[feature] add proxy auth support (#1035)

Co-authored-by: ziv <xiazoheng@tuya.com>
This commit is contained in:
xiaoziv 2022-07-08 15:19:22 +08:00 committed by GitHub
parent 072ab98fcf
commit 43343182e4
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
4 changed files with 192 additions and 112 deletions

View File

@ -98,6 +98,13 @@ AccessExpired = 1500
RefreshExpired = 10080 RefreshExpired = 10080
RedisKeyPrefix = "/jwt/" RedisKeyPrefix = "/jwt/"
[ProxyAuth]
# if proxy auth enabled, jwt auth is disabled
Enable = false
# username key in http proxy header
HeaderUserNameKey = "X-User-Name"
DefaultRoles = ["Standard"]
[BasicAuth] [BasicAuth]
user001 = "ccc26da7b9aba533cbb263a36c07dcc5" user001 = "ccc26da7b9aba533cbb263a36c07dcc5"

View File

@ -88,6 +88,7 @@ type Config struct {
Log logx.Config Log logx.Config
HTTP httpx.Config HTTP httpx.Config
JWTAuth JWTAuth JWTAuth JWTAuth
ProxyAuth ProxyAuth
BasicAuth gin.Accounts BasicAuth gin.Accounts
AnonymousAccess AnonymousAccess AnonymousAccess AnonymousAccess
LDAP ldapx.LdapSection LDAP ldapx.LdapSection
@ -135,6 +136,12 @@ type JWTAuth struct {
RedisKeyPrefix string RedisKeyPrefix string
} }
type ProxyAuth struct {
Enable bool
HeaderUserNameKey string
DefaultRoles []string
}
type AnonymousAccess struct { type AnonymousAccess struct {
PromQuerier bool PromQuerier bool
AlertDetail bool AlertDetail bool

View File

@ -101,16 +101,16 @@ func configRoute(r *gin.Engine, version string) {
if config.C.AnonymousAccess.PromQuerier { if config.C.AnonymousAccess.PromQuerier {
pages.Any("/prometheus/*url", prometheusProxy) pages.Any("/prometheus/*url", prometheusProxy)
} else { } else {
pages.Any("/prometheus/*url", jwtAuth(), prometheusProxy) pages.Any("/prometheus/*url", auth(), prometheusProxy)
} }
pages.GET("/version", func(c *gin.Context) { pages.GET("/version", func(c *gin.Context) {
c.String(200, version) c.String(200, version)
}) })
pages.POST("/auth/login", loginPost) pages.POST("/auth/login", jwtMock(), loginPost)
pages.POST("/auth/logout", logoutPost) pages.POST("/auth/logout", jwtMock(), logoutPost)
pages.POST("/auth/refresh", refreshPost) pages.POST("/auth/refresh", jwtMock(), refreshPost)
pages.GET("/auth/redirect", loginRedirect) pages.GET("/auth/redirect", loginRedirect)
pages.GET("/auth/callback", loginCallback) pages.GET("/auth/callback", loginCallback)
@ -123,150 +123,150 @@ func configRoute(r *gin.Engine, version string) {
pages.GET("/contact-keys", contactKeysGets) pages.GET("/contact-keys", contactKeysGets)
pages.GET("/clusters", clustersGets) pages.GET("/clusters", clustersGets)
pages.GET("/self/perms", jwtAuth(), user(), permsGets) pages.GET("/self/perms", auth(), user(), permsGets)
pages.GET("/self/profile", jwtAuth(), user(), selfProfileGet) pages.GET("/self/profile", auth(), user(), selfProfileGet)
pages.PUT("/self/profile", jwtAuth(), user(), selfProfilePut) pages.PUT("/self/profile", auth(), user(), selfProfilePut)
pages.PUT("/self/password", jwtAuth(), user(), selfPasswordPut) pages.PUT("/self/password", auth(), user(), selfPasswordPut)
