refactor(docker): migrate dashboard to react [EE-2191] (#11574)

api/http/handler/docker/dashboard.go

@@ -0,0 +1,164 @@
+package docker
+
+import (
+	"net/http"
+
+	"github.com/docker/docker/api/types"
+	"github.com/docker/docker/api/types/container"
+	"github.com/docker/docker/api/types/image"
+	"github.com/docker/docker/api/types/swarm"
+	"github.com/docker/docker/api/types/volume"
+	portainer "github.com/portainer/portainer/api"
+	"github.com/portainer/portainer/api/dataservices"
+	"github.com/portainer/portainer/api/docker"
+	"github.com/portainer/portainer/api/http/errors"
+	"github.com/portainer/portainer/api/http/handler/docker/utils"
+	"github.com/portainer/portainer/api/http/middlewares"
+	"github.com/portainer/portainer/api/http/security"
+	httperror "github.com/portainer/portainer/pkg/libhttp/error"
+	"github.com/portainer/portainer/pkg/libhttp/response"
+)
+
+type imagesCounters struct {
+	Total int   `json:"total"`
+	Size  int64 `json:"size"`
+}
+
+type dashboardResponse struct {
+	Containers docker.ContainerStats `json:"containers"`
+	Services   int                   `json:"services"`
+	Images     imagesCounters        `json:"images"`
+	Volumes    int                   `json:"volumes"`
+	Networks   int                   `json:"networks"`
+	Stacks     int                   `json:"stacks"`
+}
+
+// @id dockerDashboard
+// @summary Get counters for the dashboard
+// @description **Access policy**: restricted
+// @tags docker
+// @security jwt
+// @param environmentId path int true "Environment identifier"
+// @accept json
+// @produce json
+// @success 200 {object} dashboardResponse "Success"
+// @failure 400 "Bad request"
+// @failure 500 "Internal server error"
+// @router /docker/{environmentId}/dashboard [post]
+func (h *Handler) dashboard(w http.ResponseWriter, r *http.Request) *httperror.HandlerError {
+	var resp dashboardResponse
+	err := h.dataStore.ViewTx(func(tx dataservices.DataStoreTx) error {
+		cli, httpErr := utils.GetClient(r, h.dockerClientFactory)
+		if httpErr != nil {
+			return httpErr
+		}
+
+		context, err := security.RetrieveRestrictedRequestContext(r)
+		if err != nil {
+			return httperror.InternalServerError("Unable to retrieve user details from request context", err)
+		}
+
+		containers, err := cli.ContainerList(r.Context(), container.ListOptions{All: true})
+		if err != nil {
+			return httperror.InternalServerError("Unable to retrieve Docker containers", err)
+		}
+
+		containers, err = utils.FilterByResourceControl(tx, containers, portainer.ContainerResourceControl, context, func(c types.Container) string {
+			return c.ID
+		})
+		if err != nil {
+			return err
+		}
+
+		images, err := cli.ImageList(r.Context(), image.ListOptions{})
+		if err != nil {
+			return httperror.InternalServerError("Unable to retrieve Docker images", err)
+		}
+
+		var totalSize int64
+		for _, image := range images {
+			totalSize += image.Size
+		}
+
+		info, err := cli.Info(r.Context())
+		if err != nil {
+			return httperror.InternalServerError("Unable to retrieve Docker info", err)
+		}
+
+		isSwarmManager := info.Swarm.ControlAvailable && info.Swarm.NodeID != ""
+
+		var services []swarm.Service
+		if isSwarmManager {
+			servicesRes, err := cli.ServiceList(r.Context(), types.ServiceListOptions{})
+			if err != nil {
+				return httperror.InternalServerError("Unable to retrieve Docker services", err)
+			}
+
+			filteredServices, err := utils.FilterByResourceControl(tx, servicesRes, portainer.ServiceResourceControl, context, func(c swarm.Service) string {
+				return c.ID
+			})
+			if err != nil {
+				return err
+			}
+
+			services = filteredServices
+		}
+
+		volumesRes, err := cli.VolumeList(r.Context(), volume.ListOptions{})
+		if err != nil {
+			return httperror.InternalServerError("Unable to retrieve Docker volumes", err)
+		}
+
+		volumes, err := utils.FilterByResourceControl(tx, volumesRes.Volumes, portainer.NetworkResourceControl, context, func(c *volume.Volume) string {
+			return c.Name
+		})
+		if err != nil {
+			return err
+		}
+
+		networks, err := cli.NetworkList(r.Context(), types.NetworkListOptions{})
+		if err != nil {
+			return httperror.InternalServerError("Unable to retrieve Docker networks", err)
+		}
+
+		networks, err = utils.FilterByResourceControl(tx, networks, portainer.NetworkResourceControl, context, func(c types.NetworkResource) string {
+			return c.Name
+		})
+		if err != nil {
+			return err
+		}
+
+		environment, err := middlewares.FetchEndpoint(r)
+		if err != nil {
+			return httperror.InternalServerError("Unable to retrieve environment", err)
+		}
+
+		stackCount := 0
+		if environment.SecuritySettings.AllowStackManagementForRegularUsers || context.IsAdmin {
+			stacks, err := utils.GetDockerStacks(tx, context, environment.ID, containers, services)
+			if err != nil {
+				return httperror.InternalServerError("Unable to retrieve stacks", err)
+			}
+
+			stackCount = len(stacks)
+		}
+
+		resp = dashboardResponse{
+			Images: imagesCounters{
+				Total: len(images),
+				Size:  totalSize,
+			},
+			Services:   len(services),
+			Containers: docker.CalculateContainerStats(containers),
+			Networks:   len(networks),
+			Volumes:    len(volumes),
+			Stacks:     stackCount,
+		}
+
+		return nil
+	})
+
+	return errors.TxResponse(err, func() *httperror.HandlerError {
+		return response.JSON(w, resp)
+	})
+}

