mirror of
https://github.com/onepanelio/onepanel.git
synced 2025-10-05 13:46:51 +08:00
Merge remote-tracking branch 'origin/feat/core.124-add.envoy.filter' into feat/integrate.workflow.changes
This commit is contained in:
Andrey Melnikov
@@ -28,7 +28,7 @@
|
||||
"200": {
|
||||
"description": "A successful response.",
|
||||
"schema": {
|
||||
"properties": {}
|
||||
"$ref": "#/definitions/IsValidTokenResponse"
|
||||
}
|
||||
}
|
||||
},
|
||||
@@ -1870,6 +1870,14 @@
|
||||
}
|
||||
}
|
||||
},
|
||||
"IsValidTokenResponse": {
|
||||
"type": "object",
|
||||
"properties": {
|
||||
"domain": {
|
||||
"type": "string"
|
||||
}
|
||||
}
|
||||
},
|
||||
"KeyValue": {
|
||||
"type": "object",
|
||||
"properties": {
|
||||
|
||||
191
api/auth.pb.go
191
api/auth.pb.go
@@ -104,30 +104,143 @@ func (m *IsValidTokenRequest) GetToken() *TokenWrapper {
|
||||
return nil
|
||||
}
|
||||
|
||||
type IsValidTokenResponse struct {
|
||||
Domain string `protobuf:"bytes,2,opt,name=domain,proto3" json:"domain,omitempty"`
|
||||
XXX_NoUnkeyedLiteral struct{} `json:"-"`
|
||||
XXX_unrecognized []byte `json:"-"`
|
||||
XXX_sizecache int32 `json:"-"`
|
||||
}
|
||||
|
||||
func (m *IsValidTokenResponse) Reset() { *m = IsValidTokenResponse{} }
|
||||
func (m *IsValidTokenResponse) String() string { return proto.CompactTextString(m) }
|
||||
func (*IsValidTokenResponse) ProtoMessage() {}
|
||||
func (*IsValidTokenResponse) Descriptor() ([]byte, []int) {
|
||||
return fileDescriptor_8bbd6f3875b0e874, []int{2}
|
||||
}
|
||||
|
||||
func (m *IsValidTokenResponse) XXX_Unmarshal(b []byte) error {
|
||||
return xxx_messageInfo_IsValidTokenResponse.Unmarshal(m, b)
|
||||
}
|
||||
func (m *IsValidTokenResponse) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
|
||||
return xxx_messageInfo_IsValidTokenResponse.Marshal(b, m, deterministic)
|
||||
}
|
||||
func (m *IsValidTokenResponse) XXX_Merge(src proto.Message) {
|
||||
xxx_messageInfo_IsValidTokenResponse.Merge(m, src)
|
||||
}
|
||||
func (m *IsValidTokenResponse) XXX_Size() int {
|
||||
return xxx_messageInfo_IsValidTokenResponse.Size(m)
|
||||
}
|
||||
func (m *IsValidTokenResponse) XXX_DiscardUnknown() {
|
||||
xxx_messageInfo_IsValidTokenResponse.DiscardUnknown(m)
|
||||
}
|
||||
|
||||
var xxx_messageInfo_IsValidTokenResponse proto.InternalMessageInfo
|
||||
|
||||
func (m *IsValidTokenResponse) GetDomain() string {
|
||||
if m != nil {
|
||||
return m.Domain
|
||||
}
|
||||
return ""
|
||||
}
|
||||
|
||||
