extern/zrok
1
1
Fork 0
mirror of https://github.com/openziti/zrok.git synced 2025-06-26 12:42:18 +02:00
Code Issues Packages Projects Releases Wiki Activity

stuff basic auth into the secrets store (#983)

Browse Source
This commit is contained in:
Michael Quigley 2025-06-18 13:15:37 -04:00
parent 6598fd6961
commit 19d391e7f8
No known key found for this signature in database
GPG Key ID: 9B60314A9DD20A62
4 changed files with 43 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

31
controller/share.go
View File

@ -1,6 +1,8 @@
package controller package controller
import ( import (
"encoding/json"
"github.com/go-openapi/runtime/middleware" "github.com/go-openapi/runtime/middleware"
"github.com/jmoiron/sqlx" "github.com/jmoiron/sqlx"
"github.com/openziti/zrok/controller/store" "github.com/openziti/zrok/controller/store"
@ -127,12 +129,13 @@ func (h *shareHandler) Handle(params share.ShareParams, principal *rest_model_zr
return share.NewShareNotFound() return share.NewShareNotFound()
} }
} }
if sfe != nil && sfe.UrlTemplate != nil { if sfe.UrlTemplate != nil {
frontendZIds = append(frontendZIds, sfe.ZId) frontendZIds = append(frontendZIds, sfe.ZId)
frontendTemplates = append(frontendTemplates, *sfe.UrlTemplate) frontendTemplates = append(frontendTemplates, *sfe.UrlTemplate)
logrus.Infof("added frontend selection '%v' with ziti identity '%v' for share '%v'", frontendSelection, sfe.ZId, shrToken) logrus.Infof("added frontend selection '%v' with ziti identity '%v' for share '%v'", frontendSelection, sfe.ZId, shrToken)
} }
} }
var skipInterstitial bool var skipInterstitial bool
if backendMode != sdk.DriveBackendMode { if backendMode != sdk.DriveBackendMode {
skipInterstitial, err = str.IsAccountGrantedSkipInterstitial(int(principal.ID), trx) skipInterstitial, err = str.IsAccountGrantedSkipInterstitial(int(principal.ID), trx)
@ -143,6 +146,7 @@ func (h *shareHandler) Handle(params share.ShareParams, principal *rest_model_zr
} else { } else {
skipInterstitial = true skipInterstitial = true
} }
shrZId, frontendEndpoints, err = newPublicResourceAllocator().allocate(envZId, shrToken, frontendZIds, frontendTemplates, params, !skipInterstitial, edge) shrZId, frontendEndpoints, err = newPublicResourceAllocator().allocate(envZId, shrToken, frontendZIds, frontendTemplates, params, !skipInterstitial, edge)
if err != nil { if err != nil {
logrus.Error(err) logrus.Error(err)
@ -201,6 +205,31 @@ func (h *shareHandler) Handle(params share.ShareParams, principal *rest_model_zr
} }
} }
if sshr.ShareMode == string(sdk.PublicShareMode) && params.Body.AuthScheme == string(sdk.Basic) {
logrus.Infof("writing basic auth secrets for '%v'", sshr.Token)
authUsersMap := make(map[string]string)
for _, authUser := range params.Body.AuthUsers {
authUsersMap[authUser.Username] = authUser.Password
}
authUsersMapJson, err := json.Marshal(authUsersMap)
if err != nil {
logrus.Errorf("error marshalling auth secrets for '%v': %v", sshr.Token, err)
return share.NewShareInternalServerError()
}
secrets := store.Secrets{
ShareId: sid,
Secrets: []store.Secret{
{Key: "auth_scheme", Value: string(sdk.Basic)},
{Key: "auth_users", Value: string(authUsersMapJson)},
},
}
if err := str.CreateSecrets(secrets, trx); err != nil {
logrus.Errorf("error creating secrets for '%v': %v", principal.Email, err)
return share.NewShareInternalServerError()
}
logrus.Infof("wrote auth secrets for '%v'", sshr.Token)
}
if err := trx.Commit(); err != nil { if err := trx.Commit(); err != nil {
logrus.Errorf("error committing share record: %v", err) logrus.Errorf("error committing share record: %v", err)
return share.NewShareInternalServerError() return share.NewShareInternalServerError()

