zishuo/onepanel
1
0
Fork 0
mirror of https://github.com/onepanelio/onepanel.git synced 2025-10-06 06:06:50 +08:00
Code Issues Actions Packages Projects Releases Wiki Activity

Merge remote-tracking branch 'origin/feat/core.124-add.envoy.filter' into feat/integrate.workflow.changes

Browse Source
This commit is contained in:
Andrey Melnikov
2020-05-04 11:55:57 -07:00
parent 11c18f23a9 5a329c242e
commit cfd000d38b
6 changed files with 335 additions and 25 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
api/api.swagger.json
View File

@@ -28,7 +28,7 @@
"200": { "200": {
"description": "A successful response.", "description": "A successful response.",
"schema": { "schema": {
"properties": {} "$ref": "#/definitions/IsValidTokenResponse"
} }
} }
}, },
@@ -1870,6 +1870,14 @@
} }
} }
}, },
"IsValidTokenResponse": {
"type": "object",
"properties": {
"domain": {
"type": "string"
}
}
},
"KeyValue": { "KeyValue": {
"type": "object", "type": "object",
"properties": { "properties": {

191
api/auth.pb.go
View File

@@ -104,30 +104,143 @@ func (m *IsValidTokenRequest) GetToken() *TokenWrapper {
return nil return nil
} }
type IsValidTokenResponse struct {
Domain string `protobuf:"bytes,2,opt,name=domain,proto3" json:"domain,omitempty"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *IsValidTokenResponse) Reset() { *m = IsValidTokenResponse{} }
func (m *IsValidTokenResponse) String() string { return proto.CompactTextString(m) }
func (*IsValidTokenResponse) ProtoMessage() {}
func (*IsValidTokenResponse) Descriptor() ([]byte, []int) {
return fileDescriptor_8bbd6f3875b0e874, []int{2}
}
func (m *IsValidTokenResponse) XXX_Unmarshal(b []byte) error {
return xxx_messageInfo_IsValidTokenResponse.Unmarshal(m, b)
}
func (m *IsValidTokenResponse) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
return xxx_messageInfo_IsValidTokenResponse.Marshal(b, m, deterministic)
}
func (m *IsValidTokenResponse) XXX_Merge(src proto.Message) {
xxx_messageInfo_IsValidTokenResponse.Merge(m, src)
}
func (m *IsValidTokenResponse) XXX_Size() int {
return xxx_messageInfo_IsValidTokenResponse.Size(m)
}
func (m *IsValidTokenResponse) XXX_DiscardUnknown() {
xxx_messageInfo_IsValidTokenResponse.DiscardUnknown(m)
}
var xxx_messageInfo_IsValidTokenResponse proto.InternalMessageInfo
func (m *IsValidTokenResponse) GetDomain() string {
if m != nil {
return m.Domain
}
return ""
}
type IsWorkspaceAuthenticatedRequest struct {
FQDN string `protobuf:"bytes,1,opt,name=FQDN,proto3" json:"FQDN,omitempty"`
XOriginalMethod string `protobuf:"bytes,2,opt,name=XOriginalMethod,proto3" json:"XOriginalMethod,omitempty"`