pages.GET("/users", jwtAuth(), user(), perm("/users"), userGets) pages.GET("/users", auth(), user(), perm("/users"), userGets)
pages.POST("/users", jwtAuth(), admin(), userAddPost) pages.POST("/users", auth(), admin(), userAddPost)
pages.GET("/user/:id/profile", jwtAuth(), userProfileGet) pages.GET("/user/:id/profile", auth(), userProfileGet)
pages.PUT("/user/:id/profile", jwtAuth(), admin(), userProfilePut) pages.PUT("/user/:id/profile", auth(), admin(), userProfilePut)
pages.PUT("/user/:id/password", jwtAuth(), admin(), userPasswordPut) pages.PUT("/user/:id/password", auth(), admin(), userPasswordPut)
pages.DELETE("/user/:id", jwtAuth(), admin(), userDel) pages.DELETE("/user/:id", auth(), admin(), userDel)
pages.GET("/metric-views", jwtAuth(), metricViewGets) pages.GET("/metric-views", auth(), metricViewGets)
pages.DELETE("/metric-views", jwtAuth(), user(), metricViewDel) pages.DELETE("/metric-views", auth(), user(), metricViewDel)
pages.POST("/metric-views", jwtAuth(), user(), metricViewAdd) pages.POST("/metric-views", auth(), user(), metricViewAdd)
pages.PUT("/metric-views", jwtAuth(), user(), metricViewPut) pages.PUT("/metric-views", auth(), user(), metricViewPut)
pages.GET("/user-groups", jwtAuth(), user(), userGroupGets) pages.GET("/user-groups", auth(), user(), userGroupGets)
pages.POST("/user-groups", jwtAuth(), user(), perm("/user-groups/add"), userGroupAdd) pages.POST("/user-groups", auth(), user(), perm("/user-groups/add"), userGroupAdd)
pages.GET("/user-group/:id", jwtAuth(), user(), userGroupGet) pages.GET("/user-group/:id", auth(), user(), userGroupGet)
pages.PUT("/user-group/:id", jwtAuth(), user(), perm("/user-groups/put"), userGroupWrite(), userGroupPut) pages.PUT("/user-group/:id", auth(), user(), perm("/user-groups/put"), userGroupWrite(), userGroupPut)
pages.DELETE("/user-group/:id", jwtAuth(), user(), perm("/user-groups/del"), userGroupWrite(), userGroupDel) pages.DELETE("/user-group/:id", auth(), user(), perm("/user-groups/del"), userGroupWrite(), userGroupDel)
pages.POST("/user-group/:id/members", jwtAuth(), user(), perm("/user-groups/put"), userGroupWrite(), userGroupMemberAdd) pages.POST("/user-group/:id/members", auth(), user(), perm("/user-groups/put"), userGroupWrite(), userGroupMemberAdd)
pages.DELETE("/user-group/:id/members", jwtAuth(), user(), perm("/user-groups/put"), userGroupWrite(), userGroupMemberDel) pages.DELETE("/user-group/:id/members", auth(), user(), perm("/user-groups/put"), userGroupWrite(), userGroupMemberDel)
pages.GET("/busi-groups", jwtAuth(), user(), busiGroupGets) pages.GET("/busi-groups", auth(), user(), busiGroupGets)
pages.POST("/busi-groups", jwtAuth(), user(), perm("/busi-groups/add"), busiGroupAdd) pages.POST("/busi-groups", auth(), user(), perm("/busi-groups/add"), busiGroupAdd)
pages.GET("/busi-groups/alertings", jwtAuth(), busiGroupAlertingsGets) pages.GET("/busi-groups/alertings", auth(), busiGroupAlertingsGets)
pages.GET("/busi-group/:id", jwtAuth(), user(), bgro(), busiGroupGet) pages.GET("/busi-group/:id", auth(), user(), bgro(), busiGroupGet)
