JakeHillion/storj
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
951d5db7f7
storj/satellite/admin/server.go

200 lines
6.7 KiB
Go
Raw Normal View History

satellite/admin: administrative endpoint Admin server allows creating basic REST and html API-s for different administrative tasks. Change-Id: I3dc1786abe1c87350eed60ec90e48130f44e63cf
2020-02-07 16:36:28 +00:00
// Copyright (C) 2020 Storj Labs, Inc.
// See LICENSE for copying information.
// Package admin implements administrative endpoints for satellite.
package admin
import (
"context"
satellite/admin: add project limit modification and authorization token Change-Id: If9a7214a940b8544f8023c2cd82da21f19d3f521
2020-02-07 17:24:58 +00:00
"crypto/subtle"
all: separate err check for http We want to avoid net/http dependency in errs2 package, hence we removed http.ErrServerClosed from IgnoreCanceled and IsCanceled check. Now we need to add that check explicitly to every http endpoint. Change-Id: I62b1cc0a0a2d3b43301d713a7951e5022145f88f
2020-04-16 16:50:22 +01:00
"errors"
satellite/{admin,ui}: implement changes for oauth2 proxy We want to put the OAuth2 proxy, https://github.com/oauth2-proxy/oauth2-proxy, in front of the satellite admin ui. This change implements the changes required/necessary for this to work. Issue: https://github.com/storj/storj/issues/5072 Change-Id: I6da0df090cc6f0c18f1bf41e48ae082493f53f20
2022-11-10 13:19:42 +00:00
"fmt"
satellite/admin: administrative endpoint Admin server allows creating basic REST and html API-s for different administrative tasks. Change-Id: I3dc1786abe1c87350eed60ec90e48130f44e63cf
2020-02-07 16:36:28 +00:00
"net"
"net/http"
satellite/admin: use correct period end time to get results Change-Id: Ib0e76f96e61b39c98f0f5f683b39d622d235c4d8
2020-09-03 22:12:26 +01:00
"time"
satellite/admin: administrative endpoint Admin server allows creating basic REST and html API-s for different administrative tasks. Change-Id: I3dc1786abe1c87350eed60ec90e48130f44e63cf
2020-02-07 16:36:28 +00:00
"github.com/gorilla/mux"
"go.uber.org/zap"
"golang.org/x/sync/errgroup"
satellite/admin: add project limit modification and authorization token Change-Id: If9a7214a940b8544f8023c2cd82da21f19d3f521
2020-02-07 17:24:58 +00:00
all: separate err check for http We want to avoid net/http dependency in errs2 package, hence we removed http.ErrServerClosed from IgnoreCanceled and IsCanceled check. Now we need to add that check explicitly to every http endpoint. Change-Id: I62b1cc0a0a2d3b43301d713a7951e5022145f88f
2020-04-16 16:50:22 +01:00
"storj.io/common/errs2"
satellite/admin: add project limit modification and authorization token Change-Id: If9a7214a940b8544f8023c2cd82da21f19d3f521
2020-02-07 17:24:58 +00:00
"storj.io/storj/satellite/accounting"
satellite/admin/ui: avoid needing an additional copy This also fixes the build order. Unfortunately we need to ensure that the web frontends are built before installing Go binaries. Fixes https://github.com/storj/storj/issues/4654 Change-Id: I5d1c83125fd3d1a454d3400b2cbdd44bd3f2250c
2022-03-23 13:29:47 +00:00
adminui "storj.io/storj/satellite/admin/ui"
satellite/buckets: add new buckets service The main motivation is to wrap the bucket DB and metainfo DB, so we could check if a bucket is empty before applying geofencing config. Change-Id: I8bac21555e01d51a663fb557bc1acfc8106bc2e1
2021-11-12 20:47:41 +00:00
"storj.io/storj/satellite/buckets"
satellite/admin: add project limit modification and authorization token Change-Id: If9a7214a940b8544f8023c2cd82da21f19d3f521
2020-02-07 17:24:58 +00:00
"storj.io/storj/satellite/console"
