zishuo/onepanel
1
0
Fork 0
mirror of https://github.com/onepanelio/onepanel.git synced 2025-11-01 09:12:32 +08:00
Code Issues Actions Packages Projects Releases Wiki Activity

feat: update api to use accessTokenAuth

Browse Source
This commit is contained in:
Andrey Melnikov
2020-11-03 13:37:30 -08:00
parent 93bdc7cd70
commit a405e8bf46
6 changed files with 70 additions and 448 deletions
Download Patch File Download Diff File Expand all files Collapse all files

61
api/api.swagger.json
View File

@@ -87,38 +87,6 @@
"security": []
}
},
"/apis/v1beta1/auth/token": {
"post": {
"operationId": "IsValidToken",
"responses": {
"200": {
"description": "A successful response.",
"schema": {
"$ref": "#/definitions/IsValidTokenResponse"
}
},
"default": {
"description": "An unexpected error response",
"schema": {
"$ref": "#/definitions/grpc.gateway.runtime.Error"
}
}
},
"parameters": [
{
"name": "body",
"in": "body",
"required": true,
"schema": {
"$ref": "#/definitions/IsValidTokenRequest"
}
}
],
"tags": [
"AuthService"
]
}
},
"/apis/v1beta1/config": {
"get": {
"operationId": "GetConfig",
@@ -2970,7 +2938,7 @@
"username": {
"type": "string"
},
"tokenHash": {
"token": {
"type": "string"
}
}
@@ -2981,7 +2949,7 @@
"domain": {
"type": "string"
},
"token": {
"accessToken": {
"type": "string"
},
"username": {
@@ -3073,31 +3041,6 @@
}
}
},
"IsValidTokenRequest": {
"type": "object",
"properties": {
"username": {
"type": "string"
},
"token": {
"type": "string"
}
}
},
"IsValidTokenResponse": {
"type": "object",
"properties": {
"domain": {
"type": "string"
},
"token": {
"type": "string"
},
"username": {
"type": "string"
}
}
},
"KeyValue": {
"type": "object",
"properties": {

305
api/auth.pb.go
View File

@@ -204,7 +204,7 @@ func (x *IsAuthorizedResponse) GetAuthorized() bool {
return false
}
type IsValidTokenRequest struct {
type GetAccessTokenRequest struct {
state protoimpl.MessageState
sizeCache protoimpl.SizeCache
unknownFields protoimpl.UnknownFields
@@ -213,65 +213,10 @@ type IsValidTokenRequest struct {
Token string `protobuf:"bytes,2,opt,name=token,proto3" json:"token,omitempty"`
}
func (x *IsValidTokenRequest) Reset() {
*x = IsValidTokenRequest{}
if protoimpl.UnsafeEnabled {
mi := &file_auth_proto_msgTypes[3]
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
ms.StoreMessageInfo(mi)
}
}
func (x *IsValidTokenRequest) String() string {
return protoimpl.X.MessageStringOf(x)
}
func (*IsValidTokenRequest) ProtoMessage() {}
func (x *IsValidTokenRequest) ProtoReflect() protoreflect.Message {
mi := &file_auth_proto_msgTypes[3]
if protoimpl.UnsafeEnabled && x != nil {
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
if ms.LoadMessageInfo() == nil {
ms.StoreMessageInfo(mi)
}
return ms
}
return mi.MessageOf(x)
}
// Deprecated: Use IsValidTokenRequest.ProtoReflect.Descriptor instead.
func (*IsValidTokenRequest) Descriptor() ([]byte, []int) {
return file_auth_proto_rawDescGZIP(), []int{3}
}
func (x *IsValidTokenRequest) GetUsername() string {
if x != nil {
return x.Username
}
return ""
}
func (x *IsValidTokenRequest) GetToken() string {
if x != nil {
return x.Token
}
return ""
}
type GetAccessTokenRequest struct {
state protoimpl.MessageState
sizeCache protoimpl.SizeCache
unknownFields protoimpl.UnknownFields
Username string `protobuf:"bytes,1,opt,name=username,proto3" json:"username,omitempty"`
TokenHash string `protobuf:"bytes,2,opt,name=tokenHash,proto3" json:"tokenHash,omitempty"`
}
func (x *GetAccessTokenRequest) Reset() {
*x = GetAccessTokenRequest{}
if protoimpl.UnsafeEnabled {
mi := &file_auth_proto_msgTypes[4]
mi := &file_auth_proto_msgTypes[3]
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
ms.StoreMessageInfo(mi)
}
@@ -284,7 +229,7 @@ func (x *GetAccessTokenRequest) String() string {
func (*GetAccessTokenRequest) ProtoMessage() {}
func (x *GetAccessTokenRequest) ProtoReflect() protoreflect.Message {
mi := &file_auth_proto_msgTypes[4]
mi := &file_auth_proto_msgTypes[3]
if protoimpl.UnsafeEnabled && x != nil {
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
if ms.LoadMessageInfo() == nil {
@@ -297,7 +242,7 @@ func (x *GetAccessTokenRequest) ProtoReflect() protoreflect.Message {
// Deprecated: Use GetAccessTokenRequest.ProtoReflect.Descriptor instead.
