feat(server): add /api/v1/session endpoint
arcad/emissary/pipeline/head This commit looks good
Details
arcad/emissary/pipeline/head This commit looks good
Details
This commit is contained in:
parent
8f2131338d
commit
76718722cc
|
@ -1,6 +1,7 @@
|
||||||
package agent
|
package agent
|
||||||
|
|
||||||
import (
|
import (
|
||||||
|
"encoding/json"
|
||||||
"fmt"
|
"fmt"
|
||||||
|
|
||||||
"forge.cadoles.com/Cadoles/emissary/internal/auth"
|
"forge.cadoles.com/Cadoles/emissary/internal/auth"
|
||||||
|
@ -29,4 +30,18 @@ func (u *User) Agent() *datastore.Agent {
|
||||||
return u.agent
|
return u.agent
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func (u *User) MarshalJSON() ([]byte, error) {
|
||||||
|
type user struct {
|
||||||
|
Subject string `json:"subject"`
|
||||||
|
Tenant string `json:"tenant"`
|
||||||
|
}
|
||||||
|
|
||||||
|
jsonUser := user{
|
||||||
|
Subject: u.Subject(),
|
||||||
|
Tenant: string(u.Tenant()),
|
||||||
|
}
|
||||||
|
|
||||||
|
return json.Marshal(jsonUser)
|
||||||
|
}
|
||||||
|
|
||||||
var _ auth.User = &User{}
|
var _ auth.User = &User{}
|
||||||
|
|
|
@ -64,16 +64,16 @@ func Middleware(authenticators ...Authenticator) func(http.Handler) http.Handler
|
||||||
}
|
}
|
||||||
|
|
||||||
if user == nil {
|
if user == nil {
|
||||||
isUnauthorized, isUnauthenticated, isUnknown := checkErrors(errs)
|
hasUnauthorized, hasUnauthenticated, hasUnknown := checkErrors(errs)
|
||||||
|
|
||||||
switch {
|
switch {
|
||||||
case isUnauthorized && !isUnknown:
|
case hasUnauthorized && !hasUnknown:
|
||||||
api.ErrorResponse(w, http.StatusForbidden, api.ErrCodeForbidden, nil)
|
api.ErrorResponse(w, http.StatusForbidden, api.ErrCodeForbidden, nil)
|
||||||
return
|
return
|
||||||
case isUnauthenticated && !isUnknown:
|
case hasUnauthenticated && !hasUnknown:
|
||||||
api.ErrorResponse(w, http.StatusForbidden, api.ErrCodeForbidden, nil)
|
api.ErrorResponse(w, http.StatusUnauthorized, api.ErrCodeUnauthorized, nil)
|
||||||
return
|
return
|
||||||
case isUnknown:
|
case hasUnknown:
|
||||||
api.ErrorResponse(w, http.StatusInternalServerError, api.ErrCodeUnknownError, nil)
|
api.ErrorResponse(w, http.StatusInternalServerError, api.ErrCodeUnknownError, nil)
|
||||||
return
|
return
|
||||||
default:
|
default:
|
||||||
|
@ -101,10 +101,8 @@ func checkErrors(errs []error) (isUnauthorized bool, isUnauthenticated bool, isU
|
||||||
switch {
|
switch {
|
||||||
case errors.Is(e, ErrUnauthorized):
|
case errors.Is(e, ErrUnauthorized):
|
||||||
isUnauthorized = true
|
isUnauthorized = true
|
||||||
continue
|
|
||||||
case errors.Is(e, ErrUnauthenticated):
|
case errors.Is(e, ErrUnauthenticated):
|
||||||
isUnauthenticated = true
|
isUnauthenticated = true
|
||||||
continue
|
|
||||||
default:
|
default:
|
||||||
isUnknown = true
|
isUnknown = true
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,6 +1,8 @@
