server/rest/controller/v4/auth_resource.go - servicecomb-service-center - Git at Google

 /*
  * Licensed to the Apache Software Foundation (ASF) under one or more
  * contributor license agreements.  See the NOTICE file distributed with
  * this work for additional information regarding copyright ownership.
  * The ASF licenses this file to You under the Apache License, Version 2.0
  * (the "License"); you may not use this file except in compliance with
  * the License.  You may obtain a copy of the License at
  *
  *     http://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */

 package v4

 import (
 	"context"
 	"encoding/json"
 	errorsEx "github.com/apache/servicecomb-service-center/pkg/errors"
 	"github.com/apache/servicecomb-service-center/pkg/log"
 	"github.com/apache/servicecomb-service-center/pkg/rbacframe"
 	"github.com/apache/servicecomb-service-center/pkg/rest"
 	"github.com/apache/servicecomb-service-center/server/rest/controller"
 	"github.com/apache/servicecomb-service-center/server/scerror"
 	"github.com/apache/servicecomb-service-center/server/service"
 	"github.com/apache/servicecomb-service-center/server/service/rbac"
 	"github.com/apache/servicecomb-service-center/server/service/rbac/dao"
 	"github.com/go-chassis/go-chassis/security/authr"
 	"io/ioutil"
 	"net/http"
 )

 type AuthResource struct {
 }

 //URLPatterns define htp pattern
 func (r *AuthResource) URLPatterns() []rest.Route {
 	return []rest.Route{
 		{Method: http.MethodPost, Path: "/v4/token", Func: r.Login},
 		{Method: http.MethodPost, Path: "/v4/account", Func: r.CreateAccount},
 		{Method: http.MethodPut, Path: "/v4/account-password", Func: r.ChangePassword},
 	}
 }
 func (r *AuthResource) CreateAccount(w http.ResponseWriter, req *http.Request) {
 	body, err := ioutil.ReadAll(req.Body)
 	if err != nil {
 		log.Error("read body err", err)
 		controller.WriteError(w, scerror.ErrInternal, err.Error())
 		return
 	}
 	a := &rbacframe.Account{}
 	if err = json.Unmarshal(body, a); err != nil {
 		log.Error("json err", err)
 		controller.WriteError(w, scerror.ErrInvalidParams, errorsEx.ErrMsgJSON)
 		return
 	}
 	err = service.ValidateCreateAccount(a)
 	if err != nil {
 		controller.WriteError(w, scerror.ErrInvalidParams, err.Error())
 		return
 	}
 	err = dao.CreateAccount(context.TODO(), a)
 	if err != nil {
 		log.Error(errorsEx.ErrMsgCreateAccount, err)
 		controller.WriteError(w, scerror.ErrInternal, errorsEx.ErrMsgCreateAccount)
 		return
 	}
 }
 func (r *AuthResource) ChangePassword(w http.ResponseWriter, req *http.Request) {
 	body, err := ioutil.ReadAll(req.Body)
 	if err != nil {
 		log.Error("read body err", err)
 		controller.WriteError(w, scerror.ErrInternal, err.Error())
 		return
 	}
 	a := &rbacframe.Account{}
 	if err = json.Unmarshal(body, a); err != nil {
 		log.Error("json err", err)
 		controller.WriteError(w, scerror.ErrInvalidParams, errorsEx.ErrMsgJSON)
 		return
 	}
 	err = service.ValidateChangePWD(a)
 	if err != nil {
 		controller.WriteError(w, scerror.ErrInvalidParams, err.Error())
 		return
 	}
 	changer, err := rbacframe.AccountFromContext(req.Context())
 	if err != nil {
 		controller.WriteError(w, scerror.ErrInternal, "can not parse account info")
 		return
 	}
 	err = rbac.ChangePassword(context.TODO(), changer.Role, changer.Name, a)
 	if err != nil {
 		log.Error("change password failed", err)
 		controller.WriteError(w, scerror.ErrInternal, err.Error())
 		return
 	}
 }

 func (r *AuthResource) Login(w http.ResponseWriter, req *http.Request) {
 	body, err := ioutil.ReadAll(req.Body)
 	if err != nil {
 		log.Error("read body err", err)
 		controller.WriteError(w, scerror.ErrInternal, err.Error())
 		return
 	}
 	a := &rbacframe.Account{}
 	if err = json.Unmarshal(body, a); err != nil {
 		log.Error("json err", err)
 		controller.WriteError(w, scerror.ErrInvalidParams, err.Error())
 		return
 	}
 	t, err := authr.Login(context.TODO(), a.Name, a.Password)
 	if err != nil {
 		if err == rbac.ErrUnauthorized {
 			log.Error("not authorized", err)
 			controller.WriteError(w, scerror.ErrUnauthorized, err.Error())
 			return
 		}
 		log.Error("can not sign token", err)
 		controller.WriteError(w, scerror.ErrInternal, err.Error())
 		return
 	}
 	to := &rbacframe.Token{TokenStr: t}
 	b, err := json.Marshal(to)
 	if err != nil {
 		log.Error("json err", err)
 		controller.WriteError(w, scerror.ErrInvalidParams, err.Error())
 		return
 	}
 	controller.WriteJSON(w, b)
 }
	/*
	* Licensed to the Apache Software Foundation (ASF) under one or more
	* contributor license agreements. See the NOTICE file distributed with
	* this work for additional information regarding copyright ownership.
	* The ASF licenses this file to You under the Apache License, Version 2.0
	* (the "License"); you may not use this file except in compliance with
	* the License. You may obtain a copy of the License at
	*
	* http://www.apache.org/licenses/LICENSE-2.0
	*
	* Unless required by applicable law or agreed to in writing, software
	* distributed under the License is distributed on an "AS IS" BASIS,
	* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
	* See the License for the specific language governing permissions and
	* limitations under the License.
	*/

