Gitiles
Code Review Sign In
code.v1.dodo.cloud / pcloud / e2e31e1cd45d3eadb745af73bf6db225f6b1fbb0 / . / core / installer / welcome / dodo_app.go
blob: 7153f204f0f232b552b26ac7fddc627c028fb746 [file] [log] [blame]
gio0eaf2712024-04-14 13:08:46 +0400[diff] [blame]1package welcome
2
3import (
gio94904702024-07-26 16:58:34 +0400[diff] [blame]4 "bytes"
gio81246f02024-07-10 12:02:15 +0400[diff] [blame]5 "context"
gio23bdc1b2024-07-11 16:07:47 +0400[diff] [blame]6 "embed"
gio0eaf2712024-04-14 13:08:46 +0400[diff] [blame]7 "encoding/json"
gio9d66f322024-07-06 13:45:10 +0400[diff] [blame]8 "errors"
gio0eaf2712024-04-14 13:08:46 +0400[diff] [blame]9 "fmt"
gio23bdc1b2024-07-11 16:07:47 +0400[diff] [blame]10 "html/template"
gio0eaf2712024-04-14 13:08:46 +0400[diff] [blame]11 "io"
gio9d66f322024-07-06 13:45:10 +0400[diff] [blame]12 "io/fs"
gio0eaf2712024-04-14 13:08:46 +0400[diff] [blame]13 "net/http"
gio23bdc1b2024-07-11 16:07:47 +0400[diff] [blame]14 "slices"
gio0eaf2712024-04-14 13:08:46 +0400[diff] [blame]15 "strings"
gio9d66f322024-07-06 13:45:10 +0400[diff] [blame]16 "sync"
giocafd4e62024-07-31 10:53:40 +0400[diff] [blame]17 "time"
gio0eaf2712024-04-14 13:08:46 +0400[diff] [blame]18
Davit Tabidzea5ea5092024-08-01 15:28:09 +0400[diff] [blame]19 "golang.org/x/crypto/bcrypt"
20 "golang.org/x/exp/rand"
21
gio0eaf2712024-04-14 13:08:46 +0400[diff] [blame]22 "github.com/giolekva/pcloud/core/installer"
23 "github.com/giolekva/pcloud/core/installer/soft"
gio33059762024-07-05 13:19:07 +0400[diff] [blame]24
25 "github.com/gorilla/mux"
gio81246f02024-07-10 12:02:15 +0400[diff] [blame]26 "github.com/gorilla/securecookie"
gio0eaf2712024-04-14 13:08:46 +0400[diff] [blame]27)
28
gio23bdc1b2024-07-11 16:07:47 +0400[diff] [blame]29//go:embed dodo-app-tmpl/*
30var dodoAppTmplFS embed.FS
31
gio5e49bb62024-07-20 10:43:19 +0400[diff] [blame]32//go:embed all:app-tmpl
33var appTmplsFS embed.FS
34
gio9d66f322024-07-06 13:45:10 +0400[diff] [blame]35const (
gioa60f0de2024-07-08 10:49:48 +0400[diff] [blame]36 ConfigRepoName = "config"
giod8ab4f52024-07-26 16:58:34 +0400[diff] [blame]37 appConfigsFile = "/apps.json"
gio81246f02024-07-10 12:02:15 +0400[diff] [blame]38 loginPath = "/login"
39 logoutPath = "/logout"
gio1bf00802024-08-17 12:31:41 +0400[diff] [blame]40 staticPath = "/stat/"
gio8fae3af2024-07-25 13:43:31 +0400[diff] [blame]41 apiPublicData = "/api/public-data"
42 apiCreateApp = "/api/apps"
gio81246f02024-07-10 12:02:15 +0400[diff] [blame]43 sessionCookie = "dodo-app-session"
44 userCtx = "user"
gio9d66f322024-07-06 13:45:10 +0400[diff] [blame]45)
46
gio23bdc1b2024-07-11 16:07:47 +0400[diff] [blame]47type dodoAppTmplts struct {
gio5e49bb62024-07-20 10:43:19 +0400[diff] [blame]48 index *template.Template
49 appStatus *template.Template
gio23bdc1b2024-07-11 16:07:47 +0400[diff] [blame]50}
51
52func parseTemplatesDodoApp(fs embed.FS) (dodoAppTmplts, error) {
gio5e49bb62024-07-20 10:43:19 +0400[diff] [blame]53 base, err := template.ParseFS(fs, "dodo-app-tmpl/base.html")
gio23bdc1b2024-07-11 16:07:47 +0400[diff] [blame]54 if err != nil {
55 return dodoAppTmplts{}, err
56 }
gio5e49bb62024-07-20 10:43:19 +0400[diff] [blame]57 parse := func(path string) (*template.Template, error) {
58 if b, err := base.Clone(); err != nil {
59 return nil, err
60 } else {
61 return b.ParseFS(fs, path)
62 }
63 }
64 index, err := parse("dodo-app-tmpl/index.html")
65 if err != nil {
66 return dodoAppTmplts{}, err
67 }
68 appStatus, err := parse("dodo-app-tmpl/app_status.html")
69 if err != nil {
70 return dodoAppTmplts{}, err
71 }
72 return dodoAppTmplts{index, appStatus}, nil
gio23bdc1b2024-07-11 16:07:47 +0400[diff] [blame]73}
74
gio0eaf2712024-04-14 13:08:46 +0400[diff] [blame]75type DodoAppServer struct {
giocb34ad22024-07-11 08:01:13 +0400[diff] [blame]76 l sync.Locker
77 st Store
gio11617ac2024-07-15 16:09:04 +0400[diff] [blame]78 nf NetworkFilter
79 ug UserGetter
giocb34ad22024-07-11 08:01:13 +0400[diff] [blame]80 port int
81 apiPort int
82 self string
gio11617ac2024-07-15 16:09:04 +0400[diff] [blame]83 repoPublicAddr string
giocb34ad22024-07-11 08:01:13 +0400[diff] [blame]84 sshKey string
85 gitRepoPublicKey string
86 client soft.Client
87 namespace string
88 envAppManagerAddr string
89 env installer.EnvConfig
90 nsc installer.NamespaceCreator
91 jc installer.JobCreator
92 workers map[string]map[string]struct{}
giod8ab4f52024-07-26 16:58:34 +0400[diff] [blame]93 appConfigs map[string]appConfig
gio23bdc1b2024-07-11 16:07:47 +0400[diff] [blame]94 tmplts dodoAppTmplts
gio5e49bb62024-07-20 10:43:19 +0400[diff] [blame]95 appTmpls AppTmplStore
giocafd4e62024-07-31 10:53:40 +0400[diff] [blame]96 external bool
97 fetchUsersAddr string
giod8ab4f52024-07-26 16:58:34 +0400[diff] [blame]98}
99
100type appConfig struct {
101 Namespace string `json:"namespace"`
102 Network string `json:"network"`
gio0eaf2712024-04-14 13:08:46 +0400[diff] [blame]103}
104
gio33059762024-07-05 13:19:07 +0400[diff] [blame]105// TODO(gio): Initialize appNs on startup
gio0eaf2712024-04-14 13:08:46 +0400[diff] [blame]106func NewDodoAppServer(
gioa60f0de2024-07-08 10:49:48 +0400[diff] [blame]107 st Store,
gio11617ac2024-07-15 16:09:04 +0400[diff] [blame]108 nf NetworkFilter,
109 ug UserGetter,
gio0eaf2712024-04-14 13:08:46 +0400[diff] [blame]110 port int,
gioa60f0de2024-07-08 10:49:48 +0400[diff] [blame]111 apiPort int,
gio33059762024-07-05 13:19:07 +0400[diff] [blame]112 self string,
gio11617ac2024-07-15 16:09:04 +0400[diff] [blame]113 repoPublicAddr string,
gio0eaf2712024-04-14 13:08:46 +0400[diff] [blame]114 sshKey string,
