Skip to content

Commit

Permalink
gateway: move all the authn/authz logic from api to action
Browse files Browse the repository at this point in the history
  • Loading branch information
@alessandro-sorint
alessandro-sorint committed Aug 23, 2022
1 parent 23c66d7 commit 5046667
Show file tree
Hide file tree
Showing 6 changed files with 36 additions and 58 deletions.
12 changes: 4 additions & 8 deletions internal/services/gateway/action/project.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -104,7 +104,7 @@ func (h *ActionHandler) CreateProject(ctx context.Context, req *CreateProjectReq
return nil, util.NewAPIError(util.ErrBadRequest, errors.Errorf("project %q already exists", projectPath))
}

gitSource, rs, la, err := h.GetUserGitSource(ctx, req.RemoteSourceName, curUserID)
gitSource, rs, la, err := h.GetUserGitSource(ctx, req.RemoteSourceName)
if err != nil {
return nil, errors.Wrapf(err, "failed to create gitsource client")
}
Expand Down Expand Up @@ -225,8 +225,6 @@ func (h *ActionHandler) UpdateProject(ctx context.Context, projectRef string, re
}

func (h *ActionHandler) ProjectUpdateRepoLinkedAccount(ctx context.Context, projectRef string) (*csapitypes.Project, error) {
curUserID := common.CurrentUserID(ctx)

p, _, err := h.configstoreClient.GetProject(ctx, projectRef)
if err != nil {
return nil, util.NewAPIError(util.KindFromRemoteError(err), errors.Wrapf(err, "failed to get project %q", projectRef))
Expand All @@ -240,7 +238,7 @@ func (h *ActionHandler) ProjectUpdateRepoLinkedAccount(ctx context.Context, proj
return nil, util.NewAPIError(util.ErrForbidden, errors.Errorf("user not authorized"))
}

gitsource, _, la, err := h.GetUserGitSource(ctx, p.RemoteSourceID, curUserID)
gitsource, _, la, err := h.GetUserGitSource(ctx, p.RemoteSourceID)
if err != nil {
return nil, errors.Wrapf(err, "failed to create gitsource client")
}
Expand Down Expand Up @@ -420,8 +418,6 @@ func (h *ActionHandler) DeleteProject(ctx context.Context, projectRef string) er
}

func (h *ActionHandler) ProjectCreateRun(ctx context.Context, projectRef, branch, tag, refName, commitSHA string) error {
curUserID := common.CurrentUserID(ctx)

p, _, err := h.configstoreClient.GetProject(ctx, projectRef)
if err != nil {
return util.NewAPIError(util.KindFromRemoteError(err), errors.Wrapf(err, "failed to get project %q", projectRef))
Expand All @@ -435,7 +431,7 @@ func (h *ActionHandler) ProjectCreateRun(ctx context.Context, projectRef, branch
return util.NewAPIError(util.ErrForbidden, errors.Errorf("user not authorized"))
}

gitSource, rs, _, err := h.GetUserGitSource(ctx, p.RemoteSourceID, curUserID)
gitSource, rs, _, err := h.GetUserGitSource(ctx, p.RemoteSourceID)
if err != nil {
return errors.Wrapf(err, "failed to create gitsource client")
}
Expand Down Expand Up @@ -602,7 +598,7 @@ func (h *ActionHandler) RefreshRemoteRepositoryInfo(ctx context.Context, project
return nil, util.NewAPIError(util.ErrForbidden, errors.Errorf("user not authorized"))
}

gitSource, _, _, err := h.GetUserGitSource(ctx, p.RemoteSourceID, common.CurrentUserID(ctx))
gitSource, _, _, err := h.GetUserGitSource(ctx, p.RemoteSourceID)
if err != nil {
return nil, util.NewAPIError(util.KindFromRemoteError(err), errors.Wrapf(err, "failed to get remote source %q", p.RemoteSourceID))
}
Expand Down
17 changes: 11 additions & 6 deletions internal/services/gateway/action/projectgroup.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -19,6 +19,7 @@ import (
"path"

