[FEATURE] Cairo Auth Integration
This commit is contained in:
parent
184f1fa631
commit
cdea22c08a
16 changed files with 89 additions and 45 deletions
|
|
@ -6,11 +6,14 @@ import {
|
|||
uploadServerItem,
|
||||
} from "../k8s/server-files.js";
|
||||
import { sendError } from "../util/ExpressClientError.js";
|
||||
import { checkAuthorization } from "../database/queries/server-queries.js";
|
||||
|
||||
export async function listFiles(req, res) {
|
||||
const serverSpec = req.body;
|
||||
if (!serverSpec) return res.sendStatus(400);
|
||||
if (!serverSpec.id) return res.status(400).send("Server id missing!");
|
||||
const authorized = await checkAuthorization(serverSpec.id, req.cairoId);
|
||||
if (!authorized) return res.sendStatus(403);
|
||||
listServerFiles(serverSpec)
|
||||
.then((f) => {
|
||||
const fileData = f.map((fi, i) => ({
|
||||
|
|
@ -31,6 +34,8 @@ export async function createFolder(req, res) {
|
|||
if (!serverSpec) return res.sendStatus(400);
|
||||
if (!serverSpec.id) return res.status(400).send("Server id missing!");
|
||||
if (!serverSpec.path) return res.status(400).send("Path required!");
|
||||
const authorized = await checkAuthorization(serverSpec.id, req.cairoId);
|
||||
if (!authorized) return res.sendStatus(403);
|
||||
createServerFolder(serverSpec)
|
||||
.then(() => res.sendStatus(200))
|
||||
.catch(sendError(res));
|
||||
|
|
@ -43,6 +48,8 @@ export async function deleteItem(req, res) {
|
|||
if (!serverSpec.path) return res.status(400).send("Path required!");
|
||||
if (serverSpec.isDir === undefined || serverSpec.isDir === null)
|
||||
return res.status(400).send("IsDIr required!");
|
||||
const authorized = await checkAuthorization(serverSpec.id, req.cairoId);
|
||||
if (!authorized) return res.sendStatus(403);
|
||||
removeServerItem(serverSpec)
|
||||
.then(() => res.sendStatus(200))
|
||||
.catch(sendError(res));
|
||||
|
|
@ -52,6 +59,8 @@ export async function uploadItem(req, res) {
|
|||
const serverSpec = req.body;
|
||||
if (!serverSpec.id) return res.status(400).send("Server id missing!");
|
||||
if (!serverSpec.path) return res.status(400).send("Path required!");
|
||||
const authorized = await checkAuthorization(serverSpec.id, req.cairoId);
|
||||
if (!authorized) return res.sendStatus(403);
|
||||
uploadServerItem(serverSpec, req.file)
|
||||
.then(() => res.sendStatus(200))
|
||||
.catch(sendError(res));
|
||||
|
|
@ -61,6 +70,8 @@ export async function getItem(req, res) {
|
|||
const serverSpec = req.body;
|
||||
if (!serverSpec.id) return res.status(400).send("Server id missing!");
|
||||
if (!serverSpec.path) return res.status(400).send("Path required!");
|
||||
const authorized = await checkAuthorization(serverSpec.id, req.cairoId);
|
||||
if (!authorized) return res.sendStatus(403);
|
||||
getServerItem(serverSpec, res)
|
||||
.then(({ ds, ftpTransfer }) => {
|
||||
ds.pipe(res).on("error", sendError(res));
|
||||
|
|
|
|||
|
|
@ -8,6 +8,7 @@ import {
|
|||
} from "../database/queries/server-queries.js";
|
||||
import ExpressClientError, { sendError } from "../util/ExpressClientError.js";
|
||||
import { toggleServer } from "../k8s/k8s-server-control.js";
|
||||
import { checkAuthorization } from "../database/queries/server-queries.js";
|
||||
|
||||
const dnsRegex = new RegExp(
|
||||
`^([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]{0,61}[a-zA-Z0-9])(\.([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]{0,61}[a-zA-Z0-9]))*$`,
|
||||
|
|
@ -71,10 +72,13 @@ function payloadFilter(req, res) {
|
|||
return "filtered";
|
||||
}
|
||||
|
||||
function checkServerId(serverSpec) {
|
||||
async function checkServerId(cairoId, serverSpec) {
|
||||
if (!serverSpec) throw new ExpressClientError({ c: 400 });
|
||||
if (!serverSpec.id)
|
||||
throw new ExpressClientError({ c: 400, m: "Server id missing!" });
|
||||
const authorized = await checkAuthorization(serverSpec.id, cairoId);
|
||||
if (!authorized)
|
||||
throw new ExpressClientError({ c: 403, m: "Access forbidden!" });
|
||||
}
|
||||
|
||||
export async function createServer(req, res) {
|
||||
|
|
@ -82,7 +86,7 @@ export async function createServer(req, res) {
|
|||
if (backupPayloadFilter(req, res) !== "filtered") return;
|
||||
const serverSpec = req.body;
|
||||
try {
|
||||
const serverEntry = await createServerEntry(serverSpec);
|
||||
const serverEntry = await createServerEntry(req.cairoId, serverSpec);
|
||||
await createServerResources(serverEntry);
|
||||
res.json(serverEntry);
|
||||
} catch (e) {
|
||||
|
|
@ -94,7 +98,7 @@ export async function deleteServer(req, res) {
|
|||
// Ensure spec is safe
|
||||
const serverSpec = req.body;
|
||||
try {
|
||||
checkServerId(serverSpec);
|
||||
await checkServerId(req.cairoId, serverSpec);
|
||||
} catch (e) {
|
||||
return sendError(res)(e);
|
||||
}
|
||||
|
|
@ -109,7 +113,7 @@ export async function startServer(req, res) {
|
|||
// Ensure spec is safe
|
||||
const serverSpec = req.body;
|
||||
try {
|
||||
checkServerId(serverSpec);
|
||||
await checkServerId(req.cairoId, serverSpec);
|
||||
} catch (e) {
|
||||
return sendError(res)(e);
|
||||
}
|
||||
|
|
@ -123,7 +127,7 @@ export async function stopServer(req, res) {
|
|||
// Ensure spec is safe
|
||||
const serverSpec = req.body;
|
||||
try {
|
||||
checkServerId(serverSpec);
|
||||
await checkServerId(req.cairoId, serverSpec);
|
||||
} catch (e) {
|
||||
return sendError(res)(e);
|
||||
}
|
||||
|
|
@ -137,7 +141,7 @@ export async function getServer(req, res) {
|
|||
// Ensure spec is safe
|
||||
const serverSpec = req.body;
|
||||
try {
|
||||
checkServerId(serverSpec);
|
||||
await checkServerId(req.cairoId, serverSpec);
|
||||
} catch (e) {
|
||||
return sendError(res)(e);
|
||||
}
|
||||
|
|
@ -155,7 +159,7 @@ export async function modifyServer(req, res) {
|
|||
if (payloadFilter(req, res) !== "filtered") return;
|
||||
const serverSpec = req.body;
|
||||
try {
|
||||
checkServerId(serverSpec);
|
||||
await checkServerId(req.cairoId, serverSpec);
|
||||
const serverEntry = await modifyServerEntry(serverSpec);
|
||||
// await createServerResources(serverEntry);
|
||||
res.sendStatus(200);
|
||||
|
|
|
|||
|
|
@ -1,9 +1,9 @@
|
|||
import { getDeployments } from "../k8s/k8s-server-control.js";
|
||||
import { getUserDeployments } from "../k8s/k8s-server-control.js";
|
||||
import { getInstances } from "../k8s/server-status.js";
|
||||
import { sendError } from "../util/ExpressClientError.js";
|
||||
|
||||
export function serverList(req, res) {
|
||||
getDeployments()
|
||||
getUserDeployments(req.cairoId)
|
||||
.then((sd) => res.json(sd.map((s) => s.metadata.name.substring(4))))
|
||||
.catch((e) => {
|
||||
ERR("STATUS CONTROLLER", e);
|
||||
|
|
@ -12,7 +12,7 @@ export function serverList(req, res) {