type IsWorkspaceAuthenticatedRequest struct {
|
||||
FQDN string `protobuf:"bytes,1,opt,name=FQDN,proto3" json:"FQDN,omitempty"`
|
||||
XOriginalMethod string `protobuf:"bytes,2,opt,name=XOriginalMethod,proto3" json:"XOriginalMethod,omitempty"`
|
||||
XOriginalAuthority string `protobuf:"bytes,3,opt,name=XOriginalAuthority,proto3" json:"XOriginalAuthority,omitempty"`
|
||||
XOriginalUri string `protobuf:"bytes,4,opt,name=XOriginalUri,proto3" json:"XOriginalUri,omitempty"`
|
||||
XXX_NoUnkeyedLiteral struct{} `json:"-"`
|
||||
XXX_unrecognized []byte `json:"-"`
|
||||
XXX_sizecache int32 `json:"-"`
|
||||
}
|
||||
|
||||
func (m *IsWorkspaceAuthenticatedRequest) Reset() { *m = IsWorkspaceAuthenticatedRequest{} }
|
||||
func (m *IsWorkspaceAuthenticatedRequest) String() string { return proto.CompactTextString(m) }
|
||||
func (*IsWorkspaceAuthenticatedRequest) ProtoMessage() {}
|
||||
func (*IsWorkspaceAuthenticatedRequest) Descriptor() ([]byte, []int) {
|
||||
return fileDescriptor_8bbd6f3875b0e874, []int{3}
|
||||
}
|
||||
|
||||
func (m *IsWorkspaceAuthenticatedRequest) XXX_Unmarshal(b []byte) error {
|
||||
return xxx_messageInfo_IsWorkspaceAuthenticatedRequest.Unmarshal(m, b)
|
||||
}
|
||||
func (m *IsWorkspaceAuthenticatedRequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
|
||||
return xxx_messageInfo_IsWorkspaceAuthenticatedRequest.Marshal(b, m, deterministic)
|
||||
}
|
||||
func (m *IsWorkspaceAuthenticatedRequest) XXX_Merge(src proto.Message) {
|
||||
xxx_messageInfo_IsWorkspaceAuthenticatedRequest.Merge(m, src)
|
||||
}
|
||||
func (m *IsWorkspaceAuthenticatedRequest) XXX_Size() int {
|
||||
return xxx_messageInfo_IsWorkspaceAuthenticatedRequest.Size(m)
|
||||
}
|
||||
func (m *IsWorkspaceAuthenticatedRequest) XXX_DiscardUnknown() {
|
||||
xxx_messageInfo_IsWorkspaceAuthenticatedRequest.DiscardUnknown(m)
|
||||
}
|
||||
|
||||
var xxx_messageInfo_IsWorkspaceAuthenticatedRequest proto.InternalMessageInfo
|
||||
|
||||
func (m *IsWorkspaceAuthenticatedRequest) GetFQDN() string {
|
||||
if m != nil {
|
||||
return m.FQDN
|
||||
}
|
||||
return ""
|
||||
}
|
||||
|
||||
func (m *IsWorkspaceAuthenticatedRequest) GetXOriginalMethod() string {
|
||||
if m != nil {
|
||||
return m.XOriginalMethod
|
||||
}
|
||||
return ""
|
||||
}
|
||||
|
||||
func (m *IsWorkspaceAuthenticatedRequest) GetXOriginalAuthority() string {
|
||||
if m != nil {
|
||||
return m.XOriginalAuthority
|
||||
}
|
||||
return ""
|
||||
}
|
||||
|
||||
func (m *IsWorkspaceAuthenticatedRequest) GetXOriginalUri() string {
