grafana/pkg/middleware/middleware.go

package middleware

import (
	"strconv"
	"strings"

	"github.com/Unknwon/macaron"

	"github.com/grafana/grafana/pkg/bus"
	"github.com/grafana/grafana/pkg/components/apikeygen"
	"github.com/grafana/grafana/pkg/log"
	"github.com/grafana/grafana/pkg/metrics"
	m "github.com/grafana/grafana/pkg/models"
	"github.com/grafana/grafana/pkg/setting"
)

type Context struct {
	*macaron.Context
	*m.SignedInUser

	Session SessionStore

	IsSignedIn     bool
	AllowAnonymous bool
}

func GetContextHandler() macaron.Handler {
	return func(c *macaron.Context) {
		ctx := &Context{
			Context:        c,
			SignedInUser:   &m.SignedInUser{},
			Session:        GetSession(),
			IsSignedIn:     false,
			AllowAnonymous: false,
		}

		if initContextWithApiKey(ctx) ||
			initContextWithUserSessionCookie(ctx) ||
			initContextWithAnonymousUser(ctx) {
		}

		c.Map(ctx)
	}
}

func initContextWithAnonymousUser(ctx *Context) bool {
	if !setting.AnonymousEnabled {
		return false
	}

	orgQuery := m.GetOrgByNameQuery{Name: setting.AnonymousOrgName}
	if err := bus.Dispatch(&orgQuery); err != nil {
		log.Error(3, "Anonymous access organization error: '%s': %s", setting.AnonymousOrgName, err)
		return false
	} else {
		ctx.IsSignedIn = false
		ctx.AllowAnonymous = true
		ctx.SignedInUser = &m.SignedInUser{}
		ctx.OrgRole = m.RoleType(setting.AnonymousOrgRole)
		ctx.OrgId = orgQuery.Result.Id
		ctx.OrgName = orgQuery.Result.Name
		return true
	}
}

func initContextWithUserSessionCookie(ctx *Context) bool {
	// initialize session
	if err := ctx.Session.Start(ctx); err != nil {
		log.Error(3, "Failed to start session", err)
		return false
	}

	var userId int64
	if userId = getRequestUserId(ctx); userId == 0 {
		return false
	}

	query := m.GetSignedInUserQuery{UserId: userId}
	if err := bus.Dispatch(&query); err != nil {
		log.Error(3, "Failed to get user by id, %v, %v", userId, err)
		return false
	} else {
		ctx.SignedInUser = query.Result
		ctx.IsSignedIn = true
		return true
	}
}

func initContextWithApiKey(ctx *Context) bool {
	var keyString string
	if keyString = getApiKey(ctx); keyString == "" {
		return false
	}

	// base64 decode key
	decoded, err := apikeygen.Decode(keyString)
	if err != nil {
		ctx.JsonApiErr(401, "Invalid API key", err)
		return true
	}
	// fetch key
	keyQuery := m.GetApiKeyByNameQuery{KeyName: decoded.Name, OrgId: decoded.OrgId}
	if err := bus.Dispatch(&keyQuery); err != nil {
		ctx.JsonApiErr(401, "Invalid API key", err)
		return true
	} else {
		apikey := keyQuery.Result

		// validate api key
		if !apikeygen.IsValid(decoded, apikey.Key) {
			ctx.JsonApiErr(401, "Invalid API key", err)
			return true
		}

		ctx.IsSignedIn = true
		ctx.SignedInUser = &m.SignedInUser{}

		// TODO: fix this
		ctx.OrgRole = apikey.Role
		ctx.ApiKeyId = apikey.Id
		ctx.OrgId = apikey.OrgId
		return true
	}
}

// Handle handles and logs error by given status.
func (ctx *Context) Handle(status int, title string, err error) {
	if err != nil {
		log.Error(4, "%s: %v", title, err)
		if setting.Env != setting.PROD {
			ctx.Data["ErrorMsg"] = err
		}
	}

	switch status {
	case 200:
		metrics.M_Page_Status_200.Inc(1)
	case 404:
		metrics.M_Page_Status_404.Inc(1)
	case 500:
		metrics.M_Page_Status_500.Inc(1)
	}

	ctx.Data["Title"] = title
	ctx.HTML(status, strconv.Itoa(status))
}

func (ctx *Context) JsonOK(message string) {
	resp := make(map[string]interface{})

	resp["message"] = message

	ctx.JSON(200, resp)
}

func (ctx *Context) IsApiRequest() bool {
	return strings.HasPrefix(ctx.Req.URL.Path, "/api")
}

func (ctx *Context) JsonApiErr(status int, message string, err error) {
	resp := make(map[string]interface{})

	if err != nil {
		log.Error(4, "%s: %v", message, err)
		if setting.Env != setting.PROD {
			resp["error"] = err.Error()
		}
	}

	switch status {
	case 404:
		resp["message"] = "Not Found"
		metrics.M_Api_Status_500.Inc(1)
	case 500:
		metrics.M_Api_Status_404.Inc(1)
		resp["message"] = "Internal Server Error"
	}

	if message != "" {
		resp["message"] = message
	}

	ctx.JSON(status, resp)
}
Macaron rewrite 2014-10-05 09:50:04 -05:00			`package middleware`