satellite/admin: fix console config handling An older change plummed the full console config as subconfig of the admin api configuration in. This bloated the generated satellite configuration unnecessarily while also allow for confusion/mistakes. Change-Id: Icf49cc1f147711e37e85f6eac1143fab8ddf1659
2022-05-27 21:13:01 +01:00
"storj.io/storj/satellite/console/consoleweb"
satellite: Rename "acct mgmt api" to "rest api" "REST API" is a more accurate descriptor of the generated API in the console package than "account management API". The generated API is very flexible and will allow us to implement many more endpoints outside the scope of "account management", and "account management" is not very well defined to begin with. Change-Id: Ie87faeaa3c743ef4371eaf0edd2826303d592da7
2022-04-12 17:59:07 +01:00
"storj.io/storj/satellite/console/restkeys"
satellite/oidc: move oidc into common package Change-Id: I77702e0e46f15a09fee315b9076638e1412836f7
2022-01-19 18:25:31 +00:00
"storj.io/storj/satellite/oidc"
satellite/admin: add user deletion Change-Id: Ideea978698183e25f5e0d73128c4f93c2caa1577
2020-07-06 22:31:40 +01:00
"storj.io/storj/satellite/payments"
satellite/admin: add coupon creation and listing (#3891)
2020-05-19 11:36:13 +01:00
"storj.io/storj/satellite/payments/stripecoinpayments"
satellite/admin: administrative endpoint Admin server allows creating basic REST and html API-s for different administrative tasks. Change-Id: I3dc1786abe1c87350eed60ec90e48130f44e63cf
2020-02-07 16:36:28 +00:00
)
// Config defines configuration for debug server.
type Config struct {
satellite/{admin,ui}: implement changes for oauth2 proxy We want to put the OAuth2 proxy, https://github.com/oauth2-proxy/oauth2-proxy, in front of the satellite admin ui. This change implements the changes required/necessary for this to work. Issue: https://github.com/storj/storj/issues/5072 Change-Id: I6da0df090cc6f0c18f1bf41e48ae082493f53f20
2022-11-10 13:19:42 +00:00
Address string `help:"admin peer http listening address" releaseDefault:"" devDefault:""`
StaticDir string `help:"an alternate directory path which contains the static assets to serve. When empty, it uses the embedded assets" releaseDefault:"" devDefault:""`
AllowedOauthHost string `help:"the oauth host allowed to bypass token authentication."`
satellite/admin: add project limit modification and authorization token Change-Id: If9a7214a940b8544f8023c2cd82da21f19d3f521
2020-02-07 17:24:58 +00:00
AuthorizationToken string `internal:"true"`
}
// DB is databases needed for the admin server.
type DB interface {
// ProjectAccounting returns database for storing information about project data use
ProjectAccounting() accounting.ProjectAccounting
// Console returns database for satellite console
Console() console.DB
satellite/oidc: move oidc into common package Change-Id: I77702e0e46f15a09fee315b9076638e1412836f7
2022-01-19 18:25:31 +00:00
// OIDC returns the database for OIDC and OAuth information.
OIDC() oidc.DB
satellite/admin: add coupon creation and listing (#3891)
2020-05-19 11:36:13 +01:00
// StripeCoinPayments returns database for satellite stripe coin payments
StripeCoinPayments() stripecoinpayments.DB
satellite/admin: administrative endpoint Admin server allows creating basic REST and html API-s for different administrative tasks. Change-Id: I3dc1786abe1c87350eed60ec90e48130f44e63cf
2020-02-07 16:36:28 +00:00
}
satellite/admin: add check project usage endpoint and fix some leftover http.Error handling Change-Id: I1ae3e7cb723a553f9c5a3a752beab0a27b0293bc
2020-08-13 13:40:05 +01:00
// Server provides endpoints for administrative tasks.