	package v4

	import (
	"context"
	"encoding/json"
	errorsEx "github.com/apache/servicecomb-service-center/pkg/errors"
	"github.com/apache/servicecomb-service-center/pkg/log"
	"github.com/apache/servicecomb-service-center/pkg/rbacframe"
	"github.com/apache/servicecomb-service-center/pkg/rest"
	"github.com/apache/servicecomb-service-center/server/rest/controller"
	"github.com/apache/servicecomb-service-center/server/scerror"
	"github.com/apache/servicecomb-service-center/server/service"
	"github.com/apache/servicecomb-service-center/server/service/rbac"
	"github.com/apache/servicecomb-service-center/server/service/rbac/dao"
	"github.com/go-chassis/go-chassis/security/authr"
	"io/ioutil"
	"net/http"
	)

	type AuthResource struct {
	}

	//URLPatterns define htp pattern
	func (r *AuthResource) URLPatterns() []rest.Route {
	return []rest.Route{
	{Method: http.MethodPost, Path: "/v4/token", Func: r.Login},
	{Method: http.MethodPost, Path: "/v4/account", Func: r.CreateAccount},
	{Method: http.MethodPut, Path: "/v4/account-password", Func: r.ChangePassword},
	}
	}
	func (r AuthResource) CreateAccount(w http.ResponseWriter, req http.Request) {
	body, err := ioutil.ReadAll(req.Body)
	if err != nil {
	log.Error("read body err", err)
	controller.WriteError(w, scerror.ErrInternal, err.Error())
	return
	}
	a := &rbacframe.Account{}
	if err = json.Unmarshal(body, a); err != nil {
	log.Error("json err", err)
	controller.WriteError(w, scerror.ErrInvalidParams, errorsEx.ErrMsgJSON)
	return
	}
	err = service.ValidateCreateAccount(a)
	if err != nil {
	controller.WriteError(w, scerror.ErrInvalidParams, err.Error())
	return
	}
	err = dao.CreateAccount(context.TODO(), a)
	if err != nil {
	log.Error(errorsEx.ErrMsgCreateAccount, err)
	controller.WriteError(w, scerror.ErrInternal, errorsEx.ErrMsgCreateAccount)
	return
	}
	}
	func (r AuthResource) ChangePassword(w http.ResponseWriter, req http.Request) {
	body, err := ioutil.ReadAll(req.Body)
	if err != nil {
	log.Error("read body err", err)
	controller.WriteError(w, scerror.ErrInternal, err.Error())
	return
	}
	a := &rbacframe.Account{}
	if err = json.Unmarshal(body, a); err != nil {
	log.Error("json err", err)
	controller.WriteError(w, scerror.ErrInvalidParams, errorsEx.ErrMsgJSON)
	return
	}
	err = service.ValidateChangePWD(a)
	if err != nil {
	controller.WriteError(w, scerror.ErrInvalidParams, err.Error())
	return
	}
	changer, err := rbacframe.AccountFromContext(req.Context())
	if err != nil {
	controller.WriteError(w, scerror.ErrInternal, "can not parse account info")
	return
	}
	err = rbac.ChangePassword(context.TODO(), changer.Role, changer.Name, a)
	if err != nil {
	log.Error("change password failed", err)
	controller.WriteError(w, scerror.ErrInternal, err.Error())
	return
	}
	}

	func (r AuthResource) Login(w http.ResponseWriter, req http.Request) {
	body, err := ioutil.ReadAll(req.Body)
	if err != nil {
	log.Error("read body err", err)
	controller.WriteError(w, scerror.ErrInternal, err.Error())
	return
	}
	a := &rbacframe.Account{}
	if err = json.Unmarshal(body, a); err != nil {
	log.Error("json err", err)
	controller.WriteError(w, scerror.ErrInvalidParams, err.Error())
	return
	}
	t, err := authr.Login(context.TODO(), a.Name, a.Password)
	if err != nil {
	if err == rbac.ErrUnauthorized {
	log.Error("not authorized", err)
	controller.WriteError(w, scerror.ErrUnauthorized, err.Error())
	return
	}
	log.Error("can not sign token", err)
	controller.WriteError(w, scerror.ErrInternal, err.Error())
	return
	}
	to := &rbacframe.Token{TokenStr: t}
	b, err := json.Marshal(to)
	if err != nil {
	log.Error("json err", err)
	controller.WriteError(w, scerror.ErrInvalidParams, err.Error())
	return
	}
	controller.WriteJSON(w, b)
	}