floraachy
/
console
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix: error of user not found

This commit is contained in:
liugq 2024-12-02 11:01:56 +08:00
parent a936a8fa7c
commit 928d69fcaa
4 changed files with 16 additions and 41 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

35
core/auth.go
View File

@ -14,37 +14,10 @@ type Handler struct {
api.Handler api.Handler
} }
var authEnabled = false
// BasicAuth register api with basic auth
func BasicAuth(h httprouter.Handle, requiredUser, requiredPassword string) httprouter.Handle {
return func(w http.ResponseWriter, r *http.Request, ps httprouter.Params) {
// Get the Basic Authentication credentials
user, password, hasAuth := r.BasicAuth()
if hasAuth && user == requiredUser && password == requiredPassword {
// Delegate request to the given handle
h(w, r, ps)
} else {
// Request Basic Authentication otherwise
w.Header().Set("WWW-Authenticate", "Basic realm=Restricted")
http.Error(w, http.StatusText(http.StatusUnauthorized), http.StatusUnauthorized)
}
}
}
func EnableAuth(enable bool) {
authEnabled = enable
}
func IsAuthEnable() bool {
return authEnabled
}
func (handler Handler) RequireLogin(h httprouter.Handle) httprouter.Handle { func (handler Handler) RequireLogin(h httprouter.Handle) httprouter.Handle {
return func(w http.ResponseWriter, r *http.Request, ps httprouter.Params) { return func(w http.ResponseWriter, r *http.Request, ps httprouter.Params) {
if authEnabled { if api.IsAuthEnable() {
claims, err := security.ValidateLogin(r.Header.Get("Authorization")) claims, err := security.ValidateLogin(r.Header.Get("Authorization"))
if err != nil { if err != nil {
handler.WriteError(w, err.Error(), http.StatusUnauthorized) handler.WriteError(w, err.Error(), http.StatusUnauthorized)
@ -64,7 +37,7 @@ func (handler Handler) RequirePermission(h httprouter.Handle, permissions ...str
return return
} }
if authEnabled { if api.IsAuthEnable() {
claims, err := security.ValidateLogin(r.Header.Get("Authorization")) claims, err := security.ValidateLogin(r.Header.Get("Authorization"))
if err != nil { if err != nil {
handler.WriteError(w, err.Error(), http.StatusUnauthorized) handler.WriteError(w, err.Error(), http.StatusUnauthorized)
@ -85,7 +58,7 @@ func (handler Handler) RequirePermission(h httprouter.Handle, permissions ...str
func (handler Handler) RequireClusterPermission(h httprouter.Handle, permissions ...string) httprouter.Handle { func (handler Handler) RequireClusterPermission(h httprouter.Handle, permissions ...string) httprouter.Handle {
return func(w http.ResponseWriter, r *http.Request, ps httprouter.Params) { return func(w http.ResponseWriter, r *http.Request, ps httprouter.Params) {
if authEnabled { if api.IsAuthEnable() {
id := ps.ByName("id") id := ps.ByName("id")
claims, err := security.ValidateLogin(r.Header.Get("Authorization")) claims, err := security.ValidateLogin(r.Header.Get("Authorization"))
if err != nil { if err != nil {
@ -106,7 +79,7 @@ func (handler Handler) RequireClusterPermission(h httprouter.Handle, permissions
} }
func (handler Handler) GetCurrentUser(req *http.Request) string { func (handler Handler) GetCurrentUser(req *http.Request) string {
if authEnabled { if api.IsAuthEnable() {
claims, ok := req.Context().Value("user").(*security.UserClaims) claims, ok := req.Context().Value("user").(*security.UserClaims)
if ok { if ok {
return claims.Username return claims.Username