|
||||||
package user
|
package user
|
||||||
|
|
||||||
import (
|
import (
|
||||||
|
"encoding/json"
|
||||||
|
|
||||||
"forge.cadoles.com/Cadoles/emissary/internal/auth"
|
"forge.cadoles.com/Cadoles/emissary/internal/auth"
|
||||||
"forge.cadoles.com/Cadoles/emissary/internal/datastore"
|
"forge.cadoles.com/Cadoles/emissary/internal/datastore"
|
||||||
)
|
)
|
||||||
|
@ -39,4 +41,20 @@ func (u *User) Role() Role {
|
||||||
return u.role
|
return u.role
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func (u *User) MarshalJSON() ([]byte, error) {
|
||||||
|
type user struct {
|
||||||
|
Subject string `json:"subject"`
|
||||||
|
Tenant string `json:"tenant"`
|
||||||
|
Role string `json:"role"`
|
||||||
|
}
|
||||||
|
|
||||||
|
jsonUser := user{
|
||||||
|
Subject: u.Subject(),
|
||||||
|
Tenant: string(u.Tenant()),
|
||||||
|
Role: string(u.Role()),
|
||||||
|
}
|
||||||
|
|
||||||
|
return json.Marshal(jsonUser)
|
||||||
|
}
|
||||||
|
|
||||||
var _ auth.User = &User{}
|
var _ auth.User = &User{}
|
||||||
|
|
|
@ -0,0 +1,35 @@
|
||||||
|
package api
|
||||||
|
|
||||||
|
import (
|
||||||
|
"net/http"
|
||||||
|
|
||||||
|
"forge.cadoles.com/Cadoles/emissary/internal/auth"
|
||||||
|
"forge.cadoles.com/Cadoles/emissary/internal/datastore"
|
||||||
|
"github.com/pkg/errors"
|
||||||
|
"gitlab.com/wpetit/goweb/api"
|
||||||
|
"gitlab.com/wpetit/goweb/logger"
|
||||||
|
)
|
||||||
|
|
||||||
|
func (m *Mount) getSession(w http.ResponseWriter, r *http.Request) {
|
||||||
|
user, ok := assertRequestUser(w, r)
|
||||||
|
if !ok {
|
||||||
|
return
|
||||||
|
}
|
||||||
|
|
||||||
|
ctx := r.Context()
|
||||||
|
|
||||||
|
tenant, err := m.tenantRepo.Get(ctx, user.Tenant())
|
||||||
|
if err != nil && !errors.Is(err, datastore.ErrNotFound) {
|
||||||
|
err = errors.WithStack(err)
|
||||||
|
logger.Error(ctx, "could not retrieve user tenant", logger.CapturedE(err))
|
||||||
|
api.ErrorResponse(w, http.StatusInternalServerError, ErrCodeUnknownError, nil)
|
||||||
|
}
|
||||||
|
|
||||||
|
api.DataResponse(w, http.StatusOK, struct {
|
||||||
|
User auth.User `json:"user"`
|
||||||
|
Tenant *datastore.Tenant `json:"tenant"`
|
||||||
|
}{
|
||||||
|
User: user,
|
||||||
|
Tenant: tenant,
|
||||||
|
})
|
||||||
|
}
|
|
@ -23,6 +23,8 @@ func (m *Mount) Mount(r chi.Router) {
|
||||||
r.Group(func(r chi.Router) {
|
r.Group(func(r chi.Router) {
|
||||||
r.Use(auth.Middleware(m.authenticators...))
|
r.Use(auth.Middleware(m.authenticators...))
|
||||||
|
|
||||||
|
r.Get("/session", m.getSession)
|
||||||
|
|
||||||
r.Route("/agents", func(r chi.Router) {
|
r.Route("/agents", func(r chi.Router) {
|
||||||
r.With(assertUserWithWriteAccess).Post("/claim", m.claimAgent)
|
r.With(assertUserWithWriteAccess).Post("/claim", m.claimAgent)
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue