Mercurial > gemma

annotate pkg/auth/opendb.go @ 4160:7cccf7fef3e8

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Made 'golint' and 'staticcheck' happy with auth package.
author Sascha L. Teichmann <sascha.teichmann@intevation.de>
date Fri, 02 Aug 2019 17:08:58 +0200
parents a0892b578553
children c64dba002726
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
1017
a244b18cb916 Added GNU Affero General Public License.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 870
diff changeset
1 // This is Free Software under GNU Affero General Public License v >= 3.0
a244b18cb916 Added GNU Affero General Public License.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 870
diff changeset
2 // without warranty, see README.md and license for details.
a244b18cb916 Added GNU Affero General Public License.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 870
diff changeset
3 //
a244b18cb916 Added GNU Affero General Public License.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 870
diff changeset
4 // SPDX-License-Identifier: AGPL-3.0-or-later
a244b18cb916 Added GNU Affero General Public License.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 870
diff changeset
5 // License-Filename: LICENSES/AGPL-3.0.txt
a244b18cb916 Added GNU Affero General Public License.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 870
diff changeset
6 //
a244b18cb916 Added GNU Affero General Public License.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 870
diff changeset
7 // Copyright (C) 2018 by via donau
a244b18cb916 Added GNU Affero General Public License.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 870
diff changeset
8 // – Österreichische Wasserstraßen-Gesellschaft mbH
a244b18cb916 Added GNU Affero General Public License.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 870
diff changeset
9 // Software engineering by Intevation GmbH
a244b18cb916 Added GNU Affero General Public License.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 870
diff changeset
10 //
a244b18cb916 Added GNU Affero General Public License.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 870
diff changeset
11 // Author(s):
a244b18cb916 Added GNU Affero General Public License.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 870
diff changeset
12 // * Sascha L. Teichmann <sascha.teichmann@intevation.de>
a244b18cb916 Added GNU Affero General Public License.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 870
diff changeset
13
26
96a429c5f227 Fundamental connection pool based on tokens.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff changeset
14 package auth
96a429c5f227 Fundamental connection pool based on tokens.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff changeset
15
96a429c5f227 Fundamental connection pool based on tokens.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff changeset
16 import (
486
b2dc9c2f69e0 First stab to use the metamorphic db to do all database stuff.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 468
diff changeset
17 "context"
26
96a429c5f227 Fundamental connection pool based on tokens.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff changeset
18 "database/sql"
438
ffdb507d5b42 Removed db service user. Use an impersonated metamorph user instead.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 415
diff changeset
19 "errors"
870
29c11f4bf9db Started with endpoint to upload geo style.
Sascha L. Teichmann <teichmann@intevation.de>
parents: 517
diff changeset
20 "net/http"
486
b2dc9c2f69e0 First stab to use the metamorphic db to do all database stuff.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 468
diff changeset
21 "sync"
415
405bdb9c6a77 Fix for wamos/issue96 (Login Behavior: names with spaces don't work)
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 414
diff changeset
22
405bdb9c6a77 Fix for wamos/issue96 (Login Behavior: names with spaces don't work)
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 414
diff changeset
23 "github.com/jackc/pgx"
405bdb9c6a77 Fix for wamos/issue96 (Login Behavior: names with spaces don't work)
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 414
diff changeset
24 "github.com/jackc/pgx/stdlib"
28
714787accd26 Fetch database connection string parts from configuration.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 26
diff changeset
25
414
c1047fd04a3a Moved project specific Go packages to new pkg folder.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 332
diff changeset
26 "gemma.intevation.de/gemma/pkg/config"
26
96a429c5f227 Fundamental connection pool based on tokens.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff changeset
27 )
96a429c5f227 Fundamental connection pool based on tokens.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff changeset
28
870
29c11f4bf9db Started with endpoint to upload geo style.
Sascha L. Teichmann <teichmann@intevation.de>
parents: 517
diff changeset
29 var (
1341
a0892b578553 Added comments how to use the impersonating database connections from the session middleware.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 1327
diff changeset
30 // ErrNoMetamorphUser is returned if no metamorphic user is configured.
4160
7cccf7fef3e8 Made 'golint' and 'staticcheck' happy with auth package.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 1341
diff changeset
31 ErrNoMetamorphUser = errors.New("no metamorphic user configured")
1341
a0892b578553 Added comments how to use the impersonating database connections from the session middleware.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 1327
diff changeset
32 // ErrNotLoggedIn is returned if there is the user is not logged in.
