forked from bosun-monitor/bosun
/
middlewares.go
128 lines (117 loc) · 3.26 KB
/
middlewares.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
package web
import (
"net/http"
"github.com/MiniProfiler/go/miniprofiler"
"github.com/captncraig/easyauth"
"github.com/captncraig/easyauth/providers/ldap"
"github.com/captncraig/easyauth/providers/token"
"github.com/captncraig/easyauth/providers/token/redisStore"
"github.com/gorilla/mux"
"bosun.org/cmd/bosun/conf"
"bosun.org/collect"
"bosun.org/opentsdb"
)
// This file contains custom middlewares for bosun. Must match alice.Constructor signature (func(http.Handler) http.Handler)
var miniProfilerMiddleware = func(next http.Handler) http.Handler {
return miniprofiler.NewContextHandler(next.ServeHTTP)
}
var endpointStatsMiddleware = func(next http.Handler) http.Handler {
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
//metric for http vs https
proto := "http"
if r.TLS != nil {
proto = "https"
}
collect.Add("http_protocol", opentsdb.TagSet{"proto": proto}, 1)
//if we use gorilla named routes, we can add stats and timings per route
routeName := ""
if route := mux.CurrentRoute(r); route != nil {
routeName = route.GetName()
}
if routeName == "" {
routeName = "unknown"
}
t := collect.StartTimer("http_routes", opentsdb.TagSet{"route": routeName})
next.ServeHTTP(w, r)
t()
})
}
type noopAuth struct{}
func (n noopAuth) GetUser(r *http.Request) (*easyauth.User, error) {
name := "anonymous"
if cookie, err := r.Cookie("action-user"); err == nil {
name = cookie.Value
}
//everybody is an admin!
return &easyauth.User{
Access: roleAdmin,
Username: name,
Method: "noop",
}, nil
}
func buildAuth(cfg *conf.AuthConf) (easyauth.AuthManager, *token.TokenProvider, error) {
if cfg == nil {
auth, err := easyauth.New()
if err != nil {
return nil, nil, err
}
auth.AddProvider("nop", noopAuth{})
return auth, nil, nil
}
const defaultCookieSecret = "CookiesAreInsecure"
if cfg.CookieSecret == "" {
cfg.CookieSecret = defaultCookieSecret
}
auth, err := easyauth.New(easyauth.CookieSecret(cfg.CookieSecret))
if err != nil {
return nil, nil, err
}
if cfg.AuthDisabled {
auth.AddProvider("nop", noopAuth{})
} else {
authEnabled = true
}
if cfg.LDAP.LdapAddr != "" {
l, err := buildLDAPConfig(cfg.LDAP)
if err != nil {
return nil, nil, err
}
auth.AddProvider("ldap", l)
}
var authTokens *token.TokenProvider
if cfg.TokenSecret != "" {
tokensEnabled = true
authTokens = token.NewToken(cfg.TokenSecret, redisStore.New(schedule.DataAccess))
auth.AddProvider("tok", authTokens)
}
return auth, authTokens, nil
}
func buildLDAPConfig(ld conf.LDAPConf) (*ldap.LdapProvider, error) {
l := &ldap.LdapProvider{
Domain: ld.Domain,
UserBaseDn: ld.UserBaseDn,
LdapAddr: ld.LdapAddr,
AllowInsecure: ld.AllowInsecure,
RootSearchPath: ld.RootSearchPath,
Users: map[string]easyauth.Role{},
}
var role easyauth.Role
var err error
if role, err = parseRole(ld.DefaultPermission); err != nil {
return nil, err
}
l.DefaultPermission = role
for _, g := range ld.Groups {
if role, err = parseRole(g.Role); err != nil {
return nil, err
}
l.Groups = append(l.Groups, &ldap.LdapGroup{Path: g.Path, Role: role})
}
for name, perm := range ld.Users {
if role, err = parseRole(perm); err != nil {
return nil, err
}
l.Users[name] = role
}
return l, nil
}