Worked a little on anonymous access, needs more work

2025-02-25 18:55:37 -06:00 · 2015-01-07 16:37:24 +01:00
parent 9d629f2780
commit 35326e1d92
6 changed files with 52 additions and 40 deletions
--- a/LICENSE.md
+++ b/LICENSE.md
@@ -0,0 +1,14 @@
+Copyright 2014-2015 Torkel Ödegaard, Raintank Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License"); you
+may not use this file except in compliance with the License. You may
+obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+implied. See the License for the specific language governing
+permissions and limitations under the License.
+
--- a/conf/grafana.dev.ini
+++ b/conf/grafana.dev.ini
@@ -4,23 +4,4 @@ app_mode = development
 router_logging = false
 static_root_path = grafana/src

-[oauth]
-enabled = true
-
-[oauth.github]
-enabled = true
-client_id = de054205006b9baa2e17
-client_secret = 72b7ea52d9f1096fdf36cea95e95362a307e0322
-scopes = user:email
-auth_url = https://github.com/login/oauth/authorize
-token_url = https://github.com/login/oauth/access_token
-
-[oauth.google]
-enabled = true
-client_id = 106011922963-4pvl05e9urtrm8bbqr0vouosj3e8p8kb.apps.googleusercontent.com
-client_secret = K2evIa4QhfbhhAm3SO72t2Zv
-scopes = https://www.googleapis.com/auth/userinfo.profile https://www.googleapis.com/auth/userinfo.email
-auth_url = https://accounts.google.com/o/oauth2/auth
-token_url = https://accounts.google.com/o/oauth2/token
-

--- a/conf/grafana.ini
+++ b/conf/grafana.ini
@@ -34,21 +34,25 @@ session_id_hashfunc = sha1
 ; Session hash key, default is use random string
 session_id_hashkey =

-[oauth]
+[auth]
+anonymous = false
+anonymous_account_id =
+
+[auth.grafana]
 enabled = true

-[oauth.github]
-enabled = true
-client_id = de054205006b9baa2e17
-client_secret = 72b7ea52d9f1096fdf36cea95e95362a307e0322
+[auth.github]
+enabled = false
+client_id = some_id
+client_secret = some_secret
 scopes = user:email
 auth_url = https://github.com/login/oauth/authorize
 token_url = https://github.com/login/oauth/access_token

-[oauth.google]
-enabled = true
-client_id = 106011922963-4pvl05e9urtrm8bbqr0vouosj3e8p8kb.apps.googleusercontent.com
-client_secret = K2evIa4QhfbhhAm3SO72t2Zv
+[auth.google]
+enabled = false
+client_id = some_client_id
+client_secret = some_client_secret
 scopes = https://www.googleapis.com/auth/userinfo.profile https://www.googleapis.com/auth/userinfo.email
 auth_url = https://accounts.google.com/o/oauth2/auth
 token_url = https://accounts.google.com/o/oauth2/token
--- a/pkg/middleware/auth.go
+++ b/pkg/middleware/auth.go
@@ -16,6 +16,8 @@ func authGetRequestAccountId(c *Context, sess session.Store) (int64, error) {
 	accountId := sess.Get("accountId")

 	urlQuery := c.Req.URL.Query()
+
+	// TODO: check that this is a localhost request
 	if len(urlQuery["render"]) > 0 {
 		accId, _ := strconv.ParseInt(urlQuery["accountId"][0], 10, 64)
 		sess.Set("accountId", accId)
@@ -23,6 +25,10 @@ func authGetRequestAccountId(c *Context, sess session.Store) (int64, error) {
 	}

 	if accountId == nil {
+		if setting.Anonymous {
+			return setting.AnonymousAccountId, nil
+		}
+
 		return -1, errors.New("Auth: session account id not found")
 	}

--- a/pkg/setting/setting.go
+++ b/pkg/setting/setting.go
@@ -57,6 +57,10 @@ var (
 	RouterLogging      bool
 	StaticRootPath     string

+	// Http auth
+	Anonymous          bool
+	AnonymousAccountId int64
+
 	// Session settings.
 	SessionOptions session.Options

@@ -161,6 +165,14 @@ func NewConfigContext() {
 	StaticRootPath = Cfg.MustValue("server", "static_root_path", path.Join(WorkDir, "webapp"))
 	RouterLogging = Cfg.MustBool("server", "router_logging", false)

+	// Http auth
+	Anonymous = Cfg.MustBool("auth", "anonymous", false)
+	AnonymousAccountId = Cfg.MustInt64("auth", "anonymous_account_id", 0)
+
+	if Anonymous && AnonymousAccountId == 0 {
+		log.Fatal(3, "Must specify account id for anonymous access")
+	}
+
 	// PhantomJS rendering
 	ImagesDir = "data/png"
 	PhantomDir = "_vendor/phantomjs"
--- a/pkg/social/social.go
+++ b/pkg/social/social.go
@@ -33,24 +33,19 @@ var (
 )

 func NewOAuthService() {
-	if !setting.Cfg.MustBool("oauth", "enabled") {
-		return
-	}
-
 	setting.OAuthService = &setting.OAuther{}
 	setting.OAuthService.OAuthInfos = make(map[string]*setting.OAuthInfo)

-	allOauthes := []string{"github", "google", "twitter"}
+	allOauthes := []string{"github", "google"}

-	// Load all OAuth config data.
 	for _, name := range allOauthes {
 		info := &setting.OAuthInfo{
-			ClientId:     setting.Cfg.MustValue("oauth."+name, "client_id"),
-			ClientSecret: setting.Cfg.MustValue("oauth."+name, "client_secret"),
-			Scopes:       setting.Cfg.MustValueArray("oauth."+name, "scopes", " "),
-			AuthUrl:      setting.Cfg.MustValue("oauth."+name, "auth_url"),
-			TokenUrl:     setting.Cfg.MustValue("oauth."+name, "token_url"),
-			Enabled:      setting.Cfg.MustBool("oauth."+name, "enabled"),
+			ClientId:     setting.Cfg.MustValue("auth."+name, "client_id"),
+			ClientSecret: setting.Cfg.MustValue("auth."+name, "client_secret"),
+			Scopes:       setting.Cfg.MustValueArray("auth."+name, "scopes", " "),
+			AuthUrl:      setting.Cfg.MustValue("auth."+name, "auth_url"),
+			TokenUrl:     setting.Cfg.MustValue("auth."+name, "token_url"),
+			Enabled:      setting.Cfg.MustBool("auth."+name, "enabled"),
 		}

 		if !info.Enabled {