pages.PUT("/busi-group/:id", jwtAuth(), user(), perm("/busi-groups/put"), bgrw(), busiGroupPut) pages.PUT("/busi-group/:id", auth(), user(), perm("/busi-groups/put"), bgrw(), busiGroupPut)
pages.POST("/busi-group/:id/members", jwtAuth(), user(), perm("/busi-groups/put"), bgrw(), busiGroupMemberAdd) pages.POST("/busi-group/:id/members", auth(), user(), perm("/busi-groups/put"), bgrw(), busiGroupMemberAdd)
pages.DELETE("/busi-group/:id/members", jwtAuth(), user(), perm("/busi-groups/put"), bgrw(), busiGroupMemberDel) pages.DELETE("/busi-group/:id/members", auth(), user(), perm("/busi-groups/put"), bgrw(), busiGroupMemberDel)
pages.DELETE("/busi-group/:id", jwtAuth(), user(), perm("/busi-groups/del"), bgrw(), busiGroupDel) pages.DELETE("/busi-group/:id", auth(), user(), perm("/busi-groups/del"), bgrw(), busiGroupDel)
pages.GET("/busi-group/:id/perm/:perm", jwtAuth(), user(), checkBusiGroupPerm) pages.GET("/busi-group/:id/perm/:perm", auth(), user(), checkBusiGroupPerm)
pages.GET("/targets", jwtAuth(), user(), targetGets) pages.GET("/targets", auth(), user(), targetGets)
pages.DELETE("/targets", jwtAuth(), user(), perm("/targets/del"), targetDel) pages.DELETE("/targets", auth(), user(), perm("/targets/del"), targetDel)
pages.GET("/targets/tags", jwtAuth(), user(), targetGetTags) pages.GET("/targets/tags", auth(), user(), targetGetTags)
pages.POST("/targets/tags", jwtAuth(), user(), perm("/targets/put"), targetBindTagsByFE) pages.POST("/targets/tags", auth(), user(), perm("/targets/put"), targetBindTagsByFE)
pages.DELETE("/targets/tags", jwtAuth(), user(), perm("/targets/put"), targetUnbindTagsByFE) pages.DELETE("/targets/tags", auth(), user(), perm("/targets/put"), targetUnbindTagsByFE)
pages.PUT("/targets/note", jwtAuth(), user(), perm("/targets/put"), targetUpdateNote) pages.PUT("/targets/note", auth(), user(), perm("/targets/put"), targetUpdateNote)
pages.PUT("/targets/bgid", jwtAuth(), user(), perm("/targets/put"), targetUpdateBgid) pages.PUT("/targets/bgid", auth(), user(), perm("/targets/put"), targetUpdateBgid)
pages.GET("/builtin-boards", builtinBoardGets) pages.GET("/builtin-boards", builtinBoardGets)
pages.GET("/builtin-board/:name", builtinBoardGet) pages.GET("/builtin-board/:name", builtinBoardGet)
pages.GET("/busi-group/:id/boards", jwtAuth(), user(), perm("/dashboards"), bgro(), boardGets) pages.GET("/busi-group/:id/boards", auth(), user(), perm("/dashboards"), bgro(), boardGets)
pages.POST("/busi-group/:id/boards", jwtAuth(), user(), perm("/dashboards/add"), bgrw(), boardAdd) pages.POST("/busi-group/:id/boards", auth(), user(), perm("/dashboards/add"), bgrw(), boardAdd)
pages.POST("/busi-group/:id/board/:bid/clone", jwtAuth(), user(), perm("/dashboards/add"), bgrw(), boardClone) pages.POST("/busi-group/:id/board/:bid/clone", auth(), user(), perm("/dashboards/add"), bgrw(), boardClone)
pages.GET("/board/:bid", jwtAuth(), user(), boardGet) pages.GET("/board/:bid", auth(), user(), boardGet)
pages.PUT("/board/:bid", jwtAuth(), user(), perm("/dashboards/put"), boardPut) pages.PUT("/board/:bid", auth(), user(), perm("/dashboards/put"), boardPut)
