[feature] add proxy auth support (#1035)
Co-authored-by: ziv <xiazoheng@tuya.com>
This commit is contained in:
parent
072ab98fcf
commit
43343182e4
|
@ -98,6 +98,13 @@ AccessExpired = 1500
|
||||||
RefreshExpired = 10080
|
RefreshExpired = 10080
|
||||||
RedisKeyPrefix = "/jwt/"
|
RedisKeyPrefix = "/jwt/"
|
||||||
|
|
||||||
|
[ProxyAuth]
|
||||||
|
# if proxy auth enabled, jwt auth is disabled
|
||||||
|
Enable = false
|
||||||
|
# username key in http proxy header
|
||||||
|
HeaderUserNameKey = "X-User-Name"
|
||||||
|
DefaultRoles = ["Standard"]
|
||||||
|
|
||||||
[BasicAuth]
|
[BasicAuth]
|
||||||
user001 = "ccc26da7b9aba533cbb263a36c07dcc5"
|
user001 = "ccc26da7b9aba533cbb263a36c07dcc5"
|
||||||
|
|
||||||
|
|
|
@ -88,6 +88,7 @@ type Config struct {
|
||||||
Log logx.Config
|
Log logx.Config
|
||||||
HTTP httpx.Config
|
HTTP httpx.Config
|
||||||
JWTAuth JWTAuth
|
JWTAuth JWTAuth
|
||||||
|
ProxyAuth ProxyAuth
|
||||||
BasicAuth gin.Accounts
|
BasicAuth gin.Accounts
|
||||||
AnonymousAccess AnonymousAccess
|
AnonymousAccess AnonymousAccess
|
||||||
LDAP ldapx.LdapSection
|
LDAP ldapx.LdapSection
|
||||||
|
@ -135,6 +136,12 @@ type JWTAuth struct {
|
||||||
RedisKeyPrefix string
|
RedisKeyPrefix string
|
||||||
}
|
}
|
||||||
|
|
||||||
|
type ProxyAuth struct {
|
||||||
|
Enable bool
|
||||||
|
HeaderUserNameKey string
|
||||||
|
DefaultRoles []string
|
||||||
|
}
|
||||||
|
|
||||||
type AnonymousAccess struct {
|
type AnonymousAccess struct {
|
||||||
PromQuerier bool
|
PromQuerier bool
|
||||||
AlertDetail bool
|
AlertDetail bool
|
||||||
|
|
|
@ -101,16 +101,16 @@ func configRoute(r *gin.Engine, version string) {
|
||||||
if config.C.AnonymousAccess.PromQuerier {
|
if config.C.AnonymousAccess.PromQuerier {
|
||||||
pages.Any("/prometheus/*url", prometheusProxy)
|
pages.Any("/prometheus/*url", prometheusProxy)
|
||||||
} else {
|
} else {
|
||||||
pages.Any("/prometheus/*url", jwtAuth(), prometheusProxy)
|
pages.Any("/prometheus/*url", auth(), prometheusProxy)
|
||||||
}
|
}
|
||||||
|
|
||||||
pages.GET("/version", func(c *gin.Context) {
|
pages.GET("/version", func(c *gin.Context) {
|
||||||
c.String(200, version)
|
c.String(200, version)
|
||||||
})
|
})
|
||||||
|
|
||||||
pages.POST("/auth/login", loginPost)
|
pages.POST("/auth/login", jwtMock(), loginPost)
|
||||||
pages.POST("/auth/logout", logoutPost)
|
pages.POST("/auth/logout", jwtMock(), logoutPost)
|
||||||
pages.POST("/auth/refresh", refreshPost)
|
pages.POST("/auth/refresh", jwtMock(), refreshPost)
|
||||||
|
|
||||||
pages.GET("/auth/redirect", loginRedirect)
|
pages.GET("/auth/redirect", loginRedirect)
|
||||||
pages.GET("/auth/callback", loginCallback)
|
pages.GET("/auth/callback", loginCallback)
|
||||||
|
@ -123,150 +123,150 @@ func configRoute(r *gin.Engine, version string) {
|
||||||
pages.GET("/contact-keys", contactKeysGets)
|
pages.GET("/contact-keys", contactKeysGets)
|
||||||
pages.GET("/clusters", clustersGets)
|
pages.GET("/clusters", clustersGets)
|
||||||
|
|
||||||
pages.GET("/self/perms", jwtAuth(), user(), permsGets)
|
pages.GET("/self/perms", auth(), user(), permsGets)
|
||||||
pages.GET("/self/profile", jwtAuth(), user(), selfProfileGet)
|
pages.GET("/self/profile", auth(), user(), selfProfileGet)
|
||||||
pages.PUT("/self/profile", jwtAuth(), user(), selfProfilePut)
|
pages.PUT("/self/profile", auth(), user(), selfProfilePut)
|
||||||
pages.PUT("/self/password", jwtAuth(), user(), selfPasswordPut)
