fix: error of user not found
This commit is contained in:
liugq
parent
a936a8fa7c
commit
928d69fcaa
35
core/auth.go
35
core/auth.go
|
|
@ -14,37 +14,10 @@ type Handler struct {
|
|||
api.Handler
|
||||
}
|
||||
|
||||
var authEnabled = false
|
||||
|
||||
// BasicAuth register api with basic auth
|
||||
func BasicAuth(h httprouter.Handle, requiredUser, requiredPassword string) httprouter.Handle {
|
||||
return func(w http.ResponseWriter, r *http.Request, ps httprouter.Params) {
|
||||
// Get the Basic Authentication credentials
|
||||
user, password, hasAuth := r.BasicAuth()
|
||||
|
||||
if hasAuth && user == requiredUser && password == requiredPassword {
|
||||
// Delegate request to the given handle
|
||||
h(w, r, ps)
|
||||
} else {
|
||||
// Request Basic Authentication otherwise
|
||||
w.Header().Set("WWW-Authenticate", "Basic realm=Restricted")
|
||||
http.Error(w, http.StatusText(http.StatusUnauthorized), http.StatusUnauthorized)
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
func EnableAuth(enable bool) {
|
||||
authEnabled = enable
|
||||
}
|
||||
|
||||
func IsAuthEnable() bool {
|
||||
return authEnabled
|
||||
}
|
||||
|
||||
func (handler Handler) RequireLogin(h httprouter.Handle) httprouter.Handle {
|
||||
return func(w http.ResponseWriter, r *http.Request, ps httprouter.Params) {
|
||||
|
||||
if authEnabled {
|
||||
if api.IsAuthEnable() {
|
||||
claims, err := security.ValidateLogin(r.Header.Get("Authorization"))
|
||||
if err != nil {
|
||||
handler.WriteError(w, err.Error(), http.StatusUnauthorized)
|
||||
|
|
@ -64,7 +37,7 @@ func (handler Handler) RequirePermission(h httprouter.Handle, permissions ...str
|
|||
return
|
||||
}
|
||||
|
||||
if authEnabled {
|
||||
if api.IsAuthEnable() {
|
||||
claims, err := security.ValidateLogin(r.Header.Get("Authorization"))
|
||||
if err != nil {
|
||||
handler.WriteError(w, err.Error(), http.StatusUnauthorized)
|
||||
|
|
@ -85,7 +58,7 @@ func (handler Handler) RequirePermission(h httprouter.Handle, permissions ...str
|
|||
func (handler Handler) RequireClusterPermission(h httprouter.Handle, permissions ...string) httprouter.Handle {
|
||||
return func(w http.ResponseWriter, r *http.Request, ps httprouter.Params) {
|
||||
|
||||
if authEnabled {
|
||||
if api.IsAuthEnable() {
|
||||
id := ps.ByName("id")
|
||||
claims, err := security.ValidateLogin(r.Header.Get("Authorization"))
|
||||
if err != nil {
|
||||
|
|
@ -106,7 +79,7 @@ func (handler Handler) RequireClusterPermission(h httprouter.Handle, permissions
|
|||
}
|
||||
|
||||
func (handler Handler) GetCurrentUser(req *http.Request) string {
|
||||
if authEnabled {
|
||||
if api.IsAuthEnable() {
|
||||
claims, ok := req.Context().Value("user").(*security.UserClaims)
|
||||
if ok {
|
||||
return claims.Username
|
||||
|
|
|
|||
|
|
@ -2,6 +2,7 @@ package core
|
|||
|
||||
import (
|
||||
rbac "infini.sh/console/core/security"
|
||||
"infini.sh/framework/core/api"
|
||||
httprouter "infini.sh/framework/core/api/router"
|
||||
"infini.sh/framework/core/radix"
|
||||
"infini.sh/framework/core/util"
|
||||
|
|
@ -11,7 +12,7 @@ import (
|
|||
func (handler Handler) IndexRequired(h httprouter.Handle, route ...string) httprouter.Handle {
|
||||
|
||||
return func(w http.ResponseWriter, r *http.Request, ps httprouter.Params) {
|
||||
if authEnabled {
|
||||
if api.IsAuthEnable() {
|
||||
claims, err := rbac.ValidateLogin(r.Header.Get("Authorization"))
|
||||
if err != nil {
|
||||
handler.WriteError(w, err.Error(), http.StatusUnauthorized)
|
||||
|
|
@ -36,7 +37,7 @@ func (handler Handler) ClusterRequired(h httprouter.Handle, route ...string) htt
|
|||
|
||||
return func(w http.ResponseWriter, r *http.Request, ps httprouter.Params) {
|
||||
|
||||
if authEnabled {
|
||||
if api.IsAuthEnable() {
|
||||
claims, err := rbac.ValidateLogin(r.Header.Get("Authorization"))
|
||||
if err != nil {
|
||||
handler.WriteError(w, err.Error(), http.StatusUnauthorized)
|
||||
|
|
@ -57,7 +58,7 @@ func (handler Handler) ClusterRequired(h httprouter.Handle, route ...string) htt
|
|||
}
|
||||
|
||||
func (handler Handler) GetClusterFilter(r *http.Request, field string) (util.MapStr, bool) {
|
||||
if !IsAuthEnable() {
|
||||
if !api.IsAuthEnable() {
|
||||
return nil, true
|
||||
}
|
||||
hasAllPrivilege, clusterIds := rbac.GetCurrentUserCluster(r)
|
||||
|
|
@ -74,7 +75,7 @@ func (handler Handler) GetClusterFilter(r *http.Request, field string) (util.Map
|
|||
}, false
|
||||
}
|
||||
func (handler Handler) GetAllowedClusters(r *http.Request) ([]string, bool) {
|
||||
if !IsAuthEnable() {
|
||||
if !api.IsAuthEnable() {
|
||||
return nil, true
|
||||
}
|
||||
hasAllPrivilege, clusterIds := rbac.GetCurrentUserCluster(r)
|
||||
|
|
@ -82,7 +83,7 @@ func (handler Handler) GetAllowedClusters(r *http.Request) ([]string, bool) {
|
|||
}
|
||||
|
||||
func (handler Handler) GetAllowedIndices(r *http.Request, clusterID string) ([]string, bool) {
|
||||
if !IsAuthEnable() {
|
||||
if !api.IsAuthEnable() {
|
||||
return nil, true
|
||||
}
|
||||
hasAllPrivilege, indices := handler.GetCurrentUserClusterIndex(r, clusterID)
|
||||
|
|
@ -93,7 +94,7 @@ func (handler Handler) GetAllowedIndices(r *http.Request, clusterID string) ([]s
|
|||
}
|
||||
|
||||
func (handler Handler) IsIndexAllowed(r *http.Request, clusterID string, indexName string) bool {
|
||||
if !IsAuthEnable() {
|
||||
if !api.IsAuthEnable() {
|
||||
return true
|
||||
}
|
||||
hasAllPrivilege, indices := handler.GetCurrentUserClusterIndex(r, clusterID)
|
||||
|
|
@ -107,7 +108,7 @@ func (handler Handler) IsIndexAllowed(r *http.Request, clusterID string, indexNa
|
|||
}
|
||||
|
||||
func (handler Handler) ValidateProxyRequest(req *http.Request, clusterID string) (bool, string, error) {
|
||||
if !IsAuthEnable() {
|
||||
if !api.IsAuthEnable() {
|
||||
return false, "", nil
|
||||
}
|
||||
claims, err := rbac.ValidateLogin(req.Header.Get("Authorization"))
|
||||
|
|
@ -149,7 +150,7 @@ func (handler Handler) ValidateProxyRequest(req *http.Request, clusterID string)
|
|||
}
|
||||
|
||||
func (handler Handler) GetCurrentUserIndex(req *http.Request) (bool, map[string][]string) {
|
||||
if !IsAuthEnable() {
|
||||
if !api.IsAuthEnable() {
|
||||
return true, nil
|
||||
}
|
||||
ctxVal := req.Context().Value("user")
|
||||
|
|
|
|||
|
|
@ -6,6 +6,7 @@ package api
|
|||
|
||||
import (
|
||||
"fmt"
|
||||
log "github.com/cihub/seelog"
|
||||
"golang.org/x/crypto/bcrypt"
|
||||
rbac "infini.sh/console/core/security"
|
||||
"infini.sh/console/modules/security/realm"
|
||||
|
|
@ -45,6 +46,7 @@ func (h APIHandler) Profile(w http.ResponseWriter, r *http.Request, ps httproute
|
|||
if reqUser.Provider == NativeProvider {
|
||||
user, err := h.User.Get(reqUser.UserId)
|
||||
if err != nil {
|
||||
log.Error(err)
|
||||
h.ErrorInternalServer(w, err.Error())
|
||||
return
|
||||
}
|
||||
|
|
|
|||
|
|
@ -49,6 +49,7 @@ func (module *Module) Setup() {
|
|||
if !module.cfg.Enabled {
|
||||
return
|
||||
}
|
||||
InitSchema()
|
||||
|
||||
credapi.Init()
|
||||
|
||||
|
|
@ -70,8 +71,6 @@ func (module *Module) Start() error {
|
|||
return nil
|
||||
}
|
||||
|
||||
InitSchema()
|
||||
|
||||
realm.Init(module.cfg)
|
||||
|
||||
return nil
|
||||
|
|
|
|||
Loading…
Reference in New Issue