[WIP]

2025-03-13 21:18:01 +02:00
parent 02adc8b545
commit fd957e32b9
28 changed files with 1064 additions and 457 deletions
--- a/db_handler/authentication_db_handler.go
+++ b/db_handler/authentication_db_handler.go
@@ -0,0 +1,109 @@
+package dbhandler
+
+import (
+	"context"
+	"crypto/rand"
+	"encoding/base64"
+	"fmt"
+	"log"
+
+	"git.acooldomain.co/server-manager/backend-kubernetes-go/models"
+	"github.com/coreos/go-oidc"
+	"golang.org/x/oauth2"
+)
+
+type LoginRequest struct {
+	Username string `json:"username"`
+	Password string `json:"password"`
+}
+
+type InviteUserRequest struct {
+	Email        string            `json:"email"`
+	InvitingUser string            `json:"inviting_user"`
+	Permissions  models.Permission `json:"permissions"`
+}
+
+type InviteToken struct {
+	Email       string            `json:"email"`
+	Permissions models.Permission `json:"permissions"`
+	Token       string            `json:"token"`
+}
+
+type UserSignupRequest struct {
+	Token    InviteToken `json:"token"`
+	Username string      `json:"username"`
+	Password string      `json:"password"`
+}
+
+type UserPassAuthanticationDbHandler interface {
+	AuthenticateUser(LoginRequest) (models.Permission, error)
+	InviteUser(InviteUserRequest) (InviteToken, error)
+	UserSignup(UserSignupRequest) error
+	RemoveUser(string) error
+	SetPermissions(string, models.Permission) error
+}
+
+type CallbackRequest struct {
+	Code string `json:"code"`
+}
+
+type OidcClaims struct {
+	Email       string
+	Profile     string
+	Permissions models.Permission
+}
+
+type OidcAuthenticationDbHandler struct {
+	provider     *oidc.Provider
+	oauth2Config *oauth2.Config
+}
+
+func GenerateOidcState() string {
+	b := make([]byte, 16)
+	_, err := rand.Read(b)
+	if err != nil {
+		log.Fatal(err)
+	}
+
+	return base64.URLEncoding.EncodeToString(b)
+}
+
+func (self *OidcAuthenticationDbHandler) AuthenticateUser(ctx context.Context, request CallbackRequest) (models.Permission, error) {
+	token, err := self.oauth2Config.Exchange(ctx, request.Code)
+	if err != nil {
+		return 0, err
+	}
+
+	verifier := self.provider.Verifier(&oidc.Config{ClientID: self.oauth2Config.ClientID})
+	idToken, ok := token.Extra("id_token").(string)
+
+	if !ok {
+		return 0, fmt.Errorf("Failed to convert id_token to string")
+	}
+
+	tokenObj, err := verifier.Verify(ctx, idToken)
+	var claims OidcClaims
+
+	if err := tokenObj.Claims(&claims); err != nil {
+		return 0, err
+	}
+
+	return claims.Permissions, nil
+}
+
+func NewOidcAuthenticationDbHamdler(config models.OidcAuthConfig) (*OidcAuthenticationDbHandler, error) {
+	provider, err := oidc.NewProvider(context.Background(), config.IssuerUrl)
+	if err != nil {
+		return nil, err
+	}
+
+	return &OidcAuthenticationDbHandler{
+		provider: provider,
+		oauth2Config: &oauth2.Config{
+			ClientID:     config.ClientId,
+			ClientSecret: config.ClientSecret,
+			Endpoint:     provider.Endpoint(),
+			Scopes:       []string{oidc.ScopeOpenID, "email", "name", "profile"},
+		},
+	}, nil
+}
--- a/db_handler/authorization_db_handler.go
+++ b/db_handler/authorization_db_handler.go
@@ -0,0 +1,12 @@
+package dbhandler
+
+import "git.acooldomain.co/server-manager/backend-kubernetes-go/models"
+
+type AuthorizationDbHandler interface {
+	AddPermissions(username string, server_id string, permissions models.Permission) error
+	RemovePermissions(username string, server_id string, permissions models.Permission) error
