IntenseWebs/grafana
3
0
Fork 0
mirror of https://github.com/grafana/grafana.git synced 2025-02-25 18:55:37 -06:00
Code Issues Packages Projects Releases Wiki Activity

Anonymous User: Adds validator service for anonymous users (#94700)

Browse Source
This commit is contained in:
lean.dev 2024-10-18 13:10:41 -03:00 committed by GitHub
parent fd5f351a6f
commit 3438196010
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
5 changed files with 63 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
pkg/server/wireexts_oss.go
View File

@ -18,6 +18,7 @@ import (
"github.com/grafana/grafana/pkg/services/accesscontrol/ossaccesscontrol" "github.com/grafana/grafana/pkg/services/accesscontrol/ossaccesscontrol"
"github.com/grafana/grafana/pkg/services/anonymous" "github.com/grafana/grafana/pkg/services/anonymous"
"github.com/grafana/grafana/pkg/services/anonymous/anonimpl" "github.com/grafana/grafana/pkg/services/anonymous/anonimpl"
"github.com/grafana/grafana/pkg/services/anonymous/validator"
"github.com/grafana/grafana/pkg/services/apiserver/standalone" "github.com/grafana/grafana/pkg/services/apiserver/standalone"
"github.com/grafana/grafana/pkg/services/auth" "github.com/grafana/grafana/pkg/services/auth"
"github.com/grafana/grafana/pkg/services/auth/authimpl" "github.com/grafana/grafana/pkg/services/auth/authimpl"
@ -54,6 +55,8 @@ var wireExtsBasicSet = wire.NewSet(
authimpl.ProvideUserAuthTokenService, authimpl.ProvideUserAuthTokenService,
wire.Bind(new(auth.UserTokenService), new(*authimpl.UserAuthTokenService)), wire.Bind(new(auth.UserTokenService), new(*authimpl.UserAuthTokenService)),
wire.Bind(new(auth.UserTokenBackgroundService), new(*authimpl.UserAuthTokenService)), wire.Bind(new(auth.UserTokenBackgroundService), new(*authimpl.UserAuthTokenService)),
validator.ProvideAnonUserLimitValidator,
wire.Bind(new(validator.AnonUserLimitValidator), new(*validator.AnonUserLimitValidatorImpl)),
anonimpl.ProvideAnonymousDeviceService, anonimpl.ProvideAnonymousDeviceService,
wire.Bind(new(anonymous.Service), new(*anonimpl.AnonDeviceService)), wire.Bind(new(anonymous.Service), new(*anonimpl.AnonDeviceService)),
licensing.ProvideService, licensing.ProvideService,

