Included Write keys for s3
This commit is contained in:
Kim
parent
4b873306e3
commit
e92d5a507c
|
|
@ -20,6 +20,7 @@ public class Controller : ControllerBase
|
|||
|
||||
if (user is null)
|
||||
{
|
||||
Console.WriteLine("I have no user");
|
||||
throw new Exceptions(400,"Null User Exception", "Must provide a user to log in as.", Request.Path.Value!);
|
||||
}
|
||||
|
||||
|
|
@ -80,10 +81,11 @@ public class Controller : ControllerBase
|
|||
|
||||
if (installation is null || !user.HasAccessTo(installation))
|
||||
return Unauthorized();
|
||||
|
||||
|
||||
return installation
|
||||
.FillOrderNumbers()
|
||||
.HideParentIfUserHasNoAccessToParent(user);
|
||||
.HideParentIfUserHasNoAccessToParent(user)
|
||||
.HideWriteKeyIfUserIsNotAdmin(user.HasWriteAccess);
|
||||
}
|
||||
|
||||
[HttpGet(nameof(GetUsersWithDirectAccessToInstallation))]
|
||||
|
|
@ -210,7 +212,7 @@ public class Controller : ControllerBase
|
|||
|
||||
return user
|
||||
.AccessibleInstallations()
|
||||
.Select(i => i.FillOrderNumbers().HideParentIfUserHasNoAccessToParent(user))
|
||||
.Select(i => i.FillOrderNumbers().HideParentIfUserHasNoAccessToParent(user).HideWriteKeyIfUserIsNotAdmin(user.HasWriteAccess))
|
||||
.ToList();
|
||||
}
|
||||
|
||||
|
|
@ -245,6 +247,7 @@ public class Controller : ControllerBase
|
|||
.OfType<Object>(); // Important! JSON serializer must see Objects otherwise
|
||||
// it will just serialize the members of TreeNode %&@#!!!
|
||||
|
||||
// TODO Filter out write keys
|
||||
return new (foldersAndInstallations);
|
||||
}
|
||||
|
||||
|
|
@ -371,7 +374,7 @@ public class Controller : ControllerBase
|
|||
if (!session.Update(installation))
|
||||
return Unauthorized();
|
||||
|
||||
return installation.FillOrderNumbers().HideParentIfUserHasNoAccessToParent(session!.User);
|
||||
return installation.FillOrderNumbers().HideParentIfUserHasNoAccessToParent(session!.User).HideWriteKeyIfUserIsNotAdmin(session.User.HasWriteAccess);
|
||||
}
|
||||
|
||||
|
||||
|
|
|
|||
|
|
@ -17,6 +17,8 @@ public class Installation : TreeNode
|
|||
|
||||
public String S3Region { get; set; } = "";
|
||||
public String S3Provider { get; set; } = "";
|
||||
public String S3WriteKey { get; set; } = "";
|
||||
public String S3Key { get; set; } = "";
|
||||
public String S3WriteSecret { get; set; } = "";
|
||||
public String S3Secret { get; set; } = "";
|
||||
}
|
||||
|
|
@ -9,7 +9,7 @@ public static class ExoCmd
|
|||
private static readonly Command Exo = Cli.Wrap("exo");
|
||||
private const String ConfigFile = "./exoscale.toml";
|
||||
|
||||
public static async Task<(String key, String secret)> CreateKey(this Installation installation)
|
||||
public static async Task<(String key, String secret)> CreateReadKey(this Installation installation)
|
||||
{
|
||||
//if (installation.Id != 1) return "help"; //Todo remove me I am for debugging
|
||||
|
||||
|
|
@ -30,8 +30,29 @@ public static class ExoCmd
|
|||
|
||||
//return $"{key};{secret}";
|
||||
}
|
||||
|
||||
public static async Task<(String key, String secret)> CreateWriteKey(this Installation installation)
|
||||
{
|
||||
//if (installation.Id != 1) return "help"; //Todo remove me I am for debugging
|
||||
|
||||
public static async void RevokeKey(this Installation installation)
|
||||
|
||||
|
||||
var preParse = await Exo
|
||||
.WithArguments("iam access-key create " + installation.BucketName()
|
||||
+ " --resource sos/bucket:" + installation.BucketName()
|
||||
+ " -C " + ConfigFile
|
||||
+ " -O text")
|
||||
.ExecuteBufferedAsync();
|
||||
|
||||
var key = preParse.StandardOutput.Split("\t")[2];
|
||||
var secret = preParse.StandardOutput.Split("\t")[3];
|
||||
|
||||
return (key, secret);
|
||||
|
||||
//return $"{key};{secret}";
|
||||
}
|
||||
|
||||
public static async void RevokeReadKey(this Installation installation)
|
||||
{
|
||||
try
|
||||
{
|
||||
|
|
|
|||
|
|
@ -14,13 +14,21 @@ public static class InstallationMethods
|
|||
return $"{installation.Id}-{BucketNameSalt}";
|
||||
}
|
||||
|
||||
public static async Task<Boolean> RenewS3BucketUrl(this Installation installation)
|
||||
public static async Task<Boolean> RenewS3Credentials(this Installation installation)
|
||||
{
|
||||
installation.RevokeKey();
|
||||
var (key, secret) = await installation.CreateKey();
|
||||
installation.RevokeReadKey();
|
||||
var (key, secret) = await installation.CreateReadKey();
|
||||
|
||||
if (installation.S3WriteKey == "" || installation.S3WriteSecret == "")
|
||||
{
|
||||
var (writeKey, writeSecret) = await installation.CreateWriteKey();
|
||||
installation.S3WriteSecret = writeSecret;
|
||||
installation.S3WriteKey = writeKey;
|
||||
}
|
||||
|
||||
installation.S3Key = key;
|
||||
installation.S3Secret = secret;
|
||||
|
||||
|
||||
return Db.Update(installation);
|
||||
}
|
||||
|
|
@ -99,6 +107,15 @@ public static class InstallationMethods
|
|||
return Db.GetFolderById(installation.ParentId);
|
||||
}
|
||||
|
||||
public static Installation HideWriteKeyIfUserIsNotAdmin(this Installation installation, Boolean userIsAdmin)
|
||||
{
|
||||
if(userIsAdmin) return installation;
|
||||
installation.S3WriteKey = "";
|
||||
installation.S3WriteSecret = "";
|
||||
|
||||
return installation;
|
||||
}
|
||||
|
||||
public static Boolean WasMoved(this Installation installation)
|
||||
{
|
||||
var existingInstallation = Db.GetInstallationById(installation.Id);
|
||||
|
|
|
|||
|
|
@ -89,7 +89,7 @@ public static class SessionMethods
|
|||
&& Db.Create(installation) // TODO: these two in a transaction
|
||||
&& Db.Create(new InstallationAccess { UserId = user.Id, InstallationId = installation.Id })
|
||||
&& await installation.CreateBucket()
|
||||
&& await installation.RenewS3BucketUrl(); // generation of access _after_ generation of
|
||||
&& await installation.RenewS3Credentials(); // generation of access _after_ generation of
|
||||
// bucket to prevent "zombie" access-rights.
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -29,10 +29,10 @@ public static class TreeNodeMethods
|
|||
{
|
||||
treeNode.ParentId = 0;
|
||||
}
|
||||
|
||||
|
||||
return node;
|
||||
}
|
||||
|
||||
|
||||
public static TreeNode FillOrderNumbers(this TreeNode treeNode)
|
||||
{
|
||||
if (treeNode is Installation installation)
|
||||
|
|
|
|||
|
|
@ -112,7 +112,7 @@ public static partial class Db
|
|||
|
||||
foreach (var installation in installationsToUpdate)
|
||||
{
|
||||
await installation.RenewS3BucketUrl();
|
||||
await installation.RenewS3Credentials();
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -1,5 +1,6 @@
|
|||
using Hellang.Middleware.ProblemDetails;
|
||||
using InnovEnergy.App.Backend.Database;
|
||||
using Microsoft.AspNetCore.HttpOverrides;
|
||||
using Microsoft.AspNetCore.Mvc;
|
||||
using Microsoft.OpenApi.Models;
|
||||
|
||||
|
|
@ -11,9 +12,8 @@ public static class Program
|
|||
{
|
||||
//Db.CreateFakeRelations();
|
||||
Db.Init();
|
||||
|
||||
var builder = WebApplication.CreateBuilder(args);
|
||||
|
||||
var builder = WebApplication.CreateBuilder(args);
|
||||
builder.Services.AddControllers();
|
||||
builder.Services.AddProblemDetails(setup =>
|
||||
{
|
||||
|
|
@ -38,19 +38,25 @@ public static class Program
|
|||
});
|
||||
|
||||
var app = builder.Build();
|
||||
|
||||
|
||||
app.UseForwardedHeaders(new ForwardedHeadersOptions
|
||||
{
|
||||
ForwardedHeaders = ForwardedHeaders.XForwardedFor | ForwardedHeaders.XForwardedProto
|
||||
});
|
||||
|
||||
if (app.Environment.IsDevelopment())
|
||||
{
|
||||
app.UseSwagger();
|
||||
app.UseSwaggerUI();
|
||||
}
|
||||
|
||||
|
||||
app.UseCors(p => p.AllowAnyOrigin().AllowAnyHeader().AllowAnyMethod()) ;
|
||||
app.UseHttpsRedirection();
|
||||
app.MapControllers();
|
||||
app.UseProblemDetails();
|
||||
|
||||
app.Run();
|
||||
|
||||
}
|
||||
|
||||
private static OpenApiInfo OpenApiInfo { get; } = new OpenApiInfo
|
||||
|
|
|
|||
Binary file not shown.
Loading…
Reference in New Issue