Added authentication

ewoutp · ewoutp · commit 408de547f995 · 2018-07-06T12:44:43.000+02:00
diff --git a/dashboard/assets.go b/dashboard/assets.go
diff --git a/dashboard/src/App.js b/dashboard/src/App.js
@@ -2,7 +2,7 @@ import React, { Component } from 'react';
 import DeploymentOperator from './deployment/DeploymentOperator.js';
 import NoOperator from './NoOperator.js';
 import Loading from './util/Loading.js';
-import { apiGet } from './api/api.js';
+import api from './api/api.js';
 import { Container, Segment, Message } from 'semantic-ui-react';
 import './App.css';
 
@@ -40,7 +40,7 @@ class App extends Component {
   }
 
   reloadOperators = async() => {
-    const operators = await apiGet('/api/operators');
+    const operators = await api.get('/api/operators');
     this.setState({operators});
   }
 
diff --git a/dashboard/src/api/api.js b/dashboard/src/api/api.js
@@ -1,8 +1,49 @@
-// apiGet performs a GET request on the API with given local URL.
-// The result is decoded from JSON and returned.
-export async function apiGet(localURL) {
-    const result = await fetch(localURL);
-    const decoded = await result.json();
-    return decoded;
+class Api {
+    token = '';
+
+    async decodeResults(result) {
+        const decoded = await result.json();
+        if (result.status === 401) {
+            throw Error(decoded.error || "Unauthorized")
+        }
+        if (result.status !== 200) {
+            throw Error(`Unexpected status ${result.status}`);
+        }
+        return decoded;
+    }
+    
+    // apiGet performs a GET request on the API with given local URL.
+    // The result is decoded from JSON and returned.
+    async get(localURL) {
+        let headers = {
+            'Accept': 'application/json'
+        };
+        if (this.token) {
+            headers['Authorization'] = `bearer ${this.token}`; 
+        }
+        const result = await fetch(localURL, {headers});
+        return this.decodeResults(result);
+    }
+    
+    // apiPost performs a POST request on the API with given local URL and given data.
+    // The result is decoded from JSON and returned.
+    async post(localURL, body) {
+        let headers = {
+            'Accept': 'application/json',
+            'Content-Type': 'application/json'
+        };
+        if (this.token) {
+            headers['Authorization'] = `bearer ${this.token}`; 
+        }
+        const result = await fetch(localURL, {
+            method: 'POST',
+            headers,
+            body: JSON.stringify(body)
+        });
+        return this.decodeResults(result);
+    }
 }
 