			`import (`
OAuth remake 2014-10-07 16:56:37 -05:00			`"strconv"`
Refactoring of api routes 2015-01-14 07:25:12 -06:00			`"strings"`
Macaron rewrite 2014-10-05 09:50:04 -05:00
			`"github.com/Unknwon/macaron"`

Changed go package path 2015-02-05 03:37:13 -06:00			`"github.com/grafana/grafana/pkg/bus"`
New implementation for API Keys that only stores hashed api keys, and the client key is base64 decoded json web token with the unhashed key, Closes #1440 2015-02-26 10:23:28 -06:00			`"github.com/grafana/grafana/pkg/components/apikeygen"`
Changed go package path 2015-02-05 03:37:13 -06:00			`"github.com/grafana/grafana/pkg/log"`
Added server metrics 2015-03-22 14:14:00 -05:00			`"github.com/grafana/grafana/pkg/metrics"`
Changed go package path 2015-02-05 03:37:13 -06:00			`m "github.com/grafana/grafana/pkg/models"`
			`"github.com/grafana/grafana/pkg/setting"`
Macaron rewrite 2014-10-05 09:50:04 -05:00			`)`

			`type Context struct {`
			`*macaron.Context`
Corrected spelling of SignedInUser (was SignInUser) 2015-01-16 09:17:35 -06:00			`*m.SignedInUser`
Big refactoring for context.User, and how current user info is fetching, now included collaborator role 2015-01-16 07:32:18 -06:00
A big refactoring for how sessions are handled, Api calls that authenticate with api key will no longer create a new session 2015-04-07 12:21:14 -05:00			`Session SessionStore`
Macaron rewrite 2014-10-05 09:50:04 -05:00
Fixed anonymous access mode, Closes #1586 2015-03-11 11:34:11 -05:00			`IsSignedIn bool`
			`AllowAnonymous bool`
more macaroon stuff 2014-10-06 14:31:54 -05:00			`}`

Macaron rewrite 2014-10-05 09:50:04 -05:00			`func GetContextHandler() macaron.Handler {`
A big refactoring for how sessions are handled, Api calls that authenticate with api key will no longer create a new session 2015-04-07 12:21:14 -05:00			`return func(c *macaron.Context) {`
Macaron rewrite 2014-10-05 09:50:04 -05:00			`ctx := &Context{`
Fixed anonymous access mode, Closes #1586 2015-03-11 11:34:11 -05:00			`Context: c,`
			`SignedInUser: &m.SignedInUser{},`
A big refactoring for how sessions are handled, Api calls that authenticate with api key will no longer create a new session 2015-04-07 12:21:14 -05:00			`Session: GetSession(),`
Fixed anonymous access mode, Closes #1586 2015-03-11 11:34:11 -05:00			`IsSignedIn: false,`
			`AllowAnonymous: false,`
Macaron rewrite 2014-10-05 09:50:04 -05:00			`}`

A big refactoring for how sessions are handled, Api calls that authenticate with api key will no longer create a new session 2015-04-07 12:21:14 -05:00			`if initContextWithApiKey(ctx) \|\|`
			`initContextWithUserSessionCookie(ctx) \|\|`
			`initContextWithAnonymousUser(ctx) {`
Refactoring of auth middleware, and starting work on account admin 2015-01-15 05:16:54 -06:00			`}`

Macaron rewrite 2014-10-05 09:50:04 -05:00			`c.Map(ctx)`
			`}`
			`}`

A big refactoring for how sessions are handled, Api calls that authenticate with api key will no longer create a new session 2015-04-07 12:21:14 -05:00			`func initContextWithAnonymousUser(ctx *Context) bool {`
			`if !setting.AnonymousEnabled {`
			`return false`
			`}`

			`orgQuery := m.GetOrgByNameQuery{Name: setting.AnonymousOrgName}`
			`if err := bus.Dispatch(&orgQuery); err != nil {`
			`log.Error(3, "Anonymous access organization error: '%s': %s", setting.AnonymousOrgName, err)`
			`return false`
			`} else {`
			`ctx.IsSignedIn = false`
			`ctx.AllowAnonymous = true`
			`ctx.SignedInUser = &m.SignedInUser{}`
			`ctx.OrgRole = m.RoleType(setting.AnonymousOrgRole)`
			`ctx.OrgId = orgQuery.Result.Id`
			`ctx.OrgName = orgQuery.Result.Name`
			`return true`
			`}`
			`}`

			`func initContextWithUserSessionCookie(ctx *Context) bool {`
			`// initialize session`
			`if err := ctx.Session.Start(ctx); err != nil {`
			`log.Error(3, "Failed to start session", err)`
			`return false`
			`}`

