mirror of
https://github.com/openziti/zrok.git
synced 2024-11-21 23:53:19 +01:00
authentication; enable only (for now) (#11)
This commit is contained in:
parent
4311d89526
commit
6156005446
@ -15,7 +15,7 @@ zrokDir=$(realpath "$scriptDir/..")
|
||||
zrokSpec=$(realpath "$zrokDir/specs/zrok.yml")
|
||||
|
||||
echo "...generating zrok server"
|
||||
swagger generate server -f "$zrokSpec" -s rest_server_zrok -t "$zrokDir" -m "rest_model_zrok" --exclude-main
|
||||
swagger generate server -P rest_model_zrok.Principal -f "$zrokSpec" -s rest_server_zrok -t "$zrokDir" -m "rest_model_zrok" --exclude-main
|
||||
|
||||
echo "...generating zrok client"
|
||||
swagger generate client -f "$zrokSpec" -c rest_client_zrok -t "$zrokDir" -m "rest_model_zrok"
|
||||
swagger generate client -P rest_model_zrok.Principal -f "$zrokSpec" -c rest_client_zrok -t "$zrokDir" -m "rest_model_zrok"
|
||||
|
@ -25,6 +25,6 @@ var apiVersionCmd = &cobra.Command{
|
||||
if err != nil {
|
||||
panic(err)
|
||||
}
|
||||
logrus.Infof("found api version [%v]", resp.Payload.Version)
|
||||
logrus.Infof("found api version [%v]", resp.Payload)
|
||||
},
|
||||
}
|
||||
|
@ -1,8 +1,8 @@
|
||||
package main
|
||||
|
||||
import (
|
||||
httptransport "github.com/go-openapi/runtime/client"
|
||||
"github.com/openziti-test-kitchen/zrok/rest_client_zrok/identity"
|
||||
"github.com/openziti-test-kitchen/zrok/rest_model_zrok"
|
||||
"github.com/openziti-test-kitchen/zrok/zrokdir"
|
||||
"github.com/sirupsen/logrus"
|
||||
"github.com/spf13/cobra"
|
||||
@ -23,11 +23,9 @@ func enable(_ *cobra.Command, args []string) {
|
||||
token := args[0]
|
||||
|
||||
zrok := newZrokClient()
|
||||
auth := httptransport.APIKeyAuth("X-TOKEN", "header", token)
|
||||
req := identity.NewEnableParams()
|
||||
req.Body = &rest_model_zrok.EnableRequest{
|
||||
Token: token,
|
||||
}
|
||||
resp, err := zrok.Identity.Enable(req)
|
||||
resp, err := zrok.Identity.Enable(req, auth)
|
||||
if err != nil {
|
||||
panic(err)
|
||||
}
|
||||
|
@ -27,12 +27,12 @@ func createAccountHandler(params identity.CreateAccountParams) middleware.Respon
|
||||
Password: hashPassword(params.Body.Password),
|
||||
Token: token,
|
||||
}
|
||||
tx, err := str.Begin()
|
||||
tx, err := Str.Begin()
|
||||
if err != nil {
|
||||
logrus.Errorf("error starting transaction: %v", err)
|
||||
return identity.NewCreateAccountInternalServerError().WithPayload(rest_model_zrok.ErrorMessage(err.Error()))
|
||||
}
|
||||
id, err := str.CreateAccount(a, tx)
|
||||
id, err := Str.CreateAccount(a, tx)
|
||||
if err != nil {
|
||||
logrus.Errorf("error creating account: %v", err)
|
||||
_ = tx.Rollback()
|
||||
|
@ -4,7 +4,6 @@ import (
|
||||
"github.com/go-openapi/loads"
|
||||
"github.com/go-openapi/runtime/middleware"
|
||||
"github.com/openziti-test-kitchen/zrok/controller/store"
|
||||
"github.com/openziti-test-kitchen/zrok/rest_model_zrok"
|
||||
"github.com/openziti-test-kitchen/zrok/rest_server_zrok"
|
||||
"github.com/openziti-test-kitchen/zrok/rest_server_zrok/operations"
|
||||
"github.com/openziti-test-kitchen/zrok/rest_server_zrok/operations/identity"
|
||||
@ -13,7 +12,7 @@ import (
|
||||
"github.com/pkg/errors"
|
||||
)
|
||||
|
||||
var str *store.Store
|
||||
var Str *store.Store
|
||||
|
||||
func Run(cfg *Config) error {
|
||||
swaggerSpec, err := loads.Embedded(rest_server_zrok.SwaggerJSON, rest_server_zrok.FlatSwaggerJSON)