+var api = new Api();
+
+export default api;
diff --git a/dashboard/src/auth/Auth.js b/dashboard/src/auth/Auth.js
@@ -0,0 +1,77 @@
+import React, { Component } from 'react';
+import api from '../api/api.js';
+import Login from './Login.js';
+import LogoutContext from './LogoutContext.js';
+import { getSessionItem, setSessionItem } from "../util/Storage.js";
+
+const tokenSessionKey = "auth-token";
+
+class Auth extends Component {
+  state = {
+    authenticated: false,
+    token: getSessionItem(tokenSessionKey) || ""
+  };
+
+  async componentDidMount() {
+    try {
+      api.token = this.state.token;
+      await api.get('/api/operators');
+      this.setState({
+        authenticated: true,
+        token: api.token
+      });
+    } catch (e) {
+      this.setState({
+        authenticated: false,
+        token: ''
+      });
+    }
+  }
+
+  handleLogin = async (username, password) => {
+    try {
+      this.setState({error:undefined});
+      const res = await api.post('/login', { username, password });
+      api.token = res.token;
+      setSessionItem(tokenSessionKey, res.token);
+      this.setState({
+        authenticated: true,
+        token: res.token
+      });
+      return true;
+    } catch (e) {
+      this.setState({
+        authenticated: false,
+        token: '',
+        error: e.message
+      });
+      return false;
+    }
+  };
+
+  handleLogout = () => {
+    api.token = '';
+    setSessionItem(tokenSessionKey, '');
+    this.setState({
+      authenticated: false,
+      token: '',
+      error: undefined
+    });
+  };
+
+  componentWillUnmount() {
+  }
+
+  render() {
+    return (
+      <LogoutContext.Provider value={this.handleLogout}>
+        {(!this.state.authenticated) ? 
+          <Login doLogin={this.handleLogin} error={this.state.error}/> :
+          this.props.children
+        }
+      </LogoutContext.Provider>
+    );
+  }
+}
+
+export default Auth;
diff --git a/dashboard/src/auth/Login.js b/dashboard/src/auth/Login.js
@@ -0,0 +1,54 @@
+import React, { Component } from 'react';
+import { Button, Container, Form, Icon, Message, Modal } from 'semantic-ui-react';
+
+const LoginView = ({username, password, usernameChanged, passwordChanged, doLogin, error}) => (
+  <Container>
+    <Form onSubmit={doLogin}>
+      <Form.Field>
+        <label>Name</label>
+        <input focus="true" value={username} onChange={(e) => usernameChanged(e.target.value)}/>
+      </Form.Field>
+      <Form.Field>
+        <label>Password</label>
+        <input type="password" value={password} onChange={(e) => passwordChanged(e.target.value)}/>
+      </Form.Field>
+    </Form>
+    {(error) ? <Message error content={error}/> : null}
+  </Container>
+);
+
+class Login extends Component {
+  state = {
+    username: '',
+    password: ''
+  };
+
+  handleLogin = () => {
+    this.props.doLogin(this.state.username, this.state.password);
+  }
+
+  render() {
+    return (
+      <Modal open>
+        <Modal.Header>Login</Modal.Header>
+        <Modal.Content>
+          <LoginView 
+            error={this.props.error}
+            username={this.state.username}
+            password={this.state.password}
+            usernameChanged={(v) => this.setState({username:v})}
+            passwordChanged={(v) => this.setState({password:v})}
+            doLogin={this.handleLogin}
+          />
+        </Modal.Content>
+        <Modal.Actions>
+          <Button color='green' disabled={((!this.state.username) || (!this.state.password))} onClick={this.handleLogin}>
+            <Icon name='checkmark' /> Login
+          </Button>
+        </Modal.Actions>
+      </Modal>
+    );
+  }
+}
+
+export default Login;
diff --git a/dashboard/src/auth/LogoutContext.js b/dashboard/src/auth/LogoutContext.js
@@ -0,0 +1,6 @@
+import React from 'react';
+
+const LogoutContext = React.createContext(undefined);
+
+export default LogoutContext;
+
diff --git a/dashboard/src/deployment/DeploymentDetails.js b/dashboard/src/deployment/DeploymentDetails.js
@@ -1,11 +1,12 @@
 import React, { Component } from 'react';
-import { apiGet } from '../api/api.js';
+import api from '../api/api.js';
 import Loading from '../util/Loading.js';
 import MemberList from './MemberList.js';
 
 const MemberGroupsView = ({memberGroups, namespace}) => (
   <div>
     {memberGroups.map((item) => <MemberList 
+      key={`server-group-${item.group}`}
       group={item.group}
       members={item.members}
       namespace={namespace}
@@ -27,7 +28,7 @@ class DeploymentDetails extends Component {
 
   reloadDeployment = async() => {
     // TODO
-    const result = await apiGet(`/api/deployment/${this.props.name}`);
+    const result = await api.get(`/api/deployment/${this.props.name}`);
     this.setState({deployment:result});
   }
 
diff --git a/dashboard/src/deployment/DeploymentList.js b/dashboard/src/deployment/DeploymentList.js
@@ -1,5 +1,5 @@
 import React, { Component } from 'react';
-import { apiGet } from '../api/api.js';
+import api from '../api/api.js';
 import { Icon, Popup, Table } from 'semantic-ui-react';
 import Loading from '../util/Loading.js';
 import CommandInstruction from '../util/CommandInstruction.js';
@@ -121,7 +121,7 @@ class DeploymentList extends Component {
   }
 
