fixed

auth/auth.go

@@ -6,11 +6,11 @@ import (
 	"fmt"
 	"log"
 	"net/http"
-	"strings"
 	"time"
 
 	"git.acooldomain.co/server-manager/backend/dbhandler"
 	"git.acooldomain.co/server-manager/backend/factories"
+	"git.acooldomain.co/server-manager/backend/instancemanager"
 	"git.acooldomain.co/server-manager/backend/models"
 	"github.com/gin-gonic/gin"
 	"github.com/golang-jwt/jwt"
@@ -19,6 +19,7 @@ import (
 type AuthApi struct {
 	config models.GlobalConfig
 
+	instanceManager     instancemanager.InstanceManager
 	tokenHandler        dbhandler.InviteTokenDbHandler
 	userAuthDbHandler   dbhandler.UserPassAuthanticationDbHandler
 	serverAuthDbHandler dbhandler.ServersAuthorizationDbHandler
@@ -84,13 +85,13 @@ func (con *AuthApi) LoggedIn(ctx *gin.Context) {
 }
 
 type SignUpRequest struct {
-	Token    string
+	Username string `json:"username"`
-	Username string
+	Password string `json:"password"`
-	Password string
 }
 
 func (con AuthApi) signUp(ctx *gin.Context) {
 	var request SignUpRequest
+	rawToken := ctx.Query("token")
 
 	err := json.NewDecoder(ctx.Request.Body).Decode(&request)
 	if err != nil {
@@ -98,7 +99,7 @@ func (con AuthApi) signUp(ctx *gin.Context) {
 		return
 	}
 
-	token, err := con.tokenHandler.GetInviteToken(ctx, request.Token)
+	token, err := con.tokenHandler.GetInviteToken(ctx, rawToken)
 	if err != nil {
 		ctx.AbortWithError(500, err)
 		return
@@ -110,7 +111,6 @@ func (con AuthApi) signUp(ctx *gin.Context) {
 	}
 
 	err = con.userAuthDbHandler.CreateUser(ctx, request.Username, request.Password, token.Permissions, token.Email, con.config.Users.DefaultMaxOwnedServers)
-
 	if err != nil {
 		ctx.AbortWithError(500, err)
 		return
@@ -120,15 +120,13 @@ func (con AuthApi) signUp(ctx *gin.Context) {
 }
 
 type SignInRequest struct {
-	Username string
+	Username string `json:"username"`
-	Password string
+	Password string `json:"password"`
 }
 
 func (con AuthApi) signIn(ctx *gin.Context) {
-
 	var request SignInRequest
 	err := json.NewDecoder(ctx.Request.Body).Decode(&request)
-
 	if err != nil {
 		ctx.AbortWithError(500, err)
 		return
@@ -159,44 +157,36 @@ func (con AuthApi) Verify(ctx *gin.Context) {
 	claimsPointer, exists := ctx.Get("claims")
 	if !exists {
 		ctx.Status(403)
-		ctx.Error(errors.New("Failed to get claims, not logged in"))
+		ctx.Error(errors.New("failed to get claims, not logged in"))
 		return
 	}
 
 	claims, ok := claimsPointer.(*AuthClaims)
 	if !ok {
-		ctx.Error(errors.New("Failed to convert claims"))
+		ctx.Error(errors.New("failed to convert claims"))
 		ctx.Status(500)
 		return
 	}
 
 	forwardedUri := ctx.Request.Header.Get("x-forwarded-uri")
 
-	pathSegments := strings.Split(forwardedUri, "/")
+	fileBrowser, err := con.instanceManager.GetFileBrowserFromUrl(ctx, forwardedUri)
+	if err != nil {
+		ctx.AbortWithError(500, err)
+		return
+	}
 
