web_ui

package
v0.0.0-...-c116fac Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Apr 29, 2024 License: Apache-2.0 Imports: 78 Imported by: 0

README

A short README explaining our authorization permissions, specifically regarding tokens recieved from the URL or Header vs the login cookie.

Tokens that are part of the HTTP Request Header e.g. {"Authorization": "Bearer +"<token>} and that are set in the URL Query via Authz are considered valid if they are signed by either the Federation jwk or the Origin jwk.

However, tokens that are retrieved from the login cookie ctx.Cookie("login") are ONLY valid if the are signed by the Origin jwk. This can be seen in the prometheus code and how it accesses the functions in Authorization.go

Documentation

Index

Constants

This section is empty.

Variables

View Source 
var ErrNotReady = errors.New("Scrape manager not ready")

ErrNotReady is returned if the underlying scrape manager is not ready yet.

Functions

func AdminAuthHandler 

func AdminAuthHandler(ctx *gin.Context)

adminAuthHandler checks the admin status of a logged-in user. This middleware should be cascaded behind the web_ui.AuthHandler

func AuthHandler 

func AuthHandler(ctx *gin.Context)

Check if user is authenticated by checking if the "login" cookie is present and set the user identity to ctx

func CheckAdmin 

func CheckAdmin(user string) (isAdmin bool, message string)

checkAdmin checks if a user string has admin privilege. It returns boolean and a message indicating the error message.

Note that by default it only checks if user == "admin". If you have a custom list of admin identifiers to check, you should set Server.UIAdminUsers. See parameters.yaml for details.

func ConfigOAuthClientAPIs 

func ConfigOAuthClientAPIs(engine *gin.Engine) error

Configure OAuth2 client and register related authentication endpoints for Web UI

func ConfigureEmbeddedPrometheus 

func ConfigureEmbeddedPrometheus(ctx context.Context, engine *gin.Engine) error

func ConfigureServerWebAPI added in v1.0.4 

func ConfigureServerWebAPI(ctx context.Context, engine *gin.Engine, egrp *errgroup.Group) error

Configure endpoints for server web APIs. This function does not configure any UI specific paths but just redirect root path to /view.

You need to mount the static resources for UI in a separate function

func GetEngine 

func GetEngine() (*gin.Engine, error)

func GetUser 

func GetUser(ctx *gin.Context) (string, error)

Get the "subject" claim from the JWT that "login" cookie stores, where subject is set to be the username. Return empty string if no "login" cookie is present

func InitServerWebLogin added in v1.0.4 

func InitServerWebLogin(ctx context.Context) error

Setup the initial server web login by sending the one-time code to stdout and record health status of the WebUI based on the success of the initialization

func RunEngine 

func RunEngine(ctx context.Context, engine *gin.Engine, egrp *errgroup.Group) error

Run the gin engine in the current goroutine.

Will use a background golang routine to periodically reload the certificate utilized by the UI.

func RunEngineRoutine 

func RunEngineRoutine(ctx context.Context, engine *gin.Engine, egrp *errgroup.Group, curRoutine bool) error

Run the gin engine; if curRoutine is false, it will run in a background goroutine.

func RunEngineRoutineWithListener 

func RunEngineRoutineWithListener(ctx context.Context, engine *gin.Engine, egrp *errgroup.Group, curRoutine bool, ln net.Listener) error

Run the web engine connected to a provided listener `ln`.

func WritePasswordEntry added in v1.0.4 

func WritePasswordEntry(user, password string) error

Types

type InitLogin added in v1.0.4 

type InitLogin struct {
	Code string `form:"code"`
}

type Login added in v1.0.4 

type Login struct {
	User     string `form:"user"`
	Password string `form:"password"`
}

type LogrusAdapter added in v1.0.4 

type LogrusAdapter struct {
	*logrus.Logger
	// contains filtered or unexported fields
}

func (LogrusAdapter) Log added in v1.0.4 

func (a LogrusAdapter) Log(keyvals ...interface{}) error

Log method which satisfies the kitlog.Logger interface. It also propragates field level and field message to top level log

type OIDCEnabledServerRes 

type OIDCEnabledServerRes struct {
	ODICEnabledServers []string `json:"oidc_enabled_servers"`
}

type PasswordReset added in v1.0.4 

type PasswordReset struct {
	Password string `form:"password"`
}

type ReadyHandler 

type ReadyHandler struct {
	// contains filtered or unexported fields
}

func (*ReadyHandler) SetReady 

func (h *ReadyHandler) SetReady(v bool)

type UserRole 

type UserRole string
const (
	AdminRole    UserRole = "admin"
	NonAdminRole UserRole = "user"
)

type WhoAmIRes 

type WhoAmIRes struct {
	Authenticated bool     `json:"authenticated"`
	Role          UserRole `json:"role"`
	User          string   `json:"user"`
}

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.