Mercurial > gemma

annotate pkg/auth/opendb.go @ 1327:cabf4789e02b

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
To make golint happier made context.Context to be the first argument of auth.RunAs.
author Sascha L. Teichmann <sascha.teichmann@intevation.de>
date Sun, 25 Nov 2018 15:56:07 +0100
parents a244b18cb916
children a0892b578553
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
1017
a244b18cb916 Added GNU Affero General Public License.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 870
diff changeset
1 // This is Free Software under GNU Affero General Public License v >= 3.0
a244b18cb916 Added GNU Affero General Public License.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 870
diff changeset
2 // without warranty, see README.md and license for details.
a244b18cb916 Added GNU Affero General Public License.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 870
diff changeset
3 //
a244b18cb916 Added GNU Affero General Public License.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 870
diff changeset
4 // SPDX-License-Identifier: AGPL-3.0-or-later
a244b18cb916 Added GNU Affero General Public License.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 870
diff changeset
5 // License-Filename: LICENSES/AGPL-3.0.txt
a244b18cb916 Added GNU Affero General Public License.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 870
diff changeset
6 //
a244b18cb916 Added GNU Affero General Public License.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 870
diff changeset
7 // Copyright (C) 2018 by via donau
a244b18cb916 Added GNU Affero General Public License.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 870
diff changeset
8 // – Österreichische Wasserstraßen-Gesellschaft mbH
a244b18cb916 Added GNU Affero General Public License.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 870
diff changeset
9 // Software engineering by Intevation GmbH
a244b18cb916 Added GNU Affero General Public License.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 870
diff changeset
10 //
a244b18cb916 Added GNU Affero General Public License.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 870
diff changeset
11 // Author(s):
a244b18cb916 Added GNU Affero General Public License.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 870
diff changeset
12 // * Sascha L. Teichmann <sascha.teichmann@intevation.de>
a244b18cb916 Added GNU Affero General Public License.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 870
diff changeset
13
26
96a429c5f227 Fundamental connection pool based on tokens.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff changeset
14 package auth
96a429c5f227 Fundamental connection pool based on tokens.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff changeset
15
96a429c5f227 Fundamental connection pool based on tokens.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff changeset
16 import (
486
b2dc9c2f69e0 First stab to use the metamorphic db to do all database stuff.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 468
diff changeset
17 "context"
26
96a429c5f227 Fundamental connection pool based on tokens.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff changeset
18 "database/sql"
438
ffdb507d5b42 Removed db service user. Use an impersonated metamorph user instead.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 415
diff changeset
19 "errors"
870
29c11f4bf9db Started with endpoint to upload geo style.
Sascha L. Teichmann <teichmann@intevation.de>
parents: 517
diff changeset
20 "net/http"
486
b2dc9c2f69e0 First stab to use the metamorphic db to do all database stuff.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 468
diff changeset
21 "sync"
415
405bdb9c6a77 Fix for wamos/issue96 (Login Behavior: names with spaces don't work)
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 414
diff changeset
22
405bdb9c6a77 Fix for wamos/issue96 (Login Behavior: names with spaces don't work)
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 414
diff changeset
23 "github.com/jackc/pgx"
405bdb9c6a77 Fix for wamos/issue96 (Login Behavior: names with spaces don't work)
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 414
diff changeset
24 "github.com/jackc/pgx/stdlib"
28
714787accd26 Fetch database connection string parts from configuration.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 26
diff changeset
25
414
c1047fd04a3a Moved project specific Go packages to new pkg folder.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 332
diff changeset
26 "gemma.intevation.de/gemma/pkg/config"
26
96a429c5f227 Fundamental connection pool based on tokens.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff changeset
27 )
96a429c5f227 Fundamental connection pool based on tokens.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff changeset
28
870
29c11f4bf9db Started with endpoint to upload geo style.
Sascha L. Teichmann <teichmann@intevation.de>
parents: 517
diff changeset
29 var (
29c11f4bf9db Started with endpoint to upload geo style.