|
||||
@ -22,6 +21,7 @@ func Run(cfg *Config) error {
|
||||
}
|
||||
|
||||
api := operations.NewZrokAPI(swaggerSpec)
|
||||
api.KeyAuth = ZrokAuthenticate
|
||||
api.MetadataVersionHandler = metadata.VersionHandlerFunc(versionHandler)
|
||||
api.IdentityCreateAccountHandler = identity.CreateAccountHandlerFunc(createAccountHandler)
|
||||
api.IdentityEnableHandler = identity.EnableHandlerFunc(enableHandler)
|
||||
@ -29,7 +29,7 @@ func Run(cfg *Config) error {
|
||||
api.TunnelUntunnelHandler = tunnel.UntunnelHandlerFunc(untunnelHandler)
|
||||
|
||||
if v, err := store.Open(cfg.Store); err == nil {
|
||||
str = v
|
||||
Str = v
|
||||
} else {
|
||||
return errors.Wrap(err, "error opening store")
|
||||
}
|
||||
@ -46,5 +46,5 @@ func Run(cfg *Config) error {
|
||||
}
|
||||
|
||||
func versionHandler(_ metadata.VersionParams) middleware.Responder {
|
||||
return metadata.NewVersionOK().WithPayload(&rest_model_zrok.Version{Version: "v0.0.1; sk3tc4"})
|
||||
return metadata.NewVersionOK().WithPayload("v0.0.2")
|
||||
}
|
||||
|
@ -18,13 +18,13 @@ import (
|
||||
"time"
|
||||
)
|
||||
|
||||
func enableHandler(params identity.EnableParams) middleware.Responder {
|
||||
tx, err := str.Begin()
|
||||
func enableHandler(_ identity.EnableParams, principal *rest_model_zrok.Principal) middleware.Responder {
|
||||
tx, err := Str.Begin()
|
||||
if err != nil {
|
||||
logrus.Errorf("error starting transaction: %v", err)
|
||||
return identity.NewCreateAccountInternalServerError().WithPayload(rest_model_zrok.ErrorMessage(err.Error()))
|
||||
}
|
||||
a, err := str.FindAccountWithToken(params.Body.Token, tx)
|
||||
a, err := Str.FindAccountWithToken(string(*principal), tx)
|
||||
if err != nil {
|
||||
logrus.Errorf("error finding account: %v", err)
|
||||
return identity.NewCreateAccountBadRequest().WithPayload(rest_model_zrok.ErrorMessage(err.Error()))
|
||||
|
@ -4,11 +4,27 @@ import (
|
||||
"crypto/rand"
|
||||
"crypto/x509"
|
||||
"encoding/hex"
|
||||
"github.com/openziti-test-kitchen/zrok/rest_model_zrok"
|
||||
"github.com/openziti/edge/rest_management_api_client"
|
||||
"github.com/openziti/edge/rest_util"
|
||||
"github.com/pkg/errors"
|
||||
"github.com/sirupsen/logrus"
|
||||
)
|
||||
|
||||
func ZrokAuthenticate(token string) (*rest_model_zrok.Principal, error) {
|
||||
logrus.Infof("authenticating")
|
||||
tx, err := Str.Begin()
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
if a, err := Str.FindAccountWithToken(token, tx); err == nil {
|
||||
principal := rest_model_zrok.Principal(a.Token)
|
||||
return &principal, nil
|
||||
} else {
|
||||
return nil, errors.Wrap(err, "error authenticating")
|
||||
}
|
||||
}
|
||||
|
||||
func edgeClient() (*rest_management_api_client.ZitiEdgeManagement, error) {
|
||||
ctrlAddress := "https://linux:1280"
|
||||
caCerts, err := rest_util.GetControllerWellKnownCas(ctrlAddress)
|
||||
|
@ -14,8 +14,6 @@ import (
|
||||
"github.com/go-openapi/runtime"
|
||||
cr "github.com/go-openapi/runtime/client"
|
||||
"github.com/go-openapi/strfmt"
|
||||
|
||||
"github.com/openziti-test-kitchen/zrok/rest_model_zrok"
|
||||
)
|
||||
|
||||
// NewEnableParams creates a new EnableParams object,
|
||||
@ -60,10 +58,6 @@ func NewEnableParamsWithHTTPClient(client *http.Client) *EnableParams {
|
||||
Typically these are written to a http.Request.
