mirror of
https://github.com/portainer/portainer.git
synced 2025-07-23 15:29:42 +02:00
69c17986d9
* feat(access-token): Multi-auth middleware support EE-1891 (#5936) * AnyAuth middleware initial implementation with tests * using mux.MiddlewareFunc instead of custom definition * removed redundant comments * - ExtractBearerToken bouncer func made private - changed helm token handling functionality to use jwt service to convert token to jwt string - updated tests - fixed helm list broken test due to missing token in request context * rename mwCheckAuthentication -> mwCheckJWTAuthentication * - introduce initial api-key auth support using X-API-KEY header - added tests to validate x-api-key request header presence * updated core mwAuthenticatedUser middleware to support multiple auth paradigms * - simplified anyAuth middleware - enforcing authmiddleware to implement verificationFunc interface - created tests for middleware * simplify bouncer Co-authored-by: Dmitry Salakhov <to@dimasalakhov.com> * feat(api-key): user-access-token generation endpoint EE-1889 EE-1888 EE-1895 (#6012) * user-access-token generation endpoint * fix comment * - introduction of apikey service - seperation of repository from service logic - called in handler * fixed tests * - fixed api key prefix - added tests * added another test for digest matching * updated swagger spec for access token creation * api key response returns raw key and struct - easing testability * test for api key prefix length * added another TODO to middleware * - api-key prefix rune -> string (rune does not auto-encode when response sent back to client) - digest -> pointer as we want to allow nil values and omit digest in responses (when nil) * - updated apikey struct - updated apikey service to support all common operations - updated apikey repo - integration of apikey service into bouncer - added test for all apikey service functions - boilerplate code for apikey service integration * - user access token generation tests - apiKeyLookup updated to support query params - added api-key tests for query params - added api-key tests for apiKeyLookup * get and remove access token handlers * get and remove access token handler tests * - delete user deletes all associated api keys - tests for this functionality * removed redundant []byte cast * automatic api-key eviction set within cache for 1 hour * fixed bug with loop var using final value * fixed service comment * ignore bolt error responses * case-insensitive query param check * simplified query var assignment * - added GetAPIKey func to get by unique id - updated DeleteAPIKey func to not require user ID - updated tests * GenerateRandomKey helper func from github.com/gorilla/securecookie moved to codebase * json response casing for api-keys fixed * updating api-key will update the cache * updated golang LRU cache * using hashicorps golang-LRU cache for api keys * simplified jwt check in create user access token * fixed api-key update logic on cache miss * Prefix generated api-keys with `ptr_` (#6067) * prefix api-keys with 'ptr_' * updated apikey description * refactor Co-authored-by: Dmitry Salakhov <to@dimasalakhov.com> * helm list test refactor * fixed user delete test * reduce test nil pointer errors * using correct http 201 created status code for token creation; updated tests * fixed swagger doc user id path param for user access token based endpoints * added api-key security openapi spec to existing jwt secured endpoints (#6091) * fixed flaky test * apikey datecreated and lastused attrs converted to unix timestamp * feat(user): added access token datatable. (#6124) * feat(user): added access token datatable. * feat(tokens): only display lastUsed time when it is not the default date * Update app/portainer/views/account/accountController.js Co-authored-by: zees-dev <63374656+zees-dev@users.noreply.github.com> * Update app/portainer/views/account/accountController.js Co-authored-by: zees-dev <63374656+zees-dev@users.noreply.github.com> * Update app/portainer/views/account/accountController.js Co-authored-by: zees-dev <63374656+zees-dev@users.noreply.github.com> * Update app/portainer/components/datatables/access-tokens-datatable/accessTokensDatatableController.js Co-authored-by: zees-dev <63374656+zees-dev@users.noreply.github.com> * Update app/portainer/services/api/userService.js Co-authored-by: zees-dev <63374656+zees-dev@users.noreply.github.com> * feat(improvements): proposed datatable improvements to speed up dev time (#6138) * modal code update * updated datatable filenames, updated controller to be default class export * fix(access-token): code improvement. Co-authored-by: zees-dev <63374656+zees-dev@users.noreply.github.com> * feat(apikeys): create access token view initial implementation EE-1886 (#6129) * CopyButton implementation * Code component implementation * ToolTip component migration to another folder * TextTip component implementation - continued * form Heading component * Button component updated to be more dynamic * copybutton - small size * form control pass tip error * texttip small text * CreateAccessToken react feature initial implementation * create user access token angularjs view implementation * registration of CreateAccessToken component in AngularJS * user token generation API request moved to angular service, method passed down instead * consistent naming of access token