|
pages.PUT("/self/password", auth(), user(), selfPasswordPut)
|
||||||
|
|
||||||
pages.GET("/users", jwtAuth(), user(), perm("/users"), userGets)
|
pages.GET("/users", auth(), user(), perm("/users"), userGets)
|
||||||
pages.POST("/users", jwtAuth(), admin(), userAddPost)
|
pages.POST("/users", auth(), admin(), userAddPost)
|
||||||
pages.GET("/user/:id/profile", jwtAuth(), userProfileGet)
|
pages.GET("/user/:id/profile", auth(), userProfileGet)
|
||||||
pages.PUT("/user/:id/profile", jwtAuth(), admin(), userProfilePut)
|
pages.PUT("/user/:id/profile", auth(), admin(), userProfilePut)
|
||||||
pages.PUT("/user/:id/password", jwtAuth(), admin(), userPasswordPut)
|
pages.PUT("/user/:id/password", auth(), admin(), userPasswordPut)
|
||||||
pages.DELETE("/user/:id", jwtAuth(), admin(), userDel)
|
pages.DELETE("/user/:id", auth(), admin(), userDel)
|
||||||
|
|
||||||
pages.GET("/metric-views", jwtAuth(), metricViewGets)
|
pages.GET("/metric-views", auth(), metricViewGets)
|
||||||
pages.DELETE("/metric-views", jwtAuth(), user(), metricViewDel)
|
pages.DELETE("/metric-views", auth(), user(), metricViewDel)
|
||||||
pages.POST("/metric-views", jwtAuth(), user(), metricViewAdd)
|
pages.POST("/metric-views", auth(), user(), metricViewAdd)
|
||||||
pages.PUT("/metric-views", jwtAuth(), user(), metricViewPut)
|
pages.PUT("/metric-views", auth(), user(), metricViewPut)
|
||||||
|
|
||||||
pages.GET("/user-groups", jwtAuth(), user(), userGroupGets)
|
pages.GET("/user-groups", auth(), user(), userGroupGets)
|
||||||
pages.POST("/user-groups", jwtAuth(), user(), perm("/user-groups/add"), userGroupAdd)
|
pages.POST("/user-groups", auth(), user(), perm("/user-groups/add"), userGroupAdd)
|
||||||
pages.GET("/user-group/:id", jwtAuth(), user(), userGroupGet)
|
pages.GET("/user-group/:id", auth(), user(), userGroupGet)
|
||||||
pages.PUT("/user-group/:id", jwtAuth(), user(), perm("/user-groups/put"), userGroupWrite(), userGroupPut)
|
pages.PUT("/user-group/:id", auth(), user(), perm("/user-groups/put"), userGroupWrite(), userGroupPut)
|
||||||
pages.DELETE("/user-group/:id", jwtAuth(), user(), perm("/user-groups/del"), userGroupWrite(), userGroupDel)
|
pages.DELETE("/user-group/:id", auth(), user(), perm("/user-groups/del"), userGroupWrite(), userGroupDel)
|
||||||
pages.POST("/user-group/:id/members", jwtAuth(), user(), perm("/user-groups/put"), userGroupWrite(), userGroupMemberAdd)
|
pages.POST("/user-group/:id/members", auth(), user(), perm("/user-groups/put"), userGroupWrite(), userGroupMemberAdd)
|
||||||
pages.DELETE("/user-group/:id/members", jwtAuth(), user(), perm("/user-groups/put"), userGroupWrite(), userGroupMemberDel)
|
pages.DELETE("/user-group/:id/members", auth(), user(), perm("/user-groups/put"), userGroupWrite(), userGroupMemberDel)
|
||||||
|
|
||||||
pages.GET("/busi-groups", jwtAuth(), user(), busiGroupGets)
|
pages.GET("/busi-groups", auth(), user(), busiGroupGets)
|
||||||
pages.POST("/busi-groups", jwtAuth(), user(), perm("/busi-groups/add"), busiGroupAdd)
|
pages.POST("/busi-groups", auth(), user(), perm("/busi-groups/add"), busiGroupAdd)
|
||||||
pages.GET("/busi-groups/alertings", jwtAuth(), busiGroupAlertingsGets)
|
pages.GET("/busi-groups/alertings", auth(), busiGroupAlertingsGets)
|
||||||
pages.GET("/busi-group/:id", jwtAuth(), user(), bgro(), busiGroupGet)
|
pages.GET("/busi-group/:id", auth(), user(), bgro(), busiGroupGet)
|
||||||