Sascha L. Teichmann <teichmann@intevation.de>
parents: 517
diff changeset
30 ErrNoMetamorphUser = errors.New("No metamorphic user configured")
29c11f4bf9db Started with endpoint to upload geo style.
Sascha L. Teichmann <teichmann@intevation.de>
parents: 517
diff changeset
31 ErrNotLoggedIn = errors.New("Not logged in")
29c11f4bf9db Started with endpoint to upload geo style.
Sascha L. Teichmann <teichmann@intevation.de>
parents: 517
diff changeset
32 )
501
c10c76c92797 Use metamorphic database connections for auth.RunAs().
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 486
diff changeset
33
415
405bdb9c6a77 Fix for wamos/issue96 (Login Behavior: names with spaces don't work)
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 414
diff changeset
34 func OpenDB(user, password string) (*sql.DB, error) {
28
714787accd26 Fetch database connection string parts from configuration.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 26
diff changeset
35
415
405bdb9c6a77 Fix for wamos/issue96 (Login Behavior: names with spaces don't work)
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 414
diff changeset
36 // To ease SSL config ride a bit on parsing.
405bdb9c6a77 Fix for wamos/issue96 (Login Behavior: names with spaces don't work)
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 414
diff changeset
37 cc, err := pgx.ParseConnectionString("sslmode=" + config.DBSSLMode())
405bdb9c6a77 Fix for wamos/issue96 (Login Behavior: names with spaces don't work)
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 414
diff changeset
38 if err != nil {
405bdb9c6a77 Fix for wamos/issue96 (Login Behavior: names with spaces don't work)
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 414
diff changeset
39 return nil, err
405bdb9c6a77 Fix for wamos/issue96 (Login Behavior: names with spaces don't work)
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 414
diff changeset
40 }
28
714787accd26 Fetch database connection string parts from configuration.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 26
diff changeset
41
415
405bdb9c6a77 Fix for wamos/issue96 (Login Behavior: names with spaces don't work)
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 414
diff changeset
42 // Do the rest manually to allow whitespace in user/password.
405bdb9c6a77 Fix for wamos/issue96 (Login Behavior: names with spaces don't work)
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 414
diff changeset
43 cc.Host = config.DBHost()
405bdb9c6a77 Fix for wamos/issue96 (Login Behavior: names with spaces don't work)
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 414
diff changeset
44 cc.Port = uint16(config.DBPort())
405bdb9c6a77 Fix for wamos/issue96 (Login Behavior: names with spaces don't work)
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 414
diff changeset
45 cc.User = user
405bdb9c6a77 Fix for wamos/issue96 (Login Behavior: names with spaces don't work)
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 414
diff changeset
46 cc.Password = password
405bdb9c6a77 Fix for wamos/issue96 (Login Behavior: names with spaces don't work)
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 414
diff changeset
47 cc.Database = config.DBName()
28
714787accd26 Fetch database connection string parts from configuration.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 26
diff changeset
48
415
405bdb9c6a77 Fix for wamos/issue96 (Login Behavior: names with spaces don't work)
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 414
diff changeset
49 return stdlib.OpenDB(cc), nil
26
96a429c5f227 Fundamental connection pool based on tokens.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff changeset
50 }
124
bb9120d28950 Generate JWT from database roles.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 29
diff changeset
51
486
b2dc9c2f69e0 First stab to use the metamorphic db to do all database stuff.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 468
diff changeset
52 type metamorph struct {
b2dc9c2f69e0 First stab to use the metamorphic db to do all database stuff.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 468
diff changeset
53 sync.Mutex
b2dc9c2f69e0 First stab to use the metamorphic db to do all database stuff.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 468
diff changeset
54 db *sql.DB
b2dc9c2f69e0 First stab to use the metamorphic db to do all database stuff.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 468
diff changeset
55 }
b2dc9c2f69e0 First stab to use the metamorphic db to do all database stuff.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 468
diff changeset
56
b2dc9c2f69e0 First stab to use the metamorphic db to do all database stuff.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 468
diff changeset
57 var mm metamorph