14
controller/sharePublic.go
View File

@ -23,14 +23,12 @@ func (a *publicResourceAllocator) allocate(envZId, shrToken string, frontendZIds
return "", nil, err return "", nil, err
} }
options := &zrokEdgeSdk.FrontendOptions{ options := &zrokEdgeSdk.FrontendOptions{
Interstitial: interstitial, Interstitial: interstitial,
AuthScheme: authScheme, AuthSecrets: false,
BasicAuthUsers: authUsers, }
Oauth: &sdk.OauthConfig{ switch authScheme {
Provider: params.Body.OauthProvider, case sdk.Basic:
EmailDomains: params.Body.OauthEmailDomains, options.AuthSecrets = true
AuthorizationCheckInterval: params.Body.OauthAuthorizationCheckInterval,
},
} }
cfgId, err := zrokEdgeSdk.CreateConfig(zrokProxyConfigId, envZId, shrToken, options, edge) cfgId, err := zrokEdgeSdk.CreateConfig(zrokProxyConfigId, envZId, shrToken, options, edge)
if err != nil { if err != nil {

4
controller/store/secret.go
View File

@ -12,8 +12,8 @@ type Secrets struct {
} }
type Secret struct { type Secret struct {
Key string Key string `json:"key"`
Value string Value string `json:"value"`
} }
func (str *Store) CreateSecrets(secrets Secrets, trx *sqlx.Tx) error { func (str *Store) CreateSecrets(secrets Secrets, trx *sqlx.Tx) error {

7
controller/zrokEdgeSdk/config.go
View File

@ -3,17 +3,19 @@ package zrokEdgeSdk
import ( import (
"context" "context"
"fmt" "fmt"
"reflect"
"time"
"github.com/openziti/edge-api/rest_management_api_client" "github.com/openziti/edge-api/rest_management_api_client"
"github.com/openziti/edge-api/rest_management_api_client/config" "github.com/openziti/edge-api/rest_management_api_client/config"
"github.com/openziti/edge-api/rest_model" "github.com/openziti/edge-api/rest_model"
"github.com/openziti/zrok/sdk/golang/sdk" "github.com/openziti/zrok/sdk/golang/sdk"
"github.com/sirupsen/logrus" "github.com/sirupsen/logrus"
"reflect"
"time"
) )
type FrontendOptions struct { type FrontendOptions struct {
Interstitial bool Interstitial bool
AuthSecrets bool
AuthScheme sdk.AuthScheme AuthScheme sdk.AuthScheme
BasicAuthUsers []*sdk.AuthUserConfig BasicAuthUsers []*sdk.AuthUserConfig
Oauth *sdk.OauthConfig Oauth *sdk.OauthConfig
@ -22,6 +24,7 @@ type FrontendOptions struct {
func CreateConfig(cfgTypeZId, envZId, shrToken string, options *FrontendOptions, edge *rest_management_api_client.ZitiEdgeManagement) (cfgZId string, err error) { func CreateConfig(cfgTypeZId, envZId, shrToken string, options *FrontendOptions, edge *rest_management_api_client.ZitiEdgeManagement) (cfgZId string, err error) {
cfg := &sdk.FrontendConfig{ cfg := &sdk.FrontendConfig{
Interstitial: options.Interstitial, Interstitial: options.Interstitial,
AuthSecrets: options.AuthSecrets,
AuthScheme: options.AuthScheme, AuthScheme: options.AuthScheme,
} }
if cfg.AuthScheme == sdk.Basic { if cfg.AuthScheme == sdk.Basic {