pages.PUT("/busi-group/:id", jwtAuth(), user(), perm("/busi-groups/put"), bgrw(), busiGroupPut)
|
pages.PUT("/busi-group/:id", auth(), user(), perm("/busi-groups/put"), bgrw(), busiGroupPut)
|
||||||
pages.POST("/busi-group/:id/members", jwtAuth(), user(), perm("/busi-groups/put"), bgrw(), busiGroupMemberAdd)
|
pages.POST("/busi-group/:id/members", auth(), user(), perm("/busi-groups/put"), bgrw(), busiGroupMemberAdd)
|
||||||
pages.DELETE("/busi-group/:id/members", jwtAuth(), user(), perm("/busi-groups/put"), bgrw(), busiGroupMemberDel)
|
pages.DELETE("/busi-group/:id/members", auth(), user(), perm("/busi-groups/put"), bgrw(), busiGroupMemberDel)
|
||||||
pages.DELETE("/busi-group/:id", jwtAuth(), user(), perm("/busi-groups/del"), bgrw(), busiGroupDel)
|
pages.DELETE("/busi-group/:id", auth(), user(), perm("/busi-groups/del"), bgrw(), busiGroupDel)
|
||||||
pages.GET("/busi-group/:id/perm/:perm", jwtAuth(), user(), checkBusiGroupPerm)
|
pages.GET("/busi-group/:id/perm/:perm", auth(), user(), checkBusiGroupPerm)
|
||||||
|
|
||||||
pages.GET("/targets", jwtAuth(), user(), targetGets)
|
pages.GET("/targets", auth(), user(), targetGets)
|
||||||
pages.DELETE("/targets", jwtAuth(), user(), perm("/targets/del"), targetDel)
|
pages.DELETE("/targets", auth(), user(), perm("/targets/del"), targetDel)
|
||||||
pages.GET("/targets/tags", jwtAuth(), user(), targetGetTags)
|
pages.GET("/targets/tags", auth(), user(), targetGetTags)
|
||||||
pages.POST("/targets/tags", jwtAuth(), user(), perm("/targets/put"), targetBindTagsByFE)
|
pages.POST("/targets/tags", auth(), user(), perm("/targets/put"), targetBindTagsByFE)
|
||||||
pages.DELETE("/targets/tags", jwtAuth(), user(), perm("/targets/put"), targetUnbindTagsByFE)
|
pages.DELETE("/targets/tags", auth(), user(), perm("/targets/put"), targetUnbindTagsByFE)
|
||||||
pages.PUT("/targets/note", jwtAuth(), user(), perm("/targets/put"), targetUpdateNote)
|
pages.PUT("/targets/note", auth(), user(), perm("/targets/put"), targetUpdateNote)
|
||||||
pages.PUT("/targets/bgid", jwtAuth(), user(), perm("/targets/put"), targetUpdateBgid)
|
pages.PUT("/targets/bgid", auth(), user(), perm("/targets/put"), targetUpdateBgid)
|
||||||
|
|
||||||
pages.GET("/builtin-boards", builtinBoardGets)
|
pages.GET("/builtin-boards", builtinBoardGets)
|
||||||
pages.GET("/builtin-board/:name", builtinBoardGet)
|
pages.GET("/builtin-board/:name", builtinBoardGet)
|
||||||
|
|
||||||
pages.GET("/busi-group/:id/boards", jwtAuth(), user(), perm("/dashboards"), bgro(), boardGets)
|
pages.GET("/busi-group/:id/boards", auth(), user(), perm("/dashboards"), bgro(), boardGets)
|
||||||
pages.POST("/busi-group/:id/boards", jwtAuth(), user(), perm("/dashboards/add"), bgrw(), boardAdd)
|
pages.POST("/busi-group/:id/boards", auth(), user(), perm("/dashboards/add"), bgrw(), boardAdd)
|
||||||
pages.POST("/busi-group/:id/board/:bid/clone", jwtAuth(), user(), perm("/dashboards/add"), bgrw(), boardClone)
|
pages.POST("/busi-group/:id/board/:bid/clone", auth(), user(), perm("/dashboards/add"), bgrw(), boardClone)
|
||||||
|
|
||||||
pages.GET("/board/:bid", jwtAuth(), user(), boardGet)
|
pages.GET("/board/:bid", auth(), user(), boardGet)
|
||||||
pages.PUT("/board/:bid", jwtAuth(), user(), perm("/dashboards/put"), boardPut)
|
pages.PUT("/board/:bid", auth(), user(), perm("/dashboards/put"), boardPut)
|
||||||
pages.PUT("/board/:bid/configs", jwtAuth(), user(), perm("/dashboards/put"), boardPutConfigs)
|