-	serverId, service := pathSegments[2], pathSegments[1]
+	fmt.Printf("%#v %s", claims, fileBrowser.ServerId)
-
+	serverPermissions, err := con.serverAuthDbHandler.GetPermissions(ctx, claims.Username, fileBrowser.ServerId)
-	switch service {
+	if err != nil {
-	case "browsers":
+		ctx.AbortWithError(500, err)
-		fmt.Printf("%#v %s", claims, serverId)
+		return
-		serverPermissions, err := con.serverAuthDbHandler.GetPermissions(ctx, claims.Username, serverId)
+	}
-		if err != nil {
+	if (claims.Permissions|serverPermissions)&models.Admin == models.Admin {
-			ctx.AbortWithError(500, err)
+		ctx.Header("X-Auth-Username", claims.Username)
-			return
+		log.Printf("Set header X-Username %s", claims.Username)
-		}
+		ctx.Status(200)
-		if (claims.Permissions|serverPermissions)&models.Admin == models.Admin {
+		return
-			ctx.Header("X-Auth-Username", claims.Username)
-			log.Printf("Set header X-Username %s", claims.Username)
-			ctx.Status(200)
-			return
-		}
-	case "cloud":
-		if claims.Permissions&models.Cloud == models.Cloud || claims.Permissions&models.Admin == models.Admin {
-			log.Printf("Set header X-Username %s", claims.Username)
-			ctx.Header("X-Auth-Username", claims.Username)
-			ctx.Status(200)
-			return
-		}
 	}
 
 	ctx.Redirect(303, fmt.Sprintf("http://%s/login", con.config.Domain))
@@ -213,6 +203,11 @@ func LoadGroup(group *gin.RouterGroup, config models.GlobalConfig) gin.HandlerFu
 		panic(err)
 	}
 
+	instanceManager, err := factories.GetInstanceManager(config.InstanceManager, config.Domain)
+	if err != nil {
+		panic(err)
+	}
+
 	inviteHandler, err := factories.GetInviteTokenDbHandler(config.Authentication.UserPass.InviteTokenDatabase)
 	if err != nil {
 		panic(err)
@@ -221,6 +216,7 @@ func LoadGroup(group *gin.RouterGroup, config models.GlobalConfig) gin.HandlerFu
 	connection := AuthApi{
 		userAuthDbHandler:   userAuthHandler,
 		serverAuthDbHandler: serverAuthDbHandler,
+		instanceManager:     instanceManager,
 		tokenHandler:        inviteHandler,
 		config:              config,
 	}

config.yaml

@@ -19,8 +19,6 @@ authentication:
   user_pass:
     type: "mongo"
     initial_user:
-      username: ""
-      password: ""
       email: ""
     mongo:
       url: "mongodb://mongo:27107"

dbhandler/mongo/user_pass_authentication.go

@@ -25,9 +25,8 @@ type UserPassAuthenticationDbHandler struct {
 	collection *mongo.Collection
 }
 
-func (self *UserPassAuthenticationDbHandler) ListUsers(ctx context.Context) ([]models.User, error) {
+func (i *UserPassAuthenticationDbHandler) ListUsers(ctx context.Context) ([]models.User, error) {
-	cursor, err := self.collection.Find(ctx, bson.M{})
+	cursor, err := i.collection.Find(ctx, bson.M{})
-
 	if err != nil {
 		return nil, err
 	}
@@ -50,16 +49,14 @@ func (self *UserPassAuthenticationDbHandler) ListUsers(ctx context.Context) ([]m
 	return modelUsers, nil
 }
 
-func (self *UserPassAuthenticationDbHandler) AuthenticateUser(ctx context.Context, username string, password string) (*models.User, error) {
+func (i *UserPassAuthenticationDbHandler) AuthenticateUser(ctx context.Context, username string, password string) (*models.User, error) {
 	var user AuthUser
-	err := self.collection.FindOne(ctx, bson.M{"username": username}).Decode(&user)
+	err := i.collection.FindOne(ctx, bson.M{"username": username}).Decode(&user)
-
 	if err != nil {
 		return nil, err
 	}
 
 	err = bcrypt.CompareHashAndPassword([]byte(user.HashedPassword), []byte(password))
-
 	if err != nil {
 		return nil, err
 	}
@@ -73,7 +70,7 @@ func (self *UserPassAuthenticationDbHandler) AuthenticateUser(ctx context.Contex
 	}, nil
 }
 
