Populate links response with organiation on JWT
parent
f3c57f1e3f
commit
23a4c34a17
|
@ -2094,35 +2094,35 @@ func TestServer(t *testing.T) {
|
|||
wants: wants{
|
||||
statusCode: 200,
|
||||
body: `
|
||||
{
|
||||
"layouts": "/chronograf/v1/layouts",
|
||||
"users": "/chronograf/v1/organizations/default/users",
|
||||
"allUsers": "/chronograf/v1/users",
|
||||
"organizations": "/chronograf/v1/organizations",
|
||||
"mappings": "/chronograf/v1/mappings",
|
||||
"sources": "/chronograf/v1/sources",
|
||||
"me": "/chronograf/v1/me",
|
||||
"environment": "/chronograf/v1/env",
|
||||
"dashboards": "/chronograf/v1/dashboards",
|
||||
"config": {
|
||||
"self": "/chronograf/v1/config",
|
||||
"auth": "/chronograf/v1/config/auth"
|
||||
},
|
||||
"auth": [
|
||||
{
|
||||
"name": "github",
|
||||
"label": "Github",
|
||||
"login": "/oauth/github/login",
|
||||
"logout": "/oauth/github/logout",
|
||||
"callback": "/oauth/github/callback"
|
||||
}
|
||||
],
|
||||
"logout": "/oauth/logout",
|
||||
"external": {
|
||||
"statusFeed": ""
|
||||
}
|
||||
}
|
||||
`,
|
||||
{
|
||||
"layouts": "/chronograf/v1/layouts",
|
||||
"users": "/chronograf/v1/organizations/default/users",
|
||||
"allUsers": "/chronograf/v1/users",
|
||||
"organizations": "/chronograf/v1/organizations",
|
||||
"mappings": "/chronograf/v1/mappings",
|
||||
"sources": "/chronograf/v1/sources",
|
||||
"me": "/chronograf/v1/me",
|
||||
"environment": "/chronograf/v1/env",
|
||||
"dashboards": "/chronograf/v1/dashboards",
|
||||
"config": {
|
||||
"self": "/chronograf/v1/config",
|
||||
"auth": "/chronograf/v1/config/auth"
|
||||
},
|
||||
"auth": [
|
||||
{
|
||||
"name": "github",
|
||||
"label": "Github",
|
||||
"login": "/oauth/github/login",
|
||||
"logout": "/oauth/github/logout",
|
||||
"callback": "/oauth/github/callback"
|
||||
}
|
||||
],
|
||||
"logout": "/oauth/logout",
|
||||
"external": {
|
||||
"statusFeed": ""
|
||||
}
|
||||
}
|
||||
`,
|
||||
},
|
||||
},
|
||||
{
|
||||
|
@ -2177,35 +2177,35 @@ func TestServer(t *testing.T) {
|
|||
wants: wants{
|
||||
statusCode: 200,
|
||||
body: `
|
||||
{
|
||||
"layouts": "/chronograf/v1/layouts",
|
||||
"users": "/chronograf/v1/organizations/1/users",
|
||||
"allUsers": "/chronograf/v1/users",
|
||||
"organizations": "/chronograf/v1/organizations",
|
||||
"mappings": "/chronograf/v1/mappings",
|
||||
"sources": "/chronograf/v1/sources",
|
||||
"me": "/chronograf/v1/me",
|
||||
"environment": "/chronograf/v1/env",
|
||||
"dashboards": "/chronograf/v1/dashboards",
|
||||
"config": {
|
||||
"self": "/chronograf/v1/config",
|
||||
"auth": "/chronograf/v1/config/auth"
|
||||
},
|
||||
"auth": [
|
||||
{
|
||||
"name": "github",
|
||||
"label": "Github",
|
||||
"login": "/oauth/github/login",
|
||||
"logout": "/oauth/github/logout",
|
||||
"callback": "/oauth/github/callback"
|
||||
}
|
||||
],
|
||||
"logout": "/oauth/logout",
|
||||
"external": {
|
||||
"statusFeed": ""
|
||||
}
|
||||
}
|
||||
`,
|
||||
{
|
||||
"layouts": "/chronograf/v1/layouts",
|
||||
"users": "/chronograf/v1/organizations/1/users",
|
||||
"allUsers": "/chronograf/v1/users",
|
||||
"organizations": "/chronograf/v1/organizations",
|
||||
"mappings": "/chronograf/v1/mappings",
|
||||
"sources": "/chronograf/v1/sources",
|
||||
"me": "/chronograf/v1/me",
|
||||
"environment": "/chronograf/v1/env",
|
||||
"dashboards": "/chronograf/v1/dashboards",
|
||||
"config": {
|
||||
"self": "/chronograf/v1/config",
|
||||
"auth": "/chronograf/v1/config/auth"
|
||||
},
|
||||
"auth": [
|
||||
{
|
||||
"name": "github",
|
||||
"label": "Github",
|
||||
"login": "/oauth/github/login",
|
||||
"logout": "/oauth/github/logout",
|
||||
"callback": "/oauth/github/callback"
|
||||
}
|
||||
],
|
||||
"logout": "/oauth/logout",
|
||||
"external": {
|
||||
"statusFeed": ""
|
||||
}
|
||||
}
|
||||
`,
|
||||
},
|
||||
},
|
||||
}
|
||||
|
|
|
@ -11,6 +11,13 @@ import (
|
|||
"github.com/influxdata/chronograf/roles"
|
||||
)
|
||||
|
||||
// HasAuthorizedToken extracts the token from a request and validates it using the authenticator.
