Mercurial > gemma
annotate pkg/auth/opendb.go @ 991:a301d240905f
Decoupled import job creation and job execution with a factory function.
This is needed for persistence purposes.
| author | Sascha L. Teichmann <sascha.teichmann@intevation.de> |
|---|---|
| date | Mon, 22 Oct 2018 10:45:17 +0200 |
| parents | 29c11f4bf9db |
| children | a244b18cb916 |
| rev | line source |
|---|---|
|
26
96a429c5f227
Fundamental connection pool based on tokens.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff
changeset
|
1 package auth |
|
96a429c5f227
Fundamental connection pool based on tokens.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff
changeset
|
2 |
|
96a429c5f227
Fundamental connection pool based on tokens.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff
changeset
|
3 import ( |
|
486
b2dc9c2f69e0
First stab to use the metamorphic db to do all database stuff.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
468
diff
changeset
|
4 "context" |
|
26
96a429c5f227
Fundamental connection pool based on tokens.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff
changeset
|
5 "database/sql" |
|
438
ffdb507d5b42
Removed db service user. Use an impersonated metamorph user instead.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
415
diff
changeset
|
6 "errors" |
|
870
29c11f4bf9db
Started with endpoint to upload geo style.
Sascha L. Teichmann <teichmann@intevation.de>
parents:
517
diff
changeset
|
7 "net/http" |
|
486
b2dc9c2f69e0
First stab to use the metamorphic db to do all database stuff.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
468
diff
changeset
|
8 "sync" |
|
415
405bdb9c6a77
Fix for wamos/issue96 (Login Behavior: names with spaces don't work)
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
414
diff
changeset
|
9 |
|
405bdb9c6a77
Fix for wamos/issue96 (Login Behavior: names with spaces don't work)
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
414
diff
changeset
|
10 "github.com/jackc/pgx" |
|
405bdb9c6a77
Fix for wamos/issue96 (Login Behavior: names with spaces don't work)
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
414
diff
changeset
|
11 "github.com/jackc/pgx/stdlib" |
|
28
714787accd26
Fetch database connection string parts from configuration.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
26
diff
changeset
|
12 |
|
414
c1047fd04a3a
Moved project specific Go packages to new pkg folder.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
332
diff
changeset
|
13 "gemma.intevation.de/gemma/pkg/config" |
|
26
96a429c5f227
Fundamental connection pool based on tokens.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff
changeset
|
14 ) |
|
96a429c5f227
Fundamental connection pool based on tokens.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff
changeset
|
15 |
|
870
29c11f4bf9db
Started with endpoint to upload geo style.
Sascha L. Teichmann <teichmann@intevation.de>
parents:
517
diff
changeset
|
16 var ( |
|
29c11f4bf9db
Started with endpoint to upload geo style.
Sascha L. Teichmann <teichmann@intevation.de>
parents:
517
diff
changeset
|
17 ErrNoMetamorphUser = errors.New("No metamorphic user configured") |
|
29c11f4bf9db
Started with endpoint to upload geo style.
Sascha L. Teichmann <teichmann@intevation.de>
parents:
517
diff
changeset
|
18 ErrNotLoggedIn = errors.New("Not logged in") |
|
29c11f4bf9db
Started with endpoint to upload geo style.
Sascha L. Teichmann <teichmann@intevation.de>
parents:
517
diff
changeset
|
19 ) |
|
501
c10c76c92797
Use metamorphic database connections for auth.RunAs().
