-manager/backend/instancemanager"
|
||||
"git.acooldomain.co/server-manager/backend/models"
|
||||
"github.com/gin-gonic/gin"
|
||||
"github.com/golang-jwt/jwt"
|
||||
@@ -19,6 +19,7 @@ import (
|
||||
type AuthApi struct {
|
||||
config models.GlobalConfig
|
||||
|
||||
instanceManager instancemanager.InstanceManager
|
||||
tokenHandler dbhandler.InviteTokenDbHandler
|
||||
userAuthDbHandler dbhandler.UserPassAuthanticationDbHandler
|
||||
serverAuthDbHandler dbhandler.ServersAuthorizationDbHandler
|
||||
@@ -169,31 +170,23 @@ func (con AuthApi) Verify(ctx *gin.Context) {
|
||||
|
||||
forwardedUri := ctx.Request.Header.Get("x-forwarded-uri")
|
||||
|
||||
pathSegments := strings.Split(forwardedUri, "/")
|
||||
fileBrowser, err := con.instanceManager.GetFileBrowserFromUrl(ctx, forwardedUri)
|
||||
if err != nil {
|
||||
ctx.AbortWithError(500, err)
|
||||
return
|
||||
}
|
||||
|
||||
serverId, service := pathSegments[2], pathSegments[1]
|
||||
|
||||
switch service {
|
||||
case "browsers":
|
||||
fmt.Printf("%#v %s", claims, serverId)
|
||||
serverPermissions, err := con.serverAuthDbHandler.GetPermissions(ctx, claims.Username, serverId)
|
||||
if err != nil {
|
||||
ctx.AbortWithError(500, err)
|
||||
return
|
||||
}
|
||||
if (claims.Permissions|serverPermissions)&models.Admin == models.Admin {
|
||||
ctx.Header("X-Auth-Username", claims.Username)
|
||||
log.Printf("Set header X-Username %s", claims.Username)
|
||||
ctx.Status(200)
|
||||
return
|
||||
}
|
||||
case "cloud":
|
||||
if claims.Permissions&models.Cloud == models.Cloud || claims.Permissions&models.Admin == models.Admin {
|
||||
log.Printf("Set header X-Username %s", claims.Username)
|
||||
ctx.Header("X-Auth-Username", claims.Username)
|
||||
ctx.Status(200)
|
||||
return
|
||||
}
|
||||
fmt.Printf("%#v %s", claims, fileBrowser.ServerId)
|
||||
serverPermissions, err := con.serverAuthDbHandler.GetPermissions(ctx, claims.Username, fileBrowser.ServerId)
|
||||
if err != nil {
|
||||
ctx.AbortWithError(500, err)
|
||||
return
|
||||
}
|
||||
if (claims.Permissions|serverPermissions)&models.Admin == models.Admin {
|
||||
ctx.Header("X-Auth-Username", claims.Username)
|
||||
log.Printf("Set header X-Username %s", claims.Username)
|
||||
ctx.Status(200)
|
||||
return
|
||||
}
|
||||
|
||||
ctx.Redirect(303, fmt.Sprintf("http://%s/login", con.config.Domain))
|
||||
@@ -210,6 +203,11 @@ func LoadGroup(group *gin.RouterGroup, config models.GlobalConfig) gin.HandlerFu
|
||||
panic(err)
|
||||
}
|
||||
|
||||
instanceManager, err := factories.GetInstanceManager(config.InstanceManager, config.Domain)
|
||||
if err != nil {
|
||||
panic(err)
|
||||
}
|
||||
|
||||
inviteHandler, err := factories.GetInviteTokenDbHandler(config.Authentication.UserPass.InviteTokenDatabase)
|
||||
if err != nil {
|
||||
panic(err)
|
||||
@@ -218,6 +216,7 @@ func LoadGroup(group *gin.RouterGroup, config models.GlobalConfig) gin.HandlerFu
|
||||
connection := AuthApi{
|
||||
userAuthDbHandler: userAuthHandler,
|
||||
serverAuthDbHandler: serverAuthDbHandler,
|
||||
instanceManager: instanceManager,
|
||||
tokenHandler: inviteHandler,
|
||||
config: config,
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user