extern/zrok
1
1
Fork 0
mirror of https://github.com/openziti/zrok.git synced 2024-12-22 14:50:55 +01:00
Code Issues Packages Projects Releases Wiki Activity

authenticate remaining api endpoints (#11)

Browse Source
This commit is contained in:
Michael Quigley 2022-07-28 14:32:49 -04:00
parent e6e487c07e
commit e3f4eb33fe
No known key found for this signature in database
GPG Key ID: 9B60314A9DD20A62
9 changed files with 87 additions and 22 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
cmd/zrok/http.go
View File

@ -1,6 +1,8 @@
package main package main
import ( import (
"github.com/go-openapi/runtime"
httptransport "github.com/go-openapi/runtime/client"
"github.com/openziti-test-kitchen/zrok/http" "github.com/openziti-test-kitchen/zrok/http"
"github.com/openziti-test-kitchen/zrok/rest_client_zrok" "github.com/openziti-test-kitchen/zrok/rest_client_zrok"
"github.com/openziti-test-kitchen/zrok/rest_client_zrok/tunnel" "github.com/openziti-test-kitchen/zrok/rest_client_zrok/tunnel"
@ -33,14 +35,19 @@ func handleHttp(_ *cobra.Command, args []string) {
if err != nil { if err != nil {
panic(err) panic(err)
} }
token, err := zrokdir.ReadToken()
if err != nil {
panic(err)
}
zrok := newZrokClient() zrok := newZrokClient()
auth := httptransport.APIKeyAuth("X-TOKEN", "header", token)
req := tunnel.NewTunnelParams() req := tunnel.NewTunnelParams()
req.Body = &rest_model_zrok.TunnelRequest{ req.Body = &rest_model_zrok.TunnelRequest{
Endpoint: cfg.EndpointAddress, Endpoint: cfg.EndpointAddress,
Identity: id, Identity: id,
} }
resp, err := zrok.Tunnel.Tunnel(req) resp, err := zrok.Tunnel.Tunnel(req, auth)
if err != nil { if err != nil {
panic(err) panic(err)
} }
@ -50,7 +57,7 @@ func handleHttp(_ *cobra.Command, args []string) {
signal.Notify(c, os.Interrupt, syscall.SIGTERM) signal.Notify(c, os.Interrupt, syscall.SIGTERM)
go func() { go func() {
<-c <-c
cleanupHttp(cfg, zrok) cleanupHttp(cfg, zrok, auth)
os.Exit(1) os.Exit(1)
}() }()
@ -59,13 +66,13 @@ func handleHttp(_ *cobra.Command, args []string) {
} }
} }
func cleanupHttp(cfg *http.Config, zrok *rest_client_zrok.Zrok) { func cleanupHttp(cfg *http.Config, zrok *rest_client_zrok.Zrok, auth runtime.ClientAuthInfoWriter) {
logrus.Infof("shutting down '%v'", cfg.Service) logrus.Infof("shutting down '%v'", cfg.Service)
req := tunnel.NewUntunnelParams() req := tunnel.NewUntunnelParams()
req.Body = &rest_model_zrok.UntunnelRequest{ req.Body = &rest_model_zrok.UntunnelRequest{
Service: cfg.Service, Service: cfg.Service,
} }
if _, err := zrok.Tunnel.Untunnel(req); err == nil { if _, err := zrok.Tunnel.Untunnel(req, auth); err == nil {
logrus.Infof("shutdown complete") logrus.Infof("shutdown complete")
} else { } else {
logrus.Errorf("error shutting down: %v", err) logrus.Errorf("error shutting down: %v", err)

3
controller/tunnel.go
View File

@ -16,7 +16,8 @@ import (
"time" "time"
) )
func tunnelHandler(params tunnel.TunnelParams) middleware.Responder { func tunnelHandler(params tunnel.TunnelParams, principal *rest_model_zrok.Principal) middleware.Responder {
logrus.Infof("tunneling for '%v' (%v)", principal.Username, principal.Token)
edge, err := edgeClient() edge, err := edgeClient()
if err != nil { if err != nil {
logrus.Error(err) logrus.Error(err)

