From e92d5a507cd198710ed5ca63d6361c131d6a9d3a Mon Sep 17 00:00:00 2001 From: Kim Date: Thu, 13 Jul 2023 09:40:04 +0200 Subject: [PATCH] Included Write keys for s3 --- csharp/App/Backend/Controller.cs | 11 +++++--- csharp/App/Backend/DataTypes/Installation.cs | 2 ++ .../App/Backend/DataTypes/Methods/ExoCmd.cs | 25 ++++++++++++++++-- .../Backend/DataTypes/Methods/Installation.cs | 23 +++++++++++++--- .../App/Backend/DataTypes/Methods/Session.cs | 2 +- .../App/Backend/DataTypes/Methods/TreeNode.cs | 4 +-- csharp/App/Backend/Database/Db.cs | 2 +- csharp/App/Backend/Program.cs | 14 +++++++--- csharp/App/Backend/db.sqlite | Bin 122880 -> 122880 bytes 9 files changed, 66 insertions(+), 17 deletions(-) diff --git a/csharp/App/Backend/Controller.cs b/csharp/App/Backend/Controller.cs index 549e5e8fc..f3e80527e 100644 --- a/csharp/App/Backend/Controller.cs +++ b/csharp/App/Backend/Controller.cs @@ -20,6 +20,7 @@ public class Controller : ControllerBase if (user is null) { + Console.WriteLine("I have no user"); throw new Exceptions(400,"Null User Exception", "Must provide a user to log in as.", Request.Path.Value!); } @@ -80,10 +81,11 @@ public class Controller : ControllerBase if (installation is null || !user.HasAccessTo(installation)) return Unauthorized(); - + return installation .FillOrderNumbers() - .HideParentIfUserHasNoAccessToParent(user); + .HideParentIfUserHasNoAccessToParent(user) + .HideWriteKeyIfUserIsNotAdmin(user.HasWriteAccess); } [HttpGet(nameof(GetUsersWithDirectAccessToInstallation))] @@ -210,7 +212,7 @@ public class Controller : ControllerBase return user .AccessibleInstallations() - .Select(i => i.FillOrderNumbers().HideParentIfUserHasNoAccessToParent(user)) + .Select(i => i.FillOrderNumbers().HideParentIfUserHasNoAccessToParent(user).HideWriteKeyIfUserIsNotAdmin(user.HasWriteAccess)) .ToList(); } @@ -245,6 +247,7 @@ public class Controller : ControllerBase .OfType(); // Important! JSON serializer must see Objects otherwise // it will just serialize the members of TreeNode %&@#!!! + // TODO Filter out write keys return new (foldersAndInstallations); } @@ -371,7 +374,7 @@ public class Controller : ControllerBase if (!session.Update(installation)) return Unauthorized(); - return installation.FillOrderNumbers().HideParentIfUserHasNoAccessToParent(session!.User); + return installation.FillOrderNumbers().HideParentIfUserHasNoAccessToParent(session!.User).HideWriteKeyIfUserIsNotAdmin(session.User.HasWriteAccess); } diff --git a/csharp/App/Backend/DataTypes/Installation.cs b/csharp/App/Backend/DataTypes/Installation.cs index f4620d56b..14c00da48 100644 --- a/csharp/App/Backend/DataTypes/Installation.cs +++ b/csharp/App/Backend/DataTypes/Installation.cs @@ -17,6 +17,8 @@ public class Installation : TreeNode public String S3Region { get; set; } = ""; public String S3Provider { get; set; } = ""; + public String S3WriteKey { get; set; } = ""; public String S3Key { get; set; } = ""; + public String S3WriteSecret { get; set; } = ""; public String S3Secret { get; set; } = ""; } \ No newline at end of file diff --git a/csharp/App/Backend/DataTypes/Methods/ExoCmd.cs b/csharp/App/Backend/DataTypes/Methods/ExoCmd.cs index d7f5af920..97c77ac60 100644 --- a/csharp/App/Backend/DataTypes/Methods/ExoCmd.cs +++ b/csharp/App/Backend/DataTypes/Methods/ExoCmd.cs @@ -9,7 +9,7 @@ public static class ExoCmd private static readonly Command Exo = Cli.Wrap("exo"); private const String ConfigFile = "./exoscale.toml"; - public static async Task<(String key, String secret)> CreateKey(this Installation installation) + public static async Task<(String key, String secret)> CreateReadKey(this Installation installation) { //if (installation.Id != 1) return "help"; //Todo remove me I am for debugging @@ -30,8 +30,29 @@ public static class ExoCmd //return $"{key};{secret}"; } + + public static async Task<(String key, String secret)> CreateWriteKey(this Installation installation) + { + //if (installation.Id != 1) return "help"; //Todo remove me I am for debugging - public static async void RevokeKey(this Installation installation) + + + var preParse = await Exo + .WithArguments("iam access-key create " + installation.BucketName() + + " --resource sos/bucket:" + installation.BucketName() + + " -C " + ConfigFile + + " -O text") + .ExecuteBufferedAsync(); + + var key = preParse.StandardOutput.Split("\t")[2]; + var secret = preParse.StandardOutput.Split("\t")[3]; + + return (key, secret); + + //return $"{key};{secret}"; + } + + public static async void RevokeReadKey(this Installation installation) { try { diff --git a/csharp/App/Backend/DataTypes/Methods/Installation.cs b/csharp/App/Backend/DataTypes/Methods/Installation.cs index 92ca2a4c7..62ba3453a 100644 --- a/csharp/App/Backend/DataTypes/Methods/Installation.cs +++ b/csharp/App/Backend/DataTypes/Methods/Installation.cs @@ -14,13 +14,21 @@ public static class InstallationMethods return $"{installation.Id}-{BucketNameSalt}"; } - public static async Task RenewS3BucketUrl(this Installation installation) + public static async Task RenewS3Credentials(this Installation installation) { - installation.RevokeKey(); - var (key, secret) = await installation.CreateKey(); + installation.RevokeReadKey(); + var (key, secret) = await installation.CreateReadKey(); + if (installation.S3WriteKey == "" || installation.S3WriteSecret == "") + { + var (writeKey, writeSecret) = await installation.CreateWriteKey(); + installation.S3WriteSecret = writeSecret; + installation.S3WriteKey = writeKey; + } + installation.S3Key = key; installation.S3Secret = secret; + return Db.Update(installation); } @@ -99,6 +107,15 @@ public static class InstallationMethods return Db.GetFolderById(installation.ParentId); } + public static Installation HideWriteKeyIfUserIsNotAdmin(this Installation installation, Boolean userIsAdmin) + { + if(userIsAdmin) return installation; + installation.S3WriteKey = ""; + installation.S3WriteSecret = ""; + + return installation; + } + public static Boolean WasMoved(this Installation installation) { var existingInstallation = Db.GetInstallationById(installation.Id); diff --git a/csharp/App/Backend/DataTypes/Methods/Session.cs b/csharp/App/Backend/DataTypes/Methods/Session.cs index 0e3eb1685..3ba5641de 100644 --- a/csharp/App/Backend/DataTypes/Methods/Session.cs +++ b/csharp/App/Backend/DataTypes/Methods/Session.cs @@ -89,7 +89,7 @@ public static class SessionMethods && Db.Create(installation) // TODO: these two in a transaction && Db.Create(new InstallationAccess { UserId = user.Id, InstallationId = installation.Id }) && await installation.CreateBucket() - && await installation.RenewS3BucketUrl(); // generation of access _after_ generation of + && await installation.RenewS3Credentials(); // generation of access _after_ generation of // bucket to prevent "zombie" access-rights. } diff --git a/csharp/App/Backend/DataTypes/Methods/TreeNode.cs b/csharp/App/Backend/DataTypes/Methods/TreeNode.cs index cb88be7d8..ab3ea5091 100644 --- a/csharp/App/Backend/DataTypes/Methods/TreeNode.cs +++ b/csharp/App/Backend/DataTypes/Methods/TreeNode.cs @@ -29,10 +29,10 @@ public static class TreeNodeMethods { treeNode.ParentId = 0; } - + return node; } - + public static TreeNode FillOrderNumbers(this TreeNode treeNode) { if (treeNode is Installation installation) diff --git a/csharp/App/Backend/Database/Db.cs b/csharp/App/Backend/Database/Db.cs index ac2a71e90..ea82f6788 100644 --- a/csharp/App/Backend/Database/Db.cs +++ b/csharp/App/Backend/Database/Db.cs @@ -112,7 +112,7 @@ public static partial class Db foreach (var installation in installationsToUpdate) { - await installation.RenewS3BucketUrl(); + await installation.RenewS3Credentials(); } } diff --git a/csharp/App/Backend/Program.cs b/csharp/App/Backend/Program.cs index 3373101be..3e49baeb2 100644 --- a/csharp/App/Backend/Program.cs +++ b/csharp/App/Backend/Program.cs @@ -1,5 +1,6 @@ using Hellang.Middleware.ProblemDetails; using InnovEnergy.App.Backend.Database; +using Microsoft.AspNetCore.HttpOverrides; using Microsoft.AspNetCore.Mvc; using Microsoft.OpenApi.Models; @@ -11,9 +12,8 @@ public static class Program { //Db.CreateFakeRelations(); Db.Init(); - - var builder = WebApplication.CreateBuilder(args); + var builder = WebApplication.CreateBuilder(args); builder.Services.AddControllers(); builder.Services.AddProblemDetails(setup => { @@ -38,19 +38,25 @@ public static class Program }); var app = builder.Build(); - + + app.UseForwardedHeaders(new ForwardedHeadersOptions + { + ForwardedHeaders = ForwardedHeaders.XForwardedFor | ForwardedHeaders.XForwardedProto + }); + if (app.Environment.IsDevelopment()) { app.UseSwagger(); app.UseSwaggerUI(); } - + app.UseCors(p => p.AllowAnyOrigin().AllowAnyHeader().AllowAnyMethod()) ; app.UseHttpsRedirection(); app.MapControllers(); app.UseProblemDetails(); app.Run(); + } private static OpenApiInfo OpenApiInfo { get; } = new OpenApiInfo diff --git a/csharp/App/Backend/db.sqlite b/csharp/App/Backend/db.sqlite index 0d0b831741990c3b56a701a6fa1c617fedc9c08e..2fcbf7c64e053a60a0087c98b34bfc9736f54d73 100644 GIT binary patch delta 844 zcmaiyOHUeM6o$WHU}TJNbYYs_f{DGv7|IL-!n6y;yT}N5p<lU7ag^?otu+<=X-OW^Parr?S}Gp!?UZ{ zK;>E=Ht_1vOR!rYhhP(OwU%ZHI&NDUX_9O~E`;n$d0kO^6jjxh??|eYPZcGV;|pz5 zr~T@tYrg3dBH+0NzQaDet2x^?fF)W9oF+$9-Qd${-cU3(BnXnO+i|=Vo6@DcMN`3w z-y{dMv?%4zKM_J?^|R-exyv4c1K6vzP#?kRz+Kp1o~3%weaRFYBRGNMT1(GYuvu|C zW~rS-iMFQO2zMgnM9vBrrju`u<~1hc_ z(;`g;1g{iiSs}#sPt8-laWAV;p=n?L?1GY98sZ|!g}7q$7Q=lb`BFIAFLL4d1fNzi zd?A+C49zHJrD|oR`vEI50a0dTmSSj8V!K3dARq^2CP#DJbZTsrE)6FlQD3y6Jzktm zga=u6a#1QymZpqCERoDGDI@fIE=5r^$L9^jkc4^jHe9uHb;P+w;{W-nuB^J_rW-+) zX@5WxWJV0kG5nlQlDb4eWWvi6!R*leI6q4T41X%3iv{mYN=+(*Vu5n|O5+1FVJ29h zrsK(fROWTr`k@gA9l;K~0R1cy58Z@~BMB55EG4wjSSFHHn4t(|q|&lyI1%F}{fknb zp3Brd{zxjX5$oyq;#Uaz3)w1+8;^C@G&$czLHWqc{;@njQYOUw59il>3tI@s8m z#Tb)WL9hiCsGH1n2;aat>>?m>D!K?`+o)?;hdKWc!B6-Bhh}p2;kp$kG2*nC86q)D lqj_Z_i!7M%j%COZeFs`DZck&)O_#FoA#aEcpzcy$o#pGa2~5@;~Ok zwV6+0I=>~8C>ygOr)OSqNn%b;Vo7Fxo?~)yYH=|G0|O6dFpvQh;b&o1<#fx>Nl7h& zNU}3Ci%!0$uLd;#Ed&4C&4Lb(`6s`%7hlfez$mbpCE%Yt&o%~TzKIO{>U#u~C|VMY4s3Wty3Zk&%(Hp_xa1VtHVAQI3UMsX?)K zrlm=VccyVls-=@xYPex=l&7ajicwmLx3RfFWN>0mW^Q7Ifq{XcZ(>nNW=U#th6f|R z{ABHVPab(uWeyHrWl3IM2Ia{Db=v$0)y6=7c>xu4KLdqd@^Am# I&&V4907%7e^#A|>