bosun.org@v0.0.0-20210513094433-e25bc3e69a1f/cmd/bosun/web/middlewares.go (about) 1 package web 2 3 import ( 4 "net/http" 5 6 "github.com/MiniProfiler/go/miniprofiler" 7 "github.com/captncraig/easyauth" 8 "github.com/captncraig/easyauth/providers/ldap" 9 "github.com/captncraig/easyauth/providers/token" 10 "github.com/captncraig/easyauth/providers/token/redisStore" 11 "github.com/gorilla/mux" 12 13 "bosun.org/cmd/bosun/conf" 14 "bosun.org/collect" 15 "bosun.org/opentsdb" 16 ) 17 18 // This file contains custom middlewares for bosun. Must match alice.Constructor signature (func(http.Handler) http.Handler) 19 20 var miniProfilerMiddleware = func(next http.Handler) http.Handler { 21 return miniprofiler.NewContextHandler(next.ServeHTTP) 22 } 23 24 var endpointStatsMiddleware = func(next http.Handler) http.Handler { 25 return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { 26 //metric for http vs https 27 proto := "http" 28 if r.TLS != nil { 29 proto = "https" 30 } 31 collect.Add("http_protocol", opentsdb.TagSet{"proto": proto}, 1) 32 33 //if we use gorilla named routes, we can add stats and timings per route 34 routeName := "" 35 if route := mux.CurrentRoute(r); route != nil { 36 routeName = route.GetName() 37 } 38 if routeName == "" { 39 routeName = "unknown" 40 } 41 t := collect.StartTimer("http_routes", opentsdb.TagSet{"route": routeName}) 42 next.ServeHTTP(w, r) 43 t() 44 }) 45 } 46 47 type noopAuth struct{} 48 49 func (n noopAuth) GetUser(r *http.Request) (*easyauth.User, error) { 50 name := "anonymous" 51 if cookie, err := r.Cookie("action-user"); err == nil { 52 name = cookie.Value 53 } 54 //everybody is an admin! 55 return &easyauth.User{ 56 Access: roleAdmin, 57 Username: name, 58 Method: "noop", 59 }, nil 60 } 61 62 func buildAuth(cfg *conf.AuthConf) (easyauth.AuthManager, *token.TokenProvider, error) { 63 if cfg == nil { 64 auth, err := easyauth.New() 65 if err != nil { 66 return nil, nil, err 67 } 68 auth.AddProvider("nop", noopAuth{}) 69 return auth, nil, nil 70 } 71 const defaultCookieSecret = "CookiesAreInsecure" 72 if cfg.CookieSecret == "" { 73 cfg.CookieSecret = defaultCookieSecret 74 } 75 auth, err := easyauth.New(easyauth.CookieSecret(cfg.CookieSecret)) 76 if err != nil { 77 return nil, nil, err 78 } 79 if cfg.AuthDisabled { 80 auth.AddProvider("nop", noopAuth{}) 81 } else { 82 authEnabled = true 83 } 84 if cfg.LDAP.LdapAddr != "" { 85 l, err := buildLDAPConfig(cfg.LDAP) 86 if err != nil { 87 return nil, nil, err 88 } 89 auth.AddProvider("ldap", l) 90 } 91 var authTokens *token.TokenProvider 92 if cfg.TokenSecret != "" { 93 tokensEnabled = true 94 authTokens = token.NewToken(cfg.TokenSecret, redisStore.New(schedule.DataAccess)) 95 auth.AddProvider("tok", authTokens) 96 } 97 return auth, authTokens, nil 98 } 99 100 func buildLDAPConfig(ld conf.LDAPConf) (*ldap.LdapProvider, error) { 101 l := &ldap.LdapProvider{ 102 Domain: ld.Domain, 103 UserBaseDn: ld.UserBaseDn, 104 LdapAddr: ld.LdapAddr, 105 AllowInsecure: ld.AllowInsecure, 106 RootSearchPath: ld.RootSearchPath, 107 Users: map[string]easyauth.Role{}, 108 } 109 var role easyauth.Role 110 var err error 111 if role, err = parseRole(ld.DefaultPermission); err != nil { 112 return nil, err 113 } 114 l.DefaultPermission = role 115 for _, g := range ld.Groups { 116 if role, err = parseRole(g.Role); err != nil { 117 return nil, err 118 } 119 l.Groups = append(l.Groups, &ldap.LdapGroup{Path: g.Path, Role: role}) 120 } 121 for name, perm := range ld.Users { 122 if role, err = parseRole(perm); err != nil { 123 return nil, err 124 } 125 l.Users[name] = role 126 } 127 return l, nil 128 }