grafana/pkg/middleware/render_auth.go

package middleware

import (
	"sync"
	"time"

	m "github.com/grafana/grafana/pkg/models"
	"github.com/grafana/grafana/pkg/util"
)

var renderKeysLock sync.Mutex
var renderKeys map[string]*m.SignedInUser = make(map[string]*m.SignedInUser)

func initContextWithRenderAuth(ctx *m.ReqContext) bool {
	key := ctx.GetCookie("renderKey")
	if key == "" {
		return false
	}

	renderKeysLock.Lock()
	defer renderKeysLock.Unlock()

	renderUser, exists := renderKeys[key]
	if !exists {
		ctx.JsonApiErr(401, "Invalid Render Key", nil)
		return true
	}

	ctx.IsSignedIn = true
	ctx.SignedInUser = renderUser
	ctx.IsRenderCall = true
	ctx.LastSeenAt = time.Now()
	return true
}

func AddRenderAuthKey(orgId int64, userId int64, orgRole m.RoleType) string {
	renderKeysLock.Lock()

	key := util.GetRandomString(32)

	renderKeys[key] = &m.SignedInUser{
		OrgId:   orgId,
		OrgRole: orgRole,
		UserId:  userId,
	}

	renderKeysLock.Unlock()

	return key
}

func RemoveRenderAuthKey(key string) {
	renderKeysLock.Lock()
	delete(renderKeys, key)
	renderKeysLock.Unlock()
}
fix(server side rendering): Fixed issues with server side rendering for alerting & for auth proxy scenarios, fixes #6115, fixes #5906 2016-09-23 05:29:53 -05:00			`package middleware`

			`import (`
			`"sync"`
Backend image rendering as plugin (#11966) * rendering: headless chrome progress * renderer: minor change * grpc: version hell * updated grpc libs * wip: minor progess * rendering: new image rendering plugin is starting to work * feat: now phantomjs works as well and updated alerting to use new rendering service * refactor: renamed renderer package and service to rendering to make renderer name less confusing (rendering is internal service that handles the renderer plugin now) * rendering: now render key is passed and render auth is working in plugin mode * removed unneeded lines from gitignore * rendering: now plugin mode supports waiting for all panels to complete rendering * fix: LastSeenAt fix for render calls, was not set which causes a lot of updates to Last Seen at during rendering, this should fix sqlite db locked issues in seen in previous releases * change: changed render tz url parameter to use proper timezone name as chrome does not handle UTC offset TZ values * fix: another update to tz param generation * renderer: added http mode to renderer service, new ini setting [rendering] server_url 2018-05-24 08:26:27 -05:00			`"time"`
fix(server side rendering): Fixed issues with server side rendering for alerting & for auth proxy scenarios, fixes #6115, fixes #5906 2016-09-23 05:29:53 -05:00
			`m "github.com/grafana/grafana/pkg/models"`
			`"github.com/grafana/grafana/pkg/util"`
			`)`

			`var renderKeysLock sync.Mutex`
			`var renderKeys map[string]m.SignedInUser = make(map[string]m.SignedInUser)`

rename Context to ReqContext 2018-03-07 10:54:50 -06:00			`func initContextWithRenderAuth(ctx *m.ReqContext) bool {`
fix(server side rendering): Fixed issues with server side rendering for alerting & for auth proxy scenarios, fixes #6115, fixes #5906 2016-09-23 05:29:53 -05:00			`key := ctx.GetCookie("renderKey")`
			`if key == "" {`
			`return false`
			`}`

			`renderKeysLock.Lock()`
			`defer renderKeysLock.Unlock()`

Make golint happier 2018-03-22 16:13:46 -05:00			`renderUser, exists := renderKeys[key]`
			`if !exists {`
fix(server side rendering): Fixed issues with server side rendering for alerting & for auth proxy scenarios, fixes #6115, fixes #5906 2016-09-23 05:29:53 -05:00			`ctx.JsonApiErr(401, "Invalid Render Key", nil)`
			`return true`
			`}`
Make golint happier 2018-03-22 16:13:46 -05:00
			`ctx.IsSignedIn = true`
			`ctx.SignedInUser = renderUser`
			`ctx.IsRenderCall = true`
Backend image rendering as plugin (#11966) * rendering: headless chrome progress * renderer: minor change * grpc: version hell * updated grpc libs * wip: minor progess * rendering: new image rendering plugin is starting to work * feat: now phantomjs works as well and updated alerting to use new rendering service * refactor: renamed renderer package and service to rendering to make renderer name less confusing (rendering is internal service that handles the renderer plugin now) * rendering: now render key is passed and render auth is working in plugin mode * removed unneeded lines from gitignore * rendering: now plugin mode supports waiting for all panels to complete rendering * fix: LastSeenAt fix for render calls, was not set which causes a lot of updates to Last Seen at during rendering, this should fix sqlite db locked issues in seen in previous releases * change: changed render tz url parameter to use proper timezone name as chrome does not handle UTC offset TZ values * fix: another update to tz param generation * renderer: added http mode to renderer service, new ini setting [rendering] server_url 2018-05-24 08:26:27 -05:00			`ctx.LastSeenAt = time.Now()`
Make golint happier 2018-03-22 16:13:46 -05:00			`return true`
fix(server side rendering): Fixed issues with server side rendering for alerting & for auth proxy scenarios, fixes #6115, fixes #5906 2016-09-23 05:29:53 -05:00			`}`

dashfolders: security for png rendering 2017-06-21 18:23:36 -05:00			`func AddRenderAuthKey(orgId int64, userId int64, orgRole m.RoleType) string {`
fix(server side rendering): Fixed issues with server side rendering for alerting & for auth proxy scenarios, fixes #6115, fixes #5906 2016-09-23 05:29:53 -05:00			`renderKeysLock.Lock()`

			`key := util.GetRandomString(32)`

			`renderKeys[key] = &m.SignedInUser{`
			`OrgId: orgId,`
dashfolders: security for png rendering 2017-06-21 18:23:36 -05:00			`OrgRole: orgRole,`
			`UserId: userId,`
fix(server side rendering): Fixed issues with server side rendering for alerting & for auth proxy scenarios, fixes #6115, fixes #5906 2016-09-23 05:29:53 -05:00			`}`

			`renderKeysLock.Unlock()`

			`return key`
			`}`

			`func RemoveRenderAuthKey(key string) {`
			`renderKeysLock.Lock()`
			`delete(renderKeys, key)`
			`renderKeysLock.Unlock()`
			`}`