mirror of
https://github.com/grafana/grafana.git
synced 2024-11-26 19:00:54 -06:00
267 lines
6.5 KiB
Go
267 lines
6.5 KiB
Go
package middleware
|
|
|
|
import (
|
|
"strconv"
|
|
"strings"
|
|
|
|
"gopkg.in/macaron.v1"
|
|
|
|
"github.com/grafana/grafana/pkg/bus"
|
|
"github.com/grafana/grafana/pkg/components/apikeygen"
|
|
"github.com/grafana/grafana/pkg/log"
|
|
l "github.com/grafana/grafana/pkg/login"
|
|
m "github.com/grafana/grafana/pkg/models"
|
|
"github.com/grafana/grafana/pkg/setting"
|
|
"github.com/grafana/grafana/pkg/util"
|
|
"github.com/prometheus/client_golang/prometheus"
|
|
)
|
|
|
|
type Context struct {
|
|
*macaron.Context
|
|
*m.SignedInUser
|
|
|
|
Session SessionStore
|
|
|
|
IsSignedIn bool
|
|
IsRenderCall bool
|
|
AllowAnonymous bool
|
|
Logger log.Logger
|
|
}
|
|
|
|
func GetContextHandler() macaron.Handler {
|
|
return func(c *macaron.Context) {
|
|
ctx := &Context{
|
|
Context: c,
|
|
SignedInUser: &m.SignedInUser{},
|
|
Session: GetSession(),
|
|
IsSignedIn: false,
|
|
AllowAnonymous: false,
|
|
Logger: log.New("context"),
|
|
}
|
|
|
|
orgId := int64(0)
|
|
orgIdHeader := ctx.Req.Header.Get("X-Grafana-Org-Id")
|
|
if orgIdHeader != "" {
|
|
orgId, _ = strconv.ParseInt(orgIdHeader, 10, 64)
|
|
}
|
|
|
|
// the order in which these are tested are important
|
|
// look for api key in Authorization header first
|
|
// then init session and look for userId in session
|
|
// then look for api key in session (special case for render calls via api)
|
|
// then test if anonymous access is enabled
|
|
if initContextWithRenderAuth(ctx) ||
|
|
initContextWithApiKey(ctx) ||
|
|
initContextWithBasicAuth(ctx, orgId) ||
|
|
initContextWithAuthProxy(ctx, orgId) ||
|
|
initContextWithUserSessionCookie(ctx, orgId) ||
|
|
initContextWithAnonymousUser(ctx) {
|
|
}
|
|
|
|
ctx.Logger = log.New("context", "userId", ctx.UserId, "orgId", ctx.OrgId, "uname", ctx.Login)
|
|
ctx.Data["ctx"] = ctx
|
|
|
|
c.Map(ctx)
|
|
|
|
// update last seen at
|
|
// update last seen every 5min
|
|
if ctx.ShouldUpdateLastSeenAt() {
|
|
ctx.Logger.Debug("Updating last user_seen_at", "user_id", ctx.UserId)
|
|
if err := bus.Dispatch(&m.UpdateUserLastSeenAtCommand{UserId: ctx.UserId}); err != nil {
|
|
ctx.Logger.Error("Failed to update last_seen_at", "error", err)
|
|
}
|
|
}
|
|
}
|
|
}
|
|
|
|
func initContextWithAnonymousUser(ctx *Context) bool {
|
|
if !setting.AnonymousEnabled {
|
|
return false
|
|
}
|
|
|
|
orgQuery := m.GetOrgByNameQuery{Name: setting.AnonymousOrgName}
|
|
if err := bus.Dispatch(&orgQuery); err != nil {
|
|
log.Error(3, "Anonymous access organization error: '%s': %s", setting.AnonymousOrgName, err)
|
|
return false
|
|
}
|
|
|
|
ctx.IsSignedIn = false
|
|
ctx.AllowAnonymous = true
|
|
ctx.SignedInUser = &m.SignedInUser{}
|
|
ctx.OrgRole = m.RoleType(setting.AnonymousOrgRole)
|
|
ctx.OrgId = orgQuery.Result.Id
|
|
ctx.OrgName = orgQuery.Result.Name
|
|
return true
|
|
}
|
|
|
|
func initContextWithUserSessionCookie(ctx *Context, orgId int64) bool {
|
|
// initialize session
|
|
if err := ctx.Session.Start(ctx); err != nil {
|
|
ctx.Logger.Error("Failed to start session", "error", err)
|
|
return false
|
|
}
|
|
|
|
var userId int64
|
|
if userId = getRequestUserId(ctx); userId == 0 {
|
|
return false
|
|
}
|
|
|
|
query := m.GetSignedInUserQuery{UserId: userId, OrgId: orgId}
|
|
if err := bus.Dispatch(&query); err != nil {
|
|
ctx.Logger.Error("Failed to get user with id", "userId", userId, "error", err)
|
|
return false
|
|
}
|
|
|
|
ctx.SignedInUser = query.Result
|
|
ctx.IsSignedIn = true
|
|
return true
|
|
}
|
|
|
|
func initContextWithApiKey(ctx *Context) bool {
|
|
var keyString string
|
|
if keyString = getApiKey(ctx); keyString == "" {
|
|
