mirror of
https://github.com/grafana/grafana.git
synced 2025-02-25 18:55:37 -06:00
Refactoring of auth middleware, and starting work on account admin
This commit is contained in:
Torkel Ödegaard
parent
67b935188b
commit
5ec07db143
20
pkg/api/admin_accounts.go
Normal file
20
pkg/api/admin_accounts.go
Normal file
@ -0,0 +1,20 @@
|
||||
package api
|
||||
|
||||
import (
|
||||
"github.com/torkelo/grafana-pro/pkg/bus"
|
||||
"github.com/torkelo/grafana-pro/pkg/middleware"
|
||||
m "github.com/torkelo/grafana-pro/pkg/models"
|
||||
)
|
||||
|
||||
func AdminSearchAccounts(c *middleware.Context) {
|
||||
// query := c.QueryStrings("q")
|
||||
// page := c.QueryStrings("p")
|
||||
|
||||
query := m.SearchAccountsQuery{Query: "", Page: 0, Limit: 20}
|
||||
if err := bus.Dispatch(&query); err != nil {
|
||||
c.JsonApiErr(500, "Failed to fetch collaboratos", err)
|
||||
return
|
||||
}
|
||||
|
||||
c.JSON(200, query.Result)
|
||||
}
|
||||
@ -9,20 +9,21 @@ import (
|
||||
|
||||
// Register adds http routes
|
||||
func Register(m *macaron.Macaron) {
|
||||
auth := middleware.Auth()
|
||||
reqSignedIn := middleware.Auth(&middleware.AuthOptions{ReqSignedIn: true})
|
||||
reqAdmin := middleware.Auth(&middleware.AuthOptions{ReqSignedIn: true, ReqAdmin: false})
|
||||
|
||||
// not logged in views
|
||||
m.Get("/", auth, Index)
|
||||
m.Get("/", reqSignedIn, Index)
|
||||
m.Post("/logout", LogoutPost)
|
||||
m.Post("/login", LoginPost)
|
||||
m.Get("/login/:name", OAuthLogin)
|
||||
m.Get("/login", Index)
|
||||
|
||||
// authed views
|
||||
m.Get("/account/", auth, Index)
|
||||
m.Get("/account/datasources/", auth, Index)
|
||||
m.Get("/admin", auth, Index)
|
||||
m.Get("/dashboard/*", auth, Index)
|
||||
m.Get("/account/", reqSignedIn, Index)
|
||||
m.Get("/account/datasources/", reqSignedIn, Index)
|
||||
m.Get("/admin", reqSignedIn, Index)
|
||||
m.Get("/dashboard/*", reqSignedIn, Index)
|
||||
|
||||
// sign up
|
||||
m.Get("/signup", Index)
|
||||
@ -47,7 +48,7 @@ func Register(m *macaron.Macaron) {
|
||||
m.Group("/datasources", func() {
|
||||
m.Combo("/").Get(GetDataSources).Put(AddDataSource).Post(UpdateDataSource)
|
||||
m.Delete("/:id", DeleteDataSource)
|
||||
m.Any("/proxy/:id/*", auth, ProxyDataSourceRequest)
|
||||
m.Any("/proxy/:id/*", reqSignedIn, ProxyDataSourceRequest)
|
||||
})
|
||||
// Dashboard
|
||||
m.Group("/dashboard", func() {
|
||||
@ -57,11 +58,16 @@ func Register(m *macaron.Macaron) {
|
||||
// Search
|
||||
m.Get("/search/", Search)
|
||||
// metrics
|
||||
m.Get("/metrics/test", auth, GetTestMetrics)
|
||||
}, auth)
|
||||
m.Get("/metrics/test", GetTestMetrics)
|
||||
}, reqSignedIn)
|
||||
|
||||
// admin api
|
||||
m.Group("/api/admin", func() {
|
||||
m.Get("/accounts", AdminSearchAccounts)
|
||||
}, reqAdmin)
|
||||
|
||||
// rendering
|
||||
m.Get("/render/*", auth, RenderToPng)
|
||||
m.Get("/render/*", reqSignedIn, RenderToPng)
|
||||
|
||||
m.NotFound(NotFound)
|
||||
}
|
||||
|
||||
@ -12,27 +12,44 @@ import (
|
||||
"github.com/torkelo/grafana-pro/pkg/setting"
|
||||
)
|
||||
|
||||
func authGetRequestAccountId(c *Context) (int64, error) {
|
||||
type AuthOptions struct {
|
||||
ReqAdmin bool
|
||||
ReqSignedIn bool
|
||||
}
|
||||
|
||||
func getRequestAccountId(c *Context) (int64, error) {
