Strona główna Odkrywaj Pomoc
Zaloguj się
akillibulut
/
porter
kopia lustrzana https://github.com/porter-dev/porter
2
0
Forkuj 0
Pliki Problemy 0 Wiki
Przeglądaj źródła

add auth

Alexander Belanger 5 lat temu
rodzic
841ff04c95
commit
5fa0d09e35
1 zmienionych plików z 99 dodań i 0 usunięć
Zunifikowany widok Pokaż statystyki zmian
  1. 99 0
      server/router/middleware/auth.go

+ 99 - 0
server/router/middleware/auth.go
Wyświetl plik 

@@ -74,6 +74,10 @@ type bodyRegistryID struct {
 
 	RegistryID uint64 `json:"registry_id"`
 
 	RegistryID uint64 `json:"registry_id"`
 
 }
 
 }
 
 
 
+type bodyGitRepoID struct {
 
+	GitRepoID uint64 `json:"git_repo_id"`
 
+}
 
+
 
 // DoesUserIDMatch checks the id URL parameter and verifies that it matches
 
 // DoesUserIDMatch checks the id URL parameter and verifies that it matches
 
 // the one stored in the session
 
 // the one stored in the session
 
 func (auth *Auth) DoesUserIDMatch(next http.Handler, loc IDLocation) http.Handler {
 
 func (auth *Auth) DoesUserIDMatch(next http.Handler, loc IDLocation) http.Handler {
 
@@ -260,6 +264,56 @@ func (auth *Auth) DoesUserHaveRegistryAccess(
 
 	})
 
 	})
 
 }
 
 }
 
 
 
+// DoesUserHaveGitRepoAccess looks for a project_id parameter and a
 
+// git_repo_id parameter, and verifies that the git repo belongs
 
+// to the project
 
+func (auth *Auth) DoesUserHaveGitRepoAccess(
 
+	next http.Handler,
 
+	projLoc IDLocation,
 
+	gitRepoLoc IDLocation,
 
+) http.Handler {
 
+	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
 
+		grID, err := findGitRepoIDInRequest(r, gitRepoLoc)
 
+
 
+		if err != nil {
 
+			http.Error(w, http.StatusText(http.StatusForbidden), http.StatusForbidden)
 
+			return
 
+		}
 
+
 
+		projID, err := findProjIDInRequest(r, projLoc)
 
+
 
+		if err != nil {
 
+			http.Error(w, http.StatusText(http.StatusForbidden), http.StatusForbidden)
 
+			return
 
+		}
 
+
 
+		// get the service accounts belonging to the project
 
+		grs, err := auth.repo.GitRepo.ListGitReposByProjectID(uint(projID))
 
+
 
+		if err != nil {
 
+			http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError)
 
+			return
 
+		}
 
+
 
+		doesExist := false
 
+
 
+		for _, gr := range grs {
 
+			if gr.ID == uint(grID) {
 
+				doesExist = true
 
+				break
 
+			}
 
+		}
 
+
 
+		if doesExist {
 
+			next.ServeHTTP(w, r)
 
+			return
 
+		}
 
+
 
+		http.Error(w, http.StatusText(http.StatusForbidden), http.StatusForbidden)
 
+		return
 
+	})
 
+}
 
+
 
 // Helpers
 
 // Helpers
 
 func (auth *Auth) doesSessionMatchID(r *http.Request, id uint) bool {
 
 func (auth *Auth) doesSessionMatchID(r *http.Request, id uint) bool {
 
 	session, _ := auth.store.Get(r, auth.cookieName)
 
 	session, _ := auth.store.Get(r, auth.cookieName)
 
@@ -466,3 +520,48 @@ func findRegistryIDInRequest(r *http.Request, registryLoc IDLocation) (uint64, e
 
 
 
 	return regID, nil
 
 	return regID, nil
 
 }
 
 }
 
+
 
+func findGitRepoIDInRequest(r *http.Request, gitRepoLoc IDLocation) (uint64, error) {
 
+	var grID uint64
 
+	var err error
 
+
 
+	if gitRepoLoc == URLParam {
 
+		grID, err = strconv.ParseUint(chi.URLParam(r, "git_repo_id"), 0, 64)
 
+
 
+		if err != nil {
 
+			return 0, err
 
+		}
 
+	} else if gitRepoLoc == BodyParam {
 
+		form := &bodyGitRepoID{}
 
+		body, err := ioutil.ReadAll(r.Body)
 
+
 
+		if err != nil {
 
+			return 0, err
 
+		}
 
+
 
+		err = json.Unmarshal(body, form)
 
+
 
+		if err != nil {
 
+			return 0, err
 
+		}
 
+
 
+		grID = form.GitRepoID
 
+
 
+		// need to create a new stream for the body
 
+		r.Body = ioutil.NopCloser(bytes.NewReader(body))
 
+	} else {
 
+		vals, err := url.ParseQuery(r.URL.RawQuery)
 
+
 
+		if err != nil {
 
+			return 0, err
 
+		}
 
+
 
+		if regStrArr, ok := vals["git_repo_id"]; ok && len(regStrArr) == 1 {
 
+			grID, err = strconv.ParseUint(regStrArr[0], 10, 64)
 
+		} else {
 
+			return 0, errors.New("git repo id not found")
 
+		}
 
+	}
 
+
 
+	return grID, nil
 
+}