Included Write keys for s3

csharp/App/Backend/Controller.cs

@@ -20,6 +20,7 @@ public class Controller : ControllerBase
 
         if (user is null)
         {
+            Console.WriteLine("I have no user");
             throw new Exceptions(400,"Null User Exception", "Must provide a user to log in as.", Request.Path.Value!);
         }
 
@@ -83,7 +84,8 @@ public class Controller : ControllerBase
         
         return installation
               .FillOrderNumbers()
-              .HideParentIfUserHasNoAccessToParent(user);
+              .HideParentIfUserHasNoAccessToParent(user)
+              .HideWriteKeyIfUserIsNotAdmin(user.HasWriteAccess);
     }
     
     [HttpGet(nameof(GetUsersWithDirectAccessToInstallation))]
@@ -210,7 +212,7 @@ public class Controller : ControllerBase
 
         return user
                .AccessibleInstallations()
-               .Select(i => i.FillOrderNumbers().HideParentIfUserHasNoAccessToParent(user))
+               .Select(i => i.FillOrderNumbers().HideParentIfUserHasNoAccessToParent(user).HideWriteKeyIfUserIsNotAdmin(user.HasWriteAccess))
                .ToList();
     }
     
@@ -245,6 +247,7 @@ public class Controller : ControllerBase
             .OfType<Object>();  // Important! JSON serializer must see Objects otherwise
                                 // it will just serialize the members of TreeNode %&@#!!!
         
+                                // TODO Filter out write keys
         return new (foldersAndInstallations);
     }
     
@@ -371,7 +374,7 @@ public class Controller : ControllerBase
         if (!session.Update(installation))
             return Unauthorized();
         
-        return installation.FillOrderNumbers().HideParentIfUserHasNoAccessToParent(session!.User);
+        return installation.FillOrderNumbers().HideParentIfUserHasNoAccessToParent(session!.User).HideWriteKeyIfUserIsNotAdmin(session.User.HasWriteAccess);
     }
     
     

csharp/App/Backend/DataTypes/Installation.cs

@@ -17,6 +17,8 @@ public class Installation : TreeNode
     
     public String S3Region   { get; set; } = "";
     public String S3Provider { get; set; } = "";
+    public String S3WriteKey      { get; set; } = "";
     public String S3Key      { get; set; } = "";
+    public String S3WriteSecret   { get; set; } = "";
     public String S3Secret   { get; set; } = "";
 }

csharp/App/Backend/DataTypes/Methods/ExoCmd.cs

@@ -9,7 +9,7 @@ public static class ExoCmd
     private static readonly Command Exo = Cli.Wrap("exo");
     private const String ConfigFile = "./exoscale.toml";
 
-    public static async Task<(String key, String secret)> CreateKey(this Installation installation)
+    public static async Task<(String key, String secret)> CreateReadKey(this Installation installation)
     {
         //if (installation.Id != 1) return "help"; //Todo remove me I am for debugging
 
@@ -31,7 +31,28 @@ public static class ExoCmd
         //return $"{key};{secret}";
     }
     
-    public static async void RevokeKey(this Installation installation)
+    public static async Task<(String key, String secret)> CreateWriteKey(this Installation installation)
+    {
+        //if (installation.Id != 1) return "help"; //Todo remove me I am for debugging
+
+
+        
+        var preParse = await Exo
+            .WithArguments("iam access-key create " + installation.BucketName()
+                                                    + " --resource  sos/bucket:" + installation.BucketName()
+                                                    + " -C " + ConfigFile
+                                                    + " -O text")
+            .ExecuteBufferedAsync();
+
+        var key    = preParse.StandardOutput.Split("\t")[2];
+        var secret = preParse.StandardOutput.Split("\t")[3];
+
+        return (key, secret);
+        
+        //return $"{key};{secret}";
+    }
+
+    public static async void RevokeReadKey(this Installation installation)
     {
         try
         {

csharp/App/Backend/DataTypes/Methods/Installation.cs

@@ -14,14 +14,22 @@ public static class InstallationMethods
         return $"{installation.Id}-{BucketNameSalt}";
     }
 
-    public static async Task<Boolean> RenewS3BucketUrl(this Installation installation)
+    public static async Task<Boolean> RenewS3Credentials(this Installation installation)
     {
-        installation.RevokeKey();
+        installation.RevokeReadKey();
-        var (key, secret) = await installation.CreateKey();
+        var (key, secret) = await installation.CreateReadKey();
+
+        if (installation.S3WriteKey == "" || installation.S3WriteSecret == "")
+        {
+            var (writeKey, writeSecret) = await installation.CreateWriteKey();
+            installation.S3WriteSecret = writeSecret;
+            installation.S3WriteKey = writeKey;
+        }
         
         installation.S3Key    = key;
         installation.S3Secret = secret;
 
+        
         return Db.Update(installation);
     }
     
@@ -99,6 +107,15 @@ public static class InstallationMethods
         return Db.GetFolderById(installation.ParentId);
     }
     
+    public static Installation HideWriteKeyIfUserIsNotAdmin(this Installation installation, Boolean userIsAdmin)
+    {
+        if(userIsAdmin) return installation;
+        installation.S3WriteKey = "";
+        installation.S3WriteSecret = "";
+
+        return installation;
+    }
+    
     public static Boolean WasMoved(this Installation installation)
     {
         var existingInstallation = Db.GetInstallationById(installation.Id);

csharp/App/Backend/DataTypes/Methods/Session.cs

@@ -89,7 +89,7 @@ public static class SessionMethods
             && Db.Create(installation)           // TODO: these two in a transaction
             && Db.Create(new InstallationAccess { UserId = user.Id, InstallationId = installation.Id })
             && await installation.CreateBucket() 
-            && await installation.RenewS3BucketUrl();   // generation of access _after_ generation of  
+            && await installation.RenewS3Credentials();   // generation of access _after_ generation of  
                                                         // bucket to prevent "zombie" access-rights.   
     }
 

csharp/App/Backend/Database/Db.cs

@@ -112,7 +112,7 @@ public static partial class Db
         
         foreach (var installation in installationsToUpdate)
         {
-            await installation.RenewS3BucketUrl();
+            await installation.RenewS3Credentials();
         }
     }
     

csharp/App/Backend/Program.cs

@@ -1,5 +1,6 @@
 using Hellang.Middleware.ProblemDetails;
 using InnovEnergy.App.Backend.Database;
+using Microsoft.AspNetCore.HttpOverrides;
 using Microsoft.AspNetCore.Mvc;
 using Microsoft.OpenApi.Models;
 
@@ -13,7 +14,6 @@ public static class Program
         Db.Init();
 
         var builder = WebApplication.CreateBuilder(args);
-
         builder.Services.AddControllers();
         builder.Services.AddProblemDetails(setup =>
         {
@@ -39,6 +39,11 @@ public static class Program
 
         var app = builder.Build();
         
+        app.UseForwardedHeaders(new ForwardedHeadersOptions
+        {
+            ForwardedHeaders = ForwardedHeaders.XForwardedFor | ForwardedHeaders.XForwardedProto
+        });
+        
         if (app.Environment.IsDevelopment())
         {
             app.UseSwagger();
@@ -51,6 +56,7 @@ public static class Program
         app.UseProblemDetails();
 
         app.Run();
+        
     }
 
     private static OpenApiInfo OpenApiInfo { get; } = new OpenApiInfo