Gitiles
Code Review Sign In
code.v1.dodo.cloud / pcloud / 9877f292b2b037beea96dc916144feb7b8700a30 / . / core / installer / welcome / dodo_app.go
blob: b11e3a7b192247fbbd845f8615a66feb8aeab8dd [file] [log] [blame]
gio0eaf2712024-04-14 13:08:46 +0400[diff] [blame]1package welcome
2
3import (
gio94904702024-07-26 16:58:34 +0400[diff] [blame]4 "bytes"
gio81246f02024-07-10 12:02:15 +0400[diff] [blame]5 "context"
gio23bdc1b2024-07-11 16:07:47 +0400[diff] [blame]6 "embed"
gio0eaf2712024-04-14 13:08:46 +0400[diff] [blame]7 "encoding/json"
gio9d66f322024-07-06 13:45:10 +0400[diff] [blame]8 "errors"
gio0eaf2712024-04-14 13:08:46 +0400[diff] [blame]9 "fmt"
gio23bdc1b2024-07-11 16:07:47 +0400[diff] [blame]10 "html/template"
gio0eaf2712024-04-14 13:08:46 +0400[diff] [blame]11 "io"
gio9d66f322024-07-06 13:45:10 +0400[diff] [blame]12 "io/fs"
gio0eaf2712024-04-14 13:08:46 +0400[diff] [blame]13 "net/http"
gio23bdc1b2024-07-11 16:07:47 +0400[diff] [blame]14 "slices"
gio0eaf2712024-04-14 13:08:46 +0400[diff] [blame]15 "strings"
gio9d66f322024-07-06 13:45:10 +0400[diff] [blame]16 "sync"
giocafd4e62024-07-31 10:53:40 +0400[diff] [blame]17 "time"
gio0eaf2712024-04-14 13:08:46 +0400[diff] [blame]18
Davit Tabidzea5ea5092024-08-01 15:28:09 +0400[diff] [blame]19 "golang.org/x/crypto/bcrypt"
20 "golang.org/x/exp/rand"
21
gio0eaf2712024-04-14 13:08:46 +0400[diff] [blame]22 "github.com/giolekva/pcloud/core/installer"
23 "github.com/giolekva/pcloud/core/installer/soft"
gio33059762024-07-05 13:19:07 +0400[diff] [blame]24
25 "github.com/gorilla/mux"
gio81246f02024-07-10 12:02:15 +0400[diff] [blame]26 "github.com/gorilla/securecookie"
gio0eaf2712024-04-14 13:08:46 +0400[diff] [blame]27)
28
gio23bdc1b2024-07-11 16:07:47 +0400[diff] [blame]29//go:embed dodo-app-tmpl/*
30var dodoAppTmplFS embed.FS
31
gio5e49bb62024-07-20 10:43:19 +0400[diff] [blame]32//go:embed all:app-tmpl
33var appTmplsFS embed.FS
34
gio9d66f322024-07-06 13:45:10 +0400[diff] [blame]35const (
gioa60f0de2024-07-08 10:49:48 +0400[diff] [blame]36 ConfigRepoName = "config"
giod8ab4f52024-07-26 16:58:34 +0400[diff] [blame]37 appConfigsFile = "/apps.json"
gio81246f02024-07-10 12:02:15 +0400[diff] [blame]38 loginPath = "/login"
39 logoutPath = "/logout"
gio1bf00802024-08-17 12:31:41 +0400[diff] [blame]40 staticPath = "/stat/"
gio8fae3af2024-07-25 13:43:31 +0400[diff] [blame]41 apiPublicData = "/api/public-data"
42 apiCreateApp = "/api/apps"
gio81246f02024-07-10 12:02:15 +0400[diff] [blame]43 sessionCookie = "dodo-app-session"
44 userCtx = "user"
gio9d66f322024-07-06 13:45:10 +0400[diff] [blame]45)
46
gio23bdc1b2024-07-11 16:07:47 +0400[diff] [blame]47type dodoAppTmplts struct {
gio5e49bb62024-07-20 10:43:19 +0400[diff] [blame]48 index *template.Template
49 appStatus *template.Template
gio23bdc1b2024-07-11 16:07:47 +0400[diff] [blame]50}
51
52func parseTemplatesDodoApp(fs embed.FS) (dodoAppTmplts, error) {
gio5e49bb62024-07-20 10:43:19 +0400[diff] [blame]53 base, err := template.ParseFS(fs, "dodo-app-tmpl/base.html")
gio23bdc1b2024-07-11 16:07:47 +0400[diff] [blame]54 if err != nil {
55 return dodoAppTmplts{}, err
56 }
gio5e49bb62024-07-20 10:43:19 +0400[diff] [blame]57 parse := func(path string) (*template.Template, error) {
58 if b, err := base.Clone(); err != nil {
59 return nil, err
60 } else {
61 return b.ParseFS(fs, path)
62 }
63 }
64 index, err := parse("dodo-app-tmpl/index.html")
65 if err != nil {
66 return dodoAppTmplts{}, err
67 }
68 appStatus, err := parse("dodo-app-tmpl/app_status.html")
69 if err != nil {
70 return dodoAppTmplts{}, err
71 }
72 return dodoAppTmplts{index, appStatus}, nil
gio23bdc1b2024-07-11 16:07:47 +0400[diff] [blame]73}
74
gio0eaf2712024-04-14 13:08:46 +0400[diff] [blame]75type DodoAppServer struct {
giocb34ad22024-07-11 08:01:13 +0400[diff] [blame]76 l sync.Locker
77 st Store
gio11617ac2024-07-15 16:09:04 +0400[diff] [blame]78 nf NetworkFilter
79 ug UserGetter
giocb34ad22024-07-11 08:01:13 +0400[diff] [blame]80 port int
81 apiPort int
82 self string
gio11617ac2024-07-15 16:09:04 +0400[diff] [blame]83 repoPublicAddr string
giocb34ad22024-07-11 08:01:13 +0400[diff] [blame]84 sshKey string
85 gitRepoPublicKey string
86 client soft.Client
87 namespace string
88 envAppManagerAddr string
89 env installer.EnvConfig
90 nsc installer.NamespaceCreator
91 jc installer.JobCreator
92 workers map[string]map[string]struct{}
giod8ab4f52024-07-26 16:58:34 +0400[diff] [blame]93 appConfigs map[string]appConfig
gio23bdc1b2024-07-11 16:07:47 +0400[diff] [blame]94 tmplts dodoAppTmplts
gio5e49bb62024-07-20 10:43:19 +0400[diff] [blame]95 appTmpls AppTmplStore
giocafd4e62024-07-31 10:53:40 +0400[diff] [blame]96 external bool
97 fetchUsersAddr string
giod8ab4f52024-07-26 16:58:34 +0400[diff] [blame]98}
99
100type appConfig struct {
101 Namespace string `json:"namespace"`
102 Network string `json:"network"`
gio0eaf2712024-04-14 13:08:46 +0400[diff] [blame]103}
104
gio33059762024-07-05 13:19:07 +0400[diff] [blame]105// TODO(gio): Initialize appNs on startup
gio0eaf2712024-04-14 13:08:46 +0400[diff] [blame]106func NewDodoAppServer(
gioa60f0de2024-07-08 10:49:48 +0400[diff] [blame]107 st Store,
gio11617ac2024-07-15 16:09:04 +0400[diff] [blame]108 nf NetworkFilter,
109 ug UserGetter,
gio0eaf2712024-04-14 13:08:46 +0400[diff] [blame]110 port int,
gioa60f0de2024-07-08 10:49:48 +0400[diff] [blame]111 apiPort int,
gio33059762024-07-05 13:19:07 +0400[diff] [blame]112 self string,
gio11617ac2024-07-15 16:09:04 +0400[diff] [blame]113 repoPublicAddr string,
gio0eaf2712024-04-14 13:08:46 +0400[diff] [blame]114 sshKey string,
