37 Star 407 Fork 74

GVPrancher/rancher

加入 Gitee
与超过 1200万 开发者一起发现、参与优秀开源项目,私有仓库也完全免费 :)
免费加入
克隆/下载
route_handlers.go 6.75 KB
一键复制 编辑 原始数据 按行查看 历史
Craig Jellick 提交于 2018-04-23 11:23 . Fix delete token bug
package tokens
import (
"encoding/json"
"fmt"
"io/ioutil"
"net/http"
"time"
"github.com/rancher/norman/httperror"
"github.com/rancher/norman/types"
"github.com/rancher/rancher/pkg/auth/util"
"github.com/rancher/types/apis/management.cattle.io/v3"
"github.com/sirupsen/logrus"
)
const (
CookieName = "R_SESS"
AuthHeaderName = "Authorization"
AuthValuePrefix = "Bearer"
BasicAuthPrefix = "Basic"
)
func tokenActionHandler(actionName string, action *types.Action, request *types.APIContext) error {
logrus.Debugf("TokenActionHandler called for action %v", actionName)
if actionName == "logout" {
return tokenServer.logout(actionName, action, request)
}
return httperror.NewAPIError(httperror.ActionNotAvailable, "")
}
func tokenCreateHandler(request *types.APIContext, _ types.RequestHandler) error {
logrus.Debugf("TokenCreateHandler called")
return tokenServer.deriveToken(request)
}
func tokenListHandler(request *types.APIContext, _ types.RequestHandler) error {
logrus.Debugf("TokenListHandler called")
if request.ID != "" {
return tokenServer.getToken(request)
}
return tokenServer.listTokens(request)
}
func tokenDeleteHandler(request *types.APIContext, _ types.RequestHandler) error {
logrus.Debugf("TokenDeleteHandler called")
return tokenServer.removeToken(request)
}
func (s *tokenAPIServer) deriveToken(request *types.APIContext) error {
r := request.Request
tokenAuthValue := GetTokenAuthFromRequest(r)
if tokenAuthValue == "" {
// no cookie or auth header, cannot authenticate
return httperror.NewAPIErrorLong(http.StatusUnauthorized, util.GetHTTPErrorCode(http.StatusUnauthorized), "No valid token cookie or auth header")
}
bytes, err := ioutil.ReadAll(r.Body)
if err != nil {
logrus.Errorf("GetToken failed with error: %v", err)
}
jsonInput := v3.Token{}
err = json.Unmarshal(bytes, &jsonInput)
if err != nil {
logrus.Errorf("unmarshal failed with error: %v", err)
}
var token v3.Token
var status int
// create derived token
token, status, err = s.createDerivedToken(jsonInput, tokenAuthValue)
if err != nil {
logrus.Errorf("deriveToken failed with error: %v", err)
if status == 0 {
status = http.StatusInternalServerError
}
return httperror.NewAPIErrorLong(status, util.GetHTTPErrorCode(status), fmt.Sprintf("%v", err))
}
tokenData, err := ConvertTokenResource(request.Schema, token)
if err != nil {
return err
}
tokenData["token"] = token.ObjectMeta.Name + ":" + token.Token
request.WriteResponse(http.StatusCreated, tokenData)
return nil
}
func (s *tokenAPIServer) listTokens(request *types.APIContext) error {
r := request.Request
// TODO switch to X-API-UserId header
tokenAuthValue := GetTokenAuthFromRequest(r)
if tokenAuthValue == "" {
// no cookie or auth header, cannot authenticate
return httperror.NewAPIErrorLong(http.StatusUnauthorized, util.GetHTTPErrorCode(http.StatusUnauthorized), "No valid token cookie or auth header")
}
//getToken
tokens, status, err := s.getTokens(tokenAuthValue)
if err != nil {
logrus.Errorf("GetToken failed with error: %v", err)
if status == 0 {
status = http.StatusInternalServerError
}
return httperror.NewAPIErrorLong(status, util.GetHTTPErrorCode(status), fmt.Sprintf("%v", err))
}
tokensFromStore := make([]map[string]interface{}, len(tokens))
for _, token := range tokens {
tokenData, err := ConvertTokenResource(request.Schema, token)
if err != nil {
return err
}
tokensFromStore = append(tokensFromStore, tokenData)
}
request.WriteResponse(http.StatusOK, tokensFromStore)
return nil
}
func (s *tokenAPIServer) logout(actionName string, action *types.Action, request *types.APIContext) error {
r := request.Request
w := request.Response
tokenAuthValue := GetTokenAuthFromRequest(r)
if tokenAuthValue == "" {
// no cookie or auth header, cannot authenticate
return httperror.NewAPIErrorLong(http.StatusUnauthorized, util.GetHTTPErrorCode(http.StatusUnauthorized), "No valid token cookie or auth header")
}
isSecure := false
if r.URL.Scheme == "https" {
isSecure = true
}
tokenCookie := &http.Cookie{
Name: CookieName,
Value: "",
Secure: isSecure,
Path: "/",
HttpOnly: true,
MaxAge: -1,
Expires: time.Date(1982, time.February, 10, 23, 0, 0, 0, time.UTC),
}
http.SetCookie(w, tokenCookie)
//getToken
status, err := s.deleteToken(tokenAuthValue)
if err != nil {
logrus.Errorf("DeleteToken failed with error: %v", err)
if status == 0 {
status = http.StatusInternalServerError
}
return httperror.NewAPIErrorLong(status, util.GetHTTPErrorCode(status), fmt.Sprintf("%v", err))
}
return nil
}
func (s *tokenAPIServer) getToken(request *types.APIContext) error {
// TODO switch to X-API-UserId header
r := request.Request
tokenAuthValue := GetTokenAuthFromRequest(r)
if tokenAuthValue == "" {
// no cookie or auth header, cannot authenticate
return httperror.NewAPIErrorLong(http.StatusUnauthorized, util.GetHTTPErrorCode(http.StatusUnauthorized), "No valid token cookie or auth header")
}
tokenID := request.ID
//getToken
token, status, err := s.getTokenByID(tokenAuthValue, tokenID)
if err != nil {
logrus.Errorf("GetToken failed with error: %v", err)
if status == 0 {
status = http.StatusInternalServerError
} else if status == 410 {
status = http.StatusNotFound
}
return httperror.NewAPIErrorLong(status, util.GetHTTPErrorCode(status), fmt.Sprintf("%v", err))
}
tokenData, err := ConvertTokenResource(request.Schema, token)
if err != nil {
return err
}
request.WriteResponse(http.StatusOK, tokenData)
return nil
}
func (s *tokenAPIServer) removeToken(request *types.APIContext) error {
// TODO switch to X-API-UserId header
r := request.Request
tokenAuthValue := GetTokenAuthFromRequest(r)
if tokenAuthValue == "" {
// no cookie or auth header, cannot authenticate
return httperror.NewAPIErrorLong(http.StatusUnauthorized, util.GetHTTPErrorCode(http.StatusUnauthorized), "No valid token cookie or auth header")
}
tokenID := request.ID
//getToken
t, status, err := s.getTokenByID(tokenAuthValue, tokenID)
if err != nil {
if status != 410 {
logrus.Errorf("DeleteToken Failed to fetch the token to delete with error: %v", err)
if status == 0 {
status = http.StatusInternalServerError
}
return httperror.NewAPIErrorLong(status, util.GetHTTPErrorCode(status), fmt.Sprintf("%v", err))
}
}
currentAuthToken, _, err := s.getK8sTokenCR(tokenAuthValue)
if err != nil {
return err
}
if currentAuthToken.Name == t.Name && !currentAuthToken.IsDerived {
return httperror.NewAPIErrorLong(http.StatusBadRequest, util.GetHTTPErrorCode(http.StatusBadRequest), "Cannot delete token for current session. Use logout instead")
}
if _, err := tokenServer.deleteTokenByName(t.Name); err != nil {
return err
}
request.WriteResponse(http.StatusNoContent, nil)
return nil
}
马建仓 AI 助手
尝试更多
代码解读
代码找茬
代码优化
Go
1
https://gitee.com/rancher/rancher.git
git@gitee.com:rancher/rancher.git
rancher
rancher
rancher
v2.0.1-rc1

搜索帮助