zishuo/onepanel
1
0
Fork 0
mirror of https://github.com/onepanelio/onepanel.git synced 2025-10-31 08:46:20 +08:00
Code Issues Actions Packages Projects Releases Wiki Activity

feat: update api to use accessTokenAuth

Browse Source
This commit is contained in:
Andrey Melnikov
2020-11-03 13:37:30 -08:00
parent 93bdc7cd70
commit a405e8bf46
6 changed files with 70 additions and 448 deletions
Download Patch File Download Diff File Expand all files Collapse all files

20
server/auth/auth.go
View File

@@ -125,7 +125,7 @@ func IsAuthorized(c *v1.Client, namespace, verb, group, resource, name string) (
return
}
func verifyLogin(client *v1.Client, tokenRequest *api.IsValidTokenRequest) (rawToken string, err error) {
func verifyLogin(client *v1.Client, tokenRequest *api.GetAccessTokenRequest) (rawToken string, err error) {
accountsList, err := client.CoreV1().ServiceAccounts("onepanel").List(v1.ListOptions{})
if err != nil {
return "", err
@@ -169,23 +169,15 @@ func verifyLogin(client *v1.Client, tokenRequest *api.IsValidTokenRequest) (rawT
func UnaryInterceptor(kubeConfig *v1.Config, db *v1.DB, sysConfig v1.SystemConfig) grpc.UnaryServerInterceptor {
return func(ctx context.Context, req interface{}, info *grpc.UnaryServerInfo, handler grpc.UnaryHandler) (resp interface{}, err error) {
// Check if the provided token is valid. This does not require a token in the header.
if info.FullMethod == "/api.AuthService/IsValidToken" || info.FullMethod == "/api.AuthService/GetAccessToken" {
if info.FullMethod == "/api.AuthService/GetAccessToken" {
md, ok := metadata.FromIncomingContext(ctx)
if !ok {
return resp, errors.New("unable to get metadata from incoming context")
}
getAccessTokenRequest, ok := req.(*api.GetAccessTokenRequest)
if ok {
req = &api.IsValidTokenRequest{
Username: getAccessTokenRequest.Username,
Token: getAccessTokenRequest.TokenHash,
}
}
tokenRequest, ok := req.(*api.IsValidTokenRequest)
if !ok {
return resp, errors.New("LogInRequest does not have correct request type")
return resp, errors.New("invalid request object for GetAccessTokenRequest")
}
defaultClient, err := v1.GetDefaultClientWithDB(db)
@@ -193,7 +185,7 @@ func UnaryInterceptor(kubeConfig *v1.Config, db *v1.DB, sysConfig v1.SystemConfi
return nil, err
}
rawToken, err := verifyLogin(defaultClient, tokenRequest)
rawToken, err := verifyLogin(defaultClient, getAccessTokenRequest)
if err != nil {
return nil, err
}
@@ -210,10 +202,6 @@ func UnaryInterceptor(kubeConfig *v1.Config, db *v1.DB, sysConfig v1.SystemConfi
ctx = nil
}
if info.FullMethod == "/api.AuthService/GetAccessToken" {
return handler(ctx, getAccessTokenRequest)
}
return handler(ctx, req)
}
if info.FullMethod == "/api.AuthService/IsAuthorized" {