b2dc9c2f69e0 First stab to use the metamorphic db to do all database stuff.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 468
diff changeset
58
b2dc9c2f69e0 First stab to use the metamorphic db to do all database stuff.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 468
diff changeset
59 func (m *metamorph) open() (*sql.DB, error) {
b2dc9c2f69e0 First stab to use the metamorphic db to do all database stuff.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 468
diff changeset
60 m.Lock()
b2dc9c2f69e0 First stab to use the metamorphic db to do all database stuff.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 468
diff changeset
61 defer m.Unlock()
b2dc9c2f69e0 First stab to use the metamorphic db to do all database stuff.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 468
diff changeset
62 if m.db != nil {
b2dc9c2f69e0 First stab to use the metamorphic db to do all database stuff.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 468
diff changeset
63 return m.db, nil
b2dc9c2f69e0 First stab to use the metamorphic db to do all database stuff.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 468
diff changeset
64 }
517
7e45aaec7081 Consolidate configuration parameters.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 501
diff changeset
65 user := config.DBUser()
501
c10c76c92797 Use metamorphic database connections for auth.RunAs().
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 486
diff changeset
66 if user == "" {
c10c76c92797 Use metamorphic database connections for auth.RunAs().
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 486
diff changeset
67 return nil, ErrNoMetamorphUser
c10c76c92797 Use metamorphic database connections for auth.RunAs().
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 486
diff changeset
68 }
517
7e45aaec7081 Consolidate configuration parameters.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 501
diff changeset
69 db, err := OpenDB(user, config.DBPassword())
486
b2dc9c2f69e0 First stab to use the metamorphic db to do all database stuff.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 468
diff changeset
70 if err != nil {
b2dc9c2f69e0 First stab to use the metamorphic db to do all database stuff.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 468
diff changeset
71 return nil, err
b2dc9c2f69e0 First stab to use the metamorphic db to do all database stuff.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 468
diff changeset
72 }
b2dc9c2f69e0 First stab to use the metamorphic db to do all database stuff.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 468
diff changeset
73 m.db = db
b2dc9c2f69e0 First stab to use the metamorphic db to do all database stuff.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 468
diff changeset
74 return db, nil
b2dc9c2f69e0 First stab to use the metamorphic db to do all database stuff.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 468
diff changeset
75 }
b2dc9c2f69e0 First stab to use the metamorphic db to do all database stuff.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 468
diff changeset
76
b2dc9c2f69e0 First stab to use the metamorphic db to do all database stuff.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 468
diff changeset
77 func MetamorphConn(ctx context.Context, user string) (*sql.Conn, error) {
b2dc9c2f69e0 First stab to use the metamorphic db to do all database stuff.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 468
diff changeset
78 db, err := mm.open()
b2dc9c2f69e0 First stab to use the metamorphic db to do all database stuff.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 468
diff changeset
79 if err != nil {
b2dc9c2f69e0 First stab to use the metamorphic db to do all database stuff.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 468
diff changeset
80 return nil, err
b2dc9c2f69e0 First stab to use the metamorphic db to do all database stuff.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 468
diff changeset
81 }
b2dc9c2f69e0 First stab to use the metamorphic db to do all database stuff.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 468
diff changeset
82 conn, err := db.Conn(ctx)
b2dc9c2f69e0 First stab to use the metamorphic db to do all database stuff.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 468
diff changeset
83 if err != nil {
b2dc9c2f69e0 First stab to use the metamorphic db to do all database stuff.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 468
diff changeset
84 return nil, err
b2dc9c2f69e0 First stab to use the metamorphic db to do all database stuff.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 468
diff changeset
85 }
b2dc9c2f69e0 First stab to use the metamorphic db to do all database stuff.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 468
diff changeset
86 if _, err := conn.ExecContext(ctx, `SELECT public.setrole_plan($1)`, user); err != nil {
b2dc9c2f69e0 First stab to use the metamorphic db to do all database stuff.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 468
diff changeset
87 conn.Close()
b2dc9c2f69e0 First stab to use the metamorphic db to do all database stuff.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 468
diff changeset
88 return nil, err
b2dc9c2f69e0 First stab to use the metamorphic db to do all database stuff.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 468
diff changeset
89 }
b2dc9c2f69e0 First stab to use the metamorphic db to do all database stuff.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 468
diff changeset
90 return conn, nil
b2dc9c2f69e0 First stab to use the metamorphic db to do all database stuff.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 468
diff changeset
91 }
b2dc9c2f69e0 First stab to use the metamorphic db to do all database stuff.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 468
diff changeset
92
124
bb9120d28950 Generate JWT from database roles.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 29
diff changeset
93 const allRoles = `
bb9120d28950 Generate JWT from database roles.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 29
diff changeset
94 WITH RECURSIVE cte AS (
bb9120d28950 Generate JWT from database roles.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 29
diff changeset
95 SELECT oid FROM pg_roles WHERE rolname = current_user
bb9120d28950 Generate JWT from database roles.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 29
diff changeset
96 UNION ALL
bb9120d28950 Generate JWT from database roles.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 29
diff changeset
97 SELECT m.roleid
bb9120d28950 Generate JWT from database roles.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 29
diff changeset
98 FROM cte
bb9120d28950 Generate JWT from database roles.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 29
diff changeset
99 JOIN pg_auth_members m ON m.member = cte.oid
bb9120d28950 Generate JWT from database roles.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 29
diff changeset
100 )
bb9120d28950 Generate JWT from database roles.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 29
diff changeset
101 SELECT rolname FROM pg_roles
453
a7dc68d8e22f Only let users in which are listed in users.list_users.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 447
diff changeset
102 WHERE oid IN (SELECT oid FROM cte) AND rolname <> current_user
a7dc68d8e22f Only let users in which are listed in users.list_users.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 447
diff changeset
103 AND EXISTS (SELECT 1 FROM users.list_users WHERE username = current_user)`
124
bb9120d28950 Generate JWT from database roles.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 29
diff changeset
104
447
62c909dd3098 Only allow log in if user has at least one of the roles 'sys_admin', 'waterway_admin', 'waterway_user'.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 438
diff changeset
105 func AllOtherRoles(user, password string) (Roles, error) {
302
0777aa6de45b Password reset. Part I
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 125
diff changeset
106 db, err := OpenDB(user, password)
124
bb9120d28950 Generate JWT from database roles.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 29
diff changeset
107 if err != nil {
bb9120d28950 Generate JWT from database roles.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 29
diff changeset
108 return nil, err
bb9120d28950 Generate JWT from database roles.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 29
diff changeset
109 }
bb9120d28950 Generate JWT from database roles.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 29
diff changeset
110 defer db.Close()
bb9120d28950 Generate JWT from database roles.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 29
diff changeset
111 rows, err := db.Query(allRoles)
bb9120d28950 Generate JWT from database roles.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 29
diff changeset
112 if err != nil {
bb9120d28950 Generate JWT from database roles.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 29
diff changeset
113 return nil, err
bb9120d28950 Generate JWT from database roles.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 29
diff changeset
114 }
bb9120d28950 Generate JWT from database roles.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 29
diff changeset
115 defer rows.Close()
bb9120d28950 Generate JWT from database roles.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 29
diff changeset
116
447
62c909dd3098 Only allow log in if user has at least one of the roles 'sys_admin', 'waterway_admin', 'waterway_user'.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 438
diff changeset
117 roles := Roles{} // explicit empty by intention.
124
bb9120d28950 Generate JWT from database roles.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 29
diff changeset
118
bb9120d28950 Generate JWT from database roles.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 29
diff changeset
119 for rows.Next() {
bb9120d28950 Generate JWT from database roles.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 29
diff changeset
120 var role string
bb9120d28950 Generate JWT from database roles.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 29
diff changeset
121 if err := rows.Scan(&role); err != nil {
bb9120d28950 Generate JWT from database roles.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 29
diff changeset
122 return nil, err
bb9120d28950 Generate JWT from database roles.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 29
diff changeset
123 }
bb9120d28950 Generate JWT from database roles.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 29
diff changeset
124 roles = append(roles, role)
bb9120d28950 Generate JWT from database roles.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 29
diff changeset
125 }
bb9120d28950 Generate JWT from database roles.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 29
diff changeset
126 return roles, rows.Err()
bb9120d28950 Generate JWT from database roles.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 29
diff changeset
127 }
438
ffdb507d5b42 Removed db service user. Use an impersonated metamorph user instead.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 415
diff changeset
128
1327
cabf4789e02b To make golint happier made context.Context to be the first argument of auth.RunAs.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 1017
diff changeset
129 func RunAs(ctx context.Context, role string, fn func(*sql.Conn) error) error {
501
c10c76c92797 Use metamorphic database connections for auth.RunAs().
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 486
diff changeset
130 conn, err := MetamorphConn(ctx, role)
438
ffdb507d5b42 Removed db service user. Use an impersonated metamorph user instead.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 415
diff changeset
131 if err != nil {
501
c10c76c92797 Use metamorphic database connections for auth.RunAs().
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 486
diff changeset
132 return err
438
ffdb507d5b42 Removed db service user. Use an impersonated metamorph user instead.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 415
diff changeset
133 }
501
c10c76c92797 Use metamorphic database connections for auth.RunAs().
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 486
diff changeset
134 defer conn.Close()
c10c76c92797 Use metamorphic database connections for auth.RunAs().
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 486
diff changeset
135 return fn(conn)
438
ffdb507d5b42 Removed db service user. Use an impersonated metamorph user instead.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 415
diff changeset
136 }
870
29c11f4bf9db Started with endpoint to upload geo style.
Sascha L. Teichmann <teichmann@intevation.de>
parents: 517
diff changeset
137
29c11f4bf9db Started with endpoint to upload geo style.
Sascha L. Teichmann <teichmann@intevation.de>
parents: 517
diff changeset
138 func RunAsSessionUser(req *http.Request, fn func(*sql.Conn) error) error {
29c11f4bf9db Started with endpoint to upload geo style.
Sascha L. Teichmann <teichmann@intevation.de>
parents: 517
diff changeset
139 token, ok := GetToken(req)
29c11f4bf9db Started with endpoint to upload geo style.
Sascha L. Teichmann <teichmann@intevation.de>
parents: 517
diff changeset
140 if !ok {
29c11f4bf9db Started with endpoint to upload geo style.
Sascha L. Teichmann <teichmann@intevation.de>
parents: 517
diff changeset
141 return ErrNotLoggedIn
29c11f4bf9db Started with endpoint to upload geo style.
Sascha L. Teichmann <teichmann@intevation.de>
parents: 517
diff changeset
142 }
29c11f4bf9db Started with endpoint to upload geo style.
Sascha L. Teichmann <teichmann@intevation.de>
parents: 517
diff changeset
143 session := Sessions.Session(token)
29c11f4bf9db Started with endpoint to upload geo style.
Sascha L. Teichmann <teichmann@intevation.de>
parents: 517
diff changeset
144 if session == nil {
29c11f4bf9db Started with endpoint to upload geo style.
Sascha L. Teichmann <teichmann@intevation.de>
parents: 517
diff changeset
145 return ErrNotLoggedIn
29c11f4bf9db Started with endpoint to upload geo style.
Sascha L. Teichmann <teichmann@intevation.de>
parents: 517
diff changeset
146 }
1327
cabf4789e02b To make golint happier made context.Context to be the first argument of auth.RunAs.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 1017
diff changeset
147 return RunAs(req.Context(), session.User, fn)
870
29c11f4bf9db Started with endpoint to upload geo style.
Sascha L. Teichmann <teichmann@intevation.de>
parents: 517
diff changeset
148 }