operations; clustered similar code together * any user can add access token * create access token page routing * moved code component to the correct location * removed isadmin check as all functionality applicable to all users * create access token angular view moved up a level * fixed PR issues, updated PR * addressed PR issues/improvements * explicit hr for horizontal line * fixed merge conflict storybook build breaking * - apikey test - cache test * addressed testing issues: - description validations - remove token description link on table * fix(api-keys): user role change evicts user keys in cache EE-2113 (#6168) * user role change evicts user api keys in cache * EvictUserKeyCache -> InvalidateUserKeyCache * godoc for InvalidateUserKeyCache func * additional test line * disable add access token button after adding token to prevent spam Co-authored-by: Dmitry Salakhov <to@dimasalakhov.com> Co-authored-by: fhanportainer <79428273+fhanportainer@users.noreply.github.com>
294 lines
8.4 KiB
Go
294 lines
8.4 KiB
Go
package bolt
|
|
|
|
import (
|
|
portainer "github.com/portainer/portainer/api"
|
|
"github.com/portainer/portainer/api/bolt/apikeyrepository"
|
|
"github.com/portainer/portainer/api/bolt/customtemplate"
|
|
"github.com/portainer/portainer/api/bolt/dockerhub"
|
|
"github.com/portainer/portainer/api/bolt/edgegroup"
|
|
"github.com/portainer/portainer/api/bolt/edgejob"
|
|
"github.com/portainer/portainer/api/bolt/edgestack"
|
|
"github.com/portainer/portainer/api/bolt/endpoint"
|
|
"github.com/portainer/portainer/api/bolt/endpointgroup"
|
|
"github.com/portainer/portainer/api/bolt/endpointrelation"
|
|
"github.com/portainer/portainer/api/bolt/extension"
|
|
"github.com/portainer/portainer/api/bolt/helmuserrepository"
|
|
"github.com/portainer/portainer/api/bolt/registry"
|
|
"github.com/portainer/portainer/api/bolt/resourcecontrol"
|
|
"github.com/portainer/portainer/api/bolt/role"
|
|
"github.com/portainer/portainer/api/bolt/schedule"
|
|
"github.com/portainer/portainer/api/bolt/settings"
|
|
"github.com/portainer/portainer/api/bolt/ssl"
|
|
"github.com/portainer/portainer/api/bolt/stack"
|
|
"github.com/portainer/portainer/api/bolt/tag"
|
|
"github.com/portainer/portainer/api/bolt/team"
|
|
"github.com/portainer/portainer/api/bolt/teammembership"
|
|
"github.com/portainer/portainer/api/bolt/tunnelserver"
|
|
"github.com/portainer/portainer/api/bolt/user"
|
|
"github.com/portainer/portainer/api/bolt/version"
|
|
"github.com/portainer/portainer/api/bolt/webhook"
|
|
)
|
|
|
|
func (store *Store) initServices() error {
|
|
authorizationsetService, err := role.NewService(store.connection)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
store.RoleService = authorizationsetService
|
|
|
|
customTemplateService, err := customtemplate.NewService(store.connection)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
store.CustomTemplateService = customTemplateService
|
|
|
|
dockerhubService, err := dockerhub.NewService(store.connection)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
store.DockerHubService = dockerhubService
|
|
|
|
edgeStackService, err := edgestack.NewService(store.connection)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
store.EdgeStackService = edgeStackService
|
|
|
|
edgeGroupService, err := edgegroup.NewService(store.connection)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
store.EdgeGroupService = edgeGroupService
|
|
|
|
edgeJobService, err := edgejob.NewService(store.connection)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
store.EdgeJobService = edgeJobService
|
|
|
|
endpointgroupService, err := endpointgroup.NewService(store.connection)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
store.EndpointGroupService = endpointgroupService
|
|
|
|
endpointService, err := endpoint.NewService(store.connection)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
store.EndpointService = endpointService
|
|
|
|
endpointRelationService, err := endpointrelation.NewService(store.connection)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
store.EndpointRelationService = endpointRelationService
|
|
|
|
extensionService, err := extension.NewService(store.connection)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
store.ExtensionService = extensionService
|
|
|
|
helmUserRepositoryService, err := helmuserrepository.NewService(store.connection)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
store.HelmUserRepositoryService = helmUserRepositoryService
|
|
|
|
registryService, err := registry.NewService(store.connection)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
store.RegistryService = registryService
|
|
|
|
resourcecontrolService, err := resourcecontrol.NewService(store.connection)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
store.ResourceControlService = resourcecontrolService
|
|
|
|
settingsService, err := settings.NewService(store.connection)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
store.SettingsService = settingsService
|
|
|
|
sslSettingsService, err := ssl.NewService(store.connection)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
store.SSLSettingsService = sslSettingsService
|
|
|
|
stackService, err := stack.NewService(store.connection)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
store.StackService = stackService
|
|
|
|
tagService, err := tag.NewService(store.connection)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