|
||||
accountId := c.Session.Get("accountId")
|
||||
|
||||
urlQuery := c.Req.URL.Query()
|
||||
if accountId != nil {
|
||||
return accountId.(int64), nil
|
||||
}
|
||||
|
||||
// TODO: check that this is a localhost request
|
||||
// localhost render query
|
||||
urlQuery := c.Req.URL.Query()
|
||||
if len(urlQuery["render"]) > 0 {
|
||||
accId, _ := strconv.ParseInt(urlQuery["accountId"][0], 10, 64)
|
||||
c.Session.Set("accountId", accId)
|
||||
accountId = accId
|
||||
}
|
||||
|
||||
if accountId == nil {
|
||||
if setting.Anonymous {
|
||||
return setting.AnonymousAccountId, nil
|
||||
// check api token
|
||||
header := c.Req.Header.Get("Authorization")
|
||||
parts := strings.SplitN(header, " ", 2)
|
||||
if len(parts) == 2 || parts[0] == "Bearer" {
|
||||
token := parts[1]
|
||||
userQuery := m.GetAccountByTokenQuery{Token: token}
|
||||
if err := bus.Dispatch(&userQuery); err != nil {
|
||||
return -1, err
|
||||
}
|
||||
|
||||
return -1, errors.New("Auth: session account id not found")
|
||||
return userQuery.Result.Id, nil
|
||||
}
|
||||
|
||||
return accountId.(int64), nil
|
||||
// anonymous gues user
|
||||
if setting.Anonymous {
|
||||
return setting.AnonymousAccountId, nil
|
||||
}
|
||||
|
||||
return -1, errors.New("Auth: session account id not found")
|
||||
}
|
||||
|
||||
func authDenied(c *Context) {
|
||||
@ -43,57 +60,17 @@ func authDenied(c *Context) {
|
||||
c.Redirect(setting.AppSubUrl + "/login")
|
||||
}
|
||||
|
||||
func authByToken(c *Context) {
|
||||
header := c.Req.Header.Get("Authorization")
|
||||
parts := strings.SplitN(header, " ", 2)
|
||||
if len(parts) != 2 || parts[0] != "Bearer" {
|
||||
return
|
||||
}
|
||||
token := parts[1]
|
||||
userQuery := m.GetAccountByTokenQuery{Token: token}
|
||||
|
||||
if err := bus.Dispatch(&userQuery); err != nil {
|
||||
return
|
||||
}
|
||||
|
||||
usingQuery := m.GetAccountByIdQuery{Id: userQuery.Result.UsingAccountId}
|
||||
if err := bus.Dispatch(&usingQuery); err != nil {
|
||||
return
|
||||
}
|
||||
|
||||
c.UserAccount = userQuery.Result
|
||||
c.Account = usingQuery.Result
|
||||
}
|
||||
|
||||
func authBySession(c *Context) {
|
||||
accountId, err := authGetRequestAccountId(c)
|
||||
|
||||
if err != nil && c.Req.URL.Path != "/login" {
|
||||
authDenied(c)
|
||||
return
|
||||
}
|
||||
|
||||
userQuery := m.GetAccountByIdQuery{Id: accountId}
|
||||
if err := bus.Dispatch(&userQuery); err != nil {
|
||||
authDenied(c)
|
||||
return
|
||||
}
|
||||
|
||||
usingQuery := m.GetAccountByIdQuery{Id: userQuery.Result.UsingAccountId}
|
||||
if err := bus.Dispatch(&usingQuery); err != nil {
|
||||
authDenied(c)
|
||||
return
|
||||
}
|
||||
|
||||
c.UserAccount = userQuery.Result
|
||||
c.Account = usingQuery.Result
|
||||
}
|
||||
|
||||
func Auth() macaron.Handler {
|
||||
func Auth(options *AuthOptions) macaron.Handler {
|
||||
return func(c *Context) {
|
||||
authByToken(c)
|
||||
if c.UserAccount == nil {
|
||||
authBySession(c)
|
||||
|
||||
if !c.IsSignedIn && options.ReqSignedIn {
|
||||
authDenied(c)
|
||||
return
|
||||
}
|
||||
|
||||
if !c.IsAdmin && options.ReqAdmin {
|
||||
authDenied(c)
|
||||
return
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
@ -8,8 +8,9 @@ import (
|
||||
"github.com/Unknwon/macaron"
|
||||
