diff --git a/api/api.swagger.json b/api/api.swagger.json index d9c08a3..34a6c94 100644 --- a/api/api.swagger.json +++ b/api/api.swagger.json @@ -87,38 +87,6 @@ "security": [] } }, - "/apis/v1beta1/auth/token": { - "post": { - "operationId": "IsValidToken", - "responses": { - "200": { - "description": "A successful response.", - "schema": { - "$ref": "#/definitions/IsValidTokenResponse" - } - }, - "default": { - "description": "An unexpected error response", - "schema": { - "$ref": "#/definitions/grpc.gateway.runtime.Error" - } - } - }, - "parameters": [ - { - "name": "body", - "in": "body", - "required": true, - "schema": { - "$ref": "#/definitions/IsValidTokenRequest" - } - } - ], - "tags": [ - "AuthService" - ] - } - }, "/apis/v1beta1/config": { "get": { "operationId": "GetConfig", @@ -2970,7 +2938,7 @@ "username": { "type": "string" }, - "tokenHash": { + "token": { "type": "string" } } @@ -2981,7 +2949,7 @@ "domain": { "type": "string" }, - "token": { + "accessToken": { "type": "string" }, "username": { @@ -3073,31 +3041,6 @@ } } }, - "IsValidTokenRequest": { - "type": "object", - "properties": { - "username": { - "type": "string" - }, - "token": { - "type": "string" - } - } - }, - "IsValidTokenResponse": { - "type": "object", - "properties": { - "domain": { - "type": "string" - }, - "token": { - "type": "string" - }, - "username": { - "type": "string" - } - } - }, "KeyValue": { "type": "object", "properties": { diff --git a/api/auth.pb.go b/api/auth.pb.go index 86b014d..50b4a7f 100644 --- a/api/auth.pb.go +++ b/api/auth.pb.go @@ -204,7 +204,7 @@ func (x *IsAuthorizedResponse) GetAuthorized() bool { return false } -type IsValidTokenRequest struct { +type GetAccessTokenRequest struct { state protoimpl.MessageState sizeCache protoimpl.SizeCache unknownFields protoimpl.UnknownFields @@ -213,65 +213,10 @@ type IsValidTokenRequest struct { Token string `protobuf:"bytes,2,opt,name=token,proto3" json:"token,omitempty"` } -func (x *IsValidTokenRequest) Reset() { - *x = IsValidTokenRequest{} - if protoimpl.UnsafeEnabled { - mi := &file_auth_proto_msgTypes[3] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *IsValidTokenRequest) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*IsValidTokenRequest) ProtoMessage() {} - -func (x *IsValidTokenRequest) ProtoReflect() protoreflect.Message { - mi := &file_auth_proto_msgTypes[3] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use IsValidTokenRequest.ProtoReflect.Descriptor instead. -func (*IsValidTokenRequest) Descriptor() ([]byte, []int) { - return file_auth_proto_rawDescGZIP(), []int{3} -} - -func (x *IsValidTokenRequest) GetUsername() string { - if x != nil { - return x.Username - } - return "" -} - -func (x *IsValidTokenRequest) GetToken() string { - if x != nil { - return x.Token - } - return "" -} - -type GetAccessTokenRequest struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - Username string `protobuf:"bytes,1,opt,name=username,proto3" json:"username,omitempty"` - TokenHash string `protobuf:"bytes,2,opt,name=tokenHash,proto3" json:"tokenHash,omitempty"` -} - func (x *GetAccessTokenRequest) Reset() { *x = GetAccessTokenRequest{} if protoimpl.UnsafeEnabled { - mi := &file_auth_proto_msgTypes[4] + mi := &file_auth_proto_msgTypes[3] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -284,7 +229,7 @@ func (x *GetAccessTokenRequest) String() string { func (*GetAccessTokenRequest) ProtoMessage() {} func (x *GetAccessTokenRequest) ProtoReflect() protoreflect.Message { - mi := &file_auth_proto_msgTypes[4] + mi := &file_auth_proto_msgTypes[3] if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -297,7 +242,7 @@ func (x *GetAccessTokenRequest) ProtoReflect() protoreflect.Message { // Deprecated: Use GetAccessTokenRequest.ProtoReflect.Descriptor instead. func (*GetAccessTokenRequest) Descriptor() ([]byte, []int) { - return file_auth_proto_rawDescGZIP(), []int{4} + return file_auth_proto_rawDescGZIP(), []int{3} } func (x *GetAccessTokenRequest) GetUsername() string { @@ -307,9 +252,9 @@ func (x *GetAccessTokenRequest) GetUsername() string { return "" } -func (x *GetAccessTokenRequest) GetTokenHash() string { +func (x *GetAccessTokenRequest) GetToken() string { if x != nil { - return x.TokenHash + return x.Token } return "" } @@ -319,15 +264,15 @@ type GetAccessTokenResponse struct { sizeCache protoimpl.SizeCache unknownFields protoimpl.UnknownFields - Domain string `protobuf:"bytes,1,opt,name=domain,proto3" json:"domain,omitempty"` - Token string `protobuf:"bytes,2,opt,name=token,proto3" json:"token,omitempty"` - Username string `protobuf:"bytes,3,opt,name=username,proto3" json:"username,omitempty"` + Domain string `protobuf:"bytes,1,opt,name=domain,proto3" json:"domain,omitempty"` + AccessToken string `protobuf:"bytes,2,opt,name=accessToken,proto3" json:"accessToken,omitempty"` + Username string `protobuf:"bytes,3,opt,name=username,proto3" json:"username,omitempty"` } func (x *GetAccessTokenResponse) Reset() { *x = GetAccessTokenResponse{} if protoimpl.UnsafeEnabled { - mi := &file_auth_proto_msgTypes[5] + mi := &file_auth_proto_msgTypes[4] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -340,7 +285,7 @@ func (x *GetAccessTokenResponse) String() string { func (*GetAccessTokenResponse) ProtoMessage() {} func (x *GetAccessTokenResponse) ProtoReflect() protoreflect.Message { - mi := &file_auth_proto_msgTypes[5] + mi := &file_auth_proto_msgTypes[4] if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -353,7 +298,7 @@ func (x *GetAccessTokenResponse) ProtoReflect() protoreflect.Message { // Deprecated: Use GetAccessTokenResponse.ProtoReflect.Descriptor instead. func (*GetAccessTokenResponse) Descriptor() ([]byte, []int) { - return file_auth_proto_rawDescGZIP(), []int{5} + return file_auth_proto_rawDescGZIP(), []int{4} } func (x *GetAccessTokenResponse) GetDomain() string { @@ -363,9 +308,9 @@ func (x *GetAccessTokenResponse) GetDomain() string { return "" } -func (x *GetAccessTokenResponse) GetToken() string { +func (x *GetAccessTokenResponse) GetAccessToken() string { if x != nil { - return x.Token + return x.AccessToken } return "" } @@ -377,69 +322,6 @@ func (x *GetAccessTokenResponse) GetUsername() string { return "" } -type IsValidTokenResponse struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - Domain string `protobuf:"bytes,1,opt,name=domain,proto3" json:"domain,omitempty"` - Token string `protobuf:"bytes,2,opt,name=token,proto3" json:"token,omitempty"` - Username string `protobuf:"bytes,3,opt,name=username,proto3" json:"username,omitempty"` -} - -func (x *IsValidTokenResponse) Reset() { - *x = IsValidTokenResponse{} - if protoimpl.UnsafeEnabled { - mi := &file_auth_proto_msgTypes[6] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *IsValidTokenResponse) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*IsValidTokenResponse) ProtoMessage() {} - -func (x *IsValidTokenResponse) ProtoReflect() protoreflect.Message { - mi := &file_auth_proto_msgTypes[6] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use IsValidTokenResponse.ProtoReflect.Descriptor instead. -func (*IsValidTokenResponse) Descriptor() ([]byte, []int) { - return file_auth_proto_rawDescGZIP(), []int{6} -} - -func (x *IsValidTokenResponse) GetDomain() string { - if x != nil { - return x.Domain - } - return "" -} - -func (x *IsValidTokenResponse) GetToken() string { - if x != nil { - return x.Token - } - return "" -} - -func (x *IsValidTokenResponse) GetUsername() string { - if x != nil { - return x.Username - } - return "" -} - var File_auth_proto protoreflect.FileDescriptor var file_auth_proto_rawDesc = []byte{ @@ -466,52 +348,35 @@ var file_auth_proto_rawDesc = []byte{ 0x69, 0x7a, 0x65, 0x64, 0x22, 0x36, 0x0a, 0x14, 0x49, 0x73, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a, 0x65, 0x64, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x1e, 0x0a, 0x0a, 0x61, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a, 0x65, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x08, - 0x52, 0x0a, 0x61, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a, 0x65, 0x64, 0x22, 0x47, 0x0a, 0x13, - 0x49, 0x73, 0x56, 0x61, 0x6c, 0x69, 0x64, 0x54, 0x6f, 0x6b, 0x65, 0x6e, 0x52, 0x65, 0x71, 0x75, - 0x65, 0x73, 0x74, 0x12, 0x1a, 0x0a, 0x08, 0x75, 0x73, 0x65, 0x72, 0x6e, 0x61, 0x6d, 0x65, 0x18, - 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x75, 