store.TagService = tagService
|
|
|
|
teammembershipService, err := teammembership.NewService(store.connection)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
store.TeamMembershipService = teammembershipService
|
|
|
|
teamService, err := team.NewService(store.connection)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
store.TeamService = teamService
|
|
|
|
tunnelServerService, err := tunnelserver.NewService(store.connection)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
store.TunnelServerService = tunnelServerService
|
|
|
|
userService, err := user.NewService(store.connection)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
store.UserService = userService
|
|
|
|
apiKeyService, err := apikeyrepository.NewService(store.connection)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
store.APIKeyRepositoryService = apiKeyService
|
|
|
|
versionService, err := version.NewService(store.connection)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
store.VersionService = versionService
|
|
|
|
webhookService, err := webhook.NewService(store.connection)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
store.WebhookService = webhookService
|
|
|
|
scheduleService, err := schedule.NewService(store.connection)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
store.ScheduleService = scheduleService
|
|
|
|
return nil
|
|
}
|
|
|
|
// CustomTemplate gives access to the CustomTemplate data management layer
|
|
func (store *Store) CustomTemplate() portainer.CustomTemplateService {
|
|
return store.CustomTemplateService
|
|
}
|
|
|
|
// EdgeGroup gives access to the EdgeGroup data management layer
|
|
func (store *Store) EdgeGroup() portainer.EdgeGroupService {
|
|
return store.EdgeGroupService
|
|
}
|
|
|
|
// EdgeJob gives access to the EdgeJob data management layer
|
|
func (store *Store) EdgeJob() portainer.EdgeJobService {
|
|
return store.EdgeJobService
|
|
}
|
|
|
|
// EdgeStack gives access to the EdgeStack data management layer
|
|
func (store *Store) EdgeStack() portainer.EdgeStackService {
|
|
return store.EdgeStackService
|
|
}
|
|
|
|
// Environment(Endpoint) gives access to the Environment(Endpoint) data management layer
|
|
func (store *Store) Endpoint() portainer.EndpointService {
|
|
return store.EndpointService
|
|
}
|
|
|
|
// EndpointGroup gives access to the EndpointGroup data management layer
|
|
func (store *Store) EndpointGroup() portainer.EndpointGroupService {
|
|
return store.EndpointGroupService
|
|
}
|
|
|
|
// EndpointRelation gives access to the EndpointRelation data management layer
|
|
func (store *Store) EndpointRelation() portainer.EndpointRelationService {
|
|
return store.EndpointRelationService
|
|
}
|
|
|
|
// HelmUserRepository access the helm user repository settings
|
|
func (store *Store) HelmUserRepository() portainer.HelmUserRepositoryService {
|
|
return store.HelmUserRepositoryService
|
|
}
|
|
|
|
// Registry gives access to the Registry data management layer
|
|
func (store *Store) Registry() portainer.RegistryService {
|
|
return store.RegistryService
|
|
}
|
|
|
|
// ResourceControl gives access to the ResourceControl data management layer
|
|
func (store *Store) ResourceControl() portainer.ResourceControlService {
|
|
return store.ResourceControlService
|
|
}
|
|
|
|
// Role gives access to the Role data management layer
|
|
func (store *Store) Role() portainer.RoleService {
|
|
return store.RoleService
|
|
}
|
|
|
|
// APIKeyRepository gives access to the api-key data management layer
|
|
func (store *Store) APIKeyRepository() portainer.APIKeyRepository {
|
|
return store.APIKeyRepositoryService
|
|
}
|
|
|
|
// Settings gives access to the Settings data management layer
|
|
func (store *Store) Settings() portainer.SettingsService {
|
|
return store.SettingsService
|
|
}
|
|
|
|
// SSLSettings gives access to the SSL Settings data management layer
|
|
func (store *Store) SSLSettings() portainer.SSLSettingsService {
|
|
return store.SSLSettingsService
|
|
}
|
|
|
|
// Stack gives access to the Stack data management layer
|
|
func (store *Store) Stack() portainer.StackService {
|
|
return store.StackService
|
|
}
|
|
|
|
// Tag gives access to the Tag data management layer
|
|
func (store *Store) Tag() portainer.TagService {
|
|
return store.TagService
|
|
}
|
|
|
|
// TeamMembership gives access to the TeamMembership data management layer
|
|
func (store *Store) TeamMembership() portainer.TeamMembershipService {
|
|
return store.TeamMembershipService
|
|
}
|
|
|
|
// Team gives access to the Team data management layer
|
|
func (store *Store) Team() portainer.TeamService {
|
|
return store.TeamService
|
|
}
|
|
|
|
// TunnelServer gives access to the TunnelServer data management layer
|
|
func (store *Store) TunnelServer() portainer.TunnelServerService {
|
|
return store.TunnelServerService
|
|
}
|
|
|
|
// User gives access to the User data management layer
|
|
func (store *Store) User() portainer.UserService {
|
|
return store.UserService
|
|
}
|
|
|
|
// Version gives access to the Version data management layer
|
|
func (store *Store) Version() portainer.VersionService {
|
|
return store.VersionService
|
|
}
|
|
|
|
// Webhook gives access to the Webhook data management layer
|
|
func (store *Store) Webhook() portainer.WebhookService {
|
|
return store.WebhookService
|
|
}
|