XOriginalAuthority string `protobuf:"bytes,3,opt,name=XOriginalAuthority,proto3" json:"XOriginalAuthority,omitempty"`
XOriginalUri string `protobuf:"bytes,4,opt,name=XOriginalUri,proto3" json:"XOriginalUri,omitempty"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *IsWorkspaceAuthenticatedRequest) Reset() { *m = IsWorkspaceAuthenticatedRequest{} }
func (m *IsWorkspaceAuthenticatedRequest) String() string { return proto.CompactTextString(m) }
func (*IsWorkspaceAuthenticatedRequest) ProtoMessage() {}
func (*IsWorkspaceAuthenticatedRequest) Descriptor() ([]byte, []int) {
return fileDescriptor_8bbd6f3875b0e874, []int{3}
}
func (m *IsWorkspaceAuthenticatedRequest) XXX_Unmarshal(b []byte) error {
return xxx_messageInfo_IsWorkspaceAuthenticatedRequest.Unmarshal(m, b)
}
func (m *IsWorkspaceAuthenticatedRequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
return xxx_messageInfo_IsWorkspaceAuthenticatedRequest.Marshal(b, m, deterministic)
}
func (m *IsWorkspaceAuthenticatedRequest) XXX_Merge(src proto.Message) {
xxx_messageInfo_IsWorkspaceAuthenticatedRequest.Merge(m, src)
}
func (m *IsWorkspaceAuthenticatedRequest) XXX_Size() int {
return xxx_messageInfo_IsWorkspaceAuthenticatedRequest.Size(m)
}
func (m *IsWorkspaceAuthenticatedRequest) XXX_DiscardUnknown() {
xxx_messageInfo_IsWorkspaceAuthenticatedRequest.DiscardUnknown(m)
}
var xxx_messageInfo_IsWorkspaceAuthenticatedRequest proto.InternalMessageInfo
func (m *IsWorkspaceAuthenticatedRequest) GetFQDN() string {
if m != nil {
return m.FQDN
}
return ""
}
func (m *IsWorkspaceAuthenticatedRequest) GetXOriginalMethod() string {
if m != nil {
return m.XOriginalMethod
}
return ""
}
func (m *IsWorkspaceAuthenticatedRequest) GetXOriginalAuthority() string {
if m != nil {
return m.XOriginalAuthority
}
return ""
}
func (m *IsWorkspaceAuthenticatedRequest) GetXOriginalUri() string {
if m != nil {
return m.XOriginalUri
}
return ""
}
func init() { func init() {
proto.RegisterType((*TokenWrapper)(nil), "api.TokenWrapper") proto.RegisterType((*TokenWrapper)(nil), "api.TokenWrapper")
proto.RegisterType((*IsValidTokenRequest)(nil), "api.IsValidTokenRequest") proto.RegisterType((*IsValidTokenRequest)(nil), "api.IsValidTokenRequest")
proto.RegisterType((*IsValidTokenResponse)(nil), "api.IsValidTokenResponse")
proto.RegisterType((*IsWorkspaceAuthenticatedRequest)(nil), "api.IsWorkspaceAuthenticatedRequest")
} }
func init() { proto.RegisterFile("auth.proto", fileDescriptor_8bbd6f3875b0e874) } func init() { proto.RegisterFile("auth.proto", fileDescriptor_8bbd6f3875b0e874) }
var fileDescriptor_8bbd6f3875b0e874 = []byte{ var fileDescriptor_8bbd6f3875b0e874 = []byte{
// 228 bytes of a gzipped FileDescriptorProto // 381 bytes of a gzipped FileDescriptorProto