|
||||
*/
|
||||
type EnableParams struct {
|
||||
|
||||
// Body.
|
||||
Body *rest_model_zrok.EnableRequest
|
||||
|
||||
timeout time.Duration
|
||||
Context context.Context
|
||||
HTTPClient *http.Client
|
||||
@ -117,17 +111,6 @@ func (o *EnableParams) SetHTTPClient(client *http.Client) {
|
||||
o.HTTPClient = client
|
||||
}
|
||||
|
||||
// WithBody adds the body to the enable params
|
||||
func (o *EnableParams) WithBody(body *rest_model_zrok.EnableRequest) *EnableParams {
|
||||
o.SetBody(body)
|
||||
return o
|
||||
}
|
||||
|
||||
// SetBody adds the body to the enable params
|
||||
func (o *EnableParams) SetBody(body *rest_model_zrok.EnableRequest) {
|
||||
o.Body = body
|
||||
}
|
||||
|
||||
// WriteToRequest writes these params to a swagger request
|
||||
func (o *EnableParams) WriteToRequest(r runtime.ClientRequest, reg strfmt.Registry) error {
|
||||
|
||||
@ -135,11 +118,6 @@ func (o *EnableParams) WriteToRequest(r runtime.ClientRequest, reg strfmt.Regist
|
||||
return err
|
||||
}
|
||||
var res []error
|
||||
if o.Body != nil {
|
||||
if err := r.SetBodyParam(o.Body); err != nil {
|
||||
return err
|
||||
}
|
||||
}
|
||||
|
||||
if len(res) > 0 {
|
||||
return errors.CompositeValidationError(res...)
|
||||
|
@ -32,7 +32,7 @@ type ClientOption func(*runtime.ClientOperation)
|
||||
type ClientService interface {
|
||||
CreateAccount(params *CreateAccountParams, opts ...ClientOption) (*CreateAccountCreated, error)
|
||||
|
||||
Enable(params *EnableParams, opts ...ClientOption) (*EnableCreated, error)
|
||||
Enable(params *EnableParams, authInfo runtime.ClientAuthInfoWriter, opts ...ClientOption) (*EnableCreated, error)
|
||||
|
||||
SetTransport(transport runtime.ClientTransport)
|
||||
}
|
||||
@ -78,7 +78,7 @@ func (a *Client) CreateAccount(params *CreateAccountParams, opts ...ClientOption
|
||||
/*
|
||||
Enable enable API
|
||||
*/
|
||||
func (a *Client) Enable(params *EnableParams, opts ...ClientOption) (*EnableCreated, error) {
|
||||
func (a *Client) Enable(params *EnableParams, authInfo runtime.ClientAuthInfoWriter, opts ...ClientOption) (*EnableCreated, error) {
|
||||
// TODO: Validate the params before sending
|
||||
if params == nil {
|
||||
params = NewEnableParams()
|
||||
@ -92,6 +92,7 @@ func (a *Client) Enable(params *EnableParams, opts ...ClientOption) (*EnableCrea
|
||||
Schemes: []string{"http"},
|
||||
Params: params,
|
||||
Reader: &EnableReader{formats: a.formats},
|
||||
AuthInfo: authInfo,
|
||||
Context: params.Context,
|
||||
Client: params.HTTPClient,
|
||||
}
|
||||
|
@ -44,22 +44,20 @@ func NewVersionOK() *VersionOK {
|
||||
retrieve the current server version
|
||||
*/
|
||||
type VersionOK struct {
|
||||
Payload *rest_model_zrok.Version
|
||||
Payload rest_model_zrok.Version
|
||||
}
|
||||
|
||||
func (o *VersionOK) Error() string {
|
||||
return fmt.Sprintf("[GET /version][%d] versionOK %+v", 200, o.Payload)
|
||||
}
|
||||
func (o *VersionOK) GetPayload() *rest_model_zrok.Version {
|
||||
func (o *VersionOK) GetPayload() rest_model_zrok.Version {
|
||||
return o.Payload
|
||||
}
|
||||
|
||||
func (o *VersionOK) readResponse(response runtime.ClientResponse, consumer runtime.Consumer, formats strfmt.Registry) error {
|
||||
|
||||
o.Payload = new(rest_model_zrok.Version)
|
||||
|
||||
// response payload
|
||||
if err := consumer.Consume(response.Body(), o.Payload); err != nil && err != io.EOF {
|
||||
if err := consumer.Consume(response.Body(), &o.Payload); err != nil && err != io.EOF {
|
||||
return err
|
||||
}
|
||||
|
||||
|
27
rest_model_zrok/principal.go
Normal file
27
rest_model_zrok/principal.go
Normal file
@ -0,0 +1,27 @@
|
||||
// Code generated by go-swagger; DO NOT EDIT.