17
core/elastic.go
View File

@ -2,6 +2,7 @@ package core
import ( import (
rbac "infini.sh/console/core/security" rbac "infini.sh/console/core/security"
"infini.sh/framework/core/api"
httprouter "infini.sh/framework/core/api/router" httprouter "infini.sh/framework/core/api/router"
"infini.sh/framework/core/radix" "infini.sh/framework/core/radix"
"infini.sh/framework/core/util" "infini.sh/framework/core/util"
@ -11,7 +12,7 @@ import (
func (handler Handler) IndexRequired(h httprouter.Handle, route ...string) httprouter.Handle { func (handler Handler) IndexRequired(h httprouter.Handle, route ...string) httprouter.Handle {
return func(w http.ResponseWriter, r *http.Request, ps httprouter.Params) { return func(w http.ResponseWriter, r *http.Request, ps httprouter.Params) {
if authEnabled { if api.IsAuthEnable() {
claims, err := rbac.ValidateLogin(r.Header.Get("Authorization")) claims, err := rbac.ValidateLogin(r.Header.Get("Authorization"))
if err != nil { if err != nil {
handler.WriteError(w, err.Error(), http.StatusUnauthorized) handler.WriteError(w, err.Error(), http.StatusUnauthorized)
@ -36,7 +37,7 @@ func (handler Handler) ClusterRequired(h httprouter.Handle, route ...string) htt
return func(w http.ResponseWriter, r *http.Request, ps httprouter.Params) { return func(w http.ResponseWriter, r *http.Request, ps httprouter.Params) {
if authEnabled { if api.IsAuthEnable() {
claims, err := rbac.ValidateLogin(r.Header.Get("Authorization")) claims, err := rbac.ValidateLogin(r.Header.Get("Authorization"))
if err != nil { if err != nil {
handler.WriteError(w, err.Error(), http.StatusUnauthorized) handler.WriteError(w, err.Error(), http.StatusUnauthorized)
@ -57,7 +58,7 @@ func (handler Handler) ClusterRequired(h httprouter.Handle, route ...string) htt
} }
func (handler Handler) GetClusterFilter(r *http.Request, field string) (util.MapStr, bool) { func (handler Handler) GetClusterFilter(r *http.Request, field string) (util.MapStr, bool) {
if !IsAuthEnable() { if !api.IsAuthEnable() {
return nil, true return nil, true
} }
hasAllPrivilege, clusterIds := rbac.GetCurrentUserCluster(r) hasAllPrivilege, clusterIds := rbac.GetCurrentUserCluster(r)
@ -74,7 +75,7 @@ func (handler Handler) GetClusterFilter(r *http.Request, field string) (util.Map
}, false }, false
} }
func (handler Handler) GetAllowedClusters(r *http.Request) ([]string, bool) { func (handler Handler) GetAllowedClusters(r *http.Request) ([]string, bool) {
if !IsAuthEnable() { if !api.IsAuthEnable() {
return nil, true return nil, true
} }
hasAllPrivilege, clusterIds := rbac.GetCurrentUserCluster(r) hasAllPrivilege, clusterIds := rbac.GetCurrentUserCluster(r)
@ -82,7 +83,7 @@ func (handler Handler) GetAllowedClusters(r *http.Request) ([]string, bool) {
} }
func (handler Handler) GetAllowedIndices(r *http.Request, clusterID string) ([]string, bool) { func (handler Handler) GetAllowedIndices(r *http.Request, clusterID string) ([]string, bool) {
if !IsAuthEnable() { if !api.IsAuthEnable() {
return nil, true return nil, true
} }
hasAllPrivilege, indices := handler.GetCurrentUserClusterIndex(r, clusterID) hasAllPrivilege, indices := handler.GetCurrentUserClusterIndex(r, clusterID)
@ -93,7 +94,7 @@ func (handler Handler) GetAllowedIndices(r *http.Request, clusterID string) ([]s
} }
func (handler Handler) IsIndexAllowed(r *http.Request, clusterID string, indexName string) bool { func (handler Handler) IsIndexAllowed(r *http.Request, clusterID string, indexName string) bool {
if !IsAuthEnable() { if !api.IsAuthEnable() {
return true return true
} }
hasAllPrivilege, indices := handler.GetCurrentUserClusterIndex(r, clusterID) hasAllPrivilege, indices := handler.GetCurrentUserClusterIndex(r, clusterID)
@ -107,7 +108,7 @@ func (handler Handler) IsIndexAllowed(r *http.Request, clusterID string, indexNa
} }
func (handler Handler) ValidateProxyRequest(req *http.Request, clusterID string) (bool, string, error) { func (handler Handler) ValidateProxyRequest(req *http.Request, clusterID string) (bool, string, error) {
if !IsAuthEnable() { if !api.IsAuthEnable() {
return false, "", nil return false, "", nil
} }
claims, err := rbac.ValidateLogin(req.Header.Get("Authorization")) claims, err := rbac.ValidateLogin(req.Header.Get("Authorization"))
@ -149,7 +150,7 @@ func (handler Handler) ValidateProxyRequest(req *http.Request, clusterID string)
} }
func (handler Handler) GetCurrentUserIndex(req *http.Request) (bool, map[string][]string) { func (handler Handler) GetCurrentUserIndex(req *http.Request) (bool, map[string][]string) {
if !IsAuthEnable() { if !api.IsAuthEnable() {
return true, nil return true, nil
} }
ctxVal := req.Context().Value("user") ctxVal := req.Context().Value("user")

2
modules/security/api/account.go
View File

@ -6,6 +6,7 @@ package api
import ( import (
"fmt" "fmt"
log "github.com/cihub/seelog"
"golang.org/x/crypto/bcrypt" "golang.org/x/crypto/bcrypt"
rbac "infini.sh/console/core/security" rbac "infini.sh/console/core/security"
"infini.sh/console/modules/security/realm" "infini.sh/console/modules/security/realm"
@ -45,6 +46,7 @@ func (h APIHandler) Profile(w http.ResponseWriter, r *http.Request, ps httproute
if reqUser.Provider == NativeProvider { if reqUser.Provider == NativeProvider {
user, err := h.User.Get(reqUser.UserId) user, err := h.User.Get(reqUser.UserId)
if err != nil { if err != nil {
log.Error(err)
h.ErrorInternalServer(w, err.Error()) h.ErrorInternalServer(w, err.Error())
return return
} }

3
modules/security/module.go
View File

@ -49,6 +49,7 @@ func (module *Module) Setup() {
if !module.cfg.Enabled { if !module.cfg.Enabled {
return return
} }
InitSchema()
credapi.Init() credapi.Init()
@ -70,8 +71,6 @@ func (module *Module) Start() error {
return nil return nil
} }
InitSchema()
realm.Init(module.cfg) realm.Init(module.cfg)
return nil return nil