Reformat and Refactor packages. Rebuild GraphQL.

2025-07-23 12:51:40 +02:00 · 2022-09-07 12:24:45 +02:00
parent b7907d33aa
commit 8856f26fb0
30 changed files with 5728 additions and 3200 deletions
--- a/internal/auth/auth.go
+++ b/internal/auth/auth.go
@@ -75,7 +75,7 @@ type Authentication struct {
 	SessionMaxAge time.Duration

 	authenticators []Authenticator
-	LdapAuth       *LdapAutnenticator
+	LdapAuth       *LdapAuthenticator
 	JwtAuth        *JWTAuthenticator
 	LocalAuth      *LocalAuthenticator
 }
@@ -125,7 +125,7 @@ func Init(db *sqlx.DB,
 	auth.authenticators = append(auth.authenticators, auth.JwtAuth)

 	if config, ok := configs["ldap"]; ok {
-		auth.LdapAuth = &LdapAutnenticator{}
+		auth.LdapAuth = &LdapAuthenticator{}
 		if err := auth.LdapAuth.Init(auth, config); err != nil {
 			return nil, err
 		}
@@ -135,7 +135,10 @@ func Init(db *sqlx.DB,
 	return auth, nil
 }

-func (auth *Authentication) AuthViaSession(rw http.ResponseWriter, r *http.Request) (*User, error) {
+func (auth *Authentication) AuthViaSession(
+	rw http.ResponseWriter,
+	r *http.Request) (*User, error) {
+
 	session, err := auth.sessionStore.Get(r, "session")
 	if err != nil {
 		return nil, err
@@ -155,7 +158,10 @@ func (auth *Authentication) AuthViaSession(rw http.ResponseWriter, r *http.Reque
 }

 // Handle a POST request that should log the user in, starting a new session.
-func (auth *Authentication) Login(onsuccess http.Handler, onfailure func(rw http.ResponseWriter, r *http.Request, loginErr error)) http.Handler {
+func (auth *Authentication) Login(
+	onsuccess http.Handler,
+	onfailure func(rw http.ResponseWriter, r *http.Request, loginErr error)) http.Handler {
+
 	return http.HandlerFunc(func(rw http.ResponseWriter, r *http.Request) {
 		var err error = errors.New("no authenticator applied")
 		username := r.FormValue("username")
@@ -211,7 +217,10 @@ func (auth *Authentication) Login(onsuccess http.Handler, onfailure func(rw http
 // Authenticate the user and put a User object in the
 // context of the request. If authentication fails,
 // do not continue but send client to the login screen.
-func (auth *Authentication) Auth(onsuccess http.Handler, onfailure func(rw http.ResponseWriter, r *http.Request, authErr error)) http.Handler {
+func (auth *Authentication) Auth(
+	onsuccess http.Handler,
+	onfailure func(rw http.ResponseWriter, r *http.Request, authErr error)) http.Handler {
+
 	return http.HandlerFunc(func(rw http.ResponseWriter, r *http.Request) {
 		for _, authenticator := range auth.authenticators {
 			user, err := authenticator.Auth(rw, r)
@@ -237,6 +246,7 @@ func (auth *Authentication) Auth(onsuccess http.Handler, onfailure func(rw http.

 // Clears the session cookie
 func (auth *Authentication) Logout(onsuccess http.Handler) http.Handler {
+
 	return http.HandlerFunc(func(rw http.ResponseWriter, r *http.Request) {
 		session, err := auth.sessionStore.Get(r, "session")
 		if err != nil {
--- a/internal/auth/jwt.go
+++ b/internal/auth/jwt.go
@@ -16,15 +16,10 @@ import (
 	"time"

 	"github.com/ClusterCockpit/cc-backend/pkg/log"
+	"github.com/ClusterCockpit/cc-backend/pkg/schema"
 	"github.com/golang-jwt/jwt/v4"
 )

-type JWTAuthConfig struct {
-	// Specifies for how long a session or JWT shall be valid
-	// as a string parsable by time.ParseDuration().
-	MaxAge int64 `json:"max-age"`
-}
-
 type JWTAuthenticator struct {
 	auth *Authentication

@@ -33,14 +28,15 @@ type JWTAuthenticator struct {

 	loginTokenKey []byte // HS256 key

-	config *JWTAuthConfig
+	config *schema.JWTAuthConfig
 }

 var _ Authenticator = (*JWTAuthenticator)(nil)

 func (ja *JWTAuthenticator) Init(auth *Authentication, conf interface{}) error {
+
 	ja.auth = auth
-	ja.config = conf.(*JWTAuthConfig)
+	ja.config = conf.(*schema.JWTAuthConfig)

 	pubKey, privKey := os.Getenv("JWT_PUBLIC_KEY"), os.Getenv("JWT_PRIVATE_KEY")
 	if pubKey == "" || privKey == "" {
@@ -69,11 +65,19 @@ func (ja *JWTAuthenticator) Init(auth *Authentication, conf interface{}) error {
 	return nil
 }

-func (ja *JWTAuthenticator) CanLogin(user *User, rw http.ResponseWriter, r *http.Request) bool {
+func (ja *JWTAuthenticator) CanLogin(
+	user *User,
+	rw http.ResponseWriter,
+	r *http.Request) bool {
+
 	return (user != nil && user.AuthSource == AuthViaToken) || r.Header.Get("Authorization") != "" || r.URL.Query().Get("login-token") != ""
 }

-func (ja *JWTAuthenticator) Login(user *User, rw http.ResponseWriter, r *http.Request) (*User, error) {
+func (ja *JWTAuthenticator) Login(
+	user *User,
+	rw http.ResponseWriter,
+	r *http.Request) (*User, error) {
+
 	rawtoken := r.Header.Get("X-Auth-Token")
 	if rawtoken == "" {
 		rawtoken = r.Header.Get("Authorization")
@@ -135,7 +139,10 @@ func (ja *JWTAuthenticator) Login(user *User, rw http.ResponseWriter, r *http.Re
 	return user, nil
 }

-func (ja *JWTAuthenticator) Auth(rw http.ResponseWriter, r *http.Request) (*User, error) {
+func (ja *JWTAuthenticator) Auth(
+	rw http.ResponseWriter,
+	r *http.Request) (*User, error) {
+
 	rawtoken := r.Header.Get("X-Auth-Token")
 	if rawtoken == "" {
 		rawtoken = r.Header.Get("Authorization")
@@ -183,6 +190,7 @@ func (ja *JWTAuthenticator) Auth(rw http.ResponseWriter, r *http.Request) (*User

 // Generate a new JWT that can be used for authentication
 func (ja *JWTAuthenticator) ProvideJWT(user *User) (string, error) {
+
 	if ja.privateKey == nil {
 		return "", errors.New("environment variable 'JWT_PRIVATE_KEY' not set")
 	}
--- a/internal/auth/ldap.go
+++ b/internal/auth/ldap.go
@@ -12,30 +12,24 @@ import (
 	"time"

 	"github.com/ClusterCockpit/cc-backend/pkg/log"
+	"github.com/ClusterCockpit/cc-backend/pkg/schema"
 	"github.com/go-ldap/ldap/v3"
 )

-type LdapConfig struct {
-	Url             string `json:"url"`
-	UserBase        string `json:"user_base"`
-	SearchDN        string `json:"search_dn"`
-	UserBind        string `json:"user_bind"`
-	UserFilter      string `json:"user_filter"`
-	SyncInterval    string `json:"sync_interval"` // Parsed using time.ParseDuration.
-	SyncDelOldUsers bool   `json:"sync_del_old_users"`
-}
-
-type LdapAutnenticator struct {
+type LdapAuthenticator struct {
 	auth         *Authentication
-	config       *LdapConfig
+	config       *schema.LdapConfig
 	syncPassword string
 }

-var _ Authenticator = (*LdapAutnenticator)(nil)
+var _ Authenticator = (*LdapAuthenticator)(nil)
+
+func (la *LdapAuthenticator) Init(
+	auth *Authentication,
+	conf interface{}) error {

-func (la *LdapAutnenticator) Init(auth *Authentication, conf interface{}) error {
 	la.auth = auth
-	la.config = conf.(*LdapConfig)
+	la.config = conf.(*schema.LdapConfig)

 	la.syncPassword = os.Getenv("LDAP_ADMIN_PASSWORD")
 	if la.syncPassword == "" {
@@ -67,11 +61,19 @@ func (la *LdapAutnenticator) Init(auth *Authentication, conf interface{}) error
 	return nil
 }

-func (la *LdapAutnenticator) CanLogin(user *User, rw http.ResponseWriter, r *http.Request) bool {
+func (la *LdapAuthenticator) CanLogin(
+	user *User,
+	rw http.ResponseWriter,
+	r *http.Request) bool {
+
 	return user != nil && user.AuthSource == AuthViaLDAP
 }

-func (la *LdapAutnenticator) Login(user *User, rw http.ResponseWriter, r *http.Request) (*User, error) {
+func (la *LdapAuthenticator) Login(
+	user *User,
+	rw http.ResponseWriter,
+	r *http.Request) (*User, error) {
+
 	l, err := la.getLdapConnection(false)
 	if err != nil {
 		return nil, err
@@ -86,11 +88,15 @@ func (la *LdapAutnenticator) Login(user *User, rw http.ResponseWriter, r *http.R
 	return user, nil
 }

-func (la *LdapAutnenticator) Auth(rw http.ResponseWriter, r *http.Request) (*User, error) {
+func (la *LdapAuthenticator) Auth(
+	rw http.ResponseWriter,
+	r *http.Request) (*User, error) {
+
 	return la.auth.AuthViaSession(rw, r)
 }