|
|||
}
|
||||
|
||||
export function serverInstances(req, res) {
|
||||
getInstances()
|
||||
getInstances(req.cairoId)
|
||||
.then((i) => res.json(i))
|
||||
.catch(sendError(res));
|
||||
}
|
||||
|
|
|
|||
|
|
@ -1,6 +1,7 @@
|
|||
CREATE SEQUENCE servers_id_seq;
|
||||
CREATE TABLE servers (
|
||||
id bigint NOT NULL DEFAULT nextval('servers_id_seq') PRIMARY KEY,
|
||||
owner_cairo_id bigint,
|
||||
host varchar(255) DEFAULT NULL,
|
||||
name varchar(255) DEFAULT NULL,
|
||||
version varchar(63) DEFAULT 'latest',
|
||||
|
|
|
|||
|
|
@ -2,7 +2,7 @@ import pg from "../postgres.js";
|
|||
import {
|
||||
deleteQuery,
|
||||
insertQuery,
|
||||
selectWhereQuery,
|
||||
selectWhereAllQuery,
|
||||
updateWhereAllQuery,
|
||||
} from "../pg-query.js";
|
||||
import ExpressClientError from "../../util/ExpressClientError.js";
|
||||
|
|
@ -12,9 +12,18 @@ const asExpressClientError = (e) => {
|
|||
throw new ExpressClientError({ m: e.message, c: 409 });
|
||||
};
|
||||
|
||||
const getMclName = (host, id) => `${host.replaceAll(".", "-")}-${id}`;
|
||||
const getMclName = (host, id) =>
|
||||
`${host.toLowerCase().replaceAll(".", "-")}-${id}`;
|
||||
|
||||
export async function createServerEntry(serverSpec) {
|
||||
export async function checkAuthorization(serverId, cairoId) {
|
||||
const q = selectWhereAllQuery(table, {
|
||||
id: serverId,
|
||||
owner_cairo_id: cairoId,
|
||||
});
|
||||
return (await pg.query(q)).length === 1;
|
||||
}
|
||||
|
||||
export async function createServerEntry(cairoId, serverSpec) {
|
||||
const {
|
||||
name,
|
||||
host,
|
||||
|
|
@ -33,6 +42,7 @@ export async function createServerEntry(serverSpec) {
|
|||
|
||||
var q = insertQuery(table, {
|
||||
name,
|
||||
owner_cairo_id: cairoId,
|
||||
host,
|
||||
version,
|
||||
server_type,
|
||||
|
|
@ -52,6 +62,7 @@ export async function createServerEntry(serverSpec) {
|
|||
const entries = await pg.query(q);
|
||||
const {
|
||||
id,
|
||||
owner_cairo_id: ownerCairoId,
|
||||
name,
|
||||
host,
|
||||
version,
|
||||
|
|
@ -72,6 +83,7 @@ export async function createServerEntry(serverSpec) {
|
|||
name,
|
||||
mclName,
|
||||
id,
|
||||
ownerCairoId,
|
||||
host,
|
||||
version,
|
||||
serverType,
|
||||
|
|
@ -99,7 +111,7 @@ export async function deleteServerEntry(serverId) {
|
|||
|
||||
export async function getServerEntry(serverId) {
|
||||
if (!serverId) asExpressClientError({ message: "Server ID Required!" });
|
||||
const q = selectWhereQuery(table, { id: serverId });
|
||||
const q = selectWhereAllQuery(table, { id: serverId });
|
||||
try {
|
||||
const serverSpecs = await pg.query(q);
|
||||
if (serverSpecs.length === 0) return [];
|
||||
|
|
@ -107,6 +119,7 @@ export async function getServerEntry(serverId) {
|
|||
throw Error("Multiple servers found with the same name!");
|
||||
const {
|
||||
id,
|
||||
owner_cairo_id: ownerCairoId,
|
||||
name,
|
||||
host,
|
||||
version,
|
||||
|
|
@ -127,6 +140,7 @@ export async function getServerEntry(serverId) {
|
|||
name,
|
||||
mclName,
|
||||
id,
|
||||
ownerCairoId,
|
||||
host,
|
||||
version,
|
||||
serverType,
|
||||
|
|
@ -149,6 +163,7 @@ export async function getServerEntry(serverId) {
|
|||
export async function modifyServerEntry(serverSpec) {
|
||||
const {
|
||||
id,
|
||||
// ownerCairoId: owner_cairo_id, // DIsabled! If these becomes a reqest, please create a new function!
|
||||
name,
|
||||
host,
|
||||
version,
|
||||
|
|
|
|||
|
|
@ -7,6 +7,7 @@ import {
|
|||
getCoreServerContainer,
|
||||
getBackupContainer,
|
||||
} from "./server-containers.js";
|
||||
import { checkAuthorization } from "../database/queries/server-queries.js";
|
||||
const kc = new k8s.KubeConfig();
|
||||
kc.loadFromDefault();
|
||||
|
||||
|
|
@ -25,6 +26,20 @@ const mineclusterManaged = (o) =>
|
|||
export const serverMatch = (serverId) => (o) =>
|
||||
o.metadata.annotations["minecluster.dunemask.net/id"] === serverId;
|
||||
|
||||
export const cairoMatch = (cairoId) => (o) =>
|
||||
checkAuthorization(
|
||||
o.metadata.annotations["minecluster.dunemask.net/id"],
|
||||
cairoId,
|
||||
);
|
||||
|
||||
export async function getUserDeployments(cairoId) {
|
||||
const authFIlter = cairoMatch(cairoId);
|
||||
const allDeployments = await getDeployments();
|
||||
const authChecks = allDeployments.map(authFIlter);
|
||||
const authorizations = await Promise.all(authChecks);
|
||||
return allDeployments.filter((_d, i) => authorizations[i]);
|
||||
}
|
||||
|
||||
export async function getDeployments() {
|
||||
const deploymentRes = await k8sDeps.listNamespacedDeployment(namespace);
|
||||
const serverDeployments = deploymentRes.body.items.filter(mineclusterManaged);
|
||||
|
|
|
|||
|
|
@ -1,5 +1,5 @@
|
|||
import k8s from "@kubernetes/client-node";
|
||||
import { getDeployments } from "./k8s-server-control.js";
|
||||
import { getUserDeployments } from "./k8s-server-control.js";
|
||||
import { getServerEntries } from "../database/queries/server-queries.js";
|
||||
const kc = new k8s.KubeConfig();
|
||||
kc.loadFromDefault();
|
||||
|
|
@ -42,9 +42,9 @@ function getServerStatus(server) {
|
|||
return { serverAvailable, ftpAvailable, services, deploymentAvailable };
|
||||
}
|
||||
|
||||
export async function getInstances() {
|
||||
export async function getInstances(cairoId) {
|
||||
const [serverDeployments, podMetricsRes, entries] = await Promise.all([
|
||||
getDeployments(),
|
||||
getUserDeployments(cairoId),
|
||||
k8sMetrics.getPodMetrics(namespace),
|
||||
getServerEntries(),
|
||||
]);
|
||||
|
|
|
|||
|
|
@ -8,8 +8,10 @@ import {
|
|||
getItem,
|
||||
} from "../controllers/file-controller.js";
|
||||
|
||||
import cairoAuthMiddleware from "./middlewares/auth-middleware.js";
|
||||
|
||||
const router = Router();
|
||||
router.use(jsonMiddleware());
|
||||
router.use([jsonMiddleware(), cairoAuthMiddleware]);
|
||||
const multerMiddleware = multer();
|
||||
|
||||
router.post("/list", listFiles);
|
||||
|
|
|
|||
|
|
@ -19,6 +19,7 @@ const cairoAuthHandler = (req, res, next) => {
|
|||
if (!req.token) return res.status(401).send("Cairo auth required!");
|
||||
VERB("AUTH", `${MCL_CAIRO_URL}/api/user/info`);
|