|
||||
|
||||
package rest_model_zrok
|
||||
|
||||
// This file was generated by the swagger tool.
|
||||
// Editing this file might prove futile when you re-run the swagger generate command
|
||||
|
||||
import (
|
||||
"context"
|
||||
|
||||
"github.com/go-openapi/strfmt"
|
||||
)
|
||||
|
||||
// Principal principal
|
||||
//
|
||||
// swagger:model principal
|
||||
type Principal string
|
||||
|
||||
// Validate validates this principal
|
||||
func (m Principal) Validate(formats strfmt.Registry) error {
|
||||
return nil
|
||||
}
|
||||
|
||||
// ContextValidate validates this principal based on context it is used
|
||||
func (m Principal) ContextValidate(ctx context.Context, formats strfmt.Registry) error {
|
||||
return nil
|
||||
}
|
@ -9,42 +9,19 @@ import (
|
||||
"context"
|
||||
|
||||
"github.com/go-openapi/strfmt"
|
||||
"github.com/go-openapi/swag"
|
||||
)
|
||||
|
||||
// Version version
|
||||
//
|
||||
// swagger:model version
|
||||
type Version struct {
|
||||
|
||||
// version
|
||||
Version string `json:"version,omitempty"`
|
||||
}
|
||||
type Version string
|
||||
|
||||
// Validate validates this version
|
||||
func (m *Version) Validate(formats strfmt.Registry) error {
|
||||
func (m Version) Validate(formats strfmt.Registry) error {
|
||||
return nil
|
||||
}
|
||||
|
||||
// ContextValidate validates this version based on context it is used
|
||||
func (m *Version) ContextValidate(ctx context.Context, formats strfmt.Registry) error {
|
||||
return nil
|
||||
}
|
||||
|
||||
// MarshalBinary interface implementation
|
||||
func (m *Version) MarshalBinary() ([]byte, error) {
|
||||
if m == nil {
|
||||
return nil, nil
|
||||
}
|
||||
return swag.WriteJSON(m)
|
||||
}
|
||||
|
||||
// UnmarshalBinary interface implementation
|
||||
func (m *Version) UnmarshalBinary(b []byte) error {
|
||||
var res Version
|
||||
if err := swag.ReadJSON(b, &res); err != nil {
|
||||
return err
|
||||
}
|
||||
*m = res
|
||||
func (m Version) ContextValidate(ctx context.Context, formats strfmt.Registry) error {
|
||||
return nil
|
||||
}
|
||||
|
@ -24,7 +24,6 @@ func configureAPI(api *operations.ZrokAPI) http.Handler {
|
||||
api.UseSwaggerUI()
|
||||
api.JSONConsumer = runtime.JSONConsumer()
|
||||
api.JSONProducer = runtime.JSONProducer()
|
||||
|
||||
api.PreServerShutdown = func() {}
|
||||
|
||||
api.ServerShutdown = func() {}
|
||||
|
@ -73,19 +73,15 @@ func init() {
|
||||
},
|
||||
"/enable": {
|
||||
"post": {
|
||||
"security": [
|
||||
{
|
||||
"key": []
|
||||
}
|
||||
],
|
||||
"tags": [
|
||||
"identity"
|
||||
],
|
||||
"operationId": "enable",
|
||||
"parameters": [
|
||||
{
|
||||
"name": "body",
|
||||
"in": "body",
|
||||
"schema": {
|
||||
"$ref": "#/definitions/enableRequest"
|
||||
}
|
||||
}
|
||||
],
|
||||
"responses": {
|
||||
"201": {
|
||||
"description": "environment enabled",
|
||||
@ -201,14 +197,6 @@ func init() {
|
||||
}
|
||||
}
|
||||
},
|
||||
"enableRequest": {
|
||||
"type": "object",
|
||||
"properties": {
