Docker/portainer
Docker/portainer
1
0
Fork 0
mirror of https://github.com/portainer/portainer.git synced 2025-07-24 07:49:41 +02:00
Code Issues Releases Activity

feat(backup): Add backup/restore to the server

Browse source
This commit is contained in:
Dmitry Salakhov 2021-04-06 22:08:43 +12:00
parent c04bbb5775
commit a3ec2f8e85
65 changed files with 2394 additions and 564 deletions
Download patch file Download diff file Expand all files Collapse all files

48
api/http/security/bouncer.go
View file

@ -6,7 +6,7 @@ import (
"strings"
httperror "github.com/portainer/libhttp/error"
"github.com/portainer/portainer/api"
portainer "github.com/portainer/portainer/api"
bolterrors "github.com/portainer/portainer/api/bolt/errors"
httperrors "github.com/portainer/portainer/api/http/errors"
)
@ -153,6 +153,9 @@ func (bouncer *RequestBouncer) RegistryAccess(r *http.Request, registry *portain
return nil
}
// handlers are applied backwards to the incoming request:
// - add secure handlers to the response
// - parse the JWT token and put it into the http context.
func (bouncer *RequestBouncer) mwAuthenticatedUser(h http.Handler) http.Handler {
h = bouncer.mwCheckAuthentication(h)
h = mwSecureHeaders(h)
@ -216,6 +219,8 @@ func (bouncer *RequestBouncer) mwUpgradeToRestrictedRequest(next http.Handler) h
}
// mwCheckAuthentication provides Authentication middleware for handlers
//
// It parses the JWT token and adds the parsed token data to the http context
func (bouncer *RequestBouncer) mwCheckAuthentication(next http.Handler) http.Handler {
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
var tokenData *portainer.TokenData
@ -269,30 +274,31 @@ func mwSecureHeaders(next http.Handler) http.Handler {
}
func (bouncer *RequestBouncer) newRestrictedContextRequest(userID portainer.UserID, userRole portainer.UserRole) (*RestrictedRequestContext, error) {
requestContext := &RestrictedRequestContext{
IsAdmin: true,
UserID: userID,
if userRole == portainer.AdministratorRole {
return &RestrictedRequestContext{
IsAdmin: true,
UserID: userID,
}, nil
}
if userRole != portainer.AdministratorRole {
requestContext.IsAdmin = false
memberships, err := bouncer.dataStore.TeamMembership().TeamMembershipsByUserID(userID)
if err != nil {
return nil, err
}
isTeamLeader := false
for _, membership := range memberships {
if membership.Role == portainer.TeamLeader {
isTeamLeader = true
}
}
requestContext.IsTeamLeader = isTeamLeader
requestContext.UserMemberships = memberships
memberships, err := bouncer.dataStore.TeamMembership().TeamMembershipsByUserID(userID)
if err != nil {
return nil, err
}
return requestContext, nil
isTeamLeader := false
for _, membership := range memberships {
if membership.Role == portainer.TeamLeader {
isTeamLeader = true
}
}
return &RestrictedRequestContext{
IsAdmin: false,
UserID: userID,
IsTeamLeader: isTeamLeader,
UserMemberships: memberships,
}, nil
}
// EdgeComputeOperation defines a restriced edge compute operation.