pages.PUT("/board/:bid/configs", jwtAuth(), user(), perm("/dashboards/put"), boardPutConfigs) pages.PUT("/board/:bid/configs", auth(), user(), perm("/dashboards/put"), boardPutConfigs)
pages.DELETE("/boards", jwtAuth(), user(), perm("/dashboards/del"), boardDel) pages.DELETE("/boards", auth(), user(), perm("/dashboards/del"), boardDel)
// migrate v5.8.0 // migrate v5.8.0
pages.GET("/dashboards", jwtAuth(), admin(), migrateDashboards) pages.GET("/dashboards", auth(), admin(), migrateDashboards)
pages.GET("/dashboard/:id", jwtAuth(), admin(), migrateDashboardGet) pages.GET("/dashboard/:id", auth(), admin(), migrateDashboardGet)
pages.PUT("/dashboard/:id/migrate", jwtAuth(), admin(), migrateDashboard) pages.PUT("/dashboard/:id/migrate", auth(), admin(), migrateDashboard)
// deprecated ↓ // deprecated ↓
pages.GET("/dashboards/builtin/list", builtinBoardGets) pages.GET("/dashboards/builtin/list", builtinBoardGets)
pages.POST("/busi-group/:id/dashboards/builtin", jwtAuth(), user(), perm("/dashboards/add"), bgrw(), dashboardBuiltinImport) pages.POST("/busi-group/:id/dashboards/builtin", auth(), user(), perm("/dashboards/add"), bgrw(), dashboardBuiltinImport)
pages.GET("/busi-group/:id/dashboards", jwtAuth(), user(), perm("/dashboards"), bgro(), dashboardGets) pages.GET("/busi-group/:id/dashboards", auth(), user(), perm("/dashboards"), bgro(), dashboardGets)
pages.POST("/busi-group/:id/dashboards", jwtAuth(), user(), perm("/dashboards/add"), bgrw(), dashboardAdd) pages.POST("/busi-group/:id/dashboards", auth(), user(), perm("/dashboards/add"), bgrw(), dashboardAdd)
pages.POST("/busi-group/:id/dashboards/export", jwtAuth(), user(), perm("/dashboards"), bgro(), dashboardExport) pages.POST("/busi-group/:id/dashboards/export", auth(), user(), perm("/dashboards"), bgro(), dashboardExport)
pages.POST("/busi-group/:id/dashboards/import", jwtAuth(), user(), perm("/dashboards/add"), bgrw(), dashboardImport) pages.POST("/busi-group/:id/dashboards/import", auth(), user(), perm("/dashboards/add"), bgrw(), dashboardImport)
pages.POST("/busi-group/:id/dashboard/:did/clone", jwtAuth(), user(), perm("/dashboards/add"), bgrw(), dashboardClone) pages.POST("/busi-group/:id/dashboard/:did/clone", auth(), user(), perm("/dashboards/add"), bgrw(), dashboardClone)
pages.GET("/busi-group/:id/dashboard/:did", jwtAuth(), user(), perm("/dashboards"), bgro(), dashboardGet) pages.GET("/busi-group/:id/dashboard/:did", auth(), user(), perm("/dashboards"), bgro(), dashboardGet)
pages.PUT("/busi-group/:id/dashboard/:did", jwtAuth(), user(), perm("/dashboards/put"), bgrw(), dashboardPut) pages.PUT("/busi-group/:id/dashboard/:did", auth(), user(), perm("/dashboards/put"), bgrw(), dashboardPut)
pages.DELETE("/busi-group/:id/dashboard/:did", jwtAuth(), user(), perm("/dashboards/del"), bgrw(), dashboardDel) pages.DELETE("/busi-group/:id/dashboard/:did", auth(), user(), perm("/dashboards/del"), bgrw(), dashboardDel)
pages.GET("/busi-group/:id/chart-groups", jwtAuth(), user(), bgro(), chartGroupGets) pages.GET("/busi-group/:id/chart-groups", auth(), user(), bgro(), chartGroupGets)