pages.PUT("/board/:bid/configs", auth(), user(), perm("/dashboards/put"), boardPutConfigs)
|
||||||
pages.DELETE("/boards", jwtAuth(), user(), perm("/dashboards/del"), boardDel)
|
pages.DELETE("/boards", auth(), user(), perm("/dashboards/del"), boardDel)
|
||||||
|
|
||||||
// migrate v5.8.0
|
// migrate v5.8.0
|
||||||
pages.GET("/dashboards", jwtAuth(), admin(), migrateDashboards)
|
pages.GET("/dashboards", auth(), admin(), migrateDashboards)
|
||||||
pages.GET("/dashboard/:id", jwtAuth(), admin(), migrateDashboardGet)
|
pages.GET("/dashboard/:id", auth(), admin(), migrateDashboardGet)
|
||||||
pages.PUT("/dashboard/:id/migrate", jwtAuth(), admin(), migrateDashboard)
|
pages.PUT("/dashboard/:id/migrate", auth(), admin(), migrateDashboard)
|
||||||
|
|
||||||
// deprecated ↓
|
// deprecated ↓
|
||||||
pages.GET("/dashboards/builtin/list", builtinBoardGets)
|
pages.GET("/dashboards/builtin/list", builtinBoardGets)
|
||||||
pages.POST("/busi-group/:id/dashboards/builtin", jwtAuth(), user(), perm("/dashboards/add"), bgrw(), dashboardBuiltinImport)
|
pages.POST("/busi-group/:id/dashboards/builtin", auth(), user(), perm("/dashboards/add"), bgrw(), dashboardBuiltinImport)
|
||||||
pages.GET("/busi-group/:id/dashboards", jwtAuth(), user(), perm("/dashboards"), bgro(), dashboardGets)
|
pages.GET("/busi-group/:id/dashboards", auth(), user(), perm("/dashboards"), bgro(), dashboardGets)
|
||||||
pages.POST("/busi-group/:id/dashboards", jwtAuth(), user(), perm("/dashboards/add"), bgrw(), dashboardAdd)
|
pages.POST("/busi-group/:id/dashboards", auth(), user(), perm("/dashboards/add"), bgrw(), dashboardAdd)
|
||||||
pages.POST("/busi-group/:id/dashboards/export", jwtAuth(), user(), perm("/dashboards"), bgro(), dashboardExport)
|
pages.POST("/busi-group/:id/dashboards/export", auth(), user(), perm("/dashboards"), bgro(), dashboardExport)
|
||||||
pages.POST("/busi-group/:id/dashboards/import", jwtAuth(), user(), perm("/dashboards/add"), bgrw(), dashboardImport)
|
pages.POST("/busi-group/:id/dashboards/import", auth(), user(), perm("/dashboards/add"), bgrw(), dashboardImport)
|
||||||
pages.POST("/busi-group/:id/dashboard/:did/clone", jwtAuth(), user(), perm("/dashboards/add"), bgrw(), dashboardClone)
|
pages.POST("/busi-group/:id/dashboard/:did/clone", auth(), user(), perm("/dashboards/add"), bgrw(), dashboardClone)
|
||||||
pages.GET("/busi-group/:id/dashboard/:did", jwtAuth(), user(), perm("/dashboards"), bgro(), dashboardGet)
|
pages.GET("/busi-group/:id/dashboard/:did", auth(), user(), perm("/dashboards"), bgro(), dashboardGet)
|
||||||
pages.PUT("/busi-group/:id/dashboard/:did", jwtAuth(), user(), perm("/dashboards/put"), bgrw(), dashboardPut)
|
pages.PUT("/busi-group/:id/dashboard/:did", auth(), user(), perm("/dashboards/put"), bgrw(), dashboardPut)
|
||||||
pages.DELETE("/busi-group/:id/dashboard/:did", jwtAuth(), user(), perm("/dashboards/del"), bgrw(), dashboardDel)
|
pages.DELETE("/busi-group/:id/dashboard/:did", auth(), user(), perm("/dashboards/del"), bgrw(), dashboardDel)
|
||||||
|
|
||||||
pages.GET("/busi-group/:id/chart-groups", jwtAuth(), user(), bgro(), chartGroupGets)
|
pages.GET("/busi-group/:id/chart-groups", auth(), user(), bgro(), chartGroupGets)
|
||||||
pages.POST("/busi-group/:id/chart-groups", jwtAuth(), user(), bgrw(), chartGroupAdd)
|
pages.POST("/busi-group/:id/chart-groups", auth(), user(), bgrw(), chartGroupAdd)
|
||||||