0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xe2, 0xe2, 0x4a, 0x2c, 0x2d, 0xc9, 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0x7c, 0x52, 0xcd, 0x6e, 0x1a, 0x31,
0xd0, 0x2b, 0x28, 0xca, 0x2f, 0xc9, 0x17, 0x62, 0x4e, 0x2c, 0xc8, 0x94, 0x92, 0x49, 0xcf, 0xcf, 0x10, 0xd6, 0x02, 0x45, 0xea, 0x80, 0x54, 0xd5, 0x45, 0x68, 0xbb, 0xad, 0x54, 0x6a, 0x21, 0xc1,
0x4f, 0xcf, 0x49, 0xd5, 0x4f, 0x2c, 0xc8, 0xd4, 0x4f, 0xcc, 0xcb, 0xcb, 0x2f, 0x49, 0x2c, 0xc9, 0xc9, 0x2b, 0xe8, 0xad, 0x87, 0x4a, 0x54, 0x50, 0x95, 0x43, 0x1b, 0x85, 0xfc, 0x90, 0xab, 0x61,
0xcc, 0xcf, 0x2b, 0x86, 0x28, 0x91, 0x92, 0x86, 0xca, 0x82, 0x79, 0x49, 0xa5, 0x69, 0xfa, 0xa9, 0x1d, 0xb0, 0x58, 0x6c, 0xc7, 0xf6, 0x22, 0x71, 0x8b, 0x78, 0x85, 0x3c, 0x4a, 0x1e, 0x25, 0xaf,
0xb9, 0x05, 0x25, 0x95, 0x10, 0x49, 0x25, 0x15, 0x2e, 0x9e, 0x90, 0xfc, 0xec, 0xd4, 0xbc, 0xf0, 0x90, 0x07, 0x89, 0xd6, 0xbb, 0x20, 0x88, 0x20, 0xb7, 0x9d, 0xf9, 0xbe, 0x6f, 0x66, 0xf6, 0xf3,
0xa2, 0xc4, 0x82, 0x82, 0xd4, 0x22, 0x21, 0x11, 0x2e, 0xd6, 0x12, 0x10, 0x5f, 0x82, 0x51, 0x81, 0x07, 0x40, 0x13, 0x3b, 0x27, 0x4a, 0x4b, 0x2b, 0x51, 0x91, 0x2a, 0x1e, 0x7c, 0x9d, 0x49, 0x39,
0x51, 0x83, 0x33, 0x08, 0xc2, 0x51, 0xb2, 0xe3, 0x12, 0xf6, 0x2c, 0x0e, 0x4b, 0xcc, 0xc9, 0x4c, 0x8b, 0x59, 0x48, 0x15, 0x0f, 0xa9, 0x10, 0xd2, 0x52, 0xcb, 0xa5, 0x30, 0x19, 0x25, 0xf8, 0x92,
0x01, 0x2b, 0x0e, 0x4a, 0x2d, 0x2c, 0x4d, 0x2d, 0x2e, 0x11, 0x52, 0x47, 0x56, 0xcc, 0x6d, 0x24, 0xa3, 0xae, 0x9a, 0x24, 0xb7, 0x21, 0x5b, 0x2a, 0xbb, 0xce, 0x40, 0xdc, 0x84, 0xea, 0xa5, 0x5c,
0xa8, 0x97, 0x58, 0x90, 0xa9, 0x87, 0x6c, 0x1c, 0x54, 0xbf, 0x51, 0x05, 0x17, 0xb7, 0x63, 0x69, 0x30, 0x31, 0xd6, 0x54, 0x29, 0xa6, 0x51, 0x0d, 0xde, 0xd9, 0xb4, 0xf6, 0xbd, 0x86, 0xd7, 0x7e,
0x49, 0x46, 0x70, 0x6a, 0x51, 0x59, 0x66, 0x72, 0xaa, 0x50, 0x26, 0x17, 0x0f, 0xb2, 0x71, 0x42, 0x3f, 0xca, 0x0a, 0xfc, 0x0b, 0x3e, 0x0d, 0xcd, 0x35, 0x8d, 0x79, 0xe4, 0xc8, 0x23, 0x76, 0x97,
0x12, 0x60, 0x8d, 0x58, 0x6c, 0x90, 0x12, 0xd3, 0x83, 0x38, 0x5e, 0x0f, 0xe6, 0x78, 0x3d, 0x57, 0x30, 0x63, 0x51, 0x6b, 0x9f, 0x5c, 0xe9, 0x7e, 0x24, 0x54, 0x71, 0xb2, 0x3f, 0x6e, 0xab, 0x27,
0x90, 0xe3, 0x95, 0xd4, 0x9b, 0x2e, 0x3f, 0x99, 0xcc, 0xa4, 0xa8, 0x24, 0x01, 0xf2, 0x73, 0xb1, 0x50, 0x3b, 0xd4, 0x1b, 0x25, 0x85, 0x61, 0xa8, 0x0e, 0xe5, 0x48, 0x2e, 0x29, 0x17, 0x7e, 0xc1,
0x7e, 0x99, 0x61, 0x52, 0x6a, 0x49, 0xa2, 0xa1, 0x3e, 0x28, 0x60, 0xf4, 0xc1, 0x56, 0x5a, 0x41, 0xad, 0xcb, 0x2b, 0xfc, 0xe8, 0xc1, 0xb7, 0xa1, 0x19, 0x4b, 0xbd, 0x30, 0x8a, 0x4e, 0x59, 0x2f,
0x6c, 0x4e, 0x62, 0x03, 0x6b, 0x34, 0x06, 0x04, 0x00, 0x00, 0xff, 0xff, 0x8e, 0xdc, 0xc7, 0x76, 0xb1, 0x73, 0x26, 0x2c, 0x9f, 0x52, 0xcb, 0xa2, 0xed, 0x72, 0x04, 0xa5, 0x3f, 0xe7, 0xfd, 0xff,