|
||||
if m != nil {
|
||||
return m.XOriginalUri
|
||||
}
|
||||
return ""
|
||||
}
|
||||
|
||||
func init() {
|
||||
proto.RegisterType((*TokenWrapper)(nil), "api.TokenWrapper")
|
||||
proto.RegisterType((*IsValidTokenRequest)(nil), "api.IsValidTokenRequest")
|
||||
proto.RegisterType((*IsValidTokenResponse)(nil), "api.IsValidTokenResponse")
|
||||
proto.RegisterType((*IsWorkspaceAuthenticatedRequest)(nil), "api.IsWorkspaceAuthenticatedRequest")
|
||||
}
|
||||
|
||||
func init() { proto.RegisterFile("auth.proto", fileDescriptor_8bbd6f3875b0e874) }
|
||||
|
||||
var fileDescriptor_8bbd6f3875b0e874 = []byte{
|
||||
// 228 bytes of a gzipped FileDescriptorProto
|
||||
0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xe2, 0xe2, 0x4a, 0x2c, 0x2d, 0xc9,
|
||||
0xd0, 0x2b, 0x28, 0xca, 0x2f, 0xc9, 0x17, 0x62, 0x4e, 0x2c, 0xc8, 0x94, 0x92, 0x49, 0xcf, 0xcf,
|
||||
0x4f, 0xcf, 0x49, 0xd5, 0x4f, 0x2c, 0xc8, 0xd4, 0x4f, 0xcc, 0xcb, 0xcb, 0x2f, 0x49, 0x2c, 0xc9,
|
||||
0xcc, 0xcf, 0x2b, 0x86, 0x28, 0x91, 0x92, 0x86, 0xca, 0x82, 0x79, 0x49, 0xa5, 0x69, 0xfa, 0xa9,
|
||||
0xb9, 0x05, 0x25, 0x95, 0x10, 0x49, 0x25, 0x15, 0x2e, 0x9e, 0x90, 0xfc, 0xec, 0xd4, 0xbc, 0xf0,
|
||||
0xa2, 0xc4, 0x82, 0x82, 0xd4, 0x22, 0x21, 0x11, 0x2e, 0xd6, 0x12, 0x10, 0x5f, 0x82, 0x51, 0x81,
|
||||
0x51, 0x83, 0x33, 0x08, 0xc2, 0x51, 0xb2, 0xe3, 0x12, 0xf6, 0x2c, 0x0e, 0x4b, 0xcc, 0xc9, 0x4c,
|
||||
0x01, 0x2b, 0x0e, 0x4a, 0x2d, 0x2c, 0x4d, 0x2d, 0x2e, 0x11, 0x52, 0x47, 0x56, 0xcc, 0x6d, 0x24,
|
||||
0xa8, 0x97, 0x58, 0x90, 0xa9, 0x87, 0x6c, 0x1c, 0x54, 0xbf, 0x51, 0x05, 0x17, 0xb7, 0x63, 0x69,
|
||||
0x49, 0x46, 0x70, 0x6a, 0x51, 0x59, 0x66, 0x72, 0xaa, 0x50, 0x26, 0x17, 0x0f, 0xb2, 0x71, 0x42,
|
||||
0x12, 0x60, 0x8d, 0x58, 0x6c, 0x90, 0x12, 0xd3, 0x83, 0x38, 0x5e, 0x0f, 0xe6, 0x78, 0x3d, 0x57,
|
||||
0x90, 0xe3, 0x95, 0xd4, 0x9b, 0x2e, 0x3f, 0x99, 0xcc, 0xa4, 0xa8, 0x24, 0x01, 0xf2, 0x73, 0xb1,
|
||||
0x7e, 0x99, 0x61, 0x52, 0x6a, 0x49, 0xa2, 0xa1, 0x3e, 0x28, 0x60, 0xf4, 0xc1, 0x56, 0x5a, 0x41,
|
||||
0x6c, 0x4e, 0x62, 0x03, 0x6b, 0x34, 0x06, 0x04, 0x00, 0x00, 0xff, 0xff, 0x8e, 0xdc, 0xc7, 0x76,
|
||||
0x34, 0x01, 0x00, 0x00,
|
||||
// 381 bytes of a gzipped FileDescriptorProto
|
||||
0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0x7c, 0x52, 0xcd, 0x6e, 0x1a, 0x31,
|
||||
0x10, 0xd6, 0x02, 0x45, 0xea, 0x80, 0x54, 0xd5, 0x45, 0x68, 0xbb, 0xad, 0x54, 0x6a, 0x21, 0xc1,
|
||||
0xc9, 0x2b, 0xe8, 0xad, 0x87, 0x4a, 0x54, 0x50, 0x95, 0x43, 0x1b, 0x85, 0xfc, 0x90, 0xab, 0x61,
