signoz/pkg/query-service/app/auth.go

package app

import (
	"context"
	"errors"
	"net/http"

	"github.com/gorilla/mux"
	"go.signoz.io/signoz/pkg/query-service/auth"
	"go.signoz.io/signoz/pkg/query-service/constants"
	"go.signoz.io/signoz/pkg/query-service/model"
	"go.signoz.io/signoz/pkg/types"
)

type AuthMiddleware struct {
	GetUserFromRequest func(r context.Context) (*types.GettableUser, error)
}

func NewAuthMiddleware(f func(ctx context.Context) (*types.GettableUser, error)) *AuthMiddleware {
	return &AuthMiddleware{
		GetUserFromRequest: f,
	}
}

func (am *AuthMiddleware) OpenAccess(f func(http.ResponseWriter, *http.Request)) http.HandlerFunc {
	return func(w http.ResponseWriter, r *http.Request) {
		f(w, r)
	}
}

func (am *AuthMiddleware) ViewAccess(f func(http.ResponseWriter, *http.Request)) http.HandlerFunc {
	return func(w http.ResponseWriter, r *http.Request) {
		user, err := am.GetUserFromRequest(r.Context())
		if err != nil {
			RespondError(w, &model.ApiError{
				Typ: model.ErrorUnauthorized,
				Err: err,
			}, nil)
			return
		}

		if !(auth.IsViewer(user) || auth.IsEditor(user) || auth.IsAdmin(user)) {
			RespondError(w, &model.ApiError{
				Typ: model.ErrorForbidden,
				Err: errors.New("API is accessible to viewers/editors/admins"),
			}, nil)
			return
		}
		ctx := context.WithValue(r.Context(), constants.ContextUserKey, user)
		r = r.WithContext(ctx)
		f(w, r)
	}
}

func (am *AuthMiddleware) EditAccess(f func(http.ResponseWriter, *http.Request)) http.HandlerFunc {
	return func(w http.ResponseWriter, r *http.Request) {
		user, err := am.GetUserFromRequest(r.Context())
		if err != nil {
			RespondError(w, &model.ApiError{
				Typ: model.ErrorUnauthorized,
				Err: err,
			}, nil)
			return
		}
		if !(auth.IsEditor(user) || auth.IsAdmin(user)) {
			RespondError(w, &model.ApiError{
				Typ: model.ErrorForbidden,
				Err: errors.New("API is accessible to editors/admins"),
			}, nil)
			return
		}
		ctx := context.WithValue(r.Context(), constants.ContextUserKey, user)
		r = r.WithContext(ctx)
		f(w, r)
	}
}

func (am *AuthMiddleware) SelfAccess(f func(http.ResponseWriter, *http.Request)) http.HandlerFunc {
	return func(w http.ResponseWriter, r *http.Request) {
		user, err := am.GetUserFromRequest(r.Context())
		if err != nil {
			RespondError(w, &model.ApiError{
				Typ: model.ErrorUnauthorized,
				Err: err,
			}, nil)
			return
		}
		id := mux.Vars(r)["id"]
		if !(auth.IsSelfAccessRequest(user, id) || auth.IsAdmin(user)) {
			RespondError(w, &model.ApiError{
				Typ: model.ErrorForbidden,
				Err: errors.New("API is accessible for self access or to the admins"),
			}, nil)
			return
		}
		ctx := context.WithValue(r.Context(), constants.ContextUserKey, user)
		r = r.WithContext(ctx)
		f(w, r)
	}
}

func (am *AuthMiddleware) AdminAccess(f func(http.ResponseWriter, *http.Request)) http.HandlerFunc {
	return func(w http.ResponseWriter, r *http.Request) {
		user, err := am.GetUserFromRequest(r.Context())
		if err != nil {
			RespondError(w, &model.ApiError{
				Typ: model.ErrorUnauthorized,
				Err: err,
			}, nil)
			return
		}
		if !auth.IsAdmin(user) {
			RespondError(w, &model.ApiError{
				Typ: model.ErrorForbidden,
				Err: errors.New("API is accessible to admins only"),
			}, nil)
			return
		}
		ctx := context.WithValue(r.Context(), constants.ContextUserKey, user)
		r = r.WithContext(ctx)
		f(w, r)
	}
}
Create PAT supporting auth middleware 2023-02-15 23:49:03 +05:30			`package app`

