/
admin.go
118 lines (94 loc) · 2.41 KB
/
admin.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
package serv
import (
"bytes"
"encoding/base64"
"encoding/json"
"fmt"
"io"
"math/rand"
"net/http"
"sync/atomic"
"time"
)
func adminDeployHandler(s1 *Service) http.Handler {
h := func(w http.ResponseWriter, r *http.Request) {
var req DeployReq
s := s1.Load().(*service)
if !s.isAdminSecret(r) {
authFail(w)
return
}
de := json.NewDecoder(r.Body)
if err := de.Decode(&req); err != nil {
http.Error(w, err.Error(), http.StatusBadRequest)
return
}
if req.Name == "" {
badReq(w, "name is a required field")
return
}
if req.Bundle == "" {
badReq(w, "bundle is a required field")
return
}
res, err := s.saveConfig(r.Context(), req.Name, req.Bundle)
if err != nil {
intErr(w, fmt.Sprintf("deploy error: %s", err.Error()))
return
}
var msg string
if res.name != res.pname && res.pname != "" {
msg = fmt.Sprintf("deploy successful: '%s', replacing: '%s'", res.name, res.pname)
} else {
msg = fmt.Sprintf("deploy successful: '%s'", res.name)
}
_, _ = io.WriteString(w, msg)
}
return http.HandlerFunc(h)
}
func adminRollbackHandler(s1 *Service) http.Handler {
h := func(w http.ResponseWriter, r *http.Request) {
s := s1.Load().(*service)
if !s.isAdminSecret(r) {
authFail(w)
return
}
res, err := s.rollbackConfig(r.Context())
if err != nil {
intErr(w, fmt.Sprintf("error rolling-back config: %s", err.Error()))
return
}
var msg string
if res.name != res.pname && res.name != "" {
msg = fmt.Sprintf("rollback successful: '%s', replacing: '%s'", res.pname, res.name)
} else {
msg = fmt.Sprintf("rollback successful: '%s'", res.pname)
}
_, _ = io.WriteString(w, msg)
}
return http.HandlerFunc(h)
}
func (s *service) isAdminSecret(r *http.Request) bool {
atomic.AddInt32(&s.adminCount, 1)
defer atomic.StoreInt32(&s.adminCount, 0)
//#nosec G404
time.Sleep(time.Duration(rand.Intn(4000-2000)+2000) * time.Millisecond)
if s.adminCount > 2 {
return false
}
hv := r.Header.Get("Authorization")
if hv == "" {
return false
}
v1, err := base64.StdEncoding.DecodeString(hv[7:])
return (err == nil) && bytes.Equal(v1, s.asec[:])
}
func badReq(w http.ResponseWriter, msg string) {
http.Error(w, msg, http.StatusBadRequest)
}
func intErr(w http.ResponseWriter, msg string) {
http.Error(w, msg, http.StatusInternalServerError)
}
func authFail(w http.ResponseWriter) {
http.Error(w, "auth failed", http.StatusUnauthorized)
}