|
||||
0x1d, 0xb0, 0x58, 0x6c, 0xc7, 0xf6, 0x22, 0x71, 0x8b, 0x78, 0x85, 0x3c, 0x4a, 0x1e, 0x25, 0xaf,
|
||||
0x90, 0x07, 0x89, 0xd6, 0xbb, 0x20, 0x88, 0x20, 0xb7, 0x9d, 0xf9, 0xbe, 0x6f, 0x66, 0xf6, 0xf3,
|
||||
0x07, 0x40, 0x13, 0x3b, 0x27, 0x4a, 0x4b, 0x2b, 0x51, 0x91, 0x2a, 0x1e, 0x7c, 0x9d, 0x49, 0x39,
|
||||
0x8b, 0x59, 0x48, 0x15, 0x0f, 0xa9, 0x10, 0xd2, 0x52, 0xcb, 0xa5, 0x30, 0x19, 0x25, 0xf8, 0x92,
|
||||
0xa3, 0xae, 0x9a, 0x24, 0xb7, 0x21, 0x5b, 0x2a, 0xbb, 0xce, 0x40, 0xdc, 0x84, 0xea, 0xa5, 0x5c,
|
||||
0x30, 0x31, 0xd6, 0x54, 0x29, 0xa6, 0x51, 0x0d, 0xde, 0xd9, 0xb4, 0xf6, 0xbd, 0x86, 0xd7, 0x7e,
|
||||
0x3f, 0xca, 0x0a, 0xfc, 0x0b, 0x3e, 0x0d, 0xcd, 0x35, 0x8d, 0x79, 0xe4, 0xc8, 0x23, 0x76, 0x97,
|
||||
0x30, 0x63, 0x51, 0x6b, 0x9f, 0x5c, 0xe9, 0x7e, 0x24, 0x54, 0x71, 0xb2, 0x3f, 0x6e, 0xab, 0x27,
|
||||
0x50, 0x3b, 0xd4, 0x1b, 0x25, 0x85, 0x61, 0xa8, 0x0e, 0xe5, 0x48, 0x2e, 0x29, 0x17, 0x7e, 0xc1,
|
||||
0xad, 0xcb, 0x2b, 0xfc, 0xe8, 0xc1, 0xb7, 0xa1, 0x19, 0x4b, 0xbd, 0x30, 0x8a, 0x4e, 0x59, 0x2f,
|
||||
0xb1, 0x73, 0x26, 0x2c, 0x9f, 0x52, 0xcb, 0xa2, 0xed, 0x72, 0x04, 0xa5, 0x3f, 0xe7, 0xfd, 0xff,
|
||||
0xf9, 0xa1, 0xee, 0x1b, 0xb5, 0xe1, 0xc3, 0xcd, 0x99, 0xe6, 0x33, 0x2e, 0x68, 0xfc, 0x8f, 0xd9,
|
||||
0xb9, 0x8c, 0xf2, 0xc1, 0xaf, 0xdb, 0x88, 0x00, 0xda, 0xb5, 0xd2, 0xf1, 0x52, 0x73, 0xbb, 0xf6,
|
||||
0x8b, 0x8e, 0x7c, 0x04, 0x41, 0x18, 0xaa, 0xbb, 0xee, 0x95, 0xe6, 0x7e, 0xc9, 0x31, 0x0f, 0x7a,
|
||||
0xdd, 0xfb, 0x02, 0x54, 0x52, 0xc5, 0x05, 0xd3, 0x2b, 0x3e, 0x65, 0x28, 0x86, 0xea, 0xfe, 0x5f,
|
||||
0x23, 0xdf, 0xf9, 0x73, 0xc4, 0xc8, 0xe0, 0xf3, 0x11, 0x24, 0xb3, 0x08, 0xb7, 0x36, 0x4f, 0xcf,
|
||||
0x0f, 0x85, 0xef, 0xd8, 0x4f, 0x5f, 0xd7, 0x84, 0xab, 0xce, 0x84, 0x59, 0xda, 0x09, 0xd3, 0x08,
|
||||
0x84, 0xce, 0xdc, 0x9f, 0x99, 0xc7, 0x68, 0xe3, 0x81, 0x7f, 0xca, 0x33, 0xd4, 0xcc, 0x17, 0xbc,
|
||||
0x69, 0x69, 0x50, 0x27, 0x59, 0x54, 0xc8, 0x36, 0x2a, 0x64, 0x90, 0x46, 0x05, 0xb7, 0xdd, 0x0d,
|
||||
0xf8, 0x77, 0x03, 0x4a, 0x7f, 0x07, 0xbd, 0x3e, 0x3a, 0x79, 0xcb, 0xa4, 0xec, 0x94, 0x3f, 0x5e,
|
||||
0x02, 0x00, 0x00, 0xff, 0xff, 0xa1, 0xec, 0x3b, 0x98, 0xa3, 0x02, 0x00, 0x00,
|
||||
}
|
||||
|
||||
// Reference imports to suppress errors if they are not otherwise used.
|
||||
@@ -142,7 +255,8 @@ const _ = grpc.SupportPackageIsVersion4
|
||||
//
|
||||
// For semantics around ctx use and closing/ending streaming RPCs, please refer to https://godoc.org/google.golang.org/grpc#ClientConn.NewStream.