+	SetPermissions(username string, server_id string, permissions models.Permission) error
+	GetPermissions(username string, server_id string) (models.Permission, error)
+	RemoveUser(username string) error
+	RemoveServer(server_id string) error
+}
--- a/db_handler/db_handler.go
+++ b/db_handler/db_handler.go
@@ -1,21 +1 @@
 package dbhandler
-
-import (
-	"context"
-
-	"go.mongodb.org/mongo-driver/mongo"
-	"go.mongodb.org/mongo-driver/mongo/options"
-)
-
-func Connect(uri string) (*mongo.Client, error) {
-	serverAPI := options.ServerAPI(options.ServerAPIVersion1)
-	opts := options.Client().ApplyURI(uri).SetServerAPIOptions(serverAPI)
-
-	client, err := mongo.Connect(context.TODO(), opts)
-
-	if err != nil {
-		return nil, err
-	}
-
-	return client, nil
-}
--- a/db_handler/go.mod
+++ b/db_handler/go.mod
@@ -1,18 +1,3 @@
- module git.acooldomain.co/server-manager/backend-kubernetes-go/dbhandler
+module git.acooldomain.co/server-manager/backend-kubernetes-go/dbhandler

 go 1.22.0
-
-require go.mongodb.org/mongo-driver v1.14.0
-
-require (
-	github.com/golang/snappy v0.0.1 // indirect
-	github.com/klauspost/compress v1.13.6 // indirect
-	github.com/montanaflynn/stats v0.0.0-20171201202039-1bf9dbcd8cbe // indirect
-	github.com/xdg-go/pbkdf2 v1.0.0 // indirect
-	github.com/xdg-go/scram v1.1.2 // indirect
-	github.com/xdg-go/stringprep v1.0.4 // indirect
-	github.com/youmark/pkcs8 v0.0.0-20181117223130-1be2e3e5546d // indirect
-	golang.org/x/crypto v0.17.0 // indirect
-	golang.org/x/sync v0.1.0 // indirect
-	golang.org/x/text v0.14.0 // indirect
-)
--- a/db_handler/mongo/go.mod
+++ b/db_handler/mongo/go.mod
@@ -0,0 +1,19 @@
+module git.acooldomain.co/server-manager/backend-kubernetes-go/db_handler/mongo
+
+go 1.24.1
+
+require go.mongodb.org/mongo-driver v1.14.0
+
+require (
+	github.com/golang/snappy v0.0.1 // indirect
+	github.com/google/go-cmp v0.6.0 // indirect
+	github.com/klauspost/compress v1.13.6 // indirect
+	github.com/montanaflynn/stats v0.0.0-20171201202039-1bf9dbcd8cbe // indirect
+	github.com/xdg-go/pbkdf2 v1.0.0 // indirect
+	github.com/xdg-go/scram v1.1.2 // indirect
+	github.com/xdg-go/stringprep v1.0.4 // indirect
+	github.com/youmark/pkcs8 v0.0.0-20181117223130-1be2e3e5546d // indirect
+	golang.org/x/crypto v0.23.0 // indirect
+	golang.org/x/sync v0.1.0 // indirect
+	golang.org/x/text v0.15.0 // indirect
+)
--- a/db_handler/mongo/go.sum
+++ b/db_handler/mongo/go.sum
@@ -0,0 +1,13 @@
+github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
+github.com/golang/snappy v0.0.1 h1:Qgr9rKW7uDUkrbSmQeiDsGa8SjGyCOGtuasMWwvp2P4=
+github.com/google/go-cmp v0.6.0 h1:ofyhxvXcZhMsU5ulbFiLKl/XBFqE1GSq7atu8tAmTRI=
+github.com/klauspost/compress v1.13.6 h1:P76CopJELS0TiO2mebmnzgWaajssP/EszplttgQxcgc=
+github.com/montanaflynn/stats v0.0.0-20171201202039-1bf9dbcd8cbe h1:iruDEfMl2E6fbMZ9s0scYfZQ84/6SPL6zC8ACM2oIL0=
+github.com/xdg-go/pbkdf2 v1.0.0 h1:Su7DPu48wXMwC3bs7MCNG+z4FhcyEuz5dlvchbq0B0c=
+github.com/xdg-go/scram v1.1.2 h1:FHX5I5B4i4hKRVRBCFRxq1iQRej7WO3hhBuJf+UUySY=
+github.com/xdg-go/stringprep v1.0.4 h1:XLI/Ng3O1Atzq0oBs3TWm+5ZVgkq2aqdlvP9JtoZ6c8=
+github.com/youmark/pkcs8 v0.0.0-20181117223130-1be2e3e5546d h1:splanxYIlg+5LfHAM6xpdFEAYOk8iySO56hMFq6uLyA=
+go.mongodb.org/mongo-driver v1.14.0 h1:P98w8egYRjYe3XDjxhYJagTokP/H6HzlsnojRgZRd80=
+golang.org/x/crypto v0.23.0 h1:dIJU/v2J8Mdglj/8rJ6UUOM3Zc9zLZxVZwwxMooUSAI=
+golang.org/x/sync v0.1.0 h1:wsuoTGHzEhffawBOhz5CYhcrV4IdKZbEyZjBMuTp12o=