3
controller/untunnel.go
View File

@ -15,7 +15,8 @@ import (
"time" "time"
) )
func untunnelHandler(params tunnel.UntunnelParams) middleware.Responder { func untunnelHandler(params tunnel.UntunnelParams, principal *rest_model_zrok.Principal) middleware.Responder {
logrus.Infof("untunneling for '%v' (%v)", principal.Username, principal.Token)
edge, err := edgeClient() edge, err := edgeClient()
if err != nil { if err != nil {
logrus.Error(err) logrus.Error(err)

10
rest_client_zrok/tunnel/tunnel_client.go
View File

@ -30,9 +30,9 @@ type ClientOption func(*runtime.ClientOperation)
// ClientService is the interface for Client methods // ClientService is the interface for Client methods
type ClientService interface { type ClientService interface {
Tunnel(params *TunnelParams, opts ...ClientOption) (*TunnelCreated, error) Tunnel(params *TunnelParams, authInfo runtime.ClientAuthInfoWriter, opts ...ClientOption) (*TunnelCreated, error)
Untunnel(params *UntunnelParams, opts ...ClientOption) (*UntunnelOK, error) Untunnel(params *UntunnelParams, authInfo runtime.ClientAuthInfoWriter, opts ...ClientOption) (*UntunnelOK, error)
SetTransport(transport runtime.ClientTransport) SetTransport(transport runtime.ClientTransport)
} }
@ -40,7 +40,7 @@ type ClientService interface {
/* /*
Tunnel tunnel API Tunnel tunnel API
*/ */
func (a *Client) Tunnel(params *TunnelParams, opts ...ClientOption) (*TunnelCreated, error) { func (a *Client) Tunnel(params *TunnelParams, authInfo runtime.ClientAuthInfoWriter, opts ...ClientOption) (*TunnelCreated, error) {
// TODO: Validate the params before sending // TODO: Validate the params before sending
if params == nil { if params == nil {
params = NewTunnelParams() params = NewTunnelParams()
@ -54,6 +54,7 @@ func (a *Client) Tunnel(params *TunnelParams, opts ...ClientOption) (*TunnelCrea
Schemes: []string{"http"}, Schemes: []string{"http"},
Params: params, Params: params,
Reader: &TunnelReader{formats: a.formats}, Reader: &TunnelReader{formats: a.formats},
AuthInfo: authInfo,
Context: params.Context, Context: params.Context,
Client: params.HTTPClient, Client: params.HTTPClient,
} }
@ -78,7 +79,7 @@ func (a *Client) Tunnel(params *TunnelParams, opts ...ClientOption) (*TunnelCrea
/* /*
Untunnel untunnel API Untunnel untunnel API
*/ */
func (a *Client) Untunnel(params *UntunnelParams, opts ...ClientOption) (*UntunnelOK, error) { func (a *Client) Untunnel(params *UntunnelParams, authInfo runtime.ClientAuthInfoWriter, opts ...ClientOption) (*UntunnelOK, error) {
// TODO: Validate the params before sending // TODO: Validate the params before sending
if params == nil { if params == nil {
params = NewUntunnelParams() params = NewUntunnelParams()
@ -92,6 +93,7 @@ func (a *Client) Untunnel(params *UntunnelParams, opts ...ClientOption) (*Untunn
Schemes: []string{"http"}, Schemes: []string{"http"},
Params: params, Params: params,
Reader: &UntunnelReader{formats: a.formats}, Reader: &UntunnelReader{formats: a.formats},
AuthInfo: authInfo,
Context: params.Context, Context: params.Context,
Client: params.HTTPClient, Client: params.HTTPClient,
} }