return false
|
|
}
|
|
|
|
// base64 decode key
|
|
decoded, err := apikeygen.Decode(keyString)
|
|
if err != nil {
|
|
ctx.JsonApiErr(401, "Invalid API key", err)
|
|
return true
|
|
}
|
|
|
|
// fetch key
|
|
keyQuery := m.GetApiKeyByNameQuery{KeyName: decoded.Name, OrgId: decoded.OrgId}
|
|
if err := bus.Dispatch(&keyQuery); err != nil {
|
|
ctx.JsonApiErr(401, "Invalid API key", err)
|
|
return true
|
|
}
|
|
|
|
apikey := keyQuery.Result
|
|
|
|
// validate api key
|
|
if !apikeygen.IsValid(decoded, apikey.Key) {
|
|
ctx.JsonApiErr(401, "Invalid API key", err)
|
|
return true
|
|
}
|
|
|
|
ctx.IsSignedIn = true
|
|
ctx.SignedInUser = &m.SignedInUser{}
|
|
ctx.OrgRole = apikey.Role
|
|
ctx.ApiKeyId = apikey.Id
|
|
ctx.OrgId = apikey.OrgId
|
|
return true
|
|
}
|
|
|
|
func initContextWithBasicAuth(ctx *Context, orgId int64) bool {
|
|
|
|
if !setting.BasicAuthEnabled {
|
|
return false
|
|
}
|
|
|
|
header := ctx.Req.Header.Get("Authorization")
|
|
if header == "" {
|
|
return false
|
|
}
|
|
|
|
username, password, err := util.DecodeBasicAuthHeader(header)
|
|
if err != nil {
|
|
ctx.JsonApiErr(401, "Invalid Basic Auth Header", err)
|
|
return true
|
|
}
|
|
|
|
loginQuery := m.GetUserByLoginQuery{LoginOrEmail: username}
|
|
if err := bus.Dispatch(&loginQuery); err != nil {
|
|
ctx.JsonApiErr(401, "Basic auth failed", err)
|
|
return true
|
|
}
|
|
|
|
user := loginQuery.Result
|
|
|
|
loginUserQuery := l.LoginUserQuery{Username: username, Password: password, User: user}
|
|
if err := bus.Dispatch(&loginUserQuery); err != nil {
|
|
ctx.JsonApiErr(401, "Invalid username or password", err)
|
|
return true
|
|
}
|
|
|
|
query := m.GetSignedInUserQuery{UserId: user.Id, OrgId: orgId}
|
|
if err := bus.Dispatch(&query); err != nil {
|
|
ctx.JsonApiErr(401, "Authentication error", err)
|
|
return true
|
|
}
|
|
|
|
ctx.SignedInUser = query.Result
|
|
ctx.IsSignedIn = true
|
|
return true
|
|
}
|
|
|
|
// Handle handles and logs error by given status.
|
|
func (ctx *Context) Handle(status int, title string, err error) {
|
|
if err != nil {
|
|
ctx.Logger.Error(title, "error", err)
|
|
if setting.Env != setting.PROD {
|
|
ctx.Data["ErrorMsg"] = err
|
|
}
|
|
}
|
|
|
|
ctx.Data["Title"] = title
|
|
ctx.Data["AppSubUrl"] = setting.AppSubUrl
|
|
ctx.HTML(status, strconv.Itoa(status))
|
|
}
|
|
|
|
func (ctx *Context) JsonOK(message string) {
|
|
resp := make(map[string]interface{})
|
|
resp["message"] = message
|
|
ctx.JSON(200, resp)
|
|
}
|
|
|
|
func (ctx *Context) IsApiRequest() bool {
|
|
return strings.HasPrefix(ctx.Req.URL.Path, "/api")
|
|
}
|
|
|
|
func (ctx *Context) JsonApiErr(status int, message string, err error) {
|
|
resp := make(map[string]interface{})
|
|
|
|
if err != nil {
|
|
ctx.Logger.Error(message, "error", err)
|
|
if setting.Env != setting.PROD {
|
|
resp["error"] = err.Error()
|
|
}
|
|
}
|
|
|
|
switch status {
|
|
case 404:
|
|
resp["message"] = "Not Found"
|
|
case 500:
|
|
resp["message"] = "Internal Server Error"
|
|
}
|
|
|
|
if message != "" {
|
|
resp["message"] = message
|
|
}
|
|
|
|
ctx.JSON(status, resp)
|
|
}
|
|
|
|
func (ctx *Context) HasUserRole(role m.RoleType) bool {
|
|
return ctx.OrgRole.Includes(role)
|
|
}
|
|
|
|
func (ctx *Context) HasHelpFlag(flag m.HelpFlags1) bool {
|
|
return ctx.HelpFlags1.HasFlag(flag)
|
|
}
|
|
|
|
func (ctx *Context) TimeRequest(timer prometheus.Summary) {
|
|
ctx.Data["perfmon.timer"] = timer
|
|
}
|
|
|
|
func AddDefaultResponseHeaders() macaron.Handler {
|
|
return func(ctx *Context) {
|
|
if ctx.IsApiRequest() && ctx.Req.Method == "GET" {
|
|
ctx.Resp.Header().Add("Cache-Control", "no-cache")
|
|
ctx.Resp.Header().Add("Pragma", "no-cache")
|
|
ctx.Resp.Header().Add("Expires", "-1")
|
|
}
|
|
}
|
|
}
|