|
||||
type AuthServiceClient interface {
|
||||
IsValidToken(ctx context.Context, in *IsValidTokenRequest, opts ...grpc.CallOption) (*empty.Empty, error)
|
||||
IsValidToken(ctx context.Context, in *IsValidTokenRequest, opts ...grpc.CallOption) (*IsValidTokenResponse, error)
|
||||
IsWorkspaceAuthenticated(ctx context.Context, in *IsWorkspaceAuthenticatedRequest, opts ...grpc.CallOption) (*empty.Empty, error)
|
||||
}
|
||||
|
||||
type authServiceClient struct {
|
||||
@@ -153,8 +267,8 @@ func NewAuthServiceClient(cc *grpc.ClientConn) AuthServiceClient {
|
||||
return &authServiceClient{cc}
|
||||
}
|
||||
|
||||
func (c *authServiceClient) IsValidToken(ctx context.Context, in *IsValidTokenRequest, opts ...grpc.CallOption) (*empty.Empty, error) {
|
||||
out := new(empty.Empty)
|
||||
func (c *authServiceClient) IsValidToken(ctx context.Context, in *IsValidTokenRequest, opts ...grpc.CallOption) (*IsValidTokenResponse, error) {
|
||||
out := new(IsValidTokenResponse)
|
||||
err := c.cc.Invoke(ctx, "/api.AuthService/IsValidToken", in, out, opts...)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
@@ -162,18 +276,31 @@ func (c *authServiceClient) IsValidToken(ctx context.Context, in *IsValidTokenRe
|
||||
return out, nil
|
||||
}
|
||||
|
||||
func (c *authServiceClient) IsWorkspaceAuthenticated(ctx context.Context, in *IsWorkspaceAuthenticatedRequest, opts ...grpc.CallOption) (*empty.Empty, error) {
|
||||
out := new(empty.Empty)
|
||||
err := c.cc.Invoke(ctx, "/api.AuthService/IsWorkspaceAuthenticated", in, out, opts...)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
return out, nil
|
||||
}
|
||||
|
||||
// AuthServiceServer is the server API for AuthService service.
|
||||
type AuthServiceServer interface {
|
||||
IsValidToken(context.Context, *IsValidTokenRequest) (*empty.Empty, error)
|
||||
IsValidToken(context.Context, *IsValidTokenRequest) (*IsValidTokenResponse, error)
|
||||
IsWorkspaceAuthenticated(context.Context, *IsWorkspaceAuthenticatedRequest) (*empty.Empty, error)
|
||||
}
|
||||
|
||||
// UnimplementedAuthServiceServer can be embedded to have forward compatible implementations.
|
||||
type UnimplementedAuthServiceServer struct {
|
||||
}
|
||||
|
||||
func (*UnimplementedAuthServiceServer) IsValidToken(ctx context.Context, req *IsValidTokenRequest) (*empty.Empty, error) {
|
||||
func (*UnimplementedAuthServiceServer) IsValidToken(ctx context.Context, req *IsValidTokenRequest) (*IsValidTokenResponse, error) {
|
||||
return nil, status.Errorf(codes.Unimplemented, "method IsValidToken not implemented")
|
||||
}
|
||||
func (*UnimplementedAuthServiceServer) IsWorkspaceAuthenticated(ctx context.Context, req *IsWorkspaceAuthenticatedRequest) (*empty.Empty, error) {
|
||||
return nil, status.Errorf(codes.Unimplemented, "method IsWorkspaceAuthenticated not implemented")
|
||||
}
|
||||
|
||||
func RegisterAuthServiceServer(s *grpc.Server, srv AuthServiceServer) {
|
||||
s.RegisterService(&_AuthService_serviceDesc, srv)
|
||||
@@ -197,6 +324,24 @@ func _AuthService_IsValidToken_Handler(srv interface{}, ctx context.Context, dec
|
||||
return interceptor(ctx, in, info, handler)
|
||||
}
|
||||
|
||||
func _AuthService_IsWorkspaceAuthenticated_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
|
||||
in := new(IsWorkspaceAuthenticatedRequest)
|
||||
if err := dec(in); err != nil {
|
||||
return nil, err
|
||||
}
|
||||
if interceptor == nil {
|
||||
return srv.(AuthServiceServer).IsWorkspaceAuthenticated(ctx, in)
|
||||
}
|
||||
info := &grpc.UnaryServerInfo{
|
||||
Server: srv,
|
||||
FullMethod: "/api.AuthService/IsWorkspaceAuthenticated",
|
||||
}
|
||||
handler := func(ctx context.Context, req interface{}) (interface{}, error) {
|
||||
return srv.(AuthServiceServer).IsWorkspaceAuthenticated(ctx, req.(*IsWorkspaceAuthenticatedRequest))
|
||||
}
|
||||
return interceptor(ctx, in, info, handler)
|
||||
}
|
||||
|
||||
var _AuthService_serviceDesc = grpc.ServiceDesc{
|
||||
ServiceName: "api.AuthService",
|
||||
HandlerType: (*AuthServiceServer)(nil),
|
||||
@@ -205,6 +350,10 @@ var _AuthService_serviceDesc = grpc.ServiceDesc{
|
||||
MethodName: "IsValidToken",
|
||||
Handler: _AuthService_IsValidToken_Handler,
|
||||
},
|
||||
{
|
||||
MethodName: "IsWorkspaceAuthenticated",
|
||||
Handler: _AuthService_IsWorkspaceAuthenticated_Handler,
|
||||
},
|
||||
},
|
||||
Streams: []grpc.StreamDesc{},
|
||||
Metadata: "auth.proto",
|
||||
|
||||
@@ -65,6 +65,39 @@ func local_request_AuthService_IsValidToken_0(ctx context.Context, marshaler run
|
||||
|
||||
}
|
||||
|
||||
var (
|
||||
filter_AuthService_IsWorkspaceAuthenticated_0 = &utilities.DoubleArray{Encoding: map[string]int{}, Base: []int(nil), Check: []int(nil)}
|
||||
)
|
||||
|
||||
func request_AuthService_IsWorkspaceAuthenticated_0(ctx context.Context, marshaler runtime.Marshaler, client AuthServiceClient, req *http.Request, pathParams map[string]string) (proto.Message, runtime.ServerMetadata, error) {
|
||||
var protoReq IsWorkspaceAuthenticatedRequest
|
||||
var metadata runtime.ServerMetadata
|
||||
|
||||
if err := req.ParseForm(); err != nil {
|
||||
return nil, metadata, status.Errorf(codes.InvalidArgument, "%v", err)
|
||||
}
|
||||
if err := runtime.PopulateQueryParameters(&protoReq, req.Form, filter_AuthService_IsWorkspaceAuthenticated_0); err != nil {
|
||||
return nil, metadata, status.Errorf(codes.InvalidArgument, "%v", err)
|
||||
}
|
||||
|
||||
msg, err := client.IsWorkspaceAuthenticated(ctx, &protoReq, grpc.Header(&metadata.HeaderMD), grpc.Trailer(&metadata.TrailerMD))
|
||||
return msg, metadata, err
|
||||
|
||||
}
|
||||
|
||||
func local_request_AuthService_IsWorkspaceAuthenticated_0(ctx context.Context, marshaler runtime.Marshaler, server AuthServiceServer, req *http.Request, pathParams map[string]string) (proto.Message, runtime.ServerMetadata, error) {
|
||||
var protoReq IsWorkspaceAuthenticatedRequest
|
||||
var metadata runtime.ServerMetadata
|
||||
|
||||
if err := runtime.PopulateQueryParameters(&protoReq, req.URL.Query(), filter_AuthService_IsWorkspaceAuthenticated_0); err != nil {
|
||||
return nil, metadata, status.Errorf(codes.InvalidArgument, "%v", err)
|
||||
}
|
||||
|
||||
msg, err := server.IsWorkspaceAuthenticated(ctx, &protoReq)
|
||||
return msg, metadata, err
|
||||
|
||||
}
|
||||
|
||||
// RegisterAuthServiceHandlerServer registers the http handlers for service AuthService to "mux".
|
||||
// UnaryRPC :call AuthServiceServer directly.
|
||||
// StreamingRPC :currently unsupported pending https://github.com/grpc/grpc-go/issues/906.
|
||||
@@ -90,6 +123,26 @@ func RegisterAuthServiceHandlerServer(ctx context.Context, mux *runtime.ServeMux
|
||||
|
||||
})
|
||||
|
||||
mux.Handle("HEAD", pattern_AuthService_IsWorkspaceAuthenticated_0, func(w http.ResponseWriter, req *http.Request, pathParams map[string]string) {
|
||||
ctx, cancel := context.WithCancel(req.Context())
|
||||
defer cancel()
|
||||
inboundMarshaler, outboundMarshaler := runtime.MarshalerForRequest(mux, req)
|
||||
rctx, err := runtime.AnnotateIncomingContext(ctx, mux, req)
|
||||
if err != nil {
|
||||
runtime.HTTPError(ctx, mux, outboundMarshaler, w, req, err)
|
||||
return
|
||||
}
|
||||
resp, md, err := local_request_AuthService_IsWorkspaceAuthenticated_0(rctx, inboundMarshaler, server, req, pathParams)
|
||||
ctx = runtime.NewServerMetadataContext(ctx, md)
|
||||
if err != nil {
|
||||
runtime.HTTPError(ctx, mux, outboundMarshaler, w, req, err)
|
||||
return
|
||||
}
|
||||
|
||||
forward_AuthService_IsWorkspaceAuthenticated_0(ctx, mux, outboundMarshaler, w, req, resp, mux.GetForwardResponseOptions()...)