32
pkg/services/anonymous/anonimpl/impl.go
View File

@ -17,6 +17,7 @@ import (
"github.com/grafana/grafana/pkg/services/anonymous" "github.com/grafana/grafana/pkg/services/anonymous"
"github.com/grafana/grafana/pkg/services/anonymous/anonimpl/anonstore" "github.com/grafana/grafana/pkg/services/anonymous/anonimpl/anonstore"
"github.com/grafana/grafana/pkg/services/anonymous/anonimpl/api" "github.com/grafana/grafana/pkg/services/anonymous/anonimpl/api"
"github.com/grafana/grafana/pkg/services/anonymous/validator"
"github.com/grafana/grafana/pkg/services/authn" "github.com/grafana/grafana/pkg/services/authn"
"github.com/grafana/grafana/pkg/services/org" "github.com/grafana/grafana/pkg/services/org"
"github.com/grafana/grafana/pkg/setting" "github.com/grafana/grafana/pkg/setting"
@ -28,23 +29,26 @@ const deviceIDHeader = "X-Grafana-Device-Id"
const keepFor = time.Hour * 24 * 61 const keepFor = time.Hour * 24 * 61
type AnonDeviceService struct { type AnonDeviceService struct {
log log.Logger log log.Logger
localCache *localcache.CacheService localCache *localcache.CacheService
anonStore anonstore.AnonStore anonStore anonstore.AnonStore
serverLock *serverlock.ServerLockService serverLock *serverlock.ServerLockService
cfg *setting.Cfg cfg *setting.Cfg
limitValidator validator.AnonUserLimitValidator
} }
func ProvideAnonymousDeviceService(usageStats usagestats.Service, authBroker authn.Service, func ProvideAnonymousDeviceService(usageStats usagestats.Service, authBroker authn.Service,
sqlStore db.DB, cfg *setting.Cfg, orgService org.Service, sqlStore db.DB, cfg *setting.Cfg, orgService org.Service,
serverLockService *serverlock.ServerLockService, accesscontrol accesscontrol.AccessControl, routeRegister routing.RouteRegister, serverLockService *serverlock.ServerLockService, accesscontrol accesscontrol.AccessControl, routeRegister routing.RouteRegister,
validator validator.AnonUserLimitValidator,
) *AnonDeviceService { ) *AnonDeviceService {
a := &AnonDeviceService{ a := &AnonDeviceService{
log: log.New("anonymous-session-service"), log: log.New("anonymous-session-service"),
localCache: localcache.New(29*time.Minute, 15*time.Minute), localCache: localcache.New(29*time.Minute, 15*time.Minute),
anonStore: anonstore.ProvideAnonDBStore(sqlStore, cfg.AnonymousDeviceLimit), anonStore: anonstore.ProvideAnonDBStore(sqlStore, cfg.AnonymousDeviceLimit),
serverLock: serverLockService, serverLock: serverLockService,
cfg: cfg, cfg: cfg,
limitValidator: validator,
} }
usageStats.RegisterMetricsFunc(a.usageStatFn) usageStats.RegisterMetricsFunc(a.usageStatFn)
@ -81,6 +85,11 @@ func (a *AnonDeviceService) usageStatFn(ctx context.Context) (map[string]any, er
} }
func (a *AnonDeviceService) tagDeviceUI(ctx context.Context, device *anonstore.Device) error { func (a *AnonDeviceService) tagDeviceUI(ctx context.Context, device *anonstore.Device) error {
err := a.limitValidator.Validate(ctx)
if err != nil {
return err
}
key := device.CacheKey() key := device.CacheKey()
if val, ok := a.localCache.Get(key); ok { if val, ok := a.localCache.Get(key); ok {
@ -109,8 +118,7 @@ func (a *AnonDeviceService) tagDeviceUI(ctx context.Context, device *anonstore.D
return nil return nil
} }
func (a *AnonDeviceService) untagDevice(ctx context.Context, func (a *AnonDeviceService) untagDevice(ctx context.Context, _ *authn.Identity, r *authn.Request, err error) {
identity *authn.Identity, r *authn.Request, err error) {
if err != nil { if err != nil {
return return
} }