0x73, 0x65, 0x72, 0x6e, 0x61, 0x6d, 0x65, 0x12, - 0x14, 0x0a, 0x05, 0x74, 0x6f, 0x6b, 0x65, 0x6e, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, - 0x74, 0x6f, 0x6b, 0x65, 0x6e, 0x22, 0x51, 0x0a, 0x15, 0x47, 0x65, 0x74, 0x41, 0x63, 0x63, 0x65, - 0x73, 0x73, 0x54, 0x6f, 0x6b, 0x65, 0x6e, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x1a, - 0x0a, 0x08, 0x75, 0x73, 0x65, 0x72, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, - 0x52, 0x08, 0x75, 0x73, 0x65, 0x72, 0x6e, 0x61, 0x6d, 0x65, 0x12, 0x1c, 0x0a, 0x09, 0x74, 0x6f, - 0x6b, 0x65, 0x6e, 0x48, 0x61, 0x73, 0x68, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x09, 0x74, - 0x6f, 0x6b, 0x65, 0x6e, 0x48, 0x61, 0x73, 0x68, 0x22, 0x62, 0x0a, 0x16, 0x47, 0x65, 0x74, 0x41, + 0x52, 0x0a, 0x61, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a, 0x65, 0x64, 0x22, 0x49, 0x0a, 0x15, + 0x47, 0x65, 0x74, 0x41, 0x63, 0x63, 0x65, 0x73, 0x73, 0x54, 0x6f, 0x6b, 0x65, 0x6e, 0x52, 0x65, + 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x1a, 0x0a, 0x08, 0x75, 0x73, 0x65, 0x72, 0x6e, 0x61, 0x6d, + 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x75, 0x73, 0x65, 0x72, 0x6e, 0x61, 0x6d, + 0x65, 0x12, 0x14, 0x0a, 0x05, 0x74, 0x6f, 0x6b, 0x65, 0x6e, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, + 0x52, 0x05, 0x74, 0x6f, 0x6b, 0x65, 0x6e, 0x22, 0x6e, 0x0a, 0x16, 0x47, 0x65, 0x74, 0x41, 0x63, + 0x63, 0x65, 0x73, 0x73, 0x54, 0x6f, 0x6b, 0x65, 0x6e, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, + 0x65, 0x12, 0x16, 0x0a, 0x06, 0x64, 0x6f, 0x6d, 0x61, 0x69, 0x6e, 0x18, 0x01, 0x20, 0x01, 0x28, + 0x09, 0x52, 0x06, 0x64, 0x6f, 0x6d, 0x61, 0x69, 0x6e, 0x12, 0x20, 0x0a, 0x0b, 0x61, 0x63, 0x63, + 0x65, 0x73, 0x73, 0x54, 0x6f, 0x6b, 0x65, 0x6e, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0b, + 0x61, 0x63, 0x63, 0x65, 0x73, 0x73, 0x54, 0x6f, 0x6b, 0x65, 0x6e, 0x12, 0x1a, 0x0a, 0x08, 0x75, + 0x73, 0x65, 0x72, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x75, + 0x73, 0x65, 0x72, 0x6e, 0x61, 0x6d, 0x65, 0x32, 0xfc, 0x01, 0x0a, 0x0b, 0x41, 0x75, 0x74, 0x68, + 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x12, 0x7e, 0x0a, 0x0e, 0x47, 0x65, 0x74, 0x41, 0x63, + 0x63, 0x65, 0x73, 0x73, 0x54, 0x6f, 0x6b, 0x65, 0x6e, 0x12, 0x1a, 0x2e, 0x61, 0x70, 0x69, 0x2e, + 0x47, 0x65, 0x74, 0x41, 0x63, 0x63, 0x65, 0x73, 0x73, 0x54, 0x6f, 0x6b, 0x65, 0x6e, 0x52, 0x65, + 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x1b, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x47, 0x65, 0x74, 0x41, 0x63, 0x63, 0x65, 0x73, 0x73, 0x54, 0x6f, 0x6b, 0x65, 0x6e, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, - 0x73, 0x65, 0x12, 0x16, 0x0a, 0x06, 0x64, 0x6f, 0x6d, 0x61, 0x69, 0x6e, 0x18, 0x01, 0x20, 0x01, - 0x28, 0x09, 0x52, 0x06, 0x64, 0x6f, 0x6d, 0x61, 0x69, 0x6e, 0x12, 0x14, 0x0a, 0x05, 0x74, 0x6f, - 0x6b, 0x65, 0x6e, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x74, 0x6f, 0x6b, 0x65, 0x6e, - 0x12, 0x1a, 0x0a, 0x08, 0x75, 0x73, 0x65, 0x72, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x03, 0x20, 0x01, - 0x28, 0x09, 0x52, 0x08, 0x75, 0x73, 0x65, 0x72, 0x6e, 0x61, 0x6d, 0x65, 0x22, 0x60, 0x0a, 0x14, - 0x49, 0x73, 0x56, 0x61, 0x6c, 0x69, 0x64, 0x54, 0x6f, 0x6b, 0x65, 0x6e, 0x52, 0x65, 0x73, 0x70, - 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x16, 0x0a, 0x06, 0x64, 0x6f, 0x6d, 0x61, 0x69, 0x6e, 0x18, 0x01, - 0x20, 0x01, 0x28, 0x09, 0x52, 0x06, 0x64, 0x6f, 0x6d, 0x61, 0x69, 0x6e, 0x12, 0x14, 0x0a, 0x05, - 0x74, 0x6f, 0x6b, 0x65, 0x6e, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x74, 0x6f, 0x6b, - 0x65, 0x6e, 0x12, 0x1a, 0x0a, 0x08, 0x75, 0x73, 0x65, 0x72, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x03, - 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x75, 0x73, 0x65, 0x72, 0x6e, 0x61, 0x6d, 0x65, 0x32, 0xe6, - 0x02, 0x0a, 0x0b, 0x41, 0x75, 0x74, 0x68, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x12, 0x68, - 0x0a, 0x0c, 0x49, 0x73, 0x56, 0x61, 0x6c, 0x69, 0x64, 0x54, 0x6f, 0x6b, 0x65, 0x6e, 0x12, 0x18, - 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x49, 0x73, 0x56, 0x61, 0x6c, 0x69, 0x64, 0x54, 0x6f, 0x6b, 0x65, - 