api/http/handler/docker/handler.go

@@ -41,8 +41,10 @@ func NewHandler(bouncer security.BouncerService, authorizationService *authoriza
 
 	// endpoints
 	endpointRouter := h.PathPrefix("/docker/{id}").Subrouter()
-	endpointRouter.Use(middlewares.WithEndpoint(dataStore.Endpoint(), "id"))
-	endpointRouter.Use(dockerOnlyMiddleware)
+	endpointRouter.Use(bouncer.AuthenticatedAccess)
+	endpointRouter.Use(middlewares.WithEndpoint(dataStore.Endpoint(), "id"), dockerOnlyMiddleware)
+
+	endpointRouter.Handle("/dashboard", httperror.LoggerHandler(h.dashboard)).Methods(http.MethodGet)
 
 	containersHandler := containers.NewHandler("/docker/{id}/containers", bouncer, dataStore, dockerClientFactory, containerService)
 	endpointRouter.PathPrefix("/containers").Handler(containersHandler)

api/http/handler/docker/utils/filter_by_uac.go

@@ -0,0 +1,36 @@
+package utils
+
+import (
+	"fmt"
+
+	portainer "github.com/portainer/portainer/api"
+	"github.com/portainer/portainer/api/dataservices"
+	"github.com/portainer/portainer/api/http/security"
+	"github.com/portainer/portainer/api/internal/authorization"
+	"github.com/portainer/portainer/api/internal/slices"
+)
+
+// filterByResourceControl filters a list of items based on the user's role and the resource control associated to the item.
+func FilterByResourceControl[T any](tx dataservices.DataStoreTx, items []T, rcType portainer.ResourceControlType, securityContext *security.RestrictedRequestContext, idGetter func(T) string) ([]T, error) {
+	if securityContext.IsAdmin {
+		return items, nil
+	}
+
+	userTeamIDs := slices.Map(securityContext.UserMemberships, func(membership portainer.TeamMembership) portainer.TeamID {
+		return membership.TeamID
+	})
+
+	filteredItems := make([]T, 0)
+	for _, item := range items {
+		resourceControl, err := tx.ResourceControl().ResourceControlByResourceIDAndType(idGetter(item), portainer.ContainerResourceControl)
+		if err != nil {
+			return nil, fmt.Errorf("Unable to retrieve resource control: %w", err)
+		}
+
+		if resourceControl == nil || authorization.UserCanAccessResource(securityContext.UserID, userTeamIDs, resourceControl) {
+			filteredItems = append(filteredItems, item)
+		}
+
+	}
+	return filteredItems, nil
+}