0x34, 0x01, 0x00, 0x00, 0xf9, 0xa1, 0xee, 0x1b, 0xb5, 0xe1, 0xc3, 0xcd, 0x99, 0xe6, 0x33, 0x2e, 0x68, 0xfc, 0x8f, 0xd9,
0xb9, 0x8c, 0xf2, 0xc1, 0xaf, 0xdb, 0x88, 0x00, 0xda, 0xb5, 0xd2, 0xf1, 0x52, 0x73, 0xbb, 0xf6,
0x8b, 0x8e, 0x7c, 0x04, 0x41, 0x18, 0xaa, 0xbb, 0xee, 0x95, 0xe6, 0x7e, 0xc9, 0x31, 0x0f, 0x7a,
0xdd, 0xfb, 0x02, 0x54, 0x52, 0xc5, 0x05, 0xd3, 0x2b, 0x3e, 0x65, 0x28, 0x86, 0xea, 0xfe, 0x5f,
0x23, 0xdf, 0xf9, 0x73, 0xc4, 0xc8, 0xe0, 0xf3, 0x11, 0x24, 0xb3, 0x08, 0xb7, 0x36, 0x4f, 0xcf,
0x0f, 0x85, 0xef, 0xd8, 0x4f, 0x5f, 0xd7, 0x84, 0xab, 0xce, 0x84, 0x59, 0xda, 0x09, 0xd3, 0x08,
0x84, 0xce, 0xdc, 0x9f, 0x99, 0xc7, 0x68, 0xe3, 0x81, 0x7f, 0xca, 0x33, 0xd4, 0xcc, 0x17, 0xbc,
0x69, 0x69, 0x50, 0x27, 0x59, 0x54, 0xc8, 0x36, 0x2a, 0x64, 0x90, 0x46, 0x05, 0xb7, 0xdd, 0x0d,
0xf8, 0x77, 0x03, 0x4a, 0x7f, 0x07, 0xbd, 0x3e, 0x3a, 0x79, 0xcb, 0xa4, 0xec, 0x94, 0x3f, 0x5e,
0x02, 0x00, 0x00, 0xff, 0xff, 0xa1, 0xec, 0x3b, 0x98, 0xa3, 0x02, 0x00, 0x00,
} }
// Reference imports to suppress errors if they are not otherwise used. // Reference imports to suppress errors if they are not otherwise used.
@@ -142,7 +255,8 @@ const _ = grpc.SupportPackageIsVersion4
// //
// For semantics around ctx use and closing/ending streaming RPCs, please refer to https://godoc.org/google.golang.org/grpc#ClientConn.NewStream. // For semantics around ctx use and closing/ending streaming RPCs, please refer to https://godoc.org/google.golang.org/grpc#ClientConn.NewStream.
type AuthServiceClient interface { type AuthServiceClient interface {
IsValidToken(ctx context.Context, in *IsValidTokenRequest, opts ...grpc.CallOption) (*empty.Empty, error) IsValidToken(ctx context.Context, in *IsValidTokenRequest, opts ...grpc.CallOption) (*IsValidTokenResponse, error)
IsWorkspaceAuthenticated(ctx context.Context, in *IsWorkspaceAuthenticatedRequest, opts ...grpc.CallOption) (*empty.Empty, error)
} }
type authServiceClient struct { type authServiceClient struct {
@@ -153,8 +267,8 @@ func NewAuthServiceClient(cc *grpc.ClientConn) AuthServiceClient {
return &authServiceClient{cc} return &authServiceClient{cc}
} }
func (c *authServiceClient) IsValidToken(ctx context.Context, in *IsValidTokenRequest, opts ...grpc.CallOption) (*empty.Empty, error) { func (c *authServiceClient) IsValidToken(ctx context.Context, in *IsValidTokenRequest, opts ...grpc.CallOption) (*IsValidTokenResponse, error) {
out := new(empty.Empty) out := new(IsValidTokenResponse)
err := c.cc.Invoke(ctx, "/api.AuthService/IsValidToken", in, out, opts...) err := c.cc.Invoke(ctx, "/api.AuthService/IsValidToken", in, out, opts...)
