router.go 6.2 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181
  1. package router
  2. import (
  3. "net/http"
  4. "github.com/go-chi/chi"
  5. "github.com/porter-dev/porter/api/server/authn"
  6. "github.com/porter-dev/porter/api/server/authz"
  7. "github.com/porter-dev/porter/api/server/authz/policy"
  8. "github.com/porter-dev/porter/api/server/shared"
  9. "github.com/porter-dev/porter/api/types"
  10. )
  11. func NewAPIRouter(config *shared.Config) *chi.Mux {
  12. r := chi.NewRouter()
  13. // set the content type for all API endpoints
  14. r.Use(ContentTypeJSON)
  15. endpointFactory := shared.NewAPIObjectEndpointFactory(config)
  16. baseRegisterer := NewBaseRegisterer()
  17. releaseRegisterer := NewReleaseScopedRegisterer()
  18. namespaceRegisterer := NewNamespaceScopedRegisterer(releaseRegisterer)
  19. clusterRegisterer := NewClusterScopedRegisterer(namespaceRegisterer)
  20. infraRegisterer := NewInfraScopedRegisterer()
  21. gitInstallationRegisterer := NewGitInstallationScopedRegisterer()
  22. registryRegisterer := NewRegistryScopedRegisterer()
  23. helmRepoRegisterer := NewHelmRepoScopedRegisterer()
  24. inviteRegisterer := NewInviteScopedRegisterer()
  25. projRegisterer := NewProjectScopedRegisterer(
  26. clusterRegisterer,
  27. registryRegisterer,
  28. helmRepoRegisterer,
  29. inviteRegisterer,
  30. gitInstallationRegisterer,
  31. infraRegisterer,
  32. )
  33. userRegisterer := NewUserScopedRegisterer(projRegisterer)
  34. r.Route("/api", func(r chi.Router) {
  35. baseRoutes := baseRegisterer.GetRoutes(
  36. r,
  37. config,
  38. &types.Path{
  39. RelativePath: "",
  40. },
  41. endpointFactory,
  42. )
  43. userRoutes := userRegisterer.GetRoutes(
  44. r,
  45. config,
  46. &types.Path{
  47. RelativePath: "",
  48. },
  49. endpointFactory,
  50. userRegisterer.Children...,
  51. )
  52. routes := append(baseRoutes, userRoutes...)
  53. registerRoutes(config, routes)
  54. })
  55. return r
  56. }
  57. type Route struct {
  58. Endpoint *shared.APIEndpoint
  59. Handler http.Handler
  60. Router chi.Router
  61. }
  62. type Registerer struct {
  63. GetRoutes func(
  64. r chi.Router,
  65. config *shared.Config,
  66. basePath *types.Path,
  67. factory shared.APIEndpointFactory,
  68. children ...*Registerer,
  69. ) []*Route
  70. Children []*Registerer
  71. }
  72. func registerRoutes(config *shared.Config, routes []*Route) {
  73. // Create a new "user-scoped" factory which will create a new user-scoped request
  74. // after authentication. Each subsequent http.Handler can lookup the user in context.
  75. authNFactory := authn.NewAuthNFactory(config)
  76. // Create a new "project-scoped" factory which will create a new project-scoped request
  77. // after authorization. Each subsequent http.Handler can lookup the project in context.
  78. projFactory := authz.NewProjectScopedFactory(config)
  79. // Create a new "cluster-scoped" factory which will create a new cluster-scoped request
  80. // after authorization. Each subsequent http.Handler can lookup the cluster in context.
  81. clusterFactory := authz.NewClusterScopedFactory(config)
  82. // Create a new "namespace-scoped" factory which will create a new namespace-scoped request
  83. // after authorization. Each subsequent http.Handler can lookup the namespace in context.
  84. namespaceFactory := authz.NewNamespaceScopedFactory(config)
  85. // Create a new "helmrepo-scoped" factory which will create a new helmrepo-scoped request
  86. // after authorization. Each subsequent http.Handler can lookup the helm repo in context.
  87. helmRepoFactory := authz.NewHelmRepoScopedFactory(config)
  88. // Create a new "registry-scoped" factory which will create a new registry-scoped request
  89. // after authorization. Each subsequent http.Handler can lookup the registry in context.
  90. registryFactory := authz.NewRegistryScopedFactory(config)
  91. // Create a new "gitinstallation-scoped" factory which will create a new gitinstallation-scoped request
  92. // after authorization. Each subsequent http.Handler can lookup the gitinstallation in context.
  93. gitInstallationFactory := authz.NewGitInstallationScopedFactory(config)
  94. // Create a new "invite-scoped" factory which will create a new invite-scoped request
  95. // after authorization. Each subsequent http.Handler can lookup the invite in context.
  96. inviteFactory := authz.NewInviteScopedFactory(config)
  97. // Create a new "infra-scoped" factory which will create a new infra-scoped request
  98. // after authorization. Each subsequent http.Handler can lookup the infra in context.
  99. infraFactory := authz.NewInfraScopedFactory(config)
  100. // Create a new "release-scoped" factory which will create a new release-scoped request
  101. // after authorization. Each subsequent http.Handler can lookup the release in context.
  102. releaseFactory := authz.NewReleaseScopedFactory(config)
  103. // Policy doc loader loads the policy documents for a specific project.
  104. policyDocLoader := policy.NewBasicPolicyDocumentLoader(config.Repo.Project())
  105. for _, route := range routes {
  106. atomicGroup := route.Router.Group(nil)
  107. for _, scope := range route.Endpoint.Metadata.Scopes {
  108. switch scope {
  109. case types.UserScope:
  110. // if the endpoint should redirect when authn fails, attach redirect handler
  111. if route.Endpoint.Metadata.ShouldRedirect {
  112. atomicGroup.Use(authNFactory.NewAuthenticatedWithRedirect)
  113. } else {
  114. atomicGroup.Use(authNFactory.NewAuthenticated)
  115. }
  116. case types.ProjectScope:
  117. policyFactory := authz.NewPolicyMiddleware(config, *route.Endpoint.Metadata, policyDocLoader)
  118. atomicGroup.Use(policyFactory.Middleware)
  119. atomicGroup.Use(projFactory.Middleware)
  120. case types.ClusterScope:
  121. atomicGroup.Use(clusterFactory.Middleware)
  122. case types.NamespaceScope:
  123. atomicGroup.Use(namespaceFactory.Middleware)
  124. case types.HelmRepoScope:
  125. atomicGroup.Use(helmRepoFactory.Middleware)
  126. case types.RegistryScope:
  127. atomicGroup.Use(registryFactory.Middleware)
  128. case types.InviteScope:
  129. atomicGroup.Use(inviteFactory.Middleware)
  130. case types.GitInstallationScope:
  131. atomicGroup.Use(gitInstallationFactory.Middleware)
  132. case types.InfraScope:
  133. atomicGroup.Use(infraFactory.Middleware)
  134. case types.ReleaseScope:
  135. atomicGroup.Use(releaseFactory.Middleware)
  136. }
  137. }
  138. atomicGroup.Method(
  139. string(route.Endpoint.Metadata.Method),
  140. route.Endpoint.Metadata.Path.RelativePath,
  141. route.Handler,
  142. )
  143. }
  144. }
  145. // ContentTypeJSON sets the content type for requests to application/json
  146. func ContentTypeJSON(next http.Handler) http.Handler {
  147. return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
  148. w.Header().Set("Content-Type", "application/json;charset=utf8")
  149. next.ServeHTTP(w, r)
  150. })
  151. }