pages.POST("/busi-group/:id/chart-groups", jwtAuth(), user(), bgrw(), chartGroupAdd) pages.POST("/busi-group/:id/chart-groups", auth(), user(), bgrw(), chartGroupAdd)
pages.PUT("/busi-group/:id/chart-groups", jwtAuth(), user(), bgrw(), chartGroupPut) pages.PUT("/busi-group/:id/chart-groups", auth(), user(), bgrw(), chartGroupPut)
pages.DELETE("/busi-group/:id/chart-groups", jwtAuth(), user(), bgrw(), chartGroupDel) pages.DELETE("/busi-group/:id/chart-groups", auth(), user(), bgrw(), chartGroupDel)
pages.GET("/busi-group/:id/charts", jwtAuth(), user(), bgro(), chartGets) pages.GET("/busi-group/:id/charts", auth(), user(), bgro(), chartGets)
pages.POST("/busi-group/:id/charts", jwtAuth(), user(), bgrw(), chartAdd) pages.POST("/busi-group/:id/charts", auth(), user(), bgrw(), chartAdd)
pages.PUT("/busi-group/:id/charts", jwtAuth(), user(), bgrw(), chartPut) pages.PUT("/busi-group/:id/charts", auth(), user(), bgrw(), chartPut)
pages.DELETE("/busi-group/:id/charts", jwtAuth(), user(), bgrw(), chartDel) pages.DELETE("/busi-group/:id/charts", auth(), user(), bgrw(), chartDel)
// deprecated ↑ // deprecated ↑
pages.GET("/share-charts", chartShareGets) pages.GET("/share-charts", chartShareGets)
pages.POST("/share-charts", jwtAuth(), chartShareAdd) pages.POST("/share-charts", auth(), chartShareAdd)
pages.GET("/alert-rules/builtin/list", alertRuleBuiltinList) pages.GET("/alert-rules/builtin/list", alertRuleBuiltinList)
pages.POST("/busi-group/:id/alert-rules/builtin", jwtAuth(), user(), perm("/alert-rules/add"), bgrw(), alertRuleBuiltinImport) pages.POST("/busi-group/:id/alert-rules/builtin", auth(), user(), perm("/alert-rules/add"), bgrw(), alertRuleBuiltinImport)
pages.GET("/busi-group/:id/alert-rules", jwtAuth(), user(), perm("/alert-rules"), alertRuleGets) pages.GET("/busi-group/:id/alert-rules", auth(), user(), perm("/alert-rules"), alertRuleGets)
pages.POST("/busi-group/:id/alert-rules", jwtAuth(), user(), perm("/alert-rules/add"), bgrw(), alertRuleAddByFE) pages.POST("/busi-group/:id/alert-rules", auth(), user(), perm("/alert-rules/add"), bgrw(), alertRuleAddByFE)
pages.DELETE("/busi-group/:id/alert-rules", jwtAuth(), user(), perm("/alert-rules/del"), bgrw(), alertRuleDel) pages.DELETE("/busi-group/:id/alert-rules", auth(), user(), perm("/alert-rules/del"), bgrw(), alertRuleDel)
pages.PUT("/busi-group/:id/alert-rules/fields", jwtAuth(), user(), perm("/alert-rules/put"), bgrw(), alertRulePutFields) pages.PUT("/busi-group/:id/alert-rules/fields", auth(), user(), perm("/alert-rules/put"), bgrw(), alertRulePutFields)
pages.PUT("/busi-group/:id/alert-rule/:arid", jwtAuth(), user(), perm("/alert-rules/put"), alertRulePutByFE) pages.PUT("/busi-group/:id/alert-rule/:arid", auth(), user(), perm("/alert-rules/put"), alertRulePutByFE)
pages.GET("/alert-rule/:arid", jwtAuth(), user(), perm("/alert-rules"), alertRuleGet) pages.GET("/alert-rule/:arid", auth(), user(), perm("/alert-rules"), alertRuleGet)