			`var userId int64`
			`if userId = getRequestUserId(ctx); userId == 0 {`
			`return false`
			`}`

			`query := m.GetSignedInUserQuery{UserId: userId}`
			`if err := bus.Dispatch(&query); err != nil {`
			`log.Error(3, "Failed to get user by id, %v, %v", userId, err)`
			`return false`
			`} else {`
			`ctx.SignedInUser = query.Result`
			`ctx.IsSignedIn = true`
			`return true`
			`}`
			`}`

			`func initContextWithApiKey(ctx *Context) bool {`
			`var keyString string`
			`if keyString = getApiKey(ctx); keyString == "" {`
			`return false`
			`}`

			`// base64 decode key`
			`decoded, err := apikeygen.Decode(keyString)`
			`if err != nil {`
			`ctx.JsonApiErr(401, "Invalid API key", err)`
			`return true`
			`}`
			`// fetch key`
			`keyQuery := m.GetApiKeyByNameQuery{KeyName: decoded.Name, OrgId: decoded.OrgId}`
			`if err := bus.Dispatch(&keyQuery); err != nil {`
			`ctx.JsonApiErr(401, "Invalid API key", err)`
			`return true`
			`} else {`
			`apikey := keyQuery.Result`

			`// validate api key`
			`if !apikeygen.IsValid(decoded, apikey.Key) {`
			`ctx.JsonApiErr(401, "Invalid API key", err)`
			`return true`
			`}`

			`ctx.IsSignedIn = true`
			`ctx.SignedInUser = &m.SignedInUser{}`

			`// TODO: fix this`
			`ctx.OrgRole = apikey.Role`
			`ctx.ApiKeyId = apikey.Id`
			`ctx.OrgId = apikey.OrgId`
			`return true`
			`}`
			`}`

Macaron rewrite 2014-10-05 09:50:04 -05:00			`// Handle handles and logs error by given status.`
			`func (ctx *Context) Handle(status int, title string, err error) {`
			`if err != nil {`
			`log.Error(4, "%s: %v", title, err)`
Added disable user sign up feature 2015-01-29 08:46:54 -06:00			`if setting.Env != setting.PROD {`
Macaron rewrite 2014-10-05 09:50:04 -05:00			`ctx.Data["ErrorMsg"] = err`
			`}`
			`}`

Added server metrics 2015-03-22 14:14:00 -05:00			`switch status {`
			`case 200:`
			`metrics.M_Page_Status_200.Inc(1)`
			`case 404:`
			`metrics.M_Page_Status_404.Inc(1)`
			`case 500:`
			`metrics.M_Page_Status_500.Inc(1)`
			`}`

fixed error handling, and error logging for panel rendering 2015-02-05 05:23:24 -06:00			`ctx.Data["Title"] = title`
OAuth remake 2014-10-07 16:56:37 -05:00			`ctx.HTML(status, strconv.Itoa(status))`
Macaron rewrite 2014-10-05 09:50:04 -05:00			`}`
macaron transition progress 2014-10-05 14:13:01 -05:00
More general backend work, in the middle of the night... Zzzz 2014-12-16 20:09:54 -06:00			`func (ctx *Context) JsonOK(message string) {`
			`resp := make(map[string]interface{})`

			`resp["message"] = message`

			`ctx.JSON(200, resp)`
			`}`

Refactoring of api routes 2015-01-14 07:25:12 -06:00			`func (ctx *Context) IsApiRequest() bool {`
			`return strings.HasPrefix(ctx.Req.URL.Path, "/api")`
			`}`

working on oauth 2014-10-07 14:54:38 -05:00			`func (ctx *Context) JsonApiErr(status int, message string, err error) {`
more macaroon stuff 2014-10-06 14:31:54 -05:00			`resp := make(map[string]interface{})`

			`if err != nil {`
			`log.Error(4, "%s: %v", message, err)`
started work datasources admin 2014-12-16 05:04:08 -06:00			`if setting.Env != setting.PROD {`
			`resp["error"] = err.Error()`
more macaroon stuff 2014-10-06 14:31:54 -05:00			`}`
			`}`

			`switch status {`
			`case 404:`
			`resp["message"] = "Not Found"`
Added server metrics 2015-03-22 14:14:00 -05:00			`metrics.M_Api_Status_500.Inc(1)`
more macaroon stuff 2014-10-06 14:31:54 -05:00			`case 500:`
Added server metrics 2015-03-22 14:14:00 -05:00			`metrics.M_Api_Status_404.Inc(1)`
more macaroon stuff 2014-10-06 14:31:54 -05:00			`resp["message"] = "Internal Server Error"`
			`}`

			`if message != "" {`
			`resp["message"] = message`
			`}`

Tried postgres 2014-11-24 03:17:13 -06:00			`ctx.JSON(status, resp)`
more macaroon stuff 2014-10-06 14:31:54 -05:00			`}`