OpenSource/homepage
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fix precommit isssues

Browse Source
This commit is contained in:
Aaron Dalton 2023-12-25 12:05:54 -05:00
parent 17451dd113
commit 0fed2f4267
10 changed files with 124 additions and 117 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
docs/configs/settings.md
View File

@ -461,6 +461,7 @@ If either value is set to true, the error message will be hidden.
Basic auth integration is implemeted via an `auth` section. An auth provider can be configured using the `provider` section with the given type. Currently the only provider supported is `proxy`, where the users identification and group membership are passed via HTTP Request headers (in plaintext). The expectation is that the application will be accessed only via an authenticating proxy (i.e treafik ). Basic auth integration is implemeted via an `auth` section. An auth provider can be configured using the `provider` section with the given type. Currently the only provider supported is `proxy`, where the users identification and group membership are passed via HTTP Request headers (in plaintext). The expectation is that the application will be accessed only via an authenticating proxy (i.e treafik ).
The group and user headers are both configurable like so: The group and user headers are both configurable like so:
```yaml ```yaml
auth: auth:
provider: provider:
@ -490,7 +491,7 @@ section. For example:
auth: auth:
groups: groups:
My Service Group: My Service Group:
allowGroups: ['Group1', 'Group2'] allowGroups: ["Group1", "Group2"]
My Other Group: My Other Group:
allowGroups: ['Group1'] allowGroups: ["Group1"]
``` ```

6
src/pages/api/auth.js
View File

@ -3,13 +3,13 @@ import { getSettings } from "utils/config/config";
export default async function handler(req, res) { export default async function handler(req, res) {
const { group } = req.query; const { group } = req.query;
const { provider, groups } = readAuthSettings(getSettings().auth) const { provider, groups } = readAuthSettings(getSettings().auth);
try { try {
if (checkAllowedGroup(provider.permissions(req), groups, group)) { if (checkAllowedGroup(provider.permissions(req), groups, group)) {
res.json({group}) res.json({ group });
} else { } else {
res.status(401).json({message:"Group unathorized"}) res.status(401).json({ message: "Group unathorized" });
} }
} catch (err) { } catch (err) {
res.status(500).send("Error authenticating"); res.status(500).send("Error authenticating");

2
src/pages/api/bookmarks.js
View File

@ -3,6 +3,6 @@ import { bookmarksResponse } from "utils/config/api-response";
import { getSettings } from "utils/config/config"; import { getSettings } from "utils/config/config";
export default async function handler(req, res) { export default async function handler(req, res) {
const { provider, groups } = readAuthSettings(getSettings().auth) const { provider, groups } = readAuthSettings(getSettings().auth);
res.send(await bookmarksResponse(provider.permissions(req), groups)); res.send(await bookmarksResponse(provider.permissions(req), groups));
} }

2
src/pages/api/services/index.js
View File

@ -3,6 +3,6 @@ import { servicesResponse } from "utils/config/api-response";
import { getSettings } from "utils/config/config"; import { getSettings } from "utils/config/config";
export default async function handler(req, res) { export default async function handler(req, res) {
const { provider, groups } = readAuthSettings(getSettings().auth) const { provider, groups } = readAuthSettings(getSettings().auth);
res.send(await servicesResponse(provider.permissions(req), groups)); res.send(await servicesResponse(provider.permissions(req), groups));
} }

2
src/pages/api/widgets/index.js
View File

@ -3,6 +3,6 @@ import { widgetsResponse } from "utils/config/api-response";
import { getSettings } from "utils/config/config"; import { getSettings } from "utils/config/config";
export default async function handler(req, res) { export default async function handler(req, res) {
const { provider } = readAuthSettings(getSettings().auth) const { provider } = readAuthSettings(getSettings().auth);
res.send(await widgetsResponse(provider.permissions(req))); res.send(await widgetsResponse(provider.permissions(req)));
} }