pages.GET("/busi-group/:id/recording-rules", jwtAuth(), user(), perm("/recording-rules"), recordingRuleGets) pages.GET("/busi-group/:id/recording-rules", auth(), user(), perm("/recording-rules"), recordingRuleGets)
pages.POST("/busi-group/:id/recording-rules", jwtAuth(), user(), perm("/recording-rules/add"), bgrw(), recordingRuleAddByFE) pages.POST("/busi-group/:id/recording-rules", auth(), user(), perm("/recording-rules/add"), bgrw(), recordingRuleAddByFE)
pages.DELETE("/busi-group/:id/recording-rules", jwtAuth(), user(), perm("/recording-rules/del"), bgrw(), recordingRuleDel) pages.DELETE("/busi-group/:id/recording-rules", auth(), user(), perm("/recording-rules/del"), bgrw(), recordingRuleDel)
pages.PUT("/busi-group/:id/recording-rule/:rrid", jwtAuth(), user(), perm("/recording-rules/put"), bgrw(), recordingRulePutByFE) pages.PUT("/busi-group/:id/recording-rule/:rrid", auth(), user(), perm("/recording-rules/put"), bgrw(), recordingRulePutByFE)
pages.GET("/recording-rule/:rrid", jwtAuth(), user(), perm("/recording-rules"), recordingRuleGet) pages.GET("/recording-rule/:rrid", auth(), user(), perm("/recording-rules"), recordingRuleGet)
pages.PUT("/busi-group/:id/recording-rules/fields", jwtAuth(), user(), perm("/recording-rules/put"), recordingRulePutFields) pages.PUT("/busi-group/:id/recording-rules/fields", auth(), user(), perm("/recording-rules/put"), recordingRulePutFields)
pages.GET("/busi-group/:id/alert-mutes", jwtAuth(), user(), perm("/alert-mutes"), bgro(), alertMuteGetsByBG) pages.GET("/busi-group/:id/alert-mutes", auth(), user(), perm("/alert-mutes"), bgro(), alertMuteGetsByBG)
pages.POST("/busi-group/:id/alert-mutes", jwtAuth(), user(), perm("/alert-mutes/add"), bgrw(), alertMuteAdd) pages.POST("/busi-group/:id/alert-mutes", auth(), user(), perm("/alert-mutes/add"), bgrw(), alertMuteAdd)
pages.DELETE("/busi-group/:id/alert-mutes", jwtAuth(), user(), perm("/alert-mutes/del"), bgrw(), alertMuteDel) pages.DELETE("/busi-group/:id/alert-mutes", auth(), user(), perm("/alert-mutes/del"), bgrw(), alertMuteDel)
pages.GET("/busi-group/:id/alert-subscribes", jwtAuth(), user(), perm("/alert-subscribes"), bgro(), alertSubscribeGets) pages.GET("/busi-group/:id/alert-subscribes", auth(), user(), perm("/alert-subscribes"), bgro(), alertSubscribeGets)
pages.GET("/alert-subscribe/:sid", jwtAuth(), user(), perm("/alert-subscribes"), alertSubscribeGet) pages.GET("/alert-subscribe/:sid", auth(), user(), perm("/alert-subscribes"), alertSubscribeGet)
pages.POST("/busi-group/:id/alert-subscribes", jwtAuth(), user(), perm("/alert-subscribes/add"), bgrw(), alertSubscribeAdd) pages.POST("/busi-group/:id/alert-subscribes", auth(), user(), perm("/alert-subscribes/add"), bgrw(), alertSubscribeAdd)
pages.PUT("/busi-group/:id/alert-subscribes", jwtAuth(), user(), perm("/alert-subscribes/put"), bgrw(), alertSubscribePut) pages.PUT("/busi-group/:id/alert-subscribes", auth(), user(), perm("/alert-subscribes/put"), bgrw(), alertSubscribePut)
pages.DELETE("/busi-group/:id/alert-subscribes", jwtAuth(), user(), perm("/alert-subscribes/del"), bgrw(), alertSubscribeDel) pages.DELETE("/busi-group/:id/alert-subscribes", auth(), user(), perm("/alert-subscribes/del"), bgrw(), alertSubscribeDel)