0x6e, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x19, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x49, - 0x73, 0x56, 0x61, 0x6c, 0x69, 0x64, 0x54, 0x6f, 0x6b, 0x65, 0x6e, 0x52, 0x65, 0x73, 0x70, 0x6f, - 0x6e, 0x73, 0x65, 0x22, 0x23, 0x82, 0xd3, 0xe4, 0x93, 0x02, 0x1d, 0x22, 0x18, 0x2f, 0x61, 0x70, - 0x69, 0x73, 0x2f, 0x76, 0x31, 0x62, 0x65, 0x74, 0x61, 0x31, 0x2f, 0x61, 0x75, 0x74, 0x68, 0x2f, - 0x74, 0x6f, 0x6b, 0x65, 0x6e, 0x3a, 0x01, 0x2a, 0x12, 0x7e, 0x0a, 0x0e, 0x47, 0x65, 0x74, 0x41, - 0x63, 0x63, 0x65, 0x73, 0x73, 0x54, 0x6f, 0x6b, 0x65, 0x6e, 0x12, 0x1a, 0x2e, 0x61, 0x70, 0x69, - 0x2e, 0x47, 0x65, 0x74, 0x41, 0x63, 0x63, 0x65, 0x73, 0x73, 0x54, 0x6f, 0x6b, 0x65, 0x6e, 0x52, - 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x1b, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x47, 0x65, 0x74, - 0x41, 0x63, 0x63, 0x65, 0x73, 0x73, 0x54, 0x6f, 0x6b, 0x65, 0x6e, 0x52, 0x65, 0x73, 0x70, 0x6f, - 0x6e, 0x73, 0x65, 0x22, 0x33, 0x82, 0xd3, 0xe4, 0x93, 0x02, 0x28, 0x22, 0x23, 0x2f, 0x61, 0x70, - 0x69, 0x73, 0x2f, 0x76, 0x31, 0x62, 0x65, 0x74, 0x61, 0x31, 0x2f, 0x61, 0x75, 0x74, 0x68, 0x2f, - 0x67, 0x65, 0x74, 0x5f, 0x61, 0x63, 0x63, 0x65, 0x73, 0x73, 0x5f, 0x74, 0x6f, 0x6b, 0x65, 0x6e, - 0x3a, 0x01, 0x2a, 0x92, 0x41, 0x02, 0x62, 0x00, 0x12, 0x6d, 0x0a, 0x0c, 0x49, 0x73, 0x41, 0x75, - 0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a, 0x65, 0x64, 0x12, 0x18, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x49, - 0x73, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a, 0x65, 0x64, 0x52, 0x65, 0x71, 0x75, 0x65, - 0x73, 0x74, 0x1a, 0x19, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x49, 0x73, 0x41, 0x75, 0x74, 0x68, 0x6f, - 0x72, 0x69, 0x7a, 0x65, 0x64, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x28, 0x82, - 0xd3, 0xe4, 0x93, 0x02, 0x22, 0x22, 0x12, 0x2f, 0x61, 0x70, 0x69, 0x73, 0x2f, 0x76, 0x31, 0x62, - 0x65, 0x74, 0x61, 0x31, 0x2f, 0x61, 0x75, 0x74, 0x68, 0x3a, 0x0c, 0x69, 0x73, 0x41, 0x75, 0x74, - 0x68, 0x6f, 0x72, 0x69, 0x7a, 0x65, 0x64, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, + 0x73, 0x65, 0x22, 0x33, 0x82, 0xd3, 0xe4, 0x93, 0x02, 0x28, 0x22, 0x23, 0x2f, 0x61, 0x70, 0x69, + 0x73, 0x2f, 0x76, 0x31, 0x62, 0x65, 0x74, 0x61, 0x31, 0x2f, 0x61, 0x75, 0x74, 0x68, 0x2f, 0x67, + 0x65, 0x74, 0x5f, 0x61, 0x63, 0x63, 0x65, 0x73, 0x73, 0x5f, 0x74, 0x6f, 0x6b, 0x65, 0x6e, 0x3a, + 0x01, 0x2a, 0x92, 0x41, 0x02, 0x62, 0x00, 0x12, 0x6d, 0x0a, 0x0c, 0x49, 0x73, 0x41, 0x75, 0x74, + 0x68, 0x6f, 0x72, 0x69, 0x7a, 0x65, 0x64, 0x12, 0x18, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x49, 0x73, + 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a, 0x65, 0x64, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, + 0x74, 0x1a, 0x19, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x49, 0x73, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, + 0x69, 0x7a, 0x65, 0x64, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x28, 0x82, 0xd3, + 0xe4, 0x93, 0x02, 0x22, 0x22, 0x12, 0x2f, 0x61, 0x70, 0x69, 0x73, 0x2f, 0x76, 0x31, 0x62, 0x65, + 0x74, 0x61, 0x31, 0x2f, 0x61, 0x75, 0x74, 0x68, 0x3a, 0x0c, 0x69, 0x73, 0x41, 0x75, 0x74, 0x68, + 0x6f, 0x72, 0x69, 0x7a, 0x65, 0x64, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, } var ( @@ -526,26 +391,22 @@ func file_auth_proto_rawDescGZIP() []byte { return file_auth_proto_rawDescData } -var file_auth_proto_msgTypes = make([]protoimpl.MessageInfo, 7) +var file_auth_proto_msgTypes = make([]protoimpl.MessageInfo, 5) var file_auth_proto_goTypes = []interface{}{ (*IsAuthorized)(nil), // 0: api.IsAuthorized (*IsAuthorizedRequest)(nil), // 1: api.IsAuthorizedRequest (*IsAuthorizedResponse)(nil), // 2: api.IsAuthorizedResponse - (*IsValidTokenRequest)(nil), // 3: api.IsValidTokenRequest - (*GetAccessTokenRequest)(nil), // 4: api.GetAccessTokenRequest - (*GetAccessTokenResponse)(nil), // 5: api.GetAccessTokenResponse - (*IsValidTokenResponse)(nil), // 6: api.IsValidTokenResponse + (*GetAccessTokenRequest)(nil), // 3: api.GetAccessTokenRequest + (*GetAccessTokenResponse)(nil), // 4: api.GetAccessTokenResponse } var file_auth_proto_depIdxs = []int32{ 0, // 0: api.IsAuthorizedRequest.isAuthorized:type_name -> api.IsAuthorized - 