akillibulut
/
porter
cermin dari https://github.com/porter-dev/porter


			
				
					
						
						
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448
							package router

import (
	"net/http"
	"os"

	"github.com/go-chi/chi"
	"github.com/gorilla/sessions"
	"github.com/porter-dev/porter/internal/repository"
	"github.com/porter-dev/porter/server/api"
	"github.com/porter-dev/porter/server/requestlog"
	mw "github.com/porter-dev/porter/server/router/middleware"
)

// New creates a new Chi router instance
func New(
	a *api.App,
	store sessions.Store,
	cookieName string,
	staticFilePath string,
	repo *repository.Repository,
) *chi.Mux {
	l := a.Logger()
	r := chi.NewRouter()
	auth := mw.NewAuth(store, cookieName, repo)

	r.Route("/api", func(r chi.Router) {
		r.Use(mw.ContentTypeJSON)

		// health checks
		r.Method("GET", "/livez", http.HandlerFunc(a.HandleLive))
		r.Method("GET", "/readyz", http.HandlerFunc(a.HandleReady))

		// /api/users routes
		r.Method("GET", "/users/{user_id}", auth.DoesUserIDMatch(requestlog.NewHandler(a.HandleReadUser, l), mw.URLParam))
		r.Method("GET", "/users/{user_id}/projects", auth.DoesUserIDMatch(requestlog.NewHandler(a.HandleListUserProjects, l), mw.URLParam))
		r.Method("POST", "/users", requestlog.NewHandler(a.HandleCreateUser, l))
		r.Method("DELETE", "/users/{user_id}", auth.DoesUserIDMatch(requestlog.NewHandler(a.HandleDeleteUser, l), mw.URLParam))
		r.Method("POST", "/login", requestlog.NewHandler(a.HandleLoginUser, l))
		r.Method("GET", "/auth/check", auth.BasicAuthenticate(requestlog.NewHandler(a.HandleAuthCheck, l)))
		r.Method("POST", "/logout", auth.BasicAuthenticate(requestlog.NewHandler(a.HandleLogoutUser, l)))

		// /integrations routes
		r.Method(
			"GET",
			"/integrations/cluster",
			auth.BasicAuthenticate(
				requestlog.NewHandler(a.HandleListClusterIntegrations, l),
			),
		)

		r.Method(
			"GET",
			"/integrations/registry",
			auth.BasicAuthenticate(
				requestlog.NewHandler(a.HandleListRegistryIntegrations, l),
			),
		)

		r.Method(
			"GET",
			"/integrations/repo",
			auth.BasicAuthenticate(
				requestlog.NewHandler(a.HandleListRepoIntegrations, l),
			),
		)

		// /api/oauth routes
		// r.Method(
		// 	"GET",
		// 	"/oauth/projects/{project_id}/github",
		// 	auth.DoesUserHaveProjectAccess(
		// 		requestlog.NewHandler(a.HandleGithubOAuthStartProject, l),
		// 		mw.URLParam,
		// 		mw.WriteAccess,
		// 	),
		// )

		// r.Method(
		// 	"GET",
		// 	"/oauth/github/callback",
		// 	requestlog.NewHandler(a.HandleGithubOAuthCallback, l),
		// )

		// /api/projects routes
		r.Method(
			"GET",
			"/projects/{project_id}",
			auth.DoesUserHaveProjectAccess(
				requestlog.NewHandler(a.HandleReadProject, l),
				mw.URLParam,
				mw.ReadAccess,
			),
		)

		r.Method(
			"GET",
			"/projects/{project_id}/clusters/{cluster_id}",
			auth.DoesUserHaveProjectAccess(
				auth.DoesUserHaveClusterAccess(
					requestlog.NewHandler(a.HandleReadProjectCluster, l),
					mw.URLParam,
					mw.URLParam,
				),
				mw.URLParam,
				mw.ReadAccess,
			),
		)

		r.Method(
			"GET",
			"/projects/{project_id}/clusters",
			auth.DoesUserHaveProjectAccess(
				requestlog.NewHandler(a.HandleListProjectClusters, l),
				mw.URLParam,
				mw.ReadAccess,
			),
		)

		r.Method("POST", "/projects", auth.BasicAuthenticate(requestlog.NewHandler(a.HandleCreateProject, l)))

		r.Method(
			"POST",
			"/projects/{project_id}/clusters/candidates",
			auth.DoesUserHaveProjectAccess(
				requestlog.NewHandler(a.HandleCreateProjectClusterCandidates, l),
				mw.URLParam,
				mw.WriteAccess,
			),
		)