if config.C.AnonymousAccess.AlertDetail { if config.C.AnonymousAccess.AlertDetail {
pages.GET("/alert-cur-event/:eid", alertCurEventGet) pages.GET("/alert-cur-event/:eid", alertCurEventGet)
pages.GET("/alert-his-event/:eid", alertHisEventGet) pages.GET("/alert-his-event/:eid", alertHisEventGet)
} else { } else {
pages.GET("/alert-cur-event/:eid", jwtAuth(), alertCurEventGet) pages.GET("/alert-cur-event/:eid", auth(), alertCurEventGet)
pages.GET("/alert-his-event/:eid", jwtAuth(), alertHisEventGet) pages.GET("/alert-his-event/:eid", auth(), alertHisEventGet)
} }
// card logic // card logic
pages.GET("/alert-cur-events/list", jwtAuth(), alertCurEventsList) pages.GET("/alert-cur-events/list", auth(), alertCurEventsList)
pages.GET("/alert-cur-events/card", jwtAuth(), alertCurEventsCard) pages.GET("/alert-cur-events/card", auth(), alertCurEventsCard)
pages.POST("/alert-cur-events/card/details", jwtAuth(), alertCurEventsCardDetails) pages.POST("/alert-cur-events/card/details", auth(), alertCurEventsCardDetails)
pages.GET("/alert-his-events/list", jwtAuth(), alertHisEventsList) pages.GET("/alert-his-events/list", auth(), alertHisEventsList)
pages.DELETE("/alert-cur-events", jwtAuth(), user(), perm("/alert-cur-events/del"), alertCurEventDel) pages.DELETE("/alert-cur-events", auth(), user(), perm("/alert-cur-events/del"), alertCurEventDel)
pages.GET("/alert-aggr-views", jwtAuth(), alertAggrViewGets) pages.GET("/alert-aggr-views", auth(), alertAggrViewGets)
pages.DELETE("/alert-aggr-views", jwtAuth(), user(), alertAggrViewDel) pages.DELETE("/alert-aggr-views", auth(), user(), alertAggrViewDel)
pages.POST("/alert-aggr-views", jwtAuth(), user(), alertAggrViewAdd) pages.POST("/alert-aggr-views", auth(), user(), alertAggrViewAdd)
pages.PUT("/alert-aggr-views", jwtAuth(), user(), alertAggrViewPut) pages.PUT("/alert-aggr-views", auth(), user(), alertAggrViewPut)
pages.GET("/busi-group/:id/task-tpls", jwtAuth(), user(), perm("/job-tpls"), bgro(), taskTplGets) pages.GET("/busi-group/:id/task-tpls", auth(), user(), perm("/job-tpls"), bgro(), taskTplGets)
pages.POST("/busi-group/:id/task-tpls", jwtAuth(), user(), perm("/job-tpls/add"), bgrw(), taskTplAdd) pages.POST("/busi-group/:id/task-tpls", auth(), user(), perm("/job-tpls/add"), bgrw(), taskTplAdd)
pages.DELETE("/busi-group/:id/task-tpl/:tid", jwtAuth(), user(), perm("/job-tpls/del"), bgrw(), taskTplDel) pages.DELETE("/busi-group/:id/task-tpl/:tid", auth(), user(), perm("/job-tpls/del"), bgrw(), taskTplDel)
pages.POST("/busi-group/:id/task-tpls/tags", jwtAuth(), user(), perm("/job-tpls/put"), bgrw(), taskTplBindTags) pages.POST("/busi-group/:id/task-tpls/tags", auth(), user(), perm("/job-tpls/put"), bgrw(), taskTplBindTags)
pages.DELETE("/busi-group/:id/task-tpls/tags", jwtAuth(), user(), perm("/job-tpls/put"), bgrw(), taskTplUnbindTags) pages.DELETE("/busi-group/:id/task-tpls/tags", auth(), user(), perm("/job-tpls/put"), bgrw(), taskTplUnbindTags)