-func (self *UserPassAuthenticationDbHandler) CreateUser(
+func (i *UserPassAuthenticationDbHandler) CreateUser(
 	ctx context.Context,
 	username string,
 	password string,
@@ -82,12 +79,11 @@ func (self *UserPassAuthenticationDbHandler) CreateUser(
 	maxOwnedServers uint,
 ) error {
 	hashedPassword, err := dbhandler.HashPassword(password)
-
 	if err != nil {
 		return err
 	}
 
-	_, err = self.collection.InsertOne(ctx, &AuthUser{
+	_, err = i.collection.InsertOne(ctx, &AuthUser{
 		Username:       username,
 		HashedPassword: hashedPassword,
 		Permissions:    permissions,
@@ -98,16 +94,16 @@ func (self *UserPassAuthenticationDbHandler) CreateUser(
 	return err
 }
 
-func (self *UserPassAuthenticationDbHandler) CountUsers(ctx context.Context) (uint, error) {
+func (i *UserPassAuthenticationDbHandler) CountUsers(ctx context.Context) (uint, error) {
-	count, err := self.collection.CountDocuments(ctx, bson.M{})
+	count, err := i.collection.CountDocuments(ctx, bson.M{})
 	if err != nil {
 		return 0, err
 	}
 	return uint(count), nil
 }
 
-func (self *UserPassAuthenticationDbHandler) RemoveUser(ctx context.Context, username string) error {
+func (i *UserPassAuthenticationDbHandler) RemoveUser(ctx context.Context, username string) error {
-	_, err := self.collection.DeleteOne(
+	_, err := i.collection.DeleteOne(
 		ctx,
 		bson.M{
 			"username": username,
@@ -117,12 +113,12 @@ func (self *UserPassAuthenticationDbHandler) RemoveUser(ctx context.Context, use
 	return err
 }
 
-func (self *UserPassAuthenticationDbHandler) SetPermissions(
+func (i *UserPassAuthenticationDbHandler) SetPermissions(
 	ctx context.Context,
 	username string,
 	permissions models.Permission,
 ) error {
-	_, err := self.collection.UpdateOne(
+	_, err := i.collection.UpdateOne(
 		ctx,
 		bson.M{
 			"username": username,
@@ -149,9 +145,9 @@ func NewUserPassAuthHandler(config models.MongoDBConfig) (*UserPassAuthenticatio
 }
 
 type InviteToken struct {
-	Email       string            `json:"email"`
+	Email       string            `bson:"email"`
-	Token       string            `json:"token"`
+	Token       string            `bson:"token"`
-	Permissions models.Permission `json:"permissions"`
+	Permissions models.Permission `bson:"permissions"`
 }
 
 type InviteTokenDbHandler struct {
@@ -159,15 +155,14 @@ type InviteTokenDbHandler struct {
 	collection *mongo.Collection
 }
 
-func (self *ServersDbHandler) SaveInviteToken(ctx context.Context, email string, permissions models.Permission) (string, error) {
+func (i *InviteTokenDbHandler) SaveInviteToken(ctx context.Context, email string, permissions models.Permission) (string, error) {
 	token := uuid.NewString()
 
-	_, err := self.collection.InsertOne(ctx, &InviteToken{
+	_, err := i.collection.InsertOne(ctx, &InviteToken{
 		Permissions: permissions,
 		Email:       email,
 		Token:       token,
 	})
-
 	if err != nil {
 		return "", err
 	}
@@ -175,9 +170,9 @@ func (self *ServersDbHandler) SaveInviteToken(ctx context.Context, email string,
 	return token, nil
 }
 
