From 928d69fcaaac8c01785febbf4931098b704ae42d Mon Sep 17 00:00:00 2001
From: liugq <silenceqi@hotmail.com>
Date: Mon, 2 Dec 2024 11:01:56 +0800
Subject: [PATCH] fix: error of user not found

---
 core/auth.go                    | 35 ++++-----------------------------
 core/elastic.go                 | 17 ++++++++--------
 modules/security/api/account.go |  2 ++
 modules/security/module.go      |  3 +--
 4 files changed, 16 insertions(+), 41 deletions(-)

diff --git a/core/auth.go b/core/auth.go
index 83ba29e1..de4f9111 100644
--- a/core/auth.go
+++ b/core/auth.go
@@ -14,37 +14,10 @@ type Handler struct {
 	api.Handler
 }
 
-var authEnabled = false
-
-// BasicAuth register api with basic auth
-func BasicAuth(h httprouter.Handle, requiredUser, requiredPassword string) httprouter.Handle {
-	return func(w http.ResponseWriter, r *http.Request, ps httprouter.Params) {
-		// Get the Basic Authentication credentials
-		user, password, hasAuth := r.BasicAuth()
-
-		if hasAuth && user == requiredUser && password == requiredPassword {
-			// Delegate request to the given handle
-			h(w, r, ps)
-		} else {
-			// Request Basic Authentication otherwise
-			w.Header().Set("WWW-Authenticate", "Basic realm=Restricted")
-			http.Error(w, http.StatusText(http.StatusUnauthorized), http.StatusUnauthorized)
-		}
-	}
-}
-
-func EnableAuth(enable bool) {
-	authEnabled = enable
-}
-
-func IsAuthEnable() bool {
-	return authEnabled
-}
-
 func (handler Handler) RequireLogin(h httprouter.Handle) httprouter.Handle {
 	return func(w http.ResponseWriter, r *http.Request, ps httprouter.Params) {
 
-		if authEnabled {
+		if api.IsAuthEnable() {
 			claims, err := security.ValidateLogin(r.Header.Get("Authorization"))
 			if err != nil {
 				handler.WriteError(w, err.Error(), http.StatusUnauthorized)
@@ -64,7 +37,7 @@ func (handler Handler) RequirePermission(h httprouter.Handle, permissions ...str
 			return
 		}
 
-		if authEnabled {
+		if api.IsAuthEnable() {
 			claims, err := security.ValidateLogin(r.Header.Get("Authorization"))
 			if err != nil {
 				handler.WriteError(w, err.Error(), http.StatusUnauthorized)
@@ -85,7 +58,7 @@ func (handler Handler) RequirePermission(h httprouter.Handle, permissions ...str
 func (handler Handler) RequireClusterPermission(h httprouter.Handle, permissions ...string) httprouter.Handle {
 	return func(w http.ResponseWriter, r *http.Request, ps httprouter.Params) {
 
-		if authEnabled {
+		if api.IsAuthEnable() {
 			id := ps.ByName("id")
 			claims, err := security.ValidateLogin(r.Header.Get("Authorization"))
 			if err != nil {
@@ -106,7 +79,7 @@ func (handler Handler) RequireClusterPermission(h httprouter.Handle, permissions
 }
 
 func (handler Handler) GetCurrentUser(req *http.Request) string {
-	if authEnabled {
+	if api.IsAuthEnable() {
 		claims, ok := req.Context().Value("user").(*security.UserClaims)
 		if ok {
 			return claims.Username
diff --git a/core/elastic.go b/core/elastic.go
index cf98ce05..0a6a2a06 100644
--- a/core/elastic.go
+++ b/core/elastic.go
@@ -2,6 +2,7 @@ package core
 
 import (
 	rbac "infini.sh/console/core/security"
+	"infini.sh/framework/core/api"
 	httprouter "infini.sh/framework/core/api/router"
 	"infini.sh/framework/core/radix"
 	"infini.sh/framework/core/util"
@@ -11,7 +12,7 @@ import (
 func (handler Handler) IndexRequired(h httprouter.Handle, route ...string) httprouter.Handle {
 
 	return func(w http.ResponseWriter, r *http.Request, ps httprouter.Params) {
-		if authEnabled {
+		if api.IsAuthEnable() {
 			claims, err := rbac.ValidateLogin(r.Header.Get("Authorization"))
 			if err != nil {
 				handler.WriteError(w, err.Error(), http.StatusUnauthorized)
@@ -36,7 +37,7 @@ func (handler Handler) ClusterRequired(h httprouter.Handle, route ...string) htt
 
 	return func(w http.ResponseWriter, r *http.Request, ps httprouter.Params) {
 
-		if authEnabled {
+		if api.IsAuthEnable() {
 			claims, err := rbac.ValidateLogin(r.Header.Get("Authorization"))
 			if err != nil {
 				handler.WriteError(w, err.Error(), http.StatusUnauthorized)
@@ -57,7 +58,7 @@ func (handler Handler) ClusterRequired(h httprouter.Handle, route ...string) htt
 }
 
 func (handler Handler) GetClusterFilter(r *http.Request, field string) (util.MapStr, bool) {
-	if !IsAuthEnable() {
+	if !api.IsAuthEnable() {
 		return nil, true
 	}
 	hasAllPrivilege, clusterIds := rbac.GetCurrentUserCluster(r)
@@ -74,7 +75,7 @@ func (handler Handler) GetClusterFilter(r *http.Request, field string) (util.Map
 	}, false
 }
 func (handler Handler) GetAllowedClusters(r *http.Request) ([]string, bool) {
-	if !IsAuthEnable() {
+	if !api.IsAuthEnable() {
 		return nil, true
 	}
 	hasAllPrivilege, clusterIds := rbac.GetCurrentUserCluster(r)
@@ -82,7 +83,7 @@ func (handler Handler) GetAllowedClusters(r *http.Request) ([]string, bool) {
 }
 
 func (handler Handler) GetAllowedIndices(r *http.Request, clusterID string) ([]string, bool) {
-	if !IsAuthEnable() {
+	if !api.IsAuthEnable() {
 		return nil, true
 	}
 	hasAllPrivilege, indices := handler.GetCurrentUserClusterIndex(r, clusterID)
@@ -93,7 +94,7 @@ func (handler Handler) GetAllowedIndices(r *http.Request, clusterID string) ([]s
 }
 
 func (handler Handler) IsIndexAllowed(r *http.Request, clusterID string, indexName string) bool {
-	if !IsAuthEnable() {
+	if !api.IsAuthEnable() {
 		return true
 	}
 	hasAllPrivilege, indices := handler.GetCurrentUserClusterIndex(r, clusterID)
@@ -107,7 +108,7 @@ func (handler Handler) IsIndexAllowed(r *http.Request, clusterID string, indexNa
 }
 
 func (handler Handler) ValidateProxyRequest(req *http.Request, clusterID string) (bool, string, error) {
-	if !IsAuthEnable() {
+	if !api.IsAuthEnable() {
 		return false, "", nil
 	}
 	claims, err := rbac.ValidateLogin(req.Header.Get("Authorization"))
@@ -149,7 +150,7 @@ func (handler Handler) ValidateProxyRequest(req *http.Request, clusterID string)
 }
 
 func (handler Handler) GetCurrentUserIndex(req *http.Request) (bool, map[string][]string) {
-	if !IsAuthEnable() {
+	if !api.IsAuthEnable() {
 		return true, nil
 	}
 	ctxVal := req.Context().Value("user")
diff --git a/modules/security/api/account.go b/modules/security/api/account.go
index 4c6d3aaf..514f5d24 100644
--- a/modules/security/api/account.go
+++ b/modules/security/api/account.go
@@ -6,6 +6,7 @@ package api
 
 import (
 	"fmt"
+	log "github.com/cihub/seelog"
 	"golang.org/x/crypto/bcrypt"
 	rbac "infini.sh/console/core/security"
 	"infini.sh/console/modules/security/realm"
@@ -45,6 +46,7 @@ func (h APIHandler) Profile(w http.ResponseWriter, r *http.Request, ps httproute
 	if reqUser.Provider == NativeProvider {
 		user, err := h.User.Get(reqUser.UserId)
 		if err != nil {
+			log.Error(err)
 			h.ErrorInternalServer(w, err.Error())
 			return
 		}
diff --git a/modules/security/module.go b/modules/security/module.go
index 2b71f581..407fb9ff 100644
--- a/modules/security/module.go
+++ b/modules/security/module.go
@@ -49,6 +49,7 @@ func (module *Module) Setup() {
 	if !module.cfg.Enabled {
 		return
 	}
+	InitSchema()
 
 	credapi.Init()
 
@@ -70,8 +71,6 @@ func (module *Module) Start() error {
 		return nil
 	}
 
-	InitSchema()
-
 	realm.Init(module.cfg)
 
 	return nil