gio33059762024-07-05 13:19:07 +0400[diff] [blame]115 gitRepoPublicKey string,
gio0eaf2712024-04-14 13:08:46 +0400[diff] [blame]116 client soft.Client,
117 namespace string,
giocb34ad22024-07-11 08:01:13 +0400[diff] [blame]118 envAppManagerAddr string,
gio33059762024-07-05 13:19:07 +0400[diff] [blame]119 nsc installer.NamespaceCreator,
giof8843412024-05-22 16:38:05 +0400[diff] [blame]120 jc installer.JobCreator,
gio0eaf2712024-04-14 13:08:46 +0400[diff] [blame]121 env installer.EnvConfig,
giocafd4e62024-07-31 10:53:40 +0400[diff] [blame]122 external bool,
123 fetchUsersAddr string,
gio9d66f322024-07-06 13:45:10 +0400[diff] [blame]124) (*DodoAppServer, error) {
gio23bdc1b2024-07-11 16:07:47 +0400[diff] [blame]125 tmplts, err := parseTemplatesDodoApp(dodoAppTmplFS)
126 if err != nil {
127 return nil, err
128 }
gio5e49bb62024-07-20 10:43:19 +0400[diff] [blame]129 apps, err := fs.Sub(appTmplsFS, "app-tmpl")
130 if err != nil {
131 return nil, err
132 }
133 appTmpls, err := NewAppTmplStoreFS(apps)
134 if err != nil {
135 return nil, err
136 }
gio9d66f322024-07-06 13:45:10 +0400[diff] [blame]137 s := &DodoAppServer{
138 &sync.Mutex{},
gioa60f0de2024-07-08 10:49:48 +0400[diff] [blame]139 st,
gio11617ac2024-07-15 16:09:04 +0400[diff] [blame]140 nf,
141 ug,
gio0eaf2712024-04-14 13:08:46 +0400[diff] [blame]142 port,
gioa60f0de2024-07-08 10:49:48 +0400[diff] [blame]143 apiPort,
gio33059762024-07-05 13:19:07 +0400[diff] [blame]144 self,
gio11617ac2024-07-15 16:09:04 +0400[diff] [blame]145 repoPublicAddr,
gio0eaf2712024-04-14 13:08:46 +0400[diff] [blame]146 sshKey,
gio33059762024-07-05 13:19:07 +0400[diff] [blame]147 gitRepoPublicKey,
gio0eaf2712024-04-14 13:08:46 +0400[diff] [blame]148 client,
149 namespace,
giocb34ad22024-07-11 08:01:13 +0400[diff] [blame]150 envAppManagerAddr,
gio0eaf2712024-04-14 13:08:46 +0400[diff] [blame]151 env,
gio33059762024-07-05 13:19:07 +0400[diff] [blame]152 nsc,
giof8843412024-05-22 16:38:05 +0400[diff] [blame]153 jc,
gio266c04f2024-07-03 14:18:45 +0400[diff] [blame]154 map[string]map[string]struct{}{},
giod8ab4f52024-07-26 16:58:34 +0400[diff] [blame]155 map[string]appConfig{},
gio23bdc1b2024-07-11 16:07:47 +0400[diff] [blame]156 tmplts,
gio5e49bb62024-07-20 10:43:19 +0400[diff] [blame]157 appTmpls,
giocafd4e62024-07-31 10:53:40 +0400[diff] [blame]158 external,
159 fetchUsersAddr,
gio0eaf2712024-04-14 13:08:46 +0400[diff] [blame]160 }
gioa60f0de2024-07-08 10:49:48 +0400[diff] [blame]161 config, err := client.GetRepo(ConfigRepoName)
gio9d66f322024-07-06 13:45:10 +0400[diff] [blame]162 if err != nil {
163 return nil, err
164 }
giod8ab4f52024-07-26 16:58:34 +0400[diff] [blame]165 r, err := config.Reader(appConfigsFile)
gio9d66f322024-07-06 13:45:10 +0400[diff] [blame]166 if err == nil {
167 defer r.Close()
giod8ab4f52024-07-26 16:58:34 +0400[diff] [blame]168 if err := json.NewDecoder(r).Decode(&s.appConfigs); err != nil {
gio9d66f322024-07-06 13:45:10 +0400[diff] [blame]169 return nil, err
170 }
171 } else if !errors.Is(err, fs.ErrNotExist) {
172 return nil, err
173 }
174 return s, nil
gio0eaf2712024-04-14 13:08:46 +0400[diff] [blame]175}
176
177func (s *DodoAppServer) Start() error {
gioa60f0de2024-07-08 10:49:48 +0400[diff] [blame]178 e := make(chan error)
179 go func() {
180 r := mux.NewRouter()
gio81246f02024-07-10 12:02:15 +0400[diff] [blame]181 r.Use(s.mwAuth)
gio1bf00802024-08-17 12:31:41 +0400[diff] [blame]182 r.PathPrefix(staticPath).Handler(cachingHandler{http.FileServer(http.FS(statAssets))})
gio81246f02024-07-10 12:02:15 +0400[diff] [blame]183 r.HandleFunc(logoutPath, s.handleLogout).Methods(http.MethodGet)
gio8fae3af2024-07-25 13:43:31 +0400[diff] [blame]184 r.HandleFunc(apiPublicData, s.handleAPIPublicData)
185 r.HandleFunc(apiCreateApp, s.handleAPICreateApp).Methods(http.MethodPost)
gio81246f02024-07-10 12:02:15 +0400[diff] [blame]186 r.HandleFunc("/{app-name}"+loginPath, s.handleLoginForm).Methods(http.MethodGet)
187 r.HandleFunc("/{app-name}"+loginPath, s.handleLogin).Methods(http.MethodPost)
188 r.HandleFunc("/{app-name}", s.handleAppStatus).Methods(http.MethodGet)
189 r.HandleFunc("/", s.handleStatus).Methods(http.MethodGet)
gio11617ac2024-07-15 16:09:04 +0400[diff] [blame]190 r.HandleFunc("/", s.handleCreateApp).Methods(http.MethodPost)
gioa60f0de2024-07-08 10:49:48 +0400[diff] [blame]191 e <- http.ListenAndServe(fmt.Sprintf(":%d", s.port), r)
192 }()
193 go func() {
194 r := mux.NewRouter()
gio8fae3af2024-07-25 13:43:31 +0400[diff] [blame]195 r.HandleFunc("/update", s.handleAPIUpdate)
196 r.HandleFunc("/api/apps/{app-name}/workers", s.handleAPIRegisterWorker).Methods(http.MethodPost)
197 r.HandleFunc("/api/add-admin-key", s.handleAPIAddAdminKey).Methods(http.MethodPost)
giocafd4e62024-07-31 10:53:40 +0400[diff] [blame]198 if !s.external {
199 r.HandleFunc("/api/sync-users", s.handleAPISyncUsers).Methods(http.MethodGet)
200 }
gioa60f0de2024-07-08 10:49:48 +0400[diff] [blame]201 e <- http.ListenAndServe(fmt.Sprintf(":%d", s.apiPort), r)
202 }()
giocafd4e62024-07-31 10:53:40 +0400[diff] [blame]203 if !s.external {
204 go func() {
Davit Tabidzea5ea5092024-08-01 15:28:09 +0400[diff] [blame]205 rand.Seed(uint64(time.Now().UnixNano()))
giocafd4e62024-07-31 10:53:40 +0400[diff] [blame]206 s.syncUsers()
207 // TODO(dtabidze): every sync delay should be randomized to avoid all client
208 // applications hitting memberships service at the same time.
209 // For every next sync new delay should be randomly generated from scratch.
210 // We can choose random delay from 1 to 2 minutes.
