Skip to content
Projects
Groups
Snippets
Help
This project
Loading...
Sign in / Register
Toggle navigation
N
nexpie-grafana-theme
Overview
Overview
Details
Activity
Cycle Analytics
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Charts
Registry
Registry
Issues
0
Issues
0
List
Board
Labels
Milestones
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Charts
Wiki
Wiki
Snippets
Snippets
Members
Collapse sidebar
Close sidebar
Activity
Graph
Charts
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
Kornkitt Poolsup
nexpie-grafana-theme
Commits
5998646d
Commit
5998646d
authored
Jan 23, 2019
by
bergquist
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
restrict session usage to auth_proxy
parent
76612285
Hide whitespace changes
Inline
Side-by-side
Showing
10 changed files
with
37 additions
and
39 deletions
+37
-39
pkg/api/common_test.go
+0
-2
pkg/api/http_server.go
+2
-1
pkg/middleware/auth.go
+0
-11
pkg/middleware/auth_proxy.go
+17
-1
pkg/middleware/middleware.go
+1
-1
pkg/middleware/middleware_test.go
+6
-2
pkg/middleware/recovery_test.go
+1
-2
pkg/middleware/session.go
+9
-17
pkg/models/context.go
+1
-0
pkg/services/session/session.go
+0
-2
No files found.
pkg/api/common_test.go
View file @
5998646d
...
@@ -5,7 +5,6 @@ import (
...
@@ -5,7 +5,6 @@ import (
"net/http/httptest"
"net/http/httptest"
"path/filepath"
"path/filepath"
"github.com/go-macaron/session"
"github.com/grafana/grafana/pkg/bus"
"github.com/grafana/grafana/pkg/bus"
"github.com/grafana/grafana/pkg/middleware"
"github.com/grafana/grafana/pkg/middleware"
m
"github.com/grafana/grafana/pkg/models"
m
"github.com/grafana/grafana/pkg/models"
...
@@ -126,7 +125,6 @@ func setupScenarioContext(url string) *scenarioContext {
...
@@ -126,7 +125,6 @@ func setupScenarioContext(url string) *scenarioContext {
sc
.
userAuthTokenService
=
newFakeUserAuthTokenService
()
sc
.
userAuthTokenService
=
newFakeUserAuthTokenService
()
sc
.
m
.
Use
(
middleware
.
GetContextHandler
(
sc
.
userAuthTokenService
))
sc
.
m
.
Use
(
middleware
.
GetContextHandler
(
sc
.
userAuthTokenService
))
sc
.
m
.
Use
(
middleware
.
Sessioner
(
&
session
.
Options
{},
0
))
return
sc
return
sc
}
}
...
...
pkg/api/http_server.go
View file @
5998646d
...
@@ -26,6 +26,7 @@ import (
...
@@ -26,6 +26,7 @@ import (
"github.com/grafana/grafana/pkg/services/datasources"
"github.com/grafana/grafana/pkg/services/datasources"
"github.com/grafana/grafana/pkg/services/hooks"
"github.com/grafana/grafana/pkg/services/hooks"
"github.com/grafana/grafana/pkg/services/rendering"
"github.com/grafana/grafana/pkg/services/rendering"
"github.com/grafana/grafana/pkg/services/session"
"github.com/grafana/grafana/pkg/setting"
"github.com/grafana/grafana/pkg/setting"
"github.com/prometheus/client_golang/prometheus"
"github.com/prometheus/client_golang/prometheus"
"github.com/prometheus/client_golang/prometheus/promhttp"
"github.com/prometheus/client_golang/prometheus/promhttp"
...
@@ -223,8 +224,8 @@ func (hs *HTTPServer) addMiddlewaresAndStaticRoutes() {
...
@@ -223,8 +224,8 @@ func (hs *HTTPServer) addMiddlewaresAndStaticRoutes() {
m
.
Use
(
hs
.
healthHandler
)
m
.
Use
(
hs
.
healthHandler
)
m
.
Use
(
hs
.
metricsEndpoint
)
m
.
Use
(
hs
.
metricsEndpoint
)
m
.
Use
(
middleware
.
GetContextHandler
(
hs
.
AuthTokenService
))
m
.
Use
(
middleware
.
GetContextHandler
(
hs
.
AuthTokenService
))
m
.
Use
(
middleware
.
Sessioner
(
&
setting
.
SessionOptions
,
setting
.
SessionConnMaxLifetime
))
m
.
Use
(
middleware
.
OrgRedirect
())
m
.
Use
(
middleware
.
OrgRedirect
())
session
.
Init
(
&
setting
.
SessionOptions
,
setting
.
SessionConnMaxLifetime
)
// needs to be after context handler
// needs to be after context handler
if
setting
.
EnforceDomain
{
if
setting
.
EnforceDomain
{
...
...
pkg/middleware/auth.go
View file @
5998646d
...
@@ -7,7 +7,6 @@ import (
...
@@ -7,7 +7,6 @@ import (
"gopkg.in/macaron.v1"
"gopkg.in/macaron.v1"
m
"github.com/grafana/grafana/pkg/models"
m
"github.com/grafana/grafana/pkg/models"
"github.com/grafana/grafana/pkg/services/session"
"github.com/grafana/grafana/pkg/setting"
"github.com/grafana/grafana/pkg/setting"
"github.com/grafana/grafana/pkg/util"
"github.com/grafana/grafana/pkg/util"
)
)
...
@@ -17,16 +16,6 @@ type AuthOptions struct {
...
@@ -17,16 +16,6 @@ type AuthOptions struct {
ReqSignedIn
bool
ReqSignedIn
bool
}
}
func
getRequestUserId
(
c
*
m
.
ReqContext
)
int64
{
userID
:=
c
.
Session
.
Get
(
session
.
SESS_KEY_USERID
)
if
userID
!=
nil
{
return
userID
.
(
int64
)
}
return
0
}
func
getApiKey
(
c
*
m
.
ReqContext
)
string
{
func
getApiKey
(
c
*
m
.
ReqContext
)
string
{
header
:=
c
.
Req
.
Header
.
Get
(
"Authorization"
)
header
:=
c
.
Req
.
Header
.
Get
(
"Authorization"
)
parts
:=
strings
.
SplitN
(
header
,
" "
,
2
)
parts
:=
strings
.
SplitN
(
header
,
" "
,
2
)
...
...
pkg/middleware/auth_proxy.go
View file @
5998646d
...
@@ -16,7 +16,9 @@ import (
...
@@ -16,7 +16,9 @@ import (
"github.com/grafana/grafana/pkg/setting"
"github.com/grafana/grafana/pkg/setting"
)
)
var
AUTH_PROXY_SESSION_VAR
=
"authProxyHeaderValue"
var
(
AUTH_PROXY_SESSION_VAR
=
"authProxyHeaderValue"
)
func
initContextWithAuthProxy
(
ctx
*
m
.
ReqContext
,
orgID
int64
)
bool
{
func
initContextWithAuthProxy
(
ctx
*
m
.
ReqContext
,
orgID
int64
)
bool
{
if
!
setting
.
AuthProxyEnabled
{
if
!
setting
.
AuthProxyEnabled
{
...
@@ -161,6 +163,10 @@ func initContextWithAuthProxy(ctx *m.ReqContext, orgID int64) bool {
...
@@ -161,6 +163,10 @@ func initContextWithAuthProxy(ctx *m.ReqContext, orgID int64) bool {
ctx
.
IsSignedIn
=
true
ctx
.
IsSignedIn
=
true
ctx
.
Session
.
Set
(
session
.
SESS_KEY_USERID
,
ctx
.
UserId
)
ctx
.
Session
.
Set
(
session
.
SESS_KEY_USERID
,
ctx
.
UserId
)
if
err
:=
ctx
.
Session
.
Release
();
err
!=
nil
{
ctx
.
Logger
.
Error
(
"failed to save session data"
,
"error"
,
err
)
}
return
true
return
true
}
}
...
@@ -192,6 +198,16 @@ var syncGrafanaUserWithLdapUser = func(query *m.LoginUserQuery) error {
...
@@ -192,6 +198,16 @@ var syncGrafanaUserWithLdapUser = func(query *m.LoginUserQuery) error {
return
nil
return
nil
}
}
func
getRequestUserId
(
c
*
m
.
ReqContext
)
int64
{
userID
:=
c
.
Session
.
Get
(
session
.
SESS_KEY_USERID
)
if
userID
!=
nil
{
return
userID
.