pages.PUT("/busi-group/:id/chart-groups", jwtAuth(), user(), bgrw(), chartGroupPut)
|
pages.PUT("/busi-group/:id/chart-groups", auth(), user(), bgrw(), chartGroupPut)
|
||||||
pages.DELETE("/busi-group/:id/chart-groups", jwtAuth(), user(), bgrw(), chartGroupDel)
|
pages.DELETE("/busi-group/:id/chart-groups", auth(), user(), bgrw(), chartGroupDel)
|
||||||
|
|
||||||
pages.GET("/busi-group/:id/charts", jwtAuth(), user(), bgro(), chartGets)
|
pages.GET("/busi-group/:id/charts", auth(), user(), bgro(), chartGets)
|
||||||
pages.POST("/busi-group/:id/charts", jwtAuth(), user(), bgrw(), chartAdd)
|
pages.POST("/busi-group/:id/charts", auth(), user(), bgrw(), chartAdd)
|
||||||
pages.PUT("/busi-group/:id/charts", jwtAuth(), user(), bgrw(), chartPut)
|
pages.PUT("/busi-group/:id/charts", auth(), user(), bgrw(), chartPut)
|
||||||
pages.DELETE("/busi-group/:id/charts", jwtAuth(), user(), bgrw(), chartDel)
|
pages.DELETE("/busi-group/:id/charts", auth(), user(), bgrw(), chartDel)
|
||||||
// deprecated ↑
|
// deprecated ↑
|
||||||
|
|
||||||
pages.GET("/share-charts", chartShareGets)
|
pages.GET("/share-charts", chartShareGets)
|
||||||
pages.POST("/share-charts", jwtAuth(), chartShareAdd)
|
pages.POST("/share-charts", auth(), chartShareAdd)
|
||||||
|
|
||||||
pages.GET("/alert-rules/builtin/list", alertRuleBuiltinList)
|
pages.GET("/alert-rules/builtin/list", alertRuleBuiltinList)
|
||||||
pages.POST("/busi-group/:id/alert-rules/builtin", jwtAuth(), user(), perm("/alert-rules/add"), bgrw(), alertRuleBuiltinImport)
|
pages.POST("/busi-group/:id/alert-rules/builtin", auth(), user(), perm("/alert-rules/add"), bgrw(), alertRuleBuiltinImport)
|
||||||
pages.GET("/busi-group/:id/alert-rules", jwtAuth(), user(), perm("/alert-rules"), alertRuleGets)
|
pages.GET("/busi-group/:id/alert-rules", auth(), user(), perm("/alert-rules"), alertRuleGets)
|
||||||
pages.POST("/busi-group/:id/alert-rules", jwtAuth(), user(), perm("/alert-rules/add"), bgrw(), alertRuleAddByFE)
|
pages.POST("/busi-group/:id/alert-rules", auth(), user(), perm("/alert-rules/add"), bgrw(), alertRuleAddByFE)
|
||||||
pages.DELETE("/busi-group/:id/alert-rules", jwtAuth(), user(), perm("/alert-rules/del"), bgrw(), alertRuleDel)
|
pages.DELETE("/busi-group/:id/alert-rules", auth(), user(), perm("/alert-rules/del"), bgrw(), alertRuleDel)
|
||||||
pages.PUT("/busi-group/:id/alert-rules/fields", jwtAuth(), user(), perm("/alert-rules/put"), bgrw(), alertRulePutFields)
|
pages.PUT("/busi-group/:id/alert-rules/fields", auth(), user(), perm("/alert-rules/put"), bgrw(), alertRulePutFields)
|
||||||
pages.PUT("/busi-group/:id/alert-rule/:arid", jwtAuth(), user(), perm("/alert-rules/put"), alertRulePutByFE)
|
pages.PUT("/busi-group/:id/alert-rule/:arid", auth(), user(), perm("/alert-rules/put"), alertRulePutByFE)
|
||||||
pages.GET("/alert-rule/:arid", jwtAuth(), user(), perm("/alert-rules"), alertRuleGet)
|
pages.GET("/alert-rule/:arid", auth(), user(), perm("/alert-rules"), alertRuleGet)
|
||||||
|
|
||||||
pages.GET("/busi-group/:id/recording-rules", jwtAuth(), user(), perm("/recording-rules"), recordingRuleGets)
|
pages.GET("/busi-group/:id/recording-rules", auth(), user(), perm("/recording-rules"), recordingRuleGets)
|
||||||
pages.POST("/busi-group/:id/recording-rules", jwtAuth(), user(), perm("/recording-rules/add"), bgrw(), recordingRuleAddByFE)
|
pages.POST("/busi-group/:id/recording-rules", auth(), user(), perm("/recording-rules/add"), bgrw(), recordingRuleAddByFE)
|
