/
middleware.go
103 lines (86 loc) · 2.6 KB
/
middleware.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
package auth
import (
"fmt"
"net/http"
"net/url"
"strings"
dashboardauthapi "github.com/kubernetes/dashboard/src/app/backend/auth/api"
"github.com/pkg/errors"
"k8s.io/apiserver/pkg/authentication/user"
"k8s.io/apiserver/pkg/endpoints/request"
clientcmdapi "k8s.io/client-go/tools/clientcmd/api"
"github.com/oneblock-ai/oneblock/pkg/server/config"
"github.com/oneblock-ai/oneblock/pkg/utils"
)
func NewMiddleware(management *config.Management) *Middleware {
return &Middleware{
tokenManager: management.TokenManager,
}
}
type Middleware struct {
tokenManager dashboardauthapi.TokenManager
}
func (m *Middleware) AuthMiddleware(handler http.Handler) http.Handler {
return http.HandlerFunc(func(rw http.ResponseWriter, req *http.Request) {
jweToken, err := extractJWETokenFromRequest(req)
if err != nil {
utils.ResponseError(rw, http.StatusUnauthorized, err)
return
}
userInfo, err := m.getUserInfoFromToken(jweToken)
if err != nil {
utils.ResponseError(rw, http.StatusUnauthorized, err)
return
}
ctx := request.WithUser(req.Context(), userInfo)
req = req.WithContext(ctx)
handler.ServeHTTP(rw, req)
})
}
func extractJWETokenFromRequest(req *http.Request) (string, error) {
tokenStr := req.Header.Get("Authorization")
if strings.HasPrefix(tokenStr, "Bearer ") {
tokenStr = strings.TrimPrefix(tokenStr, "Bearer ")
} else {
tokenStr = ""
}
if tokenStr == "" {
cookie, err := req.Cookie(cookieName)
if err != nil && !errors.Is(err, http.ErrNoCookie) {
return tokenStr, err
} else if !errors.Is(err, http.ErrNoCookie) && len(cookie.Value) > 0 {
tokenStr = cookie.Value
}
}
if tokenStr == "" {
return "", errors.New("failed to get cookie from request")
}
decodedToken, err := url.QueryUnescape(tokenStr)
if err != nil {
return "", errors.New("failed to parse cookie from request")
}
return decodedToken, nil
}
func (m *Middleware) getUserInfoFromToken(jweToken string) (userInfo user.Info, err error) {
//handle panic from calling tokenManager.Decrypt
defer func() {
if recoveryMessage := recover(); recoveryMessage != nil {
err = fmt.Errorf("%v", recoveryMessage)
}
}()
authInfo, err := m.tokenManager.Decrypt(jweToken)
if err != nil {
return nil, fmt.Errorf("failed to decrypt token: %w", err)
}
return impersonateAuthInfoToUserInfo(authInfo), nil
}
func impersonateAuthInfoToUserInfo(authInfo *clientcmdapi.AuthInfo) user.Info {
var userInfo user.DefaultInfo
if authInfo.Impersonate != "" {
userInfo.Name = authInfo.Impersonate
}
if len(authInfo.ImpersonateGroups) != 0 {
userInfo.Groups = authInfo.ImpersonateGroups
}
return &userInfo
}