||||
cairoAuthenticate(req.token)
|
||||
.then((authData) => (req.cairoId = authData.id))
|
||||
.then(() => next())
|
||||
.catch((err) => {
|
||||
ERR("AUTH", err.response ? err.response.data : err.message);
|
||||
|
|
|
|||
|
|
@ -15,14 +15,14 @@ import {
|
|||
import cairoAuthMiddleware from "./middlewares/auth-middleware.js";
|
||||
|
||||
const router = Router();
|
||||
router.use(jsonMiddleware());
|
||||
router.use([jsonMiddleware(), cairoAuthMiddleware]);
|
||||
// Routes
|
||||
router.post("/create", createServer);
|
||||
router.delete("/delete", deleteServer);
|
||||
router.post("/start", startServer);
|
||||
router.post("/stop", stopServer);
|
||||
router.get("/list", serverList);
|
||||
router.get("/instances", cairoAuthMiddleware, serverInstances);
|
||||
router.get("/instances", serverInstances);
|
||||
router.post("/blueprint", getServer);
|
||||
router.post("/modify", modifyServer);
|
||||
export default router;
|
||||
|
|
|
|||
|
|
@ -2,6 +2,10 @@ import { Router } from "express";
|
|||
import k8s from "@kubernetes/client-node";
|
||||
import { WARN } from "../util/logging.js";
|
||||
const router = Router();
|
||||
|
||||
import cairoAuthMiddleware from "./middlewares/auth-middleware.js";
|
||||
router.use(cairoAuthMiddleware);
|
||||
|
||||
const kc = new k8s.KubeConfig();
|
||||
kc.loadFromDefault();
|
||||
const k8sApi = kc.makeApiClient(k8s.CoreV1Api);
|
||||
|
|
|
|||
|
|
@ -7,8 +7,8 @@ import DialogContent from "@mui/material/DialogContent";
|
|||
import DialogActions from "@mui/material/DialogActions";
|
||||
import Dialog from "@mui/material/Dialog";
|
||||
import Toolbar from "@mui/material/Toolbar";
|
||||
|
||||
import TextEditor from "./TextEditor.jsx";
|
||||
import { cairoAuthHeader } from "@mcl/util/auth.js";
|
||||
|
||||
const textFileTypes = ["properties", "txt", "yaml", "yml", "json", "env"];
|
||||
const imageFileTypes = ["png", "jpeg", "jpg"];
|
||||
|
|
@ -52,6 +52,7 @@ export default function FilePreview(props) {
|
|||
await fetch("/api/files/upload", {
|
||||
method: "POST",
|
||||
body: formData,
|
||||
headers: cairoAuthHeader(),
|
||||
});
|
||||
dialogToggle();
|
||||
}
|
||||
|
|
|
|||
|
|
@ -18,6 +18,7 @@ import {
|
|||
getServerItem,
|
||||
} from "@mcl/queries";
|
||||
import { previewServerItem } from "../../util/queries";
|
||||
import { cairoAuthHeader } from "@mcl/util/auth.js";
|
||||
|
||||
import { supportedFileTypes } from "./FilePreview.jsx";
|
||||
|
||||
|
|
@ -109,6 +110,7 @@ export default function MineclusterFiles(props) {
|
|||
await fetch("/api/files/upload", {
|
||||
method: "POST",
|
||||
body: formData,
|
||||
headers: cairoAuthHeader(),
|
||||
});
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -1,8 +1,5 @@
|
|||
import Box from "@mui/material/Box";
|
||||
