IntenseWebs/grafana
3
0
Fork 0
mirror of https://github.com/grafana/grafana.git synced 2025-02-25 18:55:37 -06:00
Code Issues Packages Projects Releases Wiki Activity

Refactoring of auth middleware, and starting work on account admin

Browse Source
This commit is contained in:
Torkel Ödegaard 2015-01-15 12:16:54 +01:00
parent 67b935188b
commit 5ec07db143
6 changed files with 128 additions and 72 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
pkg/api/admin_accounts.go Normal file
View File

@ -0,0 +1,20 @@
package api
import (
"github.com/torkelo/grafana-pro/pkg/bus"
"github.com/torkelo/grafana-pro/pkg/middleware"
m "github.com/torkelo/grafana-pro/pkg/models"
)
func AdminSearchAccounts(c *middleware.Context) {
// query := c.QueryStrings("q")
// page := c.QueryStrings("p")
query := m.SearchAccountsQuery{Query: "", Page: 0, Limit: 20}
if err := bus.Dispatch(&query); err != nil {
c.JsonApiErr(500, "Failed to fetch collaboratos", err)
return
}
c.JSON(200, query.Result)
}

26
pkg/api/api.go
View File

@ -9,20 +9,21 @@ import (
// Register adds http routes // Register adds http routes
func Register(m *macaron.Macaron) { func Register(m *macaron.Macaron) {
auth := middleware.Auth() reqSignedIn := middleware.Auth(&middleware.AuthOptions{ReqSignedIn: true})
reqAdmin := middleware.Auth(&middleware.AuthOptions{ReqSignedIn: true, ReqAdmin: false})
// not logged in views // not logged in views
m.Get("/", auth, Index) m.Get("/", reqSignedIn, Index)
m.Post("/logout", LogoutPost) m.Post("/logout", LogoutPost)
m.Post("/login", LoginPost) m.Post("/login", LoginPost)
m.Get("/login/:name", OAuthLogin) m.Get("/login/:name", OAuthLogin)
m.Get("/login", Index) m.Get("/login", Index)
// authed views // authed views
m.Get("/account/", auth, Index) m.Get("/account/", reqSignedIn, Index)
m.Get("/account/datasources/", auth, Index) m.Get("/account/datasources/", reqSignedIn, Index)
m.Get("/admin", auth, Index) m.Get("/admin", reqSignedIn, Index)
m.Get("/dashboard/*", auth, Index) m.Get("/dashboard/*", reqSignedIn, Index)
// sign up // sign up
m.Get("/signup", Index) m.Get("/signup", Index)
@ -47,7 +48,7 @@ func Register(m *macaron.Macaron) {
m.Group("/datasources", func() { m.Group("/datasources", func() {
m.Combo("/").Get(GetDataSources).Put(AddDataSource).Post(UpdateDataSource) m.Combo("/").Get(GetDataSources).Put(AddDataSource).Post(UpdateDataSource)
m.Delete("/:id", DeleteDataSource) m.Delete("/:id", DeleteDataSource)
m.Any("/proxy/:id/*", auth, ProxyDataSourceRequest) m.Any("/proxy/:id/*", reqSignedIn, ProxyDataSourceRequest)
}) })
// Dashboard // Dashboard
m.Group("/dashboard", func() { m.Group("/dashboard", func() {
@ -57,11 +58,16 @@ func Register(m *macaron.Macaron) {
// Search // Search
m.Get("/search/", Search) m.Get("/search/", Search)
// metrics // metrics
m.Get("/metrics/test", auth, GetTestMetrics) m.Get("/metrics/test", GetTestMetrics)
}, auth) }, reqSignedIn)
// admin api
m.Group("/api/admin", func() {
m.Get("/accounts", AdminSearchAccounts)
}, reqAdmin)
// rendering // rendering
m.Get("/render/*", auth, RenderToPng) m.Get("/render/*", reqSignedIn, RenderToPng)
m.NotFound(NotFound) m.NotFound(NotFound)
} }

95
pkg/middleware/auth.go
View File

@ -12,27 +12,44 @@ import (
"github.com/torkelo/grafana-pro/pkg/setting" "github.com/torkelo/grafana-pro/pkg/setting"
) )
func authGetRequestAccountId(c *Context) (int64, error) { type AuthOptions struct {
ReqAdmin bool
ReqSignedIn bool
}
func getRequestAccountId(c *Context) (int64, error) {
accountId := c.Session.Get("accountId") accountId := c.Session.Get("accountId")
urlQuery := c.Req.URL.Query() if accountId != nil {
return accountId.(int64), nil
}
// TODO: check that this is a localhost request // localhost render query
urlQuery := c.Req.URL.Query()
if len(urlQuery["render"]) > 0 { if len(urlQuery["render"]) > 0 {
accId, _ := strconv.ParseInt(urlQuery["accountId"][0], 10, 64) accId, _ := strconv.ParseInt(urlQuery["accountId"][0], 10, 64)
c.Session.Set("accountId", accId) c.Session.Set("accountId", accId)
accountId = accId accountId = accId
} }
if accountId == nil { // check api token
if setting.Anonymous { header := c.Req.Header.Get("Authorization")
return setting.AnonymousAccountId, nil parts := strings.SplitN(header, " ", 2)
if len(parts) == 2 || parts[0] == "Bearer" {
token := parts[1]
userQuery := m.GetAccountByTokenQuery{Token: token}
if err := bus.Dispatch(&userQuery); err != nil {
return -1, err
} }
return userQuery.Result.Id, nil
return -1, errors.New("Auth: session account id not found")
} }
return accountId.(int64), nil // anonymous gues user
if setting.Anonymous {
return setting.AnonymousAccountId, nil
}
return -1, errors.New("Auth: session account id not found")
} }
func authDenied(c *Context) { func authDenied(c *Context) {
@ -43,57 +60,17 @@ func authDenied(c *Context) {
c.Redirect(setting.AppSubUrl + "/login") c.Redirect(setting.AppSubUrl + "/login")
} }
func authByToken(c *Context) { func Auth(options *AuthOptions) macaron.Handler {
header := c.Req.Header.Get("Authorization")
parts := strings.SplitN(header, " ", 2)
if len(parts) != 2 || parts[0] != "Bearer" {
return
}
token := parts[1]
userQuery := m.GetAccountByTokenQuery{Token: token}
if err := bus.Dispatch(&userQuery); err != nil {
return
}
usingQuery := m.GetAccountByIdQuery{Id: userQuery.Result.UsingAccountId}
if err := bus.Dispatch(&usingQuery); err != nil {
return
}
c.UserAccount = userQuery.Result
c.Account = usingQuery.Result
}
func authBySession(c *Context) {
accountId, err := authGetRequestAccountId(c)
if err != nil && c.Req.URL.Path != "/login" {
authDenied(c)
return
}
userQuery := m.GetAccountByIdQuery{Id: accountId}
if err := bus.Dispatch(&userQuery); err != nil {
authDenied(c)
return
}
usingQuery := m.GetAccountByIdQuery{Id: userQuery.Result.UsingAccountId}
if err := bus.Dispatch(&usingQuery); err != nil {
authDenied(c)
return
}
c.UserAccount = userQuery.Result
c.Account = usingQuery.Result
}
func Auth() macaron.Handler {
return func(c *Context) { return func(c *Context) {
authByToken(c)
if c.UserAccount == nil { if !c.IsSignedIn && options.ReqSignedIn {
authBySession(c) authDenied(c)
return
}
if !c.IsAdmin && options.ReqAdmin {
authDenied(c)
return
} }
} }
} }

33
pkg/middleware/middleware.go
View File

@ -8,8 +8,9 @@ import (
"github.com/Unknwon/macaron" "github.com/Unknwon/macaron"
"github.com/macaron-contrib/session" "github.com/macaron-contrib/session"
"github.com/torkelo/grafana-pro/pkg/bus"
"github.com/torkelo/grafana-pro/pkg/log" "github.com/torkelo/grafana-pro/pkg/log"
"github.com/torkelo/grafana-pro/pkg/models" m "github.com/torkelo/grafana-pro/pkg/models"
"github.com/torkelo/grafana-pro/pkg/setting" "github.com/torkelo/grafana-pro/pkg/setting"
) )
@ -17,8 +18,11 @@ type Context struct {
*macaron.Context *macaron.Context
Session session.Store Session session.Store
Account *models.Account IsSignedIn bool
UserAccount *models.Account IsAdmin bool
Account *m.Account
UserAccount *m.Account
} }
func (c *Context) GetAccountId() int64 { func (c *Context) GetAccountId() int64 {
@ -32,6 +36,29 @@ func GetContextHandler() macaron.Handler {
Session: sess, Session: sess,
} }
// try get account id from request
if accountId, err := getRequestAccountId(ctx); err == nil {
// fetch user
userQuery := m.GetAccountByIdQuery{Id: accountId}
if err := bus.Dispatch(&userQuery); err != nil {
log.Error(3, "Failed to get user by id, %v, %v", accountId, err)
} else {
// fetch using account
ctx.UserAccount = userQuery.Result
usingQuery := m.GetAccountByIdQuery{Id: ctx.UserAccount.UsingAccountId}
if err := bus.Dispatch(&usingQuery); err != nil {
log.Error(3, "Faild to get account's using account, account: %v, usingAccountId: %v, err:%v", accountId, ctx.UserAccount.Id, err)
} else {
ctx.Account = usingQuery.Result
}
}
}
if ctx.Account != nil {
ctx.IsSignedIn = true
ctx.IsAdmin = ctx.Account.IsAdmin
}
c.Map(ctx) c.Map(ctx)
} }
} }

14
pkg/models/account.go
View File

@ -68,6 +68,14 @@ type GetAccountByLoginQuery struct {
Result *Account Result *Account
} }
type SearchAccountsQuery struct {
Query string
Page int
Limit int
Result []*AccountSearchHitDTO
}
// ------------------------ // ------------------------
// DTO & Projections // DTO & Projections
@ -84,6 +92,12 @@ type CollaboratorDTO struct {
Role string `json:"role"` Role string `json:"role"`
} }
type AccountSearchHitDTO struct {
Id int64 `json:"id"`
Name string `json:"name"`
Email string `json:"email"`
}
type AccountDTO struct { type AccountDTO struct {
Email string `json:"email"` Email string `json:"email"`
Name string `json:"name"` Name string `json:"name"`

12
pkg/stores/sqlstore/accounts.go
View File

@ -19,6 +19,7 @@ func init() {
bus.AddHandler("sql", GetAccountByToken) bus.AddHandler("sql", GetAccountByToken)
bus.AddHandler("sql", AddCollaborator) bus.AddHandler("sql", AddCollaborator)
bus.AddHandler("sql", RemoveCollaborator) bus.AddHandler("sql", RemoveCollaborator)
bus.AddHandler("sql", SearchAccounts)
} }
func CreateAccount(cmd *m.CreateAccountCommand) error { func CreateAccount(cmd *m.CreateAccountCommand) error {
@ -173,3 +174,14 @@ func GetOtherAccounts(query *m.GetOtherAccountsQuery) error {
err := sess.Find(&query.Result) err := sess.Find(&query.Result)
return err return err
} }
func SearchAccounts(query *m.SearchAccountsQuery) error {
query.Result = make([]*m.AccountSearchHitDTO, 0)
sess := x.Table("account")
sess.Where("email LIKE ?", query.Query+"%")
sess.Limit(query.Limit, query.Limit*query.Page)
sess.Cols("id", "email", "name")
err := sess.Find(&query.Result)
return err
}