IntenseWebs/grafana
3
0
Fork 0
mirror of https://github.com/grafana/grafana.git synced 2024-12-01 21:19:28 -06:00
Code Issues Packages Projects Releases Wiki Activity
7ce1254913
grafana/pkg/services/authn/clients/render.go
Karl Persson 0fa983ad8e
AuthN: Use typed namespace id inside authn package (#86048) 
* authn: Use typed namespace id inside package
2024-04-24 09:57:34 +02:00

84 lines
2.1 KiB
Go
Raw Blame History

package clients
import (
"context"
"time"
"github.com/grafana/grafana/pkg/services/authn"
"github.com/grafana/grafana/pkg/services/login"
"github.com/grafana/grafana/pkg/services/org"
"github.com/grafana/grafana/pkg/services/rendering"
"github.com/grafana/grafana/pkg/util/errutil"
)
var (
errInvalidRenderKey = errutil.Unauthorized("render-auth.invalid-key", errutil.WithPublicMessage("Invalid Render Key"))
)
const (
renderCookieName = "renderKey"
)
var _ authn.ContextAwareClient = new(Render)
func ProvideRender(renderService rendering.Service) *Render {
return &Render{renderService}
}
type Render struct {
renderService rendering.Service
}
func (c *Render) Name() string {
return authn.ClientRender
}
func (c *Render) Authenticate(ctx context.Context, r *authn.Request) (*authn.Identity, error) {
key := getRenderKey(r)
renderUsr, ok := c.renderService.GetRenderUser(ctx, key)
if !ok {
return nil, errInvalidRenderKey.Errorf("found no render user for key: %s", key)
}
if renderUsr.UserID <= 0 {
return &authn.Identity{
ID: authn.NewNamespaceIDUnchecked(authn.NamespaceRenderService, 0),
OrgID: renderUsr.OrgID,
OrgRoles: map[int64]org.RoleType{renderUsr.OrgID: org.RoleType(renderUsr.OrgRole)},
ClientParams: authn.ClientParams{SyncPermissions: true},
LastSeenAt: time.Now(),
AuthenticatedBy: login.RenderModule,
}, nil
}
return &authn.Identity{
ID: authn.NewNamespaceIDUnchecked(authn.NamespaceUser, renderUsr.UserID),
LastSeenAt: time.Now(),
AuthenticatedBy: login.RenderModule,
ClientParams: authn.ClientParams{FetchSyncedUser: true, SyncPermissions: true},
}, nil
}
func (c *Render) IsEnabled() bool {
return true
}
func (c *Render) Test(ctx context.Context, r *authn.Request) bool {
if r.HTTPRequest == nil {
return false
}
return getRenderKey(r) != ""
}
func (c *Render) Priority() uint {
return 10
}
func getRenderKey(r *authn.Request) string {
cookie, err := r.HTTPRequest.Cookie(renderCookieName)
if err != nil {
return ""
}
return cookie.Value
}
Reference in New Issue View Git Blame Copy Permalink