Davit Tabidzea5ea5092024-08-01 15:28:09 +0400[diff] [blame]211 // for range time.Tick(1 * time.Minute) {
212 // s.syncUsers()
213 // }
214 for {
215 delay := time.Duration(rand.Intn(60)+60) * time.Second
216 time.Sleep(delay)
giocafd4e62024-07-31 10:53:40 +0400[diff] [blame]217 s.syncUsers()
218 }
219 }()
220 }
gioa60f0de2024-07-08 10:49:48 +0400[diff] [blame]221 return <-e
222}
223
gio11617ac2024-07-15 16:09:04 +0400[diff] [blame]224type UserGetter interface {
225 Get(r *http.Request) string
gio8fae3af2024-07-25 13:43:31 +0400[diff] [blame]226 Encode(w http.ResponseWriter, user string) error
gio11617ac2024-07-15 16:09:04 +0400[diff] [blame]227}
228
229type externalUserGetter struct {
230 sc *securecookie.SecureCookie
231}
232
233func NewExternalUserGetter() UserGetter {
gio8fae3af2024-07-25 13:43:31 +0400[diff] [blame]234 return &externalUserGetter{securecookie.New(
235 securecookie.GenerateRandomKey(64),
236 securecookie.GenerateRandomKey(32),
237 )}
gio11617ac2024-07-15 16:09:04 +0400[diff] [blame]238}
239
240func (ug *externalUserGetter) Get(r *http.Request) string {
241 cookie, err := r.Cookie(sessionCookie)
242 if err != nil {
243 return ""
244 }
245 var user string
246 if err := ug.sc.Decode(sessionCookie, cookie.Value, &user); err != nil {
247 return ""
248 }
249 return user
250}
251
gio8fae3af2024-07-25 13:43:31 +0400[diff] [blame]252func (ug *externalUserGetter) Encode(w http.ResponseWriter, user string) error {
253 if encoded, err := ug.sc.Encode(sessionCookie, user); err == nil {
254 cookie := &http.Cookie{
255 Name: sessionCookie,
256 Value: encoded,
257 Path: "/",
258 Secure: true,
259 HttpOnly: true,
260 }
261 http.SetCookie(w, cookie)
262 return nil
263 } else {
264 return err
265 }
266}
267
gio11617ac2024-07-15 16:09:04 +0400[diff] [blame]268type internalUserGetter struct{}
269
270func NewInternalUserGetter() UserGetter {
271 return internalUserGetter{}
272}
273
274func (ug internalUserGetter) Get(r *http.Request) string {
275 return r.Header.Get("X-User")
276}
277
gio8fae3af2024-07-25 13:43:31 +0400[diff] [blame]278func (ug internalUserGetter) Encode(w http.ResponseWriter, user string) error {
279 return nil
280}
281
gio81246f02024-07-10 12:02:15 +0400[diff] [blame]282func (s *DodoAppServer) mwAuth(next http.Handler) http.Handler {
283 return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
gio8fae3af2024-07-25 13:43:31 +0400[diff] [blame]284 if strings.HasSuffix(r.URL.Path, loginPath) ||
285 strings.HasPrefix(r.URL.Path, logoutPath) ||
286 strings.HasPrefix(r.URL.Path, staticPath) ||
287 strings.HasPrefix(r.URL.Path, apiPublicData) ||
288 strings.HasPrefix(r.URL.Path, apiCreateApp) {
gio81246f02024-07-10 12:02:15 +0400[diff] [blame]289 next.ServeHTTP(w, r)
290 return
291 }
gio11617ac2024-07-15 16:09:04 +0400[diff] [blame]292 user := s.ug.Get(r)
293 if user == "" {
gio81246f02024-07-10 12:02:15 +0400[diff] [blame]294 vars := mux.Vars(r)
295 appName, ok := vars["app-name"]
296 if !ok || appName == "" {
297 http.Error(w, "missing app-name", http.StatusBadRequest)
298 return
299 }
300 http.Redirect(w, r, fmt.Sprintf("/%s%s", appName, loginPath), http.StatusSeeOther)
301 return
302 }
gio81246f02024-07-10 12:02:15 +0400[diff] [blame]303 next.ServeHTTP(w, r.WithContext(context.WithValue(r.Context(), userCtx, user)))
304 })
305}
306
307func (s *DodoAppServer) handleLogout(w http.ResponseWriter, r *http.Request) {
gio8fae3af2024-07-25 13:43:31 +0400[diff] [blame]308 // TODO(gio): move to UserGetter
gio81246f02024-07-10 12:02:15 +0400[diff] [blame]309 http.SetCookie(w, &http.Cookie{
310 Name: sessionCookie,
311 Value: "",
312 Path: "/",
313 HttpOnly: true,
314 Secure: true,
315 })
316 http.Redirect(w, r, "/", http.StatusSeeOther)
317}
318
319func (s *DodoAppServer) handleLoginForm(w http.ResponseWriter, r *http.Request) {
320 vars := mux.Vars(r)
321 appName, ok := vars["app-name"]
322 if !ok || appName == "" {
323 http.Error(w, "missing app-name", http.StatusBadRequest)
324 return
325 }
326 fmt.Fprint(w, `
327<!DOCTYPE html>
328<html lang='en'>
329 <head>
330 <title>dodo: app - login</title>
331 <meta charset='utf-8'>
332 </head>
333 <body>
334 <form action="" method="POST">
335 <input type="password" placeholder="Password" name="password" required />
336 <button type="submit">Login</button>
337 </form>
338 </body>
339</html>
340`)
341}
342
343func (s *DodoAppServer) handleLogin(w http.ResponseWriter, r *http.Request) {
344 vars := mux.Vars(r)
345 appName, ok := vars["app-name"]
346 if !ok || appName == "" {
347 http.Error(w, "missing app-name", http.StatusBadRequest)
348 return
349 }
350 password := r.FormValue("password")
351 if password == "" {
352 http.Error(w, "missing password", http.StatusBadRequest)
353 return
354 }
355 user, err := s.st.GetAppOwner(appName)
356 if err != nil {
357 http.Error(w, err.Error(), http.StatusInternalServerError)
358 return
359 }
360 hashed, err := s.st.GetUserPassword(user)
361 if err != nil {
362 http.Error(w, err.Error(), http.StatusInternalServerError)
363 return
364 }
365 if err := bcrypt.CompareHashAndPassword(hashed, []byte(password)); err != nil {
366 http.Redirect(w, r, r.URL.Path, http.StatusSeeOther)
367 return
368 }
gio8fae3af2024-07-25 13:43:31 +0400[diff] [blame]369 if err := s.ug.Encode(w, user); err != nil {
370 http.Error(w, err.Error(), http.StatusInternalServerError)
371 return
gio81246f02024-07-10 12:02:15 +0400[diff] [blame]372 }
373 http.Redirect(w, r, fmt.Sprintf("/%s", appName), http.StatusSeeOther)
374}
375
gio23bdc1b2024-07-11 16:07:47 +0400[diff] [blame]376type statusData struct {
gio11617ac2024-07-15 16:09:04 +0400[diff] [blame]377 Apps []string
378 Networks []installer.Network
gio5e49bb62024-07-20 10:43:19 +0400[diff] [blame]379 Types []string
gio23bdc1b2024-07-11 16:07:47 +0400[diff] [blame]380}
381
gioa60f0de2024-07-08 10:49:48 +0400[diff] [blame]382func (s *DodoAppServer) handleStatus(w http.ResponseWriter, r *http.Request) {
gio81246f02024-07-10 12:02:15 +0400[diff] [blame]383 user := r.Context().Value(userCtx)
384 if user == nil {
385 http.Error(w, "unauthorized", http.StatusUnauthorized)
386 return
387 }
388 apps, err := s.st.GetUserApps(user.(string))
gioa60f0de2024-07-08 10:49:48 +0400[diff] [blame]389 if err != nil {
390 http.Error(w, err.Error(), http.StatusInternalServerError)
391 return
392 }
gio11617ac2024-07-15 16:09:04 +0400[diff] [blame]393 networks, err := s.getNetworks(user.(string))
394 if err != nil {
395 http.Error(w, err.Error(), http.StatusInternalServerError)
396 return
397 }
giob54db242024-07-30 18:49:33 +0400[diff] [blame]398 var types []string
399 for _, t := range s.appTmpls.Types() {
400 types = append(types, strings.Replace(t, "-", ":", 1))
401 }
gio5e49bb62024-07-20 10:43:19 +0400[diff] [blame]402 data := statusData{apps, networks, types}
gio23bdc1b2024-07-11 16:07:47 +0400[diff] [blame]403 if err := s.tmplts.index.Execute(w, data); err != nil {
404 http.Error(w, err.Error(), http.StatusInternalServerError)
405 return
gioa60f0de2024-07-08 10:49:48 +0400[diff] [blame]406 }
407}
408
gio5e49bb62024-07-20 10:43:19 +0400[diff] [blame]409type appStatusData struct {
410 Name string
411 GitCloneCommand string
412 Commits []Commit
413}
414
gioa60f0de2024-07-08 10:49:48 +0400[diff] [blame]415func (s *DodoAppServer) handleAppStatus(w http.ResponseWriter, r *http.Request) {
416 vars := mux.Vars(r)
417 appName, ok := vars["app-name"]
418 if !ok || appName == "" {
419 http.Error(w, "missing app-name", http.StatusBadRequest)
420 return
421 }
gio94904702024-07-26 16:58:34 +0400[diff] [blame]422 u := r.Context().Value(userCtx)
423 if u == nil {
424 http.Error(w, "unauthorized", http.StatusUnauthorized)
425 return
426 }
427 user, ok := u.(string)
428 if !ok {
429 http.Error(w, "could not get user", http.StatusInternalServerError)
430 return
431 }
432 owner, err := s.st.GetAppOwner(appName)
433 if err != nil {
434 http.Error(w, err.Error(), http.StatusInternalServerError)
435 return
436 }
437 if owner != user {
438 http.Error(w, "unauthorized", http.StatusUnauthorized)
439 return
440 }
gioa60f0de2024-07-08 10:49:48 +0400[diff] [blame]441 commits, err := s.st.GetCommitHistory(appName)
442 if err != nil {
443 http.Error(w, err.Error(), http.StatusInternalServerError)
444 return
445 }
gio5e49bb62024-07-20 10:43:19 +0400[diff] [blame]446 data := appStatusData{
447 Name: appName,
448 GitCloneCommand: fmt.Sprintf("git clone %s/%s\n\n\n", s.repoPublicAddr, appName),
449 Commits: commits,
450 }
451 if err := s.tmplts.appStatus.Execute(w, data); err != nil {
452 http.Error(w, err.Error(), http.StatusInternalServerError)
453 return
gioa60f0de2024-07-08 10:49:48 +0400[diff] [blame]454 }
gio0eaf2712024-04-14 13:08:46 +0400[diff] [blame]455}
456
gio81246f02024-07-10 12:02:15 +0400[diff] [blame]457type apiUpdateReq struct {
gio266c04f2024-07-03 14:18:45 +0400[diff] [blame]458 Ref string `json:"ref"`
459 Repository struct {
460 Name string `json:"name"`
461 } `json:"repository"`
gioa60f0de2024-07-08 10:49:48 +0400[diff] [blame]462 After string `json:"after"`
gio0eaf2712024-04-14 13:08:46 +0400[diff] [blame]463}
464
gio8fae3af2024-07-25 13:43:31 +0400[diff] [blame]465func (s *DodoAppServer) handleAPIUpdate(w http.ResponseWriter, r *http.Request) {
gio0eaf2712024-04-14 13:08:46 +0400[diff] [blame]466 fmt.Println("update")
gio81246f02024-07-10 12:02:15 +0400[diff] [blame]467 var req apiUpdateReq
gio0eaf2712024-04-14 13:08:46 +0400[diff] [blame]468 var contents strings.Builder
469 io.Copy(&contents, r.Body)
470 c := contents.String()
471 fmt.Println(c)
472 if err := json.NewDecoder(strings.NewReader(c)).Decode(&req); err != nil {
gio23bdc1b2024-07-11 16:07:47 +0400[diff] [blame]473 http.Error(w, err.Error(), http.StatusBadRequest)
gio0eaf2712024-04-14 13:08:46 +0400[diff] [blame]474 return
475 }
gioa60f0de2024-07-08 10:49:48 +0400[diff] [blame]476 if req.Ref != "refs/heads/master" || req.Repository.Name == ConfigRepoName {
gio0eaf2712024-04-14 13:08:46 +0400[diff] [blame]477 return
478 }
gioa60f0de2024-07-08 10:49:48 +0400[diff] [blame]479 // TODO(gio): Create commit record on app init as well
gio0eaf2712024-04-14 13:08:46 +0400[diff] [blame]480 go func() {
gio11617ac2024-07-15 16:09:04 +0400[diff] [blame]481 owner, err := s.st.GetAppOwner(req.Repository.Name)
482 if err != nil {
483 return
484 }
485 networks, err := s.getNetworks(owner)
giocb34ad22024-07-11 08:01:13 +0400[diff] [blame]486 if err != nil {
487 return
488 }
gio94904702024-07-26 16:58:34 +0400[diff] [blame]489 apps := installer.NewInMemoryAppRepository(installer.CreateAllApps())
490 instanceAppStatus, err := installer.FindEnvApp(apps, "dodo-app-instance-status")
491 if err != nil {
492 return
493 }
494 if err := s.updateDodoApp(instanceAppStatus, req.Repository.Name, s.appConfigs[req.Repository.Name].Namespace, networks); err != nil {
gioa60f0de2024-07-08 10:49:48 +0400[diff] [blame]495 if err := s.st.CreateCommit(req.Repository.Name, req.After, err.Error()); err != nil {
496 fmt.Printf("Error: %s\n", err.Error())
497 return
498 }
499 }
500 if err := s.st.CreateCommit(req.Repository.Name, req.After, "OK"); err != nil {
501 fmt.Printf("Error: %s\n", err.Error())
502 }
503 for addr, _ := range s.workers[req.Repository.Name] {
504 go func() {
505 // TODO(gio): make port configurable
506 http.Get(fmt.Sprintf("http://%s/update", addr))
507 }()
gio0eaf2712024-04-14 13:08:46 +0400[diff] [blame]508 }
509 }()
gio0eaf2712024-04-14 13:08:46 +0400[diff] [blame]510}
511
gio81246f02024-07-10 12:02:15 +0400[diff] [blame]512type apiRegisterWorkerReq struct {
gio0eaf2712024-04-14 13:08:46 +0400[diff] [blame]513 Address string `json:"address"`
514}
515
gio8fae3af2024-07-25 13:43:31 +0400[diff] [blame]516func (s *DodoAppServer) handleAPIRegisterWorker(w http.ResponseWriter, r *http.Request) {
gioa60f0de2024-07-08 10:49:48 +0400[diff] [blame]517 vars := mux.Vars(r)
518 appName, ok := vars["app-name"]
519 if !ok || appName == "" {
520 http.Error(w, "missing app-name", http.StatusBadRequest)
521 return
522 }
gio81246f02024-07-10 12:02:15 +0400[diff] [blame]523 var req apiRegisterWorkerReq
gio0eaf2712024-04-14 13:08:46 +0400[diff] [blame]524 if err := json.NewDecoder(r.Body).Decode(&req); err != nil {
525 http.Error(w, err.Error(), http.StatusInternalServerError)
526 return
527 }
gioa60f0de2024-07-08 10:49:48 +0400[diff] [blame]528 if _, ok := s.workers[appName]; !ok {
529 s.workers[appName] = map[string]struct{}{}
gio266c04f2024-07-03 14:18:45 +0400[diff] [blame]530 }
gioa60f0de2024-07-08 10:49:48 +0400[diff] [blame]531 s.workers[appName][req.Address] = struct{}{}
gio0eaf2712024-04-14 13:08:46 +0400[diff] [blame]532}
533
gio11617ac2024-07-15 16:09:04 +0400[diff] [blame]534func (s *DodoAppServer) handleCreateApp(w http.ResponseWriter, r *http.Request) {
535 u := r.Context().Value(userCtx)
536 if u == nil {
537 http.Error(w, "unauthorized", http.StatusUnauthorized)
538 return
539 }
540 user, ok := u.(string)
541 if !ok {
542 http.Error(w, "could not get user", http.StatusInternalServerError)
543 return
544 }
545 network := r.FormValue("network")
546 if network == "" {
547 http.Error(w, "missing network", http.StatusBadRequest)
548 return
549 }
gio5e49bb62024-07-20 10:43:19 +0400[diff] [blame]550 subdomain := r.FormValue("subdomain")
551 if subdomain == "" {
552 http.Error(w, "missing subdomain", http.StatusBadRequest)
553 return
554 }
555 appType := r.FormValue("type")
556 if appType == "" {
557 http.Error(w, "missing type", http.StatusBadRequest)
558 return
559 }
gio11617ac2024-07-15 16:09:04 +0400[diff] [blame]560 g := installer.NewFixedLengthRandomNameGenerator(3)
561 appName, err := g.Generate()