|
||||
// It is used by routes that need access to the token to populate links request.
|
||||
func HasAuthorizedToken(auth oauth2.Authenticator, r *http.Request) (oauth2.Principal, error) {
|
||||
ctx := r.Context()
|
||||
return auth.Validate(ctx, r)
|
||||
}
|
||||
|
||||
// AuthorizedToken extracts the token and validates; if valid the next handler
|
||||
// will be run. The principal will be sent to the next handler via the request's
|
||||
// Context. It is up to the next handler to determine if the principal has access.
|
||||
|
|
|
@ -279,8 +279,12 @@ func NewMux(opts MuxOpts, service Service) http.Handler {
|
|||
CustomLinks: opts.CustomLinks,
|
||||
}
|
||||
|
||||
allRoutes.Middleware = EnsureMember
|
||||
router.Handler("GET", "/chronograf/v1/", AuthorizedToken(opts.Auth, opts.Logger, allRoutes))
|
||||
getPrincipal := func(r *http.Request) oauth2.Principal {
|
||||
p, _ := HasAuthorizedToken(opts.Auth, r)
|
||||
return p
|
||||
}
|
||||
allRoutes.GetPrincipal = getPrincipal
|
||||
router.Handler("GET", "/chronograf/v1/", allRoutes)
|
||||
|
||||
var out http.Handler
|
||||
|
||||
|
|
|
@ -5,6 +5,7 @@ import (
|
|||
"net/http"
|
||||
|
||||
"github.com/influxdata/chronograf"
|
||||
"github.com/influxdata/chronograf/oauth2"
|
||||
)
|
||||
|
||||
// AuthRoute are the routes for each type of OAuth2 provider
|
||||
|
@ -49,25 +50,16 @@ type getRoutesResponse struct {
|
|||
// external links for the client to know about, such as for JSON feeds or custom side nav buttons.
|
||||
// Optionally, routes for authentication can be returned.
|
||||
type AllRoutes struct {
|
||||
Middleware func(http.HandlerFunc) http.HandlerFunc
|
||||
AuthRoutes []AuthRoute // Location of all auth routes. If no auth, this can be empty.
|
||||
LogoutLink string // Location of the logout route for all auth routes. If no auth, this can be empty.
|
||||
StatusFeed string // External link to the JSON Feed for the News Feed on the client's Status Page
|
||||
CustomLinks map[string]string // Custom external links for client's User menu, as passed in via CLI/ENV
|
||||
Logger chronograf.Logger
|
||||
}
|
||||
|
||||
// ServeHTTP returns all top level routes and external links within chronograf
|
||||
func (s *AllRoutes) ServeHTTP(w http.ResponseWriter, r *http.Request) {
|
||||
if s.Middleware != nil {
|
||||
s.Middleware(s.serveHTTP)(w, r)
|
||||
return
|
||||
}
|
||||
s.serveHTTP(w, r)
|
||||
GetPrincipal func(r *http.Request) oauth2.Principal // GetPrincipal is used to retrieve the principal on http request.
|
||||
AuthRoutes []AuthRoute // Location of all auth routes. If no auth, this can be empty.
|
||||
LogoutLink string // Location of the logout route for all auth routes. If no auth, this can be empty.
|
||||
StatusFeed string // External link to the JSON Feed for the News Feed on the client's Status Page
|
||||
CustomLinks map[string]string // Custom external links for client's User menu, as passed in via CLI/ENV
|
||||
Logger chronograf.Logger
|
||||
}
|
||||
|
||||
// serveHTTP returns all top level routes and external links within chronograf
|
||||
func (a *AllRoutes) serveHTTP(w http.ResponseWriter, r *http.Request) {
|
||||
func (a *AllRoutes) ServeHTTP(w http.ResponseWriter, r *http.Request) {
|
||||
customLinks, err := NewCustomLinks(a.CustomLinks)
|
||||
if err != nil {
|
||||
Error(w, http.StatusInternalServerError, err.Error(), a.Logger)
|
||||
|
@ -75,8 +67,12 @@ func (a *AllRoutes) serveHTTP(w http.ResponseWriter, r *http.Request) {
|
|||
}
|
||||
|
||||
org := "default"
|
||||
if contextOrg, ok := hasOrganizationContext(r.Context()); ok {
|
||||
org = contextOrg
|
||||
if a.GetPrincipal != nil {
|
||||
// If there is a principal, use the organization to populate the users routes
|
||||
// otherwise use the default organization
|
||||
if p := a.GetPrincipal(r); p.Organization != "" {
|
||||
org = p.Organization
|
||||
}
|
||||
}
|
||||
|
||||
routes := getRoutesResponse{
|
||||
|
|
Loading…
Reference in New Issue