-func (self *ServersDbHandler) GetInviteToken(ctx context.Context, token string) (*dbhandler.InviteToken, error) {
+func (i *InviteTokenDbHandler) GetInviteToken(ctx context.Context, token string) (*dbhandler.InviteToken, error) {
 	var inviteToken InviteToken
-	err := self.collection.FindOne(ctx, bson.M{"token": token}).Decode(&inviteToken)
+	err := i.collection.FindOne(ctx, bson.M{"token": token}).Decode(&inviteToken)
 	if err != nil {
 		return nil, err
 	}

factories/dbhandlers.go

@@ -1,11 +1,8 @@
 package factories
 
 import (
-	"context"
 	"errors"
-	"log"
 	"sync"
-	"time"
 
 	"git.acooldomain.co/server-manager/backend/dbhandler"
 	"git.acooldomain.co/server-manager/backend/dbhandler/mongo"
@@ -136,21 +133,6 @@ func GetUserPassAuthDbHandler(config models.UserPassAuthConfig) (dbhandler.UserP
 	}
 
 	userPassAuthDbHandlers[key] = handler
-
-	ctx, cancel := context.WithTimeoutCause(context.Background(), 5*time.Second, errors.New("Timeout"))
-	defer cancel()
-	if config.InitialUser == nil {
-		return handler, nil
-	}
-
-	count, _ := handler.CountUsers(ctx)
-	if count == 0 {
-		log.Printf("Trying to create user %#v\n", config.InitialUser)
-		err := handler.CreateUser(ctx, config.InitialUser.Username, config.InitialUser.Password, models.Admin, config.InitialUser.Email, 10)
-		if err != nil {
-			log.Printf("Failed to create initial user %e\n", err)
-		}
-	}
 	return handler, nil
 }
 

instancemanager/docker/instance_manager.go

@@ -656,6 +656,10 @@ func (im *InstanceManager) StopFileBrowser(ctx context.Context, serverId string)
 	return nil
 }
 
+func (im *InstanceManager) GetFileBrowserFromUrl(ctx context.Context, url string) (*models.FileBrowser, error) {
+	return im.GetFileBrowser(ctx, strings.Split(url, "/")[1])
+}
+
 func NewInstanceManager(config models.DockerInstanceManagerConfig, siteDomain string) (*InstanceManager, error) {
 	apiClient, err := client.NewClientWithOpts(client.FromEnv, client.WithAPIVersionNegotiation())
 	if err != nil {

instancemanager/instance_manager.go

@@ -59,6 +59,7 @@ type InstanceManager interface {
 
 	// Read Only
 	GetFileBrowser(ctx context.Context, serverId string) (*models.FileBrowser, error)
+	GetFileBrowserFromUrl(ctx context.Context, url string) (*models.FileBrowser, error)
 	ListFileBrowsers(ctx context.Context) ([]models.FileBrowser, error)
 
 	// Status Changing

instancemanager/kubernetes/instance_manager.go

@@ -3,6 +3,7 @@ package kubernetes
 import (
 	"context"
 	"io"
+	"log"
 	"os"
 	"path/filepath"
 	"strings"
@@ -250,22 +251,24 @@ func (i *InstanceManager) InteractiveTerminal(ctx context.Context, serverId stri
 	req := i.coreV1Cli.CoreV1().RESTClient().
 		Post().
 		Resource("pods").
-		Namespace(i.Config.Namespace).
 		Name(serverId).
+		Namespace(i.Config.Namespace).
 		SubResource("attach").
 		VersionedParams(&corev1.PodAttachOptions{
-			Container: "server",
+			Stdin:  true,
-			Stdin:     true,
+			Stdout: true,
-			Stdout:    true,
+			Stderr: true,
-			Stderr:    true,
+			TTY:    true,
-			TTY:       true,
 		}, clientgoscheme.ParameterCodec)
 
 	executor, err := remotecommand.NewSPDYExecutor(i.restCfg, "POST", req.URL())
 	go func() {
 		defer stdoutWriter.Close()
 		defer stdinReader.Close()
-		_ = executor.StreamWithContext(ctx, remotecommand.StreamOptions{Stdin: stdinReader, Stdout: stdoutWriter, Stderr: stdoutWriter, Tty: true, TerminalSizeQueue: queue})
+		err := executor.StreamWithContext(ctx, remotecommand.StreamOptions{Stdin: stdinReader, Stdout: stdoutWriter, Stderr: stdoutWriter, Tty: true, TerminalSizeQueue: queue})
+		if err != nil {
+			log.Printf("Failed to attach %e", err)
+		}
 	}()
 
 	if err != nil {
@@ -296,6 +299,18 @@ func (i *InstanceManager) GetFileBrowser(ctx context.Context, serverId string) (
 	return &models.FileBrowser{ServerId: serverManager.Name, Id: serverManager.Name, Url: serverManager.Status.Browser.Url}, nil
 }
 
+func (i *InstanceManager) GetFileBrowserFromUrl(ctx context.Context, url string) (*models.FileBrowser, error) {
+	serverManager := &servermanagerv1.ServerManager{}
+	urlSegments := strings.Split(url, "/")
+	namespace, serverId := urlSegments[2], urlSegments[3]
+	err := i.client.Get(ctx, client.ObjectKey{Namespace: namespace, Name: serverId}, serverManager)
+	if err != nil {
+		return nil, err
+	}
+
+	return &models.FileBrowser{ServerId: serverManager.Name, Id: serverManager.Name, Url: serverManager.Status.Browser.Url}, nil
+}
+
 func (i *InstanceManager) ListFileBrowsers(ctx context.Context) ([]models.FileBrowser, error) {
 	serverManagers := &servermanagerv1.ServerManagerList{}
 	err := i.client.List(ctx, serverManagers, &client.ListOptions{Namespace: i.Config.Namespace})

mail/mail.go

@@ -22,12 +22,12 @@ func NewMailClient(config models.EmailConfig) *MailClient {
 	}
 }
 
-func (self *MailClient) SendMail(
+func (mc *MailClient) SendMail(
 	recipient string,
 	subject string,
 	content string,
 ) error {
-	from := mail.Address{Name: "", Address: self.mailConfig.FromEmail}
+	from := mail.Address{Name: "", Address: mc.mailConfig.FromEmail}
 	to := mail.Address{Name: "", Address: recipient}
 
 	headers := make(map[string]string)
@@ -41,21 +41,21 @@ func (self *MailClient) SendMail(
 	}
 	message += "\r\n" + content
 
-	conn, err := tls.Dial("tcp", self.mailConfig.Server+":465", &tls.Config{ServerName: self.mailConfig.Server})
+	conn, err := tls.Dial("tcp", mc.mailConfig.Server+":465", &tls.Config{ServerName: mc.mailConfig.Server})
 	if err != nil {
 		return err
 	}
 
-	client, err := smtp.NewClient(conn, self.mailConfig.Server)
+	client, err := smtp.NewClient(conn, mc.mailConfig.Server)
 	if err != nil {
 		return err
 	}
 
-	if err = client.Auth(*self.auth); err != nil {
+	if err = client.Auth(*mc.auth); err != nil {
 		return err
 	}
 
-	if err = client.Mail(self.mailConfig.FromEmail); err != nil {
+	if err = client.Mail(mc.mailConfig.FromEmail); err != nil {
 		return err
 	}
 

main.go

@@ -1,7 +1,6 @@
 package main
 
 import (
-	"fmt"
 	"os"
 
 	"git.acooldomain.co/server-manager/backend/auth"
@@ -21,7 +20,7 @@ func main() {
 	cors_config := cors.DefaultConfig()
 	cors_config.AllowCredentials = true
 	cors_config.ExposeHeaders = []string{"set-cookie"}
-	file, err := os.Open(fmt.Sprintf("%s", os.Getenv(CONFIG_PATH)))
+	file, err := os.Open(os.Getenv(CONFIG_PATH))
 	if err != nil {
 		panic(err)
 	}

models/config.go

@@ -1,9 +1,7 @@
 package models
 
 type InitialUserConfig struct {
-	Email    string `yaml:"email"`
+	Email string `yaml:"email"`
-	Username string `yaml:"username"`
-	Password string `yaml:"password"`
 }
 
 type EmailConfig struct {

users/users.go

@@ -1,8 +1,12 @@
 package users
 
 import (
+	"context"
 	"encoding/json"
+	"errors"
+	"log"
 	"net/http"
+	"time"
 