3, // 1: api.AuthService.IsValidToken:input_type -> api.IsValidTokenRequest - 4, // 2: api.AuthService.GetAccessToken:input_type -> api.GetAccessTokenRequest - 1, // 3: api.AuthService.IsAuthorized:input_type -> api.IsAuthorizedRequest - 6, // 4: api.AuthService.IsValidToken:output_type -> api.IsValidTokenResponse - 5, // 5: api.AuthService.GetAccessToken:output_type -> api.GetAccessTokenResponse - 2, // 6: api.AuthService.IsAuthorized:output_type -> api.IsAuthorizedResponse - 4, // [4:7] is the sub-list for method output_type - 1, // [1:4] is the sub-list for method input_type + 3, // 1: api.AuthService.GetAccessToken:input_type -> api.GetAccessTokenRequest + 1, // 2: api.AuthService.IsAuthorized:input_type -> api.IsAuthorizedRequest + 4, // 3: api.AuthService.GetAccessToken:output_type -> api.GetAccessTokenResponse + 2, // 4: api.AuthService.IsAuthorized:output_type -> api.IsAuthorizedResponse + 3, // [3:5] is the sub-list for method output_type + 1, // [1:3] is the sub-list for method input_type 1, // [1:1] is the sub-list for extension type_name 1, // [1:1] is the sub-list for extension extendee 0, // [0:1] is the sub-list for field type_name @@ -594,18 +455,6 @@ func file_auth_proto_init() { } } file_auth_proto_msgTypes[3].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*IsValidTokenRequest); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_auth_proto_msgTypes[4].Exporter = func(v interface{}, i int) interface{} { switch v := v.(*GetAccessTokenRequest); i { case 0: return &v.state @@ -617,7 +466,7 @@ func file_auth_proto_init() { return nil } } - file_auth_proto_msgTypes[5].Exporter = func(v interface{}, i int) interface{} { + file_auth_proto_msgTypes[4].Exporter = func(v interface{}, i int) interface{} { switch v := v.(*GetAccessTokenResponse); i { case 0: return &v.state @@ -629,18 +478,6 @@ func file_auth_proto_init() { return nil } } - file_auth_proto_msgTypes[6].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*IsValidTokenResponse); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } } type x struct{} out := protoimpl.TypeBuilder{ @@ -648,7 +485,7 @@ func file_auth_proto_init() { GoPackagePath: reflect.TypeOf(x{}).PkgPath(), RawDescriptor: file_auth_proto_rawDesc, NumEnums: 0, - NumMessages: 7, + NumMessages: 5, NumExtensions: 0, NumServices: 1, }, @@ -674,7 +511,6 @@ const _ = grpc.SupportPackageIsVersion6 // // For semantics around ctx use and closing/ending streaming RPCs, please refer to https://godoc.org/google.golang.org/grpc#ClientConn.NewStream. type AuthServiceClient interface { - IsValidToken(ctx context.Context, in *IsValidTokenRequest, opts ...grpc.CallOption) (*IsValidTokenResponse, error) GetAccessToken(ctx context.Context, in *GetAccessTokenRequest, opts ...grpc.CallOption) (*GetAccessTokenResponse, error) IsAuthorized(ctx context.Context, in *IsAuthorizedRequest, opts ...grpc.CallOption) (*IsAuthorizedResponse, error) } @@ -687,15 +523,6 @@ func NewAuthServiceClient(cc grpc.ClientConnInterface) AuthServiceClient { return &authServiceClient{cc} } -func (c *authServiceClient) IsValidToken(ctx context.Context, in *IsValidTokenRequest, opts ...grpc.CallOption) (*IsValidTokenResponse, error) { - out := new(IsValidTokenResponse) - err := c.cc.Invoke(ctx, "/api.AuthService/IsValidToken", in, out, opts...) - if err != nil { - return nil, err - } - return out, nil -} - func (c *authServiceClient) GetAccessToken(ctx context.Context, in *GetAccessTokenRequest, opts ...grpc.CallOption) (*GetAccessTokenResponse, error) { out := new(GetAccessTokenResponse) err := c.cc.Invoke(ctx, "/api.AuthService/GetAccessToken", in, out, opts...) @@ -716,7 +543,6 @@ func (c *authServiceClient) IsAuthorized(ctx context.Context, in *IsAuthorizedRe // AuthServiceServer is the server API for AuthService service. type AuthServiceServer interface { - IsValidToken(context.Context, *IsValidTokenRequest) (*IsValidTokenResponse, error) GetAccessToken(context.Context, *GetAccessTokenRequest) (*GetAccessTokenResponse, error) IsAuthorized(context.Context, *IsAuthorizedRequest) (*IsAuthorizedResponse, error) } @@ -725,9 +551,6 @@ type AuthServiceServer interface { type UnimplementedAuthServiceServer