gio33059762024-07-05 13:19:07 +0400[diff] [blame]115 gitRepoPublicKey string,
gio0eaf2712024-04-14 13:08:46 +0400[diff] [blame]116 client soft.Client,
117 namespace string,
giocb34ad22024-07-11 08:01:13 +0400[diff] [blame]118 envAppManagerAddr string,
gio33059762024-07-05 13:19:07 +0400[diff] [blame]119 nsc installer.NamespaceCreator,
giof8843412024-05-22 16:38:05 +0400[diff] [blame]120 jc installer.JobCreator,
gio0eaf2712024-04-14 13:08:46 +0400[diff] [blame]121 env installer.EnvConfig,
giocafd4e62024-07-31 10:53:40 +0400[diff] [blame]122 external bool,
123 fetchUsersAddr string,
gio9d66f322024-07-06 13:45:10 +0400[diff] [blame]124) (*DodoAppServer, error) {
gio23bdc1b2024-07-11 16:07:47 +0400[diff] [blame]125 tmplts, err := parseTemplatesDodoApp(dodoAppTmplFS)
126 if err != nil {
127 return nil, err
128 }
gio5e49bb62024-07-20 10:43:19 +0400[diff] [blame]129 apps, err := fs.Sub(appTmplsFS, "app-tmpl")
130 if err != nil {
131 return nil, err
132 }
133 appTmpls, err := NewAppTmplStoreFS(apps)
134 if err != nil {
135 return nil, err
136 }
gio9d66f322024-07-06 13:45:10 +0400[diff] [blame]137 s := &DodoAppServer{
138 &sync.Mutex{},
gioa60f0de2024-07-08 10:49:48 +0400[diff] [blame]139 st,
gio11617ac2024-07-15 16:09:04 +0400[diff] [blame]140 nf,
141 ug,
gio0eaf2712024-04-14 13:08:46 +0400[diff] [blame]142 port,
gioa60f0de2024-07-08 10:49:48 +0400[diff] [blame]143 apiPort,
gio33059762024-07-05 13:19:07 +0400[diff] [blame]144 self,
gio11617ac2024-07-15 16:09:04 +0400[diff] [blame]145 repoPublicAddr,
gio0eaf2712024-04-14 13:08:46 +0400[diff] [blame]146 sshKey,
gio33059762024-07-05 13:19:07 +0400[diff] [blame]147 gitRepoPublicKey,
gio0eaf2712024-04-14 13:08:46 +0400[diff] [blame]148 client,
149 namespace,
giocb34ad22024-07-11 08:01:13 +0400[diff] [blame]150 envAppManagerAddr,
gio0eaf2712024-04-14 13:08:46 +0400[diff] [blame]151 env,
gio33059762024-07-05 13:19:07 +0400[diff] [blame]152 nsc,
giof8843412024-05-22 16:38:05 +0400[diff] [blame]153 jc,
gio266c04f2024-07-03 14:18:45 +0400[diff] [blame]154 map[string]map[string]struct{}{},
giod8ab4f52024-07-26 16:58:34 +0400[diff] [blame]155 map[string]appConfig{},
gio23bdc1b2024-07-11 16:07:47 +0400[diff] [blame]156 tmplts,
gio5e49bb62024-07-20 10:43:19 +0400[diff] [blame]157 appTmpls,
giocafd4e62024-07-31 10:53:40 +0400[diff] [blame]158 external,
159 fetchUsersAddr,
gio0eaf2712024-04-14 13:08:46 +0400[diff] [blame]160 }
gioa60f0de2024-07-08 10:49:48 +0400[diff] [blame]161 config, err := client.GetRepo(ConfigRepoName)
gio9d66f322024-07-06 13:45:10 +0400[diff] [blame]162 if err != nil {
163 return nil, err
164 }
giod8ab4f52024-07-26 16:58:34 +0400[diff] [blame]165 r, err := config.Reader(appConfigsFile)
gio9d66f322024-07-06 13:45:10 +0400[diff] [blame]166 if err == nil {
167 defer r.Close()
giod8ab4f52024-07-26 16:58:34 +0400[diff] [blame]168 if err := json.NewDecoder(r).Decode(&s.appConfigs); err != nil {
gio9d66f322024-07-06 13:45:10 +0400[diff] [blame]169 return nil, err
170 }
171 } else if !errors.Is(err, fs.ErrNotExist) {
172 return nil, err
173 }
174 return s, nil
gio0eaf2712024-04-14 13:08:46 +0400[diff] [blame]175}
176
177func (s *DodoAppServer) Start() error {
gioa60f0de2024-07-08 10:49:48 +0400[diff] [blame]178 e := make(chan error)
179 go func() {
180 r := mux.NewRouter()
gio81246f02024-07-10 12:02:15 +0400[diff] [blame]181 r.Use(s.mwAuth)
gio1bf00802024-08-17 12:31:41 +0400[diff] [blame]182 r.PathPrefix(staticPath).Handler(cachingHandler{http.FileServer(http.FS(statAssets))})
gio81246f02024-07-10 12:02:15 +0400[diff] [blame]183 r.HandleFunc(logoutPath, s.handleLogout).Methods(http.MethodGet)
gio8fae3af2024-07-25 13:43:31 +0400[diff] [blame]184 r.HandleFunc(apiPublicData, s.handleAPIPublicData)
185 r.HandleFunc(apiCreateApp, s.handleAPICreateApp).Methods(http.MethodPost)
gio81246f02024-07-10 12:02:15 +0400[diff] [blame]186 r.HandleFunc("/{app-name}"+loginPath, s.handleLoginForm).Methods(http.MethodGet)
187 r.HandleFunc("/{app-name}"+loginPath, s.handleLogin).Methods(http.MethodPost)
188 r.HandleFunc("/{app-name}", s.handleAppStatus).Methods(http.MethodGet)
189 r.HandleFunc("/", s.handleStatus).Methods(http.MethodGet)
gio11617ac2024-07-15 16:09:04 +0400[diff] [blame]190 r.HandleFunc("/", s.handleCreateApp).Methods(http.MethodPost)
gioa60f0de2024-07-08 10:49:48 +0400[diff] [blame]191 e <- http.ListenAndServe(fmt.Sprintf(":%d", s.port), r)
192 }()
193 go func() {
194 r := mux.NewRouter()
gio8fae3af2024-07-25 13:43:31 +0400[diff] [blame]195 r.HandleFunc("/update", s.handleAPIUpdate)
196 r.HandleFunc("/api/apps/{app-name}/workers", s.handleAPIRegisterWorker).Methods(http.MethodPost)
197 r.HandleFunc("/api/add-admin-key", s.handleAPIAddAdminKey).Methods(http.MethodPost)
giocafd4e62024-07-31 10:53:40 +0400[diff] [blame]198 if !s.external {
199 r.HandleFunc("/api/sync-users", s.handleAPISyncUsers).Methods(http.MethodGet)
200 }
gioa60f0de2024-07-08 10:49:48 +0400[diff] [blame]201 e <- http.ListenAndServe(fmt.Sprintf(":%d", s.apiPort), r)
202 }()
giocafd4e62024-07-31 10:53:40 +0400[diff] [blame]203 if !s.external {
204 go func() {
Davit Tabidzea5ea5092024-08-01 15:28:09 +0400[diff] [blame]205 rand.Seed(uint64(time.Now().UnixNano()))
giocafd4e62024-07-31 10:53:40 +0400[diff] [blame]206 s.syncUsers()
207 // TODO(dtabidze): every sync delay should be randomized to avoid all client
208 // applications hitting memberships service at the same time.
209 // For every next sync new delay should be randomly generated from scratch.
210 // We can choose random delay from 1 to 2 minutes.