api/http/handler/docker/utils/get_stacks.go

@@ -0,0 +1,83 @@
+package utils
+
+import (
+	"fmt"
+
+	"github.com/docker/docker/api/types"
+	"github.com/docker/docker/api/types/swarm"
+	portainer "github.com/portainer/portainer/api"
+	portaineree "github.com/portainer/portainer/api"
+	"github.com/portainer/portainer/api/dataservices"
+	dockerconsts "github.com/portainer/portainer/api/docker/consts"
+	"github.com/portainer/portainer/api/http/security"
+)
+
+type StackViewModel struct {
+	InternalStack *portaineree.Stack
+
+	ID         portainer.StackID
+	Name       string
+	IsExternal bool
+	Type       portainer.StackType
+}
+
+// GetDockerStacks retrieves all the stacks associated to a specific environment filtered by the user's access.
+func GetDockerStacks(tx dataservices.DataStoreTx, securityContext *security.RestrictedRequestContext, environmentID portainer.EndpointID, containers []types.Container, services []swarm.Service) ([]StackViewModel, error) {
+
+	stacks, err := tx.Stack().ReadAll()
+	if err != nil {
+		return nil, fmt.Errorf("Unable to retrieve stacks: %w", err)
+	}
+
+	stacksNameSet := map[string]*StackViewModel{}
+
+	for i := range stacks {
+		stack := stacks[i]
+		if stack.EndpointID == environmentID {
+			stacksNameSet[stack.Name] = &StackViewModel{
+				InternalStack: &stack,
+				ID:            stack.ID,
+				Name:          stack.Name,
+				IsExternal:    false,
+				Type:          stack.Type,
+			}
+		}
+	}
+
+	for _, container := range containers {
+		name := container.Labels[dockerconsts.ComposeStackNameLabel]
+
+		if name != "" && stacksNameSet[name] == nil && !isHiddenStack(container.Labels) {
+			stacksNameSet[name] = &StackViewModel{
+				Name:       name,
+				IsExternal: true,
+				Type:       portainer.DockerComposeStack,
+			}
+		}
+	}
+
+	for _, service := range services {
+		name := service.Spec.Labels[dockerconsts.SwarmStackNameLabel]
+
+		if name != "" && stacksNameSet[name] == nil && !isHiddenStack(service.Spec.Labels) {
+			stacksNameSet[name] = &StackViewModel{
+				Name:       name,
+				IsExternal: true,
+				Type:       portainer.DockerSwarmStack,
+			}
+		}
+	}
+
+	stacksList := make([]StackViewModel, 0)
+	for _, stack := range stacksNameSet {
+		stacksList = append(stacksList, *stack)
+	}
+
+	return FilterByResourceControl(tx, stacksList, portainer.StackResourceControl, securityContext, func(c StackViewModel) string {
+		return c.Name
+	})
+}
+
+func isHiddenStack(labels map[string]string) bool {
+	return labels[dockerconsts.HideStackLabel] != ""
+}