if err != nil { if err != nil {
return nil, err return nil, err
@@ -162,18 +276,31 @@ func (c *authServiceClient) IsValidToken(ctx context.Context, in *IsValidTokenRe
return out, nil return out, nil
} }
func (c *authServiceClient) IsWorkspaceAuthenticated(ctx context.Context, in *IsWorkspaceAuthenticatedRequest, opts ...grpc.CallOption) (*empty.Empty, error) {
out := new(empty.Empty)
err := c.cc.Invoke(ctx, "/api.AuthService/IsWorkspaceAuthenticated", in, out, opts...)
if err != nil {
return nil, err
}
return out, nil
}
// AuthServiceServer is the server API for AuthService service. // AuthServiceServer is the server API for AuthService service.
type AuthServiceServer interface { type AuthServiceServer interface {
IsValidToken(context.Context, *IsValidTokenRequest) (*empty.Empty, error) IsValidToken(context.Context, *IsValidTokenRequest) (*IsValidTokenResponse, error)
IsWorkspaceAuthenticated(context.Context, *IsWorkspaceAuthenticatedRequest) (*empty.Empty, error)
} }
// UnimplementedAuthServiceServer can be embedded to have forward compatible implementations. // UnimplementedAuthServiceServer can be embedded to have forward compatible implementations.
type UnimplementedAuthServiceServer struct { type UnimplementedAuthServiceServer struct {
} }
func (*UnimplementedAuthServiceServer) IsValidToken(ctx context.Context, req *IsValidTokenRequest) (*empty.Empty, error) { func (*UnimplementedAuthServiceServer) IsValidToken(ctx context.Context, req *IsValidTokenRequest) (*IsValidTokenResponse, error) {
return nil, status.Errorf(codes.Unimplemented, "method IsValidToken not implemented") return nil, status.Errorf(codes.Unimplemented, "method IsValidToken not implemented")
} }
func (*UnimplementedAuthServiceServer) IsWorkspaceAuthenticated(ctx context.Context, req *IsWorkspaceAuthenticatedRequest) (*empty.Empty, error) {
return nil, status.Errorf(codes.Unimplemented, "method IsWorkspaceAuthenticated not implemented")
}
func RegisterAuthServiceServer(s *grpc.Server, srv AuthServiceServer) { func RegisterAuthServiceServer(s *grpc.Server, srv AuthServiceServer) {
s.RegisterService(&_AuthService_serviceDesc, srv) s.RegisterService(&_AuthService_serviceDesc, srv)
@@ -197,6 +324,24 @@ func _AuthService_IsValidToken_Handler(srv interface{}, ctx context.Context, dec
return interceptor(ctx, in, info, handler) return interceptor(ctx, in, info, handler)
} }
func _AuthService_IsWorkspaceAuthenticated_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
in := new(IsWorkspaceAuthenticatedRequest)
if err := dec(in); err != nil {
return nil, err
}
if interceptor == nil {
return srv.(AuthServiceServer).IsWorkspaceAuthenticated(ctx, in)
}
info := &grpc.UnaryServerInfo{
Server: srv,
FullMethod: "/api.AuthService/IsWorkspaceAuthenticated",
}
handler := func(ctx context.Context, req interface{}) (interface{}, error) {
return srv.(AuthServiceServer).IsWorkspaceAuthenticated(ctx, req.(*IsWorkspaceAuthenticatedRequest))
}
return interceptor(ctx, in, info, handler)
}
var _AuthService_serviceDesc = grpc.ServiceDesc{ var _AuthService_serviceDesc = grpc.ServiceDesc{
ServiceName: "api.AuthService", ServiceName: "api.AuthService",
HandlerType: (*AuthServiceServer)(nil), HandlerType: (*AuthServiceServer)(nil),
@@ -205,6 +350,10 @@ var _AuthService_serviceDesc = grpc.ServiceDesc{
MethodName: "IsValidToken", MethodName: "IsValidToken",
