router.go 37 KB

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576777879808182838485868788899091929394959697989910010110210310410510610710810911011111211311411511611711811912012112212312412512612712812913013113213313413513613713813914014114214314414514614714814915015115215315415515615715815916016116216316416516616716816917017117217317417517617717817918018118218318418518618718818919019119219319419519619719819920020120220320420520620720820921021121221321421521621721821922022122222322422522622722822923023123223323423523623723823924024124224324424524624724824925025125225325425525625725825926026126226326426526626726826927027127227327427527627727827928028128228328428528628728828929029129229329429529629729829930030130230330430530630730830931031131231331431531631731831932032132232332432532632732832933033133233333433533633733833934034134234334434534634734834935035135235335435535635735835936036136236336436536636736836937037137237337437537637737837938038138238338438538638738838939039139239339439539639739839940040140240340440540640740840941041141241341441541641741841942042142242342442542642742842943043143243343443543643743843944044144244344444544644744844945045145245345445545645745845946046146246346446546646746846947047147247347447547647747847948048148248348448548648748848949049149249349449549649749849950050150250350450550650750850951051151251351451551651751851952052152252352452552652752852953053153253353453553653753853954054154254354454554654754854955055155255355455555655755855956056156256356456556656756856957057157257357457557657757857958058158258358458558658758858959059159259359459559659759859960060160260360460560660760860961061161261361461561661761861962062162262362462562662762862963063163263363463563663763863964064164264364464564664764864965065165265365465565665765865966066166266366466566666766866967067167267367467567667767867968068168268368468568668768868969069169269369469569669769869970070170270370470570670770870971071171271371471571671771871972072172272372472572672772872973073173273373473573673773873974074174274374474574674774874975075175275375475575675775875976076176276376476576676776876977077177277377477577677777877978078178278378478578678778878979079179279379479579679779879980080180280380480580680780880981081181281381481581681781881982082182282382482582682782882983083183283383483583683783883984084184284384484584684784884985085185285385485585685785885986086186286386486586686786886987087187287387487587687787887988088188288388488588688788888989089189289389489589689789889990090190290390490590690790890991091191291391491591691791891992092192292392492592692792892993093193293393493593693793893994094194294394494594694794894995095195295395495595695795895996096196296396496596696796896997097197297397497597697797897998098198298398498598698798898999099199299399499599699799899910001001100210031004100510061007100810091010101110121013101410151016101710181019102010211022102310241025102610271028102910301031103210331034103510361037103810391040104110421043104410451046104710481049105010511052105310541055105610571058105910601061106210631064106510661067106810691070107110721073107410751076107710781079108010811082108310841085108610871088108910901091109210931094109510961097109810991100110111021103110411051106110711081109111011111112111311141115111611171118111911201121112211231124112511261127112811291130113111321133113411351136113711381139114011411142114311441145114611471148114911501151115211531154115511561157115811591160116111621163116411651166116711681169117011711172117311741175117611771178117911801181118211831184118511861187118811891190119111921193119411951196119711981199120012011202120312041205120612071208120912101211121212131214121512161217121812191220122112221223122412251226122712281229123012311232123312341235123612371238123912401241124212431244124512461247124812491250125112521253125412551256125712581259126012611262126312641265126612671268126912701271127212731274127512761277127812791280128112821283128412851286128712881289129012911292129312941295129612971298129913001301130213031304130513061307130813091310131113121313131413151316131713181319132013211322132313241325132613271328132913301331133213331334133513361337133813391340134113421343134413451346134713481349135013511352135313541355135613571358135913601361136213631364136513661367136813691370137113721373137413751376137713781379138013811382138313841385138613871388138913901391139213931394139513961397139813991400140114021403140414051406140714081409141014111412141314141415141614171418141914201421142214231424142514261427142814291430143114321433143414351436143714381439144014411442144314441445144614471448144914501451145214531454145514561457145814591460146114621463146414651466146714681469147014711472147314741475147614771478147914801481148214831484148514861487148814891490149114921493149414951496149714981499150015011502150315041505150615071508150915101511151215131514151515161517151815191520152115221523152415251526152715281529153015311532153315341535153615371538153915401541154215431544154515461547154815491550155115521553155415551556155715581559156015611562156315641565156615671568156915701571157215731574157515761577157815791580158115821583158415851586158715881589159015911592159315941595159615971598159916001601160216031604160516061607160816091610161116121613161416151616161716181619162016211622162316241625162616271628162916301631163216331634163516361637163816391640164116421643164416451646164716481649165016511652165316541655165616571658165916601661166216631664166516661667166816691670167116721673167416751676167716781679168016811682168316841685168616871688168916901691169216931694169516961697169816991700170117021703170417051706170717081709171017111712171317141715
  1. package router
  2. import (
  3. "net/http"
  4. "os"
  5. "path"
  6. "strings"
  7. "time"
  8. "github.com/go-chi/chi"
  9. "github.com/go-chi/chi/middleware"
  10. "github.com/porter-dev/porter/internal/auth/token"
  11. "github.com/porter-dev/porter/server/api"
  12. mw "github.com/porter-dev/porter/server/middleware"
  13. "github.com/porter-dev/porter/server/middleware/requestlog"