			`import (`
feat: add created{By,At} , updated{By,At} to alerts/dashboards (#3754) 2023-10-17 17:50:54 +00:00			`"context"`
Create PAT supporting auth middleware 2023-02-15 23:49:03 +05:30			`"errors"`
			`"net/http"`

			`"github.com/gorilla/mux"`
			`"go.signoz.io/signoz/pkg/query-service/auth"`
feat: add created{By,At} , updated{By,At} to alerts/dashboards (#3754) 2023-10-17 17:50:54 +00:00			`"go.signoz.io/signoz/pkg/query-service/constants"`
Create PAT supporting auth middleware 2023-02-15 23:49:03 +05:30			`"go.signoz.io/signoz/pkg/query-service/model"`
Fix: Multitenancy support for ORG (#7155) * fix: support multitenancy in org * fix: register and login working now * fix: changes to migration * fix: migrations run both on sqlite and postgres * fix: remove user flags from fe and be * fix: remove ingestion keys from update * fix: multitenancy support for apdex settings * fix: render ts for users correctly * fix: fix migration to run for new tenants * fix: clean up migrations * fix: address comments * Update pkg/sqlmigration/013_update_organization.go Co-authored-by: ellipsis-dev[bot] <65095814+ellipsis-dev[bot]@users.noreply.github.com> * fix: fix build * fix: force invites with org id * Update pkg/query-service/auth/auth.go Co-authored-by: ellipsis-dev[bot] <65095814+ellipsis-dev[bot]@users.noreply.github.com> * fix: address comments * fix: address comments * fix: provier with their own dialect * fix: update dialects * fix: remove unwanted change * Update pkg/query-service/app/http_handler.go Co-authored-by: ellipsis-dev[bot] <65095814+ellipsis-dev[bot]@users.noreply.github.com> * fix: different files for types --------- Co-authored-by: ellipsis-dev[bot] <65095814+ellipsis-dev[bot]@users.noreply.github.com> 2025-03-06 15:39:45 +05:30			`"go.signoz.io/signoz/pkg/types"`
Create PAT supporting auth middleware 2023-02-15 23:49:03 +05:30			`)`

			`type AuthMiddleware struct {`
Fix: Multitenancy support for ORG (#7155) * fix: support multitenancy in org * fix: register and login working now * fix: changes to migration * fix: migrations run both on sqlite and postgres * fix: remove user flags from fe and be * fix: remove ingestion keys from update * fix: multitenancy support for apdex settings * fix: render ts for users correctly * fix: fix migration to run for new tenants * fix: clean up migrations * fix: address comments * Update pkg/sqlmigration/013_update_organization.go Co-authored-by: ellipsis-dev[bot] <65095814+ellipsis-dev[bot]@users.noreply.github.com> * fix: fix build * fix: force invites with org id * Update pkg/query-service/auth/auth.go Co-authored-by: ellipsis-dev[bot] <65095814+ellipsis-dev[bot]@users.noreply.github.com> * fix: address comments * fix: address comments * fix: provier with their own dialect * fix: update dialects * fix: remove unwanted change * Update pkg/query-service/app/http_handler.go Co-authored-by: ellipsis-dev[bot] <65095814+ellipsis-dev[bot]@users.noreply.github.com> * fix: different files for types --------- Co-authored-by: ellipsis-dev[bot] <65095814+ellipsis-dev[bot]@users.noreply.github.com> 2025-03-06 15:39:45 +05:30			`GetUserFromRequest func(r context.Context) (*types.GettableUser, error)`
Create PAT supporting auth middleware 2023-02-15 23:49:03 +05:30			`}`