||||||
pages.DELETE("/busi-group/:id/recording-rules", jwtAuth(), user(), perm("/recording-rules/del"), bgrw(), recordingRuleDel)
|
pages.DELETE("/busi-group/:id/recording-rules", auth(), user(), perm("/recording-rules/del"), bgrw(), recordingRuleDel)
|
||||||
pages.PUT("/busi-group/:id/recording-rule/:rrid", jwtAuth(), user(), perm("/recording-rules/put"), bgrw(), recordingRulePutByFE)
|
pages.PUT("/busi-group/:id/recording-rule/:rrid", auth(), user(), perm("/recording-rules/put"), bgrw(), recordingRulePutByFE)
|
||||||
pages.GET("/recording-rule/:rrid", jwtAuth(), user(), perm("/recording-rules"), recordingRuleGet)
|
pages.GET("/recording-rule/:rrid", auth(), user(), perm("/recording-rules"), recordingRuleGet)
|
||||||
pages.PUT("/busi-group/:id/recording-rules/fields", jwtAuth(), user(), perm("/recording-rules/put"), recordingRulePutFields)
|
pages.PUT("/busi-group/:id/recording-rules/fields", auth(), user(), perm("/recording-rules/put"), recordingRulePutFields)
|
||||||
|
|
||||||
pages.GET("/busi-group/:id/alert-mutes", jwtAuth(), user(), perm("/alert-mutes"), bgro(), alertMuteGetsByBG)
|
pages.GET("/busi-group/:id/alert-mutes", auth(), user(), perm("/alert-mutes"), bgro(), alertMuteGetsByBG)
|
||||||
pages.POST("/busi-group/:id/alert-mutes", jwtAuth(), user(), perm("/alert-mutes/add"), bgrw(), alertMuteAdd)
|
pages.POST("/busi-group/:id/alert-mutes", auth(), user(), perm("/alert-mutes/add"), bgrw(), alertMuteAdd)
|
||||||
pages.DELETE("/busi-group/:id/alert-mutes", jwtAuth(), user(), perm("/alert-mutes/del"), bgrw(), alertMuteDel)
|
pages.DELETE("/busi-group/:id/alert-mutes", auth(), user(), perm("/alert-mutes/del"), bgrw(), alertMuteDel)
|
||||||
|
|
||||||
pages.GET("/busi-group/:id/alert-subscribes", jwtAuth(), user(), perm("/alert-subscribes"), bgro(), alertSubscribeGets)
|
pages.GET("/busi-group/:id/alert-subscribes", auth(), user(), perm("/alert-subscribes"), bgro(), alertSubscribeGets)
|
||||||
pages.GET("/alert-subscribe/:sid", jwtAuth(), user(), perm("/alert-subscribes"), alertSubscribeGet)
|
pages.GET("/alert-subscribe/:sid", auth(), user(), perm("/alert-subscribes"), alertSubscribeGet)
|
||||||
pages.POST("/busi-group/:id/alert-subscribes", jwtAuth(), user(), perm("/alert-subscribes/add"), bgrw(), alertSubscribeAdd)
|
pages.POST("/busi-group/:id/alert-subscribes", auth(), user(), perm("/alert-subscribes/add"), bgrw(), alertSubscribeAdd)
|
||||||
pages.PUT("/busi-group/:id/alert-subscribes", jwtAuth(), user(), perm("/alert-subscribes/put"), bgrw(), alertSubscribePut)
|
pages.PUT("/busi-group/:id/alert-subscribes", auth(), user(), perm("/alert-subscribes/put"), bgrw(), alertSubscribePut)
|
||||||
pages.DELETE("/busi-group/:id/alert-subscribes", jwtAuth(), user(), perm("/alert-subscribes/del"), bgrw(), alertSubscribeDel)
|
pages.DELETE("/busi-group/:id/alert-subscribes", auth(), user(), perm("/alert-subscribes/del"), bgrw(), alertSubscribeDel)
|
||||||
|
|
||||||
if config.C.AnonymousAccess.AlertDetail {
|
if config.C.AnonymousAccess.AlertDetail {
|
||||||
pages.GET("/alert-cur-event/:eid", alertCurEventGet)
|
pages.GET("/alert-cur-event/:eid", alertCurEventGet)
|
||||||
pages.GET("/alert-his-event/:eid", alertHisEventGet)
|
pages.GET("/alert-his-event/:eid", alertHisEventGet)
|
||||||
} else {
|
} else {
|
||||||
pages.GET("/alert-cur-event/:eid", jwtAuth(), alertCurEventGet)
|
pages.GET("/alert-cur-event/:eid", auth(), alertCurEventGet)
|
||||||