|
||||
"token": {
|
||||
"type": "string"
|
||||
}
|
||||
}
|
||||
},
|
||||
"enableResponse": {
|
||||
"type": "object",
|
||||
"properties": {
|
||||
@ -223,6 +211,9 @@ func init() {
|
||||
"errorMessage": {
|
||||
"type": "string"
|
||||
},
|
||||
"principal": {
|
||||
"type": "string"
|
||||
},
|
||||
"tunnelRequest": {
|
||||
"type": "object",
|
||||
"properties": {
|
||||
@ -250,13 +241,15 @@ func init() {
|
||||
}
|
||||
}
|
||||
},
|
||||
"version": {
|
||||
"type": "object",
|
||||
"properties": {
|
||||
"version": {
|
||||
"type": "string"
|
||||
}
|
||||
}
|
||||
},
|
||||
"securityDefinitions": {
|
||||
"key": {
|
||||
"type": "apiKey",
|
||||
"name": "x-token",
|
||||
"in": "header"
|
||||
}
|
||||
}
|
||||
}`))
|
||||
@ -316,19 +309,15 @@ func init() {
|
||||
},
|
||||
"/enable": {
|
||||
"post": {
|
||||
"security": [
|
||||
{
|
||||
"key": []
|
||||
}
|
||||
],
|
||||
"tags": [
|
||||
"identity"
|
||||
],
|
||||
"operationId": "enable",
|
||||
"parameters": [
|
||||
{
|
||||
"name": "body",
|
||||
"in": "body",
|
||||
"schema": {
|
||||
"$ref": "#/definitions/enableRequest"
|
||||
}
|
||||
}
|
||||
],
|
||||
"responses": {
|
||||
"201": {
|
||||
"description": "environment enabled",
|
||||
@ -444,14 +433,6 @@ func init() {
|
||||
}
|
||||
}
|
||||
},
|
||||
"enableRequest": {
|
||||
"type": "object",
|
||||
"properties": {
|
||||
"token": {
|
||||
"type": "string"
|
||||
}
|
||||
}
|
||||
},
|
||||
"enableResponse": {
|
||||
"type": "object",
|
||||
"properties": {
|
||||
@ -466,6 +447,9 @@ func init() {
|
||||
"errorMessage": {
|
||||
"type": "string"
|
||||
},
|
||||
"principal": {
|
||||
"type": "string"
|
||||
},
|
||||
"tunnelRequest": {
|
||||
"type": "object",
|
||||
"properties": {
|
||||
@ -493,13 +477,15 @@ func init() {
|
||||
}
|
||||
}
|
||||
},
|
||||
"version": {
|
||||
"type": "object",
|
||||
"properties": {
|
||||
"version": {
|
||||
"type": "string"
|
||||
}
|
||||
}
|
||||
},
|
||||
"securityDefinitions": {
|
||||
"key": {
|
||||
"type": "apiKey",
|
||||
"name": "x-token",
|
||||
"in": "header"
|
||||
}
|
||||
}
|
||||
}`))
|
||||
|
@ -9,19 +9,21 @@ import (
|
||||
"net/http"
|
||||
|
||||
"github.com/go-openapi/runtime/middleware"
|
||||
|
||||
"github.com/openziti-test-kitchen/zrok/rest_model_zrok"
|
||||
)
|
||||
|
||||
// EnableHandlerFunc turns a function with the right signature into a enable handler
|
||||
type EnableHandlerFunc func(EnableParams) middleware.Responder
|
||||
type EnableHandlerFunc func(EnableParams, *rest_model_zrok.Principal) middleware.Responder
|
||||
|
||||
// Handle executing the request and returning a response
|
||||
func (fn EnableHandlerFunc) Handle(params EnableParams) middleware.Responder {
|
||||
return fn(params)
|
||||
func (fn EnableHandlerFunc) Handle(params EnableParams, principal *rest_model_zrok.Principal) middleware.Responder {
|
||||
return fn(params, principal)
|
||||
}
|
||||
|
||||
// EnableHandler interface for that can handle valid enable params
|
||||