struct { } -func (*UnimplementedAuthServiceServer) IsValidToken(context.Context, *IsValidTokenRequest) (*IsValidTokenResponse, error) { - return nil, status.Errorf(codes.Unimplemented, "method IsValidToken not implemented") -} func (*UnimplementedAuthServiceServer) GetAccessToken(context.Context, *GetAccessTokenRequest) (*GetAccessTokenResponse, error) { return nil, status.Errorf(codes.Unimplemented, "method GetAccessToken not implemented") } @@ -739,24 +562,6 @@ func RegisterAuthServiceServer(s *grpc.Server, srv AuthServiceServer) { s.RegisterService(&_AuthService_serviceDesc, srv) } -func _AuthService_IsValidToken_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { - in := new(IsValidTokenRequest) - if err := dec(in); err != nil { - return nil, err - } - if interceptor == nil { - return srv.(AuthServiceServer).IsValidToken(ctx, in) - } - info := &grpc.UnaryServerInfo{ - Server: srv, - FullMethod: "/api.AuthService/IsValidToken", - } - handler := func(ctx context.Context, req interface{}) (interface{}, error) { - return srv.(AuthServiceServer).IsValidToken(ctx, req.(*IsValidTokenRequest)) - } - return interceptor(ctx, in, info, handler) -} - func _AuthService_GetAccessToken_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { in := new(GetAccessTokenRequest) if err := dec(in); err != nil { @@ -797,10 +602,6 @@ var _AuthService_serviceDesc = grpc.ServiceDesc{ ServiceName: "api.AuthService", HandlerType: (*AuthServiceServer)(nil), Methods: []grpc.MethodDesc{ - { - MethodName: "IsValidToken", - Handler: _AuthService_IsValidToken_Handler, - }, { MethodName: "GetAccessToken", Handler: _AuthService_GetAccessToken_Handler, diff --git a/api/auth.pb.gw.go b/api/auth.pb.gw.go index 89648a7..6edbbf6 100644 --- a/api/auth.pb.gw.go +++ b/api/auth.pb.gw.go @@ -31,40 +31,6 @@ var _ = runtime.String var _ = utilities.NewDoubleArray var _ = descriptor.ForMessage -func request_AuthService_IsValidToken_0(ctx context.Context, marshaler runtime.Marshaler, client AuthServiceClient, req *http.Request, pathParams map[string]string) (proto.Message, runtime.ServerMetadata, error) { - var protoReq IsValidTokenRequest - var metadata runtime.ServerMetadata - - newReader, berr := utilities.IOReaderFactory(req.Body) - if berr != nil { - return nil, metadata, status.Errorf(codes.InvalidArgument, "%v", berr) - } - if err := marshaler.NewDecoder(newReader()).Decode(&protoReq); err != nil && err != io.EOF { - return nil, metadata, status.Errorf(codes.InvalidArgument, "%v", err) - } - - msg, err := client.IsValidToken(ctx, &protoReq, grpc.Header(&metadata.HeaderMD), grpc.Trailer(&metadata.TrailerMD)) - return msg, metadata, err - -} - -func local_request_AuthService_IsValidToken_0(ctx context.Context, marshaler runtime.Marshaler, server AuthServiceServer, req *http.Request, pathParams map[string]string) (proto.Message, runtime.ServerMetadata, error) { - var protoReq IsValidTokenRequest - var metadata runtime.ServerMetadata - - newReader, berr := utilities.IOReaderFactory(req.Body) - if berr != nil { - return nil, metadata, status.Errorf(codes.InvalidArgument, "%v", berr) - } - if err := marshaler.NewDecoder(newReader()).Decode(&protoReq); err != nil && err != io.EOF { - return nil, metadata, status.Errorf(codes.InvalidArgument, "%v", err) - } - - msg, err := server.IsValidToken(ctx, &protoReq) - return msg, metadata, err - -} - func request_AuthService_GetAccessToken_0(ctx context.Context, marshaler runtime.Marshaler, client AuthServiceClient, req *http.Request, pathParams map[string]string) (proto.Message, runtime.ServerMetadata, error) { var protoReq GetAccessTokenRequest var metadata runtime.ServerMetadata @@ -138,26 +104,6 @@ func local_request_AuthService_IsAuthorized_0(ctx context.Context, marshaler run // StreamingRPC :currently unsupported pending https://github.com/grpc/grpc-go/issues/906. func RegisterAuthServiceHandlerServer(ctx context.Context, mux *runtime.ServeMux, server AuthServiceServer) error { - mux.Handle("POST", pattern_AuthService_IsValidToken_0, func(w http.ResponseWriter, req *http.Request, pathParams map[string]string) { - ctx, cancel := context.WithCancel(req.Context()) - defer