api/http/handler/docker/utils/get_stacks_test.go

@@ -0,0 +1,96 @@
+package utils
+
+import (
+	"testing"
+
+	"github.com/docker/docker/api/types"
+	"github.com/docker/docker/api/types/swarm"
+	portainer "github.com/portainer/portainer/api"
+	portaineree "github.com/portainer/portainer/api"
+	dockerconsts "github.com/portainer/portainer/api/docker/consts"
+	"github.com/portainer/portainer/api/http/security"
+	"github.com/portainer/portainer/api/internal/testhelpers"
+	"github.com/stretchr/testify/assert"
+)
+
+func TestHandler_getDockerStacks(t *testing.T) {
+	environment := &portaineree.Endpoint{
+		ID: 1,
+		SecuritySettings: portainer.EndpointSecuritySettings{
+			AllowStackManagementForRegularUsers: true,
+		},
+	}
+
+	containers := []types.Container{
+		{
+			Labels: map[string]string{
+				dockerconsts.ComposeStackNameLabel: "stack1",
+			},
+		},
+		{
+			Labels: map[string]string{
+				dockerconsts.ComposeStackNameLabel: "stack2",
+			},
+		},
+	}
+
+	services := []swarm.Service{
+		{
+			Spec: swarm.ServiceSpec{
+				Annotations: swarm.Annotations{
+					Labels: map[string]string{
+						dockerconsts.SwarmStackNameLabel: "stack3",
+					},
+				},
+			},
+		},
+	}
+
+	stack1 := portaineree.Stack{
+		ID:         1,
+		Name:       "stack1",
+		EndpointID: 1,
+		Type:       portainer.DockerComposeStack,
+	}
+
+	datastore := testhelpers.NewDatastore(
+		testhelpers.WithEndpoints([]portaineree.Endpoint{*environment}),
+		testhelpers.WithStacks([]portaineree.Stack{
+			stack1,
+			{
+				ID:         2,
+				Name:       "stack2",
+				EndpointID: 2,
+				Type:       portainer.DockerSwarmStack,
+			},
+		}),
+	)
+
+	stacksList, err := GetDockerStacks(datastore, &security.RestrictedRequestContext{
+		IsAdmin: true,
+	}, environment.ID, containers, services)
+	assert.NoError(t, err)
+	assert.Len(t, stacksList, 3)
+
+	expectedStacks := []StackViewModel{
+		{
+			InternalStack: &stack1,
+			ID:            1,
+			Name:          "stack1",
+			IsExternal:    false,
+			Type:          portainer.DockerComposeStack,
+		},
+		{
+			Name:       "stack2",
+			IsExternal: true,
+			Type:       portainer.DockerComposeStack,
+		},
+		{
+			Name:       "stack3",
+			IsExternal: true,
+			Type:       portainer.DockerSwarmStack,
+		},
+	}
+
+	assert.ElementsMatch(t, expectedStacks, stacksList)
+}

api/http/handler/stacks/handler.go

@@ -10,6 +10,7 @@ import (
 	portainer "github.com/portainer/portainer/api"
 	"github.com/portainer/portainer/api/dataservices"
 	dockerclient "github.com/portainer/portainer/api/docker/client"
+	"github.com/portainer/portainer/api/docker/consts"
 	"github.com/portainer/portainer/api/http/middlewares"
 	"github.com/portainer/portainer/api/http/security"
 	"github.com/portainer/portainer/api/internal/authorization"
@@ -197,7 +198,7 @@ func (handler *Handler) checkUniqueStackNameInDocker(endpoint *portainer.Endpoin
 	}
 
 	for _, container := range containers {
-		containerNS, ok := container.Labels["com.docker.compose.project"]
+		containerNS, ok := container.Labels[consts.ComposeStackNameLabel]
 
 		if ok && containerNS == name {
 			return false, nil

api/http/security/authorization.go

@@ -13,7 +13,11 @@ func IsAdmin(request *http.Request) (bool, error) {
 		return false, err
 	}
 
-	return tokenData.Role == portainer.AdministratorRole, nil
+	return IsAdminRole(tokenData.Role), nil
+}
+
+func IsAdminRole(role portainer.UserRole) bool {
+	return role == portainer.AdministratorRole
 }
 
 // AuthorizedResourceControlAccess checks whether the user can alter an existing resource control.

api/http/security/context.go

@@ -6,6 +6,7 @@ import (
 	"net/http"
 
 	portainer "github.com/portainer/portainer/api"
+	"github.com/portainer/portainer/api/dataservices"
 )
 
 type (
@@ -49,3 +50,17 @@ func RetrieveRestrictedRequestContext(request *http.Request) (*RestrictedRequest
 	requestContext := contextData.(*RestrictedRequestContext)
 	return requestContext, nil
 }
+
+func RetrieveUserFromRequest(r *http.Request, tx dataservices.DataStoreTx) (*portainer.User, error) {
+	rrc, err := RetrieveRestrictedRequestContext(r)
+	if err != nil {
+		return nil, err
+	}
+
+	user, err := tx.User().Read(rrc.UserID)
+	if err != nil {
+		return nil, err
+	}
+
+	return user, nil
+}