func (*GetAccessTokenRequest) Descriptor() ([]byte, []int) {
return file_auth_proto_rawDescGZIP(), []int{4}
return file_auth_proto_rawDescGZIP(), []int{3}
}
func (x *GetAccessTokenRequest) GetUsername() string {
@@ -307,9 +252,9 @@ func (x *GetAccessTokenRequest) GetUsername() string {
return ""
}
func (x *GetAccessTokenRequest) GetTokenHash() string {
func (x *GetAccessTokenRequest) GetToken() string {
if x != nil {
return x.TokenHash
return x.Token
}
return ""
}
@@ -319,15 +264,15 @@ type GetAccessTokenResponse struct {
sizeCache protoimpl.SizeCache
unknownFields protoimpl.UnknownFields
Domain string `protobuf:"bytes,1,opt,name=domain,proto3" json:"domain,omitempty"`
Token string `protobuf:"bytes,2,opt,name=token,proto3" json:"token,omitempty"`
Username string `protobuf:"bytes,3,opt,name=username,proto3" json:"username,omitempty"`
Domain string `protobuf:"bytes,1,opt,name=domain,proto3" json:"domain,omitempty"`
AccessToken string `protobuf:"bytes,2,opt,name=accessToken,proto3" json:"accessToken,omitempty"`
Username string `protobuf:"bytes,3,opt,name=username,proto3" json:"username,omitempty"`
}
func (x *GetAccessTokenResponse) Reset() {
*x = GetAccessTokenResponse{}
if protoimpl.UnsafeEnabled {
mi := &file_auth_proto_msgTypes[5]
mi := &file_auth_proto_msgTypes[4]
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
ms.StoreMessageInfo(mi)
}
@@ -340,7 +285,7 @@ func (x *GetAccessTokenResponse) String() string {
func (*GetAccessTokenResponse) ProtoMessage() {}
func (x *GetAccessTokenResponse) ProtoReflect() protoreflect.Message {
mi := &file_auth_proto_msgTypes[5]
mi := &file_auth_proto_msgTypes[4]
if protoimpl.UnsafeEnabled && x != nil {
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
if ms.LoadMessageInfo() == nil {
@@ -353,7 +298,7 @@ func (x *GetAccessTokenResponse) ProtoReflect() protoreflect.Message {
// Deprecated: Use GetAccessTokenResponse.ProtoReflect.Descriptor instead.
func (*GetAccessTokenResponse) Descriptor() ([]byte, []int) {
return file_auth_proto_rawDescGZIP(), []int{5}
return file_auth_proto_rawDescGZIP(), []int{4}
}
func (x *GetAccessTokenResponse) GetDomain() string {
@@ -363,9 +308,9 @@ func (x *GetAccessTokenResponse) GetDomain() string {
return ""
}
func (x *GetAccessTokenResponse) GetToken() string {
func (x *GetAccessTokenResponse) GetAccessToken() string {
if x != nil {
return x.Token
return x.AccessToken
}
return ""
}
@@ -377,69 +322,6 @@ func (x *GetAccessTokenResponse) GetUsername() string {
return ""
}
type IsValidTokenResponse struct {
state protoimpl.MessageState
sizeCache protoimpl.SizeCache
unknownFields protoimpl.UnknownFields
Domain string `protobuf:"bytes,1,opt,name=domain,proto3" json:"domain,omitempty"`
Token string `protobuf:"bytes,2,opt,name=token,proto3" json:"token,omitempty"`
Username string `protobuf:"bytes,3,opt,name=username,proto3" json:"username,omitempty"`
}
func (x *IsValidTokenResponse) Reset() {
*x = IsValidTokenResponse{}
if protoimpl.UnsafeEnabled {
mi := &file_auth_proto_msgTypes[6]
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
ms.StoreMessageInfo(mi)
}
}
func (x *IsValidTokenResponse) String() string {
return protoimpl.X.MessageStringOf(x)
}
func (*IsValidTokenResponse) ProtoMessage() {}
func (x *IsValidTokenResponse) ProtoReflect() protoreflect.Message {
mi := &file_auth_proto_msgTypes[6]
if protoimpl.UnsafeEnabled && x != nil {
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
if ms.LoadMessageInfo() == nil {
ms.StoreMessageInfo(mi)
}
return ms
}
return mi.MessageOf(x)
}
// Deprecated: Use IsValidTokenResponse.ProtoReflect.Descriptor instead.