Fix: Multitenancy support for ORG (#7155) * fix: support multitenancy in org * fix: register and login working now * fix: changes to migration * fix: migrations run both on sqlite and postgres * fix: remove user flags from fe and be * fix: remove ingestion keys from update * fix: multitenancy support for apdex settings * fix: render ts for users correctly * fix: fix migration to run for new tenants * fix: clean up migrations * fix: address comments * Update pkg/sqlmigration/013_update_organization.go Co-authored-by: ellipsis-dev[bot] <65095814+ellipsis-dev[bot]@users.noreply.github.com> * fix: fix build * fix: force invites with org id * Update pkg/query-service/auth/auth.go Co-authored-by: ellipsis-dev[bot] <65095814+ellipsis-dev[bot]@users.noreply.github.com> * fix: address comments * fix: address comments * fix: provier with their own dialect * fix: update dialects * fix: remove unwanted change * Update pkg/query-service/app/http_handler.go Co-authored-by: ellipsis-dev[bot] <65095814+ellipsis-dev[bot]@users.noreply.github.com> * fix: different files for types --------- Co-authored-by: ellipsis-dev[bot] <65095814+ellipsis-dev[bot]@users.noreply.github.com> 2025-03-06 15:39:45 +05:30			`func NewAuthMiddleware(f func(ctx context.Context) (types.GettableUser, error)) AuthMiddleware {`
Create PAT supporting auth middleware 2023-02-15 23:49:03 +05:30			`return &AuthMiddleware{`
			`GetUserFromRequest: f,`
			`}`
			`}`

			`func (am AuthMiddleware) OpenAccess(f func(http.ResponseWriter, http.Request)) http.HandlerFunc {`
			`return func(w http.ResponseWriter, r *http.Request) {`
			`f(w, r)`
			`}`
			`}`

			`func (am AuthMiddleware) ViewAccess(f func(http.ResponseWriter, http.Request)) http.HandlerFunc {`
			`return func(w http.ResponseWriter, r *http.Request) {`
fix: refactor auth package (#7110) * fix: refactor auth package * fix: minor changes * fix: refactor jwt * fix: add tests and address comments * fix: address comments * fix: add uncomitted file * fix: address comments * fix: update tests 2025-02-17 18:16:41 +05:30			`user, err := am.GetUserFromRequest(r.Context())`
Create PAT supporting auth middleware 2023-02-15 23:49:03 +05:30			`if err != nil {`
			`RespondError(w, &model.ApiError{`
			`Typ: model.ErrorUnauthorized,`
			`Err: err,`
			`}, nil)`
			`return`
			`}`

			`if !(auth.IsViewer(user) \|\| auth.IsEditor(user) \|\| auth.IsAdmin(user)) {`
			`RespondError(w, &model.ApiError{`
			`Typ: model.ErrorForbidden,`
feat: add created{By,At} , updated{By,At} to alerts/dashboards (#3754) 2023-10-17 17:50:54 +00:00			`Err: errors.New("API is accessible to viewers/editors/admins"),`
Create PAT supporting auth middleware 2023-02-15 23:49:03 +05:30			`}, nil)`
			`return`
			`}`
feat: add created{By,At} , updated{By,At} to alerts/dashboards (#3754) 2023-10-17 17:50:54 +00:00			`ctx := context.WithValue(r.Context(), constants.ContextUserKey, user)`
			`r = r.WithContext(ctx)`
Create PAT supporting auth middleware 2023-02-15 23:49:03 +05:30			`f(w, r)`
			`}`
			`}`