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
486
diff
changeset
|
20 |
|
415
405bdb9c6a77
Fix for wamos/issue96 (Login Behavior: names with spaces don't work)
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
414
diff
changeset
|
21 func OpenDB(user, password string) (*sql.DB, error) { |
|
28
714787accd26
Fetch database connection string parts from configuration.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
26
diff
changeset
|
22 |
|
415
405bdb9c6a77
Fix for wamos/issue96 (Login Behavior: names with spaces don't work)
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
414
diff
changeset
|
23 // To ease SSL config ride a bit on parsing. |
|
405bdb9c6a77
Fix for wamos/issue96 (Login Behavior: names with spaces don't work)
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
414
diff
changeset
|
24 cc, err := pgx.ParseConnectionString("sslmode=" + config.DBSSLMode()) |
|
405bdb9c6a77
Fix for wamos/issue96 (Login Behavior: names with spaces don't work)
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
414
diff
changeset
|
25 if err != nil { |
|
405bdb9c6a77
Fix for wamos/issue96 (Login Behavior: names with spaces don't work)
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
414
diff
changeset
|
26 return nil, err |
|
405bdb9c6a77
Fix for wamos/issue96 (Login Behavior: names with spaces don't work)
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
414
diff
changeset
|
27 } |
|
28
714787accd26
Fetch database connection string parts from configuration.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
26
diff
changeset
|
28 |
|
415
405bdb9c6a77
Fix for wamos/issue96 (Login Behavior: names with spaces don't work)
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
414
diff
changeset
|
29 // Do the rest manually to allow whitespace in user/password. |
|
405bdb9c6a77
Fix for wamos/issue96 (Login Behavior: names with spaces don't work)
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
414
diff
changeset
|
30 cc.Host = config.DBHost() |
|
405bdb9c6a77
Fix for wamos/issue96 (Login Behavior: names with spaces don't work)
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
414
diff
changeset
|
31 cc.Port = uint16(config.DBPort()) |
|
405bdb9c6a77
Fix for wamos/issue96 (Login Behavior: names with spaces don't work)
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
414
diff
changeset
|
32 cc.User = user |
|
405bdb9c6a77
Fix for wamos/issue96 (Login Behavior: names with spaces don't work)
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
414
diff
changeset
|
33 cc.Password = password |
|
405bdb9c6a77
Fix for wamos/issue96 (Login Behavior: names with spaces don't work)
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
414
diff
changeset
|
34 cc.Database = config.DBName() |
|
28
714787accd26
Fetch database connection string parts from configuration.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
26
diff
changeset
|
35 |
|
415
405bdb9c6a77
Fix for wamos/issue96 (Login Behavior: names with spaces don't work)
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
414
diff
changeset
|
36 return stdlib.OpenDB(cc), nil |
|
26
96a429c5f227
Fundamental connection pool based on tokens.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff
changeset
|
37 } |
|
124
bb9120d28950
Generate JWT from database roles.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
29
diff
changeset
|
38 |
|
486
b2dc9c2f69e0
First stab to use the metamorphic db to do all database stuff.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
468
diff
changeset
|
39 type metamorph struct { |
|
b2dc9c2f69e0
First stab to use the metamorphic db to do all database stuff.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
468
diff
changeset
|
40 sync.Mutex |
|
b2dc9c2f69e0
First stab to use the metamorphic db to do all database stuff.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
468
diff
changeset
|
41 db *sql.DB |
|
b2dc9c2f69e0
First stab to use the metamorphic db to do all database stuff.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
468
diff
changeset
|
42 } |
|
b2dc9c2f69e0
First stab to use the metamorphic db to do all database stuff.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
468
diff
changeset
|
43 |
|
b2dc9c2f69e0
First stab to use the metamorphic db to do all database stuff.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
468
diff
changeset
|
44 var mm metamorph |
|
b2dc9c2f69e0
First stab to use the metamorphic db to do all database stuff.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
468
diff
changeset
|
45 |
|
b2dc9c2f69e0
First stab to use the metamorphic db to do all database stuff.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
468
diff
changeset
|
46 func (m *metamorph) open() (*sql.DB, error) { |
|
b2dc9c2f69e0
First stab to use the metamorphic db to do all database stuff.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
468
diff
changeset
|
47 m.Lock() |
|
b2dc9c2f69e0
First stab to use the metamorphic db to do all database stuff.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
468
diff
changeset
|
48 defer m.Unlock() |
|
b2dc9c2f69e0
First stab to use the metamorphic db to do all database stuff.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
468
diff
changeset
|
49 if m.db != nil { |
|
b2dc9c2f69e0
First stab to use the metamorphic db to do all database stuff.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
468
diff
changeset
|
50 return m.db, nil |
|
b2dc9c2f69e0
First stab to use the metamorphic db to do all database stuff.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
468
diff
changeset
|
51 } |
|
517
7e45aaec7081
Consolidate configuration parameters.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
501
diff
changeset
|
52 user := config.DBUser() |
|
501
c10c76c92797
Use metamorphic database connections for auth.RunAs().
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
486
diff
changeset
|
53 if user == "" { |
|
c10c76c92797
Use metamorphic database connections for auth.RunAs().
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
486
diff
changeset
|
54 return nil, ErrNoMetamorphUser |
|
c10c76c92797
Use metamorphic database connections for auth.RunAs().
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
486
diff
changeset
|
55 } |
|
517
7e45aaec7081
Consolidate configuration parameters.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
501
diff
changeset
|
56 db, err := OpenDB(user, config.DBPassword()) |
|
486
b2dc9c2f69e0
First stab to use the metamorphic db to do all database stuff.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
468
diff
changeset
|
57 if err != nil { |
|
b2dc9c2f69e0
First stab to use the metamorphic db to do all database stuff.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
468
diff
changeset
|
58 return nil, err |
|
b2dc9c2f69e0
First stab to use the metamorphic db to do all database stuff.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
468
diff
changeset
|
59 } |
|
b2dc9c2f69e0
First stab to use the metamorphic db to do all database stuff.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
468
diff
changeset
|
60 m.db = db |
|
b2dc9c2f69e0
First stab to use the metamorphic db to do all database stuff.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
468
diff
changeset
|
61 return db, nil |
|
b2dc9c2f69e0
First stab to use the metamorphic db to do all database stuff.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
468
diff
changeset
|
62 } |
|
b2dc9c2f69e0
First stab to use the metamorphic db to do all database stuff.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
468
diff
changeset
|
63 |
|
b2dc9c2f69e0
First stab to use the metamorphic db to do all database stuff.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
468
diff
changeset
|
64 func MetamorphConn(ctx context.Context, user string) (*sql.Conn, error) { |
|
b2dc9c2f69e0
First stab to use the metamorphic db to do all database stuff.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
468
diff
changeset
|
65 db, err := mm.open() |
|
b2dc9c2f69e0
First stab to use the metamorphic db to do all database stuff.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
468
diff
changeset
|
66 if err != nil { |
|
b2dc9c2f69e0
First stab to use the metamorphic db to do all database stuff.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
468
diff
changeset
|
67 return nil, err |
|
b2dc9c2f69e0
First stab to use the metamorphic db to do all database stuff.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
468
diff
changeset
|
68 } |
|
b2dc9c2f69e0
First stab to use the metamorphic db to do all database stuff.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
468
diff
changeset
|
69 conn, err := db.Conn(ctx) |
|
b2dc9c2f69e0
First stab to use the metamorphic db to do all database stuff.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
468
diff
changeset
|
70 if err != nil { |
|
b2dc9c2f69e0
First stab to use the metamorphic db to do all database stuff.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
468
diff
changeset
|
71 return nil, err |
|
b2dc9c2f69e0
First stab to use the metamorphic db to do all database stuff.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
468
diff
changeset
|
72 } |
|
b2dc9c2f69e0
First stab to use the metamorphic db to do all database stuff.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
468
diff
changeset
|
73 if _, err := conn.ExecContext(ctx, `SELECT public.setrole_plan($1)`, user); err != nil { |
|
b2dc9c2f69e0
First stab to use the metamorphic db to do all database stuff.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
468
diff
changeset
|
74 conn.Close() |
|
b2dc9c2f69e0
First stab to use the metamorphic db to do all database stuff.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
468
diff
changeset
|
75 return nil, err |
|
b2dc9c2f69e0
First stab to use the metamorphic db to do all database stuff.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
468
diff
changeset
|
76 } |
|
b2dc9c2f69e0
First stab to use the metamorphic db to do all database stuff.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
468
diff
changeset
|
77 return conn, nil |
|
b2dc9c2f69e0
First stab to use the metamorphic db to do all database stuff.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
468
diff
changeset
|
78 } |
|
b2dc9c2f69e0
First stab to use the metamorphic db to do all database stuff.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
468
diff
changeset
|
79 |
|
124
bb9120d28950
Generate JWT from database roles.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
29
diff
changeset
|
80 const allRoles = ` |
|
bb9120d28950
Generate JWT from database roles.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
29
diff
changeset
|
81 WITH RECURSIVE cte AS ( |
|
bb9120d28950
Generate JWT from database roles.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
29
diff
changeset
|
82 SELECT oid FROM pg_roles WHERE rolname = current_user |
|
bb9120d28950
Generate JWT from database roles.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
29
diff
changeset
|
83 UNION ALL |
|
bb9120d28950
Generate JWT from database roles.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
29
diff
changeset
|
84 SELECT m.roleid |
|
bb9120d28950
Generate JWT from database roles.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
29
diff
changeset
|
85 FROM cte |
|
bb9120d28950
Generate JWT from database roles.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
29
diff
changeset
|
86 JOIN pg_auth_members m ON m.member = cte.oid |
|
bb9120d28950
Generate JWT from database roles.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
29
diff
changeset
|
87 ) |
|
bb9120d28950
Generate JWT from database roles.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
29
diff
changeset
|
88 SELECT rolname FROM pg_roles |
|
453
a7dc68d8e22f
Only let users in which are listed in users.list_users.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
447
diff
changeset
|
89 WHERE oid IN (SELECT oid FROM cte) AND rolname <> current_user |
|
a7dc68d8e22f
Only let users in which are listed in users.list_users.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
447
diff
changeset
|
90 AND EXISTS (SELECT 1 FROM users.list_users WHERE username = current_user)` |
|
124
bb9120d28950
Generate JWT from database roles.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
29
diff
changeset
|
91 |
|
447
62c909dd3098
Only allow log in if user has at least one of the roles 'sys_admin', 'waterway_admin', 'waterway_user'.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
438
diff
changeset
|
92 func AllOtherRoles(user, password string) (Roles, error) { |
|
302
0777aa6de45b
Password reset. Part I
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
125
diff
changeset
|
93 db, err := OpenDB(user, password) |
|
124
bb9120d28950
Generate JWT from database roles.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
29
diff
changeset
|
94 if err != nil { |
|
bb9120d28950
Generate JWT from database roles.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
29
diff
changeset
|
95 return nil, err |
|
bb9120d28950
Generate JWT from database roles.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
29
diff
changeset
|
96 } |
|
bb9120d28950
Generate JWT from database roles.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
29
diff
changeset
|
97 defer db.Close() |
|
bb9120d28950
Generate JWT from database roles.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
29
diff
changeset
|
98 rows, err := db.Query(allRoles) |
|
bb9120d28950
Generate JWT from database roles.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
29
diff
changeset
|
99 if err != nil { |
|
bb9120d28950
Generate JWT from database roles.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
29
diff
changeset
|
100 return nil, err |
|
bb9120d28950
Generate JWT from database roles.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
29
diff
changeset
|
101 } |
|
bb9120d28950
Generate JWT from database roles.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
29
diff
changeset
|
102 defer rows.Close() |
|
bb9120d28950
Generate JWT from database roles.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
29
diff
changeset
|
103 |
|
447
62c909dd3098
Only allow log in if user has at least one of the roles 'sys_admin', 'waterway_admin', 'waterway_user'.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
438
diff
changeset
|
104 roles := Roles{} // explicit empty by intention. |
|
124
bb9120d28950
Generate JWT from database roles.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
29
diff
changeset
|
105 |
|
bb9120d28950
Generate JWT from database roles.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
29
diff
changeset
|
106 for rows.Next() { |
|
bb9120d28950
Generate JWT from database roles.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
29
diff
changeset
|
107 var role string |
|
bb9120d28950
Generate JWT from database roles.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
29
diff
changeset
|
108 if err := rows.Scan(&role); err != nil { |
|
bb9120d28950
Generate JWT from database roles.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
29
diff
changeset
|
109 return nil, err |
|
bb9120d28950
Generate JWT from database roles.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
29
diff
changeset
|
110 } |
|
bb9120d28950
Generate JWT from database roles.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
29
diff
changeset
|
111 roles = append(roles, role) |
|
bb9120d28950
Generate JWT from database roles.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
29
diff
changeset
|
112 } |
|
bb9120d28950
Generate JWT from database roles.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
29
diff
changeset
|
113 return roles, rows.Err() |
|
bb9120d28950
Generate JWT from database roles.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
29
diff
changeset
|
114 } |
|
438
ffdb507d5b42
Removed db service user. Use an impersonated metamorph user instead.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
415
diff
changeset
|
115 |
|
501
c10c76c92797
Use metamorphic database connections for auth.RunAs().
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
486
diff
changeset
|
116 func RunAs(role string, ctx context.Context, fn func(*sql.Conn) error) error { |
|
c10c76c92797
Use metamorphic database connections for auth.RunAs().
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
486
diff
changeset
|
117 conn, err := MetamorphConn(ctx, role) |
|
438
ffdb507d5b42
Removed db service user. Use an impersonated metamorph user instead.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
415
diff
changeset
|
118 if err != nil { |
|
501
c10c76c92797
Use metamorphic database connections for auth.RunAs().
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
486
diff
changeset
|
119 return err |
|
438
ffdb507d5b42
Removed db service user. Use an impersonated metamorph user instead.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
415
diff
changeset
|
120 } |
|
501
c10c76c92797
Use metamorphic database connections for auth.RunAs().
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
486
diff
changeset
|
121 defer conn.Close() |
|
c10c76c92797
Use metamorphic database connections for auth.RunAs().
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
486
diff
changeset
|
122 return fn(conn) |
|
438
ffdb507d5b42
Removed db service user. Use an impersonated metamorph user instead.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
415
diff
changeset
|
123 } |
|
870
29c11f4bf9db
Started with endpoint to upload geo style.
Sascha L. Teichmann <teichmann@intevation.de>
parents:
517
diff
changeset
|
124 |
|
29c11f4bf9db
Started with endpoint to upload geo style.
Sascha L. Teichmann <teichmann@intevation.de>
parents:
517
diff
changeset
|
125 func RunAsSessionUser(req *http.Request, fn func(*sql.Conn) error) error { |
|
29c11f4bf9db
Started with endpoint to upload geo style.
Sascha L. Teichmann <teichmann@intevation.de>
parents:
517
diff
changeset
|
126 token, ok := GetToken(req) |
|
29c11f4bf9db
Started with endpoint to upload geo style.
Sascha L. Teichmann <teichmann@intevation.de>
parents:
517
diff
changeset
|
127 if !ok { |
|
29c11f4bf9db
Started with endpoint to upload geo style.
Sascha L. Teichmann <teichmann@intevation.de>
parents:
517
diff
changeset
|
128 return ErrNotLoggedIn |
|
29c11f4bf9db
Started with endpoint to upload geo style.
Sascha L. Teichmann <teichmann@intevation.de>
parents:
517
diff
changeset
|
129 } |
|
29c11f4bf9db
Started with endpoint to upload geo style.
Sascha L. Teichmann <teichmann@intevation.de>
parents:
517
diff
changeset
|
130 session := Sessions.Session(token) |
|
29c11f4bf9db
Started with endpoint to upload geo style.
Sascha L. Teichmann <teichmann@intevation.de>
parents:
517
diff
changeset
|
131 if session == nil { |
|
29c11f4bf9db
Started with endpoint to upload geo style.
Sascha L. Teichmann <teichmann@intevation.de>
parents:
517
diff
changeset
|
132 return ErrNotLoggedIn |
|
29c11f4bf9db
Started with endpoint to upload geo style.
Sascha L. Teichmann <teichmann@intevation.de>
parents:
517
diff
changeset
|
133 } |
|
29c11f4bf9db
Started with endpoint to upload geo style.
Sascha L. Teichmann <teichmann@intevation.de>
parents:
517
diff
changeset
|
134 return RunAs(session.User, req.Context(), fn) |
|
29c11f4bf9db
Started with endpoint to upload geo style.
Sascha L. Teichmann <teichmann@intevation.de>
parents:
517
diff
changeset
|
135 } |