Handler: _AuthService_IsValidToken_Handler, Handler: _AuthService_IsValidToken_Handler,
}, },
{
MethodName: "IsWorkspaceAuthenticated",
Handler: _AuthService_IsWorkspaceAuthenticated_Handler,
},
}, },
Streams: []grpc.StreamDesc{}, Streams: []grpc.StreamDesc{},
Metadata: "auth.proto", Metadata: "auth.proto",

77
api/auth.pb.gw.go
View File

@@ -65,6 +65,39 @@ func local_request_AuthService_IsValidToken_0(ctx context.Context, marshaler run
} }
var (
filter_AuthService_IsWorkspaceAuthenticated_0 = &utilities.DoubleArray{Encoding: map[string]int{}, Base: []int(nil), Check: []int(nil)}
)
func request_AuthService_IsWorkspaceAuthenticated_0(ctx context.Context, marshaler runtime.Marshaler, client AuthServiceClient, req *http.Request, pathParams map[string]string) (proto.Message, runtime.ServerMetadata, error) {
var protoReq IsWorkspaceAuthenticatedRequest
var metadata runtime.ServerMetadata
if err := req.ParseForm(); err != nil {
return nil, metadata, status.Errorf(codes.InvalidArgument, "%v", err)
}
if err := runtime.PopulateQueryParameters(&protoReq, req.Form, filter_AuthService_IsWorkspaceAuthenticated_0); err != nil {
return nil, metadata, status.Errorf(codes.InvalidArgument, "%v", err)
}
msg, err := client.IsWorkspaceAuthenticated(ctx, &protoReq, grpc.Header(&metadata.HeaderMD), grpc.Trailer(&metadata.TrailerMD))
return msg, metadata, err
}
func local_request_AuthService_IsWorkspaceAuthenticated_0(ctx context.Context, marshaler runtime.Marshaler, server AuthServiceServer, req *http.Request, pathParams map[string]string) (proto.Message, runtime.ServerMetadata, error) {
var protoReq IsWorkspaceAuthenticatedRequest
var metadata runtime.ServerMetadata
if err := runtime.PopulateQueryParameters(&protoReq, req.URL.Query(), filter_AuthService_IsWorkspaceAuthenticated_0); err != nil {
return nil, metadata, status.Errorf(codes.InvalidArgument, "%v", err)
}
msg, err := server.IsWorkspaceAuthenticated(ctx, &protoReq)
return msg, metadata, err
}
// RegisterAuthServiceHandlerServer registers the http handlers for service AuthService to "mux". // RegisterAuthServiceHandlerServer registers the http handlers for service AuthService to "mux".
// UnaryRPC :call AuthServiceServer directly. // UnaryRPC :call AuthServiceServer directly.
// StreamingRPC :currently unsupported pending https://github.com/grpc/grpc-go/issues/906. // StreamingRPC :currently unsupported pending https://github.com/grpc/grpc-go/issues/906.
@@ -90,6 +123,26 @@ func RegisterAuthServiceHandlerServer(ctx context.Context, mux *runtime.ServeMux
}) })
mux.Handle("HEAD", pattern_AuthService_IsWorkspaceAuthenticated_0, func(w http.ResponseWriter, req *http.Request, pathParams map[string]string) {
ctx, cancel := context.WithCancel(req.Context())
defer cancel()
inboundMarshaler, outboundMarshaler := runtime.MarshalerForRequest(mux, req)
rctx, err := runtime.AnnotateIncomingContext(ctx, mux, req)
if err != nil {
runtime.HTTPError(ctx, mux, outboundMarshaler, w, req, err)
return
}
resp, md, err := local_request_AuthService_IsWorkspaceAuthenticated_0(rctx, inboundMarshaler, server, req, pathParams)
ctx = runtime.NewServerMetadataContext(ctx, md)
if err != nil {
runtime.HTTPError(ctx, mux, outboundMarshaler, w, req, err)
return
}
forward_AuthService_IsWorkspaceAuthenticated_0(ctx, mux, outboundMarshaler, w, req, resp, mux.GetForwardResponseOptions()...)