562 if err != nil {
563 http.Error(w, err.Error(), http.StatusInternalServerError)
564 return
565 }
566 if ok, err := s.client.UserExists(user); err != nil {
567 http.Error(w, err.Error(), http.StatusInternalServerError)
568 return
569 } else if !ok {
giocafd4e62024-07-31 10:53:40 +0400[diff] [blame]570 http.Error(w, "user sync has not finished, please try again in few minutes", http.StatusFailedDependency)
571 return
gio11617ac2024-07-15 16:09:04 +0400[diff] [blame]572 }
giocafd4e62024-07-31 10:53:40 +0400[diff] [blame]573 if err := s.st.CreateUser(user, nil, network); err != nil && !errors.Is(err, ErrorAlreadyExists) {
gio11617ac2024-07-15 16:09:04 +0400[diff] [blame]574 http.Error(w, err.Error(), http.StatusInternalServerError)
575 return
576 }
577 if err := s.st.CreateApp(appName, user); err != nil {
578 http.Error(w, err.Error(), http.StatusInternalServerError)
579 return
580 }
giod8ab4f52024-07-26 16:58:34 +0400[diff] [blame]581 if err := s.createApp(user, appName, appType, network, subdomain); err != nil {
gio11617ac2024-07-15 16:09:04 +0400[diff] [blame]582 http.Error(w, err.Error(), http.StatusInternalServerError)
583 return
584 }
585 http.Redirect(w, r, fmt.Sprintf("/%s", appName), http.StatusSeeOther)
586}
587
gio81246f02024-07-10 12:02:15 +0400[diff] [blame]588type apiCreateAppReq struct {
gio5e49bb62024-07-20 10:43:19 +0400[diff] [blame]589 AppType string `json:"type"`
gio33059762024-07-05 13:19:07 +0400[diff] [blame]590 AdminPublicKey string `json:"adminPublicKey"`
gio11617ac2024-07-15 16:09:04 +0400[diff] [blame]591 Network string `json:"network"`
gio5e49bb62024-07-20 10:43:19 +0400[diff] [blame]592 Subdomain string `json:"subdomain"`
gio33059762024-07-05 13:19:07 +0400[diff] [blame]593}
594
gio81246f02024-07-10 12:02:15 +0400[diff] [blame]595type apiCreateAppResp struct {
596 AppName string `json:"appName"`
597 Password string `json:"password"`
gio33059762024-07-05 13:19:07 +0400[diff] [blame]598}
599
gio8fae3af2024-07-25 13:43:31 +0400[diff] [blame]600func (s *DodoAppServer) handleAPICreateApp(w http.ResponseWriter, r *http.Request) {
giod8ab4f52024-07-26 16:58:34 +0400[diff] [blame]601 w.Header().Set("Access-Control-Allow-Origin", "*")
gio81246f02024-07-10 12:02:15 +0400[diff] [blame]602 var req apiCreateAppReq
gio33059762024-07-05 13:19:07 +0400[diff] [blame]603 if err := json.NewDecoder(r.Body).Decode(&req); err != nil {
604 http.Error(w, err.Error(), http.StatusBadRequest)
605 return
606 }
607 g := installer.NewFixedLengthRandomNameGenerator(3)
608 appName, err := g.Generate()
609 if err != nil {
610 http.Error(w, err.Error(), http.StatusInternalServerError)
611 return
612 }
gio11617ac2024-07-15 16:09:04 +0400[diff] [blame]613 user, err := s.client.FindUser(req.AdminPublicKey)
gio81246f02024-07-10 12:02:15 +0400[diff] [blame]614 if err != nil {
gio33059762024-07-05 13:19:07 +0400[diff] [blame]615 http.Error(w, err.Error(), http.StatusInternalServerError)
616 return
617 }
gio11617ac2024-07-15 16:09:04 +0400[diff] [blame]618 if user != "" {
619 http.Error(w, "public key already registered", http.StatusBadRequest)
620 return
621 }
622 user = appName
623 if err := s.client.AddUser(user, req.AdminPublicKey); err != nil {
624 http.Error(w, err.Error(), http.StatusInternalServerError)
625 return
626 }
627 password := generatePassword()
628 hashed, err := bcrypt.GenerateFromPassword([]byte(password), bcrypt.DefaultCost)
629 if err != nil {
630 http.Error(w, err.Error(), http.StatusInternalServerError)
631 return
632 }
giocafd4e62024-07-31 10:53:40 +0400[diff] [blame]633 if err := s.st.CreateUser(user, hashed, req.Network); err != nil {
gio11617ac2024-07-15 16:09:04 +0400[diff] [blame]634 http.Error(w, err.Error(), http.StatusInternalServerError)
635 return
636 }
637 if err := s.st.CreateApp(appName, user); err != nil {
638 http.Error(w, err.Error(), http.StatusInternalServerError)
639 return
640 }
giod8ab4f52024-07-26 16:58:34 +0400[diff] [blame]641 if err := s.createApp(user, appName, req.AppType, req.Network, req.Subdomain); err != nil {
gio11617ac2024-07-15 16:09:04 +0400[diff] [blame]642 http.Error(w, err.Error(), http.StatusInternalServerError)
643 return
644 }
gio81246f02024-07-10 12:02:15 +0400[diff] [blame]645 resp := apiCreateAppResp{
646 AppName: appName,
647 Password: password,
648 }
gio33059762024-07-05 13:19:07 +0400[diff] [blame]649 if err := json.NewEncoder(w).Encode(resp); err != nil {
650 http.Error(w, err.Error(), http.StatusInternalServerError)
651 return
652 }
653}
654
giod8ab4f52024-07-26 16:58:34 +0400[diff] [blame]655func (s *DodoAppServer) isNetworkUseAllowed(network string) bool {
giocafd4e62024-07-31 10:53:40 +0400[diff] [blame]656 if !s.external {
giod8ab4f52024-07-26 16:58:34 +0400[diff] [blame]657 return true
658 }
659 for _, cfg := range s.appConfigs {
660 if strings.ToLower(cfg.Network) == network {
661 return false
662 }
663 }
664 return true
665}
666
667func (s *DodoAppServer) createApp(user, appName, appType, network, subdomain string) error {
gio9d66f322024-07-06 13:45:10 +0400[diff] [blame]668 s.l.Lock()
669 defer s.l.Unlock()
gio33059762024-07-05 13:19:07 +0400[diff] [blame]670 fmt.Printf("Creating app: %s\n", appName)
giod8ab4f52024-07-26 16:58:34 +0400[diff] [blame]671 network = strings.ToLower(network)
672 if !s.isNetworkUseAllowed(network) {
673 return fmt.Errorf("network already used: %s", network)
674 }
gio33059762024-07-05 13:19:07 +0400[diff] [blame]675 if ok, err := s.client.RepoExists(appName); err != nil {
gio11617ac2024-07-15 16:09:04 +0400[diff] [blame]676 return err
gio33059762024-07-05 13:19:07 +0400[diff] [blame]677 } else if ok {
gio11617ac2024-07-15 16:09:04 +0400[diff] [blame]678 return nil
gioa60f0de2024-07-08 10:49:48 +0400[diff] [blame]679 }
gio5e49bb62024-07-20 10:43:19 +0400[diff] [blame]680 networks, err := s.getNetworks(user)
681 if err != nil {
682 return err
683 }
giod8ab4f52024-07-26 16:58:34 +0400[diff] [blame]684 n, ok := installer.NetworkMap(networks)[network]
gio5e49bb62024-07-20 10:43:19 +0400[diff] [blame]685 if !ok {
686 return fmt.Errorf("network not found: %s\n", network)
687 }
gio33059762024-07-05 13:19:07 +0400[diff] [blame]688 if err := s.client.AddRepository(appName); err != nil {
gio11617ac2024-07-15 16:09:04 +0400[diff] [blame]689 return err
gio33059762024-07-05 13:19:07 +0400[diff] [blame]690 }
691 appRepo, err := s.client.GetRepo(appName)
692 if err != nil {
gio11617ac2024-07-15 16:09:04 +0400[diff] [blame]693 return err
gio33059762024-07-05 13:19:07 +0400[diff] [blame]694 }
gio5e49bb62024-07-20 10:43:19 +0400[diff] [blame]695 if err := s.initRepo(appRepo, appType, n, subdomain); err != nil {
gio11617ac2024-07-15 16:09:04 +0400[diff] [blame]696 return err
gio33059762024-07-05 13:19:07 +0400[diff] [blame]697 }
698 apps := installer.NewInMemoryAppRepository(installer.CreateAllApps())