		r.Method(
			"GET",
			"/projects/{project_id}/clusters/candidates",
			auth.DoesUserHaveProjectAccess(
				requestlog.NewHandler(a.HandleListProjectClusterCandidates, l),
				mw.URLParam,
				mw.WriteAccess,
			),
		)

		r.Method(
			"POST",
			"/projects/{project_id}/clusters/candidates/{candidate_id}/resolve",
			auth.DoesUserHaveProjectAccess(
				requestlog.NewHandler(a.HandleResolveClusterCandidate, l),
				mw.URLParam,
				mw.WriteAccess,
			),
		)

		r.Method(
			"DELETE",
			"/projects/{project_id}",
			auth.DoesUserHaveProjectAccess(
				requestlog.NewHandler(a.HandleDeleteProject, l),
				mw.URLParam,
				mw.WriteAccess,
			),
		)

		// /api/projects/{project_id}/integrations routes
		r.Method(
			"POST",
			"/projects/{project_id}/integrations/gcp",
			auth.DoesUserHaveProjectAccess(
				requestlog.NewHandler(a.HandleCreateGCPIntegration, l),
				mw.URLParam,
				mw.WriteAccess,
			),
		)

		r.Method(
			"POST",
			"/projects/{project_id}/integrations/aws",
			auth.DoesUserHaveProjectAccess(
				requestlog.NewHandler(a.HandleCreateAWSIntegration, l),
				mw.URLParam,
				mw.WriteAccess,
			),
		)

		// /api/projects/{project_id}/registries routes
		r.Method(
			"POST",
			"/projects/{project_id}/registries",
			auth.DoesUserHaveProjectAccess(
				requestlog.NewHandler(a.HandleCreateRegistry, l),
				mw.URLParam,
				mw.WriteAccess,
			),
		)

		r.Method(
			"GET",
			"/projects/{project_id}/registries",
			auth.DoesUserHaveProjectAccess(
				requestlog.NewHandler(a.HandleListProjectRegistries, l),
				mw.URLParam,
				mw.WriteAccess,
			),
		)

		r.Method(
			"GET",
			"/projects/{project_id}/registries/{registry_id}/repositories",
			auth.DoesUserHaveProjectAccess(
				auth.DoesUserHaveRegistryAccess(
					requestlog.NewHandler(a.HandleListRepositories, l),
					mw.URLParam,
					mw.URLParam,
				),
				mw.URLParam,
				mw.WriteAccess,
			),
		)

		// /api/projects/{project_id}/releases routes
		r.Method(
			"GET",
			"/projects/{project_id}/releases",
			auth.DoesUserHaveProjectAccess(
				auth.DoesUserHaveClusterAccess(
					requestlog.NewHandler(a.HandleListReleases, l),
					mw.URLParam,
					mw.QueryParam,
				),
				mw.URLParam,
				mw.ReadAccess,
			),
		)

		r.Method(
			"GET",
			"/projects/{project_id}/releases/{name}/{revision}/components",
			auth.DoesUserHaveProjectAccess(
				auth.DoesUserHaveClusterAccess(
					requestlog.NewHandler(a.HandleGetReleaseComponents, l),
					mw.URLParam,
					mw.QueryParam,
				),
				mw.URLParam,
				mw.ReadAccess,
			),
		)

		r.Method(
			"GET",
			"/projects/{project_id}/releases/{name}/{revision}/controllers",
			auth.DoesUserHaveProjectAccess(
				auth.DoesUserHaveClusterAccess(
					requestlog.NewHandler(a.HandleGetReleaseControllers, l),
					mw.URLParam,
					mw.QueryParam,
				),
				mw.URLParam,
				mw.ReadAccess,
			),
		)

		r.Method(
			"GET",
			"/projects/{project_id}/releases/{name}/history",
			auth.DoesUserHaveProjectAccess(
				auth.DoesUserHaveClusterAccess(
					requestlog.NewHandler(a.HandleListReleaseHistory, l),
					mw.URLParam,
					mw.QueryParam,
				),
				mw.URLParam,
				mw.ReadAccess,
			),
		)

		r.Method(
			"POST",
			"/projects/{project_id}/releases/{name}/upgrade",
			auth.DoesUserHaveProjectAccess(
				auth.DoesUserHaveClusterAccess(
					requestlog.NewHandler(a.HandleUpgradeRelease, l),
					mw.URLParam,
					mw.QueryParam,
				),
				mw.URLParam,
				mw.ReadAccess,
			),
		)

		r.Method(
			"GET",
			"/projects/{project_id}/releases/{name}/{revision}",
			auth.DoesUserHaveProjectAccess(
				auth.DoesUserHaveClusterAccess(
					requestlog.NewHandler(a.HandleGetRelease, l),
					mw.URLParam,
					mw.QueryParam,
				),
				mw.URLParam,
				mw.ReadAccess,
			),
		)

		r.Method(
			"POST",
			"/projects/{project_id}/releases/{name}/rollback",
			auth.DoesUserHaveProjectAccess(
				auth.DoesUserHaveClusterAccess(
					requestlog.NewHandler(a.HandleRollbackRelease, l),
					mw.URLParam,
					mw.QueryParam,
				),
				mw.URLParam,
				mw.ReadAccess,
			),
		)