Davit Tabidzea5ea5092024-08-01 15:28:09 +0400[diff] [blame]211 // for range time.Tick(1 * time.Minute) {
212 // s.syncUsers()
213 // }
214 for {
215 delay := time.Duration(rand.Intn(60)+60) * time.Second
216 time.Sleep(delay)
giocafd4e62024-07-31 10:53:40 +0400[diff] [blame]217 s.syncUsers()
218 }
219 }()
220 }
gioa60f0de2024-07-08 10:49:48 +0400[diff] [blame]221 return <-e
222}
223
gio11617ac2024-07-15 16:09:04 +0400[diff] [blame]224type UserGetter interface {
225 Get(r *http.Request) string
gio8fae3af2024-07-25 13:43:31 +0400[diff] [blame]226 Encode(w http.ResponseWriter, user string) error
gio11617ac2024-07-15 16:09:04 +0400[diff] [blame]227}
228
229type externalUserGetter struct {
230 sc *securecookie.SecureCookie
231}
232
233func NewExternalUserGetter() UserGetter {
gio8fae3af2024-07-25 13:43:31 +0400[diff] [blame]234 return &externalUserGetter{securecookie.New(
235 securecookie.GenerateRandomKey(64),
236 securecookie.GenerateRandomKey(32),
237 )}
gio11617ac2024-07-15 16:09:04 +0400[diff] [blame]238}
239
240func (ug *externalUserGetter) Get(r *http.Request) string {
241 cookie, err := r.Cookie(sessionCookie)
242 if err != nil {
243 return ""
244 }
245 var user string
246 if err := ug.sc.Decode(sessionCookie, cookie.Value, &user); err != nil {
247 return ""
248 }
249 return user
250}
251
gio8fae3af2024-07-25 13:43:31 +0400[diff] [blame]252func (ug *externalUserGetter) Encode(w http.ResponseWriter, user string) error {
253 if encoded, err := ug.sc.Encode(sessionCookie, user); err == nil {
254 cookie := &http.Cookie{
255 Name: sessionCookie,
256 Value: encoded,
257 Path: "/",
258 Secure: true,
259 HttpOnly: true,
260 }
261 http.SetCookie(w, cookie)
262 return nil
263 } else {
264 return err
265 }
266}
267
gio11617ac2024-07-15 16:09:04 +0400[diff] [blame]268type internalUserGetter struct{}
269
270func NewInternalUserGetter() UserGetter {
271 return internalUserGetter{}
272}
273
274func (ug internalUserGetter) Get(r *http.Request) string {
275 return r.Header.Get("X-User")
276}
277
gio8fae3af2024-07-25 13:43:31 +0400[diff] [blame]278func (ug internalUserGetter) Encode(w http.ResponseWriter, user string) error {
279 return nil
280}
281
gio81246f02024-07-10 12:02:15 +0400[diff] [blame]282func (s *DodoAppServer) mwAuth(next http.Handler) http.Handler {
283 return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
gio8fae3af2024-07-25 13:43:31 +0400[diff] [blame]284 if strings.HasSuffix(r.URL.Path, loginPath) ||
285 strings.HasPrefix(r.URL.Path, logoutPath) ||
286 strings.HasPrefix(r.URL.Path, staticPath) ||
287 strings.HasPrefix(r.URL.Path, apiPublicData) ||
288 strings.HasPrefix(r.URL.Path, apiCreateApp) {
gio81246f02024-07-10 12:02:15 +0400[diff] [blame]289 next.ServeHTTP(w, r)
290 return
291 }
gio11617ac2024-07-15 16:09:04 +0400[diff] [blame]292 user := s.ug.Get(r)
293 if user == "" {
gio81246f02024-07-10 12:02:15 +0400[diff] [blame]294 vars := mux.Vars(r)
295 appName, ok := vars["app-name"]
296 if !ok || appName == "" {
297 http.Error(w, "missing app-name", http.StatusBadRequest)
298 return
299 }
300 http.Redirect(w, r, fmt.Sprintf("/%s%s", appName, loginPath), http.StatusSeeOther)
301 return
302 }
gio81246f02024-07-10 12:02:15 +0400[diff] [blame]303 next.ServeHTTP(w, r.WithContext(context.WithValue(r.Context(), userCtx, user)))
304 })
305}
306
307func (s *DodoAppServer) handleLogout(w http.ResponseWriter, r *http.Request) {
gio8fae3af2024-07-25 13:43:31 +0400[diff] [blame]308 // TODO(gio): move to UserGetter
gio81246f02024-07-10 12:02:15 +0400[diff] [blame]309 http.SetCookie(w, &http.Cookie{
310 Name: sessionCookie,
311 Value: "",
312 Path: "/",
313 HttpOnly: true,
314 Secure: true,
315 })
316 http.Redirect(w, r, "/", http.StatusSeeOther)
317}
318
319func (s *DodoAppServer) handleLoginForm(w http.ResponseWriter, r *http.Request) {
320 vars := mux.Vars(r)
321 appName, ok := vars["app-name"]
322 if !ok || appName == "" {
323 http.Error(w, "missing app-name", http.StatusBadRequest)
324 return
325 }
326 fmt.Fprint(w, `
327<!DOCTYPE html>
328<html lang='en'>
329 <head>
330 <title>dodo: app - login</title>
331 <meta charset='utf-8'>
332 </head>
333 <body>
334 <form action="" method="POST">
335 <input type="password" placeholder="Password" name="password" required />
336 <button type="submit">Login</button>
337 </form>
338 </body>
339</html>
340`)
341}
342
343func (s *DodoAppServer) handleLogin(w http.ResponseWriter, r *http.Request) {
344 vars := mux.Vars(r)
345 appName, ok := vars["app-name"]
346 if !ok || appName == "" {
347 http.Error(w, "missing app-name", http.StatusBadRequest)
348 return
349 }
350 password := r.FormValue("password")
351 if password == "" {
352 http.Error(w, "missing password", http.StatusBadRequest)
353 return
354 }
355 user, err := s.st.GetAppOwner(appName)
356 if err != nil {
357 http.Error(w, err.Error(), http.StatusInternalServerError)
358 return
359 }
360 hashed, err := s.st.GetUserPassword(user)
361 if err != nil {
362 http.Error(w, err.Error(), http.StatusInternalServerError)
363 return
364 }
365 if err := bcrypt.CompareHashAndPassword(hashed, []byte(password)); err != nil {
366 http.Redirect(w, r, r.URL.Path, http.StatusSeeOther)
367 return
368 }
gio8fae3af2024-07-25 13:43:31 +0400[diff] [blame]369 if err := s.ug.Encode(w, user); err != nil {
370 http.Error(w, err.Error(), http.StatusInternalServerError)
371 return
gio81246f02024-07-10 12:02:15 +0400[diff] [blame]372 }
373 http.Redirect(w, r, fmt.Sprintf("/%s", appName), http.StatusSeeOther)
374}
375
gio23bdc1b2024-07-11 16:07:47 +0400[diff] [blame]376type statusData struct {
gio11617ac2024-07-15 16:09:04 +0400[diff] [blame]377 Apps []string
378 Networks []installer.Network
gio5e49bb62024-07-20 10:43:19 +0400[diff] [blame]379 Types []string
gio23bdc1b2024-07-11 16:07:47 +0400[diff] [blame]380}
381
gioa60f0de2024-07-08 10:49:48 +0400[diff] [blame]382func (s *DodoAppServer) handleStatus(w http.ResponseWriter, r *http.Request) {
gio81246f02024-07-10 12:02:15 +0400[diff] [blame]383 user := r.Context().Value(userCtx)
384 if user == nil {
385 http.Error(w, "unauthorized", http.StatusUnauthorized)
386 return
387 }
388 apps, err := s.st.GetUserApps(user.(string))
gioa60f0de2024-07-08 10:49:48 +0400[diff] [blame]389 if err != nil {
390 http.Error(w, err.Error(), http.StatusInternalServerError)
391 return
392 }
gio11617ac2024-07-15 16:09:04 +0400[diff] [blame]393 networks, err := s.getNetworks(user.(string))
394 if err != nil {
395 http.Error(w, err.Error(), http.StatusInternalServerError)
396 return
397 }
giob54db242024-07-30 18:49:33 +0400[diff] [blame]398 var types []string
399 for _, t := range s.appTmpls.Types() {
400 types = append(types, strings.Replace(t, "-", ":", 1))
401 }
gio5e49bb62024-07-20 10:43:19 +0400[diff] [blame]402 data := statusData{apps, networks, types}
gio23bdc1b2024-07-11 16:07:47 +0400[diff] [blame]403 if err := s.tmplts.index.Execute(w, data); err != nil {
404 http.Error(w, err.Error(), http.StatusInternalServerError)
405 return
gioa60f0de2024-07-08 10:49:48 +0400[diff] [blame]406 }
407}
408
gio5e49bb62024-07-20 10:43:19 +0400[diff] [blame]409type appStatusData struct {
410 Name string
411 GitCloneCommand string
412 Commits []Commit
413}
414
gioa60f0de2024-07-08 10:49:48 +0400[diff] [blame]415func (s *DodoAppServer) handleAppStatus(w http.ResponseWriter, r *http.Request) {
416 vars := mux.Vars(r)
417 appName, ok := vars["app-name"]
418 if !ok || appName == "" {
419 http.Error(w, "missing app-name", http.StatusBadRequest)
420 return
421 }
gio94904702024-07-26 16:58:34 +0400[diff] [blame]422 u := r.Context().Value(userCtx)
423 if u == nil {
424 http.Error(w, "unauthorized", http.StatusUnauthorized)
425 return
426 }
427 user, ok := u.(string)
428 if !ok {
429 http.Error(w, "could not get user", http.StatusInternalServerError)
430 return
431 }
432 owner, err := s.st.GetAppOwner(appName)
433 if err != nil {
434 http.Error(w, err.Error(), http.StatusInternalServerError)
435 return
436 }
437 if owner != user {
438 http.Error(w, "unauthorized", http.StatusUnauthorized)
439 return
440 }
gioa60f0de2024-07-08 10:49:48 +0400[diff] [blame]441 commits, err := s.st.GetCommitHistory(appName)
442 if err != nil {
443 http.Error(w, err.Error(), http.StatusInternalServerError)
444 return
445 }
gio5e49bb62024-07-20 10:43:19 +0400[diff] [blame]446 data := appStatusData{
447 Name: appName,
448 GitCloneCommand: fmt.Sprintf("git clone %s/%s\n\n\n", s.repoPublicAddr, appName),
449 Commits: commits,
450 }
451 if err := s.tmplts.appStatus.Execute(w, data); err != nil {
452 http.Error(w, err.Error(), http.StatusInternalServerError)
453 return
gioa60f0de2024-07-08 10:49:48 +0400[diff] [blame]454 }
gio0eaf2712024-04-14 13:08:46 +0400[diff] [blame]455}
456
gio81246f02024-07-10 12:02:15 +0400[diff] [blame]457type apiUpdateReq struct {
gio266c04f2024-07-03 14:18:45 +0400[diff] [blame]458 Ref string `json:"ref"`
459 Repository struct {
460 Name string `json:"name"`
461 } `json:"repository"`
gioe2e31e12024-08-18 08:20:56 +0400[diff] [blame^]462 After string `json:"after"`
463 Commits []struct {
464 Id string `json:"id"`
465 Message string `json:"message"`
466 } `json:"commits"`
gio0eaf2712024-04-14 13:08:46 +0400[diff] [blame]467}
468
gio8fae3af2024-07-25 13:43:31 +0400[diff] [blame]469func (s *DodoAppServer) handleAPIUpdate(w http.ResponseWriter, r *http.Request) {
gio0eaf2712024-04-14 13:08:46 +0400[diff] [blame]470 fmt.Println("update")
gio81246f02024-07-10 12:02:15 +0400[diff] [blame]471 var req apiUpdateReq
gio0eaf2712024-04-14 13:08:46 +0400[diff] [blame]472 var contents strings.Builder
473 io.Copy(&contents, r.Body)
474 c := contents.String()
475 fmt.Println(c)
476 if err := json.NewDecoder(strings.NewReader(c)).Decode(&req); err != nil {
gio23bdc1b2024-07-11 16:07:47 +0400[diff] [blame]477 http.Error(w, err.Error(), http.StatusBadRequest)
gio0eaf2712024-04-14 13:08:46 +0400[diff] [blame]478 return
479 }
gioa60f0de2024-07-08 10:49:48 +0400[diff] [blame]480 if req.Ref != "refs/heads/master" || req.Repository.Name == ConfigRepoName {
gio0eaf2712024-04-14 13:08:46 +0400[diff] [blame]481 return
482 }
gioa60f0de2024-07-08 10:49:48 +0400[diff] [blame]483 // TODO(gio): Create commit record on app init as well
gio0eaf2712024-04-14 13:08:46 +0400[diff] [blame]484 go func() {
gio11617ac2024-07-15 16:09:04 +0400[diff] [blame]485 owner, err := s.st.GetAppOwner(req.Repository.Name)
486 if err != nil {
487 return
488 }
489 networks, err := s.getNetworks(owner)
giocb34ad22024-07-11 08:01:13 +0400[diff] [blame]490 if err != nil {
491 return
492 }
gio94904702024-07-26 16:58:34 +0400[diff] [blame]493 apps := installer.NewInMemoryAppRepository(installer.CreateAllApps())
494 instanceAppStatus, err := installer.FindEnvApp(apps, "dodo-app-instance-status")
495 if err != nil {
496 return
497 }
gioe2e31e12024-08-18 08:20:56 +0400[diff] [blame^]498 found := false
499 commitMsg := ""
500 for _, c := range req.Commits {
501 if c.Id == req.After {
502 found = true
503 commitMsg = c.Message
504 break
gioa60f0de2024-07-08 10:49:48 +0400[diff] [blame]505 }
506 }
gioe2e31e12024-08-18 08:20:56 +0400[diff] [blame^]507 if !found {
508 fmt.Printf("Error: could not find commit message")
509 return
510 }
511 if err := s.updateDodoApp(instanceAppStatus, req.Repository.Name, s.appConfigs[req.Repository.Name].Namespace, networks); err != nil {
512 if err := s.st.CreateCommit(req.Repository.Name, req.After, commitMsg, err.Error()); err != nil {
513 fmt.Printf("Error: %s\n", err.Error())
514 }
515 return
516 }
517 if err := s.st.CreateCommit(req.Repository.Name, req.After, commitMsg, "OK"); err != nil {
gioa60f0de2024-07-08 10:49:48 +0400[diff] [blame]518 fmt.Printf("Error: %s\n", err.Error())
519 }
520 for addr, _ := range s.workers[req.Repository.Name] {
521 go func() {
522 // TODO(gio): make port configurable
523 http.Get(fmt.Sprintf("http://%s/update", addr))
524 }()
gio0eaf2712024-04-14 13:08:46 +0400[diff] [blame]525 }
526 }()
gio0eaf2712024-04-14 13:08:46 +0400[diff] [blame]527}
528
gio81246f02024-07-10 12:02:15 +0400[diff] [blame]529type apiRegisterWorkerReq struct {
gio0eaf2712024-04-14 13:08:46 +0400[diff] [blame]530 Address string `json:"address"`
531}
532
gio8fae3af2024-07-25 13:43:31 +0400[diff] [blame]533func (s *DodoAppServer) handleAPIRegisterWorker(w http.ResponseWriter, r *http.Request) {
gioa60f0de2024-07-08 10:49:48 +0400[diff] [blame]534 vars := mux.Vars(r)
535 appName, ok := vars["app-name"]
536 if !ok || appName == "" {
537 http.Error(w, "missing app-name", http.StatusBadRequest)
538 return
539 }
gio81246f02024-07-10 12:02:15 +0400[diff] [blame]540 var req apiRegisterWorkerReq
gio0eaf2712024-04-14 13:08:46 +0400[diff] [blame]541 if err := json.NewDecoder(r.Body).Decode(&req); err != nil {
542 http.Error(w, err.Error(), http.StatusInternalServerError)
543 return
544 }
gioa60f0de2024-07-08 10:49:48 +0400[diff] [blame]545 if _, ok := s.workers[appName]; !ok {
546 s.workers[appName] = map[string]struct{}{}
gio266c04f2024-07-03 14:18:45 +0400[diff] [blame]547 }
gioa60f0de2024-07-08 10:49:48 +0400[diff] [blame]548 s.workers[appName][req.Address] = struct{}{}
gio0eaf2712024-04-14 13:08:46 +0400[diff] [blame]549}
550
gio11617ac2024-07-15 16:09:04 +0400[diff] [blame]551func (s *DodoAppServer) handleCreateApp(w http.ResponseWriter, r *http.Request) {
552 u := r.Context().Value(userCtx)
553 if u == nil {
554 http.Error(w, "unauthorized", http.StatusUnauthorized)
555 return
556 }
557 user, ok := u.(string)
558 if !ok {
559 http.Error(w, "could not get user", http.StatusInternalServerError)
560 return
561 }
562 network := r.FormValue("network")
563 if network == "" {
564 http.Error(w, "missing network", http.StatusBadRequest)
565 return
566 }
gio5e49bb62024-07-20 10:43:19 +0400[diff] [blame]567 subdomain := r.FormValue("subdomain")
568 if subdomain == "" {
569 http.Error(w, "missing subdomain", http.StatusBadRequest)
570 return
571 }
572 appType := r.FormValue("type")
573 if appType == "" {
574 http.Error(w, "missing type", http.StatusBadRequest)
575 return
576 }
gio11617ac2024-07-15 16:09:04 +0400[diff] [blame]577 g := installer.NewFixedLengthRandomNameGenerator(3)
578 appName, err := g.Generate()
579 if err != nil {
580 http.Error(w, err.Error(), http.StatusInternalServerError)
581 return
582 }
583 if ok, err := s.client.UserExists(user); err != nil {
584 http.Error(w, err.Error(), http.StatusInternalServerError)
585 return
586 } else if !ok {
giocafd4e62024-07-31 10:53:40 +0400[diff] [blame]587 http.Error(w, "user sync has not finished, please try again in few minutes", http.StatusFailedDependency)
588 return
gio11617ac2024-07-15 16:09:04 +0400[diff] [blame]589 }
giocafd4e62024-07-31 10:53:40 +0400[diff] [blame]590 if err := s.st.CreateUser(user, nil, network); err != nil && !errors.Is(err, ErrorAlreadyExists) {
gio11617ac2024-07-15 16:09:04 +0400[diff] [blame]591 http.Error(w, err.Error(), http.StatusInternalServerError)
592 return
593 }
594 if err := s.st.CreateApp(appName, user); err != nil {
595 http.Error(w, err.Error(), http.StatusInternalServerError)
596 return
597 }
giod8ab4f52024-07-26 16:58:34 +0400[diff] [blame]598 if err := s.createApp(user, appName, appType, network, subdomain); err != nil {
gio11617ac2024-07-15 16:09:04 +0400[diff] [blame]599 http.Error(w, err.Error(), http.StatusInternalServerError)
600 return
601 }
602 http.Redirect(w, r, fmt.Sprintf("/%s", appName), http.StatusSeeOther)
603}
604
gio81246f02024-07-10 12:02:15 +0400[diff] [blame]605type apiCreateAppReq struct {
gio5e49bb62024-07-20 10:43:19 +0400[diff] [blame]606 AppType string `json:"type"`
gio33059762024-07-05 13:19:07 +0400[diff] [blame]607 AdminPublicKey string `json:"adminPublicKey"`
gio11617ac2024-07-15 16:09:04 +0400[diff] [blame]608 Network string `json:"network"`
gio5e49bb62024-07-20 10:43:19 +0400[diff] [blame]609 Subdomain string `json:"subdomain"`
gio33059762024-07-05 13:19:07 +0400[diff] [blame]610}
611
gio81246f02024-07-10 12:02:15 +0400[diff] [blame]612type apiCreateAppResp struct {
613 AppName string `json:"appName"`
614 Password string `json:"password"`
gio33059762024-07-05 13:19:07 +0400[diff] [blame]615}
616
gio8fae3af2024-07-25 13:43:31 +0400[diff] [blame]617func (s *DodoAppServer) handleAPICreateApp(w http.ResponseWriter, r *http.Request) {
giod8ab4f52024-07-26 16:58:34 +0400[diff] [blame]618 w.Header().Set("Access-Control-Allow-Origin", "*")
gio81246f02024-07-10 12:02:15 +0400[diff] [blame]619 var req apiCreateAppReq
gio33059762024-07-05 13:19:07 +0400[diff] [blame]620 if err := json.NewDecoder(r.Body).Decode(&req); err != nil {
621 http.Error(w, err.Error(), http.StatusBadRequest)
622 return
623 }
624 g := installer.NewFixedLengthRandomNameGenerator(3)
625 appName, err := g.Generate()
626 if err != nil {
627 http.Error(w, err.Error(), http.StatusInternalServerError)
628 return
629 }
gio11617ac2024-07-15 16:09:04 +0400[diff] [blame]630 user, err := s.client.FindUser(req.AdminPublicKey)
gio81246f02024-07-10 12:02:15 +0400[diff] [blame]631 if err != nil {
gio33059762024-07-05 13:19:07 +0400[diff] [blame]632 http.Error(w, err.Error(), http.StatusInternalServerError)
633 return
634 }
gio11617ac2024-07-15 16:09:04 +0400[diff] [blame]635 if user != "" {
636 http.Error(w, "public key already registered", http.StatusBadRequest)
637 return
638 }
639 user = appName
640 if err := s.client.AddUser(user, req.AdminPublicKey); err != nil {
641 http.Error(w, err.Error(), http.StatusInternalServerError)
642 return
643 }
644 password := generatePassword()
645 hashed, err := bcrypt.GenerateFromPassword([]byte(password), bcrypt.DefaultCost)
646 if err != nil {
647 http.Error(w, err.Error(), http.StatusInternalServerError)
648 return
649 }
giocafd4e62024-07-31 10:53:40 +0400[diff] [blame]650 if err := s.st.CreateUser(user, hashed, req.Network); err != nil {
gio11617ac2024-07-15 16:09:04 +0400[diff] [blame]651 http.Error(w, err.Error(), http.StatusInternalServerError)
652 return
653 }
654 if err := s.st.CreateApp(appName, user); err != nil {
655 http.Error(w, err.Error(), http.StatusInternalServerError)
656 return
657 }
giod8ab4f52024-07-26 16:58:34 +0400[diff] [blame]658 if err := s.createApp(user, appName, req.AppType, req.Network, req.Subdomain); err != nil {
gio11617ac2024-07-15 16:09:04 +0400[diff] [blame]659 http.Error(w, err.Error(), http.StatusInternalServerError)
660 return
661 }
gio81246f02024-07-10 12:02:15 +0400[diff] [blame]662 resp := apiCreateAppResp{
663 AppName: appName,
664 Password: password,
665 }
gio33059762024-07-05 13:19:07 +0400[diff] [blame]666 if err := json.NewEncoder(w).Encode(resp); err != nil {
667 http.Error(w, err.Error(), http.StatusInternalServerError)
668 return
669 }
670}
671
giod8ab4f52024-07-26 16:58:34 +0400[diff] [blame]672func (s *DodoAppServer) isNetworkUseAllowed(network string) bool {
giocafd4e62024-07-31 10:53:40 +0400[diff] [blame]673 if !s.external {
giod8ab4f52024-07-26 16:58:34 +0400[diff] [blame]674 return true
675 }
676 for _, cfg := range s.appConfigs {
677 if strings.ToLower(cfg.Network) == network {
678 return false
679 }
680 }
681 return true
682}
683
684func (s *DodoAppServer) createApp(user, appName, appType, network, subdomain string) error {
gio9d66f322024-07-06 13:45:10 +0400[diff] [blame]685 s.l.Lock()
686 defer s.l.Unlock()
gio33059762024-07-05 13:19:07 +0400[diff] [blame]687 fmt.Printf("Creating app: %s\n", appName)
giod8ab4f52024-07-26 16:58:34 +0400[diff] [blame]688 network = strings.ToLower(network)
689 if !s.isNetworkUseAllowed(network) {
690 return fmt.Errorf("network already used: %s", network)
691 }
gio33059762024-07-05 13:19:07 +0400[diff] [blame]692 if ok, err := s.client.RepoExists(appName); err != nil {
gio11617ac2024-07-15 16:09:04 +0400[diff] [blame]693 return err
gio33059762024-07-05 13:19:07 +0400[diff] [blame]694 } else if ok {
gio11617ac2024-07-15 16:09:04 +0400[diff] [blame]695 return nil
gioa60f0de2024-07-08 10:49:48 +0400[diff] [blame]696 }
gio5e49bb62024-07-20 10:43:19 +0400[diff] [blame]697 networks, err := s.getNetworks(user)
698 if err != nil {
699 return err
700 }
giod8ab4f52024-07-26 16:58:34 +0400[diff] [blame]701 n, ok := installer.NetworkMap(networks)[network]
gio5e49bb62024-07-20 10:43:19 +0400[diff] [blame]702 if !ok {
703 return fmt.Errorf("network not found: %s\n", network)
704 }
gio33059762024-07-05 13:19:07 +0400[diff] [blame]705 if err := s.client.AddRepository(appName); err != nil {
gio11617ac2024-07-15 16:09:04 +0400[diff] [blame]706 return err
gio33059762024-07-05 13:19:07 +0400[diff] [blame]707 }
708 appRepo, err := s.client.GetRepo(appName)
709 if err != nil {
gio11617ac2024-07-15 16:09:04 +0400[diff] [blame]710 return err
gio33059762024-07-05 13:19:07 +0400[diff] [blame]711 }
gio5e49bb62024-07-20 10:43:19 +0400[diff] [blame]712 if err := s.initRepo(appRepo, appType, n, subdomain); err != nil {
gio11617ac2024-07-15 16:09:04 +0400[diff] [blame]713 return err
gio33059762024-07-05 13:19:07 +0400[diff] [blame]714 }
715 apps := installer.NewInMemoryAppRepository(installer.CreateAllApps())
gio94904702024-07-26 16:58:34 +0400[diff] [blame]716 instanceApp, err := installer.FindEnvApp(apps, "dodo-app-instance")
717 if err != nil {
718 return err
719 }
720 instanceAppStatus, err := installer.FindEnvApp(apps, "dodo-app-instance-status")
gio33059762024-07-05 13:19:07 +0400[diff] [blame]721 if err != nil {
gio11617ac2024-07-15 16:09:04 +0400[diff] [blame]722 return err
gio33059762024-07-05 13:19:07 +0400[diff] [blame]723 }
724 suffixGen := installer.NewFixedLengthRandomSuffixGenerator(3)
725 suffix, err := suffixGen.Generate()
726 if err != nil {
gio11617ac2024-07-15 16:09:04 +0400[diff] [blame]727 return err
gio33059762024-07-05 13:19:07 +0400[diff] [blame]728 }
gio94904702024-07-26 16:58:34 +0400[diff] [blame]729 namespace := fmt.Sprintf("%s%s%s", s.env.NamespacePrefix, instanceApp.Namespace(), suffix)
giod8ab4f52024-07-26 16:58:34 +0400[diff] [blame]730 s.appConfigs[appName] = appConfig{namespace, network}
gio94904702024-07-26 16:58:34 +0400[diff] [blame]731 if err := s.updateDodoApp(instanceAppStatus, appName, namespace, networks); err != nil {
gio11617ac2024-07-15 16:09:04 +0400[diff] [blame]732 return err
gio33059762024-07-05 13:19:07 +0400[diff] [blame]733 }
giod8ab4f52024-07-26 16:58:34 +0400[diff] [blame]734 configRepo, err := s.client.GetRepo(ConfigRepoName)
gio33059762024-07-05 13:19:07 +0400[diff] [blame]735 if err != nil {
gio11617ac2024-07-15 16:09:04 +0400[diff] [blame]736 return err
gio33059762024-07-05 13:19:07 +0400[diff] [blame]737 }
738 hf := installer.NewGitHelmFetcher()
giod8ab4f52024-07-26 16:58:34 +0400[diff] [blame]739 m, err := installer.NewAppManager(configRepo, s.nsc, s.jc, hf, "/")
gio33059762024-07-05 13:19:07 +0400[diff] [blame]740 if err != nil {
gio11617ac2024-07-15 16:09:04 +0400[diff] [blame]741 return err
gio33059762024-07-05 13:19:07 +0400[diff] [blame]742 }
giod8ab4f52024-07-26 16:58:34 +0400[diff] [blame]743 if err := configRepo.Do(func(fs soft.RepoFS) (string, error) {
744 w, err := fs.Writer(appConfigsFile)
gio9d66f322024-07-06 13:45:10 +0400[diff] [blame]745 if err != nil {
746 return "", err
747 }
748 defer w.Close()
giod8ab4f52024-07-26 16:58:34 +0400[diff] [blame]749 if err := json.NewEncoder(w).Encode(s.appConfigs); err != nil {
gio9d66f322024-07-06 13:45:10 +0400[diff] [blame]750 return "", err
751 }
752 if _, err := m.Install(
gio94904702024-07-26 16:58:34 +0400[diff] [blame]753 instanceApp,
gio9d66f322024-07-06 13:45:10 +0400[diff] [blame]754 appName,
755 "/"+appName,
756 namespace,
757 map[string]any{
758 "repoAddr": s.client.GetRepoAddress(appName),
759 "repoHost": strings.Split(s.client.Address(), ":")[0],
760 "gitRepoPublicKey": s.gitRepoPublicKey,
761 },
762 installer.WithConfig(&s.env),
gio23bdc1b2024-07-11 16:07:47 +0400[diff] [blame]763 installer.WithNoNetworks(),
gio9d66f322024-07-06 13:45:10 +0400[diff] [blame]764 installer.WithNoPublish(),
765 installer.WithNoLock(),
766 ); err != nil {
767 return "", err
768 }
769 return fmt.Sprintf("Installed app: %s", appName), nil
770 }); err != nil {
gio11617ac2024-07-15 16:09:04 +0400[diff] [blame]771 return err
gio33059762024-07-05 13:19:07 +0400[diff] [blame]772 }
773 cfg, err := m.FindInstance(appName)
774 if err != nil {
gio11617ac2024-07-15 16:09:04 +0400[diff] [blame]775 return err
gio33059762024-07-05 13:19:07 +0400[diff] [blame]776 }
777 fluxKeys, ok := cfg.Input["fluxKeys"]
778 if !ok {
gio11617ac2024-07-15 16:09:04 +0400[diff] [blame]779 return fmt.Errorf("Fluxcd keys not found")
gio33059762024-07-05 13:19:07 +0400[diff] [blame]780 }
781 fluxPublicKey, ok := fluxKeys.(map[string]any)["public"]
782 if !ok {
gio11617ac2024-07-15 16:09:04 +0400[diff] [blame]783 return fmt.Errorf("Fluxcd keys not found")
gio33059762024-07-05 13:19:07 +0400[diff] [blame]784 }
785 if ok, err := s.client.UserExists("fluxcd"); err != nil {
gio11617ac2024-07-15 16:09:04 +0400[diff] [blame]786 return err
gio33059762024-07-05 13:19:07 +0400[diff] [blame]787 } else if ok {
788 if err := s.client.AddPublicKey("fluxcd", fluxPublicKey.(string)); err != nil {
gio11617ac2024-07-15 16:09:04 +0400[diff] [blame]789 return err
gio33059762024-07-05 13:19:07 +0400[diff] [blame]790 }
791 } else {
792 if err := s.client.AddUser("fluxcd", fluxPublicKey.(string)); err != nil {
gio11617ac2024-07-15 16:09:04 +0400[diff] [blame]793 return err
gio33059762024-07-05 13:19:07 +0400[diff] [blame]794 }
795 }
796 if err := s.client.AddReadOnlyCollaborator(appName, "fluxcd"); err != nil {
gio11617ac2024-07-15 16:09:04 +0400[diff] [blame]797 return err
gio33059762024-07-05 13:19:07 +0400[diff] [blame]798 }
799 if err := s.client.AddWebhook(appName, fmt.Sprintf("http://%s/update", s.self), "--active=true", "--events=push", "--content-type=json"); err != nil {
gio11617ac2024-07-15 16:09:04 +0400[diff] [blame]800 return err
gio33059762024-07-05 13:19:07 +0400[diff] [blame]801 }
gio81246f02024-07-10 12:02:15 +0400[diff] [blame]802 if err := s.client.AddReadWriteCollaborator(appName, user); err != nil {
gio11617ac2024-07-15 16:09:04 +0400[diff] [blame]803 return err
gio33059762024-07-05 13:19:07 +0400[diff] [blame]804 }
gio2ccb6e32024-08-15 12:01:33 +0400[diff] [blame]805 if !s.external {
806 go func() {
807 users, err := s.client.GetAllUsers()
808 if err != nil {
809 fmt.Println(err)
810 return
811 }
812 for _, user := range users {
813 // TODO(gio): fluxcd should have only read access
814 if err := s.client.AddReadWriteCollaborator(appName, user); err != nil {
815 fmt.Println(err)
816 }
817 }
818 }()
819 }
gio11617ac2024-07-15 16:09:04 +0400[diff] [blame]820 return nil
gio33059762024-07-05 13:19:07 +0400[diff] [blame]821}
822
gio81246f02024-07-10 12:02:15 +0400[diff] [blame]823type apiAddAdminKeyReq struct {
gio70be3e52024-06-26 18:27:19 +0400[diff] [blame]824 Public string `json:"public"`
825}
826
gio8fae3af2024-07-25 13:43:31 +0400[diff] [blame]827func (s *DodoAppServer) handleAPIAddAdminKey(w http.ResponseWriter, r *http.Request) {
gio81246f02024-07-10 12:02:15 +0400[diff] [blame]828 var req apiAddAdminKeyReq
gio70be3e52024-06-26 18:27:19 +0400[diff] [blame]829 if err := json.NewDecoder(r.Body).Decode(&req); err != nil {
830 http.Error(w, err.Error(), http.StatusBadRequest)
831 return
832 }
833 if err := s.client.AddPublicKey("admin", req.Public); err != nil {
834 http.Error(w, err.Error(), http.StatusInternalServerError)
835 return
836 }
837}
838
gio94904702024-07-26 16:58:34 +0400[diff] [blame]839type dodoAppRendered struct {
840 App struct {
841 Ingress struct {
842 Network string `json:"network"`
843 Subdomain string `json:"subdomain"`
844 } `json:"ingress"`
845 } `json:"app"`
846 Input struct {
847 AppId string `json:"appId"`
848 } `json:"input"`
849}
850
851func (s *DodoAppServer) updateDodoApp(appStatus installer.EnvApp, name, namespace string, networks []installer.Network) error {
gio1bf00802024-08-17 12:31:41 +0400[diff] [blame]852 fmt.Println("111")
gio33059762024-07-05 13:19:07 +0400[diff] [blame]853 repo, err := s.client.GetRepo(name)
gio0eaf2712024-04-14 13:08:46 +0400[diff] [blame]854 if err != nil {
855 return err
856 }
gio1bf00802024-08-17 12:31:41 +0400[diff] [blame]857 fmt.Println("111")
giof8843412024-05-22 16:38:05 +0400[diff] [blame]858 hf := installer.NewGitHelmFetcher()
gio33059762024-07-05 13:19:07 +0400[diff] [blame]859 m, err := installer.NewAppManager(repo, s.nsc, s.jc, hf, "/.dodo")
gio0eaf2712024-04-14 13:08:46 +0400[diff] [blame]860 if err != nil {
861 return err
862 }
gio1bf00802024-08-17 12:31:41 +0400[diff] [blame]863 fmt.Println("111")
gio0eaf2712024-04-14 13:08:46 +0400[diff] [blame]864 appCfg, err := soft.ReadFile(repo, "app.cue")
gio0eaf2712024-04-14 13:08:46 +0400[diff] [blame]865 if err != nil {
866 return err
867 }
gio1bf00802024-08-17 12:31:41 +0400[diff] [blame]868 fmt.Println("111")
gio0eaf2712024-04-14 13:08:46 +0400[diff] [blame]869 app, err := installer.NewDodoApp(appCfg)
870 if err != nil {
871 return err
872 }
gio1bf00802024-08-17 12:31:41 +0400[diff] [blame]873 fmt.Println("111")
giof8843412024-05-22 16:38:05 +0400[diff] [blame]874 lg := installer.GitRepositoryLocalChartGenerator{"app", namespace}
gio94904702024-07-26 16:58:34 +0400[diff] [blame]875 return repo.Do(func(r soft.RepoFS) (string, error) {
876 res, err := m.Install(
877 app,
878 "app",
879 "/.dodo/app",
880 namespace,
881 map[string]any{
882 "repoAddr": repo.FullAddress(),
883 "managerAddr": fmt.Sprintf("http://%s", s.self),
884 "appId": name,
885 "sshPrivateKey": s.sshKey,
886 },
887 installer.WithNoPull(),
888 installer.WithNoPublish(),
889 installer.WithConfig(&s.env),
890 installer.WithNetworks(networks),
891 installer.WithLocalChartGenerator(lg),
892 installer.WithNoLock(),
893 )
gio1bf00802024-08-17 12:31:41 +0400[diff] [blame]894 fmt.Println("111")
gio94904702024-07-26 16:58:34 +0400[diff] [blame]895 if err != nil {
896 return "", err
897 }
gio1bf00802024-08-17 12:31:41 +0400[diff] [blame]898 fmt.Println("111")
gio94904702024-07-26 16:58:34 +0400[diff] [blame]899 var rendered dodoAppRendered
900 if err := json.NewDecoder(bytes.NewReader(res.RenderedRaw)).Decode(&rendered); err != nil {
901 return "", nil
902 }
gio1bf00802024-08-17 12:31:41 +0400[diff] [blame]903 fmt.Println("111")
gio94904702024-07-26 16:58:34 +0400[diff] [blame]904 if _, err := m.Install(
905 appStatus,
906 "status",
907 "/.dodo/status",
908 s.namespace,
909 map[string]any{
910 "appName": rendered.Input.AppId,
911 "network": rendered.App.Ingress.Network,
912 "appSubdomain": rendered.App.Ingress.Subdomain,
913 },
914 installer.WithNoPull(),
915 installer.WithNoPublish(),
916 installer.WithConfig(&s.env),
917 installer.WithNetworks(networks),
918 installer.WithLocalChartGenerator(lg),
919 installer.WithNoLock(),
920 ); err != nil {
921 return "", err
922 }
gio1bf00802024-08-17 12:31:41 +0400[diff] [blame]923 fmt.Println("111")
gio94904702024-07-26 16:58:34 +0400[diff] [blame]924 return "install app", nil
925 },
926 soft.WithCommitToBranch("dodo"),
927 soft.WithForce(),
928 )
gio0eaf2712024-04-14 13:08:46 +0400[diff] [blame]929}
gio33059762024-07-05 13:19:07 +0400[diff] [blame]930
gio5e49bb62024-07-20 10:43:19 +0400[diff] [blame]931func (s *DodoAppServer) initRepo(repo soft.RepoIO, appType string, network installer.Network, subdomain string) error {
giob54db242024-07-30 18:49:33 +0400[diff] [blame]932 appType = strings.Replace(appType, ":", "-", 1)
gio5e49bb62024-07-20 10:43:19 +0400[diff] [blame]933 appTmpl, err := s.appTmpls.Find(appType)
934 if err != nil {
935 return err
gio33059762024-07-05 13:19:07 +0400[diff] [blame]936 }
gio33059762024-07-05 13:19:07 +0400[diff] [blame]937 return repo.Do(func(fs soft.RepoFS) (string, error) {
gio5e49bb62024-07-20 10:43:19 +0400[diff] [blame]938 if err := appTmpl.Render(network, subdomain, repo); err != nil {
939 return "", err
gio33059762024-07-05 13:19:07 +0400[diff] [blame]940 }
gio5e49bb62024-07-20 10:43:19 +0400[diff] [blame]941 return "init", nil
gio33059762024-07-05 13:19:07 +0400[diff] [blame]942 })
943}
gio81246f02024-07-10 12:02:15 +0400[diff] [blame]944
945func generatePassword() string {
946 return "foo"
947}
giocb34ad22024-07-11 08:01:13 +0400[diff] [blame]948
gio11617ac2024-07-15 16:09:04 +0400[diff] [blame]949func (s *DodoAppServer) getNetworks(user string) ([]installer.Network, error) {
gio23bdc1b2024-07-11 16:07:47 +0400[diff] [blame]950 addr := fmt.Sprintf("%s/api/networks", s.envAppManagerAddr)
giocb34ad22024-07-11 08:01:13 +0400[diff] [blame]951 resp, err := http.Get(addr)
952 if err != nil {
953 return nil, err
954 }
gio23bdc1b2024-07-11 16:07:47 +0400[diff] [blame]955 networks := []installer.Network{}
956 if json.NewDecoder(resp.Body).Decode(&networks); err != nil {
giocb34ad22024-07-11 08:01:13 +0400[diff] [blame]957 return nil, err
958 }
gio11617ac2024-07-15 16:09:04 +0400[diff] [blame]959 return s.nf.Filter(user, networks)
960}
961
gio8fae3af2024-07-25 13:43:31 +0400[diff] [blame]962type publicNetworkData struct {
963 Name string `json:"name"`
964 Domain string `json:"domain"`
965}
966
967type publicData struct {
968 Networks []publicNetworkData `json:"networks"`
969 Types []string `json:"types"`
970}
971
972func (s *DodoAppServer) handleAPIPublicData(w http.ResponseWriter, r *http.Request) {
giod8ab4f52024-07-26 16:58:34 +0400[diff] [blame]973 w.Header().Set("Access-Control-Allow-Origin", "*")
974 s.l.Lock()
975 defer s.l.Unlock()
gio8fae3af2024-07-25 13:43:31 +0400[diff] [blame]976 networks, err := s.getNetworks("")
977 if err != nil {
978 http.Error(w, err.Error(), http.StatusInternalServerError)
979 return
980 }
981 var ret publicData
982 for _, n := range networks {
giod8ab4f52024-07-26 16:58:34 +0400[diff] [blame]983 if s.isNetworkUseAllowed(strings.ToLower(n.Name)) {
984 ret.Networks = append(ret.Networks, publicNetworkData{n.Name, n.Domain})
985 }
gio8fae3af2024-07-25 13:43:31 +0400[diff] [blame]986 }
987 for _, t := range s.appTmpls.Types() {
giob54db242024-07-30 18:49:33 +0400[diff] [blame]988 ret.Types = append(ret.Types, strings.Replace(t, "-", ":", 1))
gio8fae3af2024-07-25 13:43:31 +0400[diff] [blame]989 }
gio8fae3af2024-07-25 13:43:31 +0400[diff] [blame]990 if err := json.NewEncoder(w).Encode(ret); err != nil {
991 http.Error(w, err.Error(), http.StatusInternalServerError)
992 return
993 }
994}
995
gio11617ac2024-07-15 16:09:04 +0400[diff] [blame]996func pickNetwork(networks []installer.Network, network string) []installer.Network {
997 for _, n := range networks {
998 if n.Name == network {
999 return []installer.Network{n}
1000 }
1001 }
1002 return []installer.Network{}
1003}
1004
1005type NetworkFilter interface {
1006 Filter(user string, networks []installer.Network) ([]installer.Network, error)
1007}
1008
1009type noNetworkFilter struct{}
1010
1011func NewNoNetworkFilter() NetworkFilter {
1012 return noNetworkFilter{}
1013}
1014
gio8fae3af2024-07-25 13:43:31 +0400[diff] [blame]1015func (f noNetworkFilter) Filter(user string, networks []installer.Network) ([]installer.Network, error) {
gio11617ac2024-07-15 16:09:04 +0400[diff] [blame]1016 return networks, nil
1017}
1018
1019type filterByOwner struct {
1020 st Store
1021}
1022
1023func NewNetworkFilterByOwner(st Store) NetworkFilter {
1024 return &filterByOwner{st}
1025}
1026
1027func (f *filterByOwner) Filter(user string, networks []installer.Network) ([]installer.Network, error) {
gio8fae3af2024-07-25 13:43:31 +0400[diff] [blame]1028 if user == "" {
1029 return networks, nil
1030 }
gio11617ac2024-07-15 16:09:04 +0400[diff] [blame]1031 network, err := f.st.GetUserNetwork(user)
1032 if err != nil {
1033 return nil, err
gio23bdc1b2024-07-11 16:07:47 +0400[diff] [blame]1034 }
1035 ret := []installer.Network{}
1036 for _, n := range networks {
gio11617ac2024-07-15 16:09:04 +0400[diff] [blame]1037 if n.Name == network {
gio23bdc1b2024-07-11 16:07:47 +0400[diff] [blame]1038 ret = append(ret, n)
1039 }
1040 }
giocb34ad22024-07-11 08:01:13 +0400[diff] [blame]1041 return ret, nil
1042}
gio11617ac2024-07-15 16:09:04 +0400[diff] [blame]1043
1044type allowListFilter struct {
1045 allowed []string
1046}
1047
1048func NewAllowListFilter(allowed []string) NetworkFilter {
1049 return &allowListFilter{allowed}
1050}
1051
gio8fae3af2024-07-25 13:43:31 +0400[diff] [blame]1052func (f *allowListFilter) Filter(user string, networks []installer.Network) ([]installer.Network, error) {
gio11617ac2024-07-15 16:09:04 +0400[diff] [blame]1053 ret := []installer.Network{}
1054 for _, n := range networks {
1055 if slices.Contains(f.allowed, n.Name) {
1056 ret = append(ret, n)
1057 }
1058 }
1059 return ret, nil
1060}
1061
1062type combinedNetworkFilter struct {
1063 filters []NetworkFilter
1064}
1065
1066func NewCombinedFilter(filters ...NetworkFilter) NetworkFilter {
1067 return &combinedNetworkFilter{filters}
1068}
1069
gio8fae3af2024-07-25 13:43:31 +0400[diff] [blame]1070func (f *combinedNetworkFilter) Filter(user string, networks []installer.Network) ([]installer.Network, error) {
gio11617ac2024-07-15 16:09:04 +0400[diff] [blame]1071 ret := networks
1072 var err error
1073 for _, f := range f.filters {
gio8fae3af2024-07-25 13:43:31 +0400[diff] [blame]1074 ret, err = f.Filter(user, ret)
gio11617ac2024-07-15 16:09:04 +0400[diff] [blame]1075 if err != nil {
1076 return nil, err
1077 }
1078 }
1079 return ret, nil
1080}
giocafd4e62024-07-31 10:53:40 +0400[diff] [blame]1081
1082type user struct {
1083 Username string `json:"username"`
1084 Email string `json:"email"`
1085 SSHPublicKeys []string `json:"sshPublicKeys,omitempty"`
1086}
1087
1088func (s *DodoAppServer) handleAPISyncUsers(_ http.ResponseWriter, _ *http.Request) {
1089 go s.syncUsers()
1090}
1091
1092func (s *DodoAppServer) syncUsers() {
1093 if s.external {
1094 panic("MUST NOT REACH!")
1095 }
1096 resp, err := http.Get(fmt.Sprintf("%s?selfAddress=%s/api/sync-users", s.fetchUsersAddr, s.self))
1097 if err != nil {
1098 return
1099 }
1100 users := []user{}
1101 if err := json.NewDecoder(resp.Body).Decode(&users); err != nil {
1102 fmt.Println(err)
1103 return
1104 }
Davit Tabidzea5ea5092024-08-01 15:28:09 +0400[diff] [blame]1105 validUsernames := make(map[string]user)
1106 for _, u := range users {
1107 validUsernames[u.Username] = u
1108 }
1109 allClientUsers, err := s.client.GetAllUsers()
1110 if err != nil {
1111 fmt.Println(err)
1112 return
1113 }
1114 keyToUser := make(map[string]string)
1115 for _, clientUser := range allClientUsers {
Davit Tabidze4aaa27b2024-08-05 20:23:50 +0400[diff] [blame]1116 if clientUser == "admin" || clientUser == "fluxcd" {
1117 continue
1118 }
Davit Tabidzea5ea5092024-08-01 15:28:09 +0400[diff] [blame]1119 userData, ok := validUsernames[clientUser]
1120 if !ok {
1121 if err := s.client.RemoveUser(clientUser); err != nil {
1122 fmt.Println(err)
1123 return
1124 }
1125 } else {
1126 existingKeys, err := s.client.GetUserPublicKeys(clientUser)
1127 if err != nil {
1128 fmt.Println(err)
1129 return
1130 }
1131 for _, existingKey := range existingKeys {
Davit Tabidze4aaa27b2024-08-05 20:23:50 +0400[diff] [blame]1132 cleanKey := soft.CleanKey(existingKey)
Davit Tabidzea5ea5092024-08-01 15:28:09 +0400[diff] [blame]1133 keyOk := slices.ContainsFunc(userData.SSHPublicKeys, func(key string) bool {
Davit Tabidze4aaa27b2024-08-05 20:23:50 +0400[diff] [blame]1134 return cleanKey == soft.CleanKey(key)
Davit Tabidzea5ea5092024-08-01 15:28:09 +0400[diff] [blame]1135 })
1136 if !keyOk {
1137 if err := s.client.RemovePublicKey(clientUser, existingKey); err != nil {
1138 fmt.Println(err)
1139 }
1140 } else {
1141 keyToUser[cleanKey] = clientUser
1142 }
1143 }
1144 }
1145 }
giocafd4e62024-07-31 10:53:40 +0400[diff] [blame]1146 for _, u := range users {
Davit Tabidze4aaa27b2024-08-05 20:23:50 +0400[diff] [blame]1147 if err := s.st.CreateUser(u.Username, nil, ""); err != nil && !errors.Is(err, ErrorAlreadyExists) {
1148 fmt.Println(err)
1149 return
1150 }
giocafd4e62024-07-31 10:53:40 +0400[diff] [blame]1151 if len(u.SSHPublicKeys) == 0 {
1152 continue
1153 }
Davit Tabidzea5ea5092024-08-01 15:28:09 +0400[diff] [blame]1154 ok, err := s.client.UserExists(u.Username)
1155 if err != nil {
giocafd4e62024-07-31 10:53:40 +0400[diff] [blame]1156 fmt.Println(err)
1157 return
Davit Tabidzea5ea5092024-08-01 15:28:09 +0400[diff] [blame]1158 }
1159 if !ok {
1160 if err := s.client.AddUser(u.Username, u.SSHPublicKeys[0]); err != nil {
1161 fmt.Println(err)
1162 return
1163 }
1164 } else {
1165 for _, key := range u.SSHPublicKeys {
Davit Tabidze4aaa27b2024-08-05 20:23:50 +0400[diff] [blame]1166 cleanKey := soft.CleanKey(key)
1167 if user, ok := keyToUser[cleanKey]; ok {
1168 if u.Username != user {
1169 panic("MUST NOT REACH! IMPOSSIBLE KEY USER RECORD")
1170 }
1171 continue
Davit Tabidzea5ea5092024-08-01 15:28:09 +0400[diff] [blame]1172 }
Davit Tabidze4aaa27b2024-08-05 20:23:50 +0400[diff] [blame]1173 if err := s.client.AddPublicKey(u.Username, cleanKey); err != nil {
Davit Tabidzea5ea5092024-08-01 15:28:09 +0400[diff] [blame]1174 fmt.Println(err)
1175 return
giocafd4e62024-07-31 10:53:40 +0400[diff] [blame]1176 }
1177 }
1178 }
1179 }
1180 repos, err := s.client.GetAllRepos()
1181 if err != nil {
1182 return
1183 }
1184 for _, r := range repos {
1185 if r == ConfigRepoName {
1186 continue
1187 }
1188 for _, u := range users {
1189 if err := s.client.AddReadWriteCollaborator(r, u.Username); err != nil {
1190 fmt.Println(err)
Davit Tabidze4aaa27b2024-08-05 20:23:50 +0400[diff] [blame]1191 continue
giocafd4e62024-07-31 10:53:40 +0400[diff] [blame]1192 }
1193 }
1194 }
1195}