  14. "golang.org/x/oauth2"
  15. )
  16. // New creates a new Chi router instance and registers all routes supported by the
  17. // API
  18. func New(a *api.App) *chi.Mux {
  19. l := a.Logger
  20. r := chi.NewRouter()
  21. var ghAppConf *oauth2.Config
  22. if a.GithubAppConf != nil {
  23. ghAppConf = &a.GithubAppConf.Config
  24. }
  25. auth := mw.NewAuth(a.Store, a.ServerConf.CookieName, &token.TokenGeneratorConf{
  26. TokenSecret: a.ServerConf.TokenGeneratorSecret,
  27. }, a.Repo, ghAppConf)
  28. r.Route("/api", func(r chi.Router) {
  29. r.Use(mw.ContentTypeJSON)
  30. // Group for default operations with 10s timeout
  31. r.Group(func(r chi.Router) {
  32. r.Use(middleware.Timeout(10 * time.Second))
  33. // health checks
  34. r.Method("GET", "/livez", http.HandlerFunc(a.HandleLive))
  35. r.Method("GET", "/readyz", http.HandlerFunc(a.HandleReady))
  36. // /api/users routes
  37. r.Method(
  38. "GET",
  39. "/users/{user_id}",
  40. auth.DoesUserIDMatch(
  41. requestlog.NewHandler(a.HandleReadUser, l),
  42. mw.URLParam,
  43. ),
  44. )
  45. r.Method(
  46. "GET",
  47. "/users/{user_id}/projects",
  48. auth.DoesUserIDMatch(
  49. requestlog.NewHandler(a.HandleListUserProjects, l),
  50. mw.URLParam,
  51. ),
  52. )
  53. // only allow basic create user or basic login if BasicLogin feature is set
  54. if a.Capabilities.BasicLogin {
  55. r.Method(
  56. "POST",
  57. "/users",
  58. requestlog.NewHandler(a.HandleCreateUser, l),
  59. )
  60. r.Method(
  61. "POST",
  62. "/login",
  63. requestlog.NewHandler(a.HandleLoginUser, l),
  64. )
  65. }
  66. r.Method(
  67. "DELETE",
  68. "/users/{user_id}",
  69. auth.DoesUserIDMatch(
  70. requestlog.NewHandler(a.HandleDeleteUser, l),
  71. mw.URLParam,
  72. ),
  73. )
  74. r.Method(
  75. "GET",
  76. "/cli/login",
  77. auth.BasicAuthenticateWithRedirect(
  78. requestlog.NewHandler(a.HandleCLILoginUser, l),
  79. ),
  80. )
  81. r.Method(
  82. "GET",
  83. "/cli/login/exchange",
  84. requestlog.NewHandler(a.HandleCLILoginExchangeToken, l),
  85. )
  86. r.Method(
  87. "GET",
  88. "/auth/check",
  89. auth.BasicAuthenticate(
  90. requestlog.NewHandler(a.HandleAuthCheck, l),
  91. ),
  92. )
  93. r.Method(
  94. "POST",
  95. "/logout",
  96. auth.BasicAuthenticate(
  97. requestlog.NewHandler(a.HandleLogoutUser, l),
  98. ),
  99. )
  100. r.Method(
  101. "POST",
  102. "/email/verify/initiate",
  103. auth.BasicAuthenticate(
  104. requestlog.NewHandler(a.InitiateEmailVerifyUser, l),
  105. ),
  106. )
  107. r.Method(
  108. "GET",
  109. "/email/verify/finalize",
  110. auth.BasicAuthenticateWithRedirect(
  111. requestlog.NewHandler(a.FinalizEmailVerifyUser, l),
  112. ),
  113. )
  114. r.Method(
  115. "POST",
  116. "/password/reset/initiate",
  117. requestlog.NewHandler(a.InitiatePWResetUser, l),
  118. )
  119. r.Method(
  120. "POST",
  121. "/password/reset/verify",
  122. requestlog.NewHandler(a.VerifyPWResetUser, l),
  123. )
  124. r.Method(
  125. "POST",
  126. "/password/reset/finalize",
  127. requestlog.NewHandler(a.FinalizPWResetUser, l),
  128. )
  129. // /api/integrations routes
  130. r.Method(
  131. "GET",
  132. "/integrations/cluster",
  133. auth.BasicAuthenticate(
  134. requestlog.NewHandler(a.HandleListClusterIntegrations, l),
  135. ),
  136. )
  137. r.Method(
  138. "GET",
  139. "/integrations/registry",
  140. auth.BasicAuthenticate(
  141. requestlog.NewHandler(a.HandleListRegistryIntegrations, l),
  142. ),
  143. )
  144. r.Method(
  145. "GET",
  146. "/integrations/helm",
  147. auth.BasicAuthenticate(
  148. requestlog.NewHandler(a.HandleListHelmRepoIntegrations, l),
  149. ),
  150. )
  151. r.Method(
  152. "GET",
  153. "/integrations/repo",
  154. auth.BasicAuthenticate(
  155. requestlog.NewHandler(a.HandleListRepoIntegrations, l),
  156. ),
  157. )
  158. r.Method(
  159. "POST",
  160. "/integrations/github-app/webhook",
  161. requestlog.NewHandler(a.HandleGithubAppEvent, l),
  162. )
  163. r.Method(
  164. "GET",
  165. "/integrations/github-app/authorize",
  166. requestlog.NewHandler(a.HandleGithubAppAuthorize, l),
  167. )
  168. r.Method(
  169. "GET",
  170. "/integrations/github-app/oauth",
  171. requestlog.NewHandler(a.HandleGithubAppOauthInit, l),
  172. )
  173. r.Method(
  174. "GET",
  175. "/integrations/github-app/install",
  176. requestlog.NewHandler(a.HandleGithubAppInstall, l),
  177. )
  178. r.Method(
  179. "GET",
  180. "/integrations/github-app/access",
  181. auth.BasicAuthenticate(
  182. requestlog.NewHandler(a.HandleListGithubAppAccess, l),
  183. ),
  184. )
  185. // /api/templates routes
  186. r.Method(
  187. "GET",
  188. "/templates",
  189. auth.BasicAuthenticate(
  190. requestlog.NewHandler(a.HandleListTemplates, l),
  191. ),
  192. )
  193. r.Method(
  194. "GET",
  195. "/templates/{name}/{version}",
  196. auth.BasicAuthenticate(
  197. requestlog.NewHandler(a.HandleReadTemplate, l),
  198. ),
  199. )
  200. // /api/oauth routes
  201. r.Method(
  202. "GET",
  203. "/oauth/projects/{project_id}/github",
  204. auth.DoesUserHaveProjectAccess(
  205. requestlog.NewHandler(a.HandleGithubOAuthStartProject, l),
  206. mw.URLParam,
  207. mw.WriteAccess,
  208. ),
  209. )
  210. r.Method(
  211. "GET",
  212. "/oauth/login/github",
  213. requestlog.NewHandler(a.HandleGithubOAuthStartUser, l),
  214. )
  215. r.Method(
  216. "GET",
  217. "/oauth/github/callback",
  218. requestlog.NewHandler(a.HandleGithubOAuthCallback, l),
  219. )
  220. r.Method(
  221. "GET",
  222. "/oauth/github-app/callback",
  223. requestlog.NewHandler(a.HandleGithubAppOAuthCallback, l),
  224. )
  225. r.Method(
  226. "GET",
  227. "/oauth/login/google",
  228. requestlog.NewHandler(a.HandleGoogleStartUser, l),
  229. )
  230. r.Method(
  231. "GET",
  232. "/oauth/google/callback",
  233. requestlog.NewHandler(a.HandleGoogleOAuthCallback, l),
  234. )
  235. r.Method(
  236. "GET",
  237. "/oauth/projects/{project_id}/digitalocean",
  238. auth.DoesUserHaveProjectAccess(
