feat: GCTL Token generation through SWS

sdslabs · Feb 18, 2022 · fd1a268 · fd1a268
1 parent 8dc02a0
commit fd1a268
Show file tree

Hide file tree

Showing 582 changed files with 749 additions and 191 deletions.
diff --git a/package-lock.json b/package-lock.json
diff --git a/services/genssh/controller.go b/services/genssh/controller.go
@@ -1,3 +1,4 @@
+//go:build !windows
 // +build !windows
 
 package genssh

diff --git a/services/master/controllers/term.go b/services/master/controllers/term.go
@@ -1,3 +1,4 @@
+//go:build !windows
 // +build !windows
 
 package controllers

diff --git a/services/master/middlewares/jwt.go b/services/master/middlewares/jwt.go
@@ -34,6 +34,21 @@ func authenticator(c *gin.Context) (interface{}, error) {
  return user, nil
 }
 
+// AuthenticatorForGctl doesn't authenticate. Authentication to be done in middleware before invoking this function.
+// This function only gets the user details.
+func authenticatorForGctl(c *gin.Context) (interface{}, error) {
+ auth := &types.GCTLToken{}
+ if err := c.ShouldBind(auth); err != nil {
+ return nil, errMissingCredentials
+ }
+ user, err := mongo.FetchSingleUser(auth.GetEmail())
+ if err != nil || user == nil {
+ return nil, errFailedAuthentication
+ }
+
+ return user, nil
+}
+
 func payloadFunc(data interface{}) jwt.MapClaims {
  if user, ok := data.(*types.User); ok {
  return jwt.MapClaims{
@@ -157,7 +172,7 @@ var JWTGctl = &jwt.GinJWTMiddleware{
  TokenLookup: "header: Authorization",
  TokenHeadName: "gctlToken",
  TimeFunc: time.Now,
- Authenticator: authenticator,
+ Authenticator: authenticatorForGctl,
  PayloadFunc: payloadFuncForGctl,
  IdentityHandler: identityHandlerForGctl,
  Authorizator: authorizatorForGctl,

diff --git a/services/master/routes.go b/services/master/routes.go
@@ -55,6 +55,7 @@ func NewService() http.Handler {
  auth.PUT("/revoke", c.RevokeToken)
  }
 
+ auth.POST("/pat", m.AuthRequired(), m.LoginHandler)
  router.GET("/instances", m.AuthRequired(), c.FetchAllInstancesByUser)
  router.POST("/gctllogin", m.JWTGctl.MiddlewareFunc(), c.GctlLogin)
 

