extern/zrok
1
1
Fork 0
mirror of https://github.com/openziti/zrok.git synced 2024-11-22 16:13:47 +01:00
Code Issues Packages Projects Releases Wiki Activity

limits check scaffolding in accessHandler

Browse Source
This commit is contained in:
Michael Quigley 2023-06-06 10:54:57 -04:00
parent cde59084a6
commit 243261d70a
No known key found for this signature in database
GPG Key ID: 9B60314A9DD20A62
2 changed files with 30 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

32
controller/access.go
View File

@ -2,10 +2,12 @@ package controller
import ( import (
"github.com/go-openapi/runtime/middleware" "github.com/go-openapi/runtime/middleware"
"github.com/jmoiron/sqlx"
"github.com/openziti/zrok/controller/store" "github.com/openziti/zrok/controller/store"
"github.com/openziti/zrok/controller/zrokEdgeSdk" "github.com/openziti/zrok/controller/zrokEdgeSdk"
"github.com/openziti/zrok/rest_model_zrok" "github.com/openziti/zrok/rest_model_zrok"
"github.com/openziti/zrok/rest_server_zrok/operations/share" "github.com/openziti/zrok/rest_server_zrok/operations/share"
"github.com/pkg/errors"
"github.com/sirupsen/logrus" "github.com/sirupsen/logrus"
) )
@ -16,16 +18,16 @@ func newAccessHandler() *accessHandler {
} }
func (h *accessHandler) Handle(params share.AccessParams, principal *rest_model_zrok.Principal) middleware.Responder { func (h *accessHandler) Handle(params share.AccessParams, principal *rest_model_zrok.Principal) middleware.Responder {
tx, err := str.Begin() trx, err := str.Begin()
if err != nil { if err != nil {
logrus.Errorf("error starting transaction for user '%v': %v", principal.Email, err) logrus.Errorf("error starting transaction for user '%v': %v", principal.Email, err)
return share.NewAccessInternalServerError() return share.NewAccessInternalServerError()
} }
defer func() { _ = tx.Rollback() }() defer func() { _ = trx.Rollback() }()
envZId := params.Body.EnvZID envZId := params.Body.EnvZID
envId := 0 envId := 0
if envs, err := str.FindEnvironmentsForAccount(int(principal.ID), tx); err == nil { if envs, err := str.FindEnvironmentsForAccount(int(principal.ID), trx); err == nil {
found := false found := false
for _, env := range envs { for _, env := range envs {
if env.ZId == envZId { if env.ZId == envZId {
@ -45,7 +47,7 @@ func (h *accessHandler) Handle(params share.AccessParams, principal *rest_model_
} }
shrToken := params.Body.ShrToken shrToken := params.Body.ShrToken
shr, err := str.FindShareWithToken(shrToken, tx) shr, err := str.FindShareWithToken(shrToken, trx)
if err != nil { if err != nil {
logrus.Errorf("error finding share") logrus.Errorf("error finding share")
return share.NewAccessNotFound() return share.NewAccessNotFound()
@ -55,13 +57,18 @@ func (h *accessHandler) Handle(params share.AccessParams, principal *rest_model_
return share.NewAccessNotFound() return share.NewAccessNotFound()
} }
if err := h.checkLimits(shrToken, trx); err != nil {
logrus.Errorf("cannot access limited share for '%v': %v", principal.Email, err)
return share.NewAccessNotFound()
}
feToken, err := createToken() feToken, err := createToken()
if err != nil { if err != nil {
logrus.Error(err) logrus.Error(err)
return share.NewAccessInternalServerError() return share.NewAccessInternalServerError()
} }
if _, err := str.CreateFrontend(envId, &store.Frontend{PrivateShareId: &shr.Id, Token: feToken, ZId: envZId}, tx); err != nil { if _, err := str.CreateFrontend(envId, &store.Frontend{PrivateShareId: &shr.Id, Token: feToken, ZId: envZId}, trx); err != nil {
logrus.Errorf("error creating frontend record for user '%v': %v", principal.Email, err) logrus.Errorf("error creating frontend record for user '%v': %v", principal.Email, err)
return share.NewAccessInternalServerError() return share.NewAccessInternalServerError()
} }
@ -81,7 +88,7 @@ func (h *accessHandler) Handle(params share.AccessParams, principal *rest_model_
return share.NewAccessInternalServerError() return share.NewAccessInternalServerError()
} }
if err := tx.Commit(); err != nil { if err := trx.Commit(); err != nil {
logrus.Errorf("error committing frontend record: %v", err) logrus.Errorf("error committing frontend record: %v", err)
return share.NewAccessInternalServerError() return share.NewAccessInternalServerError()
} }
@ -91,3 +98,16 @@ func (h *accessHandler) Handle(params share.AccessParams, principal *rest_model_
BackendMode: shr.BackendMode, BackendMode: shr.BackendMode,
}) })
} }
func (h *accessHandler) checkLimits(shrToken string, trx *sqlx.Tx) error {
if limitsAgent != nil {
ok, err := limitsAgent.CanAccessShare(shrToken, trx)
if err != nil {
return errors.Wrapf(err, "error checking share limits for '%v'", shrToken)
}
if !ok {
return errors.Errorf("share limit check failed for '%v'", shrToken)
}
}
return nil
}

4
controller/limits/agent.go
View File

@ -139,6 +139,10 @@ func (a *Agent) CanCreateShare(acctId, envId int, trx *sqlx.Tx) (bool, error) {
return true, nil return true, nil
} }
func (a *Agent) CanAccessShare(shrToken string, trx *sqlx.Tx) (bool, error) {
return true, nil
}
func (a *Agent) Handle(u *metrics.Usage) error { func (a *Agent) Handle(u *metrics.Usage) error {
logrus.Debugf("handling: %v", u) logrus.Debugf("handling: %v", u)
a.queue <- u a.queue <- u