})
return nil return nil
} }
@@ -151,13 +204,37 @@ func RegisterAuthServiceHandlerClient(ctx context.Context, mux *runtime.ServeMux
}) })
mux.Handle("HEAD", pattern_AuthService_IsWorkspaceAuthenticated_0, func(w http.ResponseWriter, req *http.Request, pathParams map[string]string) {
ctx, cancel := context.WithCancel(req.Context())
defer cancel()
inboundMarshaler, outboundMarshaler := runtime.MarshalerForRequest(mux, req)
rctx, err := runtime.AnnotateContext(ctx, mux, req)
if err != nil {
runtime.HTTPError(ctx, mux, outboundMarshaler, w, req, err)
return
}
resp, md, err := request_AuthService_IsWorkspaceAuthenticated_0(rctx, inboundMarshaler, client, req, pathParams)
ctx = runtime.NewServerMetadataContext(ctx, md)
if err != nil {
runtime.HTTPError(ctx, mux, outboundMarshaler, w, req, err)
return
}
forward_AuthService_IsWorkspaceAuthenticated_0(ctx, mux, outboundMarshaler, w, req, resp, mux.GetForwardResponseOptions()...)
})
return nil return nil
} }
var ( var (
pattern_AuthService_IsValidToken_0 = runtime.MustPattern(runtime.NewPattern(1, []int{2, 0, 2, 1, 2, 2, 2, 3}, []string{"apis", "v1beta1", "auth", "token"}, "", runtime.AssumeColonVerbOpt(true))) pattern_AuthService_IsValidToken_0 = runtime.MustPattern(runtime.NewPattern(1, []int{2, 0, 2, 1, 2, 2, 2, 3}, []string{"apis", "v1beta1", "auth", "token"}, "", runtime.AssumeColonVerbOpt(true)))
pattern_AuthService_IsWorkspaceAuthenticated_0 = runtime.MustPattern(runtime.NewPattern(1, []int{2, 0, 2, 1, 2, 2, 2, 3}, []string{"apis", "v1beta1", "auth", "token"}, "", runtime.AssumeColonVerbOpt(true)))
) )
var ( var (
forward_AuthService_IsValidToken_0 = runtime.ForwardResponseMessage forward_AuthService_IsValidToken_0 = runtime.ForwardResponseMessage
forward_AuthService_IsWorkspaceAuthenticated_0 = runtime.ForwardResponseMessage
) )

22
api/auth.proto
View File

@@ -6,12 +6,21 @@ import "google/api/annotations.proto";
import "google/protobuf/empty.proto"; import "google/protobuf/empty.proto";
service AuthService { service AuthService {
rpc IsValidToken(IsValidTokenRequest) returns (google.protobuf.Empty) { rpc IsValidToken(IsValidTokenRequest) returns (IsValidTokenResponse) {
option (google.api.http) = { option (google.api.http) = {
post: "/apis/v1beta1/auth/token" post: "/apis/v1beta1/auth/token"
body: "token" body: "token"
}; };
} }
rpc IsWorkspaceAuthenticated(IsWorkspaceAuthenticatedRequest) returns (google.protobuf.Empty) {
option (google.api.http) = {
custom: {
kind: "HEAD"
path: "/apis/v1beta1/auth/token"
}
};
}
} }
message TokenWrapper { message TokenWrapper {
@@ -20,4 +29,15 @@ message TokenWrapper {
message IsValidTokenRequest { message IsValidTokenRequest {
TokenWrapper token = 1; TokenWrapper token = 1;
}
message IsValidTokenResponse {
string domain = 2;
}
message IsWorkspaceAuthenticatedRequest {
string FQDN = 1;
string XOriginalMethod = 2;
string XOriginalAuthority = 3;
string XOriginalUri = 4;
} }

23
server/auth/auth.go
View File

@@ -3,6 +3,7 @@ package auth
import ( import (
"context" "context"
"errors" "errors"
"fmt"
"github.com/onepanelio/core/api" "github.com/onepanelio/core/api"
"net/http" "net/http"
"strings" "strings"
