mirror of
https://git.mirrors.martin98.com/https://github.com/SigNoz/signoz
synced 2025-08-02 09:20:39 +08:00
137 lines
3.3 KiB
Go
137 lines
3.3 KiB
Go
package auth
|
|
|
|
import (
|
|
"context"
|
|
"fmt"
|
|
"net/http"
|
|
"regexp"
|
|
|
|
"github.com/gorilla/mux"
|
|
"github.com/pkg/errors"
|
|
"go.signoz.io/query-service/constants"
|
|
"go.signoz.io/query-service/dao"
|
|
"go.uber.org/zap"
|
|
)
|
|
|
|
type Group struct {
|
|
GroupID string
|
|
GroupName string
|
|
}
|
|
|
|
type AuthCache struct {
|
|
AdminGroupId string
|
|
EditorGroupId string
|
|
ViewerGroupId string
|
|
}
|
|
|
|
var AuthCacheObj AuthCache
|
|
|
|
// InitAuthCache reads the DB and initialize the auth cache.
|
|
func InitAuthCache(ctx context.Context) error {
|
|
|
|
setGroupId := func(groupName string, dest *string) error {
|
|
group, err := dao.DB().GetGroupByName(ctx, groupName)
|
|
if err != nil {
|
|
return errors.Wrapf(err.Err, "failed to get group %s", groupName)
|
|
}
|
|
*dest = group.Id
|
|
return nil
|
|
}
|
|
|
|
if err := setGroupId(constants.AdminGroup, &AuthCacheObj.AdminGroupId); err != nil {
|
|
return err
|
|
}
|
|
if err := setGroupId(constants.EditorGroup, &AuthCacheObj.EditorGroupId); err != nil {
|
|
return err
|
|
}
|
|
if err := setGroupId(constants.ViewerGroup, &AuthCacheObj.ViewerGroupId); err != nil {
|
|
return err
|
|
}
|
|
|
|
return nil
|
|
}
|
|
|
|
func IsAdmin(r *http.Request) bool {
|
|
accessJwt, err := ExtractJwtFromRequest(r)
|
|
if err != nil {
|
|
zap.S().Debugf("Failed to verify admin access, err: %v", err)
|
|
return false
|
|
}
|
|
|
|
user, err := validateUser(accessJwt)
|
|
if err != nil {
|
|
return false
|
|
}
|
|
return user.GroupId == AuthCacheObj.AdminGroupId
|
|
}
|
|
|
|
func IsSelfAccessRequest(r *http.Request) bool {
|
|
id := mux.Vars(r)["id"]
|
|
accessJwt, err := ExtractJwtFromRequest(r)
|
|
if err != nil {
|
|
zap.S().Debugf("Failed to verify self access, err: %v", err)
|
|
return false
|
|
}
|
|
|
|
user, err := validateUser(accessJwt)
|
|
if err != nil {
|
|
zap.S().Debugf("Failed to verify self access, err: %v", err)
|
|
return false
|
|
}
|
|
zap.S().Debugf("Self access verification, userID: %s, id: %s\n", user.Id, id)
|
|
return user.Id == id
|
|
}
|
|
|
|
func IsViewer(r *http.Request) bool {
|
|
accessJwt, err := ExtractJwtFromRequest(r)
|
|
if err != nil {
|
|
zap.S().Debugf("Failed to verify viewer access, err: %v", err)
|
|
return false
|
|
}
|
|
|
|
user, err := validateUser(accessJwt)
|
|
if err != nil {
|
|
return false
|
|
}
|
|
|
|
return user.GroupId == AuthCacheObj.ViewerGroupId
|
|
}
|
|
|
|
func IsEditor(r *http.Request) bool {
|
|
accessJwt, err := ExtractJwtFromRequest(r)
|
|
if err != nil {
|
|
zap.S().Debugf("Failed to verify editor access, err: %v", err)
|
|
return false
|
|
}
|
|
|
|
user, err := validateUser(accessJwt)
|
|
if err != nil {
|
|
return false
|
|
}
|
|
return user.GroupId == AuthCacheObj.EditorGroupId
|
|
}
|
|
|
|
func ValidatePassword(password string) error {
|
|
if len(password) < minimumPasswordLength {
|
|
return errors.Errorf("Password should be atleast %d characters.", minimumPasswordLength)
|
|
}
|
|
|
|
num := `[0-9]{1}`
|
|
lower := `[a-z]{1}`
|
|
upper := `[A-Z]{1}`
|
|
symbol := `[!@#$&*]{1}`
|
|
if b, err := regexp.MatchString(num, password); !b || err != nil {
|
|
return fmt.Errorf("password should have atleast one number")
|
|
}
|
|
if b, err := regexp.MatchString(lower, password); !b || err != nil {
|
|
return fmt.Errorf("password should have atleast one lower case letter")
|
|
}
|
|
if b, err := regexp.MatchString(upper, password); !b || err != nil {
|
|
return fmt.Errorf("password should have atleast one upper case letter")
|
|
}
|
|
if b, err := regexp.MatchString(symbol, password); !b || err != nil {
|
|
return fmt.Errorf("password should have atleast one special character from !@#$&* ")
|
|
}
|
|
return nil
|
|
}
|