   reloadDeployments = async() => {
-    const result = await apiGet('/api/deployment');
+    const result = await api.get('/api/deployment');
     this.setState({items:result.deployments});
   }
 
diff --git a/dashboard/src/deployment/DeploymentOperator.js b/dashboard/src/deployment/DeploymentOperator.js
@@ -1,4 +1,5 @@
 import React, { Component } from 'react';
+import LogoutContext from '../auth/LogoutContext.js';
 import DeploymentDetails from './DeploymentDetails.js';
 import DeploymentList from './DeploymentList.js';
 import { Header, Menu, Segment } from 'semantic-ui-react';
@@ -42,11 +43,18 @@ class DeploymentOperator extends Component {
     return (
       <Router>
         <div>
-          <StyledMenu fixed="left" vertical>
-            <Menu.Item>
-              <Link to="/">Deployments</Link>
-            </Menu.Item>
-          </StyledMenu>
+          <LogoutContext.Consumer>
+            {doLogout => 
+              <StyledMenu fixed="left" vertical>
+                <Menu.Item>
+                  <Link to="/">Deployments</Link>
+                </Menu.Item>
+                <Menu.Item position="right" onClick={() => doLogout()}>
+                  Logout
+                </Menu.Item>
+              </StyledMenu>
+            }
+          </LogoutContext.Consumer>
           <StyledContentBox>
             <Segment basic clearing>
                 <div>
diff --git a/dashboard/src/index.js b/dashboard/src/index.js
@@ -2,7 +2,8 @@ import React from 'react';
 import ReactDOM from 'react-dom';
 import './index.css';
 import App from './App';
+import Auth from './auth/Auth.js';
 import registerServiceWorker from './registerServiceWorker';
 
-ReactDOM.render(<App />, document.getElementById('root'));
+ReactDOM.render(<Auth><App /></Auth>, document.getElementById('root'));
 registerServiceWorker();
diff --git a/dashboard/src/util/Storage.js b/dashboard/src/util/Storage.js
@@ -0,0 +1,16 @@
+const PREFIX = "kube-arangodb:v1:";
+
+export function getSessionItem(key) {
+  const item = sessionStorage.getItem(`${PREFIX}${key}`);
+  if (item) {
+    try {
+      return JSON.parse(item);
+    } catch (e) {}
+  }
+  return undefined;
+}
+
+export function setSessionItem(key, value) {
+  sessionStorage.setItem(`${PREFIX}${key}`, JSON.stringify(value));
+  return value;
+}
diff --git a/main.go b/main.go
@@ -55,9 +55,10 @@ import (
 )
 
 const (
-	defaultServerHost = "0.0.0.0"
-	defaultServerPort = 8528
-	defaultLogLevel   = "debug"
+	defaultServerHost      = "0.0.0.0"
+	defaultServerPort      = 8528
+	defaultLogLevel        = "debug"
+	defaultAdminSecretName = "arangodb-operator-dashboard"
 )
 
 var (
@@ -75,9 +76,11 @@ var (
 	cliLog        = logging.NewRootLogger()
 	logService    logging.Service
 	serverOptions struct {
-		host          string
-		port          int
-		tlsSecretName string
+		host            string
+		port            int
+		tlsSecretName   string
+		adminSecretName string // Name of basic authentication secret containing the admin username+password of the dashboard
+		allowAnonymous  bool   // If set, anonymous access to dashboard is allowed
 	}
 	operatorOptions struct {
 		enableDeployment            bool // Run deployment operator
@@ -98,6 +101,8 @@ func init() {
 	f.StringVar(&serverOptions.host, "server.host", defaultServerHost, "Host to listen on")
 	f.IntVar(&serverOptions.port, "server.port", defaultServerPort, "Port to listen on")
 	f.StringVar(&serverOptions.tlsSecretName, "server.tls-secret-name", "", "Name of secret containing tls.crt & tls.key for HTTPS server (if empty, self-signed certificate is used)")
+	f.StringVar(&serverOptions.adminSecretName, "server.admin-secret-name", defaultAdminSecretName, "Name of secret containing username + password for login to the dashboard")
+	f.BoolVar(&serverOptions.allowAnonymous, "server.allow-anonymous-access", false, "Allow anonymous access to the dashboard")
 	f.StringVar(&logLevel, "log.level", defaultLogLevel, "Set initial log level")
 	f.BoolVar(&operatorOptions.enableDeployment, "operator.deployment", false, "Enable to run the ArangoDeployment operator")
 	f.BoolVar(&operatorOptions.enableDeploymentReplication, "operator.deployment-replication", false, "Enable to run the ArangoDeploymentReplication operator")
@@ -170,6 +175,7 @@ func cmdMainRun(cmd *cobra.Command, args []string) {
 	if err != nil {
 		cliLog.Fatal().Err(err).Msg("Failed to create Kubernetes client")
 	}
+	secrets := kubecli.CoreV1().Secrets(namespace)
 