type EnableHandler interface {
|
||||
Handle(EnableParams) middleware.Responder
|
||||
Handle(EnableParams, *rest_model_zrok.Principal) middleware.Responder
|
||||
}
|
||||
|
||||
// NewEnable creates a new http.Handler for the enable operation
|
||||
@ -45,12 +47,25 @@ func (o *Enable) ServeHTTP(rw http.ResponseWriter, r *http.Request) {
|
||||
*r = *rCtx
|
||||
}
|
||||
var Params = NewEnableParams()
|
||||
uprinc, aCtx, err := o.Context.Authorize(r, route)
|
||||
if err != nil {
|
||||
o.Context.Respond(rw, r, route.Produces, route, err)
|
||||
return
|
||||
}
|
||||
if aCtx != nil {
|
||||
*r = *aCtx
|
||||
}
|
||||
var principal *rest_model_zrok.Principal
|
||||
if uprinc != nil {
|
||||
principal = uprinc.(*rest_model_zrok.Principal) // this is really a rest_model_zrok.Principal, I promise
|
||||
}
|
||||
|
||||
if err := o.Context.BindValidRequest(r, route, &Params); err != nil { // bind params
|
||||
o.Context.Respond(rw, r, route.Produces, route, err)
|
||||
return
|
||||
}
|
||||
|
||||
res := o.Handler.Handle(Params) // actually handle the request
|
||||
res := o.Handler.Handle(Params, principal) // actually handle the request
|
||||
o.Context.Respond(rw, r, route.Produces, route, res)
|
||||
|
||||
}
|
||||
|
@ -6,15 +6,10 @@ package identity
|
||||
// Editing this file might prove futile when you re-run the swagger generate command
|
||||
|
||||
import (
|
||||
"context"
|
||||
"net/http"
|
||||
|
||||
"github.com/go-openapi/errors"
|
||||
"github.com/go-openapi/runtime"
|
||||
"github.com/go-openapi/runtime/middleware"
|
||||
"github.com/go-openapi/validate"
|
||||
|
||||
"github.com/openziti-test-kitchen/zrok/rest_model_zrok"
|
||||
)
|
||||
|
||||
// NewEnableParams creates a new EnableParams object
|
||||
@ -33,11 +28,6 @@ type EnableParams struct {
|
||||
|
||||
// HTTP Request Object
|
||||
HTTPRequest *http.Request `json:"-"`
|
||||
|
||||
/*
|
||||
In: body
|
||||
*/
|
||||
Body *rest_model_zrok.EnableRequest
|
||||
}
|
||||
|
||||
// BindRequest both binds and validates a request, it assumes that complex things implement a Validatable(strfmt.Registry) error interface
|
||||
@ -49,27 +39,6 @@ func (o *EnableParams) BindRequest(r *http.Request, route *middleware.MatchedRou
|
||||
|
||||
o.HTTPRequest = r
|
||||
|
||||
if runtime.HasBody(r) {
|
||||
defer r.Body.Close()
|
||||
var body rest_model_zrok.EnableRequest
|
||||
if err := route.Consumer.Consume(r.Body, &body); err != nil {
|
||||
res = append(res, errors.NewParseError("body", "body", "", err))
|
||||
} else {
|
||||
// validate body object
|
||||
if err := body.Validate(route.Formats); err != nil {
|
||||
res = append(res, err)
|
||||
}
|
||||
|
||||
ctx := validate.WithOperationRequest(context.Background())
|
||||
if err := body.ContextValidate(ctx, route.Formats); err != nil {
|
||||
res = append(res, err)
|
||||
}
|
||||
|
||||
if len(res) == 0 {
|
||||
o.Body = &body
|
||||
}
|
||||
}
|
||||
}
|
||||
if len(res) > 0 {
|
||||
return errors.CompositeValidationError(res...)