func (*IsValidTokenResponse) Descriptor() ([]byte, []int) {
return file_auth_proto_rawDescGZIP(), []int{6}
}
func (x *IsValidTokenResponse) GetDomain() string {
if x != nil {
return x.Domain
}
return ""
}
func (x *IsValidTokenResponse) GetToken() string {
if x != nil {
return x.Token
}
return ""
}
func (x *IsValidTokenResponse) GetUsername() string {
if x != nil {
return x.Username
}
return ""
}
var File_auth_proto protoreflect.FileDescriptor
var file_auth_proto_rawDesc = []byte{
@@ -466,52 +348,35 @@ var file_auth_proto_rawDesc = []byte{
0x69, 0x7a, 0x65, 0x64, 0x22, 0x36, 0x0a, 0x14, 0x49, 0x73, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72,
0x69, 0x7a, 0x65, 0x64, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x1e, 0x0a, 0x0a,
0x61, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a, 0x65, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x08,
0x52, 0x0a, 0x61, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a, 0x65, 0x64, 0x22, 0x47, 0x0a, 0x13,
0x49, 0x73, 0x56, 0x61, 0x6c, 0x69, 0x64, 0x54, 0x6f, 0x6b, 0x65, 0x6e, 0x52, 0x65, 0x71, 0x75,
0x65, 0x73, 0x74, 0x12, 0x1a, 0x0a, 0x08, 0x75, 0x73, 0x65, 0x72, 0x6e, 0x61, 0x6d, 0x65, 0x18,
0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x75, 0x73, 0x65, 0x72, 0x6e, 0x61, 0x6d, 0x65, 0x12,
0x14, 0x0a, 0x05, 0x74, 0x6f, 0x6b, 0x65, 0x6e, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05,
0x74, 0x6f, 0x6b, 0x65, 0x6e, 0x22, 0x51, 0x0a, 0x15, 0x47, 0x65, 0x74, 0x41, 0x63, 0x63, 0x65,
0x73, 0x73, 0x54, 0x6f, 0x6b, 0x65, 0x6e, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x1a,
0x0a, 0x08, 0x75, 0x73, 0x65, 0x72, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09,
0x52, 0x08, 0x75, 0x73, 0x65, 0x72, 0x6e, 0x61, 0x6d, 0x65, 0x12, 0x1c, 0x0a, 0x09, 0x74, 0x6f,
0x6b, 0x65, 0x6e, 0x48, 0x61, 0x73, 0x68, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x09, 0x74,
0x6f, 0x6b, 0x65, 0x6e, 0x48, 0x61, 0x73, 0x68, 0x22, 0x62, 0x0a, 0x16, 0x47, 0x65, 0x74, 0x41,
0x52, 0x0a, 0x61, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a, 0x65, 0x64, 0x22, 0x49, 0x0a, 0x15,
0x47, 0x65, 0x74, 0x41, 0x63, 0x63, 0x65, 0x73, 0x73, 0x54, 0x6f, 0x6b, 0x65, 0x6e, 0x52, 0x65,
0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x1a, 0x0a, 0x08, 0x75, 0x73, 0x65, 0x72, 0x6e, 0x61, 0x6d,
0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x75, 0x73, 0x65, 0x72, 0x6e, 0x61, 0x6d,
0x65, 0x12, 0x14, 0x0a, 0x05, 0x74, 0x6f, 0x6b, 0x65, 0x6e, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09,
0x52, 0x05, 0x74, 0x6f, 0x6b, 0x65, 0x6e, 0x22, 0x6e, 0x0a, 0x16, 0x47, 0x65, 0x74, 0x41, 0x63,
0x63, 0x65, 0x73, 0x73, 0x54, 0x6f, 0x6b, 0x65, 0x6e, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73,
0x65, 0x12, 0x16, 0x0a, 0x06, 0x64, 0x6f, 0x6d, 0x61, 0x69, 0x6e, 0x18, 0x01, 0x20, 0x01, 0x28,
0x09, 0x52, 0x06, 0x64, 0x6f, 0x6d, 0x61, 0x69, 0x6e, 0x12, 0x20, 0x0a, 0x0b, 0x61, 0x63, 0x63,
0x65, 0x73, 0x73, 0x54, 0x6f, 0x6b, 0x65, 0x6e, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0b,
0x61, 0x63, 0x63, 0x65, 0x73, 0x73, 0x54, 0x6f, 0x6b, 0x65, 0x6e, 0x12, 0x1a, 0x0a, 0x08, 0x75,
0x73, 0x65, 0x72, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x75,
0x73, 0x65, 0x72, 0x6e, 0x61, 0x6d, 0x65, 0x32, 0xfc, 0x01, 0x0a, 0x0b, 0x41, 0x75, 0x74, 0x68,
0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x12, 0x7e, 0x0a, 0x0e, 0x47, 0x65, 0x74, 0x41, 0x63,
0x63, 0x65, 0x73, 0x73, 0x54, 0x6f, 0x6b, 0x65, 0x6e, 0x12, 0x1a, 0x2e, 0x61, 0x70, 0x69, 0x2e,
0x47, 0x65, 0x74, 0x41, 0x63, 0x63, 0x65, 0x73, 0x73, 0x54, 0x6f, 0x6b, 0x65, 0x6e, 0x52, 0x65,
0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x1b, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x47, 0x65, 0x74, 0x41,
0x63, 0x63, 0x65, 0x73, 0x73, 0x54, 0x6f, 0x6b, 0x65, 0x6e, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e,
0x73, 0x65, 0x12, 0x16, 0x0a, 0x06, 0x64, 0x6f, 0x6d, 0x61, 0x69, 0x6e, 0x18, 0x01, 0x20, 0x01,
0x28, 0x09, 0x52, 0x06, 0x64, 0x6f, 0x6d, 0x61, 0x69, 0x6e, 0x12, 0x14, 0x0a, 0x05, 0x74, 0x6f,