pages.GET("/alert-his-event/:eid", jwtAuth(), alertHisEventGet)
|
pages.GET("/alert-his-event/:eid", auth(), alertHisEventGet)
|
||||||
}
|
}
|
||||||
|
|
||||||
// card logic
|
// card logic
|
||||||
pages.GET("/alert-cur-events/list", jwtAuth(), alertCurEventsList)
|
pages.GET("/alert-cur-events/list", auth(), alertCurEventsList)
|
||||||
pages.GET("/alert-cur-events/card", jwtAuth(), alertCurEventsCard)
|
pages.GET("/alert-cur-events/card", auth(), alertCurEventsCard)
|
||||||
pages.POST("/alert-cur-events/card/details", jwtAuth(), alertCurEventsCardDetails)
|
pages.POST("/alert-cur-events/card/details", auth(), alertCurEventsCardDetails)
|
||||||
pages.GET("/alert-his-events/list", jwtAuth(), alertHisEventsList)
|
pages.GET("/alert-his-events/list", auth(), alertHisEventsList)
|
||||||
pages.DELETE("/alert-cur-events", jwtAuth(), user(), perm("/alert-cur-events/del"), alertCurEventDel)
|
pages.DELETE("/alert-cur-events", auth(), user(), perm("/alert-cur-events/del"), alertCurEventDel)
|
||||||
|
|
||||||
pages.GET("/alert-aggr-views", jwtAuth(), alertAggrViewGets)
|
pages.GET("/alert-aggr-views", auth(), alertAggrViewGets)
|
||||||
pages.DELETE("/alert-aggr-views", jwtAuth(), user(), alertAggrViewDel)
|
pages.DELETE("/alert-aggr-views", auth(), user(), alertAggrViewDel)
|
||||||
pages.POST("/alert-aggr-views", jwtAuth(), user(), alertAggrViewAdd)
|
pages.POST("/alert-aggr-views", auth(), user(), alertAggrViewAdd)
|
||||||
pages.PUT("/alert-aggr-views", jwtAuth(), user(), alertAggrViewPut)
|
pages.PUT("/alert-aggr-views", auth(), user(), alertAggrViewPut)
|
||||||
|
|
||||||
pages.GET("/busi-group/:id/task-tpls", jwtAuth(), user(), perm("/job-tpls"), bgro(), taskTplGets)
|
pages.GET("/busi-group/:id/task-tpls", auth(), user(), perm("/job-tpls"), bgro(), taskTplGets)
|
||||||
pages.POST("/busi-group/:id/task-tpls", jwtAuth(), user(), perm("/job-tpls/add"), bgrw(), taskTplAdd)
|
pages.POST("/busi-group/:id/task-tpls", auth(), user(), perm("/job-tpls/add"), bgrw(), taskTplAdd)
|
||||||
pages.DELETE("/busi-group/:id/task-tpl/:tid", jwtAuth(), user(), perm("/job-tpls/del"), bgrw(), taskTplDel)
|
pages.DELETE("/busi-group/:id/task-tpl/:tid", auth(), user(), perm("/job-tpls/del"), bgrw(), taskTplDel)
|
||||||
pages.POST("/busi-group/:id/task-tpls/tags", jwtAuth(), user(), perm("/job-tpls/put"), bgrw(), taskTplBindTags)
|
pages.POST("/busi-group/:id/task-tpls/tags", auth(), user(), perm("/job-tpls/put"), bgrw(), taskTplBindTags)
|
||||||
pages.DELETE("/busi-group/:id/task-tpls/tags", jwtAuth(), user(), perm("/job-tpls/put"), bgrw(), taskTplUnbindTags)
|
pages.DELETE("/busi-group/:id/task-tpls/tags", auth(), user(), perm("/job-tpls/put"), bgrw(), taskTplUnbindTags)
|
||||||
pages.GET("/busi-group/:id/task-tpl/:tid", jwtAuth(), user(), perm("/job-tpls"), bgro(), taskTplGet)
|
pages.GET("/busi-group/:id/task-tpl/:tid", auth(), user(), perm("/job-tpls"), bgro(), taskTplGet)
|
||||||
pages.PUT("/busi-group/:id/task-tpl/:tid", jwtAuth(), user(), perm("/job-tpls/put"), bgrw(), taskTplPut)
|
pages.PUT("/busi-group/:id/task-tpl/:tid", auth(), user(), perm("/job-tpls/put"), bgrw(), taskTplPut)
|
||||||
|
|
||||||
pages.GET("/busi-group/:id/tasks", jwtAuth(), user(), perm("/job-tasks"), bgro(), taskGets)
|
pages.GET("/busi-group/:id/tasks", auth(), user(), perm("/job-tasks"), bgro(), taskGets)
|
||||||
pages.POST("/busi-group/:id/tasks", jwtAuth(), user(), perm("/job-tasks/add"), bgrw(), taskAdd)
|