import Toolbar from "@mui/material/Toolbar";
|
||||
import MCLPortal from "./MCLPortal.jsx";
|
||||
import Button from "@mui/material/Button";
|
||||
import SpeedDialIcon from "@mui/material/SpeedDialIcon";
|
||||
// Import Navbar
|
||||
/*import Navbar from "./Navbar.jsx";*/
|
||||
import { useCairoAuth } from "@mcl/util/auth.js";
|
||||
|
|
|
|||
|
|
@ -31,26 +31,10 @@ export function useCairoAuth() {
|
|||
return auth;
|
||||
}
|
||||
|
||||
export function useAuth() {
|
||||
const { state: settings } = useContext(SettingsContext);
|
||||
const [auth, setAuth] = useState(!!!settings.cairoAuth);
|
||||
|
||||
if (!settings.cairoAuth) return auth;
|
||||
fetch("/api/auth/verify", {
|
||||
headers: { Authorization: `Bearer ${settings.cairoAuth}` },
|
||||
})
|
||||
.then(() => setAuth(true))
|
||||
.catch(() => setAuth(false));
|
||||
|
||||
return auth;
|
||||
export function getAuthTokenFromStorage() {
|
||||
return JSON.parse(localStorage.getItem("settings")).cairoAuth;
|
||||
}
|
||||
|
||||
export function useUpdateAuth() {
|
||||
const { updateSettings } = useContext(SettingsContext);
|
||||
const [searchParams] = useSearchParams();
|
||||
const webToken = searchParams.get("cairoAuthToken");
|
||||
if (webToken) {
|
||||
updateSettings({ cairoAuth: webToken });
|
||||
searchParams.delete("cairoAuthToken");
|
||||
}
|
||||
export function cairoAuthHeader() {
|
||||
return { Authorization: `Bearer ${getAuthTokenFromStorage()}` };
|
||||
}
|
||||
|
|
|
|||
|
|
@ -1,12 +1,17 @@
|
|||
import { useQuery, useQueryClient } from "@tanstack/react-query";
|
||||
import { cairoAuthHeader } from "@mcl/util/auth.js";
|
||||
|
||||
const fetchApi = (subPath) => async () =>
|
||||
fetch(`/api${subPath}`).then((res) => res.json());
|
||||
fetch(`/api${subPath}`, { headers: cairoAuthHeader() }).then((res) =>
|
||||
res.json(),
|
||||
);
|
||||
|
||||
const fetchApiCore = async (subPath, json, method = "POST", jsonify = false) =>
|
||||
fetch(`/api${subPath}`, {
|
||||
method,
|
||||
headers: {
|
||||
"Content-Type": "application/json",
|
||||
...cairoAuthHeader(),
|
||||
},
|
||||
body: JSON.stringify(json),
|
||||
}).then((res) => (jsonify ? res.json() : res));
|
||||
|
|
@ -16,6 +21,7 @@ const fetchApiPost = (subPath, json) => async () =>
|
|||
method: "POST",
|
||||
headers: {
|
||||
"Content-Type": "application/json",
|
||||
...cairoAuthHeader(),
|
||||
},
|
||||
body: JSON.stringify(json),
|
||||
}).then((res) => res.json());
|
||||
|
|
@ -117,6 +123,7 @@ const postJsonApi = (subPath, body, invalidate, method = "POST") => {
|
|||
method,
|
||||
headers: {
|
||||
"Content-Type": "application/json",
|
||||
...cairoAuthHeader(),
|
||||
},
|
||||
body: JSON.stringify(body),
|
||||
});
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue