mirror of
https://github.com/onepanelio/onepanel.git
synced 2025-10-30 00:11:45 +08:00
50 lines
1.2 KiB
Go
50 lines
1.2 KiB
Go
package server
|
|
|
|
import (
|
|
"context"
|
|
"github.com/golang/protobuf/ptypes/empty"
|
|
"github.com/onepanelio/core/api"
|
|
v1 "github.com/onepanelio/core/pkg"
|
|
"github.com/onepanelio/core/server/auth"
|
|
"github.com/pkg/errors"
|
|
"google.golang.org/grpc/codes"
|
|
"google.golang.org/grpc/status"
|
|
)
|
|
|
|
type AuthServer struct{}
|
|
|
|
func NewAuthServer() *AuthServer {
|
|
return &AuthServer{}
|
|
}
|
|
|
|
func (a *AuthServer) IsValidToken(ctx context.Context, req *api.IsValidTokenRequest) (*empty.Empty, error) {
|
|
if ctx == nil {
|
|
return nil, status.Error(codes.Unauthenticated, "Unauthenticated.")
|
|
}
|
|
|
|
client := ctx.Value("kubeClient").(*v1.Client)
|
|
|
|
namespaces, err := client.ListOnepanelEnabledNamespaces()
|
|
if err != nil {
|
|
if err.Error() == "Unauthorized" {
|
|
return nil, status.Error(codes.Unauthenticated, "Unauthenticated.")
|
|
}
|
|
return nil, err
|
|
}
|
|
if len(namespaces) == 0 {
|
|
return nil, errors.New("No namespaces for onepanel setup.")
|
|
}
|
|
namespace := namespaces[0]
|
|
|
|
allowed, err := auth.IsAuthorized(client, "", "get", "", "namespaces", namespace.Name)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
if !allowed {
|
|
return nil, status.Error(codes.Unauthenticated, "Unauthenticated.")
|
|
}
|
|
|
|
return &empty.Empty{}, nil
|
|
}
|