"github.com/macaron-contrib/session"
|
||||
|
||||
"github.com/torkelo/grafana-pro/pkg/bus"
|
||||
"github.com/torkelo/grafana-pro/pkg/log"
|
||||
"github.com/torkelo/grafana-pro/pkg/models"
|
||||
m "github.com/torkelo/grafana-pro/pkg/models"
|
||||
"github.com/torkelo/grafana-pro/pkg/setting"
|
||||
)
|
||||
|
||||
@ -17,8 +18,11 @@ type Context struct {
|
||||
*macaron.Context
|
||||
Session session.Store
|
||||
|
||||
Account *models.Account
|
||||
UserAccount *models.Account
|
||||
IsSignedIn bool
|
||||
IsAdmin bool
|
||||
|
||||
Account *m.Account
|
||||
UserAccount *m.Account
|
||||
}
|
||||
|
||||
func (c *Context) GetAccountId() int64 {
|
||||
@ -32,6 +36,29 @@ func GetContextHandler() macaron.Handler {
|
||||
Session: sess,
|
||||
}
|
||||
|
||||
// try get account id from request
|
||||
if accountId, err := getRequestAccountId(ctx); err == nil {
|
||||
// fetch user
|
||||
userQuery := m.GetAccountByIdQuery{Id: accountId}
|
||||
if err := bus.Dispatch(&userQuery); err != nil {
|
||||
log.Error(3, "Failed to get user by id, %v, %v", accountId, err)
|
||||
} else {
|
||||
// fetch using account
|
||||
ctx.UserAccount = userQuery.Result
|
||||
usingQuery := m.GetAccountByIdQuery{Id: ctx.UserAccount.UsingAccountId}
|
||||
if err := bus.Dispatch(&usingQuery); err != nil {
|
||||
log.Error(3, "Faild to get account's using account, account: %v, usingAccountId: %v, err:%v", accountId, ctx.UserAccount.Id, err)
|
||||
} else {
|
||||
ctx.Account = usingQuery.Result
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
if ctx.Account != nil {
|
||||
ctx.IsSignedIn = true
|
||||
ctx.IsAdmin = ctx.Account.IsAdmin
|
||||
}
|
||||
|
||||
c.Map(ctx)
|
||||
}
|
||||
}
|
||||
|
||||
@ -68,6 +68,14 @@ type GetAccountByLoginQuery struct {
|
||||
Result *Account
|
||||
}
|
||||
|
||||
type SearchAccountsQuery struct {
|
||||
Query string
|
||||
Page int
|
||||
Limit int
|
||||
|
||||
Result []*AccountSearchHitDTO
|
||||
}
|
||||
|
||||
// ------------------------
|
||||
// DTO & Projections
|
||||
|
||||
@ -84,6 +92,12 @@ type CollaboratorDTO struct {
|
||||
Role string `json:"role"`
|
||||
}
|
||||
|
||||
type AccountSearchHitDTO struct {
|
||||
Id int64 `json:"id"`
|
||||
Name string `json:"name"`
|
||||
Email string `json:"email"`
|
||||
}
|
||||
|
||||
type AccountDTO struct {
|
||||
Email string `json:"email"`
|
||||
Name string `json:"name"`
|
||||
|
||||
@ -19,6 +19,7 @@ func init() {
|
||||
bus.AddHandler("sql", GetAccountByToken)
|
||||
bus.AddHandler("sql", AddCollaborator)
|
||||
bus.AddHandler("sql", RemoveCollaborator)
|
||||
bus.AddHandler("sql", SearchAccounts)
|
||||
}
|
||||
|
||||
func CreateAccount(cmd *m.CreateAccountCommand) error {
|
||||
@ -173,3 +174,14 @@ func GetOtherAccounts(query *m.GetOtherAccountsQuery) error {
|
||||
err := sess.Find(&query.Result)
|
||||
return err
|
||||
}
|
||||
|
||||
func SearchAccounts(query *m.SearchAccountsQuery) error {
|
||||
query.Result = make([]*m.AccountSearchHitDTO, 0)
|
||||
sess := x.Table("account")
|
||||
sess.Where("email LIKE ?", query.Query+"%")
|
||||
sess.Limit(query.Limit, query.Limit*query.Page)
|
||||
sess.Cols("id", "email", "name")
|
||||
err := sess.Find(&query.Result)
|
||||
return err
|
||||
|
||||
}
|
||||
|
||||
Loading…
Reference in New Issue
Block a user