20
rest_server_zrok/embedded_spec.go
View File

@ -106,6 +106,11 @@ func init() {
}, },
"/tunnel": { "/tunnel": {
"post": { "post": {
"security": [
{
"key": []
}
],
"tags": [ "tags": [
"tunnel" "tunnel"
], ],
@ -137,6 +142,11 @@ func init() {
}, },
"/untunnel": { "/untunnel": {
"delete": { "delete": {
"security": [
{
"key": []
}
],
"tags": [ "tags": [
"tunnel" "tunnel"
], ],
@ -356,6 +366,11 @@ func init() {
}, },
"/tunnel": { "/tunnel": {
"post": { "post": {
"security": [
{
"key": []
}
],
"tags": [ "tags": [
"tunnel" "tunnel"
], ],
@ -387,6 +402,11 @@ func init() {
}, },
"/untunnel": { "/untunnel": {
"delete": { "delete": {
"security": [
{
"key": []
}
],
"tags": [ "tags": [
"tunnel" "tunnel"
], ],

25
rest_server_zrok/operations/tunnel/tunnel.go
View File

@ -9,19 +9,21 @@ import (
"net/http" "net/http"
"github.com/go-openapi/runtime/middleware" "github.com/go-openapi/runtime/middleware"
"github.com/openziti-test-kitchen/zrok/rest_model_zrok"
) )
// TunnelHandlerFunc turns a function with the right signature into a tunnel handler // TunnelHandlerFunc turns a function with the right signature into a tunnel handler
type TunnelHandlerFunc func(TunnelParams) middleware.Responder type TunnelHandlerFunc func(TunnelParams, *rest_model_zrok.Principal) middleware.Responder
// Handle executing the request and returning a response // Handle executing the request and returning a response
func (fn TunnelHandlerFunc) Handle(params TunnelParams) middleware.Responder { func (fn TunnelHandlerFunc) Handle(params TunnelParams, principal *rest_model_zrok.Principal) middleware.Responder {
return fn(params) return fn(params, principal)
} }
// TunnelHandler interface for that can handle valid tunnel params // TunnelHandler interface for that can handle valid tunnel params
type TunnelHandler interface { type TunnelHandler interface {
Handle(TunnelParams) middleware.Responder Handle(TunnelParams, *rest_model_zrok.Principal) middleware.Responder
} }
// NewTunnel creates a new http.Handler for the tunnel operation // NewTunnel creates a new http.Handler for the tunnel operation
@ -45,12 +47,25 @@ func (o *Tunnel) ServeHTTP(rw http.ResponseWriter, r *http.Request) {
*r = *rCtx *r = *rCtx
} }
var Params = NewTunnelParams() var Params = NewTunnelParams()
uprinc, aCtx, err := o.Context.Authorize(r, route)
if err != nil {
o.Context.Respond(rw, r, route.Produces, route, err)
return
}
if aCtx != nil {
*r = *aCtx
}
var principal *rest_model_zrok.Principal
if uprinc != nil {
principal = uprinc.(*rest_model_zrok.Principal) // this is really a rest_model_zrok.Principal, I promise
}
if err := o.Context.BindValidRequest(r, route, &Params); err != nil { // bind params if err := o.Context.BindValidRequest(r, route, &Params); err != nil { // bind params
o.Context.Respond(rw, r, route.Produces, route, err) o.Context.Respond(rw, r, route.Produces, route, err)
return return
} }
res := o.Handler.Handle(Params) // actually handle the request res := o.Handler.Handle(Params, principal) // actually handle the request
o.Context.Respond(rw, r, route.Produces, route, res) o.Context.Respond(rw, r, route.Produces, route, res)
} }

