command-functions

#!/usr/bin/env bash
source "$PLUGIN_CORE_AVAILABLE_PATH/common/functions"
source "$PLUGIN_CORE_AVAILABLE_PATH/common/property-functions"
source "$PLUGIN_AVAILABLE_PATH/http-auth/internal-functions"
source "$PLUGIN_AVAILABLE_PATH/nginx-vhosts/functions"
set -eo pipefail
[[ $DOKKU_TRACE ]] && set -x

cmd-http-auth-report() {
  declare desc="displays a http-auth report for one or more apps"
  declare cmd="http-auth:report"
  [[ "$1" == "$cmd" ]] && shift 1
  declare APP="$1" INFO_FLAG="$2"
  local INSTALLED_APPS
  INSTALLED_APPS=$(dokku_apps)

  if [[ -n "$APP" ]] && [[ "$APP" == --* ]]; then
    INFO_FLAG="$APP"
    APP=""
  fi

  if [[ -z "$APP" ]] && [[ -z "$INFO_FLAG" ]]; then
    INFO_FLAG="true"
  fi

  if [[ -z "$APP" ]]; then
    for app in $INSTALLED_APPS; do
      cmd-http-auth-report-single "$app" "$INFO_FLAG" | tee || true
    done
  else
    cmd-http-auth-report-single "$APP" "$INFO_FLAG"
  fi
}

cmd-http-auth-report-single() {
  declare APP="$1" INFO_FLAG="$2"
  if [[ "$INFO_FLAG" == "true" ]]; then
    INFO_FLAG=""
  fi
  verify_app_name "$APP"
  local flag_map=(
    "--http-auth-enabled: $(fn-http-auth-enabled "$APP")"
    "--http-auth-allowed-ips: $(fn-plugin-property-list-get "http-auth" "$APP" "allowed-ips" | xargs)"
    "--http-auth-users: $(fn-http-auth-list-users "$APP" | xargs)"
  )

  if [[ -z "$INFO_FLAG" ]]; then
    dokku_log_info2_quiet "${APP} http-auth information"
    for flag in "${flag_map[@]}"; do
      key="$(echo "${flag#--}" | cut -f1 -d' ' | tr - ' ')"
      dokku_log_verbose "$(printf "%-30s %-25s" "${key^}" "${flag#*: }")"
    done
  else
    local match=false
    local value_exists=false
    for flag in "${flag_map[@]}"; do
      valid_flags="${valid_flags} $(echo "$flag" | cut -d':' -f1)"
      if [[ "$flag" == "${INFO_FLAG}:"* ]]; then
        value=${flag#*: }
        size="${#value}"
        if [[ "$size" -ne 0 ]]; then
          echo "$value" && match=true && value_exists=true
        elif [[ "$INFO_FLAG" == "--http-auth-allowed-ips" ]]; then
          match=true && value_exists=true
        else
          match=true
        fi
      fi
    done
    [[ "$match" == "true" ]] || dokku_log_fail "Invalid flag passed, valid flags:${valid_flags}"
    [[ "$value_exists" == "true" ]] || dokku_log_fail "not deployed"
  fi
}

cmd-http-auth-show-config() {
  declare desc="display app http-auth config"
  declare cmd="http-auth:show-config"
  [[ "$1" == "$cmd" ]] && shift 1
  declare APP="$1"

  verify_app_name "$APP"
  if [[ ! -f "$DOKKU_ROOT/$APP/nginx.conf.d/http-auth.conf" ]]; then
    dokku_log_fail "No nginx.conf exists for $APP"
  fi

  cat "$DOKKU_ROOT/$APP/nginx.conf.d/http-auth.conf"
}

cmd-http-auth-enable() {
  declare desc="enable http auth for app"
  declare cmd="http-auth:enable"
  [[ "$1" == "$cmd" ]] && shift 1
  if [[ "$1" == "http-auth:on" ]]; then
    dokku_log_warn "Deprecated: Please use http-auth:enable"
    shift 1
  fi

  declare APP="$1" AUTH_USERNAME="$2" AUTH_PASSWORD="$3"
  local APP_ROOT="$DOKKU_ROOT/$APP"

  verify_app_name "$APP"
  if [[ "$(fn-http-auth-enabled "$APP")" == "true" ]]; then
    dokku_log_info1 "Authentication already enabled, use http-auth:add-user or http-auth:remove-user to modify users"
    return
  fi

  dokku_log_info1 "Enabling HTTP auth for $APP..."
  fn-http-auth-template-config "$APP"
  if [[ -n "$AUTH_USERNAME" ]] && [[ "$AUTH_PASSWORD" ]]; then
    fn-http-auth-add-user "$APP" "$AUTH_USERNAME" "$AUTH_PASSWORD"
  else
    dokku_log_warn "Skipping user initialization"
  fi