cancel() - inboundMarshaler, outboundMarshaler := runtime.MarshalerForRequest(mux, req) - rctx, err := runtime.AnnotateIncomingContext(ctx, mux, req) - if err != nil { - runtime.HTTPError(ctx, mux, outboundMarshaler, w, req, err) - return - } - resp, md, err := local_request_AuthService_IsValidToken_0(rctx, inboundMarshaler, server, req, pathParams) - ctx = runtime.NewServerMetadataContext(ctx, md) - if err != nil { - runtime.HTTPError(ctx, mux, outboundMarshaler, w, req, err) - return - } - - forward_AuthService_IsValidToken_0(ctx, mux, outboundMarshaler, w, req, resp, mux.GetForwardResponseOptions()...) - - }) - mux.Handle("POST", pattern_AuthService_GetAccessToken_0, func(w http.ResponseWriter, req *http.Request, pathParams map[string]string) { ctx, cancel := context.WithCancel(req.Context()) defer cancel() @@ -239,26 +185,6 @@ func RegisterAuthServiceHandler(ctx context.Context, mux *runtime.ServeMux, conn // "AuthServiceClient" to call the correct interceptors. func RegisterAuthServiceHandlerClient(ctx context.Context, mux *runtime.ServeMux, client AuthServiceClient) error { - mux.Handle("POST", pattern_AuthService_IsValidToken_0, func(w http.ResponseWriter, req *http.Request, pathParams map[string]string) { - ctx, cancel := context.WithCancel(req.Context()) - defer cancel() - inboundMarshaler, outboundMarshaler := runtime.MarshalerForRequest(mux, req) - rctx, err := runtime.AnnotateContext(ctx, mux, req) - if err != nil { - runtime.HTTPError(ctx, mux, outboundMarshaler, w, req, err) - return - } - resp, md, err := request_AuthService_IsValidToken_0(rctx, inboundMarshaler, client, req, pathParams) - ctx = runtime.NewServerMetadataContext(ctx, md) - if err != nil { - runtime.HTTPError(ctx, mux, outboundMarshaler, w, req, err) - return - } - - forward_AuthService_IsValidToken_0(ctx, mux, outboundMarshaler, w, req, resp, mux.GetForwardResponseOptions()...) - - }) - mux.Handle("POST", pattern_AuthService_GetAccessToken_0, func(w http.ResponseWriter, req *http.Request, pathParams map[string]string) { ctx, cancel := context.WithCancel(req.Context()) defer cancel() @@ -303,16 +229,12 @@ func RegisterAuthServiceHandlerClient(ctx context.Context, mux *runtime.ServeMux } var ( - pattern_AuthService_IsValidToken_0 = runtime.MustPattern(runtime.NewPattern(1, []int{2, 0, 2, 1, 2, 2, 2, 3}, []string{"apis", "v1beta1", "auth", "token"}, "", runtime.AssumeColonVerbOpt(true))) - pattern_AuthService_GetAccessToken_0 = runtime.MustPattern(runtime.NewPattern(1, []int{2, 0, 2, 1, 2, 2, 2, 3}, []string{"apis", "v1beta1", "auth", "get_access_token"}, "", runtime.AssumeColonVerbOpt(true))) pattern_AuthService_IsAuthorized_0 = runtime.MustPattern(runtime.NewPattern(1, []int{2, 0, 2, 1, 2, 2}, []string{"apis", "v1beta1", "auth"}, "", runtime.AssumeColonVerbOpt(true))) ) var ( - forward_AuthService_IsValidToken_0 = runtime.ForwardResponseMessage - forward_AuthService_GetAccessToken_0 = runtime.ForwardResponseMessage forward_AuthService_IsAuthorized_0 = runtime.ForwardResponseMessage diff --git a/api/auth.proto b/api/auth.proto index f58c379..98b8cfe 100644 --- a/api/auth.proto +++ b/api/auth.proto @@ -5,13 +5,6 @@ package api; import "google/api/annotations.proto"; import "protoc-gen-swagger/options/annotations.proto"; service AuthService { - rpc IsValidToken(IsValidTokenRequest) returns (IsValidTokenResponse) { - option (google.api.http) = { - post: "/apis/v1beta1/auth/token" - body: "*" - }; - } - rpc GetAccessToken(GetAccessTokenRequest) returns (GetAccessTokenResponse) { option (google.api.http) = { post: "/apis/v1beta1/auth/get_access_token" @@ -47,24 +40,13 @@ message IsAuthorizedResponse { bool authorized = 1; } -message IsValidTokenRequest { - string username = 1; - string token = 2; -} - message GetAccessTokenRequest { string username = 1; - string tokenHash = 2; + string token = 2; } message GetAccessTokenResponse { string domain = 1; - string token = 2; - string username = 3; -} - -message IsValidTokenResponse { - string domain = 1; - string token = 2; + string accessToken = 2; string username = 3; } \ No newline at end of file diff --git a/server/auth/auth.go b/server/auth/auth.go index 