0x6b, 0x65, 0x6e, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x74, 0x6f, 0x6b, 0x65, 0x6e,
0x12, 0x1a, 0x0a, 0x08, 0x75, 0x73, 0x65, 0x72, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x03, 0x20, 0x01,
0x28, 0x09, 0x52, 0x08, 0x75, 0x73, 0x65, 0x72, 0x6e, 0x61, 0x6d, 0x65, 0x22, 0x60, 0x0a, 0x14,
0x49, 0x73, 0x56, 0x61, 0x6c, 0x69, 0x64, 0x54, 0x6f, 0x6b, 0x65, 0x6e, 0x52, 0x65, 0x73, 0x70,
0x6f, 0x6e, 0x73, 0x65, 0x12, 0x16, 0x0a, 0x06, 0x64, 0x6f, 0x6d, 0x61, 0x69, 0x6e, 0x18, 0x01,
0x20, 0x01, 0x28, 0x09, 0x52, 0x06, 0x64, 0x6f, 0x6d, 0x61, 0x69, 0x6e, 0x12, 0x14, 0x0a, 0x05,
0x74, 0x6f, 0x6b, 0x65, 0x6e, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x74, 0x6f, 0x6b,
0x65, 0x6e, 0x12, 0x1a, 0x0a, 0x08, 0x75, 0x73, 0x65, 0x72, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x03,
0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x75, 0x73, 0x65, 0x72, 0x6e, 0x61, 0x6d, 0x65, 0x32, 0xe6,
0x02, 0x0a, 0x0b, 0x41, 0x75, 0x74, 0x68, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x12, 0x68,
0x0a, 0x0c, 0x49, 0x73, 0x56, 0x61, 0x6c, 0x69, 0x64, 0x54, 0x6f, 0x6b, 0x65, 0x6e, 0x12, 0x18,
0x2e, 0x61, 0x70, 0x69, 0x2e, 0x49, 0x73, 0x56, 0x61, 0x6c, 0x69, 0x64, 0x54, 0x6f, 0x6b, 0x65,
0x6e, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x19, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x49,
0x73, 0x56, 0x61, 0x6c, 0x69, 0x64, 0x54, 0x6f, 0x6b, 0x65, 0x6e, 0x52, 0x65, 0x73, 0x70, 0x6f,
0x6e, 0x73, 0x65, 0x22, 0x23, 0x82, 0xd3, 0xe4, 0x93, 0x02, 0x1d, 0x22, 0x18, 0x2f, 0x61, 0x70,
0x69, 0x73, 0x2f, 0x76, 0x31, 0x62, 0x65, 0x74, 0x61, 0x31, 0x2f, 0x61, 0x75, 0x74, 0x68, 0x2f,
0x74, 0x6f, 0x6b, 0x65, 0x6e, 0x3a, 0x01, 0x2a, 0x12, 0x7e, 0x0a, 0x0e, 0x47, 0x65, 0x74, 0x41,
0x63, 0x63, 0x65, 0x73, 0x73, 0x54, 0x6f, 0x6b, 0x65, 0x6e, 0x12, 0x1a, 0x2e, 0x61, 0x70, 0x69,
0x2e, 0x47, 0x65, 0x74, 0x41, 0x63, 0x63, 0x65, 0x73, 0x73, 0x54, 0x6f, 0x6b, 0x65, 0x6e, 0x52,
0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x1b, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x47, 0x65, 0x74,
0x41, 0x63, 0x63, 0x65, 0x73, 0x73, 0x54, 0x6f, 0x6b, 0x65, 0x6e, 0x52, 0x65, 0x73, 0x70, 0x6f,
0x6e, 0x73, 0x65, 0x22, 0x33, 0x82, 0xd3, 0xe4, 0x93, 0x02, 0x28, 0x22, 0x23, 0x2f, 0x61, 0x70,
0x69, 0x73, 0x2f, 0x76, 0x31, 0x62, 0x65, 0x74, 0x61, 0x31, 0x2f, 0x61, 0x75, 0x74, 0x68, 0x2f,
0x67, 0x65, 0x74, 0x5f, 0x61, 0x63, 0x63, 0x65, 0x73, 0x73, 0x5f, 0x74, 0x6f, 0x6b, 0x65, 0x6e,
0x3a, 0x01, 0x2a, 0x92, 0x41, 0x02, 0x62, 0x00, 0x12, 0x6d, 0x0a, 0x0c, 0x49, 0x73, 0x41, 0x75,
0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a, 0x65, 0x64, 0x12, 0x18, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x49,
0x73, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a, 0x65, 0x64, 0x52, 0x65, 0x71, 0x75, 0x65,
0x73, 0x74, 0x1a, 0x19, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x49, 0x73, 0x41, 0x75, 0x74, 0x68, 0x6f,
0x72, 0x69, 0x7a, 0x65, 0x64, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x28, 0x82,
0xd3, 0xe4, 0x93, 0x02, 0x22, 0x22, 0x12, 0x2f, 0x61, 0x70, 0x69, 0x73, 0x2f, 0x76, 0x31, 0x62,
0x65, 0x74, 0x61, 0x31, 0x2f, 0x61, 0x75, 0x74, 0x68, 0x3a, 0x0c, 0x69, 0x73, 0x41, 0x75, 0x74,
0x68, 0x6f, 0x72, 0x69, 0x7a, 0x65, 0x64, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33,
0x73, 0x65, 0x22, 0x33, 0x82, 0xd3, 0xe4, 0x93, 0x02, 0x28, 0x22, 0x23, 0x2f, 0x61, 0x70, 0x69,
0x73, 0x2f, 0x76, 0x31, 0x62, 0x65, 0x74, 0x61, 0x31, 0x2f, 0x61, 0x75, 0x74, 0x68, 0x2f, 0x67,
0x65, 0x74, 0x5f, 0x61, 0x63, 0x63, 0x65, 0x73, 0x73, 0x5f, 0x74, 0x6f, 0x6b, 0x65, 0x6e, 0x3a,
0x01, 0x2a, 0x92, 0x41, 0x02, 0x62, 0x00, 0x12, 0x6d, 0x0a, 0x0c, 0x49, 0x73, 0x41, 0x75, 0x74,
0x68, 0x6f, 0x72, 0x69, 0x7a, 0x65, 0x64, 0x12, 0x18, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x49, 0x73,
0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a, 0x65, 0x64, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73,
0x74, 0x1a, 0x19, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x49, 0x73, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72,
