// AuthenticateTenant is used to find which tenant the user making the requests
// belongs to and return the database configuration for that specific tenant.
// If the api-key in the request is not found in any tenant an empty configuration is
// returned along with an error
func AuthenticateTenant(h http.Header, cfg config.Config) (config.MongoConfig, error) {
session, err := mongo.OpenSession(cfg.MongoDB)
if err != nil {
return config.MongoConfig{}, err
}
defer mongo.CloseSession(session)
apiKey := h.Get("x-api-key")
query := bson.M{"users.api_key": apiKey}
projection := bson.M{"_id": 0, "name": 1, "db_conf": 1, "users": 1}
var results []map[string][]config.MongoConfig
mongo.FindAndProject(session, cfg.MongoDB.Db, "tenants", query, projection, "server", &results)
if len(results) == 0 {
return config.MongoConfig{}, errors.New("Unauthorized")
}
mongoConf := results[0]["db_conf"][0]
// mongoConf := config.MongoConfig{
// Host: conf["server"].(string),
// Port: conf["port"].(int),
// Db: conf["database"].(string),
// Username: conf["username"].(string),
// Password: conf["password"].(string),
// Store: conf["store"].(string),
// }
for _, user := range results[0]["users"] {
if user.ApiKey == apiKey {
mongoConf.User = user.User
mongoConf.Email = user.Email
}
}
return mongoConf, nil
}
// AuthenticateAdmin is used to authenticate and administrator of ARGO
// and allow further CRUD ops wrt the argo_core database (i.e. add a new
// tenant, modify another tenant's configuration etc)
func AuthenticateAdmin(h http.Header, cfg config.Config) bool {
session, err := mongo.OpenSession(cfg.MongoDB)
defer mongo.CloseSession(session)
if err != nil {
panic(err)
}
query := bson.M{"api_key": h.Get("x-api-key")}
projection := bson.M{"_id": 0, "name": 0, "email": 0}
results := []Auth{}
err = mongo.FindAndProject(session, cfg.MongoDB.Db, "authentication", query, projection, "api_key", &results)
if err != nil {
return false
}
if len(results) > 0 {
return true
}
return false
}