pages.GET("/busi-group/:id/task-tpl/:tid", jwtAuth(), user(), perm("/job-tpls"), bgro(), taskTplGet) pages.GET("/busi-group/:id/task-tpl/:tid", auth(), user(), perm("/job-tpls"), bgro(), taskTplGet)
pages.PUT("/busi-group/:id/task-tpl/:tid", jwtAuth(), user(), perm("/job-tpls/put"), bgrw(), taskTplPut) pages.PUT("/busi-group/:id/task-tpl/:tid", auth(), user(), perm("/job-tpls/put"), bgrw(), taskTplPut)
pages.GET("/busi-group/:id/tasks", jwtAuth(), user(), perm("/job-tasks"), bgro(), taskGets) pages.GET("/busi-group/:id/tasks", auth(), user(), perm("/job-tasks"), bgro(), taskGets)
pages.POST("/busi-group/:id/tasks", jwtAuth(), user(), perm("/job-tasks/add"), bgrw(), taskAdd) pages.POST("/busi-group/:id/tasks", auth(), user(), perm("/job-tasks/add"), bgrw(), taskAdd)
pages.GET("/busi-group/:id/task/*url", jwtAuth(), user(), perm("/job-tasks"), taskProxy) pages.GET("/busi-group/:id/task/*url", auth(), user(), perm("/job-tasks"), taskProxy)
pages.PUT("/busi-group/:id/task/*url", jwtAuth(), user(), perm("/job-tasks/put"), bgrw(), taskProxy) pages.PUT("/busi-group/:id/task/*url", auth(), user(), perm("/job-tasks/put"), bgrw(), taskProxy)
} }
service := r.Group("/v1/n9e") service := r.Group("/v1/n9e")

View File

@ -24,6 +24,43 @@ type AccessDetails struct {
UserIdentity string UserIdentity string
} }
func handleProxyUser(c *gin.Context) *models.User {
headerUserNameKey := config.C.ProxyAuth.HeaderUserNameKey
username := c.GetHeader(headerUserNameKey)
if username == "" {
ginx.Bomb(http.StatusUnauthorized, "unauthorized")
}
user, err := models.UserGetByUsername(username)
if err != nil {
ginx.Bomb(http.StatusInternalServerError, err.Error())
}
if user == nil {
now := time.Now().Unix()
user = &models.User{
Username: username,
Nickname: username,
Roles: strings.Join(config.C.ProxyAuth.DefaultRoles, " "),
CreateAt: now,
UpdateAt: now,
CreateBy: "system",
UpdateBy: "system",
}
err = user.Add()
}
return user
}
func proxyAuth() gin.HandlerFunc {
return func(c *gin.Context) {
user := handleProxyUser(c)
c.Set("userid", user.Id)
c.Set("username", user)
c.Next()
}
}
func jwtAuth() gin.HandlerFunc { func jwtAuth() gin.HandlerFunc {
return func(c *gin.Context) { return func(c *gin.Context) {
metadata, err := extractTokenMetadata(c.Request) metadata, err := extractTokenMetadata(c.Request)
@ -54,6 +91,35 @@ func jwtAuth() gin.HandlerFunc {
} }
} }
func auth() gin.HandlerFunc {
if config.C.ProxyAuth.Enable {
return proxyAuth()
} else {
return jwtAuth()
}
}
// if proxy auth is enabled, mock jwt login/logout/refresh request
func jwtMock() gin.HandlerFunc {
return func(c *gin.Context) {
if !config.C.ProxyAuth.Enable {
c.Next()
return
}
if strings.Contains(c.FullPath(), "logout") {
ginx.Bomb(http.StatusBadRequest, "logout is not supported when proxy auth is enabled")
}
user := handleProxyUser(c)
ginx.NewRender(c).Data(gin.H{
"user": user,
"access_token": "",
"refresh_token": "",
}, nil)
c.Abort()
return
}
}
func user() gin.HandlerFunc { func user() gin.HandlerFunc {
return func(c *gin.Context) { return func(c *gin.Context) {
userid := c.MustGet("userid").(int64) userid := c.MustGet("userid").(int64)