0x69, 0x7a, 0x65, 0x64, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x28, 0x82, 0xd3,
0xe4, 0x93, 0x02, 0x22, 0x22, 0x12, 0x2f, 0x61, 0x70, 0x69, 0x73, 0x2f, 0x76, 0x31, 0x62, 0x65,
0x74, 0x61, 0x31, 0x2f, 0x61, 0x75, 0x74, 0x68, 0x3a, 0x0c, 0x69, 0x73, 0x41, 0x75, 0x74, 0x68,
0x6f, 0x72, 0x69, 0x7a, 0x65, 0x64, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33,
}
var (
@@ -526,26 +391,22 @@ func file_auth_proto_rawDescGZIP() []byte {
return file_auth_proto_rawDescData
}
var file_auth_proto_msgTypes = make([]protoimpl.MessageInfo, 7)
var file_auth_proto_msgTypes = make([]protoimpl.MessageInfo, 5)
var file_auth_proto_goTypes = []interface{}{
(*IsAuthorized)(nil), // 0: api.IsAuthorized
(*IsAuthorizedRequest)(nil), // 1: api.IsAuthorizedRequest
(*IsAuthorizedResponse)(nil), // 2: api.IsAuthorizedResponse
(*IsValidTokenRequest)(nil), // 3: api.IsValidTokenRequest
(*GetAccessTokenRequest)(nil), // 4: api.GetAccessTokenRequest
(*GetAccessTokenResponse)(nil), // 5: api.GetAccessTokenResponse
(*IsValidTokenResponse)(nil), // 6: api.IsValidTokenResponse
(*GetAccessTokenRequest)(nil), // 3: api.GetAccessTokenRequest
(*GetAccessTokenResponse)(nil), // 4: api.GetAccessTokenResponse
}
var file_auth_proto_depIdxs = []int32{
0, // 0: api.IsAuthorizedRequest.isAuthorized:type_name -> api.IsAuthorized
3, // 1: api.AuthService.IsValidToken:input_type -> api.IsValidTokenRequest
4, // 2: api.AuthService.GetAccessToken:input_type -> api.GetAccessTokenRequest
1, // 3: api.AuthService.IsAuthorized:input_type -> api.IsAuthorizedRequest
6, // 4: api.AuthService.IsValidToken:output_type -> api.IsValidTokenResponse
5, // 5: api.AuthService.GetAccessToken:output_type -> api.GetAccessTokenResponse
2, // 6: api.AuthService.IsAuthorized:output_type -> api.IsAuthorizedResponse
4, // [4:7] is the sub-list for method output_type
1, // [1:4] is the sub-list for method input_type
3, // 1: api.AuthService.GetAccessToken:input_type -> api.GetAccessTokenRequest
1, // 2: api.AuthService.IsAuthorized:input_type -> api.IsAuthorizedRequest
4, // 3: api.AuthService.GetAccessToken:output_type -> api.GetAccessTokenResponse
2, // 4: api.AuthService.IsAuthorized:output_type -> api.IsAuthorizedResponse
3, // [3:5] is the sub-list for method output_type
1, // [1:3] is the sub-list for method input_type
1, // [1:1] is the sub-list for extension type_name
1, // [1:1] is the sub-list for extension extendee
0, // [0:1] is the sub-list for field type_name
@@ -594,18 +455,6 @@ func file_auth_proto_init() {
}
}
file_auth_proto_msgTypes[3].Exporter = func(v interface{}, i int) interface{} {
switch v := v.(*IsValidTokenRequest); i {
case 0:
return &v.state
case 1:
return &v.sizeCache
case 2:
return &v.unknownFields
default:
return nil
}
}
file_auth_proto_msgTypes[4].Exporter = func(v interface{}, i int) interface{} {
switch v := v.(*GetAccessTokenRequest); i {
case 0:
return &v.state
@@ -617,7 +466,7 @@ func file_auth_proto_init() {
return nil
}
}
file_auth_proto_msgTypes[5].Exporter = func(v interface{}, i int) interface{} {
file_auth_proto_msgTypes[4].Exporter = func(v interface{}, i int) interface{} {
switch v := v.(*GetAccessTokenResponse); i {
case 0:
return &v.state
@@ -629,18 +478,6 @@ func file_auth_proto_init() {
return nil
}
}
file_auth_proto_msgTypes[6].Exporter = func(v interface{}, i int) interface{} {
switch v := v.(*IsValidTokenResponse); i {
case 0:
return &v.state
case 1:
return &v.sizeCache
case 2:
return &v.unknownFields
default:
return nil
}
}
}
type x struct{}
out := protoimpl.TypeBuilder{
@@ -648,7 +485,7 @@ func file_auth_proto_init() {
GoPackagePath: reflect.TypeOf(x{}).PkgPath(),
RawDescriptor: file_auth_proto_rawDesc,
NumEnums: 0,
NumMessages: 7,
NumMessages: 5,
NumExtensions: 0,
NumServices: 1,
},
@@ -674,7 +511,6 @@ const _ = grpc.SupportPackageIsVersion6
//
// For semantics around ctx use and closing/ending streaming RPCs, please refer to https://godoc.org/google.golang.org/grpc#ClientConn.NewStream.
