mirror of
https://github.com/kubeshark/kubeshark.git
synced 2025-09-02 11:05:22 +00:00
This reverts commit 676e50b0b1.
This commit is contained in:
RamiBerm
GitHub
@@ -47,9 +47,9 @@ func init() {
|
||||
}
|
||||
|
||||
func WebSocketRoutes(app *gin.Engine, eventHandlers EventHandlers, startTime int64) {
|
||||
app.GET("/ws", middlewares.RequiresAuth(), func(c *gin.Context) {
|
||||
app.GET("/ws", func(c *gin.Context) {
|
||||
websocketHandler(c.Writer, c.Request, eventHandlers, false, startTime)
|
||||
})
|
||||
}, middlewares.RequiresAuth())
|
||||
|
||||
app.GET("/wsTapper", func(c *gin.Context) { // TODO: add m2m authentication to this route
|
||||
websocketHandler(c.Writer, c.Request, eventHandlers, true, startTime)
|
||||
|
||||
@@ -1,9 +1,7 @@
|
||||
package controllers
|
||||
|
||||
import (
|
||||
"errors"
|
||||
"mizuserver/pkg/providers"
|
||||
"net/http"
|
||||
|
||||
"github.com/gin-gonic/gin"
|
||||
"github.com/up9inc/mizu/shared/logger"
|
||||
@@ -13,44 +11,20 @@ func Login(c *gin.Context) {
|
||||
if token, err := providers.PerformLogin(c.PostForm("username"), c.PostForm("password"), c.Request.Context()); err != nil {
|
||||
c.AbortWithStatusJSON(401, gin.H{"error": "bad login"})
|
||||
} else {
|
||||
c.SetSameSite(http.SameSiteLaxMode)
|
||||
c.SetCookie("x-session-token", *token, 3600, "/", "", false, true)
|
||||
c.JSON(200, "")
|
||||
c.JSON(200, gin.H{"token": token})
|
||||
}
|
||||
}
|
||||
|
||||
func Logout(c *gin.Context) {
|
||||
token, err := c.Cookie("x-session-token")
|
||||
if err != nil {
|
||||
if errors.Is(err, http.ErrNoCookie) {
|
||||
c.AbortWithStatusJSON(401, gin.H{"error": "could not find session cookie"})
|
||||
} else {
|
||||
logger.Log.Errorf("error reading cookie in logout %s", err)
|
||||
c.AbortWithStatusJSON(500, gin.H{"error": "error occured while logging out, the session might still be valid"})
|
||||
}
|
||||
|
||||
return
|
||||
}
|
||||
|
||||
if err = providers.Logout(token, c.Request.Context()); err != nil {
|
||||
token := c.GetHeader("x-session-token")
|
||||
if err := providers.Logout(token, c.Request.Context()); err != nil {
|
||||
c.AbortWithStatusJSON(500, gin.H{"error": "error occured while logging out, the session might still be valid"})
|
||||
} else {
|
||||
c.SetCookie("x-session-token", "", -1, "/", "", false, true)
|
||||
c.JSON(200, "")
|
||||
}
|
||||
}
|
||||
|
||||
func Register(c *gin.Context) {
|
||||
// only allow one user to be created without authentication
|
||||
if IsInstallNeeded, err := providers.IsInstallNeeded(); err != nil {
|
||||
logger.Log.Errorf("unknown internal while checking if install is needed %s", err)
|
||||
c.AbortWithStatusJSON(500, gin.H{"error": "internal error occured while checking if install is needed"})
|
||||
return
|
||||
} else if !IsInstallNeeded {
|
||||
c.AbortWithStatusJSON(401, gin.H{"error": "cannot register when install is not needed"})
|
||||
return
|
||||
}
|
||||
|
||||
if token, _, err, formErrorMessages := providers.RegisterUser(c.PostForm("username"), c.PostForm("password"), c.Request.Context()); err != nil {
|
||||
if formErrorMessages != nil {
|
||||
logger.Log.Infof("user attempted to register but had form errors %v %v", formErrorMessages, err)
|
||||
@@ -60,8 +34,6 @@ func Register(c *gin.Context) {
|
||||
c.AbortWithStatusJSON(500, gin.H{"error": "internal error occured while registering"})
|
||||
}
|
||||
} else {
|
||||
c.SetSameSite(http.SameSiteLaxMode)
|
||||
c.SetCookie("x-session-token", *token, 3600, "/", "", false, true)
|
||||
c.JSON(200, "")
|
||||
c.JSON(200, gin.H{"token": token})
|
||||
}
|
||||
}
|
||||
|
||||
@@ -1,51 +1,49 @@
|
||||
package middlewares
|
||||
|
||||
import (
|
