IntenseWebs/grafana
3
0
Fork 0
mirror of https://github.com/grafana/grafana.git synced 2025-02-25 18:55:37 -06:00
Code Issues Packages Projects Releases Wiki Activity

ContextHandler: Use stdlib format for middleware (#54219)

Browse Source
This commit is contained in:
Emil Tullstedt 2022-08-25 14:35:21 +02:00 committed by GitHub
parent aace0b1e7f
commit 0ffbf901d7
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 80 additions and 74 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
pkg/api/http_server.go
View File

@ -534,7 +534,7 @@ func (hs *HTTPServer) addMiddlewaresAndStaticRoutes() {
m.Use(middleware.RequestTracing(hs.tracer)) m.Use(middleware.RequestTracing(hs.tracer))
m.Use(middleware.RequestMetrics(hs.Features)) m.Use(middleware.RequestMetrics(hs.Features))
m.Use(middleware.Logger(hs.Cfg)) m.UseMiddleware(middleware.Logger(hs.Cfg))
if hs.Cfg.EnableGzip { if hs.Cfg.EnableGzip {
m.UseMiddleware(middleware.Gziper()) m.UseMiddleware(middleware.Gziper())
@ -566,7 +566,7 @@ func (hs *HTTPServer) addMiddlewaresAndStaticRoutes() {
m.Use(hs.metricsEndpoint) m.Use(hs.metricsEndpoint)
m.Use(hs.pluginMetricsEndpoint) m.Use(hs.pluginMetricsEndpoint)
m.Use(hs.ContextHandler.Middleware) m.UseMiddleware(hs.ContextHandler.Middleware)
m.Use(middleware.OrgRedirect(hs.Cfg, hs.SQLStore)) m.Use(middleware.OrgRedirect(hs.Cfg, hs.SQLStore))
m.Use(accesscontrol.LoadPermissionsMiddleware(hs.accesscontrolService)) m.Use(accesscontrol.LoadPermissionsMiddleware(hs.accesscontrolService))

150
pkg/services/contexthandler/contexthandler.go
View File

@ -90,84 +90,90 @@ func FromContext(c context.Context) *models.ReqContext {
return nil return nil
} }
// Middleware provides a middleware to initialize the Macaron context. // Middleware provides a middleware to initialize the request context.
func (h *ContextHandler) Middleware(mContext *web.Context) { func (h *ContextHandler) Middleware(next http.Handler) http.Handler {
_, span := h.tracer.Start(mContext.Req.Context(), "Auth - Middleware") return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
defer span.End() ctx := r.Context()
mContext := web.FromContext(ctx)
_, span := h.tracer.Start(ctx, "Auth - Middleware")
defer span.End()
reqContext := &models.ReqContext{ reqContext := &models.ReqContext{
Context: mContext, Context: mContext,
SignedInUser: &user.SignedInUser{}, SignedInUser: &user.SignedInUser{},
IsSignedIn: false, IsSignedIn: false,
AllowAnonymous: false, AllowAnonymous: false,
SkipCache: false, SkipCache: false,
Logger: log.New("context"), Logger: log.New("context"),
}
// Inject ReqContext into http.Request.Context
mContext.Req = mContext.Req.WithContext(ctxkey.Set(mContext.Req.Context(), reqContext))
traceID := tracing.TraceIDFromContext(mContext.Req.Context(), false)
if traceID != "" {
reqContext.Logger = reqContext.Logger.New("traceID", traceID)
}
const headerName = "X-Grafana-Org-Id"
orgID := int64(0)
orgIDHeader := reqContext.Req.Header.Get(headerName)
if orgIDHeader != "" {
id, err := strconv.ParseInt(orgIDHeader, 10, 64)
if err == nil {
orgID = id
} else {
reqContext.Logger.Debug("Received invalid header", "header", headerName, "value", orgIDHeader)
} }
}
queryParameters, err := url.ParseQuery(reqContext.Req.URL.RawQuery) // Inject ReqContext into http.Request.Context
if err != nil { *r = *r.WithContext(context.WithValue(ctx, reqContextKey{}, reqContext))
reqContext.Logger.Error("Failed to parse query parameters", "error", err)
} traceID := tracing.TraceIDFromContext(mContext.Req.Context(), false)
if queryParameters.Has("targetOrgId") { if traceID != "" {
targetOrg, err := strconv.ParseInt(queryParameters.Get("targetOrgId"), 10, 64) reqContext.Logger = reqContext.Logger.New("traceID", traceID)
if err == nil {
orgID = targetOrg
} else {
reqContext.Logger.Error("Invalid target organization ID", "error", err)
} }
}
// the order in which these are tested are important const headerName = "X-Grafana-Org-Id"
// look for api key in Authorization header first orgID := int64(0)
// then init session and look for userId in session orgIDHeader := reqContext.Req.Header.Get(headerName)
// then look for api key in session (special case for render calls via api) if orgIDHeader != "" {
// then test if anonymous access is enabled id, err := strconv.ParseInt(orgIDHeader, 10, 64)
switch { if err == nil {
case h.initContextWithRenderAuth(reqContext): orgID = id
case h.initContextWithAPIKey(reqContext): } else {
case h.initContextWithBasicAuth(reqContext, orgID): reqContext.Logger.Debug("Received invalid header", "header", headerName, "value", orgIDHeader)
case h.initContextWithAuthProxy(reqContext, orgID): }
case h.initContextWithToken(reqContext, orgID):
case h.initContextWithJWT(reqContext, orgID):
case h.initContextWithAnonymousUser(reqContext):
}
reqContext.Logger = reqContext.Logger.New("userId", reqContext.UserID, "orgId", reqContext.OrgID, "uname", reqContext.Login)
span.AddEvents(
[]string{"uname", "orgId", "userId"},
[]tracing.EventValue{
{Str: reqContext.Login},
{Num: reqContext.OrgID},
{Num: reqContext.UserID}},
)
// update last seen every 5min
if reqContext.ShouldUpdateLastSeenAt() {
reqContext.Logger.Debug("Updating last user_seen_at", "user_id", reqContext.UserID)
if err := h.userService.UpdateLastSeenAt(mContext.Req.Context(), &user.UpdateUserLastSeenAtCommand{UserID: reqContext.UserID}); err != nil {
reqContext.Logger.Error("Failed to update last_seen_at", "error", err)
} }
}
queryParameters, err := url.ParseQuery(reqContext.Req.URL.RawQuery)
if err != nil {
reqContext.Logger.Error("Failed to parse query parameters", "error", err)
}
if queryParameters.Has("targetOrgId") {
targetOrg, err := strconv.ParseInt(queryParameters.Get("targetOrgId"), 10, 64)
if err == nil {
orgID = targetOrg
} else {
reqContext.Logger.Error("Invalid target organization ID", "error", err)
}
}
// the order in which these are tested are important
// look for api key in Authorization header first
// then init session and look for userId in session
// then look for api key in session (special case for render calls via api)
// then test if anonymous access is enabled
switch {
case h.initContextWithRenderAuth(reqContext):
case h.initContextWithAPIKey(reqContext):
case h.initContextWithBasicAuth(reqContext, orgID):
case h.initContextWithAuthProxy(reqContext, orgID):
case h.initContextWithToken(reqContext, orgID):
case h.initContextWithJWT(reqContext, orgID):
case h.initContextWithAnonymousUser(reqContext):
}
reqContext.Logger = reqContext.Logger.New("userId", reqContext.UserID, "orgId", reqContext.OrgID, "uname", reqContext.Login)
span.AddEvents(
[]string{"uname", "orgId", "userId"},
[]tracing.EventValue{
{Str: reqContext.Login},
{Num: reqContext.OrgID},
{Num: reqContext.UserID}},
)
// update last seen every 5min
if reqContext.ShouldUpdateLastSeenAt() {
reqContext.Logger.Debug("Updating last user_seen_at", "user_id", reqContext.UserID)
if err := h.userService.UpdateLastSeenAt(mContext.Req.Context(), &user.UpdateUserLastSeenAtCommand{UserID: reqContext.UserID}); err != nil {
reqContext.Logger.Error("Failed to update last_seen_at", "error", err)
}
}
next.ServeHTTP(w, r)
})
} }
func (h *ContextHandler) initContextWithAnonymousUser(reqContext *models.ReqContext) bool { func (h *ContextHandler) initContextWithAnonymousUser(reqContext *models.ReqContext) bool {