fix: error of user not found
This commit is contained in:
parent
a936a8fa7c
commit
928d69fcaa
35
core/auth.go
35
core/auth.go
|
@ -14,37 +14,10 @@ type Handler struct {
|
||||||
api.Handler
|
api.Handler
|
||||||
}
|
}
|
||||||
|
|
||||||
var authEnabled = false
|
|
||||||
|
|
||||||
// BasicAuth register api with basic auth
|
|
||||||
func BasicAuth(h httprouter.Handle, requiredUser, requiredPassword string) httprouter.Handle {
|
|
||||||
return func(w http.ResponseWriter, r *http.Request, ps httprouter.Params) {
|
|
||||||
// Get the Basic Authentication credentials
|
|
||||||
user, password, hasAuth := r.BasicAuth()
|
|
||||||
|
|
||||||
if hasAuth && user == requiredUser && password == requiredPassword {
|
|
||||||
// Delegate request to the given handle
|
|
||||||
h(w, r, ps)
|
|
||||||
} else {
|
|
||||||
// Request Basic Authentication otherwise
|
|
||||||
w.Header().Set("WWW-Authenticate", "Basic realm=Restricted")
|
|
||||||
http.Error(w, http.StatusText(http.StatusUnauthorized), http.StatusUnauthorized)
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
func EnableAuth(enable bool) {
|
|
||||||
authEnabled = enable
|
|
||||||
}
|
|
||||||
|
|
||||||
func IsAuthEnable() bool {
|
|
||||||
return authEnabled
|
|
||||||
}
|
|
||||||
|
|
||||||
func (handler Handler) RequireLogin(h httprouter.Handle) httprouter.Handle {
|
func (handler Handler) RequireLogin(h httprouter.Handle) httprouter.Handle {
|
||||||
return func(w http.ResponseWriter, r *http.Request, ps httprouter.Params) {
|
return func(w http.ResponseWriter, r *http.Request, ps httprouter.Params) {
|
||||||
|
|
||||||
if authEnabled {
|
if api.IsAuthEnable() {
|
||||||
claims, err := security.ValidateLogin(r.Header.Get("Authorization"))
|
claims, err := security.ValidateLogin(r.Header.Get("Authorization"))
|
||||||
if err != nil {
|
if err != nil {
|
||||||
handler.WriteError(w, err.Error(), http.StatusUnauthorized)
|
handler.WriteError(w, err.Error(), http.StatusUnauthorized)
|
||||||
|
@ -64,7 +37,7 @@ func (handler Handler) RequirePermission(h httprouter.Handle, permissions ...str
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
if authEnabled {
|
if api.IsAuthEnable() {
|
||||||
claims, err := security.ValidateLogin(r.Header.Get("Authorization"))
|
claims, err := security.ValidateLogin(r.Header.Get("Authorization"))
|
||||||
if err != nil {
|
if err != nil {
|
||||||
handler.WriteError(w, err.Error(), http.StatusUnauthorized)
|
handler.WriteError(w, err.Error(), http.StatusUnauthorized)
|
||||||
|
@ -85,7 +58,7 @@ func (handler Handler) RequirePermission(h httprouter.Handle, permissions ...str
|
||||||
func (handler Handler) RequireClusterPermission(h httprouter.Handle, permissions ...string) httprouter.Handle {
|
func (handler Handler) RequireClusterPermission(h httprouter.Handle, permissions ...string) httprouter.Handle {
|
||||||
return func(w http.ResponseWriter, r *http.Request, ps httprouter.Params) {
|
return func(w http.ResponseWriter, r *http.Request, ps httprouter.Params) {
|
||||||
|
|
||||||
if authEnabled {
|
if api.IsAuthEnable() {
|
||||||
id := ps.ByName("id")
|
id := ps.ByName("id")
|
||||||
claims, err := security.ValidateLogin(r.Header.Get("Authorization"))
|
claims, err := security.ValidateLogin(r.Header.Get("Authorization"))
|
||||||
if err != nil {
|
if err != nil {
|
||||||
|
@ -106,7 +79,7 @@ func (handler Handler) RequireClusterPermission(h httprouter.Handle, permissions
|
||||||
}
|
}
|
||||||
|
|
||||||
func (handler Handler) GetCurrentUser(req *http.Request) string {
|
func (handler Handler) GetCurrentUser(req *http.Request) string {
