IntenseWebs/grafana
3
0
Fork 0
mirror of https://github.com/grafana/grafana.git synced 2025-02-11 16:15:42 -06:00
Code Issues Packages Projects Releases Wiki Activity
6c5a573772
grafana/pkg/services/authn/clients/render.go
Karl Persson 95ea4bad6f
AuthN: Rebuild Authenticate so we only have to call it once in context handler (#61705) 
* API: Add reqSignedIn to router groups

* AuthN: Add fall through in context handler

* AuthN: Add IsAnonymous field

* AuthN: add priority to context aware clients

* ContextHandler: Add comment

* AuthN: Add a simple priority queue

* AuthN: Add Name to client interface

* AuthN: register clients with function

* AuthN: update mock and fake to implement interface

* AuthN: rewrite test without reflection

* AuthN: add comment

* AuthN: fix queue insert

* AuthN: rewrite tests

* AuthN: make the queue generic so we can reuse it for hooks

* ContextHandler: Add fixme for auth headers

* AuthN: remove unused variable

* AuthN: use multierror

* AuthN: write proper tests for queue

* AuthN: Add queue item that can store the value and priority

Co-authored-by: Jo <joao.guerreiro@grafana.com>
2023-01-26 10:50:44 +01:00

84 lines
2.1 KiB
Go
Raw Blame History

package clients
import (
"context"
"time"
"github.com/grafana/grafana/pkg/services/authn"
"github.com/grafana/grafana/pkg/services/login"
"github.com/grafana/grafana/pkg/services/org"
"github.com/grafana/grafana/pkg/services/rendering"
"github.com/grafana/grafana/pkg/services/user"
"github.com/grafana/grafana/pkg/util/errutil"
)
var (
ErrInvalidRenderKey = errutil.NewBase(errutil.StatusUnauthorized, "render-auth.invalid-key", errutil.WithPublicMessage("Invalid Render Key"))
)
const (
renderCookieName = "renderKey"
)
var _ authn.ContextAwareClient = new(Render)
func ProvideRender(userService user.Service, renderService rendering.Service) *Render {
return &Render{userService, renderService}
}
type Render struct {
userService user.Service
renderService rendering.Service
}
func (c *Render) Name() string {
return authn.ClientRender
}
func (c *Render) Authenticate(ctx context.Context, r *authn.Request) (*authn.Identity, error) {
key := getRenderKey(r)
renderUsr, ok := c.renderService.GetRenderUser(ctx, key)
if !ok {
return nil, ErrInvalidRenderKey.Errorf("found no render user for key: %s", key)
}
var identity *authn.Identity
if renderUsr.UserID <= 0 {
identity = &authn.Identity{
ID: authn.NamespacedID(authn.NamespaceUser, 0),
OrgID: renderUsr.OrgID,
OrgRoles: map[int64]org.RoleType{renderUsr.OrgID: org.RoleType(renderUsr.OrgRole)},
}
} else {
usr, err := c.userService.GetSignedInUserWithCacheCtx(ctx, &user.GetSignedInUserQuery{UserID: renderUsr.UserID, OrgID: renderUsr.OrgID})
if err != nil {
return nil, err
}
identity = authn.IdentityFromSignedInUser(authn.NamespacedID(authn.NamespaceUser, usr.UserID), usr, authn.ClientParams{})
}
identity.LastSeenAt = time.Now()
identity.AuthModule = login.RenderModule
return identity, nil
}
func (c *Render) Test(ctx context.Context, r *authn.Request) bool {
if r.HTTPRequest == nil {
return false
}
return getRenderKey(r) != ""
}
func (c *Render) Priority() uint {
return 10
}
func getRenderKey(r *authn.Request) string {
cookie, err := r.HTTPRequest.Cookie(renderCookieName)
if err != nil {
return ""
}
return cookie.Value
}
Reference in New Issue View Git Blame Copy Permalink