Начало Каталог Помощ
Вход
akillibulut
/
porter
огледало от https://github.com/porter-dev/porter
2
0
Разклонения 0
Файлове Задачи 0 Уики
ИН на ревизия: 5ca4a7a481
Клонове Маркери
porter
/
api
/
server
/
handlers
/
saml
/
create_integration.go

create_integration.go 2.4 KB
История Директен файл

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677787980818283 
  1. package saml
    2. 

  2. 

  3. import (
    4. 

  4. 	"errors"
    5. 

  5. 	"fmt"
    6. 

  6. 	"net/http"
    7. 

  7. 	"net/url"
    8. 

  8. 	"strings"
    9. 

  9. 

  10. 	"github.com/porter-dev/porter/api/server/handlers"
    11. 

  11. 	"github.com/porter-dev/porter/api/server/shared"
    12. 

  12. 	"github.com/porter-dev/porter/api/server/shared/apierrors"
    13. 

  13. 	"github.com/porter-dev/porter/api/server/shared/config"
    14. 

  14. 	"github.com/porter-dev/porter/api/types"
    15. 

  15. 	"github.com/porter-dev/porter/internal/models"
    16. 

  16. 	"github.com/porter-dev/porter/internal/models/saml"
    17. 

  17. 	"gorm.io/gorm"
    18. 

  18. )
    19. 

  19. 

  20. type CreateSAMLIntegrationHandler struct {
    21. 

  21. 	handlers.PorterHandlerReadWriter
    22. 

  22. }
    23. 

  23. 

  24. func NewCreateSAMLIntegrationHandler(
    25. 

  25. 	config *config.Config,
    26. 

  26. 	decoderValidator shared.RequestDecoderValidator,
    27. 

  27. 	writer shared.ResultWriter,
    28. 

  28. ) *CreateSAMLIntegrationHandler {
    29. 

  29. 	return &CreateSAMLIntegrationHandler{
    30. 

  30. 		PorterHandlerReadWriter: handlers.NewDefaultPorterHandler(config, decoderValidator, writer),
    31. 

  31. 	}
    32. 

  32. }
    33. 

  33. 

  34. func (h *CreateSAMLIntegrationHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
    35. 

  35. 	project, _ := r.Context().Value(types.ProjectScope).(*models.Project)
    36. 

  36. 

  37. 	if !project.SAMLSSOEnabled {
    38. 

  38. 		h.HandleAPIError(w, r, apierrors.NewErrForbidden(errors.New("SAML SSO is not enabled for this project")))
    39. 

  39. 		return
    40. 

  40. 	}
    41. 

  41. 

  42. 	// FIXME: check if user has necessary permissions to make this request with RBAC
    43. 

  43. 

  44. 	request := &types.CreateSAMLIntegrationRequest{}
    45. 

  45. 

  46. 	if ok := h.DecodeAndValidate(w, r, request); !ok {
    47. 

  47. 		return
    48. 

  48. 	}
    49. 

  49. 

  50. 	for _, domain := range request.Domains {
    51. 

  51. 		parsed, err := url.Parse("https://" + domain)
    52. 

  52. 

  53. 		if err != nil || parsed.Host != domain {
    54. 

  54. 			h.HandleAPIError(w, r, apierrors.NewErrPassThroughToClient(fmt.Errorf("invalid domain %s", domain),
    55. 

  55. 				http.StatusBadRequest))
    56. 

  56. 			return
    57. 

  57. 		}
    58. 

  58. 

  59. 		_, err = h.Repo().SAMLIntegration().ValidateSAMLIntegration(domain)
    60. 

  60. 

  61. 		if err == nil {
    62. 

  62. 			h.HandleAPIError(w, r, apierrors.NewErrPassThroughToClient(
    63. 

  63. 				fmt.Errorf("domain %s already exists in another SAML integration, please talk to the Porter team for help",
    64. 

  64. 					domain), http.StatusBadRequest))
    65. 

  65. 			return
    66. 

  66. 		} else if !errors.Is(err, gorm.ErrRecordNotFound) {
    67. 

  67. 			h.HandleAPIError(w, r, apierrors.NewErrInternal(err))
    68. 

  68. 			return
    69. 

  69. 		}
    70. 

  70. 	}
    71. 

  71. 

  72. 	integ := &saml.SAMLIntegration{
    73. 

  73. 		ProjectID:       project.ID,
    74. 

  74. 		Domains:         strings.Join(request.Domains, ","),
    75. 

  75. 		SignOnURL:       request.SignOnURL,
    76. 

  76. 		CertificateData: []byte(request.CertificateData),
    77. 

  77. 	}
    78. 

  78. 

  79. 	if _, err := h.Repo().SAMLIntegration().CreateSAMLIntegration(integ); err != nil {
    80. 

  80. 		h.HandleAPIError(w, r, apierrors.NewErrInternal(err))
    81. 

  81. 		return
    82. 

  82. 	}
    83. 

  83. }
    84.