(
int64
)
}
return
0
}
func
checkAuthenticationProxy
(
remoteAddr
string
,
proxyHeaderValue
string
)
error
{
func
checkAuthenticationProxy
(
remoteAddr
string
,
proxyHeaderValue
string
)
error
{
if
len
(
strings
.
TrimSpace
(
setting
.
AuthProxyWhitelist
))
==
0
{
if
len
(
strings
.
TrimSpace
(
setting
.
AuthProxyWhitelist
))
==
0
{
return
nil
return
nil
...
...
pkg/middleware/middleware.go
View file @
5998646d
...
@@ -26,7 +26,7 @@ func GetContextHandler(ats auth.UserAuthTokenService) macaron.Handler {
...
@@ -26,7 +26,7 @@ func GetContextHandler(ats auth.UserAuthTokenService) macaron.Handler {
ctx
:=
&
m
.
ReqContext
{
ctx
:=
&
m
.
ReqContext
{
Context
:
c
,
Context
:
c
,
SignedInUser
:
&
m
.
SignedInUser
{},
SignedInUser
:
&
m
.
SignedInUser
{},
Session
:
session
.
GetSession
(),
Session
:
session
.
GetSession
(),
// should only be used by auth_proxy
IsSignedIn
:
false
,
IsSignedIn
:
false
,
AllowAnonymous
:
false
,
AllowAnonymous
:
false
,
SkipCache
:
false
,
SkipCache
:
false
,
...
...
pkg/middleware/middleware_test.go
View file @
5998646d
...
@@ -7,7 +7,7 @@ import (
...
@@ -7,7 +7,7 @@ import (
"path/filepath"
"path/filepath"
"testing"
"testing"
ms
"github.com/go-macaron/session"
ms
ession
"github.com/go-macaron/session"
"github.com/grafana/grafana/pkg/bus"
"github.com/grafana/grafana/pkg/bus"
m
"github.com/grafana/grafana/pkg/models"
m
"github.com/grafana/grafana/pkg/models"
"github.com/grafana/grafana/pkg/services/session"
"github.com/grafana/grafana/pkg/services/session"
...
@@ -201,6 +201,7 @@ func TestMiddlewareContext(t *testing.T) {
...
@@ -201,6 +201,7 @@ func TestMiddlewareContext(t *testing.T) {
return
nil
return
nil
})
})
setting
.
SessionOptions
=
msession
.
Options
{}
sc
.
fakeReq
(
"GET"
,
"/"
)
sc
.
fakeReq
(
"GET"
,
"/"
)
sc
.
req
.
Header
.
Add
(
"X-WEBAUTH-USER"
,
"torkelo"
)
sc
.
req
.
Header
.
Add
(
"X-WEBAUTH-USER"
,
"torkelo"
)
sc
.
exec
()
sc
.
exec
()
...
@@ -469,6 +470,7 @@ func middlewareScenario(desc string, fn scenarioFunc) {
...
@@ -469,6 +470,7 @@ func middlewareScenario(desc string, fn scenarioFunc) {
defer
bus
.
ClearBusHandlers
()
defer
bus
.
ClearBusHandlers
()
sc
:=
&
scenarioContext
{}
sc
:=
&
scenarioContext
{}
viewsPath
,
_
:=
filepath
.
Abs
(
"../../public/views"
)
viewsPath
,
_
:=
filepath
.
Abs
(
"../../public/views"
)
sc
.
m
=
macaron
.
New
()
sc
.
m
=
macaron
.
New
()
...
@@ -477,11 +479,13 @@ func middlewareScenario(desc string, fn scenarioFunc) {
...
@@ -477,11 +479,13 @@ func middlewareScenario(desc string, fn scenarioFunc) {
Delims
:
macaron
.
Delims
{
Left
:
"[["
,
Right
:
"]]"
},
Delims
:
macaron
.
Delims
{
Left
:
"[["
,
Right
:
"]]"
},
}))
}))
session
.
Init
(
&
msession
.
Options
{},
0
)
sc
.
userAuthTokenService
=
newFakeUserAuthTokenService
()
sc
.
userAuthTokenService
=
newFakeUserAuthTokenService
()
sc
.
m
.
Use
(
GetContextHandler
(
sc
.
userAuthTokenService
))
sc
.
m
.
Use
(
GetContextHandler
(
sc
.
userAuthTokenService
))
// mock out gc goroutine
// mock out gc goroutine
session
.