pages.POST("/busi-group/:id/tasks", auth(), user(), perm("/job-tasks/add"), bgrw(), taskAdd)
|
||||||
pages.GET("/busi-group/:id/task/*url", jwtAuth(), user(), perm("/job-tasks"), taskProxy)
|
pages.GET("/busi-group/:id/task/*url", auth(), user(), perm("/job-tasks"), taskProxy)
|
||||||
pages.PUT("/busi-group/:id/task/*url", jwtAuth(), user(), perm("/job-tasks/put"), bgrw(), taskProxy)
|
pages.PUT("/busi-group/:id/task/*url", auth(), user(), perm("/job-tasks/put"), bgrw(), taskProxy)
|
||||||
}
|
}
|
||||||
|
|
||||||
service := r.Group("/v1/n9e")
|
service := r.Group("/v1/n9e")
|
||||||
|
|
|
@ -24,6 +24,43 @@ type AccessDetails struct {
|
||||||
UserIdentity string
|
UserIdentity string
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func handleProxyUser(c *gin.Context) *models.User {
|
||||||
|
headerUserNameKey := config.C.ProxyAuth.HeaderUserNameKey
|
||||||
|
username := c.GetHeader(headerUserNameKey)
|
||||||
|
if username == "" {
|
||||||
|
ginx.Bomb(http.StatusUnauthorized, "unauthorized")
|
||||||
|
}
|
||||||
|
|
||||||
|
user, err := models.UserGetByUsername(username)
|
||||||
|
if err != nil {
|
||||||
|
ginx.Bomb(http.StatusInternalServerError, err.Error())
|
||||||
|
}
|
||||||
|
|
||||||
|
if user == nil {
|
||||||
|
now := time.Now().Unix()
|
||||||
|
user = &models.User{
|
||||||
|
Username: username,
|
||||||
|
Nickname: username,
|
||||||
|
Roles: strings.Join(config.C.ProxyAuth.DefaultRoles, " "),
|
||||||
|
CreateAt: now,
|
||||||
|
UpdateAt: now,
|
||||||
|
CreateBy: "system",
|
||||||
|
UpdateBy: "system",
|
||||||
|
}
|
||||||
|
err = user.Add()
|
||||||
|
}
|
||||||
|
return user
|
||||||
|
}
|
||||||
|
|
||||||
|
func proxyAuth() gin.HandlerFunc {
|
||||||
|
return func(c *gin.Context) {
|
||||||
|
user := handleProxyUser(c)
|
||||||
|
c.Set("userid", user.Id)
|
||||||
|
c.Set("username", user)
|
||||||
|
c.Next()
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
func jwtAuth() gin.HandlerFunc {
|
func jwtAuth() gin.HandlerFunc {
|
||||||
return func(c *gin.Context) {
|
return func(c *gin.Context) {
|
||||||
metadata, err := extractTokenMetadata(c.Request)
|
metadata, err := extractTokenMetadata(c.Request)
|
||||||
|
@ -54,6 +91,35 @@ func jwtAuth() gin.HandlerFunc {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func auth() gin.HandlerFunc {
|
||||||
|
if config.C.ProxyAuth.Enable {
|
||||||
|
return proxyAuth()
|
||||||
|
} else {
|
||||||
|
return jwtAuth()
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
// if proxy auth is enabled, mock jwt login/logout/refresh request
|
||||||
|
func jwtMock() gin.HandlerFunc {
|
||||||
|
return func(c *gin.Context) {
|
||||||
|
if !config.C.ProxyAuth.Enable {
|
||||||
|
c.Next()
|
||||||
|
return
|
||||||
|
}
|
||||||
|
if strings.Contains(c.FullPath(), "logout") {
|
||||||
|
ginx.Bomb(http.StatusBadRequest, "logout is not supported when proxy auth is enabled")
|
||||||
|
}
|
||||||
|
user := handleProxyUser(c)
|
||||||
|
ginx.NewRender(c).Data(gin.H{
|
||||||
|
"user": user,
|
||||||
|
"access_token": "",
|
||||||
|
"refresh_token": "",
|
||||||
|
}, nil)
|
||||||
|
c.Abort()
|
||||||
|
return
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
func user() gin.HandlerFunc {
|
func user() gin.HandlerFunc {
|
||||||
return func(c *gin.Context) {
|
return func(c *gin.Context) {
|
||||||
userid := c.MustGet("userid").(int64)
|
userid := c.MustGet("userid").(int64)
|
||||||
|
|
Loading…
Reference in New Issue