add admin support to rest_model_zrok.Principal; authenticator (#116)

2024-11-25 09:33:43 +01:00 · 2022-12-01 14:48:23 -05:00 · 2022-12-01 14:48:23 -05:00 · 8610cf944a
commit 8610cf944a
parent b4f85e711f
7 changed files with 44 additions and 4 deletions
--- a/controller/config.go
+++ b/controller/config.go
@ -10,6 +10,7 @@ const ConfigVersion = 1
 type Config struct {
 	V            int
 	Admin        *AdminConfig
 	Endpoint     *EndpointConfig
 	Proxy        *ProxyConfig
 	Email        *EmailConfig
@ -20,6 +21,10 @@ type Config struct {
 	Influx       *InfluxConfig
 }
 type AdminConfig struct {
 	Secrets []string `cf:"+secret"`
 }
 type EndpointConfig struct {
 	Host string
 	Port int
--- a/controller/controller.go
+++ b/controller/controller.go
@ -26,7 +26,7 @@ func Run(inCfg *Config) error {
 	}
 	api := operations.NewZrokAPI(swaggerSpec)
-	api.KeyAuth = ZrokAuthenticate
+	api.KeyAuth = newZrokAuthenticator(cfg).authenticate
 	api.AccountInviteHandler = newInviteHandler()
 	api.AccountLoginHandler = account.LoginHandlerFunc(loginHandler)
 	api.AccountRegisterHandler = newRegisterHandler()
--- a/controller/util.go
+++ b/controller/util.go
@ -13,20 +13,43 @@ import (
 	"strings"
 )
-func ZrokAuthenticate(token string) (*rest_model_zrok.Principal, error) {
+type zrokAuthenticator struct {
 	cfg *Config
 }
 func newZrokAuthenticator(cfg *Config) *zrokAuthenticator {
 	return &zrokAuthenticator{cfg}
 }
 func (za *zrokAuthenticator) authenticate(token string) (*rest_model_zrok.Principal, error) {
 	tx, err := str.Begin()
 	if err != nil {
 		return nil, err
 	}
 	defer func() { _ = tx.Rollback() }()
 	if a, err := str.FindAccountWithToken(token, tx); err == nil {
-		principal := rest_model_zrok.Principal{
+		principal := &rest_model_zrok.Principal{
 			ID:    int64(a.Id),
 			Token: a.Token,
 			Email: a.Email,
 		}
-		return &principal, nil
+		return principal, nil
 	} else {
 		// check for admin secret
 		if cfg.Admin != nil {
 			for _, secret := range cfg.Admin.Secrets {
 				if token == secret {
 					principal := &rest_model_zrok.Principal{
 						ID:    int64(-1),
 						Admin: true,
 					}
 					return principal, nil
 				}
 			}
 		}
 		// no match
 		return nil, errors2.New(401, "invalid api key")
 	}
 }
--- a/rest_model_zrok/principal.go
+++ b/rest_model_zrok/principal.go
@ -17,6 +17,9 @@ import (
 // swagger:model principal
 type Principal struct {
 	// admin
 	Admin bool `json:"admin,omitempty"`
 	// email
 	Email string `json:"email,omitempty"`
--- a/rest_server_zrok/embedded_spec.go
+++ b/rest_server_zrok/embedded_spec.go
@ -599,6 +599,9 @@ func init() {
    "principal": {
      "type": "object",
      "properties": {
        "admin": {
          "type": "boolean"
        },
        "email": {
          "type": "string"
        },
@ -1383,6 +1386,9 @@ func init() {
    "principal": {
      "type": "object",
      "properties": {
        "admin": {
          "type": "boolean"
        },
        "email": {
          "type": "string"
        },
--- a/specs/zrok.yml
+++ b/specs/zrok.yml
@ -399,6 +399,8 @@ definitions:
        type: string
      token:
        type: string
      admin:
        type: boolean
  registerRequest:
    type: object
--- a/ui/src/api/types.js
+++ b/ui/src/api/types.js
@ -90,6 +90,7 @@
 * @property {number} id 
 * @property {string} email 
 * @property {string} token 
 * @property {boolean} admin 
 */
 /**