+golang.org/x/text v0.15.0 h1:h1V/4gjBv8v9cjcR6+AR5+/cIYK5N/WAgiv4xlsEtAk=
--- a/db_handler/mongo/mongo_authorization_db_handler.go
+++ b/db_handler/mongo/mongo_authorization_db_handler.go
@@ -0,0 +1,131 @@
+package mongo
+
+import (
+	"context"
+
+	"git.acooldomain.co/server-manager/backend-kubernetes-go/models"
+	"go.mongodb.org/mongo-driver/bson"
+	"go.mongodb.org/mongo-driver/mongo"
+	"go.mongodb.org/mongo-driver/mongo/options"
+)
+
+type ServerPermissions struct {
+	Username    string            `json:"username"`
+	ServerId    string            `json:"server_id"`
+	Permissions models.Permission `json:"permissions"`
+}
+
+type MongoDbAuthorizationHandler struct {
+	collection *mongo.Collection
+}
+
+func (self *MongoDbAuthorizationHandler) RemoveUser(username string) error {
+	_, err := self.collection.DeleteMany(
+		context.Background(),
+		bson.D{
+			{Key: "username", Value: username},
+		},
+	)
+
+	return err
+}
+
+func (self *MongoDbAuthorizationHandler) RemoveServer(server_id string) error {
+	_, err := self.collection.DeleteMany(
+		context.Background(),
+		bson.D{
+			{Key: "server_id", Value: server_id},
+		},
+	)
+
+	return err
+}
+
+func (self *MongoDbAuthorizationHandler) AddPermissions(username string, serverId string, permissions models.Permission) error {
+	var serverPermissions ServerPermissions
+	err := self.collection.FindOne(
+		context.Background(),
+		bson.D{
+			{Key: "username", Value: username},
+			{Key: "server_id", Value: serverId},
+		},
+	).Decode(&serverPermissions)
+
+	if err != nil {
+		return err
+	}
+
+	newPermissions := serverPermissions.Permissions | permissions
+
+	_, err = self.collection.UpdateOne(
+		context.Background(),
+		bson.D{
+			{Key: "username", Value: username},
+			{Key: "server_id", Value: serverId},
+		},
+		&ServerPermissions{
+			Username:    username,
+			ServerId:    serverId,
+			Permissions: newPermissions,
+		},
+	)
+
+	return err
+}
+
+func (self *MongoDbAuthorizationHandler) RemovePermissions(username string, server_id string, permissions models.Permission) error {
+	var serverPermissions ServerPermissions
+	err := self.collection.FindOne(
+		context.Background(),
+		bson.D{
+			{Key: "username", Value: username},
+			{Key: "server_id", Value: serverId},
+		},
+	).Decode(&serverPermissions)
+
+	if err != nil {
+		return err
+	}
+
+	newPermissions := serverPermissions.Permissions | permissions
+
+	_, err = self.collection.UpdateOne(
+		context.Background(),
+		bson.D{
+			{Key: "username", Value: username},
+			{Key: "server_id", Value: serverId},
+		},
+		&ServerPermissions{
+			Username:    username,
+			ServerId:    serverId,
+			Permissions: newPermissions,
+		},
+	)
+
+	return err
+}
+
+func (self *MongoDbAuthorizationHandler) SetPermissions(username string, server_id string, permissions models.Permission) error {
+	return nil
+}
+
+func (self *MongoDbAuthorizationHandler) GetPermissions(username string, server_id string) (models.Permission, error) {
+	return 0, nil
+}
+
+func NewMongoDbAuthorizationHandler(config models.MongoDBConfig) (*MongoDbAuthorizationHandler, error) {
+	clientOptions := options.Client().ApplyURI(config.Url).SetAuth(options.Credential{
+		Username: config.Username,
+		Password: config.Password,
+	})
+
+	client, err := mongo.Connect(context.TODO(), clientOptions)
+
+	if err != nil {
+		return nil, err
+	}
+
+	return &MongoDbAuthorizationHandler{
+		collection: client.Database(config.Database).Collection(config.Collection),
+	}, nil
+}
--- a/db_handler/mongo/mongo_users_db_handler.go
+++ b/db_handler/mongo/mongo_users_db_handler.go
@@ -0,0 +1,81 @@
+package mongo
+
+import (
+	"context"
+
+	"git.acooldomain.co/server-manager/backend-kubernetes-go/dbhandler"
+	"git.acooldomain.co/server-manager/backend-kubernetes-go/models"
+	"go.mongodb.org/mongo-driver/bson"
+	"go.mongodb.org/mongo-driver/mongo"
+	"go.mongodb.org/mongo-driver/mongo/options"
+)
+
+type MongoDbUserHandler struct {
+	con            *mongo.Client
+	collectionName string
+	databaseName   string
+}
+
+func (self *MongoDbUserHandler) GetUser(username string) (*dbhandler.User, error) {
+	users, err := self.con.Database(self.databaseName).Collection(self.collectionName).Find(context.TODO(), bson.D{bson.E{Key: "username", Value: username}})
+
+	if err != nil {
+		return nil, err
+	}
+
+	var user dbhandler.User
+	err = users.Decode(&user)
+
+	if err != nil {
+		return nil, err
+	}
+
+	return &user, nil
+}
+
+func (self *MongoDbUserHandler) ListUsers() ([]dbhandler.User, error) {
+	users, err := self.con.Database(self.databaseName).Collection(self.collectionName).Find(context.TODO(), bson.D{})
+
+	if err != nil {
+		return nil, err
+	}
+
+	var response []dbhandler.User
+	users.All(nil, &response)
+
+	return response, nil
+}
+
+func (self *MongoDbUserHandler) CreateUser(user dbhandler.User) error {
+
+	_, err := self.con.Database(self.databaseName).Collection(self.collectionName).InsertOne(context.TODO(), &dbhandler.User{
+		Username: user.Username,
+		Email:    user.Email,
+		Nickname: user.Nickname,
+	}, &options.InsertOneOptions{})
+
+	if err != nil {
+		return err
+	}
+
+	return nil
+}
+
+func NewMMongoDbUsersHandler(config models.MongoDBConfig) (*MongoDbUserHandler, error) {
+	clientOptions := options.Client().ApplyURI(config.Url).SetAuth(options.Credential{
+		Username: config.Username,
+		Password: config.Password,
+	})
+
+	client, err := mongo.Connect(context.TODO(), clientOptions)
+
+	if err != nil {
+		return nil, err
+	}
+
+	return &MongoDbUserHandler{
+		con:            client,
+		databaseName:   config.Database,
+		collectionName: config.Collection,
+	}, nil
+}
--- a/db_handler/mongo/utils.go
+++ b/db_handler/mongo/utils.go
@@ -0,0 +1,28 @@
+package mongo
+
+import (
+	"context"
+
+	"git.acooldomain.co/server-manager/backend-kubernetes-go/models"
+	"go.mongodb.org/mongo-driver/mongo"
+	"go.mongodb.org/mongo-driver/mongo/options"
+)
+
+func Connect(config *models.MongoDBConfig) (*mongo.Client, error) {
+	serverAPI := options.ServerAPI(options.ServerAPIVersion1)
+	opts := options.Client().ApplyURI(config.Url).SetServerAPIOptions(serverAPI)
+	opts.SetAuth(
+		options.Credential{
+			Username: config.Username,
+			Password: config.Password,
+		},
+	)
+
+	client, err := mongo.Connect(context.TODO(), opts)
+
+	if err != nil {
+		return nil, err
+	}
+
+	return client, nil
+}
--- a/db_handler/servers_db_handler.go
+++ b/db_handler/servers_db_handler.go
@@ -0,0 +1 @@
+package dbhandler
--- a/db_handler/users_db_handler.go
+++ b/db_handler/users_db_handler.go
@@ -0,0 +1,14 @@
+package dbhandler
+
+type User struct {
+	Username string `json:"username"`
+	Nickname string `json:"nickname"`
+	Email    string `json:"email"`
+}
+
+type UsersDBHandler interface {
+	GetUser(username string) (User, error)
+	ListUsers() ([]User, error)
+	CreateUser(User) error
+	DeleteUser(username string) error
+}