|
||||
|
||||
})
|
||||
|
||||
return nil
|
||||
}
|
||||
|
||||
@@ -151,13 +204,37 @@ func RegisterAuthServiceHandlerClient(ctx context.Context, mux *runtime.ServeMux
|
||||
|
||||
})
|
||||
|
||||
mux.Handle("HEAD", pattern_AuthService_IsWorkspaceAuthenticated_0, func(w http.ResponseWriter, req *http.Request, pathParams map[string]string) {
|
||||
ctx, cancel := context.WithCancel(req.Context())
|
||||
defer cancel()
|
||||
inboundMarshaler, outboundMarshaler := runtime.MarshalerForRequest(mux, req)
|
||||
rctx, err := runtime.AnnotateContext(ctx, mux, req)
|
||||
if err != nil {
|
||||
runtime.HTTPError(ctx, mux, outboundMarshaler, w, req, err)
|
||||
return
|
||||
}
|
||||
resp, md, err := request_AuthService_IsWorkspaceAuthenticated_0(rctx, inboundMarshaler, client, req, pathParams)
|
||||
ctx = runtime.NewServerMetadataContext(ctx, md)
|
||||
if err != nil {
|
||||
runtime.HTTPError(ctx, mux, outboundMarshaler, w, req, err)
|
||||
return
|
||||
}
|
||||
|
||||
forward_AuthService_IsWorkspaceAuthenticated_0(ctx, mux, outboundMarshaler, w, req, resp, mux.GetForwardResponseOptions()...)
|
||||
|
||||
})
|
||||
|
||||
return nil
|
||||
}
|
||||
|
||||
var (
|
||||
pattern_AuthService_IsValidToken_0 = runtime.MustPattern(runtime.NewPattern(1, []int{2, 0, 2, 1, 2, 2, 2, 3}, []string{"apis", "v1beta1", "auth", "token"}, "", runtime.AssumeColonVerbOpt(true)))
|
||||
|
||||
pattern_AuthService_IsWorkspaceAuthenticated_0 = runtime.MustPattern(runtime.NewPattern(1, []int{2, 0, 2, 1, 2, 2, 2, 3}, []string{"apis", "v1beta1", "auth", "token"}, "", runtime.AssumeColonVerbOpt(true)))
|
||||
)
|
||||
|
||||
var (
|
||||
forward_AuthService_IsValidToken_0 = runtime.ForwardResponseMessage
|
||||
|
||||
forward_AuthService_IsWorkspaceAuthenticated_0 = runtime.ForwardResponseMessage
|
||||
)
|
||||
|
||||
@@ -6,12 +6,21 @@ import "google/api/annotations.proto";
|
||||
import "google/protobuf/empty.proto";
|
||||
|
||||
service AuthService {
|
||||
rpc IsValidToken(IsValidTokenRequest) returns (google.protobuf.Empty) {
|
||||
rpc IsValidToken(IsValidTokenRequest) returns (IsValidTokenResponse) {
|
||||
option (google.api.http) = {
|
||||
post: "/apis/v1beta1/auth/token"
|
||||
body: "token"
|
||||
};
|
||||
}
|
||||
|
||||
rpc IsWorkspaceAuthenticated(IsWorkspaceAuthenticatedRequest) returns (google.protobuf.Empty) {
|
||||
option (google.api.http) = {
|
||||
custom: {
|
||||
kind: "HEAD"
|
||||
path: "/apis/v1beta1/auth/token"
|
||||
}
|
||||
};
|
||||
}
|
||||
}
|
||||
|
||||
message TokenWrapper {
|
||||
@@ -20,4 +29,15 @@ message TokenWrapper {
|
||||
|
||||
message IsValidTokenRequest {
|
||||
TokenWrapper token = 1;
|
||||
}
|
||||
|
||||
message IsValidTokenResponse {
|
||||
string domain = 2;
|
||||
}
|
||||
|
||||
message IsWorkspaceAuthenticatedRequest {
|
||||
string FQDN = 1;
|
||||
string XOriginalMethod = 2;
|
||||
string XOriginalAuthority = 3;
|
||||
string XOriginalUri = 4;
|
||||
}
|
||||
@@ -3,6 +3,7 @@ package auth
|
||||
import (
|
||||
"context"
|
||||
"errors"
|
||||
"fmt"
|
||||
"github.com/onepanelio/core/api"
|
||||
"net/http"
|
||||
"strings"
|
||||
@@ -104,6 +105,28 @@ func UnaryInterceptor(kubeConfig *v1.Config, db *v1.DB) grpc.UnaryServerIntercep
|
||||
return handler(ctx, req)