			`func (am AuthMiddleware) EditAccess(f func(http.ResponseWriter, http.Request)) http.HandlerFunc {`
			`return func(w http.ResponseWriter, r *http.Request) {`
fix: refactor auth package (#7110) * fix: refactor auth package * fix: minor changes * fix: refactor jwt * fix: add tests and address comments * fix: address comments * fix: add uncomitted file * fix: address comments * fix: update tests 2025-02-17 18:16:41 +05:30			`user, err := am.GetUserFromRequest(r.Context())`
Create PAT supporting auth middleware 2023-02-15 23:49:03 +05:30			`if err != nil {`
			`RespondError(w, &model.ApiError{`
			`Typ: model.ErrorUnauthorized,`
			`Err: err,`
			`}, nil)`
			`return`
			`}`
			`if !(auth.IsEditor(user) \|\| auth.IsAdmin(user)) {`
			`RespondError(w, &model.ApiError{`
			`Typ: model.ErrorForbidden,`
chore: address large number of staticcheck issues (#5176) * chore: address large number of staticcheck issues * chore: fix tests * chore: fix more issue * chore: fix options 2024-06-11 20:10:38 +05:30			`Err: errors.New("API is accessible to editors/admins"),`
Create PAT supporting auth middleware 2023-02-15 23:49:03 +05:30			`}, nil)`
			`return`
			`}`
feat: add created{By,At} , updated{By,At} to alerts/dashboards (#3754) 2023-10-17 17:50:54 +00:00			`ctx := context.WithValue(r.Context(), constants.ContextUserKey, user)`
			`r = r.WithContext(ctx)`
Create PAT supporting auth middleware 2023-02-15 23:49:03 +05:30			`f(w, r)`
			`}`
			`}`

			`func (am AuthMiddleware) SelfAccess(f func(http.ResponseWriter, http.Request)) http.HandlerFunc {`
			`return func(w http.ResponseWriter, r *http.Request) {`
fix: refactor auth package (#7110) * fix: refactor auth package * fix: minor changes * fix: refactor jwt * fix: add tests and address comments * fix: address comments * fix: add uncomitted file * fix: address comments * fix: update tests 2025-02-17 18:16:41 +05:30			`user, err := am.GetUserFromRequest(r.Context())`
Create PAT supporting auth middleware 2023-02-15 23:49:03 +05:30			`if err != nil {`
			`RespondError(w, &model.ApiError{`
			`Typ: model.ErrorUnauthorized,`
			`Err: err,`
			`}, nil)`
			`return`
			`}`
			`id := mux.Vars(r)["id"]`
			`if !(auth.IsSelfAccessRequest(user, id) \|\| auth.IsAdmin(user)) {`
			`RespondError(w, &model.ApiError{`
			`Typ: model.ErrorForbidden,`
chore: address large number of staticcheck issues (#5176) * chore: address large number of staticcheck issues * chore: fix tests * chore: fix more issue * chore: fix options 2024-06-11 20:10:38 +05:30			`Err: errors.New("API is accessible for self access or to the admins"),`
Create PAT supporting auth middleware 2023-02-15 23:49:03 +05:30			`}, nil)`
			`return`
			`}`
feat: add created{By,At} , updated{By,At} to alerts/dashboards (#3754) 2023-10-17 17:50:54 +00:00			`ctx := context.WithValue(r.Context(), constants.ContextUserKey, user)`
			`r = r.WithContext(ctx)`
Create PAT supporting auth middleware 2023-02-15 23:49:03 +05:30			`f(w, r)`
			`}`
			`}`

			`func (am AuthMiddleware) AdminAccess(f func(http.ResponseWriter, http.Request)) http.HandlerFunc {`
			`return func(w http.ResponseWriter, r *http.Request) {`
fix: refactor auth package (#7110) * fix: refactor auth package * fix: minor changes * fix: refactor jwt * fix: add tests and address comments * fix: address comments * fix: add uncomitted file * fix: address comments * fix: update tests 2025-02-17 18:16:41 +05:30			`user, err := am.GetUserFromRequest(r.Context())`
Create PAT supporting auth middleware 2023-02-15 23:49:03 +05:30			`if err != nil {`
			`RespondError(w, &model.ApiError{`
			`Typ: model.ErrorUnauthorized,`
			`Err: err,`
			`}, nil)`
			`return`
			`}`
			`if !auth.IsAdmin(user) {`
			`RespondError(w, &model.ApiError{`
			`Typ: model.ErrorForbidden,`
			`Err: errors.New("API is accessible to admins only"),`
			`}, nil)`
			`return`
			`}`
feat: add created{By,At} , updated{By,At} to alerts/dashboards (#3754) 2023-10-17 17:50:54 +00:00			`ctx := context.WithValue(r.Context(), constants.ContextUserKey, user)`
			`r = r.WithContext(ctx)`
Create PAT supporting auth middleware 2023-02-15 23:49:03 +05:30			`f(w, r)`
			`}`
			`}`