softplayer/softplayer-backend
1
0
Fork 0
Code Issues 1 Pull Requests Actions Packages Projects Releases Activity
58c1b91916
softplayer-backend/internal/controllers/accounts.go

251 lines
6.0 KiB
Go
Raw Normal View History

Init commit
2024-03-19 15:49:29 +00:00
package controllers
import (
"context"
"errors"
"fmt"
This is a combination of 4 commits. Fix the image
2024-03-19 16:20:32 +00:00
"log"
"time"
Init commit
2024-03-19 15:49:29 +00:00
"github.com/google/uuid"
"golang.org/x/crypto/bcrypt"
corev1 "k8s.io/api/core/v1"
rbacv1 "k8s.io/api/rbac/v1"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
This is a combination of 4 commits. Fix the image
2024-03-19 16:20:32 +00:00
Init commit
2024-03-19 15:49:29 +00:00
"k8s.io/apimachinery/pkg/types"
ctrl "sigs.k8s.io/controller-runtime"
This is a combination of 4 commits. Fix the image
2024-03-19 16:20:32 +00:00
"sigs.k8s.io/controller-runtime/pkg/client"
Init commit
2024-03-19 15:49:29 +00:00
)
type Account struct {
Controller ctrl.Manager
This is a combination of 4 commits. Fix the image
2024-03-19 16:20:32 +00:00
Params AccountParams
Init commit
2024-03-19 15:49:29 +00:00
Data *AccountData
This is a combination of 4 commits. Fix the image
2024-03-19 16:20:32 +00:00
Token string
Init commit
2024-03-19 15:49:29 +00:00
}
This is a combination of 4 commits. Fix the image
2024-03-19 16:20:32 +00:00
type AccountParams struct {
HashCost int16
}
Init commit
2024-03-19 15:49:29 +00:00
type AccountData struct {
Username string
Password string
Email string
UUID string
}
func HashPassword(password string) (string, error) {
This is a combination of 4 commits. Fix the image
2024-03-19 16:20:32 +00:00
bytes, err := bcrypt.GenerateFromPassword([]byte(password), 1)
Init commit
2024-03-19 15:49:29 +00:00
return string(bytes), err
}
func CheckPasswordHash(password, hash string) bool {
err := bcrypt.CompareHashAndPassword([]byte(hash), []byte(password))
return err == nil
}
This is a combination of 4 commits. Fix the image
2024-03-19 16:20:32 +00:00
func waitUntilCreated(ctx context.Context, client client.Client ,obj client.Object, attemps int, timeout time.Duration) error {
log.Printf("Waiting %d", attemps)
if err := client.Get(ctx, types.NamespacedName{
Namespace: obj.GetNamespace(),
Name: obj.GetName(),
}, obj); err != nil {
if attemps > 0 {
time.Sleep(timeout)
waitUntilCreated(ctx, client, obj, attemps - 1, timeout)
} else {
return err
}
}
return nil
}
Init commit
2024-03-19 15:49:29 +00:00
func (acc *Account) Create(ctx context.Context) error {
client := acc.Controller.GetClient()
This is a combination of 4 commits. Fix the image
2024-03-19 16:20:32 +00:00
Init commit
2024-03-19 15:49:29 +00:00
acc.Data.UUID = uuid.New().String()
This is a combination of 4 commits. Fix the image
2024-03-19 16:20:32 +00:00
log.Println(acc.Data.UUID)
Init commit
2024-03-19 15:49:29 +00:00
passwordHash, err := HashPassword(acc.Data.Password)
if err != nil {
return nil
}
This is a combination of 4 commits. Fix the image
2024-03-19 16:20:32 +00:00
Init commit
2024-03-19 15:49:29 +00:00
namespace := corev1.Namespace{
ObjectMeta: metav1.ObjectMeta{
Name: acc.Data.UUID,
},
}
This is a combination of 4 commits. Fix the image
2024-03-19 16:20:32 +00:00
Init commit
2024-03-19 15:49:29 +00:00
if err := client.Create(ctx, &namespace); err != nil {
return err
}
This is a combination of 4 commits. Fix the image
2024-03-19 16:20:32 +00:00
if err := waitUntilCreated(ctx, client, &namespace, 10, time.Millisecond * 50); err != nil {
return err
}
Init commit
2024-03-19 15:49:29 +00:00
if err := client.Get(ctx, types.NamespacedName{
Name: acc.Data.UUID,
}, &namespace); err != nil {
if err := client.Delete(ctx, &namespace); err != nil {
return err
}
return err
}
// Create a secret with the account data
secret := corev1.Secret{
ObjectMeta: metav1.ObjectMeta{
Name: acc.Data.Username,