  239. requestlog.NewHandler(a.HandleDOOAuthStartProject, l),
  240. mw.URLParam,
  241. mw.WriteAccess,
  242. ),
  243. )
  244. r.Method(
  245. "GET",
  246. "/oauth/digitalocean/callback",
  247. requestlog.NewHandler(a.HandleDOOAuthCallback, l),
  248. )
  249. // /api/projects routes
  250. r.Method(
  251. "GET",
  252. "/projects/{project_id}",
  253. auth.DoesUserHaveProjectAccess(
  254. requestlog.NewHandler(a.HandleReadProject, l),
  255. mw.URLParam,
  256. mw.ReadAccess,
  257. ),
  258. )
  259. r.Method(
  260. "GET",
  261. "/projects/{project_id}/policy",
  262. auth.DoesUserHaveProjectAccess(
  263. requestlog.NewHandler(a.HandleReadProjectPolicy, l),
  264. mw.URLParam,
  265. mw.ReadAccess,
  266. ),
  267. )
  268. r.Method(
  269. "GET",
  270. "/projects/{project_id}/roles",
  271. auth.DoesUserHaveProjectAccess(
  272. requestlog.NewHandler(a.HandleGetProjectRoles, l),
  273. mw.URLParam,
  274. mw.AdminAccess,
  275. ),
  276. )
  277. r.Method(
  278. "GET",
  279. "/projects/{project_id}/collaborators",
  280. auth.DoesUserHaveProjectAccess(
  281. requestlog.NewHandler(a.HandleListProjectCollaborators, l),
  282. mw.URLParam,
  283. mw.AdminAccess,
  284. ),
  285. )
  286. r.Method(
  287. "POST",
  288. "/projects/{project_id}/roles/{user_id}",
  289. auth.DoesUserHaveProjectAccess(
  290. requestlog.NewHandler(a.HandleUpdateProjectRole, l),
  291. mw.URLParam,
  292. mw.AdminAccess,
  293. ),
  294. )
  295. r.Method(
  296. "POST",
  297. "/projects",
  298. auth.BasicAuthenticate(
  299. requestlog.NewHandler(a.HandleCreateProject, l),
  300. ),
  301. )
  302. r.Method(
  303. "DELETE",
  304. "/projects/{project_id}",
  305. auth.DoesUserHaveProjectAccess(
  306. requestlog.NewHandler(a.HandleDeleteProject, l),
  307. mw.URLParam,
  308. mw.AdminAccess,
  309. ),
  310. )
  311. r.Method(
  312. "DELETE",
  313. "/projects/{project_id}/roles/{user_id}",
  314. auth.DoesUserHaveProjectAccess(
  315. requestlog.NewHandler(a.HandleDeleteProjectRole, l),
  316. mw.URLParam,
  317. mw.AdminAccess,
  318. ),
  319. )
  320. // /api/projects/{project_id}/ci routes
  321. r.Method(
  322. "POST",
  323. "/projects/{project_id}/ci/actions",
  324. auth.DoesUserHaveProjectAccess(
  325. auth.DoesUserHaveClusterAccess(
  326. requestlog.NewHandler(a.HandleCreateGitAction, l),
  327. mw.URLParam,
  328. mw.QueryParam,
  329. ),
  330. mw.URLParam,
  331. mw.WriteAccess,
  332. ),
  333. )
  334. // /api/projects/{project_id}/invites routes
  335. r.Method(
  336. "POST",
  337. "/projects/{project_id}/invites",
  338. auth.DoesUserHaveProjectAccess(
  339. requestlog.NewHandler(a.HandleCreateInvite, l),
  340. mw.URLParam,
  341. mw.AdminAccess,
  342. ),
  343. )
  344. r.Method(
  345. "GET",
  346. "/projects/{project_id}/invites",
  347. auth.DoesUserHaveProjectAccess(
  348. requestlog.NewHandler(a.HandleListProjectInvites, l),
  349. mw.URLParam,
  350. mw.AdminAccess,
  351. ),
  352. )
  353. r.Method(
  354. "GET",
  355. "/projects/{project_id}/invites/{token}",
  356. auth.BasicAuthenticateWithRedirect(
  357. requestlog.NewHandler(a.HandleAcceptInvite, l),
  358. ),
  359. )
  360. r.Method(
  361. "POST",
  362. "/projects/{project_id}/invites/{invite_id}",
  363. auth.DoesUserHaveProjectAccess(
  364. auth.DoesUserHaveInviteAccess(
  365. requestlog.NewHandler(a.HandleUpdateInviteRole, l),
  366. mw.URLParam,
  367. mw.URLParam,
  368. ),
  369. mw.URLParam,
  370. mw.AdminAccess,
  371. ),
  372. )
  373. r.Method(
  374. "DELETE",
  375. "/projects/{project_id}/invites/{invite_id}",
  376. auth.DoesUserHaveProjectAccess(
  377. auth.DoesUserHaveInviteAccess(
  378. requestlog.NewHandler(a.HandleDeleteProjectInvite, l),
  379. mw.URLParam,
  380. mw.URLParam,
  381. ),
  382. mw.URLParam,
  383. mw.AdminAccess,
  384. ),
  385. )
  386. // /api/projects/{project_id}/infra routes
  387. r.Method(
  388. "GET",
  389. "/projects/{project_id}/infra",
  390. auth.DoesUserHaveProjectAccess(
  391. requestlog.NewHandler(a.HandleListProjectInfra, l),
  392. mw.URLParam,
  393. mw.ReadAccess,
  394. ),
  395. )
  396. // /api/projects/{project_id}/provision routes
  397. r.Method(
  398. "POST",
  399. "/projects/{project_id}/provision/test",
  400. auth.DoesUserHaveProjectAccess(
  401. requestlog.NewHandler(a.HandleProvisionTestInfra, l),
  402. mw.URLParam,
  403. mw.WriteAccess,
  404. ),
  405. )
  406. r.Method(
  407. "POST",
  408. "/projects/{project_id}/provision/ecr",
  409. auth.DoesUserHaveProjectAccess(
  410. auth.DoesUserHaveAWSIntegrationAccess(
  411. requestlog.NewHandler(a.HandleProvisionAWSECRInfra, l),
  412. mw.URLParam,
  413. mw.BodyParam,
  414. false,
  415. ),
  416. mw.URLParam,
  417. mw.WriteAccess,
  418. ),
  419. )
  420. r.Method(
  421. "POST",
  422. "/projects/{project_id}/provision/eks",
  423. auth.DoesUserHaveProjectAccess(
  424. auth.DoesUserHaveAWSIntegrationAccess(
  425. requestlog.NewHandler(a.HandleProvisionAWSEKSInfra, l),
  426. mw.URLParam,
  427. mw.BodyParam,
  428. false,
  429. ),
  430. mw.URLParam,
  431. mw.WriteAccess,
  432. ),
  433. )
  434. r.Method(
  435. "POST",
  436. "/projects/{project_id}/provision/gcr",
  437. auth.DoesUserHaveProjectAccess(
  438. auth.DoesUserHaveGCPIntegrationAccess(
  439. requestlog.NewHandler(a.HandleProvisionGCPGCRInfra, l),
  440. mw.URLParam,
  441. mw.BodyParam,
  442. false,
  443. ),
  444. mw.URLParam,
  445. mw.WriteAccess,
  446. ),
  447. )
  448. r.Method(
  449. "POST",
  450. "/projects/{project_id}/provision/gke",
  451. auth.DoesUserHaveProjectAccess(
  452. auth.DoesUserHaveGCPIntegrationAccess(
  453. requestlog.NewHandler(a.HandleProvisionGCPGKEInfra, l),
  454. mw.URLParam,
  455. mw.BodyParam,
  456. false,
  457. ),
  458. mw.URLParam,
  459. mw.WriteAccess,
  460. ),
  461. )
  462. r.Method(
  463. "POST",
  464. "/projects/{project_id}/provision/docr",
  465. auth.DoesUserHaveProjectAccess(
  466. auth.DoesUserHaveDOIntegrationAccess(
  467. requestlog.NewHandler(a.HandleProvisionDODOCRInfra, l),
  468. mw.URLParam,