36
src/utils/auth/auth-helpers.js
View File

@ -3,7 +3,7 @@ import NullAuthProvider from "./null";
const AuthProviders = { const AuthProviders = {
NullAuthProvider, NullAuthProvider,
ProxyAuthProvider ProxyAuthProvider,
}; };
function getProviderByKey(key) { function getProviderByKey(key) {
@ -11,24 +11,24 @@ function getProviderByKey(key) {
} }
function authAllow({ user, groups }, item) { function authAllow({ user, groups }, item) {
const groupAllow = (('allowGroups' in item)) && groups.some(group => item.allowGroups.includes(group)); const groupAllow = "allowGroups" in item && groups.some((group) => item.allowGroups.includes(group));
const userAllow = (('allowUsers' in item)) && item.allowUsers.includes(user); const userAllow = "allowUsers" in item && item.allowUsers.includes(user);
const allowAll = (!('allowGroups' in item)) && (!('allowUsers' in item)); const allowAll = !("allowGroups" in item) && !("allowUsers" in item);
return userAllow || groupAllow || allowAll; return userAllow || groupAllow || allowAll;
} }
export function checkAllowedGroup(perms, authGroups, groupName) { export function checkAllowedGroup(perms, authGroups, groupName) {
const testGroup = authGroups.find((group) => group.name === groupName ) const testGroup = authGroups.find((group) => group.name === groupName);
return testGroup ? authAllow(perms, testGroup) : true return testGroup ? authAllow(perms, testGroup) : true;
} }
function filterAllowedItems(perms, authGroups, groups, groupKey) { function filterAllowedItems(perms, authGroups, groups, groupKey) {
return groups.filter((group) => checkAllowedGroup(perms, authGroups, group.name)) return groups
.filter((group) => checkAllowedGroup(perms, authGroups, group.name))
.map((group) => ({ .map((group) => ({
name: group.name, name: group.name,
[groupKey]: group[groupKey].filter((item) => authAllow(perms, item)) [groupKey]: group[groupKey].filter((item) => authAllow(perms, item)),
})) }))
.filter((group) => group[groupKey].length); .filter((group) => group[groupKey].length);
} }
@ -36,18 +36,22 @@ function filterAllowedItems(perms, authGroups, groups, groupKey) {
export function readAuthSettings({ provider, groups } = {}) { export function readAuthSettings({ provider, groups } = {}) {
return { return {
provider: provider ? getProviderByKey(provider.type).create(provider) : NullAuthProvider.create(), provider: provider ? getProviderByKey(provider.type).create(provider) : NullAuthProvider.create(),
groups: groups ? groups.map((group) => ({ groups: groups
? groups.map((group) => ({
name: Object.keys(group)[0], name: Object.keys(group)[0],
allowUsers: group[Object.keys(group)[0]].allowUsers, allowUsers: group[Object.keys(group)[0]].allowUsers,
allowGroups: group[Object.keys(group)[0]].allowGroups allowGroups: group[Object.keys(group)[0]].allowGroups,
})) : [] }))
} : [],
};
} }
export async function fetchWithAuth(key, context) { export async function fetchWithAuth(key, context) {
return getProviderByKey(context.provider).fetch([key, context]); return getProviderByKey(context.provider).fetch([key, context]);
} }
export const filterAllowedServices = (perms, authGroups, services) => filterAllowedItems(perms, authGroups, services, 'services'); export const filterAllowedServices = (perms, authGroups, services) =>
export const filterAllowedBookmarks = (perms, authGroups, bookmarks) => filterAllowedItems(perms, authGroups, bookmarks, 'bookmarks'); filterAllowedItems(perms, authGroups, services, "services");
export const filterAllowedWidgets = (perms, widgets) => widgets.filter((widget) => authAllow(perms, widget.options)) export const filterAllowedBookmarks = (perms, authGroups, bookmarks) =>
filterAllowedItems(perms, authGroups, bookmarks, "bookmarks");
export const filterAllowedWidgets = (perms, widgets) => widgets.filter((widget) => authAllow(perms, widget.options));

14
src/utils/auth/null.js
View File

@ -1,23 +1,23 @@
const NullPermissions = { user: null, groups:[]} const NullPermissions = { user: null, groups: [] };
const NullAuthKey = "none" const NullAuthKey = "none";
function createNullAuth() { function createNullAuth() {
return { return {
authorize: () => NullPermissions, authorize: () => NullPermissions,
getContext: () => ({ getContext: () => ({
provider: NullAuthKey provider: NullAuthKey,
}), }),
} };
} }
async function fetchNullAuth([key]) { async function fetchNullAuth([key]) {
return fetch(key).then((res) => res.json()) return fetch(key).then((res) => res.json());
} }
const NullAuthProvider = { const NullAuthProvider = {
key: NullAuthKey, key: NullAuthKey,
create: createNullAuth, create: createNullAuth,
fetch: fetchNullAuth fetch: fetchNullAuth,
} };
export default NullAuthProvider; export default NullAuthProvider;