satellite/admin: administrative endpoint Admin server allows creating basic REST and html API-s for different administrative tasks. Change-Id: I3dc1786abe1c87350eed60ec90e48130f44e63cf
2020-02-07 16:36:28 +00:00
type Server struct {
log *zap.Logger
listener net.Listener
server http.Server
satellite/admin: add project limit modification and authorization token Change-Id: If9a7214a940b8544f8023c2cd82da21f19d3f521
2020-02-07 17:24:58 +00:00
satellite: Rename "acct mgmt api" to "rest api" "REST API" is a more accurate descriptor of the generated API in the console package than "account management API". The generated API is very flexible and will allow us to implement many more endpoints outside the scope of "account management", and "account management" is not very well defined to begin with. Change-Id: Ie87faeaa3c743ef4371eaf0edd2826303d592da7
2022-04-12 17:59:07 +01:00
db DB
payments payments.Accounts
buckets *buckets.Service
restKeys *restkeys.Service
satellite/admin: use correct period end time to get results Change-Id: Ib0e76f96e61b39c98f0f5f683b39d622d235c4d8
2020-09-03 22:12:26 +01:00
nowFn func() time.Time
satellite/{console,satellitedb}: move project limits from config file to DB to keep limits on a per user basis To allow for changing limits for new users, while leaving existing users limits as they are, we must store the project limits for each user. We currently store the limit for the number of projects a user can create in the user DB table. This change would also store the project bandwidth and storage limits in the same table. Change-Id: If8d79b39de020b969f3445ef2fcc370e51d706c6
2021-11-01 15:27:32 +00:00
satellite/admin: fix console config handling An older change plummed the full console config as subconfig of the admin api configuration in. This bloated the generated satellite configuration unnecessarily while also allow for confusion/mistakes. Change-Id: Icf49cc1f147711e37e85f6eac1143fab8ddf1659
2022-05-27 21:13:01 +01:00
console consoleweb.Config
config Config
satellite/admin: administrative endpoint Admin server allows creating basic REST and html API-s for different administrative tasks. Change-Id: I3dc1786abe1c87350eed60ec90e48130f44e63cf
2020-02-07 16:36:28 +00:00
}
satellite/admin: add check project usage endpoint and fix some leftover http.Error handling Change-Id: I1ae3e7cb723a553f9c5a3a752beab0a27b0293bc
2020-08-13 13:40:05 +01:00
// NewServer returns a new administration Server.
satellite/admin: fix console config handling An older change plummed the full console config as subconfig of the admin api configuration in. This bloated the generated satellite configuration unnecessarily while also allow for confusion/mistakes. Change-Id: Icf49cc1f147711e37e85f6eac1143fab8ddf1659
2022-05-27 21:13:01 +01:00
func NewServer(log *zap.Logger, listener net.Listener, db DB, buckets *buckets.Service, restKeys *restkeys.Service, accounts payments.Accounts, console consoleweb.Config, config Config) *Server {
satellite/admin: add project limit modification and authorization token Change-Id: If9a7214a940b8544f8023c2cd82da21f19d3f521
2020-02-07 17:24:58 +00:00
server := &Server{
satellite/admin: setup payment account for user Currently a customer created via the IP does not get an payment account until he signs in. That causes issues if the account should be deleted again. Change-Id: I393c8f301e426301bb713c423d6ce011138d4ae4
2020-07-16 12:58:40 +01:00
log: log,
satellite/admin: add user deletion Change-Id: Ideea978698183e25f5e0d73128c4f93c2caa1577
2020-07-06 22:31:40 +01:00
listener: listener,
satellite: Rename "acct mgmt api" to "rest api" "REST API" is a more accurate descriptor of the generated API in the console package than "account management API". The generated API is very flexible and will allow us to implement many more endpoints outside the scope of "account management", and "account management" is not very well defined to begin with. Change-Id: Ie87faeaa3c743ef4371eaf0edd2826303d592da7
2022-04-12 17:59:07 +01:00
db: db,
payments: accounts,
buckets: buckets,
restKeys: restKeys,
satellite/admin: use correct period end time to get results Change-Id: Ib0e76f96e61b39c98f0f5f683b39d622d235c4d8
2020-09-03 22:12:26 +01:00
nowFn: time.Now,
satellite/{console,satellitedb}: move project limits from config file to DB to keep limits on a per user basis To allow for changing limits for new users, while leaving existing users limits as they are, we must store the project limits for each user. We currently store the limit for the number of projects a user can create in the user DB table. This change would also store the project bandwidth and storage limits in the same table. Change-Id: If8d79b39de020b969f3445ef2fcc370e51d706c6
2021-11-01 15:27:32 +00:00
satellite/admin: fix console config handling An older change plummed the full console config as subconfig of the admin api configuration in. This bloated the generated satellite configuration unnecessarily while also allow for confusion/mistakes. Change-Id: Icf49cc1f147711e37e85f6eac1143fab8ddf1659
2022-05-27 21:13:01 +01:00
console: console,
config: config,
satellite/admin: add project limit modification and authorization token Change-Id: If9a7214a940b8544f8023c2cd82da21f19d3f521
2020-02-07 17:24:58 +00:00
}
satellite/admin: administrative endpoint Admin server allows creating basic REST and html API-s for different administrative tasks. Change-Id: I3dc1786abe1c87350eed60ec90e48130f44e63cf
2020-02-07 16:36:28 +00:00
satellite/admin: Serve static UI assets Change the satellite Admin HTTP server for: * Embedding the UI assets into the Go binary. * Serve the UI assets from the embedded file system or from a specific directory path through a configuration flag, without requiring authentication but keeping the authentication verification for the API endpoints. * Add tests to verify that the UI assets are served without authentication. Change-Id: I9003ac96f1ec585a189b67fc1cb315905403d557
2021-10-01 13:26:21 +01:00
root := mux.NewRouter()
satellite/admin: add project limit modification and authorization token Change-Id: If9a7214a940b8544f8023c2cd82da21f19d3f521
2020-02-07 17:24:58 +00:00
satellite/admin: Serve static UI assets Change the satellite Admin HTTP server for: * Embedding the UI assets into the Go binary. * Serve the UI assets from the embedded file system or from a specific directory path through a configuration flag, without requiring authentication but keeping the authentication verification for the API endpoints. * Add tests to verify that the UI assets are served without authentication. Change-Id: I9003ac96f1ec585a189b67fc1cb315905403d557
2021-10-01 13:26:21 +01:00
api := root.PathPrefix("/api/").Subrouter()
satellite/{admin,ui}: implement changes for oauth2 proxy We want to put the OAuth2 proxy, https://github.com/oauth2-proxy/oauth2-proxy, in front of the satellite admin ui. This change implements the changes required/necessary for this to work. Issue: https://github.com/storj/storj/issues/5072 Change-Id: I6da0df090cc6f0c18f1bf41e48ae082493f53f20
2022-11-10 13:19:42 +00:00
api.Use(allowedAuthorization(log, config))
satellite/admin: add project limit modification and authorization token Change-Id: If9a7214a940b8544f8023c2cd82da21f19d3f521
2020-02-07 17:24:58 +00:00
satellite/admin: Serve static UI assets Change the satellite Admin HTTP server for: * Embedding the UI assets into the Go binary. * Serve the UI assets from the embedded file system or from a specific directory path through a configuration flag, without requiring authentication but keeping the authentication verification for the API endpoints. * Add tests to verify that the UI assets are served without authentication. Change-Id: I9003ac96f1ec585a189b67fc1cb315905403d557
2021-10-01 13:26:21 +01:00
// When adding new options, also update README.md
api.HandleFunc("/users", server.addUser).Methods("POST")
api.HandleFunc("/users/{useremail}", server.updateUser).Methods("PUT")
api.HandleFunc("/users/{useremail}", server.userInfo).Methods("GET")
api.HandleFunc("/users/{useremail}", server.deleteUser).Methods("DELETE")
satellite/admin: allow disabling of MFA We have a couple of support tickets so far that require us to disable the mfa on accounts. Since we currently had no other way than doing a SQL War Crime, it makes sense to add it to the admin API. Change-Id: Ib16735c1961380b04345a3495d4eebee5fa0bc41
2022-05-27 23:04:12 +01:00
api.HandleFunc("/users/{useremail}/mfa", server.disableUserMFA).Methods("DELETE")
satellite/admin: add endpoints for oauth clients Change-Id: I26aa81266f494be8aab0b5523217bad9405037a0
2022-01-11 18:42:17 +00:00
api.HandleFunc("/oauth/clients", server.createOAuthClient).Methods("POST")
api.HandleFunc("/oauth/clients/{id}", server.updateOAuthClient).Methods("PUT")
api.HandleFunc("/oauth/clients/{id}", server.deleteOAuthClient).Methods("DELETE")
satellite/admin: Serve static UI assets Change the satellite Admin HTTP server for: * Embedding the UI assets into the Go binary. * Serve the UI assets from the embedded file system or from a specific directory path through a configuration flag, without requiring authentication but keeping the authentication verification for the API endpoints. * Add tests to verify that the UI assets are served without authentication. Change-Id: I9003ac96f1ec585a189b67fc1cb315905403d557
2021-10-01 13:26:21 +01:00
api.HandleFunc("/projects", server.addProject).Methods("POST")
api.HandleFunc("/projects/{project}/usage", server.checkProjectUsage).Methods("GET")
api.HandleFunc("/projects/{project}/limit", server.getProjectLimit).Methods("GET")
api.HandleFunc("/projects/{project}/limit", server.putProjectLimit).Methods("PUT", "POST")
api.HandleFunc("/projects/{project}", server.getProject).Methods("GET")
api.HandleFunc("/projects/{project}", server.renameProject).Methods("PUT")
api.HandleFunc("/projects/{project}", server.deleteProject).Methods("DELETE")
api.HandleFunc("/projects/{project}/apikeys", server.listAPIKeys).Methods("GET")
api.HandleFunc("/projects/{project}/apikeys", server.addAPIKey).Methods("POST")
api.HandleFunc("/projects/{project}/apikeys/{name}", server.deleteAPIKeyByName).Methods("DELETE")
satellite/admin: Move geofence endpoint to bucket info Move an endpoint that was classified to return the geofence configuration of a bucket to return the bucket information, which also include the geofence configuration, because it's what it was returning. Change-Id: I0e0a6aac330296383a50a92d2352df9088df77d5
2021-11-30 17:47:14 +00:00
api.HandleFunc("/projects/{project}/buckets/{bucket}", server.getBucketInfo).Methods("GET")
satellite/admin: add endpoints for managing a buckets geofence Change-Id: I407243b8b9c769d968e70478c45230d9fdecaeb2
2021-11-12 20:48:29 +00:00
api.HandleFunc("/projects/{project}/buckets/{bucket}/geofence", server.createGeofenceForBucket).Methods("POST")
api.HandleFunc("/projects/{project}/buckets/{bucket}/geofence", server.deleteGeofenceForBucket).Methods("DELETE")
satellite/admin: Serve static UI assets Change the satellite Admin HTTP server for: * Embedding the UI assets into the Go binary. * Serve the UI assets from the embedded file system or from a specific directory path through a configuration flag, without requiring authentication but keeping the authentication verification for the API endpoints. * Add tests to verify that the UI assets are served without authentication. Change-Id: I9003ac96f1ec585a189b67fc1cb315905403d557
2021-10-01 13:26:21 +01:00
api.HandleFunc("/apikeys/{apikey}", server.deleteAPIKey).Methods("DELETE")
satellite: Rename "acct mgmt api" to "rest api" "REST API" is a more accurate descriptor of the generated API in the console package than "account management API". The generated API is very flexible and will allow us to implement many more endpoints outside the scope of "account management", and "account management" is not very well defined to begin with. Change-Id: Ie87faeaa3c743ef4371eaf0edd2826303d592da7
2022-04-12 17:59:07 +01:00
api.HandleFunc("/restkeys/{useremail}", server.addRESTKey).Methods("POST")
api.HandleFunc("/restkeys/{apikey}/revoke", server.revokeRESTKey).Methods("PUT")
satellite/admin: Serve static UI assets Change the satellite Admin HTTP server for: * Embedding the UI assets into the Go binary. * Serve the UI assets from the embedded file system or from a specific directory path through a configuration flag, without requiring authentication but keeping the authentication verification for the API endpoints. * Add tests to verify that the UI assets are served without authentication. Change-Id: I9003ac96f1ec585a189b67fc1cb315905403d557
2021-10-01 13:26:21 +01:00
// This handler must be the last one because it uses the root as prefix,
// otherwise will try to serve all the handlers set after this one.