8
pkg/services/anonymous/anonimpl/impl_test.go
View File

@ -15,6 +15,7 @@ import (
"github.com/grafana/grafana/pkg/services/accesscontrol/actest" "github.com/grafana/grafana/pkg/services/accesscontrol/actest"
"github.com/grafana/grafana/pkg/services/anonymous" "github.com/grafana/grafana/pkg/services/anonymous"
"github.com/grafana/grafana/pkg/services/anonymous/anonimpl/anonstore" "github.com/grafana/grafana/pkg/services/anonymous/anonimpl/anonstore"
"github.com/grafana/grafana/pkg/services/anonymous/validator"
"github.com/grafana/grafana/pkg/services/authn/authntest" "github.com/grafana/grafana/pkg/services/authn/authntest"
"github.com/grafana/grafana/pkg/services/org/orgtest" "github.com/grafana/grafana/pkg/services/org/orgtest"
"github.com/grafana/grafana/pkg/setting" "github.com/grafana/grafana/pkg/setting"
@ -123,7 +124,7 @@ func TestIntegrationDeviceService_tag(t *testing.T) {
t.Run(tc.name, func(t *testing.T) { t.Run(tc.name, func(t *testing.T) {
store := db.InitTestDB(t) store := db.InitTestDB(t)
anonService := ProvideAnonymousDeviceService(&usagestats.UsageStatsMock{}, anonService := ProvideAnonymousDeviceService(&usagestats.UsageStatsMock{},
&authntest.FakeService{}, store, setting.NewCfg(), orgtest.NewOrgServiceFake(), nil, actest.FakeAccessControl{}, &routing.RouteRegisterImpl{}) &authntest.FakeService{}, store, setting.NewCfg(), orgtest.NewOrgServiceFake(), nil, actest.FakeAccessControl{}, &routing.RouteRegisterImpl{}, validator.FakeAnonUserLimitValidator{})
for _, req := range tc.req { for _, req := range tc.req {
err := anonService.TagDevice(context.Background(), req.httpReq, req.kind) err := anonService.TagDevice(context.Background(), req.httpReq, req.kind)
@ -161,7 +162,7 @@ func TestIntegrationAnonDeviceService_localCacheSafety(t *testing.T) {
} }
store := db.InitTestDB(t) store := db.InitTestDB(t)
anonService := ProvideAnonymousDeviceService(&usagestats.UsageStatsMock{}, anonService := ProvideAnonymousDeviceService(&usagestats.UsageStatsMock{},
&authntest.FakeService{}, store, setting.NewCfg(), orgtest.NewOrgServiceFake(), nil, actest.FakeAccessControl{}, &routing.RouteRegisterImpl{}) &authntest.FakeService{}, store, setting.NewCfg(), orgtest.NewOrgServiceFake(), nil, actest.FakeAccessControl{}, &routing.RouteRegisterImpl{}, validator.FakeAnonUserLimitValidator{})
req := &http.Request{ req := &http.Request{
Header: http.Header{ Header: http.Header{
@ -259,7 +260,7 @@ func TestIntegrationDeviceService_SearchDevice(t *testing.T) {
store := db.InitTestDB(t) store := db.InitTestDB(t)
cfg := setting.NewCfg() cfg := setting.NewCfg()
cfg.AnonymousEnabled = true cfg.AnonymousEnabled = true
anonService := ProvideAnonymousDeviceService(&usagestats.UsageStatsMock{}, &authntest.FakeService{}, store, cfg, orgtest.NewOrgServiceFake(), nil, actest.FakeAccessControl{}, &routing.RouteRegisterImpl{}) anonService := ProvideAnonymousDeviceService(&usagestats.UsageStatsMock{}, &authntest.FakeService{}, store, cfg, orgtest.NewOrgServiceFake(), nil, actest.FakeAccessControl{}, &routing.RouteRegisterImpl{}, validator.FakeAnonUserLimitValidator{})
for _, tc := range testCases { for _, tc := range testCases {
err := store.Reset() err := store.Reset()
@ -300,6 +301,7 @@ func TestIntegrationAnonDeviceService_DeviceLimitWithCache(t *testing.T) {
nil, nil,
actest.FakeAccessControl{}, actest.FakeAccessControl{},
&routing.RouteRegisterImpl{}, &routing.RouteRegisterImpl{},
validator.FakeAnonUserLimitValidator{},
) )
// Define test cases // Define test cases

12
pkg/services/anonymous/validator/fake.go Normal file
View File

@ -0,0 +1,12 @@
package validator
import "context"
type FakeAnonUserLimitValidator struct {
}
var _ AnonUserLimitValidator = (*FakeAnonUserLimitValidator)(nil)
func (f FakeAnonUserLimitValidator) Validate(_ context.Context) error {
return nil
}

23
pkg/services/anonymous/validator/service.go Normal file
View File

@ -0,0 +1,23 @@
package validator
import (
"context"
)
type AnonUserLimitValidator interface {
Validate(ctx context.Context) error
}
// AnonUserLimitValidatorImpl is used to validate the limit of Anonymous user
type AnonUserLimitValidatorImpl struct {
}
var _ AnonUserLimitValidator = (*AnonUserLimitValidatorImpl)(nil)
func ProvideAnonUserLimitValidator() *AnonUserLimitValidatorImpl {
return &AnonUserLimitValidatorImpl{}
}
func (a AnonUserLimitValidatorImpl) Validate(_ context.Context) error {
return nil
}