4160
7cccf7fef3e8 Made 'golint' and 'staticcheck' happy with auth package.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 1341
diff changeset
33 ErrNotLoggedIn = errors.New("not logged in")
870
29c11f4bf9db Started with endpoint to upload geo style.
Sascha L. Teichmann <teichmann@intevation.de>
parents: 517
diff changeset
34 )
501
c10c76c92797 Use metamorphic database connections for auth.RunAs().
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 486
diff changeset
35
1341
a0892b578553 Added comments how to use the impersonating database connections from the session middleware.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 1327
diff changeset
36 // OpenDB opens up a database connection with a given username and password.
a0892b578553 Added comments how to use the impersonating database connections from the session middleware.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 1327
diff changeset
37 // The other credentials are taken from the configuration.
415
405bdb9c6a77 Fix for wamos/issue96 (Login Behavior: names with spaces don't work)
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 414
diff changeset
38 func OpenDB(user, password string) (*sql.DB, error) {
28
714787accd26 Fetch database connection string parts from configuration.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 26
diff changeset
39
415
405bdb9c6a77 Fix for wamos/issue96 (Login Behavior: names with spaces don't work)
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 414
diff changeset
40 // To ease SSL config ride a bit on parsing.
405bdb9c6a77 Fix for wamos/issue96 (Login Behavior: names with spaces don't work)
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 414
diff changeset
41 cc, err := pgx.ParseConnectionString("sslmode=" + config.DBSSLMode())
405bdb9c6a77 Fix for wamos/issue96 (Login Behavior: names with spaces don't work)
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 414
diff changeset
42 if err != nil {
405bdb9c6a77 Fix for wamos/issue96 (Login Behavior: names with spaces don't work)
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 414
diff changeset
43 return nil, err
405bdb9c6a77 Fix for wamos/issue96 (Login Behavior: names with spaces don't work)
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 414
diff changeset
44 }
28
714787accd26 Fetch database connection string parts from configuration.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 26
diff changeset
45
415
405bdb9c6a77 Fix for wamos/issue96 (Login Behavior: names with spaces don't work)
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 414
diff changeset
46 // Do the rest manually to allow whitespace in user/password.
405bdb9c6a77 Fix for wamos/issue96 (Login Behavior: names with spaces don't work)
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 414
diff changeset
47 cc.Host = config.DBHost()
405bdb9c6a77 Fix for wamos/issue96 (Login Behavior: names with spaces don't work)
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 414
diff changeset
48 cc.Port = uint16(config.DBPort())
405bdb9c6a77 Fix for wamos/issue96 (Login Behavior: names with spaces don't work)
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 414
diff changeset
49 cc.User = user
405bdb9c6a77 Fix for wamos/issue96 (Login Behavior: names with spaces don't work)
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 414
diff changeset
50 cc.Password = password
405bdb9c6a77 Fix for wamos/issue96 (Login Behavior: names with spaces don't work)
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 414
diff changeset
51 cc.Database = config.DBName()
28
714787accd26 Fetch database connection string parts from configuration.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 26
diff changeset
52
415
405bdb9c6a77 Fix for wamos/issue96 (Login Behavior: names with spaces don't work)
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 414
diff changeset
53 return stdlib.OpenDB(cc), nil
26
96a429c5f227 Fundamental connection pool based on tokens.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff changeset
54 }
124
bb9120d28950 Generate JWT from database roles.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 29
diff changeset
55
486
b2dc9c2f69e0 First stab to use the metamorphic db to do all database stuff.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 468
diff changeset
56 type metamorph struct {
b2dc9c2f69e0 First stab to use the metamorphic db to do all database stuff.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 468
diff changeset
57 sync.Mutex
b2dc9c2f69e0 First stab to use the metamorphic db to do all database stuff.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 468
diff changeset
58 db *sql.DB
b2dc9c2f69e0 First stab to use the metamorphic db to do all database stuff.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 468
diff changeset
59 }
b2dc9c2f69e0 First stab to use the metamorphic db to do all database stuff.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 468
diff changeset
60
b2dc9c2f69e0 First stab to use the metamorphic db to do all database stuff.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 468
diff changeset
61 var mm metamorph
b2dc9c2f69e0 First stab to use the metamorphic db to do all database stuff.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 468
diff changeset
62
b2dc9c2f69e0 First stab to use the metamorphic db to do all database stuff.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 468
diff changeset
63 func (m *metamorph) open() (*sql.DB, error) {
b2dc9c2f69e0 First stab to use the metamorphic db to do all database stuff.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 468
diff changeset
64 m.Lock()
b2dc9c2f69e0 First stab to use the metamorphic db to do all database stuff.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 468
diff changeset
65 defer m.Unlock()
b2dc9c2f69e0 First stab to use the metamorphic db to do all database stuff.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 468
diff changeset
66 if m.db != nil {
b2dc9c2f69e0 First stab to use the metamorphic db to do all database stuff.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 468
diff changeset
67 return m.db, nil
b2dc9c2f69e0 First stab to use the metamorphic db to do all database stuff.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 468
diff changeset
68 }
517
7e45aaec7081 Consolidate configuration parameters.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 501
diff changeset
69 user := config.DBUser()
501
c10c76c92797 Use metamorphic database connections for auth.RunAs().
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 486
diff changeset
70 if user == "" {
c10c76c92797 Use metamorphic database connections for auth.RunAs().
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 486
diff changeset
71 return nil, ErrNoMetamorphUser
c10c76c92797 Use metamorphic database connections for auth.RunAs().
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 486
diff changeset
72 }
517
7e45aaec7081 Consolidate configuration parameters.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 501
diff changeset
73 db, err := OpenDB(user, config.DBPassword())
486
b2dc9c2f69e0 First stab to use the metamorphic db to do all database stuff.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 468
diff changeset
74 if err != nil {
b2dc9c2f69e0 First stab to use the metamorphic db to do all database stuff.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 468
diff changeset
75 return nil, err
b2dc9c2f69e0 First stab to use the metamorphic db to do all database stuff.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 468
diff changeset
76 }
b2dc9c2f69e0 First stab to use the metamorphic db to do all database stuff.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 468
diff changeset
77 m.db = db
b2dc9c2f69e0 First stab to use the metamorphic db to do all database stuff.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 468
diff changeset
78 return db, nil
b2dc9c2f69e0 First stab to use the metamorphic db to do all database stuff.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 468
diff changeset
79 }
b2dc9c2f69e0 First stab to use the metamorphic db to do all database stuff.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 468
diff changeset
80
1341
a0892b578553 Added comments how to use the impersonating database connections from the session middleware.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 1327
diff changeset
81 func metamorphConn(ctx context.Context, user string) (*sql.Conn, error) {
486
b2dc9c2f69e0 First stab to use the metamorphic db to do all database stuff.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 468
diff changeset
82 db, err := mm.open()
b2dc9c2f69e0 First stab to use the metamorphic db to do all database stuff.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 468
diff changeset
83 if err != nil {
b2dc9c2f69e0 First stab to use the metamorphic db to do all database stuff.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 468
diff changeset
84 return nil, err
b2dc9c2f69e0 First stab to use the metamorphic db to do all database stuff.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 468
diff changeset
85 }
b2dc9c2f69e0 First stab to use the metamorphic db to do all database stuff.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 468
diff changeset
86 conn, err := db.Conn(ctx)
b2dc9c2f69e0 First stab to use the metamorphic db to do all database stuff.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 468
diff changeset
87 if err != nil {
b2dc9c2f69e0 First stab to use the metamorphic db to do all database stuff.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 468
diff changeset
88 return nil, err
b2dc9c2f69e0 First stab to use the metamorphic db to do all database stuff.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 468
diff changeset
89 }
b2dc9c2f69e0 First stab to use the metamorphic db to do all database stuff.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 468
diff changeset
90 if _, err := conn.ExecContext(ctx, `SELECT public.setrole_plan($1)`, user); err != nil {
b2dc9c2f69e0 First stab to use the metamorphic db to do all database stuff.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 468
diff changeset
91 conn.Close()
b2dc9c2f69e0 First stab to use the metamorphic db to do all database stuff.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 468
diff changeset
92 return nil, err
b2dc9c2f69e0 First stab to use the metamorphic db to do all database stuff.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 468
diff changeset
93 }
b2dc9c2f69e0 First stab to use the metamorphic db to do all database stuff.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 468
diff changeset
94 return conn, nil
b2dc9c2f69e0 First stab to use the metamorphic db to do all database stuff.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 468
diff changeset
95 }
b2dc9c2f69e0 First stab to use the metamorphic db to do all database stuff.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 468
diff changeset
96
124
bb9120d28950 Generate JWT from database roles.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 29
diff changeset
97 const allRoles = `
bb9120d28950 Generate JWT from database roles.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 29
diff changeset
98 WITH RECURSIVE cte AS (
bb9120d28950 Generate JWT from database roles.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 29
diff changeset
99 SELECT oid FROM pg_roles WHERE rolname = current_user
bb9120d28950 Generate JWT from database roles.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 29
diff changeset
100 UNION ALL
bb9120d28950 Generate JWT from database roles.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 29
diff changeset
101 SELECT m.roleid
bb9120d28950 Generate JWT from database roles.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 29
diff changeset
102 FROM cte
bb9120d28950 Generate JWT from database roles.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 29
diff changeset
103 JOIN pg_auth_members m ON m.member = cte.oid
bb9120d28950 Generate JWT from database roles.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 29
diff changeset
104 )
bb9120d28950 Generate JWT from database roles.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 29
diff changeset
105 SELECT rolname FROM pg_roles
453
a7dc68d8e22f Only let users in which are listed in users.list_users.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 447
diff changeset
106 WHERE oid IN (SELECT oid FROM cte) AND rolname <> current_user
a7dc68d8e22f Only let users in which are listed in users.list_users.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 447
diff changeset
107 AND EXISTS (SELECT 1 FROM users.list_users WHERE username = current_user)`
124
bb9120d28950 Generate JWT from database roles.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 29
diff changeset
108
1341
a0892b578553 Added comments how to use the impersonating database connections from the session middleware.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 1327
diff changeset
109 // AllOtherRoles loggs in as user with password and returns a list
a0892b578553 Added comments how to use the impersonating database connections from the session middleware.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 1327
diff changeset
110 // of all roles the logged in user has in the system.
447
62c909dd3098 Only allow log in if user has at least one of the roles 'sys_admin', 'waterway_admin', 'waterway_user'.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 438
diff changeset
111 func AllOtherRoles(user, password string) (Roles, error) {
302
0777aa6de45b Password reset. Part I
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 125
diff changeset
112 db, err := OpenDB(user, password)
124
bb9120d28950 Generate JWT from database roles.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 29
diff changeset
113 if err != nil {
bb9120d28950 Generate JWT from database roles.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 29
diff changeset
114 return nil, err
bb9120d28950 Generate JWT from database roles.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 29
diff changeset
115 }
bb9120d28950 Generate JWT from database roles.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 29
diff changeset
116 defer db.Close()
bb9120d28950 Generate JWT from database roles.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 29
diff changeset
117 rows, err := db.Query(allRoles)
bb9120d28950 Generate JWT from database roles.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 29
diff changeset
118 if err != nil {
bb9120d28950 Generate JWT from database roles.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 29
diff changeset
119 return nil, err
bb9120d28950 Generate JWT from database roles.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 29
diff changeset
120 }
bb9120d28950 Generate JWT from database roles.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 29
diff changeset
121 defer rows.Close()
bb9120d28950 Generate JWT from database roles.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 29
diff changeset
122
447
62c909dd3098 Only allow log in if user has at least one of the roles 'sys_admin', 'waterway_admin', 'waterway_user'.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 438
diff changeset
123 roles := Roles{} // explicit empty by intention.
124
bb9120d28950 Generate JWT from database roles.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 29
diff changeset
124
bb9120d28950 Generate JWT from database roles.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 29
diff changeset
125 for rows.Next() {
bb9120d28950 Generate JWT from database roles.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 29
diff changeset
126 var role string
bb9120d28950 Generate JWT from database roles.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 29
diff changeset
127 if err := rows.Scan(&role); err != nil {
bb9120d28950 Generate JWT from database roles.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 29
diff changeset
128 return nil, err
bb9120d28950 Generate JWT from database roles.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 29
diff changeset
129 }
bb9120d28950 Generate JWT from database roles.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 29
diff changeset
130 roles = append(roles, role)
bb9120d28950 Generate JWT from database roles.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 29
diff changeset
131 }
bb9120d28950 Generate JWT from database roles.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 29
diff changeset
132 return roles, rows.Err()
bb9120d28950 Generate JWT from database roles.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 29
diff changeset
133 }
438
ffdb507d5b42 Removed db service user. Use an impersonated metamorph user instead.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 415
diff changeset
134
1341
a0892b578553 Added comments how to use the impersonating database connections from the session middleware.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 1327
diff changeset
135 // RunAs runs a given function fn with a database connection impersonated
a0892b578553 Added comments how to use the impersonating database connections from the session middleware.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 1327
diff changeset
136 // as the given role.
a0892b578553 Added comments how to use the impersonating database connections from the session middleware.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 1327
diff changeset
137 // To make this work a metamorphic user has to be configured in
a0892b578553 Added comments how to use the impersonating database connections from the session middleware.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 1327
diff changeset
138 // the system configuration.
1327
cabf4789e02b To make golint happier made context.Context to be the first argument of auth.RunAs.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 1017
diff changeset
139 func RunAs(ctx context.Context, role string, fn func(*sql.Conn) error) error {
1341
a0892b578553 Added comments how to use the impersonating database connections from the session middleware.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 1327
diff changeset
140 conn, err := metamorphConn(ctx, role)
438
ffdb507d5b42 Removed db service user. Use an impersonated metamorph user instead.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 415
diff changeset
141 if err != nil {
501
c10c76c92797 Use metamorphic database connections for auth.RunAs().
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 486
diff changeset
142 return err
438
ffdb507d5b42 Removed db service user. Use an impersonated metamorph user instead.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 415
diff changeset
143 }
501
c10c76c92797 Use metamorphic database connections for auth.RunAs().
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 486
diff changeset
144 defer conn.Close()
c10c76c92797 Use metamorphic database connections for auth.RunAs().
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 486
diff changeset
145 return fn(conn)
438
ffdb507d5b42 Removed db service user. Use an impersonated metamorph user instead.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 415
diff changeset
146 }
870
29c11f4bf9db Started with endpoint to upload geo style.
Sascha L. Teichmann <teichmann@intevation.de>
parents: 517
diff changeset
147
1341
a0892b578553 Added comments how to use the impersonating database connections from the session middleware.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 1327
diff changeset
148 // RunAsSessionUser is a convinience wrapper araound which extracts
a0892b578553 Added comments how to use the impersonating database connections from the session middleware.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 1327
diff changeset
149 // the logged in user from a session and calls RunAs with it.
870
29c11f4bf9db Started with endpoint to upload geo style.
Sascha L. Teichmann <teichmann@intevation.de>
parents: 517
diff changeset
150 func RunAsSessionUser(req *http.Request, fn func(*sql.Conn) error) error {
29c11f4bf9db Started with endpoint to upload geo style.
Sascha L. Teichmann <teichmann@intevation.de>
parents: 517
diff changeset
151 token, ok := GetToken(req)
29c11f4bf9db Started with endpoint to upload geo style.
Sascha L. Teichmann <teichmann@intevation.de>
parents: 517
diff changeset
152 if !ok {
29c11f4bf9db Started with endpoint to upload geo style.
Sascha L. Teichmann <teichmann@intevation.de>
parents: 517
diff changeset
153 return ErrNotLoggedIn
29c11f4bf9db Started with endpoint to upload geo style.
Sascha L. Teichmann <teichmann@intevation.de>
parents: 517
diff changeset
154 }
29c11f4bf9db Started with endpoint to upload geo style.
Sascha L. Teichmann <teichmann@intevation.de>
parents: 517
diff changeset
155 session := Sessions.Session(token)
29c11f4bf9db Started with endpoint to upload geo style.
Sascha L. Teichmann <teichmann@intevation.de>
parents: 517
diff changeset
156 if session == nil {
29c11f4bf9db Started with endpoint to upload geo style.
Sascha L. Teichmann <teichmann@intevation.de>
parents: 517
diff changeset
157 return ErrNotLoggedIn
29c11f4bf9db Started with endpoint to upload geo style.
Sascha L. Teichmann <teichmann@intevation.de>
parents: 517
diff changeset
158 }
1327
cabf4789e02b To make golint happier made context.Context to be the first argument of auth.RunAs.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 1017
diff changeset
159 return RunAs(req.Context(), session.User, fn)
870
29c11f4bf9db Started with endpoint to upload geo style.
Sascha L. Teichmann <teichmann@intevation.de>
parents: 517
diff changeset
160 }