if config.StaticDir == "" {
satellite/admin/ui: avoid needing an additional copy This also fixes the build order. Unfortunately we need to ensure that the web frontends are built before installing Go binaries. Fixes https://github.com/storj/storj/issues/4654 Change-Id: I5d1c83125fd3d1a454d3400b2cbdd44bd3f2250c
2022-03-23 13:29:47 +00:00
root.PathPrefix("/").Handler(http.FileServer(http.FS(adminui.Assets))).Methods("GET")
satellite/admin: Serve static UI assets Change the satellite Admin HTTP server for: * Embedding the UI assets into the Go binary. * Serve the UI assets from the embedded file system or from a specific directory path through a configuration flag, without requiring authentication but keeping the authentication verification for the API endpoints. * Add tests to verify that the UI assets are served without authentication. Change-Id: I9003ac96f1ec585a189b67fc1cb315905403d557
2021-10-01 13:26:21 +01:00
} else {
root.PathPrefix("/").Handler(http.FileServer(http.Dir(config.StaticDir))).Methods("GET")
satellite/admin: add project limit modification and authorization token Change-Id: If9a7214a940b8544f8023c2cd82da21f19d3f521
2020-02-07 17:24:58 +00:00
}
satellite/admin: Serve static UI assets Change the satellite Admin HTTP server for: * Embedding the UI assets into the Go binary. * Serve the UI assets from the embedded file system or from a specific directory path through a configuration flag, without requiring authentication but keeping the authentication verification for the API endpoints. * Add tests to verify that the UI assets are served without authentication. Change-Id: I9003ac96f1ec585a189b67fc1cb315905403d557
2021-10-01 13:26:21 +01:00
server.server.Handler = root
return server
satellite/admin: add project limit modification and authorization token Change-Id: If9a7214a940b8544f8023c2cd82da21f19d3f521
2020-02-07 17:24:58 +00:00
}
satellite/admin: add check project usage endpoint and fix some leftover http.Error handling Change-Id: I1ae3e7cb723a553f9c5a3a752beab0a27b0293bc
2020-08-13 13:40:05 +01:00
// Run starts the admin endpoint.
satellite/admin: administrative endpoint Admin server allows creating basic REST and html API-s for different administrative tasks. Change-Id: I3dc1786abe1c87350eed60ec90e48130f44e63cf
2020-02-07 16:36:28 +00:00
func (server *Server) Run(ctx context.Context) error {
if server.listener == nil {
return nil
}
ctx, cancel := context.WithCancel(ctx)
var group errgroup.Group
group.Go(func() error {
<-ctx.Done()
return Error.Wrap(server.server.Shutdown(context.Background()))
})
group.Go(func() error {
defer cancel()
all: separate err check for http We want to avoid net/http dependency in errs2 package, hence we removed http.ErrServerClosed from IgnoreCanceled and IsCanceled check. Now we need to add that check explicitly to every http endpoint. Change-Id: I62b1cc0a0a2d3b43301d713a7951e5022145f88f
2020-04-16 16:50:22 +01:00
err := server.server.Serve(server.listener)
if errs2.IsCanceled(err) || errors.Is(err, http.ErrServerClosed) {
err = nil
}
return Error.Wrap(err)
satellite/admin: administrative endpoint Admin server allows creating basic REST and html API-s for different administrative tasks. Change-Id: I3dc1786abe1c87350eed60ec90e48130f44e63cf
2020-02-07 16:36:28 +00:00
})
return group.Wait()
}
satellite/admin: use correct period end time to get results Change-Id: Ib0e76f96e61b39c98f0f5f683b39d622d235c4d8
2020-09-03 22:12:26 +01:00
// SetNow allows tests to have the server act as if the current time is whatever they want.
func (server *Server) SetNow(nowFn func() time.Time) {
server.nowFn = nowFn
}
satellite/admin: administrative endpoint Admin server allows creating basic REST and html API-s for different administrative tasks. Change-Id: I3dc1786abe1c87350eed60ec90e48130f44e63cf
2020-02-07 16:36:28 +00:00
// Close closes server and underlying listener.