type AuthServiceClient interface {
IsValidToken(ctx context.Context, in *IsValidTokenRequest, opts ...grpc.CallOption) (*IsValidTokenResponse, error)
GetAccessToken(ctx context.Context, in *GetAccessTokenRequest, opts ...grpc.CallOption) (*GetAccessTokenResponse, error)
IsAuthorized(ctx context.Context, in *IsAuthorizedRequest, opts ...grpc.CallOption) (*IsAuthorizedResponse, error)
}
@@ -687,15 +523,6 @@ func NewAuthServiceClient(cc grpc.ClientConnInterface) AuthServiceClient {
return &authServiceClient{cc}
}
func (c *authServiceClient) IsValidToken(ctx context.Context, in *IsValidTokenRequest, opts ...grpc.CallOption) (*IsValidTokenResponse, error) {
out := new(IsValidTokenResponse)
err := c.cc.Invoke(ctx, "/api.AuthService/IsValidToken", in, out, opts...)
if err != nil {
return nil, err
}
return out, nil
}
func (c *authServiceClient) GetAccessToken(ctx context.Context, in *GetAccessTokenRequest, opts ...grpc.CallOption) (*GetAccessTokenResponse, error) {
out := new(GetAccessTokenResponse)
err := c.cc.Invoke(ctx, "/api.AuthService/GetAccessToken", in, out, opts...)
@@ -716,7 +543,6 @@ func (c *authServiceClient) IsAuthorized(ctx context.Context, in *IsAuthorizedRe
// AuthServiceServer is the server API for AuthService service.
type AuthServiceServer interface {
IsValidToken(context.Context, *IsValidTokenRequest) (*IsValidTokenResponse, error)
GetAccessToken(context.Context, *GetAccessTokenRequest) (*GetAccessTokenResponse, error)
IsAuthorized(context.Context, *IsAuthorizedRequest) (*IsAuthorizedResponse, error)
}
@@ -725,9 +551,6 @@ type AuthServiceServer interface {
type UnimplementedAuthServiceServer struct {
}
func (*UnimplementedAuthServiceServer) IsValidToken(context.Context, *IsValidTokenRequest) (*IsValidTokenResponse, error) {
return nil, status.Errorf(codes.Unimplemented, "method IsValidToken not implemented")
}
func (*UnimplementedAuthServiceServer) GetAccessToken(context.Context, *GetAccessTokenRequest) (*GetAccessTokenResponse, error) {
return nil, status.Errorf(codes.Unimplemented, "method GetAccessToken not implemented")
}
@@ -739,24 +562,6 @@ func RegisterAuthServiceServer(s *grpc.Server, srv AuthServiceServer) {
s.RegisterService(&_AuthService_serviceDesc, srv)
}
func _AuthService_IsValidToken_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
in := new(IsValidTokenRequest)
if err := dec(in); err != nil {
return nil, err
}
if interceptor == nil {
return srv.(AuthServiceServer).IsValidToken(ctx, in)
}
info := &grpc.UnaryServerInfo{
Server: srv,
FullMethod: "/api.AuthService/IsValidToken",
}
handler := func(ctx context.Context, req interface{}) (interface{}, error) {
return srv.(AuthServiceServer).IsValidToken(ctx, req.(*IsValidTokenRequest))
}
return interceptor(ctx, in, info, handler)
}
func _AuthService_GetAccessToken_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
in := new(GetAccessTokenRequest)
if err := dec(in); err != nil {
@@ -797,10 +602,6 @@ var _AuthService_serviceDesc = grpc.ServiceDesc{
ServiceName: "api.AuthService",
HandlerType: (*AuthServiceServer)(nil),
Methods: []grpc.MethodDesc{
{
MethodName: "IsValidToken",
Handler: _AuthService_IsValidToken_Handler,
},
{
MethodName: "GetAccessToken",
Handler: _AuthService_GetAccessToken_Handler,

78
api/auth.pb.gw.go
View File

@@ -31,40 +31,6 @@ var _ = runtime.String
var _ = utilities.NewDoubleArray
var _ = descriptor.ForMessage
func request_AuthService_IsValidToken_0(ctx context.Context, marshaler runtime.Marshaler, client AuthServiceClient, req *http.Request, pathParams map[string]string) (proto.Message, runtime.ServerMetadata, error) {
var protoReq IsValidTokenRequest
var metadata runtime.ServerMetadata
newReader, berr := utilities.IOReaderFactory(req.Body)
if berr != nil {
return nil, metadata, status.Errorf(codes.InvalidArgument, "%v", berr)
}
if err := marshaler.NewDecoder(newReader()).Decode(&protoReq); err != nil && err != io.EOF {
return nil, metadata, status.Errorf(codes.InvalidArgument, "%v", err)
}
msg, err := client.IsValidToken(ctx, &protoReq, grpc.Header(&metadata.HeaderMD), grpc.Trailer(&metadata.TrailerMD))
return msg, metadata, err
}
func local_request_AuthService_IsValidToken_0(ctx context.Context, marshaler runtime.Marshaler, server AuthServiceServer, req *http.Request, pathParams map[string]string) (proto.Message, runtime.ServerMetadata, error) {
var protoReq IsValidTokenRequest
var metadata runtime.ServerMetadata
newReader, berr := utilities.IOReaderFactory(req.Body)
if berr != nil {
return nil, metadata, status.Errorf(codes.InvalidArgument, "%v", berr)
}
if err := marshaler.NewDecoder(newReader()).Decode(&protoReq); err != nil && err != io.EOF {
return nil, metadata, status.Errorf(codes.InvalidArgument, "%v", err)
}
msg, err := server.IsValidToken(ctx, &protoReq)
return msg, metadata, err
}
func request_AuthService_GetAccessToken_0(ctx context.Context, marshaler runtime.Marshaler, client AuthServiceClient, req *http.Request, pathParams map[string]string) (proto.Message, runtime.ServerMetadata, error) {
var protoReq GetAccessTokenRequest
var metadata runtime.ServerMetadata
@@ -138,26 +104,6 @@ func local_request_AuthService_IsAuthorized_0(ctx context.Context, marshaler run
// StreamingRPC :currently unsupported pending https://github.com/grpc/grpc-go/issues/906.
func RegisterAuthServiceHandlerServer(ctx context.Context, mux *runtime.ServeMux, server AuthServiceServer) error {
mux.Handle("POST", pattern_AuthService_IsValidToken_0, func(w http.ResponseWriter, req *http.Request, pathParams map[string]string) {
ctx, cancel := context.WithCancel(req.Context())
defer cancel()
inboundMarshaler, outboundMarshaler := runtime.MarshalerForRequest(mux, req)
rctx, err := runtime.AnnotateIncomingContext(ctx, mux, req)
if err != nil {
runtime.HTTPError(ctx, mux, outboundMarshaler, w, req, err)
return
}
resp, md, err := local_request_AuthService_IsValidToken_0(rctx, inboundMarshaler, server, req, pathParams)
ctx = runtime.NewServerMetadataContext(ctx, md)
if err != nil {
runtime.HTTPError(ctx, mux, outboundMarshaler, w, req, err)
return
}
forward_AuthService_IsValidToken_0(ctx, mux, outboundMarshaler, w, req, resp, mux.GetForwardResponseOptions()...)
})
mux.Handle("POST", pattern_AuthService_GetAccessToken_0, func(w http.ResponseWriter, req *http.Request, pathParams map[string]string) {
ctx, cancel := context.WithCancel(req.Context())
defer cancel()
@@ -239,26 +185,6 @@ func RegisterAuthServiceHandler(ctx context.Context, mux *runtime.ServeMux, conn
// "AuthServiceClient" to call the correct interceptors.
func RegisterAuthServiceHandlerClient(ctx context.Context, mux *runtime.ServeMux, client AuthServiceClient) error {
mux.Handle("POST", pattern_AuthService_IsValidToken_0, func(w http.ResponseWriter, req *http.Request, pathParams map[string]string) {
ctx, cancel := context.WithCancel(req.Context())
defer cancel()
inboundMarshaler, outboundMarshaler := runtime.MarshalerForRequest(mux, req)
rctx, err := runtime.AnnotateContext(ctx, mux, req)
if err != nil {
runtime.HTTPError(ctx, mux, outboundMarshaler, w, req, err)
return
}
resp, md, err := request_AuthService_IsValidToken_0(rctx, inboundMarshaler, client, req, pathParams)
ctx = runtime.NewServerMetadataContext(ctx, md)
if err != nil {
runtime.HTTPError(ctx, mux, outboundMarshaler, w, req, err)
return
}
forward_AuthService_IsValidToken_0(ctx, mux, outboundMarshaler, w, req, resp, mux.GetForwardResponseOptions()...)
})
mux.Handle("POST", pattern_AuthService_GetAccessToken_0, func(w http.ResponseWriter, req *http.Request, pathParams map[string]string) {
ctx, cancel := context.WithCancel(req.Context())
defer cancel()
@@ -303,16 +229,12 @@ func RegisterAuthServiceHandlerClient(ctx context.Context, mux *runtime.ServeMux
}
var (
pattern_AuthService_IsValidToken_0 = runtime.MustPattern(runtime.NewPattern(1, []int{2, 0, 2, 1, 2, 2, 2, 3}, []string{"apis", "v1beta1", "auth", "token"}, "", runtime.AssumeColonVerbOpt(true)))
pattern_AuthService_GetAccessToken_0 = runtime.MustPattern(runtime.NewPattern(1, []int{2, 0, 2, 1, 2, 2, 2, 3}, []string{"apis", "v1beta1", "auth", "get_access_token"}, "", runtime.AssumeColonVerbOpt(true)))
pattern_AuthService_IsAuthorized_0 = runtime.MustPattern(runtime.NewPattern(1, []int{2, 0, 2, 1, 2, 2}, []string{"apis", "v1beta1", "auth"}, "", runtime.AssumeColonVerbOpt(true)))
)
var (
forward_AuthService_IsValidToken_0 = runtime.ForwardResponseMessage
forward_AuthService_GetAccessToken_0 = runtime.ForwardResponseMessage
forward_AuthService_IsAuthorized_0 = runtime.ForwardResponseMessage

22
api/auth.proto
View File

@@ -5,13 +5,6 @@ package api;
import "google/api/annotations.proto";
import "protoc-gen-swagger/options/annotations.proto";
service AuthService {
rpc IsValidToken(IsValidTokenRequest) returns (IsValidTokenResponse) {
option (google.api.http) = {
post: "/apis/v1beta1/auth/token"
body: "*"
};
}
rpc GetAccessToken(GetAccessTokenRequest) returns (GetAccessTokenResponse) {
option (google.api.http) = {
post: "/apis/v1beta1/auth/get_access_token"
@@ -47,24 +40,13 @@ message IsAuthorizedResponse {
bool authorized = 1;
}
message IsValidTokenRequest {
string username = 1;
string token = 2;
}
message GetAccessTokenRequest {
string username = 1;
string tokenHash = 2;
string token = 2;
}
message GetAccessTokenResponse {
string domain = 1;
string token = 2;
string username = 3;
}
message IsValidTokenResponse {
string domain = 1;
string token = 2;
string accessToken = 2;
string username = 3;
}

20
server/auth/auth.go
View File

@@ -125,7 +125,7 @@ func IsAuthorized(c *v1.Client, namespace, verb, group, resource, name string) (
return
}
func verifyLogin(client *v1.Client, tokenRequest *api.IsValidTokenRequest) (rawToken string, err error) {
func verifyLogin(client *v1.Client, tokenRequest *api.GetAccessTokenRequest) (rawToken string, err error) {
accountsList, err := client.CoreV1().ServiceAccounts("onepanel").List(v1.ListOptions{})
if err != nil {
return "", err
@@ -169,23 +169,15 @@ func verifyLogin(client *v1.Client, tokenRequest *api.IsValidTokenRequest) (rawT
func UnaryInterceptor(kubeConfig *v1.Config, db *v1.DB, sysConfig v1.SystemConfig) grpc.UnaryServerInterceptor {
return func(ctx context.Context, req interface{}, info *grpc.UnaryServerInfo, handler grpc.UnaryHandler) (resp interface{}, err error) {
// Check if the provided token is valid. This does not require a token in the header.
if info.FullMethod == "/api.AuthService/IsValidToken" || info.FullMethod == "/api.AuthService/GetAccessToken" {
if info.FullMethod == "/api.AuthService/GetAccessToken" {
md, ok := metadata.FromIncomingContext(ctx)
if !ok {
return resp, errors.New("unable to get metadata from incoming context")
}
getAccessTokenRequest, ok := req.(*api.GetAccessTokenRequest)
if ok {
req = &api.IsValidTokenRequest{
Username: getAccessTokenRequest.Username,
Token: getAccessTokenRequest.TokenHash,
}
}
tokenRequest, ok := req.(*api.IsValidTokenRequest)
if !ok {
return resp, errors.New("LogInRequest does not have correct request type")
return resp, errors.New("invalid request object for GetAccessTokenRequest")
}
defaultClient, err := v1.GetDefaultClientWithDB(db)
@@ -193,7 +185,7 @@ func UnaryInterceptor(kubeConfig *v1.Config, db *v1.DB, sysConfig v1.SystemConfi
return nil, err
}
rawToken, err := verifyLogin(defaultClient, tokenRequest)
rawToken, err := verifyLogin(defaultClient, getAccessTokenRequest)
if err != nil {
return nil, err
}
@@ -210,10 +202,6 @@ func UnaryInterceptor(kubeConfig *v1.Config, db *v1.DB, sysConfig v1.SystemConfi
ctx = nil
}
if info.FullMethod == "/api.AuthService/GetAccessToken" {
return handler(ctx, getAccessTokenRequest)
}
return handler(ctx, req)
}
if info.FullMethod == "/api.AuthService/IsAuthorized" {

32
server/auth_server.go
View File

@@ -50,13 +50,13 @@ func (a *AuthServer) IsAuthorized(ctx context.Context, request *api.IsAuthorized
return res, nil
}
func (a *AuthServer) IsValidToken(ctx context.Context, req *api.IsValidTokenRequest) (res *api.IsValidTokenResponse, err error) {
// GetAccessToken is an alias for IsValidToken. It returns a token given a username and hashed token.
func (a *AuthServer) GetAccessToken(ctx context.Context, req *api.GetAccessTokenRequest) (res *api.GetAccessTokenResponse, err error) {
if ctx == nil {
return nil, status.Error(codes.Unauthenticated, "Unauthenticated.")
return nil, status.Error(codes.Unauthenticated, "unauthenticated")
}
client := getClient(ctx)
err = a.isValidToken(err, client)
if err != nil {
return nil, err
@@ -66,30 +66,16 @@ func (a *AuthServer) IsValidToken(ctx context.Context, req *api.IsValidTokenRequ
if err != nil {
return
}
res = &api.IsValidTokenResponse{
Domain: config["ONEPANEL_DOMAIN"],
Token: client.Token,
Username: req.Username,
}
return res, nil
}
// GetAccessToken is an alias for IsValidToken. It returns a token given a username and hashed token.
func (a *AuthServer) GetAccessToken(ctx context.Context, req *api.GetAccessTokenRequest) (res *api.GetAccessTokenResponse, err error) {
resp, err := a.IsValidToken(ctx, &api.IsValidTokenRequest{
Username: req.Username,
Token: req.TokenHash,
})
if err != nil {
return nil, err
domain := config.Domain()
if domain == nil {
return nil, fmt.Errorf("domain is not set")
}
res = &api.GetAccessTokenResponse{
Domain: resp.Domain,
Token: resp.Token,
Username: resp.Username,
Domain: *domain,
AccessToken: client.Token,
Username: req.Username,
}
return