github.com/influxdata/influxdb/v2@v2.7.6/remotes/transport/middleware_auth.go

github.com/influxdata/influxdb/v2@v2.7.6/remotes/transport/middleware_auth.go (about)

     1  package transport
     2  
     3  import (
     4  	"context"
     5  
     6  	"github.com/influxdata/influxdb/v2"
     7  	"github.com/influxdata/influxdb/v2/authorizer"
     8  	"github.com/influxdata/influxdb/v2/kit/platform"
     9  	"github.com/influxdata/influxdb/v2/kit/platform/errors"
    10  )
    11  
    12  func newAuthCheckingService(underlying RemoteConnectionService) *authCheckingService {
    13  	return &authCheckingService{underlying}
    14  }
    15  
    16  type authCheckingService struct {
    17  	underlying RemoteConnectionService
    18  }
    19  
    20  var _ RemoteConnectionService = (*authCheckingService)(nil)
    21  
    22  func (a authCheckingService) ListRemoteConnections(ctx context.Context, filter influxdb.RemoteConnectionListFilter) (*influxdb.RemoteConnections, error) {
    23  	rs, err := a.underlying.ListRemoteConnections(ctx, filter)
    24  	if err != nil {
    25  		return nil, err
    26  	}
    27  
    28  	rrs := rs.Remotes[:0]
    29  	for _, r := range rs.Remotes {
    30  		_, _, err := authorizer.AuthorizeRead(ctx, influxdb.RemotesResourceType, r.ID, r.OrgID)
    31  		if err != nil && errors.ErrorCode(err) != errors.EUnauthorized {
    32  			return nil, err
    33  		}
    34  		if errors.ErrorCode(err) == errors.EUnauthorized {
    35  			continue
    36  		}
    37  		rrs = append(rrs, r)
    38  	}
    39  	return &influxdb.RemoteConnections{Remotes: rrs}, nil
    40  }
    41  
    42  func (a authCheckingService) CreateRemoteConnection(ctx context.Context, request influxdb.CreateRemoteConnectionRequest) (*influxdb.RemoteConnection, error) {
    43  	if _, _, err := authorizer.AuthorizeCreate(ctx, influxdb.RemotesResourceType, request.OrgID); err != nil {
    44  		return nil, err
    45  	}
    46  
    47  	return a.underlying.CreateRemoteConnection(ctx, request)
    48  }
    49  
    50  func (a authCheckingService) GetRemoteConnection(ctx context.Context, id platform.ID) (*influxdb.RemoteConnection, error) {
    51  	r, err := a.underlying.GetRemoteConnection(ctx, id)
    52  	if err != nil {
    53  		return nil, err
    54  	}
    55  	if _, _, err := authorizer.AuthorizeRead(ctx, influxdb.RemotesResourceType, id, r.OrgID); err != nil {
    56  		return nil, err
    57  	}
    58  	return r, nil
    59  }
    60  
    61  func (a authCheckingService) UpdateRemoteConnection(ctx context.Context, id platform.ID, request influxdb.UpdateRemoteConnectionRequest) (*influxdb.RemoteConnection, error) {
    62  	r, err := a.underlying.GetRemoteConnection(ctx, id)
    63  	if err != nil {
    64  		return nil, err
    65  	}
    66  	if _, _, err := authorizer.AuthorizeWrite(ctx, influxdb.RemotesResourceType, id, r.OrgID); err != nil {
    67  		return nil, err
    68  	}
    69  	return a.underlying.UpdateRemoteConnection(ctx, id, request)
    70  }
    71  
    72  func (a authCheckingService) DeleteRemoteConnection(ctx context.Context, id platform.ID) error {
    73  	r, err := a.underlying.GetRemoteConnection(ctx, id)
    74  	if err != nil {
    75  		return err
    76  	}
    77  	if _, _, err := authorizer.AuthorizeWrite(ctx, influxdb.RemotesResourceType, id, r.OrgID); err != nil {
    78  		return err
    79  	}
    80  	return a.underlying.DeleteRemoteConnection(ctx, id)
    81  }