|
||||||
if authEnabled {
|
if api.IsAuthEnable() {
|
||||||
claims, ok := req.Context().Value("user").(*security.UserClaims)
|
claims, ok := req.Context().Value("user").(*security.UserClaims)
|
||||||
if ok {
|
if ok {
|
||||||
return claims.Username
|
return claims.Username
|
||||||
|
|
|
@ -2,6 +2,7 @@ package core
|
||||||
|
|
||||||
import (
|
import (
|
||||||
rbac "infini.sh/console/core/security"
|
rbac "infini.sh/console/core/security"
|
||||||
|
"infini.sh/framework/core/api"
|
||||||
httprouter "infini.sh/framework/core/api/router"
|
httprouter "infini.sh/framework/core/api/router"
|
||||||
"infini.sh/framework/core/radix"
|
"infini.sh/framework/core/radix"
|
||||||
"infini.sh/framework/core/util"
|
"infini.sh/framework/core/util"
|
||||||
|
@ -11,7 +12,7 @@ import (
|
||||||
func (handler Handler) IndexRequired(h httprouter.Handle, route ...string) httprouter.Handle {
|
func (handler Handler) IndexRequired(h httprouter.Handle, route ...string) httprouter.Handle {
|
||||||
|
|
||||||
return func(w http.ResponseWriter, r *http.Request, ps httprouter.Params) {
|
return func(w http.ResponseWriter, r *http.Request, ps httprouter.Params) {
|
||||||
if authEnabled {
|
if api.IsAuthEnable() {
|
||||||
claims, err := rbac.ValidateLogin(r.Header.Get("Authorization"))
|
claims, err := rbac.ValidateLogin(r.Header.Get("Authorization"))
|
||||||
if err != nil {
|
if err != nil {
|
||||||
handler.WriteError(w, err.Error(), http.StatusUnauthorized)
|
handler.WriteError(w, err.Error(), http.StatusUnauthorized)
|
||||||
|
@ -36,7 +37,7 @@ func (handler Handler) ClusterRequired(h httprouter.Handle, route ...string) htt
|
||||||
|
|
||||||
return func(w http.ResponseWriter, r *http.Request, ps httprouter.Params) {
|
return func(w http.ResponseWriter, r *http.Request, ps httprouter.Params) {
|
||||||
|
|
||||||
if authEnabled {
|
if api.IsAuthEnable() {
|
||||||
claims, err := rbac.ValidateLogin(r.Header.Get("Authorization"))
|
claims, err := rbac.ValidateLogin(r.Header.Get("Authorization"))
|
||||||
if err != nil {
|
if err != nil {
|
||||||
handler.WriteError(w, err.Error(), http.StatusUnauthorized)
|
handler.WriteError(w, err.Error(), http.StatusUnauthorized)
|
||||||
|
@ -57,7 +58,7 @@ func (handler Handler) ClusterRequired(h httprouter.Handle, route ...string) htt
|
||||||
}
|
}
|
||||||
|
|
||||||
func (handler Handler) GetClusterFilter(r *http.Request, field string) (util.MapStr, bool) {
|
func (handler Handler) GetClusterFilter(r *http.Request, field string) (util.MapStr, bool) {
|
||||||
if !IsAuthEnable() {
|
if !api.IsAuthEnable() {
|
||||||
return nil, true
|
return nil, true
|
||||||
}
|
}
|
||||||
hasAllPrivilege, clusterIds := rbac.GetCurrentUserCluster(r)
|
hasAllPrivilege, clusterIds := rbac.GetCurrentUserCluster(r)
|
||||||
|
@ -74,7 +75,7 @@ func (handler Handler) GetClusterFilter(r *http.Request, field string) (util.Map
|
||||||
}, false
|
}, false
|
||||||
}
|
}
|
||||||
func (handler Handler) GetAllowedClusters(r *http.Request) ([]string, bool) {
|
func (handler Handler) GetAllowedClusters(r *http.Request) ([]string, bool) {
|
||||||
if !IsAuthEnable() {
|
if !api.IsAuthEnable() {
|
||||||
return nil, true
|
return nil, true
|
||||||
}
|
}
|
||||||
hasAllPrivilege, clusterIds := rbac.GetCurrentUserCluster(r)
|
hasAllPrivilege, clusterIds := rbac.GetCurrentUserCluster(r)
|
||||||
|
@ -82,7 +83,7 @@ func (handler Handler) GetAllowedClusters(r *http.Request) ([]string, bool) {
|
||||||
}
|
}
|
||||||
|
|
||||||
func (handler Handler) GetAllowedIndices(r *http.Request, clusterID string) ([]string, bool) {
|