22
src/utils/auth/proxy.js
View File

@ -1,33 +1,33 @@
// 'proxy' auth provider is meant to be used by a reverse proxy that injects permission headers into the origin // 'proxy' auth provider is meant to be used by a reverse proxy that injects permission headers into the origin
// request. In this case we are relying on our proxy to authenitcate our users and validate. // request. In this case we are relying on our proxy to authenitcate our users and validate.
const ProxyAuthKey="proxy" const ProxyAuthKey = "proxy";
function getProxyPermissions(userHeader, groupHeader, request) { function getProxyPermissions(userHeader, groupHeader, request) {
const user = (userHeader)?request.headers.get(userHeader):null; const user = userHeader ? request.headers.get(userHeader) : null;
const groupsString = (groupHeader)?request.headers.get(groupHeader):""; const groupsString = groupHeader ? request.headers.get(groupHeader) : "";
return {user, groups: (groupsString)?groupsString.split(",").map((v) => v.trimStart()):[]} return { user, groups: groupsString ? groupsString.split(",").map((v) => v.trimStart()) : [] };
} }
function createProxyAuth({ groupHeader, userHeader }) { function createProxyAuth({ groupHeader, userHeader }) {
return { return {
getContext: (request) => ({ getContext: (request) => ({
type: ProxyAuthKey, type: ProxyAuthKey,
...userHeader && {[userHeader]: request.headers.get(userHeader) }, ...(userHeader && { [userHeader]: request.headers.get(userHeader) }),
...groupHeader && {[groupHeader]: request.headers.get(groupHeader)} ...(groupHeader && { [groupHeader]: request.headers.get(groupHeader) }),
}), }),
authorize : (request) => getProxyPermissions(userHeader, groupHeader, request) authorize: (request) => getProxyPermissions(userHeader, groupHeader, request),
} };
} }
async function fetchProxyAuth([key, context]) { async function fetchProxyAuth([key, context]) {
return fetch(key, {headers: context.headers}).then((res) => res.json()) return fetch(key, { headers: context.headers }).then((res) => res.json());
} }
const ProxyAuthProvider = { const ProxyAuthProvider = {
key: ProxyAuthKey, key: ProxyAuthKey,
create: createProxyAuth, create: createProxyAuth,
fetch: fetchProxyAuth fetch: fetchProxyAuth,
} };
export default ProxyAuthProvider; export default ProxyAuthProvider;

18
src/utils/config/api-response.js
View File

@ -12,11 +12,7 @@ import {
servicesFromKubernetes, servicesFromKubernetes,
} from "utils/config/service-helpers"; } from "utils/config/service-helpers";
import { cleanWidgetGroups, widgetsFromConfig } from "utils/config/widget-helpers"; import { cleanWidgetGroups, widgetsFromConfig } from "utils/config/widget-helpers";
import { import { filterAllowedBookmarks, filterAllowedServices, filterAllowedWidgets } from "utils/auth/auth-helpers";
filterAllowedBookmarks,
filterAllowedServices,
filterAllowedWidgets
} from "utils/auth/auth-helpers";
/** /**
* Compares services by weight then by name. * Compares services by weight then by name.
@ -50,14 +46,16 @@ export async function bookmarksResponse(perms, authGroups) {
} }
// map easy to write YAML objects into easy to consume JS arrays // map easy to write YAML objects into easy to consume JS arrays
const bookmarksArray = filterAllowedBookmarks(perms, authGroups, const bookmarksArray = filterAllowedBookmarks(
perms,
authGroups,
bookmarks.map((group) => ({ bookmarks.map((group) => ({
name: Object.keys(group)[0], name: Object.keys(group)[0],
bookmarks: group[Object.keys(group)[0]].map((entries) => ({ bookmarks: group[Object.keys(group)[0]].map((entries) => ({
name: Object.keys(entries)[0], name: Object.keys(entries)[0],
...entries[Object.keys(entries)[0]][0], ...entries[Object.keys(entries)[0]][0],
})), })),
})) })),
); );
const sortedGroups = []; const sortedGroups = [];
@ -109,7 +107,11 @@ export async function servicesResponse(perms, authGroups) {
} }
try { try {
discoveredKubernetesServices = filterAllowedServices(perms, authGroups, cleanServiceGroups(await servicesFromKubernetes())); discoveredKubernetesServices = filterAllowedServices(
perms,
authGroups,
cleanServiceGroups(await servicesFromKubernetes()),
);
} catch (e) { } catch (e) {
console.error("Failed to discover services, please check kubernetes.yaml for errors or remove example entries."); console.error("Failed to discover services, please check kubernetes.yaml for errors or remove example entries.");
if (e) console.error(e.toString()); if (e) console.error(e.toString());