"agola.io/agola/internal/errors"
"agola.io/agola/internal/services/gateway/common"
"agola.io/agola/internal/util"
csapitypes "agola.io/agola/services/configstore/api/types"
cstypes "agola.io/agola/services/configstore/types"
Expand Down Expand Up @@ -49,13 +50,17 @@ func (h *ActionHandler) GetProjectGroupProjects(ctx context.Context, projectGrou
}

type CreateProjectGroupRequest struct {
CurrentUserID string
Name string
ParentRef string
Visibility cstypes.Visibility
Name string
ParentRef string
Visibility cstypes.Visibility
}

func (h *ActionHandler) CreateProjectGroup(ctx context.Context, req *CreateProjectGroupRequest) (*csapitypes.ProjectGroup, error) {
userID := common.CurrentUserID(ctx)
if userID == "" {
return nil, util.NewAPIError(util.ErrBadRequest, errors.Errorf("user not authenticated"))
}

if !util.ValidateName(req.Name) {
return nil, util.NewAPIError(util.ErrBadRequest, errors.Errorf("invalid projectGroup name %q", req.Name))
}
Expand All @@ -73,9 +78,9 @@ func (h *ActionHandler) CreateProjectGroup(ctx context.Context, req *CreateProje
return nil, util.NewAPIError(util.ErrForbidden, errors.Errorf("user not authorized"))
}

user, _, err := h.configstoreClient.GetUser(ctx, req.CurrentUserID)
user, _, err := h.configstoreClient.GetUser(ctx, userID)
if err != nil {
return nil, util.NewAPIError(util.KindFromRemoteError(err), errors.Wrapf(err, "failed to get user %q", req.CurrentUserID))
return nil, util.NewAPIError(util.KindFromRemoteError(err), errors.Wrapf(err, "failed to get user %q", userID))
}

parentRef := req.ParentRef
Expand Down
24 changes: 15 additions & 9 deletions internal/services/gateway/action/user.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -46,12 +46,12 @@ func isAccessTokenExpired(expiresAt time.Time) bool {
return expiresAt.Add(-expireTimeRange).Before(time.Now())
}

func (h *ActionHandler) GetCurrentUser(ctx context.Context, userRef string) (*cstypes.User, []*cstypes.UserToken, []*cstypes.LinkedAccount, error) {
func (h *ActionHandler) GetCurrentUser(ctx context.Context) (*cstypes.User, []*cstypes.UserToken, []*cstypes.LinkedAccount, error) {
if !common.IsUserLoggedOrAdmin(ctx) {
return nil, nil, nil, errors.Errorf("user not logged in")
}

user, _, err := h.configstoreClient.GetUser(ctx, userRef)
user, _, err := h.configstoreClient.GetUser(ctx, common.CurrentUserID(ctx))
if err != nil {
return nil, nil, nil, util.NewAPIError(util.KindFromRemoteError(err), err)
}
Expand Down Expand Up @@ -81,12 +81,13 @@ func (h *ActionHandler) GetUser(ctx context.Context, userRef string) (*cstypes.U
return user, nil
}

func (h *ActionHandler) GetUserOrgs(ctx context.Context, userRef string) ([]*csapitypes.UserOrgsResponse, error) {
if !common.IsUserLogged(ctx) {
return nil, errors.Errorf("user not logged in")
func (h *ActionHandler) GetUserOrgs(ctx context.Context) ([]*csapitypes.UserOrgsResponse, error) {
userID := common.CurrentUserID(ctx)
if userID == "" {
return nil, errors.Errorf("user not authenticated")
}

orgs, _, err := h.configstoreClient.GetUserOrgs(ctx, userRef)
orgs, _, err := h.configstoreClient.GetUserOrgs(ctx, userID)
if err != nil {
return nil, util.NewAPIError(util.KindFromRemoteError(err), err)
}
Expand Down Expand Up @@ -998,15 +999,20 @@ func (h *ActionHandler) UserCreateRun(ctx context.Context, req *UserCreateRunReq
return h.CreateRuns(ctx, creq)
}

func (h *ActionHandler) GetUserGitSource(ctx context.Context, remoteSourceRef, userRef string) (gitsource.GitSource, *cstypes.RemoteSource, *cstypes.LinkedAccount, error) {
func (h *ActionHandler) GetUserGitSource(ctx context.Context, remoteSourceRef string) (gitsource.GitSource, *cstypes.RemoteSource, *cstypes.LinkedAccount, error) {
userID := common.CurrentUserID(ctx)
if userID == "" {
return nil, nil, nil, errors.Errorf("user not authenticated")
}

rs, _, err := h.configstoreClient.GetRemoteSource(ctx, remoteSourceRef)
if err != nil {
return nil, nil, nil, errors.Wrapf(err, "failed to get remote source %q", remoteSourceRef)
}

linkedAccounts, _, err := h.configstoreClient.GetUserLinkedAccounts(ctx, userRef)
linkedAccounts, _, err := h.configstoreClient.GetUserLinkedAccounts(ctx, userID)
if err != nil {
return nil, nil, nil, errors.Wrapf(err, "failed to get user %q linked accounts", userRef)
return nil, nil, nil, errors.Wrapf(err, "failed to get user %q linked accounts", userID)
}

var la *cstypes.LinkedAccount
Expand Down
15 changes: 3 additions & 12 deletions internal/services/gateway/api/projectgroup.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -19,9 +19,7 @@ import (
"net/http"
"net/url"