 	// Create operator
 	cfg, deps, err := newOperatorConfigAndDeps(id+"-"+name, namespace, name)
@@ -189,13 +195,16 @@ func cmdMainRun(cmd *cobra.Command, args []string) {
 		TLSSecretNamespace: namespace,
 		PodName:            name,
 		PodIP:              ip,
+		AdminSecretName:    serverOptions.adminSecretName,
+		AllowAnonymous:     serverOptions.allowAnonymous,
 	}, server.Dependencies{
 		Log:                        logService.MustGetLogger("server"),
 		LivenessProbe:              &livenessProbe,
 		DeploymentProbe:            &deploymentProbe,
 		DeploymentReplicationProbe: &deploymentReplicationProbe,
 		StorageProbe:               &storageProbe,
 		Operators:                  o,
+		Secrets:                    secrets,
 	}); err != nil {
 		cliLog.Fatal().Err(err).Msg("Failed to create HTTP server")
 	} else {
diff --git a/pkg/server/auth.go b/pkg/server/auth.go
diff --git a/pkg/server/errors.go b/pkg/server/errors.go
diff --git a/pkg/server/server.go b/pkg/server/server.go

Original file line number	Diff line number	Diff line change
`@@ -2,7 +2,7 @@ import React, { Component } from 'react';`
`2`	`2`	`import DeploymentOperator from './deployment/DeploymentOperator.js';`
`3`	`3`	`import NoOperator from './NoOperator.js';`
`4`	`4`	`import Loading from './util/Loading.js';`
`5`		`-import { apiGet } from './api/api.js';`
	`5`	`+import api from './api/api.js';`
`6`	`6`	`import { Container, Segment, Message } from 'semantic-ui-react';`
`7`	`7`	`import './App.css';`
`8`	`8`
`@@ -40,7 +40,7 @@ class App extends Component {`
`40`	`40`	`}`
`41`	`41`
`42`	`42`	`reloadOperators = async() => {`
`43`		`- const operators = await apiGet('/api/operators');`
	`43`	`+ const operators = await api.get('/api/operators');`
`44`	`44`	`this.setState({operators});`
`45`	`45`	`}`
`46`	`46`
Original file line number	Diff line number	Diff line change
`@@ -1,5 +1,5 @@`
`1`	`1`	`import React, { Component } from 'react';`
`2`		`-import { apiGet } from '../api/api.js';`
	`2`	`+import api from '../api/api.js';`
`3`	`3`	`import { Icon, Popup, Table } from 'semantic-ui-react';`
`4`	`4`	`import Loading from '../util/Loading.js';`
`5`	`5`	`import CommandInstruction from '../util/CommandInstruction.js';`
`@@ -121,7 +121,7 @@ class DeploymentList extends Component {`
`121`	`121`	`}`
`122`	`122`
`123`	`123`	`reloadDeployments = async() => {`
`124`		`- const result = await apiGet('/api/deployment');`
	`124`	`+ const result = await api.get('/api/deployment');`
`125`	`125`	`this.setState({items:result.deployments});`
`126`	`126`	`}`
`127`	`127`