|
||||
}
|
||||
|
||||
// if you don't need the token,
|
||||
if info.FullMethod == "/api.AuthService/IsWorkspaceAuthenticated" {
|
||||
md, ok := metadata.FromIncomingContext(ctx)
|
||||
fmt.Printf("%+v\n", md) //todo remove
|
||||
if !ok {
|
||||
ctx = nil
|
||||
return handler(ctx, req)
|
||||
}
|
||||
xOriginalAuthority := md.Get("x-original-authority")[0]
|
||||
fqdn := md.Get("fqdn")[0]
|
||||
//expected format: https://nginx-0--default.test-0.onepanel.site/
|
||||
if xOriginalAuthority != fqdn { //Ignore fully qualified domain uris
|
||||
ctx, err = getClient(ctx, kubeConfig, db)
|
||||
if err != nil {
|
||||
return
|
||||
}
|
||||
|
||||
return handler(ctx, req)
|
||||
}
|
||||
}
|
||||
|
||||
// This guy checks for the token
|
||||
ctx, err = getClient(ctx, kubeConfig, db)
|
||||
if err != nil {
|
||||
return
|
||||
|
||||
@@ -8,7 +8,9 @@ import (
|
||||
"github.com/onepanelio/core/server/auth"
|
||||
"github.com/pkg/errors"
|
||||
"google.golang.org/grpc/codes"
|
||||
"google.golang.org/grpc/metadata"
|
||||
"google.golang.org/grpc/status"
|
||||
"strings"
|
||||
)
|
||||
|
||||
type AuthServer struct{}
|
||||
@@ -16,8 +18,32 @@ type AuthServer struct{}
|
||||
func NewAuthServer() *AuthServer {
|
||||
return &AuthServer{}
|
||||
}
|
||||
func (a *AuthServer) IsWorkspaceAuthenticated(ctx context.Context, request *api.IsWorkspaceAuthenticatedRequest) (*empty.Empty, error) {
|
||||
md, ok := metadata.FromIncomingContext(ctx)
|
||||
if !ok {
|
||||
return &empty.Empty{}, errors.New("Error parsing headers.")
|
||||
}
|
||||
//Expected format: x-original-authority:[name--default.alexcluster.onepanel.io]
|
||||
xOriginalAuth := md.Get("x-original-authority")[0]
|
||||
fqdn := md.Get("fqdn")[0]
|
||||
if xOriginalAuth == fqdn {
|
||||
return &empty.Empty{}, nil
|
||||
}
|
||||
pos := strings.Index(xOriginalAuth, ".")
|
||||
if pos == -1 {
|
||||
return &empty.Empty{}, errors.New("Error parsing x-original-authority. No '.' character.")
|
||||
}
|
||||
workspaceAndNamespace := xOriginalAuth[0:pos]
|
||||
pieces := strings.Split(workspaceAndNamespace, "--")
|
||||
client := ctx.Value("kubeClient").(*v1.Client)
|
||||
allowed, err := auth.IsAuthorized(client, pieces[1], "create", "apps/v1", "statefulsets", pieces[0])
|
||||
if err != nil || !allowed {
|
||||
return &empty.Empty{}, err
|
||||
}
|
||||
return &empty.Empty{}, nil
|
||||
}
|
||||
|
||||
func (a *AuthServer) IsValidToken(ctx context.Context, req *api.IsValidTokenRequest) (*empty.Empty, error) {
|
||||
func (a *AuthServer) IsValidToken(ctx context.Context, req *api.IsValidTokenRequest) (res *api.IsValidTokenResponse, err error) {
|
||||
if ctx == nil {
|
||||
return nil, status.Error(codes.Unauthenticated, "Unauthenticated.")
|
||||
}
|
||||
@@ -45,5 +71,12 @@ func (a *AuthServer) IsValidToken(ctx context.Context, req *api.IsValidTokenRequ
|
||||
return nil, status.Error(codes.Unauthenticated, "Unauthenticated.")
|
||||
}
|
||||
|
||||
return &empty.Empty{}, nil
|
||||
config, err := client.GetSystemConfig()
|
||||
if err != nil {
|
||||
return
|
||||
}
|
||||
res = &api.IsValidTokenResponse{}
|
||||
res.Domain = config["ONEPANEL_DOMAIN"]
|
||||
|
||||
return res, nil
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user