09977cf..0f950c0 100644 --- a/server/auth/auth.go +++ b/server/auth/auth.go @@ -125,7 +125,7 @@ func IsAuthorized(c *v1.Client, namespace, verb, group, resource, name string) ( return } -func verifyLogin(client *v1.Client, tokenRequest *api.IsValidTokenRequest) (rawToken string, err error) { +func verifyLogin(client *v1.Client, tokenRequest *api.GetAccessTokenRequest) (rawToken string, err error) { accountsList, err := client.CoreV1().ServiceAccounts("onepanel").List(v1.ListOptions{}) if err != nil { return "", err @@ -169,23 +169,15 @@ func verifyLogin(client *v1.Client, tokenRequest *api.IsValidTokenRequest) (rawT func UnaryInterceptor(kubeConfig *v1.Config, db *v1.DB, sysConfig v1.SystemConfig) grpc.UnaryServerInterceptor { return func(ctx context.Context, req interface{}, info *grpc.UnaryServerInfo, handler grpc.UnaryHandler) (resp interface{}, err error) { // Check if the provided token is valid. This does not require a token in the header. - if info.FullMethod == "/api.AuthService/IsValidToken" || info.FullMethod == "/api.AuthService/GetAccessToken" { + if info.FullMethod == "/api.AuthService/GetAccessToken" { md, ok := metadata.FromIncomingContext(ctx) if !ok { return resp, errors.New("unable to get metadata from incoming context") } getAccessTokenRequest, ok := req.(*api.GetAccessTokenRequest) - if ok { - req = &api.IsValidTokenRequest{ - Username: getAccessTokenRequest.Username, - Token: getAccessTokenRequest.TokenHash, - } - } - - tokenRequest, ok := req.(*api.IsValidTokenRequest) if !ok { - return resp, errors.New("LogInRequest does not have correct request type") + return resp, errors.New("invalid request object for GetAccessTokenRequest") } defaultClient, err := v1.GetDefaultClientWithDB(db) @@ -193,7 +185,7 @@ func UnaryInterceptor(kubeConfig *v1.Config, db *v1.DB, sysConfig v1.SystemConfi return nil, err } - rawToken, err := verifyLogin(defaultClient, tokenRequest) + rawToken, err := verifyLogin(defaultClient, getAccessTokenRequest) if err != nil { return nil, err } @@ -210,10 +202,6 @@ func UnaryInterceptor(kubeConfig *v1.Config, db *v1.DB, sysConfig v1.SystemConfi ctx = nil } - if info.FullMethod == "/api.AuthService/GetAccessToken" { - return handler(ctx, getAccessTokenRequest) - } - return handler(ctx, req) } if info.FullMethod == "/api.AuthService/IsAuthorized" { diff --git a/server/auth_server.go b/server/auth_server.go index 2525bac..0478790 100644 --- a/server/auth_server.go +++ b/server/auth_server.go @@ -50,13 +50,13 @@ func (a *AuthServer) IsAuthorized(ctx context.Context, request *api.IsAuthorized return res, nil } -func (a *AuthServer) IsValidToken(ctx context.Context, req *api.IsValidTokenRequest) (res *api.IsValidTokenResponse, err error) { +// GetAccessToken is an alias for IsValidToken. It returns a token given a username and hashed token. +func (a *AuthServer) GetAccessToken(ctx context.Context, req *api.GetAccessTokenRequest) (res *api.GetAccessTokenResponse, err error) { if ctx == nil { - return nil, status.Error(codes.Unauthenticated, "Unauthenticated.") + return nil, status.Error(codes.Unauthenticated, "unauthenticated") } client := getClient(ctx) - err = a.isValidToken(err, client) if err != nil { return nil, err @@ -66,30 +66,16 @@ func (a *AuthServer) IsValidToken(ctx context.Context, req *api.IsValidTokenRequ if err != nil { return } - res = &api.IsValidTokenResponse{ - Domain: config["ONEPANEL_DOMAIN"], - Token: client.Token, - Username: req.Username, - } - return res, nil -} - -// GetAccessToken is an alias for IsValidToken. It returns a token given a username and hashed token. -func (a *AuthServer) GetAccessToken(ctx context.Context, req *api.GetAccessTokenRequest) (res *api.GetAccessTokenResponse, err error) { - resp, err := a.IsValidToken(ctx, &api.IsValidTokenRequest{ - Username: req.Username, - Token: req.TokenHash, - }) - - if err != nil { - return nil, err + domain := config.Domain() + if domain == nil { + return nil, fmt.Errorf("domain is not set") } res = &api.GetAccessTokenResponse{ - Domain: resp.Domain, - Token: resp.Token, - Username: resp.Username, + Domain: *domain, + AccessToken: client.Token, + Username: req.Username, } return