gio94904702024-07-26 16:58:34 +0400[diff] [blame]699 instanceApp, err := installer.FindEnvApp(apps, "dodo-app-instance")
700 if err != nil {
701 return err
702 }
703 instanceAppStatus, err := installer.FindEnvApp(apps, "dodo-app-instance-status")
gio33059762024-07-05 13:19:07 +0400[diff] [blame]704 if err != nil {
gio11617ac2024-07-15 16:09:04 +0400[diff] [blame]705 return err
gio33059762024-07-05 13:19:07 +0400[diff] [blame]706 }
707 suffixGen := installer.NewFixedLengthRandomSuffixGenerator(3)
708 suffix, err := suffixGen.Generate()
709 if err != nil {
gio11617ac2024-07-15 16:09:04 +0400[diff] [blame]710 return err
gio33059762024-07-05 13:19:07 +0400[diff] [blame]711 }
gio94904702024-07-26 16:58:34 +0400[diff] [blame]712 namespace := fmt.Sprintf("%s%s%s", s.env.NamespacePrefix, instanceApp.Namespace(), suffix)
giod8ab4f52024-07-26 16:58:34 +0400[diff] [blame]713 s.appConfigs[appName] = appConfig{namespace, network}
gio94904702024-07-26 16:58:34 +0400[diff] [blame]714 if err := s.updateDodoApp(instanceAppStatus, appName, namespace, networks); err != nil {
gio11617ac2024-07-15 16:09:04 +0400[diff] [blame]715 return err
gio33059762024-07-05 13:19:07 +0400[diff] [blame]716 }
giod8ab4f52024-07-26 16:58:34 +0400[diff] [blame]717 configRepo, err := s.client.GetRepo(ConfigRepoName)
gio33059762024-07-05 13:19:07 +0400[diff] [blame]718 if err != nil {
gio11617ac2024-07-15 16:09:04 +0400[diff] [blame]719 return err
gio33059762024-07-05 13:19:07 +0400[diff] [blame]720 }
721 hf := installer.NewGitHelmFetcher()
giod8ab4f52024-07-26 16:58:34 +0400[diff] [blame]722 m, err := installer.NewAppManager(configRepo, s.nsc, s.jc, hf, "/")
gio33059762024-07-05 13:19:07 +0400[diff] [blame]723 if err != nil {
gio11617ac2024-07-15 16:09:04 +0400[diff] [blame]724 return err
gio33059762024-07-05 13:19:07 +0400[diff] [blame]725 }
giod8ab4f52024-07-26 16:58:34 +0400[diff] [blame]726 if err := configRepo.Do(func(fs soft.RepoFS) (string, error) {
727 w, err := fs.Writer(appConfigsFile)
gio9d66f322024-07-06 13:45:10 +0400[diff] [blame]728 if err != nil {
729 return "", err
730 }
731 defer w.Close()
giod8ab4f52024-07-26 16:58:34 +0400[diff] [blame]732 if err := json.NewEncoder(w).Encode(s.appConfigs); err != nil {
gio9d66f322024-07-06 13:45:10 +0400[diff] [blame]733 return "", err
734 }
735 if _, err := m.Install(
gio94904702024-07-26 16:58:34 +0400[diff] [blame]736 instanceApp,
gio9d66f322024-07-06 13:45:10 +0400[diff] [blame]737 appName,
738 "/"+appName,
739 namespace,
740 map[string]any{
741 "repoAddr": s.client.GetRepoAddress(appName),
742 "repoHost": strings.Split(s.client.Address(), ":")[0],
743 "gitRepoPublicKey": s.gitRepoPublicKey,
744 },
745 installer.WithConfig(&s.env),
gio23bdc1b2024-07-11 16:07:47 +0400[diff] [blame]746 installer.WithNoNetworks(),
gio9d66f322024-07-06 13:45:10 +0400[diff] [blame]747 installer.WithNoPublish(),
748 installer.WithNoLock(),
749 ); err != nil {
750 return "", err
751 }
752 return fmt.Sprintf("Installed app: %s", appName), nil
753 }); err != nil {
gio11617ac2024-07-15 16:09:04 +0400[diff] [blame]754 return err
gio33059762024-07-05 13:19:07 +0400[diff] [blame]755 }
756 cfg, err := m.FindInstance(appName)
757 if err != nil {
gio11617ac2024-07-15 16:09:04 +0400[diff] [blame]758 return err
gio33059762024-07-05 13:19:07 +0400[diff] [blame]759 }
760 fluxKeys, ok := cfg.Input["fluxKeys"]
761 if !ok {
gio11617ac2024-07-15 16:09:04 +0400[diff] [blame]762 return fmt.Errorf("Fluxcd keys not found")
gio33059762024-07-05 13:19:07 +0400[diff] [blame]763 }
764 fluxPublicKey, ok := fluxKeys.(map[string]any)["public"]
765 if !ok {
gio11617ac2024-07-15 16:09:04 +0400[diff] [blame]766 return fmt.Errorf("Fluxcd keys not found")
gio33059762024-07-05 13:19:07 +0400[diff] [blame]767 }
768 if ok, err := s.client.UserExists("fluxcd"); err != nil {
gio11617ac2024-07-15 16:09:04 +0400[diff] [blame]769 return err
gio33059762024-07-05 13:19:07 +0400[diff] [blame]770 } else if ok {
771 if err := s.client.AddPublicKey("fluxcd", fluxPublicKey.(string)); err != nil {
gio11617ac2024-07-15 16:09:04 +0400[diff] [blame]772 return err
gio33059762024-07-05 13:19:07 +0400[diff] [blame]773 }
774 } else {
775 if err := s.client.AddUser("fluxcd", fluxPublicKey.(string)); err != nil {
gio11617ac2024-07-15 16:09:04 +0400[diff] [blame]776 return err
gio33059762024-07-05 13:19:07 +0400[diff] [blame]777 }
778 }
779 if err := s.client.AddReadOnlyCollaborator(appName, "fluxcd"); err != nil {
gio11617ac2024-07-15 16:09:04 +0400[diff] [blame]780 return err
gio33059762024-07-05 13:19:07 +0400[diff] [blame]781 }
782 if err := s.client.AddWebhook(appName, fmt.Sprintf("http://%s/update", s.self), "--active=true", "--events=push", "--content-type=json"); err != nil {
gio11617ac2024-07-15 16:09:04 +0400[diff] [blame]783 return err
gio33059762024-07-05 13:19:07 +0400[diff] [blame]784 }
gio81246f02024-07-10 12:02:15 +0400[diff] [blame]785 if err := s.client.AddReadWriteCollaborator(appName, user); err != nil {
gio11617ac2024-07-15 16:09:04 +0400[diff] [blame]786 return err
gio33059762024-07-05 13:19:07 +0400[diff] [blame]787 }
gio2ccb6e32024-08-15 12:01:33 +0400[diff] [blame]788 if !s.external {
789 go func() {
790 users, err := s.client.GetAllUsers()
791 if err != nil {
792 fmt.Println(err)
793 return
794 }
795 for _, user := range users {
796 // TODO(gio): fluxcd should have only read access
797 if err := s.client.AddReadWriteCollaborator(appName, user); err != nil {
798 fmt.Println(err)
799 }
800 }
801 }()
802 }
gio11617ac2024-07-15 16:09:04 +0400[diff] [blame]803 return nil
gio33059762024-07-05 13:19:07 +0400[diff] [blame]804}
805
gio81246f02024-07-10 12:02:15 +0400[diff] [blame]806type apiAddAdminKeyReq struct {
gio70be3e52024-06-26 18:27:19 +0400[diff] [blame]807 Public string `json:"public"`
808}
809
gio8fae3af2024-07-25 13:43:31 +0400[diff] [blame]810func (s *DodoAppServer) handleAPIAddAdminKey(w http.ResponseWriter, r *http.Request) {
gio81246f02024-07-10 12:02:15 +0400[diff] [blame]811 var req apiAddAdminKeyReq
gio70be3e52024-06-26 18:27:19 +0400[diff] [blame]812 if err := json.NewDecoder(r.Body).Decode(&req); err != nil {
813 http.Error(w, err.Error(), http.StatusBadRequest)
814 return
815 }
816 if err := s.client.AddPublicKey("admin", req.Public); err != nil {
817 http.Error(w, err.Error(), http.StatusInternalServerError)
818 return
819 }
820}
821
gio94904702024-07-26 16:58:34 +0400[diff] [blame]822type dodoAppRendered struct {
823 App struct {
824 Ingress struct {
825 Network string `json:"network"`
826 Subdomain string `json:"subdomain"`
827 } `json:"ingress"`
828 } `json:"app"`
829 Input struct {
830 AppId string `json:"appId"`
831 } `json:"input"`
832}
833
834func (s *DodoAppServer) updateDodoApp(appStatus installer.EnvApp, name, namespace string, networks []installer.Network) error {