		// /api/projects/{project_id}/repos routes
		// r.Method(
		// 	"GET",
		// 	"/projects/{project_id}/repos",
		// 	auth.DoesUserHaveProjectAccess(
		// 		requestlog.NewHandler(a.HandleListRepos, l),
		// 		mw.URLParam,
		// 		mw.ReadAccess,
		// 	),
		// )

		// r.Method(
		// 	"GET",
		// 	"/projects/{project_id}/repos/{kind}/{name}/branches",
		// 	auth.DoesUserHaveProjectAccess(
		// 		requestlog.NewHandler(a.HandleGetBranches, l),
		// 		mw.URLParam,
		// 		mw.ReadAccess,
		// 	),
		// )

		// r.Method(
		// 	"GET",
		// 	"/projects/{project_id}/repos/{kind}/{name}/{branch}/contents",
		// 	auth.DoesUserHaveProjectAccess(
		// 		requestlog.NewHandler(a.HandleGetBranchContents, l),
		// 		mw.URLParam,
		// 		mw.ReadAccess,
		// 	),
		// )

		// /api/projects/{project_id}/images routes
		// TODO: add back project access check
		r.Method(
			"GET",
			"/projects/{project_id}/images",
			auth.BasicAuthenticate(requestlog.NewHandler(a.HandleListImages, l)),
		)

		r.Method(
			"POST",
			"/projects/{project_id}/deploy",
			auth.DoesUserHaveProjectAccess(
				auth.DoesUserHaveClusterAccess(
					requestlog.NewHandler(a.HandleDeployTemplate, l),
					mw.URLParam,
					mw.QueryParam,
				),
				mw.URLParam,
				mw.ReadAccess,
			),
		)

		// /api/templates routes
		r.Method(
			"GET",
			"/templates",
			auth.BasicAuthenticate(
				requestlog.NewHandler(a.HandleListTemplates, l),
			),
		)

		// /api/projects/{project_id}/k8s routes
		r.Method(
			"GET",
			"/projects/{project_id}/k8s/namespaces",
			auth.DoesUserHaveProjectAccess(
				auth.DoesUserHaveClusterAccess(
					requestlog.NewHandler(a.HandleListNamespaces, l),
					mw.URLParam,
					mw.QueryParam,
				),
				mw.URLParam,
				mw.ReadAccess,
			),
		)

		r.Method(
			"GET",
			"/projects/{project_id}/k8s/{namespace}/pod/{name}/logs",
			auth.DoesUserHaveProjectAccess(
				auth.DoesUserHaveClusterAccess(
					requestlog.NewHandler(a.HandleGetPodLogs, l),
					mw.URLParam,
					mw.QueryParam,
				),
				mw.URLParam,
				mw.ReadAccess,
			),
		)

		r.Method(
			"GET",
			"/projects/{project_id}/k8s/{kind}/status",
			auth.DoesUserHaveProjectAccess(
				auth.DoesUserHaveClusterAccess(
					requestlog.NewHandler(a.HandleStreamControllerStatus, l),
					mw.URLParam,
					mw.QueryParam,
				),
				mw.URLParam,
				mw.ReadAccess,
			),
		)

		r.Method(
			"GET",
			"/projects/{project_id}/k8s/pods",
			auth.DoesUserHaveProjectAccess(
				auth.DoesUserHaveClusterAccess(
					requestlog.NewHandler(a.HandleListPods, l),
					mw.URLParam,
					mw.QueryParam,
				),
				mw.URLParam,
				mw.ReadAccess,
			),
		)
	})

	fs := http.FileServer(http.Dir(staticFilePath))

	r.Get("/*", func(w http.ResponseWriter, r *http.Request) {
		if _, err := os.Stat(staticFilePath + r.RequestURI); os.IsNotExist(err) {
			http.StripPrefix(r.URL.Path, fs).ServeHTTP(w, r)
		} else {
			fs.ServeHTTP(w, r)
		}
	})

	return r
}