@@ -104,6 +105,28 @@ func UnaryInterceptor(kubeConfig *v1.Config, db *v1.DB) grpc.UnaryServerIntercep
return handler(ctx, req) return handler(ctx, req)
} }
// if you don't need the token,
if info.FullMethod == "/api.AuthService/IsWorkspaceAuthenticated" {
md, ok := metadata.FromIncomingContext(ctx)
fmt.Printf("%+v\n", md) //todo remove
if !ok {
ctx = nil
return handler(ctx, req)
}
xOriginalAuthority := md.Get("x-original-authority")[0]
fqdn := md.Get("fqdn")[0]
//expected format: https://nginx-0--default.test-0.onepanel.site/
if xOriginalAuthority != fqdn { //Ignore fully qualified domain uris
ctx, err = getClient(ctx, kubeConfig, db)
if err != nil {
return
}
return handler(ctx, req)
}
}
// This guy checks for the token
ctx, err = getClient(ctx, kubeConfig, db) ctx, err = getClient(ctx, kubeConfig, db)
if err != nil { if err != nil {
return return

37
server/auth_server.go
View File

@@ -8,7 +8,9 @@ import (
"github.com/onepanelio/core/server/auth" "github.com/onepanelio/core/server/auth"
"github.com/pkg/errors" "github.com/pkg/errors"
"google.golang.org/grpc/codes" "google.golang.org/grpc/codes"
"google.golang.org/grpc/metadata"
"google.golang.org/grpc/status" "google.golang.org/grpc/status"
"strings"
) )
type AuthServer struct{} type AuthServer struct{}
@@ -16,8 +18,32 @@ type AuthServer struct{}
func NewAuthServer() *AuthServer { func NewAuthServer() *AuthServer {
return &AuthServer{} return &AuthServer{}
} }
func (a *AuthServer) IsWorkspaceAuthenticated(ctx context.Context, request *api.IsWorkspaceAuthenticatedRequest) (*empty.Empty, error) {
md, ok := metadata.FromIncomingContext(ctx)
if !ok {
return &empty.Empty{}, errors.New("Error parsing headers.")
}
//Expected format: x-original-authority:[name--default.alexcluster.onepanel.io]
xOriginalAuth := md.Get("x-original-authority")[0]
fqdn := md.Get("fqdn")[0]
if xOriginalAuth == fqdn {
return &empty.Empty{}, nil
}
pos := strings.Index(xOriginalAuth, ".")
if pos == -1 {
return &empty.Empty{}, errors.New("Error parsing x-original-authority. No '.' character.")
}
workspaceAndNamespace := xOriginalAuth[0:pos]
pieces := strings.Split(workspaceAndNamespace, "--")
client := ctx.Value("kubeClient").(*v1.Client)
allowed, err := auth.IsAuthorized(client, pieces[1], "create", "apps/v1", "statefulsets", pieces[0])
if err != nil || !allowed {
return &empty.Empty{}, err
}
return &empty.Empty{}, nil
}
func (a *AuthServer) IsValidToken(ctx context.Context, req *api.IsValidTokenRequest) (*empty.Empty, error) { func (a *AuthServer) IsValidToken(ctx context.Context, req *api.IsValidTokenRequest) (res *api.IsValidTokenResponse, err error) {
if ctx == nil { if ctx == nil {
return nil, status.Error(codes.Unauthenticated, "Unauthenticated.") return nil, status.Error(codes.Unauthenticated, "Unauthenticated.")
} }
@@ -45,5 +71,12 @@ func (a *AuthServer) IsValidToken(ctx context.Context, req *api.IsValidTokenRequ
return nil, status.Error(codes.Unauthenticated, "Unauthenticated.") return nil, status.Error(codes.Unauthenticated, "Unauthenticated.")
} }
return &empty.Empty{}, nil config, err := client.GetSystemConfig()
if err != nil {
return
}
res = &api.IsValidTokenResponse{}
res.Domain = config["ONEPANEL_DOMAIN"]
return res, nil
} }