gio1bf00802024-08-17 12:31:41 +0400[diff] [blame]835 fmt.Println("111")
gio33059762024-07-05 13:19:07 +0400[diff] [blame]836 repo, err := s.client.GetRepo(name)
gio0eaf2712024-04-14 13:08:46 +0400[diff] [blame]837 if err != nil {
838 return err
839 }
gio1bf00802024-08-17 12:31:41 +0400[diff] [blame]840 fmt.Println("111")
giof8843412024-05-22 16:38:05 +0400[diff] [blame]841 hf := installer.NewGitHelmFetcher()
gio33059762024-07-05 13:19:07 +0400[diff] [blame]842 m, err := installer.NewAppManager(repo, s.nsc, s.jc, hf, "/.dodo")
gio0eaf2712024-04-14 13:08:46 +0400[diff] [blame]843 if err != nil {
844 return err
845 }
gio1bf00802024-08-17 12:31:41 +0400[diff] [blame]846 fmt.Println("111")
gio0eaf2712024-04-14 13:08:46 +0400[diff] [blame]847 appCfg, err := soft.ReadFile(repo, "app.cue")
gio0eaf2712024-04-14 13:08:46 +0400[diff] [blame]848 if err != nil {
849 return err
850 }
gio1bf00802024-08-17 12:31:41 +0400[diff] [blame]851 fmt.Println("111")
gio0eaf2712024-04-14 13:08:46 +0400[diff] [blame]852 app, err := installer.NewDodoApp(appCfg)
853 if err != nil {
854 return err
855 }
gio1bf00802024-08-17 12:31:41 +0400[diff] [blame]856 fmt.Println("111")
giof8843412024-05-22 16:38:05 +0400[diff] [blame]857 lg := installer.GitRepositoryLocalChartGenerator{"app", namespace}
gio94904702024-07-26 16:58:34 +0400[diff] [blame]858 return repo.Do(func(r soft.RepoFS) (string, error) {
859 res, err := m.Install(
860 app,
861 "app",
862 "/.dodo/app",
863 namespace,
864 map[string]any{
865 "repoAddr": repo.FullAddress(),
866 "managerAddr": fmt.Sprintf("http://%s", s.self),
867 "appId": name,
868 "sshPrivateKey": s.sshKey,
869 },
870 installer.WithNoPull(),
871 installer.WithNoPublish(),
872 installer.WithConfig(&s.env),
873 installer.WithNetworks(networks),
874 installer.WithLocalChartGenerator(lg),
875 installer.WithNoLock(),
876 )
gio1bf00802024-08-17 12:31:41 +0400[diff] [blame]877 fmt.Println("111")
gio94904702024-07-26 16:58:34 +0400[diff] [blame]878 if err != nil {
879 return "", err
880 }
gio1bf00802024-08-17 12:31:41 +0400[diff] [blame]881 fmt.Println("111")
gio94904702024-07-26 16:58:34 +0400[diff] [blame]882 var rendered dodoAppRendered
883 if err := json.NewDecoder(bytes.NewReader(res.RenderedRaw)).Decode(&rendered); err != nil {
884 return "", nil
885 }
gio1bf00802024-08-17 12:31:41 +0400[diff] [blame]886 fmt.Println("111")
gio94904702024-07-26 16:58:34 +0400[diff] [blame]887 if _, err := m.Install(
888 appStatus,
889 "status",
890 "/.dodo/status",
891 s.namespace,
892 map[string]any{
893 "appName": rendered.Input.AppId,
894 "network": rendered.App.Ingress.Network,
895 "appSubdomain": rendered.App.Ingress.Subdomain,
896 },
897 installer.WithNoPull(),
898 installer.WithNoPublish(),
899 installer.WithConfig(&s.env),
900 installer.WithNetworks(networks),
901 installer.WithLocalChartGenerator(lg),
902 installer.WithNoLock(),
903 ); err != nil {
904 return "", err
905 }
gio1bf00802024-08-17 12:31:41 +0400[diff] [blame]906 fmt.Println("111")
gio94904702024-07-26 16:58:34 +0400[diff] [blame]907 return "install app", nil
908 },
909 soft.WithCommitToBranch("dodo"),
910 soft.WithForce(),
911 )
gio0eaf2712024-04-14 13:08:46 +0400[diff] [blame]912}
gio33059762024-07-05 13:19:07 +0400[diff] [blame]913
gio5e49bb62024-07-20 10:43:19 +0400[diff] [blame]914func (s *DodoAppServer) initRepo(repo soft.RepoIO, appType string, network installer.Network, subdomain string) error {
giob54db242024-07-30 18:49:33 +0400[diff] [blame]915 appType = strings.Replace(appType, ":", "-", 1)
gio5e49bb62024-07-20 10:43:19 +0400[diff] [blame]916 appTmpl, err := s.appTmpls.Find(appType)
917 if err != nil {
918 return err
gio33059762024-07-05 13:19:07 +0400[diff] [blame]919 }
gio33059762024-07-05 13:19:07 +0400[diff] [blame]920 return repo.Do(func(fs soft.RepoFS) (string, error) {
gio5e49bb62024-07-20 10:43:19 +0400[diff] [blame]921 if err := appTmpl.Render(network, subdomain, repo); err != nil {
922 return "", err
gio33059762024-07-05 13:19:07 +0400[diff] [blame]923 }
gio5e49bb62024-07-20 10:43:19 +0400[diff] [blame]924 return "init", nil
gio33059762024-07-05 13:19:07 +0400[diff] [blame]925 })
926}
gio81246f02024-07-10 12:02:15 +0400[diff] [blame]927
928func generatePassword() string {
929 return "foo"
930}
giocb34ad22024-07-11 08:01:13 +0400[diff] [blame]931
gio11617ac2024-07-15 16:09:04 +0400[diff] [blame]932func (s *DodoAppServer) getNetworks(user string) ([]installer.Network, error) {
gio23bdc1b2024-07-11 16:07:47 +0400[diff] [blame]933 addr := fmt.Sprintf("%s/api/networks", s.envAppManagerAddr)
giocb34ad22024-07-11 08:01:13 +0400[diff] [blame]934 resp, err := http.Get(addr)
935 if err != nil {
936 return nil, err
937 }
gio23bdc1b2024-07-11 16:07:47 +0400[diff] [blame]938 networks := []installer.Network{}
939 if json.NewDecoder(resp.Body).Decode(&networks); err != nil {
giocb34ad22024-07-11 08:01:13 +0400[diff] [blame]940 return nil, err
941 }
gio11617ac2024-07-15 16:09:04 +0400[diff] [blame]942 return s.nf.Filter(user, networks)
943}
944
gio8fae3af2024-07-25 13:43:31 +0400[diff] [blame]945type publicNetworkData struct {
946 Name string `json:"name"`
947 Domain string `json:"domain"`
948}
949
950type publicData struct {
951 Networks []publicNetworkData `json:"networks"`
952 Types []string `json:"types"`
953}
954
955func (s *DodoAppServer) handleAPIPublicData(w http.ResponseWriter, r *http.Request) {
giod8ab4f52024-07-26 16:58:34 +0400[diff] [blame]956 w.Header().Set("Access-Control-Allow-Origin", "*")
957 s.l.Lock()
958 defer s.l.Unlock()
gio8fae3af2024-07-25 13:43:31 +0400[diff] [blame]959 networks, err := s.getNetworks("")
960 if err != nil {
961 http.Error(w, err.Error(), http.StatusInternalServerError)
962 return
963 }
964 var ret publicData
965 for _, n := range networks {
giod8ab4f52024-07-26 16:58:34 +0400[diff] [blame]966 if s.isNetworkUseAllowed(strings.ToLower(n.Name)) {
967 ret.Networks = append(ret.Networks, publicNetworkData{n.Name, n.Domain})
968 }
gio8fae3af2024-07-25 13:43:31 +0400[diff] [blame]969 }
970 for _, t := range s.appTmpls.Types() {
giob54db242024-07-30 18:49:33 +0400[diff] [blame]971 ret.Types = append(ret.Types, strings.Replace(t, "-", ":", 1))
gio8fae3af2024-07-25 13:43:31 +0400[diff] [blame]972 }
gio8fae3af2024-07-25 13:43:31 +0400[diff] [blame]973 if err := json.NewEncoder(w).Encode(ret); err != nil {
974 http.Error(w, err.Error(), http.StatusInternalServerError)
975 return
976 }
977}
978
gio11617ac2024-07-15 16:09:04 +0400[diff] [blame]979func pickNetwork(networks []installer.Network, network string) []installer.Network {
980 for _, n := range networks {
981 if n.Name == network {
982 return []installer.Network{n}
983 }
984 }
985 return []installer.Network{}
986}
987
988type NetworkFilter interface {
989 Filter(user string, networks []installer.Network) ([]installer.Network, error)