diff --git a/types/user.go b/types/user.go
@@ -99,3 +99,14 @@ func (pw *PasswordUpdate) GetOldPassword() string {
 func (pw *PasswordUpdate) GetNewPassword() string {
  return pw.NewPassword
 }
+
+// GCTLToken is the request body for generating GCTLToken
+type GCTLToken struct {
+ Email string `form:"email" json:"email" bson:"email" binding:"required"`
+ Token string `form:"token" json:"token" bson:"token" binding:"required"`
+}
+
+// GetEmail returns the email of the user
+func (auth *GCTLToken) GetEmail() string {
+ return auth.Email
+}
diff --git a/vendor/github.com/BurntSushi/toml/encoding_types.go b/vendor/github.com/BurntSushi/toml/encoding_types.go
diff --git a/vendor/github.com/BurntSushi/toml/encoding_types_1.1.go b/vendor/github.com/BurntSushi/toml/encoding_types_1.1.go
diff --git a/vendor/github.com/Microsoft/go-winio/backup.go b/vendor/github.com/Microsoft/go-winio/backup.go
diff --git a/vendor/github.com/Microsoft/go-winio/file.go b/vendor/github.com/Microsoft/go-winio/file.go
diff --git a/vendor/github.com/Microsoft/go-winio/fileinfo.go b/vendor/github.com/Microsoft/go-winio/fileinfo.go
diff --git a/vendor/github.com/Microsoft/go-winio/pipe.go b/vendor/github.com/Microsoft/go-winio/pipe.go
diff --git a/vendor/github.com/Microsoft/go-winio/privilege.go b/vendor/github.com/Microsoft/go-winio/privilege.go
diff --git a/vendor/github.com/Microsoft/go-winio/sd.go b/vendor/github.com/Microsoft/go-winio/sd.go
diff --git a/vendor/github.com/NYTimes/gziphandler/gzip_go18.go b/vendor/github.com/NYTimes/gziphandler/gzip_go18.go
diff --git a/vendor/github.com/alphadose/gotty/pkg/randomstring/generate.go b/vendor/github.com/alphadose/gotty/pkg/randomstring/generate.go
diff --git a/vendor/github.com/alphadose/gotty/server/asset.go b/vendor/github.com/alphadose/gotty/server/asset.go
diff --git a/vendor/github.com/alphadose/gotty/server/handlers.go b/vendor/github.com/alphadose/gotty/server/handlers.go
diff --git a/vendor/github.com/alphadose/gotty/utils/flags.go b/vendor/github.com/alphadose/gotty/utils/flags.go
diff --git a/vendor/github.com/asaskevich/govalidator/types.go b/vendor/github.com/asaskevich/govalidator/types.go
diff --git a/vendor/github.com/creack/pty/ioctl.go b/vendor/github.com/creack/pty/ioctl.go
diff --git a/vendor/github.com/creack/pty/ioctl_bsd.go b/vendor/github.com/creack/pty/ioctl_bsd.go
diff --git a/vendor/github.com/creack/pty/ioctl_solaris.go b/vendor/github.com/creack/pty/ioctl_solaris.go
diff --git a/vendor/github.com/creack/pty/pty_solaris.go b/vendor/github.com/creack/pty/pty_solaris.go
diff --git a/vendor/github.com/creack/pty/pty_unsupported.go b/vendor/github.com/creack/pty/pty_unsupported.go
diff --git a/vendor/github.com/creack/pty/run.go b/vendor/github.com/creack/pty/run.go
diff --git a/vendor/github.com/creack/pty/util.go b/vendor/github.com/creack/pty/util.go
diff --git a/vendor/github.com/creack/pty/util_solaris.go b/vendor/github.com/creack/pty/util_solaris.go
diff --git a/vendor/github.com/creack/pty/ztypes_arm64.go b/vendor/github.com/creack/pty/ztypes_arm64.go
diff --git a/vendor/github.com/creack/pty/ztypes_mipsx.go b/vendor/github.com/creack/pty/ztypes_mipsx.go
diff --git a/vendor/github.com/creack/pty/ztypes_openbsd_386.go b/vendor/github.com/creack/pty/ztypes_openbsd_386.go
diff --git a/vendor/github.com/creack/pty/ztypes_ppc64.go b/vendor/github.com/creack/pty/ztypes_ppc64.go
diff --git a/vendor/github.com/creack/pty/ztypes_ppc64le.go b/vendor/github.com/creack/pty/ztypes_ppc64le.go
diff --git a/vendor/github.com/creack/pty/ztypes_riscvx.go b/vendor/github.com/creack/pty/ztypes_riscvx.go
diff --git a/vendor/github.com/creack/pty/ztypes_s390x.go b/vendor/github.com/creack/pty/ztypes_s390x.go
diff --git a/vendor/github.com/dgrijalva/jwt-go/rsa_pss.go b/vendor/github.com/dgrijalva/jwt-go/rsa_pss.go
diff --git a/vendor/github.com/dgrijalva/jwt-go/token.go b/vendor/github.com/dgrijalva/jwt-go/token.go
diff --git a/vendor/github.com/docker/docker/api/types/container/hostconfig_unix.go b/vendor/github.com/docker/docker/api/types/container/hostconfig_unix.go
diff --git a/vendor/github.com/docker/docker/client/client_unix.go b/vendor/github.com/docker/docker/client/client_unix.go
diff --git a/vendor/github.com/docker/docker/pkg/tlsconfig/tlsconfig_clone.go b/vendor/github.com/docker/docker/pkg/tlsconfig/tlsconfig_clone.go
diff --git a/vendor/github.com/docker/docker/pkg/tlsconfig/tlsconfig_clone_go16.go b/vendor/github.com/docker/docker/pkg/tlsconfig/tlsconfig_clone_go16.go
diff --git a/vendor/github.com/docker/docker/pkg/tlsconfig/tlsconfig_clone_go17.go b/vendor/github.com/docker/docker/pkg/tlsconfig/tlsconfig_clone_go17.go
diff --git a/vendor/github.com/docker/go-connections/sockets/sockets_unix.go b/vendor/github.com/docker/go-connections/sockets/sockets_unix.go
diff --git a/vendor/github.com/docker/go-connections/sockets/unix_socket.go b/vendor/github.com/docker/go-connections/sockets/unix_socket.go
diff --git a/vendor/github.com/docker/go-connections/tlsconfig/certpool_go17.go b/vendor/github.com/docker/go-connections/tlsconfig/certpool_go17.go
diff --git a/vendor/github.com/docker/go-connections/tlsconfig/certpool_other.go b/vendor/github.com/docker/go-connections/tlsconfig/certpool_other.go
diff --git a/vendor/github.com/docker/go-connections/tlsconfig/config_client_ciphers.go b/vendor/github.com/docker/go-connections/tlsconfig/config_client_ciphers.go
diff --git a/vendor/github.com/docker/go-connections/tlsconfig/config_legacy_client_ciphers.go b/vendor/github.com/docker/go-connections/tlsconfig/config_legacy_client_ciphers.go