|
||||
}
|
||||
|
@ -25,7 +25,7 @@ type VersionOK struct {
|
||||
/*
|
||||
In: Body
|
||||
*/
|
||||
Payload *rest_model_zrok.Version `json:"body,omitempty"`
|
||||
Payload rest_model_zrok.Version `json:"body,omitempty"`
|
||||
}
|
||||
|
||||
// NewVersionOK creates VersionOK with default headers values
|
||||
@ -35,13 +35,13 @@ func NewVersionOK() *VersionOK {
|
||||
}
|
||||
|
||||
// WithPayload adds the payload to the version o k response
|
||||
func (o *VersionOK) WithPayload(payload *rest_model_zrok.Version) *VersionOK {
|
||||
func (o *VersionOK) WithPayload(payload rest_model_zrok.Version) *VersionOK {
|
||||
o.Payload = payload
|
||||
return o
|
||||
}
|
||||
|
||||
// SetPayload sets the payload to the version o k response
|
||||
func (o *VersionOK) SetPayload(payload *rest_model_zrok.Version) {
|
||||
func (o *VersionOK) SetPayload(payload rest_model_zrok.Version) {
|
||||
o.Payload = payload
|
||||
}
|
||||
|
||||
@ -49,10 +49,8 @@ func (o *VersionOK) SetPayload(payload *rest_model_zrok.Version) {
|
||||
func (o *VersionOK) WriteResponse(rw http.ResponseWriter, producer runtime.Producer) {
|
||||
|
||||
rw.WriteHeader(200)
|
||||
if o.Payload != nil {
|
||||
payload := o.Payload
|
||||
if err := producer.Produce(rw, payload); err != nil {
|
||||
panic(err) // let the recovery middleware deal with this
|
||||
}
|
||||
}
|
||||
}
|
||||
|
@ -19,6 +19,7 @@ import (
|
||||
"github.com/go-openapi/strfmt"
|
||||
"github.com/go-openapi/swag"
|
||||
|
||||
"github.com/openziti-test-kitchen/zrok/rest_model_zrok"
|
||||
"github.com/openziti-test-kitchen/zrok/rest_server_zrok/operations/identity"
|
||||
"github.com/openziti-test-kitchen/zrok/rest_server_zrok/operations/metadata"
|
||||
"github.com/openziti-test-kitchen/zrok/rest_server_zrok/operations/tunnel"
|
||||
@ -49,7 +50,7 @@ func NewZrokAPI(spec *loads.Document) *ZrokAPI {
|
||||
IdentityCreateAccountHandler: identity.CreateAccountHandlerFunc(func(params identity.CreateAccountParams) middleware.Responder {
|
||||
return middleware.NotImplemented("operation identity.CreateAccount has not yet been implemented")
|
||||
}),
|
||||
IdentityEnableHandler: identity.EnableHandlerFunc(func(params identity.EnableParams) middleware.Responder {
|
||||
IdentityEnableHandler: identity.EnableHandlerFunc(func(params identity.EnableParams, principal *rest_model_zrok.Principal) middleware.Responder {
|
||||
return middleware.NotImplemented("operation identity.Enable has not yet been implemented")
|
||||
}),
|
||||
TunnelTunnelHandler: tunnel.TunnelHandlerFunc(func(params tunnel.TunnelParams) middleware.Responder {
|
||||
@ -61,6 +62,13 @@ func NewZrokAPI(spec *loads.Document) *ZrokAPI {
|
||||
MetadataVersionHandler: metadata.VersionHandlerFunc(func(params metadata.VersionParams) middleware.Responder {
|
||||
return middleware.NotImplemented("operation metadata.Version has not yet been implemented")
|
||||
}),
|
||||
|
||||
// Applies when the "x-token" header is set
|
||||
KeyAuth: func(token string) (*rest_model_zrok.Principal, error) {
|
||||
return nil, errors.NotImplemented("api key auth (key) x-token from header param [x-token] has not yet been implemented")
|
||||
},
|
||||
// default authorizer is authorized meaning no requests are blocked
|
||||
APIAuthorizer: security.Authorized(),
|
||||
}
|
||||
}
|
||||
|
||||
@ -97,6 +105,13 @@ type ZrokAPI struct {
|
||||
// - application/zrok.v1+json
|
||||
JSONProducer runtime.Producer
|
||||
|
||||
