feat(global): introduce user teams and new UAC system (#868)

2025-07-24 15:59:41 +02:00 · 2017-05-23 20:56:10 +02:00 · 2017-05-23 20:56:10 +02:00 · 5523fc9023
commit 5523fc9023
parent a380fd9adc
160 changed files with 7112 additions and 3166 deletions
--- a/api/http/server.go
+++ b/api/http/server.go
@ -2,6 +2,9 @@ package http

 import (
 	"github.com/portainer/portainer"
+	"github.com/portainer/portainer/http/handler"
+	"github.com/portainer/portainer/http/proxy"
+	"github.com/portainer/portainer/http/security"

 	"net/http"
 )
@ -13,6 +16,8 @@ type Server struct {
 	AuthDisabled           bool
 	EndpointManagement     bool
 	UserService            portainer.UserService
+	TeamService            portainer.TeamService
+	TeamMembershipService  portainer.TeamMembershipService
 	EndpointService        portainer.EndpointService
 	ResourceControlService portainer.ResourceControlService
 	CryptoService          portainer.CryptoService
@ -20,7 +25,7 @@ type Server struct {
 	FileService            portainer.FileService
 	Settings               *portainer.Settings
 	TemplatesURL           string
-	Handler                *Handler
+	Handler                *handler.Handler
 	SSL                    bool
 	SSLCert                string
 	SSLKey                 string
@ -28,49 +33,55 @@ type Server struct {

 // Start starts the HTTP server
 func (server *Server) Start() error {
-	middleWareService := &middleWareService{
-		jwtService:   server.JWTService,
-		authDisabled: server.AuthDisabled,
-	}
-	proxyService := NewProxyService(server.ResourceControlService)
+	requestBouncer := security.NewRequestBouncer(server.JWTService, server.TeamMembershipService, server.AuthDisabled)
+	proxyManager := proxy.NewManager(server.ResourceControlService, server.TeamMembershipService)

-	var authHandler = NewAuthHandler(middleWareService)
+	var authHandler = handler.NewAuthHandler(requestBouncer, server.AuthDisabled)
 	authHandler.UserService = server.UserService
 	authHandler.CryptoService = server.CryptoService
 	authHandler.JWTService = server.JWTService
-	authHandler.authDisabled = server.AuthDisabled
-	var userHandler = NewUserHandler(middleWareService)
+	var userHandler = handler.NewUserHandler(requestBouncer)
 	userHandler.UserService = server.UserService
+	userHandler.TeamService = server.TeamService
+	userHandler.TeamMembershipService = server.TeamMembershipService
 	userHandler.CryptoService = server.CryptoService
 	userHandler.ResourceControlService = server.ResourceControlService
-	var settingsHandler = NewSettingsHandler(middleWareService)
-	settingsHandler.settings = server.Settings
-	var templatesHandler = NewTemplatesHandler(middleWareService)
-	templatesHandler.containerTemplatesURL = server.TemplatesURL
-	var dockerHandler = NewDockerHandler(middleWareService, server.ResourceControlService)
+	var teamHandler = handler.NewTeamHandler(requestBouncer)
+	teamHandler.TeamService = server.TeamService
+	teamHandler.TeamMembershipService = server.TeamMembershipService
+	var teamMembershipHandler = handler.NewTeamMembershipHandler(requestBouncer)
+	teamMembershipHandler.TeamMembershipService = server.TeamMembershipService
+	var settingsHandler = handler.NewSettingsHandler(requestBouncer, server.Settings)
+	var templatesHandler = handler.NewTemplatesHandler(requestBouncer, server.TemplatesURL)
+	var dockerHandler = handler.NewDockerHandler(requestBouncer)
 	dockerHandler.EndpointService = server.EndpointService
-	dockerHandler.ProxyService = proxyService
-	var websocketHandler = NewWebSocketHandler()
+	dockerHandler.TeamMembershipService = server.TeamMembershipService
+	dockerHandler.ProxyManager = proxyManager
+	var websocketHandler = handler.NewWebSocketHandler()
 	websocketHandler.EndpointService = server.EndpointService
-	var endpointHandler = NewEndpointHandler(middleWareService)
-	endpointHandler.authorizeEndpointManagement = server.EndpointManagement
+	var endpointHandler = handler.NewEndpointHandler(requestBouncer, server.EndpointManagement)
 	endpointHandler.EndpointService = server.EndpointService
 	endpointHandler.FileService = server.FileService
-	endpointHandler.ProxyService = proxyService
-	var uploadHandler = NewUploadHandler(middleWareService)
+	endpointHandler.ProxyManager = proxyManager
+	var resourceHandler = handler.NewResourceHandler(requestBouncer)
+	resourceHandler.ResourceControlService = server.ResourceControlService
+	var uploadHandler = handler.NewUploadHandler(requestBouncer)
 	uploadHandler.FileService = server.FileService
-	var fileHandler = newFileHandler(server.AssetsPath)
+	var fileHandler = handler.NewFileHandler(server.AssetsPath)

-	server.Handler = &Handler{
-		AuthHandler:      authHandler,
-		UserHandler:      userHandler,
-		EndpointHandler:  endpointHandler,
-		SettingsHandler:  settingsHandler,
-		TemplatesHandler: templatesHandler,
-		DockerHandler:    dockerHandler,
-		WebSocketHandler: websocketHandler,
-		FileHandler:      fileHandler,
-		UploadHandler:    uploadHandler,
+	server.Handler = &handler.Handler{
+		AuthHandler:           authHandler,
+		UserHandler:           userHandler,
+		TeamHandler:           teamHandler,
+		TeamMembershipHandler: teamMembershipHandler,
+		EndpointHandler:       endpointHandler,
+		ResourceHandler:       resourceHandler,
+		SettingsHandler:       settingsHandler,
+		TemplatesHandler:      templatesHandler,
+		DockerHandler:         dockerHandler,
+		WebSocketHandler:      websocketHandler,
+		FileHandler:           fileHandler,
+		UploadHandler:         uploadHandler,
 	}

 	if server.SSL {