Port to cc-lib. Extend legal header.

2025-07-23 12:51:40 +02:00 · 2025-06-30 12:06:35 +02:00
parent 544fb35121
commit 639e1b9c6d
120 changed files with 1140 additions and 6410 deletions
--- a/internal/auth/auth.go
+++ b/internal/auth/auth.go
@@ -1,5 +1,5 @@
 // Copyright (C) NHR@FAU, University Erlangen-Nuremberg.
-// All rights reserved.
+// All rights reserved. This file is part of cc-backend.
 // Use of this source code is governed by a MIT-style
 // license that can be found in the LICENSE file.
 package auth
@@ -22,9 +22,9 @@ import (

 	"github.com/ClusterCockpit/cc-backend/internal/config"
 	"github.com/ClusterCockpit/cc-backend/internal/repository"
-	"github.com/ClusterCockpit/cc-backend/internal/util"
-	"github.com/ClusterCockpit/cc-backend/pkg/log"
-	"github.com/ClusterCockpit/cc-backend/pkg/schema"
+	cclog "github.com/ClusterCockpit/cc-lib/ccLogger"
+	"github.com/ClusterCockpit/cc-lib/schema"
+	"github.com/ClusterCockpit/cc-lib/util"
 	"github.com/gorilla/sessions"
 )

@@ -66,7 +66,7 @@ func (auth *Authentication) AuthViaSession(
 ) (*schema.User, error) {
 	session, err := auth.sessionStore.Get(r, "session")
 	if err != nil {
-		log.Error("Error while getting session store")
+		cclog.Error("Error while getting session store")
 		return nil, err
 	}

@@ -93,16 +93,16 @@ func Init() {

 		sessKey := os.Getenv("SESSION_KEY")
 		if sessKey == "" {
-			log.Warn("environment variable 'SESSION_KEY' not set (will use non-persistent random key)")
+			cclog.Warn("environment variable 'SESSION_KEY' not set (will use non-persistent random key)")
 			bytes := make([]byte, 32)
 			if _, err := rand.Read(bytes); err != nil {
-				log.Fatal("Error while initializing authentication -> failed to generate random bytes for session key")
+				cclog.Fatal("Error while initializing authentication -> failed to generate random bytes for session key")
 			}
 			authInstance.sessionStore = sessions.NewCookieStore(bytes)
 		} else {
 			bytes, err := base64.StdEncoding.DecodeString(sessKey)
 			if err != nil {
-				log.Fatal("Error while initializing authentication -> decoding session key failed")
+				cclog.Fatal("Error while initializing authentication -> decoding session key failed")
 			}
 			authInstance.sessionStore = sessions.NewCookieStore(bytes)
 		}
@@ -114,41 +114,41 @@ func Init() {
 		if config.Keys.LdapConfig != nil {
 			ldapAuth := &LdapAuthenticator{}
 			if err := ldapAuth.Init(); err != nil {
-				log.Warn("Error while initializing authentication -> ldapAuth init failed")
+				cclog.Warn("Error while initializing authentication -> ldapAuth init failed")
 			} else {
 				authInstance.LdapAuth = ldapAuth
 				authInstance.authenticators = append(authInstance.authenticators, authInstance.LdapAuth)
 			}
 		} else {
-			log.Info("Missing LDAP configuration: No LDAP support!")
+			cclog.Info("Missing LDAP configuration: No LDAP support!")
 		}

 		if config.Keys.JwtConfig != nil {
 			authInstance.JwtAuth = &JWTAuthenticator{}
 			if err := authInstance.JwtAuth.Init(); err != nil {
-				log.Fatal("Error while initializing authentication -> jwtAuth init failed")
+				cclog.Fatal("Error while initializing authentication -> jwtAuth init failed")
 			}

 			jwtSessionAuth := &JWTSessionAuthenticator{}
 			if err := jwtSessionAuth.Init(); err != nil {
-				log.Info("jwtSessionAuth init failed: No JWT login support!")
+				cclog.Info("jwtSessionAuth init failed: No JWT login support!")
 			} else {
 				authInstance.authenticators = append(authInstance.authenticators, jwtSessionAuth)
 			}

 			jwtCookieSessionAuth := &JWTCookieSessionAuthenticator{}
 			if err := jwtCookieSessionAuth.Init(); err != nil {
-				log.Info("jwtCookieSessionAuth init failed: No JWT cookie login support!")
+				cclog.Info("jwtCookieSessionAuth init failed: No JWT cookie login support!")
 			} else {
 				authInstance.authenticators = append(authInstance.authenticators, jwtCookieSessionAuth)
 			}
 		} else {
-			log.Info("Missing JWT configuration: No JWT token support!")
+			cclog.Info("Missing JWT configuration: No JWT token support!")
 		}

 		authInstance.LocalAuth = &LocalAuthenticator{}
 		if err := authInstance.LocalAuth.Init(); err != nil {
-			log.Fatal("Error while initializing authentication -> localAuth init failed")
+			cclog.Fatal("Error while initializing authentication -> localAuth init failed")
 		}
 		authInstance.authenticators = append(authInstance.authenticators, authInstance.LocalAuth)
 	})
@@ -156,7 +156,7 @@ func Init() {

 func GetAuthInstance() *Authentication {
 	if authInstance == nil {
-		log.Fatal("Authentication module not initialized!")
+		cclog.Fatal("Authentication module not initialized!")
 	}

 	return authInstance
@@ -167,14 +167,14 @@ func handleTokenUser(tokenUser *schema.User) {
 	dbUser, err := r.GetUser(tokenUser.Username)

 	if err != nil && err != sql.ErrNoRows {
-		log.Errorf("Error while loading user '%s': %v", tokenUser.Username, err)
+		cclog.Errorf("Error while loading user '%s': %v", tokenUser.Username, err)
 	} else if err == sql.ErrNoRows && config.Keys.JwtConfig.SyncUserOnLogin { // Adds New User
 		if err := r.AddUser(tokenUser); err != nil {
-			log.Errorf("Error while adding user '%s' to DB: %v", tokenUser.Username, err)
+			cclog.Errorf("Error while adding user '%s' to DB: %v", tokenUser.Username, err)
 		}
 	} else if err == nil && config.Keys.JwtConfig.UpdateUserOnLogin { // Update Existing User
 		if err := r.UpdateUser(dbUser, tokenUser); err != nil {
-			log.Errorf("Error while updating user '%s' to DB: %v", dbUser.Username, err)
+			cclog.Errorf("Error while updating user '%s' to DB: %v", dbUser.Username, err)
 		}
 	}
 }
@@ -184,14 +184,14 @@ func handleOIDCUser(OIDCUser *schema.User) {
 	dbUser, err := r.GetUser(OIDCUser.Username)

 	if err != nil && err != sql.ErrNoRows {
-		log.Errorf("Error while loading user '%s': %v", OIDCUser.Username, err)
+		cclog.Errorf("Error while loading user '%s': %v", OIDCUser.Username, err)
 	} else if err == sql.ErrNoRows && config.Keys.OpenIDConfig.SyncUserOnLogin { // Adds New User
 		if err := r.AddUser(OIDCUser); err != nil {
-			log.Errorf("Error while adding user '%s' to DB: %v", OIDCUser.Username, err)
+			cclog.Errorf("Error while adding user '%s' to DB: %v", OIDCUser.Username, err)
 		}
 	} else if err == nil && config.Keys.OpenIDConfig.UpdateUserOnLogin { // Update Existing User
 		if err := r.UpdateUser(dbUser, OIDCUser); err != nil {
-			log.Errorf("Error while updating user '%s' to DB: %v", dbUser.Username, err)
+			cclog.Errorf("Error while updating user '%s' to DB: %v", dbUser.Username, err)
 		}
 	}
 }
@@ -199,7 +199,7 @@ func handleOIDCUser(OIDCUser *schema.User) {
 func (auth *Authentication) SaveSession(rw http.ResponseWriter, r *http.Request, user *schema.User) error {
 	session, err := auth.sessionStore.New(r, "session")
 	if err != nil {
-		log.Errorf("session creation failed: %s", err.Error())
+		cclog.Errorf("session creation failed: %s", err.Error())
 		http.Error(rw, err.Error(), http.StatusInternalServerError)
 		return err
 	}
@@ -215,7 +215,7 @@ func (auth *Authentication) SaveSession(rw http.ResponseWriter, r *http.Request,
 	session.Values["projects"] = user.Projects
 	session.Values["roles"] = user.Roles
 	if err := auth.sessionStore.Save(r, rw, session); err != nil {
-		log.Warnf("session save failed: %s", err.Error())
+		cclog.Warnf("session save failed: %s", err.Error())
 		http.Error(rw, err.Error(), http.StatusInternalServerError)
 		return err
 	}
@@ -236,7 +236,7 @@ func (auth *Authentication) Login(

 		limiter := getIPUserLimiter(ip, username)
 		if !limiter.Allow() {
-			log.Warnf("AUTH/RATE > Too many login attempts for combination IP: %s, Username: %s", ip, username)
+			cclog.Warnf("AUTH/RATE > Too many login attempts for combination IP: %s, Username: %s", ip, username)
 			onfailure(rw, r, errors.New("too many login attempts, try again in a few minutes"))
 			return
 		}
@@ -246,7 +246,7 @@ func (auth *Authentication) Login(
 			var err error
 			dbUser, err = repository.GetUserRepository().GetUser(username)
 			if err != nil && err != sql.ErrNoRows {
-				log.Errorf("Error while loading user '%v'", username)
+				cclog.Errorf("Error while loading user '%v'", username)
 			}
 		}

@@ -256,12 +256,12 @@ func (auth *Authentication) Login(
 			if user, ok = authenticator.CanLogin(dbUser, username, rw, r); !ok {
 				continue
 			} else {
-				log.Debugf("Can login with user %v", user)
+				cclog.Debugf("Can login with user %v", user)
 			}

 			user, err := authenticator.Login(user, rw, r)
 			if err != nil {
-				log.Warnf("user login failed: %s", err.Error())
+				cclog.Warnf("user login failed: %s", err.Error())
 				onfailure(rw, r, err)
 				return
 			}
@@ -270,7 +270,7 @@ func (auth *Authentication) Login(
 				return
 			}

-			log.Infof("login successfull: user: %#v (roles: %v, projects: %v)", user.Username, user.Roles, user.Projects)
+			cclog.Infof("login successfull: user: %#v (roles: %v, projects: %v)", user.Username, user.Roles, user.Projects)
 			ctx := context.WithValue(r.Context(), repository.ContextUserKey, user)

 			if r.FormValue("redirect") != "" {
@@ -282,7 +282,7 @@ func (auth *Authentication) Login(
 			return
 		}

-		log.Debugf("login failed: no authenticator applied")
+		cclog.Debugf("login failed: no authenticator applied")
 		onfailure(rw, r, errors.New("no authenticator applied"))
 	})
 }
@@ -294,14 +294,14 @@ func (auth *Authentication) Auth(
 	return http.HandlerFunc(func(rw http.ResponseWriter, r *http.Request) {
 		user, err := auth.JwtAuth.AuthViaJWT(rw, r)
 		if err != nil {
-			log.Infof("auth -> authentication failed: %s", err.Error())
+			cclog.Infof("auth -> authentication failed: %s", err.Error())
 			http.Error(rw, err.Error(), http.StatusUnauthorized)
 			return
 		}
 		if user == nil {
 			user, err = auth.AuthViaSession(rw, r)
 			if err != nil {
-				log.Infof("auth -> authentication failed: %s", err.Error())
+				cclog.Infof("auth -> authentication failed: %s", err.Error())
 				http.Error(rw, err.Error(), http.StatusUnauthorized)
 				return
 			}
@@ -312,7 +312,7 @@ func (auth *Authentication) Auth(
 			return
 		}

-		log.Info("auth -> authentication failed")
+		cclog.Info("auth -> authentication failed")
 		onfailure(rw, r, errors.New("unauthorized (please login first)"))
 	})
 }
@@ -324,14 +324,14 @@ func (auth *Authentication) AuthApi(
 	return http.HandlerFunc(func(rw http.ResponseWriter, r *http.Request) {
 		user, err := auth.JwtAuth.AuthViaJWT(rw, r)
 		if err != nil {
-			log.Infof("auth api -> authentication failed: %s", err.Error())
+			cclog.Infof("auth api -> authentication failed: %s", err.Error())
 			onfailure(rw, r, err)
 			return
 		}

 		ipErr := securedCheck(user, r)
 		if ipErr != nil {
-			log.Infof("auth api -> secured check failed: %s", ipErr.Error())
+			cclog.Infof("auth api -> secured check failed: %s", ipErr.Error())
 			onfailure(rw, r, ipErr)
 			return
 		}
@@ -351,11 +351,11 @@ func (auth *Authentication) AuthApi(
 					return
 				}
 			default:
-				log.Info("auth api -> authentication failed: missing role")
+				cclog.Info("auth api -> authentication failed: missing role")
 				onfailure(rw, r, errors.New("unauthorized"))
 			}
 		}
-		log.Info("auth api -> authentication failed: no auth")
+		cclog.Info("auth api -> authentication failed: no auth")
 		onfailure(rw, r, errors.New("unauthorized"))
 	})
 }
@@ -367,7 +367,7 @@ func (auth *Authentication) AuthUserApi(
 	return http.HandlerFunc(func(rw http.ResponseWriter, r *http.Request) {
 		user, err := auth.JwtAuth.AuthViaJWT(rw, r)
 		if err != nil {
-			log.Infof("auth user api -> authentication failed: %s", err.Error())
+			cclog.Infof("auth user api -> authentication failed: %s", err.Error())
 			onfailure(rw, r, err)
 			return
 		}
@@ -387,11 +387,11 @@ func (auth *Authentication) AuthUserApi(
 					return
 				}
 			default:
-				log.Info("auth user api -> authentication failed: missing role")
+				cclog.Info("auth user api -> authentication failed: missing role")
 				onfailure(rw, r, errors.New("unauthorized"))
 			}
 		}
-		log.Info("auth user api -> authentication failed: no auth")
+		cclog.Info("auth user api -> authentication failed: no auth")
 		onfailure(rw, r, errors.New("unauthorized"))
 	})
 }
@@ -403,7 +403,7 @@ func (auth *Authentication) AuthConfigApi(
 	return http.HandlerFunc(func(rw http.ResponseWriter, r *http.Request) {
 		user, err := auth.AuthViaSession(rw, r)
 		if err != nil {
-			log.Infof("auth config api -> authentication failed: %s", err.Error())
+			cclog.Infof("auth config api -> authentication failed: %s", err.Error())
 			onfailure(rw, r, err)
 			return
 		}
@@ -412,7 +412,7 @@ func (auth *Authentication) AuthConfigApi(
 			onsuccess.ServeHTTP(rw, r.WithContext(ctx))
 			return
 		}
-		log.Info("auth config api -> authentication failed: no auth")
+		cclog.Info("auth config api -> authentication failed: no auth")
 		onfailure(rw, r, errors.New("unauthorized"))
 	})
 }
@@ -424,7 +424,7 @@ func (auth *Authentication) AuthFrontendApi(
 	return http.HandlerFunc(func(rw http.ResponseWriter, r *http.Request) {
 		user, err := auth.AuthViaSession(rw, r)
 		if err != nil {
-			log.Infof("auth frontend api -> authentication failed: %s", err.Error())
+			cclog.Infof("auth frontend api -> authentication failed: %s", err.Error())
 			onfailure(rw, r, err)
 			return
 		}
@@ -433,7 +433,7 @@ func (auth *Authentication) AuthFrontendApi(
 			onsuccess.ServeHTTP(rw, r.WithContext(ctx))
 			return
 		}
-		log.Info("auth frontend api -> authentication failed: no auth")
+		cclog.Info("auth frontend api -> authentication failed: no auth")
 		onfailure(rw, r, errors.New("unauthorized"))
 	})
 }