feat(server): add /api/v1/session endpoint
arcad/emissary/pipeline/head This commit looks good Details

This commit is contained in:
wpetit 2024-03-03 18:40:56 +01:00
parent 8f2131338d
commit 76718722cc
5 changed files with 75 additions and 7 deletions

View File

@ -1,6 +1,7 @@
package agent package agent
import ( import (
"encoding/json"
"fmt" "fmt"
"forge.cadoles.com/Cadoles/emissary/internal/auth" "forge.cadoles.com/Cadoles/emissary/internal/auth"
@ -29,4 +30,18 @@ func (u *User) Agent() *datastore.Agent {
return u.agent return u.agent
} }
func (u *User) MarshalJSON() ([]byte, error) {
type user struct {
Subject string `json:"subject"`
Tenant string `json:"tenant"`
}
jsonUser := user{
Subject: u.Subject(),
Tenant: string(u.Tenant()),
}
return json.Marshal(jsonUser)
}
var _ auth.User = &User{} var _ auth.User = &User{}

View File

@ -64,16 +64,16 @@ func Middleware(authenticators ...Authenticator) func(http.Handler) http.Handler
} }
if user == nil { if user == nil {
isUnauthorized, isUnauthenticated, isUnknown := checkErrors(errs) hasUnauthorized, hasUnauthenticated, hasUnknown := checkErrors(errs)
switch { switch {
case isUnauthorized && !isUnknown: case hasUnauthorized && !hasUnknown:
api.ErrorResponse(w, http.StatusForbidden, api.ErrCodeForbidden, nil) api.ErrorResponse(w, http.StatusForbidden, api.ErrCodeForbidden, nil)
return return
case isUnauthenticated && !isUnknown: case hasUnauthenticated && !hasUnknown:
api.ErrorResponse(w, http.StatusForbidden, api.ErrCodeForbidden, nil) api.ErrorResponse(w, http.StatusUnauthorized, api.ErrCodeUnauthorized, nil)
return return
case isUnknown: case hasUnknown:
api.ErrorResponse(w, http.StatusInternalServerError, api.ErrCodeUnknownError, nil) api.ErrorResponse(w, http.StatusInternalServerError, api.ErrCodeUnknownError, nil)
return return
default: default:
@ -101,10 +101,8 @@ func checkErrors(errs []error) (isUnauthorized bool, isUnauthenticated bool, isU
switch { switch {
case errors.Is(e, ErrUnauthorized): case errors.Is(e, ErrUnauthorized):
isUnauthorized = true isUnauthorized = true
continue
case errors.Is(e, ErrUnauthenticated): case errors.Is(e, ErrUnauthenticated):
isUnauthenticated = true isUnauthenticated = true
continue
default: default:
isUnknown = true isUnknown = true
} }

View File

@ -1,6 +1,8 @@
package user package user
import ( import (
"encoding/json"
"forge.cadoles.com/Cadoles/emissary/internal/auth" "forge.cadoles.com/Cadoles/emissary/internal/auth"
"forge.cadoles.com/Cadoles/emissary/internal/datastore" "forge.cadoles.com/Cadoles/emissary/internal/datastore"
) )
@ -39,4 +41,20 @@ func (u *User) Role() Role {
return u.role return u.role
} }
func (u *User) MarshalJSON() ([]byte, error) {
type user struct {
Subject string `json:"subject"`
Tenant string `json:"tenant"`
Role string `json:"role"`
}
jsonUser := user{
Subject: u.Subject(),
Tenant: string(u.Tenant()),
Role: string(u.Role()),
}
return json.Marshal(jsonUser)
}
var _ auth.User = &User{} var _ auth.User = &User{}

View File

@ -0,0 +1,35 @@
package api
import (
"net/http"
"forge.cadoles.com/Cadoles/emissary/internal/auth"
"forge.cadoles.com/Cadoles/emissary/internal/datastore"
"github.com/pkg/errors"
"gitlab.com/wpetit/goweb/api"
"gitlab.com/wpetit/goweb/logger"
)
func (m *Mount) getSession(w http.ResponseWriter, r *http.Request) {
user, ok := assertRequestUser(w, r)
if !ok {
return
}
ctx := r.Context()
tenant, err := m.tenantRepo.Get(ctx, user.Tenant())
if err != nil && !errors.Is(err, datastore.ErrNotFound) {
err = errors.WithStack(err)
logger.Error(ctx, "could not retrieve user tenant", logger.CapturedE(err))
api.ErrorResponse(w, http.StatusInternalServerError, ErrCodeUnknownError, nil)
}
api.DataResponse(w, http.StatusOK, struct {
User auth.User `json:"user"`
Tenant *datastore.Tenant `json:"tenant"`
}{
User: user,
Tenant: tenant,
})
}

View File

@ -23,6 +23,8 @@ func (m *Mount) Mount(r chi.Router) {
r.Group(func(r chi.Router) { r.Group(func(r chi.Router) {
r.Use(auth.Middleware(m.authenticators...)) r.Use(auth.Middleware(m.authenticators...))
r.Get("/session", m.getSession)
r.Route("/agents", func(r chi.Router) { r.Route("/agents", func(r chi.Router) {
r.With(assertUserWithWriteAccess).Post("/claim", m.claimAgent) r.With(assertUserWithWriteAccess).Post("/claim", m.claimAgent)