Commit 5ec07db1 by Torkel Ödegaard

Refactoring of auth middleware, and starting work on account admin

parent 67b93518
package api
import (
"github.com/torkelo/grafana-pro/pkg/bus"
"github.com/torkelo/grafana-pro/pkg/middleware"
m "github.com/torkelo/grafana-pro/pkg/models"
)
func AdminSearchAccounts(c *middleware.Context) {
// query := c.QueryStrings("q")
// page := c.QueryStrings("p")
query := m.SearchAccountsQuery{Query: "", Page: 0, Limit: 20}
if err := bus.Dispatch(&query); err != nil {
c.JsonApiErr(500, "Failed to fetch collaboratos", err)
return
}
c.JSON(200, query.Result)
}
......@@ -9,20 +9,21 @@ import (
// Register adds http routes
func Register(m *macaron.Macaron) {
auth := middleware.Auth()
reqSignedIn := middleware.Auth(&middleware.AuthOptions{ReqSignedIn: true})
reqAdmin := middleware.Auth(&middleware.AuthOptions{ReqSignedIn: true, ReqAdmin: false})
// not logged in views
m.Get("/", auth, Index)
m.Get("/", reqSignedIn, Index)
m.Post("/logout", LogoutPost)
m.Post("/login", LoginPost)
m.Get("/login/:name", OAuthLogin)
m.Get("/login", Index)
// authed views
m.Get("/account/", auth, Index)
m.Get("/account/datasources/", auth, Index)
m.Get("/admin", auth, Index)
m.Get("/dashboard/*", auth, Index)
m.Get("/account/", reqSignedIn, Index)
m.Get("/account/datasources/", reqSignedIn, Index)
m.Get("/admin", reqSignedIn, Index)
m.Get("/dashboard/*", reqSignedIn, Index)
// sign up
m.Get("/signup", Index)
......@@ -47,7 +48,7 @@ func Register(m *macaron.Macaron) {
m.Group("/datasources", func() {
m.Combo("/").Get(GetDataSources).Put(AddDataSource).Post(UpdateDataSource)
m.Delete("/:id", DeleteDataSource)
m.Any("/proxy/:id/*", auth, ProxyDataSourceRequest)
m.Any("/proxy/:id/*", reqSignedIn, ProxyDataSourceRequest)
})
// Dashboard
m.Group("/dashboard", func() {
......@@ -57,11 +58,16 @@ func Register(m *macaron.Macaron) {
// Search
m.Get("/search/", Search)
// metrics
m.Get("/metrics/test", auth, GetTestMetrics)
}, auth)
m.Get("/metrics/test", GetTestMetrics)
}, reqSignedIn)
// admin api
m.Group("/api/admin", func() {
m.Get("/accounts", AdminSearchAccounts)
}, reqAdmin)
// rendering
m.Get("/render/*", auth, RenderToPng)
m.Get("/render/*", reqSignedIn, RenderToPng)
m.NotFound(NotFound)
}
......
......@@ -12,27 +12,44 @@ import (
"github.com/torkelo/grafana-pro/pkg/setting"
)
func authGetRequestAccountId(c *Context) (int64, error) {
type AuthOptions struct {
ReqAdmin bool
ReqSignedIn bool
}
func getRequestAccountId(c *Context) (int64, error) {
accountId := c.Session.Get("accountId")
urlQuery := c.Req.URL.Query()
if accountId != nil {
return accountId.(int64), nil
}
// TODO: check that this is a localhost request
// localhost render query
urlQuery := c.Req.URL.Query()
if len(urlQuery["render"]) > 0 {
accId, _ := strconv.ParseInt(urlQuery["accountId"][0], 10, 64)
c.Session.Set("accountId", accId)
accountId = accId
}
if accountId == nil {
if setting.Anonymous {
return setting.AnonymousAccountId, nil
// check api token
header := c.Req.Header.Get("Authorization")
parts := strings.SplitN(header, " ", 2)
if len(parts) == 2 || parts[0] == "Bearer" {
token := parts[1]
userQuery := m.GetAccountByTokenQuery{Token: token}
if err := bus.Dispatch(&userQuery); err != nil {
return -1, err
}
return userQuery.Result.Id, nil
}
return -1, errors.New("Auth: session account id not found")
// anonymous gues user
if setting.Anonymous {
return setting.AnonymousAccountId, nil
}
return accountId.(int64), nil
return -1, errors.New("Auth: session account id not found")
}
func authDenied(c *Context) {
......@@ -43,57 +60,17 @@ func authDenied(c *Context) {
c.Redirect(setting.AppSubUrl + "/login")
}
func authByToken(c *Context) {
header := c.Req.Header.Get("Authorization")
parts := strings.SplitN(header, " ", 2)
if len(parts) != 2 || parts[0] != "Bearer" {
return
}
token := parts[1]
userQuery := m.GetAccountByTokenQuery{Token: token}
if err := bus.Dispatch(&userQuery); err != nil {
return
}
usingQuery := m.GetAccountByIdQuery{Id: userQuery.Result.UsingAccountId}
if err := bus.Dispatch(&usingQuery); err != nil {
return
}
c.UserAccount = userQuery.Result
c.Account = usingQuery.Result
}
func authBySession(c *Context) {
accountId, err := authGetRequestAccountId(c)
if err != nil && c.Req.URL.Path != "/login" {
authDenied(c)
return
}
userQuery := m.GetAccountByIdQuery{Id: accountId}
if err := bus.Dispatch(&userQuery); err != nil {
authDenied(c)
return
}
usingQuery := m.GetAccountByIdQuery{Id: userQuery.Result.UsingAccountId}
if err := bus.Dispatch(&usingQuery); err != nil {
authDenied(c)
return
}
func Auth(options *AuthOptions) macaron.Handler {
return func(c *Context) {
c.UserAccount = userQuery.Result
c.Account = usingQuery.Result
}
if !c.IsSignedIn && options.ReqSignedIn {
authDenied(c)
return
}
func Auth() macaron.Handler {
return func(c *Context) {
authByToken(c)
if c.UserAccount == nil {
authBySession(c)
if !c.IsAdmin && options.ReqAdmin {
authDenied(c)
return
}
}
}
......@@ -8,8 +8,9 @@ import (
"github.com/Unknwon/macaron"
"github.com/macaron-contrib/session"
"github.com/torkelo/grafana-pro/pkg/bus"
"github.com/torkelo/grafana-pro/pkg/log"
"github.com/torkelo/grafana-pro/pkg/models"
m "github.com/torkelo/grafana-pro/pkg/models"
"github.com/torkelo/grafana-pro/pkg/setting"
)
......@@ -17,8 +18,11 @@ type Context struct {
*macaron.Context
Session session.Store
Account *models.Account
UserAccount *models.Account
IsSignedIn bool
IsAdmin bool
Account *m.Account
UserAccount *m.Account
}
func (c *Context) GetAccountId() int64 {
......@@ -32,6 +36,29 @@ func GetContextHandler() macaron.Handler {
Session: sess,
}
// try get account id from request
if accountId, err := getRequestAccountId(ctx); err == nil {
// fetch user
userQuery := m.GetAccountByIdQuery{Id: accountId}
if err := bus.Dispatch(&userQuery); err != nil {
log.Error(3, "Failed to get user by id, %v, %v", accountId, err)
} else {
// fetch using account
ctx.UserAccount = userQuery.Result
usingQuery := m.GetAccountByIdQuery{Id: ctx.UserAccount.UsingAccountId}
if err := bus.Dispatch(&usingQuery); err != nil {
log.Error(3, "Faild to get account's using account, account: %v, usingAccountId: %v, err:%v", accountId, ctx.UserAccount.Id, err)
} else {
ctx.Account = usingQuery.Result
}
}
}
if ctx.Account != nil {
ctx.IsSignedIn = true
ctx.IsAdmin = ctx.Account.IsAdmin
}
c.Map(ctx)
}
}
......
......@@ -68,6 +68,14 @@ type GetAccountByLoginQuery struct {
Result *Account
}
type SearchAccountsQuery struct {
Query string
Page int
Limit int
Result []*AccountSearchHitDTO
}
// ------------------------
// DTO & Projections
......@@ -84,6 +92,12 @@ type CollaboratorDTO struct {
Role string `json:"role"`
}
type AccountSearchHitDTO struct {
Id int64 `json:"id"`
Name string `json:"name"`
Email string `json:"email"`
}
type AccountDTO struct {
Email string `json:"email"`
Name string `json:"name"`
......
......@@ -19,6 +19,7 @@ func init() {
bus.AddHandler("sql", GetAccountByToken)
bus.AddHandler("sql", AddCollaborator)
bus.AddHandler("sql", RemoveCollaborator)
bus.AddHandler("sql", SearchAccounts)
}
func CreateAccount(cmd *m.CreateAccountCommand) error {
......@@ -173,3 +174,14 @@ func GetOtherAccounts(query *m.GetOtherAccountsQuery) error {
err := sess.Find(&query.Result)
return err
}
func SearchAccounts(query *m.SearchAccountsQuery) error {
query.Result = make([]*m.AccountSearchHitDTO, 0)
sess := x.Table("account")
sess.Where("email LIKE ?", query.Query+"%")
sess.Limit(query.Limit, query.Limit*query.Page)
sess.Cols("id", "email", "name")
err := sess.Find(&query.Result)
return err
}
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment