use configuration file to control AnonymousAccess

2021-12-09 16:59:02 +08:00 · 2021-12-09 16:59:02 +08:00 · 32fea64f3e
parent bf4e0ca7c0
commit 32fea64f3e
4 changed files with 43 additions and 20 deletions
--- a/docker/n9eetc/webapi.conf
+++ b/docker/n9eetc/webapi.conf
@ -72,6 +72,10 @@ RedisKeyPrefix = "/jwt/"
 [BasicAuth]
 user001 = "ccc26da7b9aba533cbb263a36c07dcc5"

+[AnonymousAccess]
+PromQuerier = false
+AlertDetail = false
+
 [LDAP]
 Enable = false
 Host = "ldap.example.org"
--- a/etc/webapi.conf
+++ b/etc/webapi.conf
@ -72,6 +72,10 @@ RedisKeyPrefix = "/jwt/"
 [BasicAuth]
 user001 = "ccc26da7b9aba533cbb263a36c07dcc5"

+[AnonymousAccess]
+PromQuerier = false
+AlertDetail = false
+
 [LDAP]
 Enable = false
 Host = "ldap.example.org"
--- a/src/webapi/config/config.go
+++ b/src/webapi/config/config.go
@ -74,22 +74,23 @@ func MustLoad(fpaths ...string) {
 }

 type Config struct {
-	RunMode        string
-	I18N           string
-	AdminRole      string
-	ContactKeys    []ContactKey
-	NotifyChannels []string
-	Log            logx.Config
-	HTTP           httpx.Config
-	JWTAuth        JWTAuth
-	BasicAuth      gin.Accounts
-	LDAP           ldapx.LdapSection
-	Redis          storage.RedisConfig
-	Gorm           storage.Gorm
-	MySQL          storage.MySQL
-	Postgres       storage.Postgres
-	Clusters       []prom.Options
-	Ibex           Ibex
+	RunMode         string
+	I18N            string
+	AdminRole       string
+	ContactKeys     []ContactKey
+	NotifyChannels  []string
+	Log             logx.Config
+	HTTP            httpx.Config
+	JWTAuth         JWTAuth
+	BasicAuth       gin.Accounts
+	AnonymousAccess AnonymousAccess
+	LDAP            ldapx.LdapSection
+	Redis           storage.RedisConfig
+	Gorm            storage.Gorm
+	MySQL           storage.MySQL
+	Postgres        storage.Postgres
+	Clusters        []prom.Options
+	Ibex            Ibex
 }

 type ContactKey struct {
@ -104,6 +105,11 @@ type JWTAuth struct {
 	RedisKeyPrefix string
 }

+type AnonymousAccess struct {
+	PromQuerier bool
+	AlertDetail bool
+}
+
 type Ibex struct {
 	Address       string
 	BasicAuthUser string
--- a/src/webapi/router/router.go
+++ b/src/webapi/router/router.go
@ -100,7 +100,11 @@ func configRoute(r *gin.Engine, version string) {

 	pages := r.Group(pagesPrefix)
 	{
-		pages.Any("/prometheus/*url", prometheusProxy)
+		if config.C.AnonymousAccess.PromQuerier {
+			pages.Any("/prometheus/*url", prometheusProxy)
+		} else {
+			pages.Any("/prometheus/*url", jwtAuth(), prometheusProxy)
+		}

 		pages.GET("/version", func(c *gin.Context) {
 			c.String(200, version)
@ -201,12 +205,17 @@ func configRoute(r *gin.Engine, version string) {
 		// pages.GET("/busi-group/:id/collect-rule/:crid", jwtAuth(), user(), bgro(), collectRuleGet)
 		// pages.PUT("/busi-group/:id/collect-rule/:crid", jwtAuth(), user(), bgrw(), collectRulePut)

+		pages.GET("/busi-group/:id/alert-his-events", jwtAuth(), user(), bgro(), alertHisEventGets)
 		pages.GET("/busi-group/:id/alert-cur-events", jwtAuth(), user(), bgro(), alertCurEventGets)
 		pages.DELETE("/busi-group/:id/alert-cur-events", jwtAuth(), user(), bgrw(), alertCurEventDel)
-		pages.GET("/alert-cur-event/:eid", alertCurEventGet)

-		pages.GET("/busi-group/:id/alert-his-events", jwtAuth(), user(), bgro(), alertHisEventGets)
-		pages.GET("/alert-his-event/:eid", alertHisEventGet)
+		if config.C.AnonymousAccess.AlertDetail {
+			pages.GET("/alert-cur-event/:eid", alertCurEventGet)
+			pages.GET("/alert-his-event/:eid", alertHisEventGet)
+		} else {
+			pages.GET("/alert-cur-event/:eid", jwtAuth(), alertCurEventGet)
+			pages.GET("/alert-his-event/:eid", jwtAuth(), alertHisEventGet)
+		}

 		pages.GET("/busi-group/:id/task-tpls", jwtAuth(), user(), bgro(), taskTplGets)
 		pages.POST("/busi-group/:id/task-tpls", jwtAuth(), user(), bgrw(), taskTplAdd)