 	"git.acooldomain.co/server-manager/backend/auth"
 	"git.acooldomain.co/server-manager/backend/dbhandler"
@@ -28,7 +32,6 @@ type UserResponse struct {
 
 func (con UsersApi) GetUsers(ctx *gin.Context) {
 	users, err := con.userPassAuthHandler.ListUsers(ctx)
-
 	if err != nil {
 		ctx.AbortWithError(500, err)
 		return
@@ -65,18 +68,24 @@ type InviteUser struct {
 	Permissions models.Permission `json:"Permissions"`
 }
 
+func (con *UsersApi) inviteUser(ctx context.Context, email string, permissions models.Permission) error {
+	token, err := con.tokenHandler.SaveInviteToken(ctx, email, permissions)
+	if err != nil {
+		return err
+	}
+
+	err = con.mailClient.SendMail(email, "You've been invited to join", "please open this link https://games.acooldomain.co/signup?token="+token)
+	if err != nil {
+		return err
+	}
+
+	return nil
+}
+
 func (con UsersApi) InviteUser(ctx *gin.Context) {
 	var request InviteUser
 	json.NewDecoder(ctx.Request.Body).Decode(&request)
-
+	err := con.inviteUser(ctx, request.Email, request.Permissions)
-	token, err := con.tokenHandler.SaveInviteToken(ctx, request.Email, request.Permissions)
-
-	if err != nil {
-		ctx.AbortWithError(500, err)
-		return
-	}
-
-	err = con.mailClient.SendMail(request.Email, "You've been invited to join", "please open this link https://games.acooldomain.co/signup?token="+token)
 	if err != nil {
 		ctx.AbortWithError(500, err)
 		return
@@ -107,7 +116,6 @@ func (con UsersApi) DeleteUser(ctx *gin.Context) {
 	username := ctx.Param("user_id")
 
 	err := con.userPassAuthHandler.RemoveUser(ctx, username)
-
 	if err != nil {
 		ctx.AbortWithError(500, err)
 		return
@@ -123,6 +131,9 @@ func LoadGroup(group *gin.RouterGroup, config models.GlobalConfig) {
 	}
 
 	inviteHandler, err := factories.GetInviteTokenDbHandler(config.Authentication.UserPass.InviteTokenDatabase)
+	if err != nil {
+		panic(err)
+	}
 
 	mailClient := *mail.NewMailClient(config.Email)
 
@@ -133,6 +144,20 @@ func LoadGroup(group *gin.RouterGroup, config models.GlobalConfig) {
 		config:              &config,
 	}
 
+	if config.Authentication.Type == models.UserPass && config.Authentication.UserPass.InitialUser != nil {
+		ctx, cancel := context.WithTimeoutCause(context.Background(), 5*time.Second, errors.New("Timeout"))
+		defer cancel()
+
+		count, _ := connection.userPassAuthHandler.CountUsers(ctx)
+		if count == 0 {
+			log.Printf("Trying to create user %#v\n", config.Authentication.UserPass.InitialUser)
+			err := connection.inviteUser(ctx, config.Authentication.UserPass.InitialUser.Email, models.Admin)
+			if err != nil {
+				log.Printf("Failed to create initial user %e\n", err)
+			}
+		}
+	}
+
 	group.GET("", auth.AuthorizedTo(0), auth.AuthorizationEnforcer(), connection.GetUsers)
 	group.GET("/@me", auth.AuthorizedTo(0), auth.AuthorizationEnforcer(), connection.GetUser)
 	group.POST("", auth.AuthorizedTo(models.Admin), auth.AuthorizationEnforcer(), connection.InviteUser)