  validate_nginx "$APP" && restart_nginx "$APP" >/dev/null
  dokku_log_verbose "Done"
}

cmd-http-auth-disable() {
  declare desc="disable http auth for app"
  declare cmd="http-auth:disable"
  [[ "$1" == "$cmd" ]] && shift 1
  if [[ "$1" == "http-auth:off" ]]; then
    dokku_log_warn "Deprecated: Please use http-auth:disable"
    shift 1
  fi
  declare APP="$1"
  local APP_ROOT="$DOKKU_ROOT/$APP"

  verify_app_name "$APP"
  if [[ "$(fn-http-auth-enabled "$APP")" == "false" ]]; then
    dokku_log_info1 "Authentication already disabled"
    return
  fi

  dokku_log_info1 "Disabling HTTP auth for $APP..."
  rm -f "$APP_ROOT/nginx.conf.d/http-auth.conf"
  validate_nginx "$APP" && restart_nginx "$APP" >/dev/null
  dokku_log_verbose "Done"
}

cmd-http-auth-add-user() {
  declare desc="add http auth user to app"
  declare cmd="http-auth:add-user"
  [[ "$1" == "$cmd" ]] && shift 1
  declare APP="$1" AUTH_USERNAME="$2" AUTH_PASSWORD="$3"

  verify_app_name "$APP"
  if [[ "$(fn-http-auth-enabled "$APP")" == "false" ]]; then
    dokku_log_fail "Authentication is disabled"
    return 1
  fi

  if [[ -z "$AUTH_USERNAME" ]]; then
    dokku_log_fail "Missing username"
    return 1
  fi

  if [[ -z "$AUTH_PASSWORD" ]]; then
    dokku_log_fail "Missing username"
    return 1
  fi

  dokku_log_info1 "Adding $AUTH_USERNAME to basic auth list"
  fn-http-auth-add-user "$APP" "$AUTH_USERNAME" "$AUTH_PASSWORD"
  validate_nginx "$APP" && restart_nginx "$APP" >/dev/null
}

cmd-http-auth-add-allowed-ip() {
  declare desc="add allowed ip to basic auth bypass for an app"
  declare cmd="http-auth:add-allowed-ip"
  [[ "$1" == "$cmd" ]] && shift 1
  declare APP="$1" ADDRESS="$2"

  if [[ -z "$ADDRESS" ]]; then
    dokku_log_fail "Missing ip address"
    return 1
  fi

  verify_app_name "$APP"

  dokku_log_info1 "Adding $ADDRESS to allowed ip list"
  if fn-plugin-property-list-get-by-value "http-auth" "$APP" "allowed-ips" "$ADDRESS" 2>/dev/null; then
    return
  fi

  fn-plugin-property-list-add "http-auth" "$APP" "allowed-ips" "$ADDRESS"
  fn-http-auth-template-config "$APP"
  validate_nginx "$APP" && restart_nginx "$APP" >/dev/null
}

cmd-http-auth-remove-user() {
  declare desc="remove http auth user from app"
  declare cmd="http-auth:remove-user"
  [[ "$1" == "$cmd" ]] && shift 1
  declare APP="$1" AUTH_USERNAME="$2"

  verify_app_name "$APP"
  if [[ "$(fn-http-auth-enabled "$APP")" == "false" ]]; then
    dokku_log_fail "Authentication is disabled"
    return 1
  fi

  if [[ -z "$AUTH_USERNAME" ]]; then
    dokku_log_fail "Missing username"
    return 1
  fi

  dokku_log_info1 "Removing $AUTH_USERNAME from basic auth list"
  fn-http-auth-remove-user "$APP" "$AUTH_USERNAME"
  validate_nginx "$APP" && restart_nginx "$APP" >/dev/null
}

cmd-http-auth-remove-allowed-ip() {
  declare desc="remove allowed ip from basic auth bypass for an app"
  declare cmd="http-auth:remove-allowed-ip"
  [[ "$1" == "$cmd" ]] && shift 1
  declare APP="$1" ADDRESS="$2"

  verify_app_name "$APP"

  if [[ -z "$ADDRESS" ]]; then
    dokku_log_fail "Missing ip address"
    return 1
  fi

  dokku_log_info1 "Removing $ADDRESS from allowed ip list"
  fn-plugin-property-list-remove "http-auth" "$APP" "allowed-ips" "$ADDRESS"
  fn-http-auth-template-config "$APP"
  validate_nginx "$APP" && restart_nginx "$APP" >/dev/null
}