func (handler Handler) GetAllowedIndices(r *http.Request, clusterID string) ([]string, bool) {
|
||||||
if !IsAuthEnable() {
|
if !api.IsAuthEnable() {
|
||||||
return nil, true
|
return nil, true
|
||||||
}
|
}
|
||||||
hasAllPrivilege, indices := handler.GetCurrentUserClusterIndex(r, clusterID)
|
hasAllPrivilege, indices := handler.GetCurrentUserClusterIndex(r, clusterID)
|
||||||
|
@ -93,7 +94,7 @@ func (handler Handler) GetAllowedIndices(r *http.Request, clusterID string) ([]s
|
||||||
}
|
}
|
||||||
|
|
||||||
func (handler Handler) IsIndexAllowed(r *http.Request, clusterID string, indexName string) bool {
|
func (handler Handler) IsIndexAllowed(r *http.Request, clusterID string, indexName string) bool {
|
||||||
if !IsAuthEnable() {
|
if !api.IsAuthEnable() {
|
||||||
return true
|
return true
|
||||||
}
|
}
|
||||||
hasAllPrivilege, indices := handler.GetCurrentUserClusterIndex(r, clusterID)
|
hasAllPrivilege, indices := handler.GetCurrentUserClusterIndex(r, clusterID)
|
||||||
|
@ -107,7 +108,7 @@ func (handler Handler) IsIndexAllowed(r *http.Request, clusterID string, indexNa
|
||||||
}
|
}
|
||||||
|
|
||||||
func (handler Handler) ValidateProxyRequest(req *http.Request, clusterID string) (bool, string, error) {
|
func (handler Handler) ValidateProxyRequest(req *http.Request, clusterID string) (bool, string, error) {
|
||||||
if !IsAuthEnable() {
|
if !api.IsAuthEnable() {
|
||||||
return false, "", nil
|
return false, "", nil
|
||||||
}
|
}
|
||||||
claims, err := rbac.ValidateLogin(req.Header.Get("Authorization"))
|
claims, err := rbac.ValidateLogin(req.Header.Get("Authorization"))
|
||||||
|
@ -149,7 +150,7 @@ func (handler Handler) ValidateProxyRequest(req *http.Request, clusterID string)
|
||||||
}
|
}
|
||||||
|
|
||||||
func (handler Handler) GetCurrentUserIndex(req *http.Request) (bool, map[string][]string) {
|
func (handler Handler) GetCurrentUserIndex(req *http.Request) (bool, map[string][]string) {
|
||||||
if !IsAuthEnable() {
|
if !api.IsAuthEnable() {
|
||||||
return true, nil
|
return true, nil
|
||||||
}
|
}
|
||||||
ctxVal := req.Context().Value("user")
|
ctxVal := req.Context().Value("user")
|
||||||
|
|
|
@ -6,6 +6,7 @@ package api
|
||||||
|
|
||||||
import (
|
import (
|
||||||
"fmt"
|
"fmt"
|
||||||
|
log "github.com/cihub/seelog"
|
||||||
"golang.org/x/crypto/bcrypt"
|
"golang.org/x/crypto/bcrypt"
|
||||||
rbac "infini.sh/console/core/security"
|
rbac "infini.sh/console/core/security"
|
||||||
"infini.sh/console/modules/security/realm"
|
"infini.sh/console/modules/security/realm"
|
||||||
|
@ -45,6 +46,7 @@ func (h APIHandler) Profile(w http.ResponseWriter, r *http.Request, ps httproute
|
||||||
if reqUser.Provider == NativeProvider {
|
if reqUser.Provider == NativeProvider {
|
||||||
user, err := h.User.Get(reqUser.UserId)
|
user, err := h.User.Get(reqUser.UserId)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
|
log.Error(err)
|
||||||
h.ErrorInternalServer(w, err.Error())
|
h.ErrorInternalServer(w, err.Error())
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
|
@ -49,6 +49,7 @@ func (module *Module) Setup() {
|
||||||
if !module.cfg.Enabled {
|
if !module.cfg.Enabled {
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
InitSchema()
|
||||||
|
|
||||||
credapi.Init()
|
credapi.Init()
|
||||||
|
|
||||||
|
@ -70,8 +71,6 @@ func (module *Module) Start() error {
|
||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
|
||||||
InitSchema()
|
|
||||||
|
|
||||||
realm.Init(module.cfg)
|
realm.Init(module.cfg)
|
||||||
|
|
||||||
return nil
|
return nil
|
||||||
|
|
Loading…
Reference in New Issue