25
rest_server_zrok/operations/tunnel/untunnel.go
View File

@ -9,19 +9,21 @@ import (
"net/http" "net/http"
"github.com/go-openapi/runtime/middleware" "github.com/go-openapi/runtime/middleware"
"github.com/openziti-test-kitchen/zrok/rest_model_zrok"
) )
// UntunnelHandlerFunc turns a function with the right signature into a untunnel handler // UntunnelHandlerFunc turns a function with the right signature into a untunnel handler
type UntunnelHandlerFunc func(UntunnelParams) middleware.Responder type UntunnelHandlerFunc func(UntunnelParams, *rest_model_zrok.Principal) middleware.Responder
// Handle executing the request and returning a response // Handle executing the request and returning a response
func (fn UntunnelHandlerFunc) Handle(params UntunnelParams) middleware.Responder { func (fn UntunnelHandlerFunc) Handle(params UntunnelParams, principal *rest_model_zrok.Principal) middleware.Responder {
return fn(params) return fn(params, principal)
} }
// UntunnelHandler interface for that can handle valid untunnel params // UntunnelHandler interface for that can handle valid untunnel params
type UntunnelHandler interface { type UntunnelHandler interface {
Handle(UntunnelParams) middleware.Responder Handle(UntunnelParams, *rest_model_zrok.Principal) middleware.Responder
} }
// NewUntunnel creates a new http.Handler for the untunnel operation // NewUntunnel creates a new http.Handler for the untunnel operation
@ -45,12 +47,25 @@ func (o *Untunnel) ServeHTTP(rw http.ResponseWriter, r *http.Request) {
*r = *rCtx *r = *rCtx
} }
var Params = NewUntunnelParams() var Params = NewUntunnelParams()
uprinc, aCtx, err := o.Context.Authorize(r, route)
if err != nil {
o.Context.Respond(rw, r, route.Produces, route, err)
return
}
if aCtx != nil {
*r = *aCtx
}
var principal *rest_model_zrok.Principal
if uprinc != nil {
principal = uprinc.(*rest_model_zrok.Principal) // this is really a rest_model_zrok.Principal, I promise
}
if err := o.Context.BindValidRequest(r, route, &Params); err != nil { // bind params if err := o.Context.BindValidRequest(r, route, &Params); err != nil { // bind params
o.Context.Respond(rw, r, route.Produces, route, err) o.Context.Respond(rw, r, route.Produces, route, err)
return return
} }
res := o.Handler.Handle(Params) // actually handle the request res := o.Handler.Handle(Params, principal) // actually handle the request
o.Context.Respond(rw, r, route.Produces, route, res) o.Context.Respond(rw, r, route.Produces, route, res)
} }

4
rest_server_zrok/operations/zrok_api.go
View File

@ -53,10 +53,10 @@ func NewZrokAPI(spec *loads.Document) *ZrokAPI {
IdentityEnableHandler: identity.EnableHandlerFunc(func(params identity.EnableParams, principal *rest_model_zrok.Principal) middleware.Responder { IdentityEnableHandler: identity.EnableHandlerFunc(func(params identity.EnableParams, principal *rest_model_zrok.Principal) middleware.Responder {
return middleware.NotImplemented("operation identity.Enable has not yet been implemented") return middleware.NotImplemented("operation identity.Enable has not yet been implemented")
}), }),
TunnelTunnelHandler: tunnel.TunnelHandlerFunc(func(params tunnel.TunnelParams) middleware.Responder { TunnelTunnelHandler: tunnel.TunnelHandlerFunc(func(params tunnel.TunnelParams, principal *rest_model_zrok.Principal) middleware.Responder {
return middleware.NotImplemented("operation tunnel.Tunnel has not yet been implemented") return middleware.NotImplemented("operation tunnel.Tunnel has not yet been implemented")
}), }),
TunnelUntunnelHandler: tunnel.UntunnelHandlerFunc(func(params tunnel.UntunnelParams) middleware.Responder { TunnelUntunnelHandler: tunnel.UntunnelHandlerFunc(func(params tunnel.UntunnelParams, principal *rest_model_zrok.Principal) middleware.Responder {
return middleware.NotImplemented("operation tunnel.Untunnel has not yet been implemented") return middleware.NotImplemented("operation tunnel.Untunnel has not yet been implemented")
}), }),
MetadataVersionHandler: metadata.VersionHandlerFunc(func(params metadata.VersionParams) middleware.Responder { MetadataVersionHandler: metadata.VersionHandlerFunc(func(params metadata.VersionParams) middleware.Responder {

4
specs/zrok.yml
View File

@ -57,6 +57,8 @@ paths:
post: post:
tags: tags:
- tunnel - tunnel
security:
- key: []
operationId: tunnel operationId: tunnel
parameters: parameters:
- name: body - name: body
@ -76,6 +78,8 @@ paths:
delete: delete:
tags: tags:
- tunnel - tunnel
security:
- key: []
operationId: untunnel operationId: untunnel
parameters: parameters:
- name: body - name: body