-func (la *LdapAutnenticator) Sync() error {
+func (la *LdapAuthenticator) Sync() error {
+
 	const IN_DB int = 1
 	const IN_LDAP int = 2
 	const IN_BOTH int = 3
@@ -160,7 +166,8 @@ func (la *LdapAutnenticator) Sync() error {

 // TODO: Add a connection pool or something like
 // that so that connections can be reused/cached.
-func (la *LdapAutnenticator) getLdapConnection(admin bool) (*ldap.Conn, error) {
+func (la *LdapAuthenticator) getLdapConnection(admin bool) (*ldap.Conn, error) {
+
 	conn, err := ldap.DialURL(la.config.Url)
 	if err != nil {
 		return nil, err
--- a/internal/auth/local.go
+++ b/internal/auth/local.go
@@ -17,16 +17,27 @@ type LocalAuthenticator struct {

 var _ Authenticator = (*LocalAuthenticator)(nil)

-func (la *LocalAuthenticator) Init(auth *Authentication, _ interface{}) error {
+func (la *LocalAuthenticator) Init(
+	auth *Authentication,
+	_ interface{}) error {
+
 	la.auth = auth
 	return nil
 }

-func (la *LocalAuthenticator) CanLogin(user *User, rw http.ResponseWriter, r *http.Request) bool {
+func (la *LocalAuthenticator) CanLogin(
+	user *User,
+	rw http.ResponseWriter,
+	r *http.Request) bool {
+
 	return user != nil && user.AuthSource == AuthViaLocalPassword
 }

-func (la *LocalAuthenticator) Login(user *User, rw http.ResponseWriter, r *http.Request) (*User, error) {
+func (la *LocalAuthenticator) Login(
+	user *User,
+	rw http.ResponseWriter,
+	r *http.Request) (*User, error) {
+
 	if e := bcrypt.CompareHashAndPassword([]byte(user.Password), []byte(r.FormValue("password"))); e != nil {
 		return nil, fmt.Errorf("user '%s' provided the wrong password (%w)", user.Username, e)
 	}
@@ -34,6 +45,9 @@ func (la *LocalAuthenticator) Login(user *User, rw http.ResponseWriter, r *http.
 	return user, nil
 }

-func (la *LocalAuthenticator) Auth(rw http.ResponseWriter, r *http.Request) (*User, error) {
+func (la *LocalAuthenticator) Auth(
+	rw http.ResponseWriter,
+	r *http.Request) (*User, error) {
+
 	return la.auth.AuthViaSession(rw, r)
 }
--- a/internal/auth/users.go
+++ b/internal/auth/users.go
@@ -19,6 +19,7 @@ import (
 )

 func (auth *Authentication) GetUser(username string) (*User, error) {
+
 	user := &User{Username: username}
 	var hashedPassword, name, rawRoles, email sql.NullString
 	if err := sq.Select("password", "ldap", "name", "roles", "email").From("user").
@@ -40,6 +41,7 @@ func (auth *Authentication) GetUser(username string) (*User, error) {
 }

 func (auth *Authentication) AddUser(user *User) error {
+
 	rolesJson, _ := json.Marshal(user.Roles)

 	cols := []string{"username", "roles"}
@@ -70,11 +72,13 @@ func (auth *Authentication) AddUser(user *User) error {
 }

 func (auth *Authentication) DelUser(username string) error {
+
 	_, err := auth.db.Exec(`DELETE FROM user WHERE user.username = ?`, username)
 	return err
 }

 func (auth *Authentication) ListUsers(specialsOnly bool) ([]*User, error) {
+
 	q := sq.Select("username", "name", "email", "roles").From("user")
 	if specialsOnly {
 		q = q.Where("(roles != '[\"user\"]' AND roles != '[]')")
@@ -106,7 +110,11 @@ func (auth *Authentication) ListUsers(specialsOnly bool) ([]*User, error) {
 	return users, nil
 }

-func (auth *Authentication) AddRole(ctx context.Context, username string, role string) error {
+func (auth *Authentication) AddRole(
+	ctx context.Context,
+	username string,
+	role string) error {
+
 	user, err := auth.GetUser(username)
 	if err != nil {
 		return err
@@ -129,7 +137,11 @@ func (auth *Authentication) AddRole(ctx context.Context, username string, role s
 	return nil
 }

-func FetchUser(ctx context.Context, db *sqlx.DB, username string) (*model.User, error) {
+func FetchUser(
+	ctx context.Context,
+	db *sqlx.DB,
+	username string) (*model.User, error) {
+
 	me := GetUser(ctx)
 	if me != nil && !me.HasRole(RoleAdmin) && me.Username != username {
 		return nil, errors.New("forbidden")