func (server *Server) Close() error {
return Error.Wrap(server.server.Close())
}
satellite/admin: Serve static UI assets Change the satellite Admin HTTP server for: * Embedding the UI assets into the Go binary. * Serve the UI assets from the embedded file system or from a specific directory path through a configuration flag, without requiring authentication but keeping the authentication verification for the API endpoints. * Add tests to verify that the UI assets are served without authentication. Change-Id: I9003ac96f1ec585a189b67fc1cb315905403d557
2021-10-01 13:26:21 +01:00
satellite/{admin,ui}: implement changes for oauth2 proxy We want to put the OAuth2 proxy, https://github.com/oauth2-proxy/oauth2-proxy, in front of the satellite admin ui. This change implements the changes required/necessary for this to work. Issue: https://github.com/storj/storj/issues/5072 Change-Id: I6da0df090cc6f0c18f1bf41e48ae082493f53f20
2022-11-10 13:19:42 +00:00
func allowedAuthorization(log *zap.Logger, config Config) func(next http.Handler) http.Handler {
satellite/admin: Serve static UI assets Change the satellite Admin HTTP server for: * Embedding the UI assets into the Go binary. * Serve the UI assets from the embedded file system or from a specific directory path through a configuration flag, without requiring authentication but keeping the authentication verification for the API endpoints. * Add tests to verify that the UI assets are served without authentication. Change-Id: I9003ac96f1ec585a189b67fc1cb315905403d557
2021-10-01 13:26:21 +01:00
return func(next http.Handler) http.Handler {
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
satellite/{admin,ui}: implement changes for oauth2 proxy We want to put the OAuth2 proxy, https://github.com/oauth2-proxy/oauth2-proxy, in front of the satellite admin ui. This change implements the changes required/necessary for this to work. Issue: https://github.com/storj/storj/issues/5072 Change-Id: I6da0df090cc6f0c18f1bf41e48ae082493f53f20
2022-11-10 13:19:42 +00:00
if r.Host != config.AllowedOauthHost {
// not behind the proxy; use old authentication method.
if config.AuthorizationToken == "" {
sendJSONError(w, "Authorization not enabled.",
"", http.StatusForbidden)
return
}
equality := subtle.ConstantTimeCompare(
[]byte(r.Header.Get("Authorization")),
[]byte(config.AuthorizationToken),
)
if equality != 1 {
sendJSONError(w, "Forbidden",
"", http.StatusForbidden)
return
}
satellite/admin: Serve static UI assets Change the satellite Admin HTTP server for: * Embedding the UI assets into the Go binary. * Serve the UI assets from the embedded file system or from a specific directory path through a configuration flag, without requiring authentication but keeping the authentication verification for the API endpoints. * Add tests to verify that the UI assets are served without authentication. Change-Id: I9003ac96f1ec585a189b67fc1cb315905403d557
2021-10-01 13:26:21 +01:00
}
satellite/{admin,ui}: implement changes for oauth2 proxy We want to put the OAuth2 proxy, https://github.com/oauth2-proxy/oauth2-proxy, in front of the satellite admin ui. This change implements the changes required/necessary for this to work. Issue: https://github.com/storj/storj/issues/5072 Change-Id: I6da0df090cc6f0c18f1bf41e48ae082493f53f20
2022-11-10 13:19:42 +00:00
log.Info(
"admin action",
zap.String("host", r.Host),
zap.String("user", r.Header.Get("X-Forwarded-Email")),
zap.String("action", fmt.Sprintf("%s-%s", r.Method, r.RequestURI)),
zap.String("queries", r.URL.Query().Encode()),
satellite/admin: Serve static UI assets Change the satellite Admin HTTP server for: * Embedding the UI assets into the Go binary. * Serve the UI assets from the embedded file system or from a specific directory path through a configuration flag, without requiring authentication but keeping the authentication verification for the API endpoints. * Add tests to verify that the UI assets are served without authentication. Change-Id: I9003ac96f1ec585a189b67fc1cb315905403d557
2021-10-01 13:26:21 +01:00
)
r.Header.Set("Cache-Control", "must-revalidate")
next.ServeHTTP(w, r)
})
}
}
Reference in New Issue Copy Permalink