||||
"errors"
|
||||
"mizuserver/pkg/config"
|
||||
"mizuserver/pkg/providers"
|
||||
"net/http"
|
||||
"time"
|
||||
|
||||
"github.com/gin-gonic/gin"
|
||||
"github.com/patrickmn/go-cache"
|
||||
"github.com/up9inc/mizu/shared/logger"
|
||||
)
|
||||
|
||||
const errorMessage = "unknown authentication error occured"
|
||||
const cachedValidTokensRetainmentTime = time.Minute * 1
|
||||
|
||||
var cachedValidTokens = cache.New(cachedValidTokensRetainmentTime, cachedValidTokensRetainmentTime)
|
||||
|
||||
func RequiresAuth() gin.HandlerFunc {
|
||||
return func(c *gin.Context) {
|
||||
// authentication is irrelevant for ephermeral mizu
|
||||
// auth is irrelevant for ephermeral mizu
|
||||
if !config.Config.StandaloneMode {
|
||||
c.Next()
|
||||
return
|
||||
}
|
||||
|
||||
token, err := c.Cookie("x-session-token")
|
||||
if err != nil {
|
||||
if errors.Is(err, http.ErrNoCookie) {
|
||||
c.AbortWithStatusJSON(401, gin.H{"error": "could not find session cookie"})
|
||||
} else {
|
||||
logger.Log.Errorf("error reading cookie %s", err)
|
||||
c.AbortWithStatusJSON(500, gin.H{"error": errorMessage})
|
||||
}
|
||||
|
||||
token := c.GetHeader("x-session-token")
|
||||
if token == "" {
|
||||
c.AbortWithStatusJSON(401, gin.H{"error": "token header is empty"})
|
||||
return
|
||||
}
|
||||
|
||||
if token == "" {
|
||||
c.AbortWithStatusJSON(401, gin.H{"error": "token cookie is empty"})
|
||||
if _, isTokenCached := cachedValidTokens.Get(token); isTokenCached {
|
||||
c.Next()
|
||||
return
|
||||
}
|
||||
|
||||
if isTokenValid, err := providers.VerifyToken(token, c.Request.Context()); err != nil {
|
||||
logger.Log.Errorf("error verifying token %s", err)
|
||||
c.AbortWithStatusJSON(500, gin.H{"error": errorMessage})
|
||||
c.AbortWithStatusJSON(401, gin.H{"error": "unknown auth error occured"})
|
||||
return
|
||||
} else if !isTokenValid {
|
||||
c.AbortWithStatusJSON(401, gin.H{"error": "invalid token"})
|
||||
return
|
||||
}
|
||||
|
||||
cachedValidTokens.Set(token, true, cachedValidTokensRetainmentTime)
|
||||
|
||||
c.Next()
|
||||
}
|
||||
}
|
||||
|
||||
@@ -22,6 +22,8 @@ export default class Api {
|
||||
}
|
||||
|
||||
constructor() {
|
||||
this.token = localStorage.getItem("token");
|
||||
|
||||
this.client = this.getAxiosClient();
|
||||
this.source = null;
|
||||
}
|
||||
@@ -141,6 +143,7 @@ export default class Api {
|
||||
|
||||
try {
|
||||
const response = await this.client.post(`/user/register`, form);
|
||||
this.persistToken(response.data.token);
|
||||
return response;
|
||||
} catch (e) {
|
||||
if (e.response.status === 400) {
|
||||
@@ -161,18 +164,32 @@ export default class Api {
|
||||
form.append('password', password);
|
||||
|
||||
const response = await this.client.post(`/user/login`, form);
|
||||
if (response.status >= 200 && response.status < 300) {
|
||||
this.persistToken(response.data.token);
|
||||
}
|
||||
|
||||
return response;
|
||||
}
|
||||
|
||||
persistToken = (token) => {
|
||||
this.token = token;
|
||||
this.client = this.getAxiosClient();
|
||||
localStorage.setItem('token', token);
|
||||
}
|
||||
|
||||
logout = async () => {
|
||||
await this.client.post(`/user/logout`);
|
||||
this.persistToken(null);
|
||||
}
|
||||
|
||||
getAxiosClient = () => {
|
||||
const headers = {
|
||||
Accept: "application/json"
|
||||
}
|
||||
|
||||
if (this.token) {
|
||||
headers['x-session-token'] = `${this.token}`; // we use `x-session-token` instead of `Authorization` because the latter is reserved by kubectl proxy, making mizu view not work
|
||||
}
|
||||
return axios.create({
|
||||
baseURL: apiURL,
|
||||
timeout: 31000,
|
||||
|
||||
Reference in New Issue
Block a user