StartSessionGC
=
func
()
{}
session
.
StartSessionGC
=
func
()
{}
sc
.
m
.
Use
(
Sessioner
(
&
ms
.
Options
{},
0
))
setting
.
SessionOptions
=
msession
.
Options
{}
sc
.
m
.
Use
(
OrgRedirect
())
sc
.
m
.
Use
(
OrgRedirect
())
sc
.
m
.
Use
(
AddDefaultResponseHeaders
())
sc
.
m
.
Use
(
AddDefaultResponseHeaders
())
...
...
pkg/middleware/recovery_test.go
View file @
5998646d
...
@@ -4,7 +4,6 @@ import (
...
@@ -4,7 +4,6 @@ import (
"path/filepath"
"path/filepath"
"testing"
"testing"
ms
"github.com/go-macaron/session"
"github.com/grafana/grafana/pkg/bus"
"github.com/grafana/grafana/pkg/bus"
m
"github.com/grafana/grafana/pkg/models"
m
"github.com/grafana/grafana/pkg/models"
"github.com/grafana/grafana/pkg/services/session"
"github.com/grafana/grafana/pkg/services/session"
...
@@ -68,7 +67,7 @@ func recoveryScenario(desc string, url string, fn scenarioFunc) {
...
@@ -68,7 +67,7 @@ func recoveryScenario(desc string, url string, fn scenarioFunc) {
sc
.
m
.
Use
(
GetContextHandler
(
sc
.
userAuthTokenService
))
sc
.
m
.
Use
(
GetContextHandler
(
sc
.
userAuthTokenService
))
// mock out gc goroutine
// mock out gc goroutine
session
.
StartSessionGC
=
func
()
{}
session
.
StartSessionGC
=
func
()
{}
sc
.
m
.
Use
(
Sessioner
(
&
ms
.
Options
{},
0
))
//
sc.m.Use(Sessioner(&ms.Options{}, 0))
sc
.
m
.
Use
(
OrgRedirect
())
sc
.
m
.
Use
(
OrgRedirect
())
sc
.
m
.
Use
(
AddDefaultResponseHeaders
())
sc
.
m
.
Use
(
AddDefaultResponseHeaders
())
...
...
pkg/middleware/session.go
View file @
5998646d
package
middleware
package
middleware
import
(
// func Sessioner(options *ms.Options, sessionConnMaxLifetime int64) macaron.Handler {
ms
"github.com/go-macaron/session"
// session.Init(options, sessionConnMaxLifetime)
"gopkg.in/macaron.v1"
m
"github.com/grafana/grafana/pkg/models"
// return func(ctx *m.ReqContext) {
"github.com/grafana/grafana/pkg/services/session"
// ctx.Next()
)
func
Sessioner
(
options
*
ms
.
Options
,
sessionConnMaxLifetime
int64
)
macaron
.
Handler
{
// if err := ctx.Session.Release(); err != nil {
session
.
Init
(
options
,
sessionConnMaxLifetime
)
// panic("session(release): " + err.Error())
// }
return
func
(
ctx
*
m
.
ReqContext
)
{
// }
ctx
.
Next
()
// }
if
err
:=
ctx
.
Session
.
Release
();
err
!=
nil
{
panic
(
"session(release): "
+
err
.
Error
())
}
}
}
pkg/models/context.go
View file @
5998646d
...
@@ -14,6 +14,7 @@ type ReqContext struct {
...
@@ -14,6 +14,7 @@ type ReqContext struct {
*
macaron
.
Context
*
macaron
.
Context
*
SignedInUser
*
SignedInUser
// This should only be used by the auth_proxy
Session
session
.
SessionStore
Session
session
.
SessionStore
IsSignedIn
bool
IsSignedIn
bool
...
...
pkg/services/session/session.go
View file @
5998646d
...
@@ -14,8 +14,6 @@ import (
...
@@ -14,8 +14,6 @@ import (
const
(
const
(
SESS_KEY_USERID
=
"uid"
SESS_KEY_USERID
=
"uid"
SESS_KEY_OAUTH_STATE
=
"state"
SESS_KEY_APIKEY
=
"apikey_id"
// used for render requests with api keys
SESS_KEY_LASTLDAPSYNC
=
"last_ldap_sync"
SESS_KEY_LASTLDAPSYNC
=
"last_ldap_sync"
)
)
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment