func (rc *ResourceController) GetResources(ctx *gin.Context) {
req := ctx.Request
resourceType := getResourceType(req.URL)
logger.Log.WithFields(
logrus.Fields{"resource type": resourceType}).Info("GetResources")
resources := ptm_models.NewSliceForResourceName(resourceType, 0, 0)
c := rc.Database().C(ptm_models.GetCollectionName(resourceType))
// retrieve all documents in the collection
// TODO Restrict this to resource type, just to be extra safe
query := buildSearchQuery(resourceType, ctx)
logger.Log.WithFields(
logrus.Fields{"query": query}).Info("GetResources")
err := c.Find(query).All(resources)
if err != nil {
if err == mgo.ErrNotFound {
ctx.String(http.StatusNotFound, "Not Found")
ctx.Abort()
return
} else {
ctx.AbortWithError(http.StatusBadRequest, err)
return
}
}
ctx.JSON(http.StatusOK, resources)
}
// UserDelete removes a specific user.
func UserDelete(c *gin.Context) {
record := session.User(c)
err := store.DeleteUser(
c,
record,
)
if err != nil {
logrus.Warnf("Failed to delete user. %s", err)
c.JSON(
http.StatusBadRequest,
gin.H{
"status": http.StatusBadRequest,
"message": "Failed to delete user",
},
)
c.Abort()
return
}
c.JSON(
http.StatusOK,
gin.H{
"status": http.StatusOK,
"message": "Successfully deleted user",
},
)
}
// AuthRefresh represents the refresh handler.
func AuthRefresh(c *gin.Context) {
record := session.Current(c)
token := token.New(token.SessToken, record.Username)
result, err := token.SignExpiring(record.Hash, config.Session.Expire)
if err != nil {
logrus.Warnf("Failed to refresh token. %s", err)
c.JSON(
http.StatusUnauthorized,
gin.H{
"status": http.StatusUnauthorized,
"message": "Failed to refresh token",
},
)
c.Abort()
return
}
c.JSON(
http.StatusOK,
result,
)
}
// OrgTeamIndex retrieves all teams related to a org.
func OrgTeamIndex(c *gin.Context) {
records, err := store.GetOrgTeams(
c,
&model.OrgTeamParams{
Org: c.Param("org"),
},
)
if err != nil {
logrus.Warnf("Failed to fetch org teams. %s", err)
c.JSON(
http.StatusInternalServerError,
gin.H{
"status": http.StatusInternalServerError,
"message": "Failed to fetch teams",
},
)
c.Abort()
return
}
c.JSON(
http.StatusOK,
records,
)
}
// ProfileToken displays the users token.
func ProfileToken(c *gin.Context) {
record := session.Current(c)
token := token.New(token.UserToken, record.Username)
result, err := token.SignUnlimited(record.Hash)
if err != nil {
logrus.Warnf("Failed to generate token. %s", err)
c.JSON(
http.StatusInternalServerError,
gin.H{
"status": http.StatusInternalServerError,
"message": "Failed to generate token",
},
)
c.Abort()
return
}
c.JSON(
http.StatusOK,
result,
)
}
// TeamUserIndex retrieves all users related to a team.
func TeamUserIndex(c *gin.Context) {
records, err := store.GetTeamUsers(
c,
&model.TeamUserParams{
Team: c.Param("team"),
},
)
if err != nil {
logrus.Warnf("Failed to fetch team users. %s", err)
c.JSON(
http.StatusInternalServerError,
gin.H{
"status": http.StatusInternalServerError,
"message": "Failed to fetch users",
},
)
c.Abort()
return
}
c.JSON(
http.StatusOK,
records,
)
}
// UserIndex retrieves all available users.
func UserIndex(c *gin.Context) {
records, err := store.GetUsers(
c,
)
if err != nil {
logrus.Warnf("Failed to fetch users. %s", err)
c.JSON(
http.StatusInternalServerError,
gin.H{
"status": http.StatusInternalServerError,
"message": "Failed to fetch users",
},
)
c.Abort()
return
}
c.JSON(
http.StatusOK,
records,
)
}
// UserOrgIndex retrieves all orgs related to a user.
func UserOrgIndex(c *gin.Context) {
records, err := store.GetUserOrgs(
c,
&model.UserOrgParams{
User: c.Param("user"),
},
)
if err != nil {
logrus.Warnf("Failed to fetch user orgs. %s", err)
c.JSON(
http.StatusInternalServerError,
gin.H{
"status": http.StatusInternalServerError,
"message": "Failed to fetch orgs",
},
)
c.Abort()
return
}
c.JSON(
http.StatusOK,
records,
)
}
func (p *policy) checkSSL(c *gin.Context) bool {
if !p.config.SSLRedirect {
return true
}
req := c.Request
isSSLRequest := strings.EqualFold(req.URL.Scheme, "https") || req.TLS != nil
if isSSLRequest {
return true
}
// TODO
// req.Host vs req.URL.Host
url := req.URL
url.Scheme = "https"
url.Host = req.Host
if len(p.config.SSLHost) > 0 {
url.Host = p.config.SSLHost
}
status := http.StatusMovedPermanently
if p.config.SSLTemporaryRedirect {
status = http.StatusTemporaryRedirect
}
c.Redirect(status, url.String())
c.Abort()
return false
}
func (rc *ResourceController) GetResource(ctx *gin.Context) {
var id bson.ObjectId
req := ctx.Request
resourceType := getResourceType(req.URL)
// Validate id as a bson Object ID
id, err := toBsonObjectID(ctx.Param("id"))
if err != nil {
ctx.AbortWithError(http.StatusBadRequest, err)
return
}
logger.Log.WithFields(
logrus.Fields{"resource type": resourceType, "id": id}).Info("GetResource")
resource, err := rc.LoadResource(resourceType, id)
if err != nil {
if err == mgo.ErrNotFound {
ctx.String(http.StatusNotFound, "Not Found")
ctx.Abort()
return
} else {
ctx.AbortWithError(http.StatusBadRequest, err)
return
}
}
logger.Log.WithFields(logrus.Fields{"resource": resource}).Info("GetResource")
ctx.JSON(http.StatusOK, resource)
}
func (w *Whitelist) Handler(c *gin.Context) {
if w.interval > 0 {
w.mutex.RLock()
defer w.mutex.RUnlock()
}
if len(w.cidrs) == 0 {
return
}
remoteip := remoteIP(c)
if len(remoteip) == 0 {
return
}
netip := net.ParseIP(remoteip)
if netip == nil {
return
}
for _, cidr := range w.cidrs {
if cidr.Contains(netip) {
return
}
}
c.String(http.StatusInternalServerError, "Bad Host")
c.Abort()
}
func RestError(c *gin.Context, err interface{}) error {
restError := BuildError(err)
c.JSON(restError.Code, models.JSON{"error": restError.Message})
c.Abort()
return errors.New(restError.String())
}
func (this PlayersController) Authenticate(ginContext *gin.Context) {
_, err := models.Player{}.Find(this.Context.AeContext, this.Context.AccessToken)
if err.Any() {
this.RespondWith.Error(http.StatusForbidden, api.UserError("Invalid Access Token"))
ginContext.Abort()
}
}
//Middleware for restricting input content
func RestrictInputContent(c *gin.Context) {
fmt.Println(c.Request.ContentLength)
if c.Request.ContentLength > myConstants.MaxInputContentLength {
c.JSON(http.StatusRequestEntityTooLarge, gin.H{"eror": true, "message": myMessages.ContentTooLarge})
c.Abort()
return
}
}
func respondWithError(code int, message string, c *gin.Context) {
resp := map[string]string{"error": message}
if code == http.StatusForbidden {
go GlobalSessions.SessionDestroy(c.Writer, c.Request)
}
c.JSON(code, resp)
c.Abort()
}
func LoginUnauthenticated(ctx *gin.Context) {
ctx.String(401, "You are not logged in!")
// ctx.Abort() means no other handlers will be ran after this one, meaning the route controller won't execute
ctx.Abort(-1)
}
func InitUserCheck(c *gin.Context) {
memConfMux.RLock()
userCount := len(memConfUsers)
memConfMux.RUnlock()
if userCount == 0 {
Error(c, USER_NOT_INIT)
c.Abort()
}
}
func (ss *schedulerService) ValidateID(c *gin.Context) {
userID, err := strconv.Atoi(c.Param("id"))
if err != nil {
c.JSON(http.StatusBadRequest, gin.H{"error": "Invalid User Id"})
c.Abort()
return
}
c.Set("id", userID)
c.Next()
}
func SystemAdminCheck(c *gin.Context) {
if token := c.Request.Header.Get(XAuthToken); token == "" {
c.JSON(http.StatusUnauthorized, gin.H{"error": "Unauthorized"})
c.Abort()
return
}
//TODO : System User Check
c.Next()
}
// unauthorizedRequest sends back a failure to the client
func (r KubeCover) unauthorizedRequest(cx *gin.Context, spec, message string) {
glog.Errorf("unauthorized request from: (%s), failure: %s violation", cx.Request.RemoteAddr, message)
glog.Errorf("failing specification: %s", spec)
// step: inject the header
cx.JSON(http.StatusNotAcceptable, gin.H{
"status": "Failure",
"message": "security policy violation, reason: " + message,
})
cx.Abort()
}
// AbortUnauthorized stops the middleware execution with JSON error.
func AbortUnauthorized(c *gin.Context) {
c.JSON(
http.StatusForbidden,
gin.H{
"status": http.StatusForbidden,
"message": "You are not authorized to request this resource",
},
)
c.Abort()
}
func AuthFailed(c *gin.Context) {
if isXHR(c) == false {
c.Redirect(302, "/?hai")
} else {
c.Writer.WriteHeader(401)
}
c.Abort()
return
}
func DummyMiddleware(c *gin.Context) {
c.Set("hello", "world") // mapping obj using map
uri := c.Request.RequestURI
if uri == "/dummy2" { // abort the request using middleware
resp := map[string]string{"figo": "xu"}
c.JSON(200, resp)
c.Abort()
return
}
log.Println("Im a dummy!")
c.Next()
}
func UpdateDeveloper(c *gin.Context) {
changes := &m.Developer{Name: c.PostForm("name"), GithubAccount: c.PostForm("github")}
dev := &m.Developer{}
dev.LoggedUser(&db, c)
err := dev.Update(&db, changes)
if err != nil {
c.Error(err)
} else {
c.Redirect(http.StatusFound, "/")
c.Abort()
}
}
func (auth *UserAuthenticator) BasicAuthForUser(c *gin.Context) bool {
u, p, _ := c.Request.BasicAuth()
if auth.AuthenticateUser(u, p) {
return true
}
c.Header("WWW-Authenticate", "Basic realm=\"Status Dashboard\"")
c.String(http.StatusUnauthorized, "Login required.")
c.Abort()
return false
}
func GetIdParam(param string, c *gin.Context) uuid.UUID {
id, err := uuid.FromString(param)
if err != nil {
errorResponse := ErrorResponse{
Errors: []*Error{NewError(ErrCodeValueRequired, fmt.Sprintf("valid id required", param))},
}
c.JSON(http.StatusBadRequest, errorResponse)
c.Abort()
return uuid.Nil
}
return id
}
func (mw *GinJWTMiddleware) unauthorized(c *gin.Context, code int, message string) {
if mw.Realm == "" {
mw.Realm = "gin jwt"
}
c.Header("WWW-Authenticate", "JWT realm="+mw.Realm)
c.Abort()
mw.Unauthorized(c, code, message)
return
}
func requiresConformance(c *gin.Context) {
host := fmt.Sprintf("%s://%s", scheme(c.Request), c.Request.Host)
correctXRequestedBy := c.Request.Header.Get("X-Requested-By") == "SpaceApi"
// WARNING The Origin header attribute sometimes is not sent; we should not block these requests
sameOriginPolicy := c.Request.Header.Get("Origin") == "" || host == c.Request.Header.Get("Origin")
if correctXRequestedBy && sameOriginPolicy {
c.Next()
} else {
c.JSON(http.StatusBadRequest, utils.H{
"error": "missing X-Requested-By header attribute or Origin header does not comply with the same-origin policy",
})
c.Abort()
}
}
func rateLimit(c *gin.Context) {
ip := c.ClientIP()
value := int(ips.Add(ip, 1))
if value%50 == 0 {
fmt.Printf("ip: %s, count: %d\n", ip, value)
}
if value >= 200 {
if value%200 == 0 {
fmt.Println("ip blocked")
}
c.Abort()
c.String(503, "you were automatically banned :)")
}
}
func (l *Login) PostLogin(c *gin.Context) {
valid, _ := l.AuthEngine.ValidateAndSetCookie(ginAuth.AuthenticationCredentials{
Username: c.PostForm("username"),
Password: c.PostForm("password"),
}, c)
if valid {
c.Redirect(http.StatusSeeOther, "/")
c.Abort()
} else {
c.HTML(http.StatusUnauthorized, "login.tpl", gin.H{
"title": "Login",
"error": "wrong username or password " + strconv.FormatBool(valid),
})
}
}