Namespace: "softplayer-accounts",
OwnerReferences: []metav1.OwnerReference{
metav1.OwnerReference{
APIVersion: "v1",
Kind: "Namespace",
Name: acc.Data.UUID,
UID: namespace.UID,
},
},
},
StringData: map[string]string{
"uuid": acc.Data.UUID,
"email": acc.Data.Email,
"password": passwordHash,
},
}
if err := client.Create(ctx, &secret); err != nil {
if err := client.Delete(ctx, &namespace); err != nil {
return err
}
return err
}
// Create a namespace to be managed by the account
role := &rbacv1.Role{
ObjectMeta: metav1.ObjectMeta{Name: acc.Data.Username, Namespace: acc.Data.UUID},
Rules: []rbacv1.PolicyRule{{Verbs: []string{"get", "watch", "list", "create", "patch", "delete"}, APIGroups: []string{""}, Resources: []string{"configmaps", "secrets"}}},
}
if err := client.Create(ctx, role); err != nil {
if err := client.Delete(ctx, &namespace); err != nil {
return err
}
return err
}
sa := &corev1.ServiceAccount{
ObjectMeta: metav1.ObjectMeta{
Name: acc.Data.UUID,
Namespace: acc.Data.UUID,
},
}
rb := &rbacv1.RoleBinding{
ObjectMeta: metav1.ObjectMeta{
Name: acc.Data.UUID,
Namespace: acc.Data.UUID,
},
Subjects: []rbacv1.Subject{
rbacv1.Subject{
Kind: "ServiceAccount",
Name: acc.Data.UUID,
Namespace: acc.Data.UUID,
},
},
RoleRef: rbacv1.RoleRef{
APIGroup: "rbac.authorization.k8s.io",
Kind: "Role",
Name: acc.Data.Username,
},
}
if err := client.Create(ctx, rb); err != nil {
if err := client.Delete(ctx, &namespace); err != nil {
return err
}
return err
}
if err := client.Create(ctx, sa); err != nil {
if err := client.Delete(ctx, &namespace); err != nil {
return err
}
return err
}
tokenName := fmt.Sprintf("sa-%s", acc.Data.UUID)
saSec := &corev1.Secret{
ObjectMeta: metav1.ObjectMeta{
Name: tokenName,
Namespace: acc.Data.UUID,
Annotations: map[string]string{
"kubernetes.io/service-account.name": acc.Data.UUID,
},
},
Type: "kubernetes.io/service-account-token",
}
if err := client.Create(ctx, saSec); err != nil {
if err := client.Delete(ctx, &namespace); err != nil {
return err
}
return err
}
This is a combination of 4 commits. Fix the image
2024-03-19 16:20:32 +00:00
if err := waitUntilCreated(ctx, client, saSec, 10, time.Millisecond * 50); err != nil {
return err
}
Init commit
2024-03-19 15:49:29 +00:00
This is a combination of 4 commits. Fix the image
2024-03-19 16:20:32 +00:00
acc.Token, err = acc.getToken(ctx, saSec)
Init commit
2024-03-19 15:49:29 +00:00
if err != nil {
if err := client.Delete(ctx, &namespace); err != nil {
return err
}
return err
}
return nil
}
func (acc *Account) Login (ctx context.Context) error {
client := acc.Controller.GetClient()
sec := &corev1.Secret{}
if err := client.Get(ctx, types.NamespacedName{
Namespace: "softplayer-accounts",
Name: acc.Data.Username,
}, sec); err != nil {
return err
}
if !CheckPasswordHash(acc.Data.Password, string(sec.Data["password"])){
err := errors.New("wrong password")
return err
}
acc.Data.UUID = string(sec.Data["uuid"])
tokenName := fmt.Sprintf("sa-%s", acc.Data.UUID)
saSec := &corev1.Secret{
ObjectMeta: metav1.ObjectMeta{
Name: tokenName,
Namespace: acc.Data.UUID,
Annotations: map[string]string{
"kubernetes.io/service-account.name": acc.Data.UUID,
},
},
Type: "kubernetes.io/service-account-token",
}
var err error
This is a combination of 4 commits. Fix the image
2024-03-19 16:20:32 +00:00
acc.Token, err = acc.getToken(ctx, saSec)
Init commit
2024-03-19 15:49:29 +00:00
if err != nil{
return err
}
return nil
}
func (acc *Account) getToken (ctx context.Context, saSec *corev1.Secret) (string, error) {
client := acc.Controller.GetClient()
if err := client.Get(ctx, types.NamespacedName{
Namespace: acc.Data.UUID,
Name: saSec.ObjectMeta.Name,
}, saSec); err != nil {
return "", err
}
return string(saSec.Data["token"]), nil
}
This is a combination of 4 commits. Fix the image
2024-03-19 16:20:32 +00:00
Reference in New Issue Copy Permalink