"agola.io/agola/internal/errors"
"agola.io/agola/internal/services/gateway/action"
"agola.io/agola/internal/services/gateway/common"
"agola.io/agola/internal/util"
csapitypes "agola.io/agola/services/configstore/api/types"
cstypes "agola.io/agola/services/configstore/types"
Expand Down Expand Up @@ -50,17 +48,10 @@ func (h *CreateProjectGroupHandler) ServeHTTP(w http.ResponseWriter, r *http.Req
return
}

userID := common.CurrentUserID(ctx)
if userID == "" {
util.HTTPError(w, util.NewAPIError(util.ErrBadRequest, errors.Errorf("user not authenticated")))
return
}

creq := &action.CreateProjectGroupRequest{
Name: req.Name,
ParentRef: req.ParentRef,
Visibility: cstypes.Visibility(req.Visibility),
CurrentUserID: userID,
Name: req.Name,
ParentRef: req.ParentRef,
Visibility: cstypes.Visibility(req.Visibility),
}

projectGroup, err := h.ah.CreateProjectGroup(ctx, creq)
Expand Down
9 changes: 1 addition & 8 deletions internal/services/gateway/api/remoterepo.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -20,7 +20,6 @@ import (
"agola.io/agola/internal/errors"
gitsource "agola.io/agola/internal/gitsources"
"agola.io/agola/internal/services/gateway/action"
"agola.io/agola/internal/services/gateway/common"
"agola.io/agola/internal/util"
csclient "agola.io/agola/services/configstore/client"
gwapitypes "agola.io/agola/services/gateway/api/types"
Expand Down Expand Up @@ -53,13 +52,7 @@ func (h *UserRemoteReposHandler) ServeHTTP(w http.ResponseWriter, r *http.Reques
vars := mux.Vars(r)
remoteSourceRef := vars["remotesourceref"]

userID := common.CurrentUserID(ctx)
if userID == "" {
util.HTTPError(w, util.NewAPIError(util.ErrBadRequest, errors.Errorf("user not authenticated")))
return
}

gitsource, _, _, err := h.ah.GetUserGitSource(ctx, remoteSourceRef, userID)
gitsource, _, _, err := h.ah.GetUserGitSource(ctx, remoteSourceRef)
if err != nil {
util.HTTPError(w, err)
h.log.Err(err).Send()
Expand Down
17 changes: 2 additions & 15 deletions internal/services/gateway/api/user.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -23,7 +23,6 @@ import (

"agola.io/agola/internal/errors"
"agola.io/agola/internal/services/gateway/action"
"agola.io/agola/internal/services/gateway/common"
"agola.io/agola/internal/util"
csapitypes "agola.io/agola/services/configstore/api/types"
cstypes "agola.io/agola/services/configstore/types"
Expand Down Expand Up @@ -105,13 +104,7 @@ func NewCurrentUserHandler(log zerolog.Logger, ah *action.ActionHandler) *Curren
func (h *CurrentUserHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
ctx := r.Context()

userID := common.CurrentUserID(ctx)
if userID == "" {
util.HTTPError(w, util.NewAPIError(util.ErrBadRequest, errors.Errorf("user not authenticated")))
return
}

user, tokens, linkedAccounts, err := h.ah.GetCurrentUser(ctx, userID)
user, tokens, linkedAccounts, err := h.ah.GetCurrentUser(ctx)
if util.HTTPError(w, err) {
h.log.Err(err).Send()
return
Expand Down Expand Up @@ -613,13 +606,7 @@ func NewUserOrgsHandler(log zerolog.Logger, ah *action.ActionHandler) *UserOrgsH
func (h *UserOrgsHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
ctx := r.Context()

userID := common.CurrentUserID(ctx)
if userID == "" {
util.HTTPError(w, util.NewAPIError(util.ErrBadRequest, errors.Errorf("user not authenticated")))
return
}

userOrgs, err := h.ah.GetUserOrgs(ctx, userID)
userOrgs, err := h.ah.GetUserOrgs(ctx)
if util.HTTPError(w, err) {
h.log.Err(err).Send()
return
Expand Down

0 comments on commit 5046667

Please sign in to comment.