990}
991
992type noNetworkFilter struct{}
993
994func NewNoNetworkFilter() NetworkFilter {
995 return noNetworkFilter{}
996}
997
gio8fae3af2024-07-25 13:43:31 +0400[diff] [blame]998func (f noNetworkFilter) Filter(user string, networks []installer.Network) ([]installer.Network, error) {
gio11617ac2024-07-15 16:09:04 +0400[diff] [blame]999 return networks, nil
1000}
1001
1002type filterByOwner struct {
1003 st Store
1004}
1005
1006func NewNetworkFilterByOwner(st Store) NetworkFilter {
1007 return &filterByOwner{st}
1008}
1009
1010func (f *filterByOwner) Filter(user string, networks []installer.Network) ([]installer.Network, error) {
gio8fae3af2024-07-25 13:43:31 +0400[diff] [blame]1011 if user == "" {
1012 return networks, nil
1013 }
gio11617ac2024-07-15 16:09:04 +0400[diff] [blame]1014 network, err := f.st.GetUserNetwork(user)
1015 if err != nil {
1016 return nil, err
gio23bdc1b2024-07-11 16:07:47 +0400[diff] [blame]1017 }
1018 ret := []installer.Network{}
1019 for _, n := range networks {
gio11617ac2024-07-15 16:09:04 +0400[diff] [blame]1020 if n.Name == network {
gio23bdc1b2024-07-11 16:07:47 +0400[diff] [blame]1021 ret = append(ret, n)
1022 }
1023 }
giocb34ad22024-07-11 08:01:13 +0400[diff] [blame]1024 return ret, nil
1025}
gio11617ac2024-07-15 16:09:04 +0400[diff] [blame]1026
1027type allowListFilter struct {
1028 allowed []string
1029}
1030
1031func NewAllowListFilter(allowed []string) NetworkFilter {
1032 return &allowListFilter{allowed}
1033}
1034
gio8fae3af2024-07-25 13:43:31 +0400[diff] [blame]1035func (f *allowListFilter) Filter(user string, networks []installer.Network) ([]installer.Network, error) {
gio11617ac2024-07-15 16:09:04 +0400[diff] [blame]1036 ret := []installer.Network{}
1037 for _, n := range networks {
1038 if slices.Contains(f.allowed, n.Name) {
1039 ret = append(ret, n)
1040 }
1041 }
1042 return ret, nil
1043}
1044
1045type combinedNetworkFilter struct {
1046 filters []NetworkFilter
1047}
1048
1049func NewCombinedFilter(filters ...NetworkFilter) NetworkFilter {
1050 return &combinedNetworkFilter{filters}
1051}
1052
gio8fae3af2024-07-25 13:43:31 +0400[diff] [blame]1053func (f *combinedNetworkFilter) Filter(user string, networks []installer.Network) ([]installer.Network, error) {
gio11617ac2024-07-15 16:09:04 +0400[diff] [blame]1054 ret := networks
1055 var err error
1056 for _, f := range f.filters {
gio8fae3af2024-07-25 13:43:31 +0400[diff] [blame]1057 ret, err = f.Filter(user, ret)
gio11617ac2024-07-15 16:09:04 +0400[diff] [blame]1058 if err != nil {
1059 return nil, err
1060 }
1061 }
1062 return ret, nil
1063}
giocafd4e62024-07-31 10:53:40 +0400[diff] [blame]1064
1065type user struct {
1066 Username string `json:"username"`
1067 Email string `json:"email"`
1068 SSHPublicKeys []string `json:"sshPublicKeys,omitempty"`
1069}
1070
1071func (s *DodoAppServer) handleAPISyncUsers(_ http.ResponseWriter, _ *http.Request) {
1072 go s.syncUsers()
1073}
1074
1075func (s *DodoAppServer) syncUsers() {
1076 if s.external {
1077 panic("MUST NOT REACH!")
1078 }
1079 resp, err := http.Get(fmt.Sprintf("%s?selfAddress=%s/api/sync-users", s.fetchUsersAddr, s.self))
1080 if err != nil {
1081 return
1082 }
1083 users := []user{}
1084 if err := json.NewDecoder(resp.Body).Decode(&users); err != nil {
1085 fmt.Println(err)
1086 return
1087 }
Davit Tabidzea5ea5092024-08-01 15:28:09 +0400[diff] [blame]1088 validUsernames := make(map[string]user)
1089 for _, u := range users {
1090 validUsernames[u.Username] = u
1091 }
1092 allClientUsers, err := s.client.GetAllUsers()
1093 if err != nil {
1094 fmt.Println(err)
1095 return
1096 }
1097 keyToUser := make(map[string]string)
1098 for _, clientUser := range allClientUsers {
Davit Tabidze4aaa27b2024-08-05 20:23:50 +0400[diff] [blame]1099 if clientUser == "admin" || clientUser == "fluxcd" {
1100 continue
1101 }
Davit Tabidzea5ea5092024-08-01 15:28:09 +0400[diff] [blame]1102 userData, ok := validUsernames[clientUser]
1103 if !ok {
1104 if err := s.client.RemoveUser(clientUser); err != nil {
1105 fmt.Println(err)
1106 return
1107 }
1108 } else {
1109 existingKeys, err := s.client.GetUserPublicKeys(clientUser)
1110 if err != nil {
1111 fmt.Println(err)
1112 return
1113 }
1114 for _, existingKey := range existingKeys {
Davit Tabidze4aaa27b2024-08-05 20:23:50 +0400[diff] [blame]1115 cleanKey := soft.CleanKey(existingKey)
Davit Tabidzea5ea5092024-08-01 15:28:09 +0400[diff] [blame]1116 keyOk := slices.ContainsFunc(userData.SSHPublicKeys, func(key string) bool {
Davit Tabidze4aaa27b2024-08-05 20:23:50 +0400[diff] [blame]1117 return cleanKey == soft.CleanKey(key)
Davit Tabidzea5ea5092024-08-01 15:28:09 +0400[diff] [blame]1118 })
1119 if !keyOk {
1120 if err := s.client.RemovePublicKey(clientUser, existingKey); err != nil {
1121 fmt.Println(err)
1122 }
1123 } else {
1124 keyToUser[cleanKey] = clientUser
1125 }
1126 }
1127 }
1128 }
giocafd4e62024-07-31 10:53:40 +0400[diff] [blame]1129 for _, u := range users {
Davit Tabidze4aaa27b2024-08-05 20:23:50 +0400[diff] [blame]1130 if err := s.st.CreateUser(u.Username, nil, ""); err != nil && !errors.Is(err, ErrorAlreadyExists) {
1131 fmt.Println(err)
1132 return
1133 }
giocafd4e62024-07-31 10:53:40 +0400[diff] [blame]1134 if len(u.SSHPublicKeys) == 0 {
1135 continue
1136 }
Davit Tabidzea5ea5092024-08-01 15:28:09 +0400[diff] [blame]1137 ok, err := s.client.UserExists(u.Username)
1138 if err != nil {
giocafd4e62024-07-31 10:53:40 +0400[diff] [blame]1139 fmt.Println(err)
1140 return
Davit Tabidzea5ea5092024-08-01 15:28:09 +0400[diff] [blame]1141 }
1142 if !ok {
1143 if err := s.client.AddUser(u.Username, u.SSHPublicKeys[0]); err != nil {
1144 fmt.Println(err)
1145 return
1146 }
1147 } else {
1148 for _, key := range u.SSHPublicKeys {
Davit Tabidze4aaa27b2024-08-05 20:23:50 +0400[diff] [blame]1149 cleanKey := soft.CleanKey(key)
1150 if user, ok := keyToUser[cleanKey]; ok {
1151 if u.Username != user {
1152 panic("MUST NOT REACH! IMPOSSIBLE KEY USER RECORD")
1153 }
1154 continue
Davit Tabidzea5ea5092024-08-01 15:28:09 +0400[diff] [blame]1155 }
Davit Tabidze4aaa27b2024-08-05 20:23:50 +0400[diff] [blame]1156 if err := s.client.AddPublicKey(u.Username, cleanKey); err != nil {
Davit Tabidzea5ea5092024-08-01 15:28:09 +0400[diff] [blame]1157 fmt.Println(err)
1158 return
giocafd4e62024-07-31 10:53:40 +0400[diff] [blame]1159 }
1160 }
1161 }
1162 }
1163 repos, err := s.client.GetAllRepos()
1164 if err != nil {
1165 return
1166 }
1167 for _, r := range repos {
1168 if r == ConfigRepoName {
1169 continue
1170 }
1171 for _, u := range users {
1172 if err := s.client.AddReadWriteCollaborator(r, u.Username); err != nil {
1173 fmt.Println(err)
Davit Tabidze4aaa27b2024-08-05 20:23:50 +0400[diff] [blame]1174 continue
giocafd4e62024-07-31 10:53:40 +0400[diff] [blame]1175 }
1176 }
1177 }
1178}