// KeyAuth registers a function that takes a token and returns a principal
|
||||
// it performs authentication based on an api key x-token provided in the header
|
||||
KeyAuth func(string) (*rest_model_zrok.Principal, error)
|
||||
|
||||
// APIAuthorizer provides access control (ACL/RBAC/ABAC) by providing access to the request and authenticated principal
|
||||
APIAuthorizer runtime.Authorizer
|
||||
|
||||
// IdentityCreateAccountHandler sets the operation handler for the create account operation
|
||||
IdentityCreateAccountHandler identity.CreateAccountHandler
|
||||
// IdentityEnableHandler sets the operation handler for the enable operation
|
||||
@ -184,6 +199,10 @@ func (o *ZrokAPI) Validate() error {
|
||||
unregistered = append(unregistered, "JSONProducer")
|
||||
}
|
||||
|
||||
if o.KeyAuth == nil {
|
||||
unregistered = append(unregistered, "XTokenAuth")
|
||||
}
|
||||
|
||||
if o.IdentityCreateAccountHandler == nil {
|
||||
unregistered = append(unregistered, "identity.CreateAccountHandler")
|
||||
}
|
||||
@ -214,12 +233,23 @@ func (o *ZrokAPI) ServeErrorFor(operationID string) func(http.ResponseWriter, *h
|
||||
|
||||
// AuthenticatorsFor gets the authenticators for the specified security schemes
|
||||
func (o *ZrokAPI) AuthenticatorsFor(schemes map[string]spec.SecurityScheme) map[string]runtime.Authenticator {
|
||||
return nil
|
||||
result := make(map[string]runtime.Authenticator)
|
||||
for name := range schemes {
|
||||
switch name {
|
||||
case "key":
|
||||
scheme := schemes[name]
|
||||
result[name] = o.APIKeyAuthenticator(scheme.Name, scheme.In, func(token string) (interface{}, error) {
|
||||
return o.KeyAuth(token)
|
||||
})
|
||||
|
||||
}
|
||||
}
|
||||
return result
|
||||
}
|
||||
|
||||
// Authorizer returns the registered authorizer
|
||||
func (o *ZrokAPI) Authorizer() runtime.Authorizer {
|
||||
return nil
|
||||
return o.APIAuthorizer
|
||||
}
|
||||
|
||||
// ConsumersFor gets the consumers for the specified media types.
|
||||
|
@ -3,6 +3,12 @@ info:
|
||||
title: zrok
|
||||
version: 1.0.0
|
||||
|
||||
securityDefinitions:
|
||||
key:
|
||||
type: apiKey
|
||||
in: header
|
||||
name: x-token
|
||||
|
||||
paths:
|
||||
/account:
|
||||
post:
|
||||
@ -31,12 +37,9 @@ paths:
|
||||
post:
|
||||
tags:
|
||||
- identity
|
||||
security:
|
||||
- key: []
|
||||
operationId: enable
|
||||
parameters:
|
||||
- name: body
|
||||
in: body
|
||||
schema:
|
||||
$ref: "#/definitions/enableRequest"
|
||||
responses:
|
||||
201:
|
||||
description: environment enabled
|
||||
@ -96,11 +99,6 @@ paths:
|
||||
$ref: "#/definitions/version"
|
||||
|
||||
definitions:
|
||||
version:
|
||||
type: object
|
||||
properties:
|
||||
version:
|
||||
type: string
|
||||
accountRequest:
|
||||
type: object
|
||||
properties:
|
||||
@ -113,11 +111,6 @@ definitions:
|
||||
properties:
|
||||
token:
|
||||
type: string
|
||||
enableRequest:
|
||||
type: object
|
||||
properties:
|
||||
token:
|
||||
type: string
|
||||
enableResponse:
|
||||
type: object
|
||||
properties:
|
||||
@ -127,6 +120,8 @@ definitions:
|
||||
type: string
|
||||
errorMessage:
|
||||
type: string
|
||||
principal:
|
||||
type: string
|
||||
tunnelRequest:
|
||||
type: object
|
||||
properties:
|
||||
@ -144,6 +139,8 @@ definitions:
|
||||
properties:
|
||||
service:
|
||||
type: string
|
||||
version:
|
||||
type: string
|
||||
|
||||
produces:
|
||||
- application/zrok.v1+json
|
||||
|
Loading…
Reference in New Issue
Block a user