  469. mw.BodyParam,
  470. false,
  471. ),
  472. mw.URLParam,
  473. mw.WriteAccess,
  474. ),
  475. )
  476. r.Method(
  477. "POST",
  478. "/projects/{project_id}/provision/doks",
  479. auth.DoesUserHaveProjectAccess(
  480. auth.DoesUserHaveDOIntegrationAccess(
  481. requestlog.NewHandler(a.HandleProvisionDODOKSInfra, l),
  482. mw.URLParam,
  483. mw.BodyParam,
  484. false,
  485. ),
  486. mw.URLParam,
  487. mw.WriteAccess,
  488. ),
  489. )
  490. r.Method(
  491. "GET",
  492. "/projects/{project_id}/provision/{kind}/{infra_id}/logs",
  493. auth.DoesUserHaveProjectAccess(
  494. auth.DoesUserHaveInfraAccess(
  495. requestlog.NewHandler(a.HandleGetProvisioningLogs, l),
  496. mw.URLParam,
  497. mw.URLParam,
  498. ),
  499. mw.URLParam,
  500. mw.ReadAccess,
  501. ),
  502. )
  503. r.Method(
  504. "POST",
  505. "/projects/{project_id}/infra/{infra_id}/ecr/destroy",
  506. auth.DoesUserHaveProjectAccess(
  507. auth.DoesUserHaveInfraAccess(
  508. requestlog.NewHandler(a.HandleDestroyAWSECRInfra, l),
  509. mw.URLParam,
  510. mw.URLParam,
  511. ),
  512. mw.URLParam,
  513. mw.WriteAccess,
  514. ),
  515. )
  516. r.Method(
  517. "POST",
  518. "/projects/{project_id}/infra/{infra_id}/test/destroy",
  519. auth.DoesUserHaveProjectAccess(
  520. auth.DoesUserHaveInfraAccess(
  521. requestlog.NewHandler(a.HandleDestroyTestInfra, l),
  522. mw.URLParam,
  523. mw.URLParam,
  524. ),
  525. mw.URLParam,
  526. mw.WriteAccess,
  527. ),
  528. )
  529. r.Method(
  530. "POST",
  531. "/projects/{project_id}/infra/{infra_id}/eks/destroy",
  532. auth.DoesUserHaveProjectAccess(
  533. auth.DoesUserHaveInfraAccess(
  534. requestlog.NewHandler(a.HandleDestroyAWSEKSInfra, l),
  535. mw.URLParam,
  536. mw.URLParam,
  537. ),
  538. mw.URLParam,
  539. mw.WriteAccess,
  540. ),
  541. )
  542. r.Method(
  543. "POST",
  544. "/projects/{project_id}/infra/{infra_id}/gke/destroy",
  545. auth.DoesUserHaveProjectAccess(
  546. auth.DoesUserHaveInfraAccess(
  547. requestlog.NewHandler(a.HandleDestroyGCPGKEInfra, l),
  548. mw.URLParam,
  549. mw.URLParam,
  550. ),
  551. mw.URLParam,
  552. mw.WriteAccess,
  553. ),
  554. )
  555. r.Method(
  556. "POST",
  557. "/projects/{project_id}/infra/{infra_id}/docr/destroy",
  558. auth.DoesUserHaveProjectAccess(
  559. auth.DoesUserHaveInfraAccess(
  560. requestlog.NewHandler(a.HandleDestroyDODOCRInfra, l),
  561. mw.URLParam,
  562. mw.URLParam,
  563. ),
  564. mw.URLParam,
  565. mw.WriteAccess,
  566. ),
  567. )
  568. r.Method(
  569. "POST",
  570. "/projects/{project_id}/infra/{infra_id}/doks/destroy",
  571. auth.DoesUserHaveProjectAccess(
  572. auth.DoesUserHaveInfraAccess(
  573. requestlog.NewHandler(a.HandleDestroyDODOKSInfra, l),
  574. mw.URLParam,
  575. mw.URLParam,
  576. ),
  577. mw.URLParam,
  578. mw.WriteAccess,
  579. ),
  580. )
  581. // /api/projects/{project_id}/clusters routes
  582. r.Method(
  583. "GET",
  584. "/projects/{project_id}/clusters",
  585. auth.DoesUserHaveProjectAccess(
  586. requestlog.NewHandler(a.HandleListProjectClusters, l),
  587. mw.URLParam,
  588. mw.ReadAccess,
  589. ),
  590. )
  591. r.Method(
  592. "POST",
  593. "/projects/{project_id}/clusters",
  594. auth.DoesUserHaveProjectAccess(
  595. auth.DoesUserHaveAWSIntegrationAccess(
  596. auth.DoesUserHaveGCPIntegrationAccess(
  597. requestlog.NewHandler(a.HandleCreateProjectCluster, l),
  598. mw.URLParam,
  599. mw.BodyParam,
  600. true,
  601. ),
  602. mw.URLParam,
  603. mw.BodyParam,
  604. true,
  605. ),
  606. mw.URLParam,
  607. mw.WriteAccess,
  608. ),
  609. )
  610. r.Method(
  611. "GET",
  612. "/projects/{project_id}/clusters/{cluster_id}",
  613. auth.DoesUserHaveProjectAccess(
  614. auth.DoesUserHaveClusterAccess(
  615. requestlog.NewHandler(a.HandleReadProjectCluster, l),
  616. mw.URLParam,
  617. mw.URLParam,
  618. ),
  619. mw.URLParam,
  620. mw.ReadAccess,
  621. ),
  622. )
  623. r.Method(
  624. "GET",
  625. "/projects/{project_id}/clusters/{cluster_id}/nodes",
  626. auth.DoesUserHaveProjectAccess(
  627. auth.DoesUserHaveClusterAccess(
  628. requestlog.NewHandler(a.HandleListNodes, l),
  629. mw.URLParam,
  630. mw.URLParam,
  631. ),
  632. mw.URLParam,
  633. mw.ReadAccess,
  634. ),
  635. )
  636. r.Method(
  637. "GET",
  638. "/projects/{project_id}/clusters/{cluster_id}/node/{node_name}",
  639. auth.DoesUserHaveProjectAccess(
  640. auth.DoesUserHaveClusterAccess(
  641. requestlog.NewHandler(a.HandleGetNode, l),
  642. mw.URLParam,
  643. mw.URLParam,
  644. ),
  645. mw.URLParam,
  646. mw.ReadAccess,
  647. ),
  648. )
  649. r.Method(
  650. "POST",
  651. "/projects/{project_id}/clusters/{cluster_id}",
  652. auth.DoesUserHaveProjectAccess(
  653. auth.DoesUserHaveClusterAccess(
  654. requestlog.NewHandler(a.HandleUpdateProjectCluster, l),
  655. mw.URLParam,
  656. mw.URLParam,
  657. ),
  658. mw.URLParam,
  659. mw.WriteAccess,
  660. ),
  661. )
  662. r.Method(
  663. "DELETE",
  664. "/projects/{project_id}/clusters/{cluster_id}",
  665. auth.DoesUserHaveProjectAccess(
  666. auth.DoesUserHaveClusterAccess(
  667. requestlog.NewHandler(a.HandleDeleteProjectCluster, l),
  668. mw.URLParam,
  669. mw.URLParam,
  670. ),
  671. mw.URLParam,
  672. mw.WriteAccess,
  673. ),
  674. )
  675. // /api/projects/{project_id}/clusters/candidates routes
  676. r.Method(
  677. "POST",
  678. "/projects/{project_id}/clusters/candidates",
  679. auth.DoesUserHaveProjectAccess(
  680. requestlog.NewHandler(a.HandleCreateProjectClusterCandidates, l),
  681. mw.URLParam,
  682. mw.WriteAccess,
  683. ),
  684. )
  685. r.Method(
  686. "GET",
  687. "/projects/{project_id}/clusters/candidates",
  688. auth.DoesUserHaveProjectAccess(
  689. requestlog.NewHandler(a.HandleListProjectClusterCandidates, l),
  690. mw.URLParam,
  691. mw.WriteAccess,
  692. ),
  693. )
  694. r.Method(
  695. "POST",
  696. "/projects/{project_id}/clusters/candidates/{candidate_id}/resolve",
  697. auth.DoesUserHaveProjectAccess(
  698. requestlog.NewHandler(a.HandleResolveClusterCandidate, l),
  699. mw.URLParam,
  700. mw.WriteAccess,
  701. ),
  702. )
  703. // /api/projects/{project_id}/integrations routes
  704. r.Method(
  705. "POST",
  706. "/projects/{project_id}/integrations/gcp",
  707. auth.DoesUserHaveProjectAccess(
  708. requestlog.NewHandler(a.HandleCreateGCPIntegration, l),
  709. mw.URLParam,
  710. mw.WriteAccess,
  711. ),
  712. )
  713. r.Method(
  714. "POST",
  715. "/projects/{project_id}/integrations/aws",
  716. auth.DoesUserHaveProjectAccess(
  717. requestlog.NewHandler(a.HandleCreateAWSIntegration, l),
  718. mw.URLParam,
  719. mw.WriteAccess,
  720. ),
  721. )
  722. r.Method(
  723. "POST",
  724. "/projects/{project_id}/integrations/aws/{aws_integration_id}/overwrite",
  725. auth.DoesUserHaveProjectAccess(
  726. auth.DoesUserHaveClusterAccess(
  727. auth.DoesUserHaveAWSIntegrationAccess(
  728. requestlog.NewHandler(a.HandleOverwriteAWSIntegration, l),
  729. mw.URLParam,
  730. mw.URLParam,
  731. false,
  732. ),
  733. mw.URLParam,
  734. mw.QueryParam,
  735. ),
  736. mw.URLParam,
  737. mw.WriteAccess,
  738. ),
  739. )
  740. r.Method(
  741. "POST",
  742. "/projects/{project_id}/integrations/basic",
  743. auth.DoesUserHaveProjectAccess(
  744. requestlog.NewHandler(a.HandleCreateBasicAuthIntegration, l),
  745. mw.URLParam,
  746. mw.WriteAccess,
  747. ),
  748. )
  749. r.Method(
  750. "GET",
  751. "/projects/{project_id}/integrations/oauth",
  752. auth.DoesUserHaveProjectAccess(
  753. requestlog.NewHandler(a.HandleListProjectOAuthIntegrations, l),
  754. mw.URLParam,
  755. mw.WriteAccess,
  756. ),
  757. )
  758. // /api/projects/{project_id}/helmrepos routes
  759. r.Method(
  760. "POST",
  761. "/projects/{project_id}/helmrepos",
  762. auth.DoesUserHaveProjectAccess(
  763. auth.DoesUserHaveAWSIntegrationAccess(
  764. auth.DoesUserHaveGCPIntegrationAccess(
  765. requestlog.NewHandler(a.HandleCreateHelmRepo, l),
  766. mw.URLParam,
  767. mw.BodyParam,
  768. true,
  769. ),
  770. mw.URLParam,
  771. mw.BodyParam,
  772. true,
  773. ),
  774. mw.URLParam,
  775. mw.WriteAccess,
  776. ),
  777. )
  778. r.Method(
  779. "GET",
  780. "/projects/{project_id}/helmrepos",
  781. auth.DoesUserHaveProjectAccess(
  782. requestlog.NewHandler(a.HandleListProjectHelmRepos, l),
  783. mw.URLParam,
  784. mw.ReadAccess,
  785. ),
  786. )
  787. r.Method(
  788. "GET",
  789. "/projects/{project_id}/helmrepos/{helm_id}/charts",
  790. auth.DoesUserHaveProjectAccess(
  791. requestlog.NewHandler(a.HandleListHelmRepoCharts, l),
  792. mw.URLParam,
  793. mw.ReadAccess,
  794. ),
  795. )
  796. // /api/projects/{project_id}/registries routes
  797. r.Method(
  798. "POST",
  799. "/projects/{project_id}/registries",
  800. auth.DoesUserHaveProjectAccess(
  801. auth.DoesUserHaveAWSIntegrationAccess(
  802. auth.DoesUserHaveGCPIntegrationAccess(
  803. auth.DoesUserHaveDOIntegrationAccess(
  804. requestlog.NewHandler(a.HandleCreateRegistry, l),
  805. mw.URLParam,
  806. mw.BodyParam,
  807. true,
  808. ),
  809. mw.URLParam,
  810. mw.BodyParam,
  811. true,
  812. ),
  813. mw.URLParam,
  814. mw.BodyParam,
  815. true,
  816. ),
  817. mw.URLParam,
  818. mw.WriteAccess,
  819. ),
  820. )
  821. r.Method(
  822. "GET",
  823. "/projects/{project_id}/registries",
  824. auth.DoesUserHaveProjectAccess(
  825. requestlog.NewHandler(a.HandleListProjectRegistries, l),
  826. mw.URLParam,
  827. mw.ReadAccess,
  828. ),
  829. )
  830. r.Method(
  831. "POST",
  832. "/projects/{project_id}/registries/{registry_id}",
  833. auth.DoesUserHaveProjectAccess(
  834. auth.DoesUserHaveRegistryAccess(
  835. requestlog.NewHandler(a.HandleUpdateProjectRegistry, l),
  836. mw.URLParam,
  837. mw.URLParam,
  838. ),
  839. mw.URLParam,
  840. mw.ReadAccess,
  841. ),
  842. )
  843. r.Method(
  844. "POST",
  845. "/projects/{project_id}/registries/{registry_id}/repository",
  846. auth.DoesUserHaveProjectAccess(
  847. auth.DoesUserHaveRegistryAccess(
  848. requestlog.NewHandler(a.HandleCreateRepository, l),
  849. mw.URLParam,
  850. mw.URLParam,
  851. ),
  852. mw.URLParam,
  853. mw.WriteAccess,
  854. ),
  855. )
  856. r.Method(
  857. "GET",
  858. "/projects/{project_id}/registries/ecr/{region}/token",
  859. auth.DoesUserHaveProjectAccess(
  860. requestlog.NewHandler(a.HandleGetProjectRegistryECRToken, l),
  861. mw.URLParam,
  862. mw.WriteAccess,
  863. ),
  864. )
  865. r.Method(
  866. "GET",
  867. "/projects/{project_id}/registries/gcr/token",
  868. auth.DoesUserHaveProjectAccess(
  869. requestlog.NewHandler(a.HandleGetProjectRegistryGCRToken, l),
  870. mw.URLParam,
  871. mw.WriteAccess,
  872. ),
  873. )
  874. r.Method(
  875. "GET",
  876. "/projects/{project_id}/registries/dockerhub/token",
  877. auth.DoesUserHaveProjectAccess(
  878. requestlog.NewHandler(a.HandleGetProjectRegistryDockerhubToken, l),
  879. mw.URLParam,
  880. mw.WriteAccess,
  881. ),
  882. )
  883. r.Method(
  884. "GET",
  885. "/projects/{project_id}/registries/docr/token",
  886. auth.DoesUserHaveProjectAccess(
  887. requestlog.NewHandler(a.HandleGetProjectRegistryDOCRToken, l),
  888. mw.URLParam,
  889. mw.WriteAccess,
  890. ),
  891. )
  892. r.Method(
  893. "DELETE",
  894. "/projects/{project_id}/registries/{registry_id}",
  895. auth.DoesUserHaveProjectAccess(
  896. auth.DoesUserHaveRegistryAccess(
  897. requestlog.NewHandler(a.HandleDeleteProjectRegistry, l),
  898. mw.URLParam,
  899. mw.URLParam,
  900. ),
  901. mw.URLParam,
  902. mw.WriteAccess,
  903. ),
  904. )
  905. // /api/projects/{project_id}/registries/{registry_id}/repositories routes
  906. r.Method(
  907. "GET",
  908. "/projects/{project_id}/registries/{registry_id}/repositories",
  909. auth.DoesUserHaveProjectAccess(
  910. auth.DoesUserHaveRegistryAccess(
  911. requestlog.NewHandler(a.HandleListRepositories, l),
  912. mw.URLParam,
  913. mw.URLParam,
  914. ),
  915. mw.URLParam,
  916. mw.WriteAccess,
  917. ),
  918. )
  919. r.Method(
  920. "GET",
  921. // * is the repo name, which can itself be nested
  922. // for example, for GCR this is project-id/repo
  923. // need to use wildcard, see https://github.com/go-chi/chi/issues/243
  924. "/projects/{project_id}/registries/{registry_id}/repositories/*",
  925. auth.DoesUserHaveProjectAccess(
  926. auth.DoesUserHaveRegistryAccess(
  927. requestlog.NewHandler(a.HandleListImages, l),
  928. mw.URLParam,
  929. mw.URLParam,
  930. ),
  931. mw.URLParam,
  932. mw.ReadAccess,
  933. ),
  934. )
  935. // /api/projects/{project_id}/releases routes
  936. r.Method(
  937. "GET",
  938. "/projects/{project_id}/releases",
  939. auth.DoesUserHaveProjectAccess(
  940. auth.DoesUserHaveClusterAccess(
  941. requestlog.NewHandler(a.HandleListReleases, l),
  942. mw.URLParam,
  943. mw.QueryParam,
  944. ),
  945. mw.URLParam,
  946. mw.ReadAccess,
  947. ),
  948. )
  949. r.Method(
  950. "GET",
  951. "/projects/{project_id}/releases/{name}/{revision}/components",
  952. auth.DoesUserHaveProjectAccess(
  953. auth.DoesUserHaveClusterAccess(
  954. requestlog.NewHandler(a.HandleGetReleaseComponents, l),
  955. mw.URLParam,
  956. mw.QueryParam,
  957. ),
  958. mw.URLParam,
  959. mw.ReadAccess,
  960. ),
  961. )
  962. r.Method(
  963. "GET",
  964. "/projects/{project_id}/releases/{name}/{revision}/controllers",
  965. auth.DoesUserHaveProjectAccess(
  966. auth.DoesUserHaveClusterAccess(
  967. requestlog.NewHandler(a.HandleGetReleaseControllers, l),
  968. mw.URLParam,
  969. mw.QueryParam,
  970. ),
  971. mw.URLParam,
  972. mw.ReadAccess,
  973. ),
  974. )
  975. r.Method(
  976. "GET",
  977. "/projects/{project_id}/releases/{name}/{revision}/pods/all",
  978. auth.DoesUserHaveProjectAccess(
  979. auth.DoesUserHaveClusterAccess(
  980. requestlog.NewHandler(a.HandleGetReleaseAllPods, l),
  981. mw.URLParam,
  982. mw.QueryParam,
  983. ),
  984. mw.URLParam,
  985. mw.ReadAccess,
  986. ),
  987. )
  988. r.Method(
  989. "GET",
  990. "/projects/{project_id}/releases/{name}/history",
  991. auth.DoesUserHaveProjectAccess(
  992. auth.DoesUserHaveClusterAccess(
  993. requestlog.NewHandler(a.HandleListReleaseHistory, l),
  994. mw.URLParam,
  995. mw.QueryParam,
  996. ),
  997. mw.URLParam,
  998. mw.ReadAccess,
  999. ),
  1000. )
  1001. r.Method(
  1002. "GET",
  1003. "/projects/{project_id}/releases/{name}/webhook_token",
  1004. auth.DoesUserHaveProjectAccess(
  1005. auth.DoesUserHaveClusterAccess(
  1006. requestlog.NewHandler(a.HandleGetReleaseToken, l),
  1007. mw.URLParam,
  1008. mw.QueryParam,
  1009. ),
  1010. mw.URLParam,
  1011. mw.ReadAccess,
  1012. ),
  1013. )
  1014. r.Method(
  1015. "POST",
  1016. "/projects/{project_id}/releases/{name}/webhook_token",
  1017. auth.DoesUserHaveProjectAccess(
  1018. auth.DoesUserHaveClusterAccess(
  1019. requestlog.NewHandler(a.HandleCreateWebhookToken, l),
  1020. mw.URLParam,
  1021. mw.QueryParam,
  1022. ),
  1023. mw.URLParam,
  1024. mw.WriteAccess,
  1025. ),
  1026. )
  1027. r.Method(
  1028. "GET",
  1029. "/projects/{project_id}/releases/{name}/{revision}",
  1030. auth.DoesUserHaveProjectAccess(
  1031. auth.DoesUserHaveClusterAccess(
  1032. requestlog.NewHandler(a.HandleGetRelease, l),
  1033. mw.URLParam,
  1034. mw.QueryParam,
  1035. ),
  1036. mw.URLParam,
  1037. mw.ReadAccess,
  1038. ),
  1039. )
  1040. // /api/projects/{project_id}/gitrepos routes
  1041. r.Method(
  1042. "GET",
  1043. "/projects/{project_id}/gitrepos",
  1044. auth.DoesUserHaveProjectAccess(
  1045. requestlog.NewHandler(a.HandleListProjectGitRepos, l),
  1046. mw.URLParam,
  1047. mw.ReadAccess,
  1048. ),
  1049. )
  1050. r.Method(
  1051. "GET",
  1052. "/projects/{project_id}/gitrepos/{installation_id}/repos",
  1053. auth.DoesUserHaveProjectAccess(
  1054. auth.DoesUserHaveGitInstallationAccess(
  1055. requestlog.NewHandler(a.HandleListRepos, l),
  1056. mw.URLParam,
  1057. ),
  1058. mw.URLParam,
  1059. mw.ReadAccess,
  1060. ),
  1061. )
  1062. r.Method(
  1063. "GET",
  1064. "/projects/{project_id}/gitrepos/{installation_id}/repos/{kind}/{owner}/{name}/branches",
  1065. auth.DoesUserHaveProjectAccess(
  1066. auth.DoesUserHaveGitInstallationAccess(
  1067. requestlog.NewHandler(a.HandleGetBranches, l),
  1068. mw.URLParam,
  1069. ),
  1070. mw.URLParam,
  1071. mw.ReadAccess,
  1072. ),
  1073. )
  1074. r.Method(
  1075. "GET",
  1076. "/projects/{project_id}/gitrepos/{installation_id}/repos/{kind}/{owner}/{name}/{branch}/buildpack/detect",
  1077. auth.DoesUserHaveProjectAccess(
  1078. auth.DoesUserHaveGitInstallationAccess(
  1079. requestlog.NewHandler(a.HandleDetectBuildpack, l),
  1080. mw.URLParam,
  1081. ),
  1082. mw.URLParam,
  1083. mw.ReadAccess,
  1084. ),
  1085. )
  1086. r.Method(
  1087. "GET",
  1088. "/projects/{project_id}/gitrepos/{installation_id}/repos/{kind}/{owner}/{name}/{branch}/contents",
  1089. auth.DoesUserHaveProjectAccess(
  1090. auth.DoesUserHaveGitInstallationAccess(
  1091. requestlog.NewHandler(a.HandleGetBranchContents, l),
  1092. mw.URLParam,
  1093. ),
  1094. mw.URLParam,
  1095. mw.ReadAccess,
  1096. ),
  1097. )
  1098. r.Method(
  1099. "GET",
  1100. "/projects/{project_id}/gitrepos/{installation_id}/repos/{kind}/{owner}/{name}/{branch}/procfile",
  1101. auth.DoesUserHaveProjectAccess(
  1102. auth.DoesUserHaveGitInstallationAccess(
  1103. requestlog.NewHandler(a.HandleGetProcfileContents, l),
  1104. mw.URLParam,
  1105. ),
  1106. mw.URLParam,
  1107. mw.ReadAccess,
  1108. ),
  1109. )
  1110. r.Method(
  1111. "GET",
  1112. "/projects/{project_id}/gitrepos/{installation_id}/repos/{kind}/{owner}/{name}/{branch}/tarball_url",
  1113. auth.DoesUserHaveProjectAccess(
  1114. auth.DoesUserHaveGitInstallationAccess(
  1115. requestlog.NewHandler(a.HandleGetRepoZIPDownloadURL, l),
  1116. mw.URLParam,
  1117. ),
  1118. mw.URLParam,
  1119. mw.ReadAccess,
  1120. ),
  1121. )
  1122. // /api/projects/{project_id}/k8s routes
  1123. r.Method(
  1124. "GET",
  1125. "/projects/{project_id}/k8s/namespaces",
  1126. auth.DoesUserHaveProjectAccess(
  1127. auth.DoesUserHaveClusterAccess(
  1128. requestlog.NewHandler(a.HandleListNamespaces, l),
  1129. mw.URLParam,
  1130. mw.QueryParam,
  1131. ),
  1132. mw.URLParam,
  1133. mw.ReadAccess,
  1134. ),
  1135. )
  1136. r.Method(
  1137. "POST",
  1138. "/projects/{project_id}/k8s/namespaces/create",
  1139. auth.DoesUserHaveProjectAccess(
  1140. auth.DoesUserHaveClusterAccess(
  1141. requestlog.NewHandler(a.HandleCreateNamespace, l),
  1142. mw.URLParam,
  1143. mw.QueryParam,
  1144. ),
  1145. mw.URLParam,
  1146. mw.ReadAccess,
  1147. ),
  1148. )
  1149. r.Method(
  1150. "DELETE",
  1151. "/projects/{project_id}/k8s/namespaces/delete",
  1152. auth.DoesUserHaveProjectAccess(
  1153. auth.DoesUserHaveClusterAccess(
  1154. requestlog.NewHandler(a.HandleDeleteNamespace, l),
  1155. mw.URLParam,
  1156. mw.QueryParam,
  1157. ),
  1158. mw.URLParam,
  1159. mw.ReadAccess,
  1160. ),
  1161. )
  1162. r.Method(
  1163. "GET",
  1164. "/projects/{project_id}/k8s/kubeconfig",
  1165. auth.DoesUserHaveProjectAccess(
  1166. auth.DoesUserHaveClusterAccess(
  1167. requestlog.NewHandler(a.HandleGetTemporaryKubeconfig, l),
  1168. mw.URLParam,
  1169. mw.QueryParam,
  1170. ),
  1171. mw.URLParam,
  1172. mw.WriteAccess,
  1173. ),
  1174. )
  1175. r.Method(
  1176. "GET",
  1177. "/projects/{project_id}/k8s/prometheus/detect",
  1178. auth.DoesUserHaveProjectAccess(
  1179. auth.DoesUserHaveClusterAccess(
  1180. requestlog.NewHandler(a.HandleDetectPrometheusInstalled, l),
  1181. mw.URLParam,
  1182. mw.QueryParam,
  1183. ),
  1184. mw.URLParam,
  1185. mw.ReadAccess,
  1186. ),
  1187. )
  1188. r.Method(
  1189. "GET",
  1190. "/projects/{project_id}/k8s/prometheus/ingresses",
  1191. auth.DoesUserHaveProjectAccess(
  1192. auth.DoesUserHaveClusterAccess(
  1193. requestlog.NewHandler(a.HandleListNGINXIngresses, l),
  1194. mw.URLParam,
  1195. mw.QueryParam,
  1196. ),
  1197. mw.URLParam,
  1198. mw.ReadAccess,
  1199. ),
  1200. )
  1201. r.Method(
  1202. "GET",
  1203. "/projects/{project_id}/k8s/metrics",
  1204. auth.DoesUserHaveProjectAccess(
  1205. auth.DoesUserHaveClusterAccess(
  1206. requestlog.NewHandler(a.HandleGetPodMetrics, l),
  1207. mw.URLParam,
  1208. mw.QueryParam,
  1209. ),
  1210. mw.URLParam,
  1211. mw.ReadAccess,
  1212. ),
  1213. )
  1214. r.Method(
  1215. "GET",
  1216. "/projects/{project_id}/k8s/{namespace}/pod/{name}/logs",
  1217. auth.DoesUserHaveProjectAccess(
  1218. auth.DoesUserHaveClusterAccess(
  1219. requestlog.NewHandler(a.HandleGetPodLogs, l),
  1220. mw.URLParam,
  1221. mw.QueryParam,
  1222. ),
  1223. mw.URLParam,
  1224. mw.ReadAccess,
  1225. ),
  1226. )
  1227. r.Method(
  1228. "GET",
  1229. "/projects/{project_id}/k8s/{namespace}/{chart}/{release_name}/jobs",
  1230. auth.DoesUserHaveProjectAccess(
  1231. auth.DoesUserHaveClusterAccess(
  1232. requestlog.NewHandler(a.HandleListJobsByChart, l),
  1233. mw.URLParam,
  1234. mw.QueryParam,
  1235. ),
  1236. mw.URLParam,
  1237. mw.ReadAccess,
  1238. ),
  1239. )
  1240. r.Method(
  1241. "GET",
  1242. "/projects/{project_id}/k8s/{namespace}/{name}/jobs/status",
  1243. auth.DoesUserHaveProjectAccess(
  1244. auth.DoesUserHaveClusterAccess(
  1245. requestlog.NewHandler(a.HandleGetJobStatus, l),
  1246. mw.URLParam,
  1247. mw.QueryParam,
  1248. ),
  1249. mw.URLParam,
  1250. mw.ReadAccess,
  1251. ),
  1252. )
  1253. r.Method(
  1254. "GET",
  1255. "/projects/{project_id}/k8s/jobs/{namespace}/{name}/pods",
  1256. auth.DoesUserHaveProjectAccess(
  1257. auth.DoesUserHaveClusterAccess(
  1258. requestlog.NewHandler(a.HandleListJobPods, l),
  1259. mw.URLParam,
  1260. mw.QueryParam,
  1261. ),
  1262. mw.URLParam,
  1263. mw.ReadAccess,
  1264. ),
  1265. )
  1266. r.Method(
  1267. "GET",
  1268. "/projects/{project_id}/k8s/{namespace}/ingress/{name}",
  1269. auth.DoesUserHaveProjectAccess(
  1270. auth.DoesUserHaveClusterAccess(
  1271. requestlog.NewHandler(a.HandleGetIngress, l),
  1272. mw.URLParam,
  1273. mw.QueryParam,
  1274. ),
  1275. mw.URLParam,
  1276. mw.ReadAccess,
  1277. ),
  1278. )
  1279. r.Method(
  1280. "GET",
  1281. "/projects/{project_id}/k8s/{kind}/status",
  1282. auth.DoesUserHaveProjectAccess(
  1283. auth.DoesUserHaveClusterAccess(
  1284. requestlog.NewHandler(a.HandleStreamControllerStatus, l),
  1285. mw.URLParam,
  1286. mw.QueryParam,
  1287. ),
  1288. mw.URLParam,
  1289. mw.ReadAccess,
  1290. ),
  1291. )
  1292. r.Method(
  1293. "GET",
  1294. "/projects/{project_id}/k8s/helm_releases",
  1295. auth.DoesUserHaveProjectAccess(
  1296. auth.DoesUserHaveClusterAccess(
  1297. requestlog.NewHandler(a.HandleStreamHelmReleases, l),
  1298. mw.URLParam,
  1299. mw.QueryParam,
  1300. ),
  1301. mw.URLParam,
  1302. mw.ReadAccess,
  1303. ),
  1304. )
  1305. r.Method(
  1306. "GET",
  1307. "/projects/{project_id}/k8s/pods",
  1308. auth.DoesUserHaveProjectAccess(
  1309. auth.DoesUserHaveClusterAccess(
  1310. requestlog.NewHandler(a.HandleListPods, l),
  1311. mw.URLParam,
  1312. mw.QueryParam,
  1313. ),
  1314. mw.URLParam,
  1315. mw.ReadAccess,
  1316. ),
  1317. )
  1318. r.Method(
  1319. "DELETE",
  1320. "/projects/{project_id}/k8s/pods/{namespace}/{name}",
  1321. auth.DoesUserHaveProjectAccess(
  1322. auth.DoesUserHaveClusterAccess(
  1323. requestlog.NewHandler(a.HandleDeletePod, l),
  1324. mw.URLParam,
  1325. mw.QueryParam,
  1326. ),
  1327. mw.URLParam,
  1328. mw.WriteAccess,
  1329. ),
  1330. )
  1331. r.Method(
  1332. "GET",
  1333. "/projects/{project_id}/k8s/pods/{namespace}/{name}/events/list",
  1334. auth.DoesUserHaveProjectAccess(
  1335. auth.DoesUserHaveClusterAccess(
  1336. requestlog.NewHandler(a.HandleListPodEvents, l),
  1337. mw.URLParam,
  1338. mw.QueryParam,
  1339. ),
  1340. mw.URLParam,
  1341. mw.ReadAccess,
  1342. ),
  1343. )
  1344. r.Method(
  1345. "POST",
  1346. "/projects/{project_id}/k8s/configmap/create",
  1347. auth.DoesUserHaveProjectAccess(
  1348. auth.DoesUserHaveClusterAccess(
  1349. requestlog.NewHandler(a.HandleCreateConfigMap, l),
  1350. mw.URLParam,
  1351. mw.QueryParam,
  1352. ),
  1353. mw.URLParam,
  1354. mw.WriteAccess,
  1355. ),
  1356. )
  1357. r.Method(
  1358. "DELETE",
  1359. "/projects/{project_id}/k8s/configmap/delete",
  1360. auth.DoesUserHaveProjectAccess(
  1361. auth.DoesUserHaveClusterAccess(
  1362. requestlog.NewHandler(a.HandleDeleteConfigMap, l),
  1363. mw.URLParam,
  1364. mw.QueryParam,
  1365. ),
  1366. mw.URLParam,
  1367. mw.WriteAccess,
  1368. ),
  1369. )
  1370. r.Method(
  1371. "GET",
  1372. "/projects/{project_id}/k8s/configmap",
  1373. auth.DoesUserHaveProjectAccess(
  1374. auth.DoesUserHaveClusterAccess(
  1375. requestlog.NewHandler(a.HandleGetConfigMap, l),
  1376. mw.URLParam,
  1377. mw.QueryParam,
  1378. ),
  1379. mw.URLParam,
  1380. mw.ReadAccess,
  1381. ),
  1382. )
  1383. r.Method(
  1384. "GET",
  1385. "/projects/{project_id}/k8s/configmap/list",
  1386. auth.DoesUserHaveProjectAccess(
  1387. auth.DoesUserHaveClusterAccess(
  1388. requestlog.NewHandler(a.HandleListConfigMaps, l),
  1389. mw.URLParam,
  1390. mw.QueryParam,
  1391. ),
  1392. mw.URLParam,
  1393. mw.ReadAccess,
  1394. ),
  1395. )
  1396. r.Method(
  1397. "POST",
  1398. "/projects/{project_id}/k8s/configmap/update",
  1399. auth.DoesUserHaveProjectAccess(
  1400. auth.DoesUserHaveClusterAccess(
  1401. requestlog.NewHandler(a.HandleUpdateConfigMap, l),
  1402. mw.URLParam,
  1403. mw.QueryParam,
  1404. ),
  1405. mw.URLParam,
  1406. mw.WriteAccess,
  1407. ),
  1408. )
  1409. r.Method(
  1410. "DELETE",
  1411. "/projects/{project_id}/k8s/jobs/{namespace}/{name}",
  1412. auth.DoesUserHaveProjectAccess(
  1413. auth.DoesUserHaveClusterAccess(
  1414. requestlog.NewHandler(a.HandleDeleteJob, l),
  1415. mw.URLParam,
  1416. mw.QueryParam,
  1417. ),
  1418. mw.URLParam,
  1419. mw.WriteAccess,
  1420. ),
  1421. )
  1422. r.Method(
  1423. "POST",
  1424. "/projects/{project_id}/k8s/jobs/{namespace}/{name}/stop",
  1425. auth.DoesUserHaveProjectAccess(
  1426. auth.DoesUserHaveClusterAccess(
  1427. requestlog.NewHandler(a.HandleStopJob, l),
  1428. mw.URLParam,
  1429. mw.QueryParam,
  1430. ),
  1431. mw.URLParam,
  1432. mw.WriteAccess,
  1433. ),
  1434. )
  1435. // /api/projects/{project_id}/subdomain routes
  1436. r.Method(
  1437. "POST",
  1438. "/projects/{project_id}/k8s/subdomain",
  1439. auth.DoesUserHaveProjectAccess(
  1440. auth.DoesUserHaveClusterAccess(
  1441. requestlog.NewHandler(a.HandleCreateDNSRecord, l),
  1442. mw.URLParam,
  1443. mw.QueryParam,
  1444. ),
  1445. mw.URLParam,
  1446. mw.WriteAccess,
  1447. ),
  1448. )
  1449. // capabilities
  1450. r.Method(
  1451. "GET",
  1452. "/capabilities",
  1453. http.HandlerFunc(a.HandleGetCapabilities),
  1454. )
  1455. // /api/projects/{project_id}/deploy routes
  1456. r.Method(
  1457. "POST",
  1458. "/projects/{project_id}/deploy/{name}/{version}",
  1459. auth.DoesUserHaveProjectAccess(
  1460. auth.DoesUserHaveClusterAccess(
  1461. requestlog.NewHandler(a.HandleDeployTemplate, l),
  1462. mw.URLParam,
  1463. mw.QueryParam,
  1464. ),
  1465. mw.URLParam,
  1466. mw.WriteAccess,
  1467. ),
  1468. )
  1469. r.Method(
  1470. "POST",
  1471. "/projects/{project_id}/deploy/addon/{name}/{version}",
  1472. auth.DoesUserHaveProjectAccess(
  1473. auth.DoesUserHaveClusterAccess(
  1474. requestlog.NewHandler(a.HandleDeployAddon, l),
  1475. mw.URLParam,
  1476. mw.QueryParam,
  1477. ),
  1478. mw.URLParam,
  1479. mw.WriteAccess,
  1480. ),
  1481. )
  1482. })
  1483. // Create group for long-running Helm operations
  1484. r.Group(func(r chi.Router) {
  1485. r.Use(middleware.Timeout(300 * time.Second))
  1486. r.Method(
  1487. "POST",
  1488. "/projects/{project_id}/releases/{name}/rollback",
  1489. auth.DoesUserHaveProjectAccess(
  1490. auth.DoesUserHaveClusterAccess(
  1491. requestlog.NewHandler(a.HandleRollbackRelease, l),
  1492. mw.URLParam,
  1493. mw.QueryParam,
  1494. ),
  1495. mw.URLParam,
  1496. mw.WriteAccess,
  1497. ),
  1498. )
  1499. r.Method(
  1500. "POST",
  1501. "/webhooks/deploy/{token}",
  1502. requestlog.NewHandler(a.HandleReleaseDeployWebhook, l),
  1503. )
  1504. r.Method(
  1505. "POST",
  1506. "/projects/{project_id}/delete/{name}",
  1507. auth.DoesUserHaveProjectAccess(
  1508. auth.DoesUserHaveClusterAccess(
  1509. requestlog.NewHandler(a.HandleUninstallTemplate, l),
  1510. mw.URLParam,
  1511. mw.QueryParam,
  1512. ),
  1513. mw.URLParam,
  1514. mw.WriteAccess,
  1515. ),
  1516. )
  1517. r.Method(
  1518. "POST",
  1519. "/projects/{project_id}/releases/{name}/upgrade",
  1520. auth.DoesUserHaveProjectAccess(
  1521. auth.DoesUserHaveClusterAccess(
  1522. requestlog.NewHandler(a.HandleUpgradeRelease, l),
  1523. mw.URLParam,
  1524. mw.QueryParam,
  1525. ),
  1526. mw.URLParam,
  1527. mw.WriteAccess,
  1528. ),
  1529. )
  1530. r.Method(
  1531. "POST",
  1532. "/projects/{project_id}/releases/image/update/batch",
  1533. auth.DoesUserHaveProjectAccess(
  1534. auth.DoesUserHaveClusterAccess(
  1535. requestlog.NewHandler(a.HandleReleaseUpdateJobImages, l),
  1536. mw.URLParam,
  1537. mw.QueryParam,
  1538. ),
  1539. mw.URLParam,
  1540. mw.WriteAccess,
  1541. ),
  1542. )
  1543. })
  1544. })
  1545. staticFilePath := a.ServerConf.StaticFilePath
  1546. fs := http.FileServer(http.Dir(staticFilePath))
  1547. r.Get("/*", func(w http.ResponseWriter, r *http.Request) {
  1548. if _, err := os.Stat(staticFilePath + r.RequestURI); os.IsNotExist(err) {
  1549. w.Header().Set("Cache-Control", "no-cache")
  1550. http.StripPrefix(r.URL.Path, fs).ServeHTTP(w, r)
  1551. } else {
  1552. // Set static files involving html, js, or empty cache to "no-cache", which means they must be validated
  1553. // for changes before the browser uses the cache
  1554. if base := path.Base(r.URL.Path); strings.Contains(base, "html") || strings.Contains(base, "js") || base == "." || base == "/" {
  1555. w.Header().Set("Cache-Control", "no-cache")
  1556. }
  1557. fs.ServeHTTP(w, r)
  1558. }
  1559. })
  1560. return r
  1561. }