WIP: Something is going on
This commit is contained in:
@@ -7,8 +7,8 @@ import (
|
||||
"log"
|
||||
"time"
|
||||
|
||||
"git.badhouseplants.net/softplayer/softplayer-backend/internal/helpers/hash"
|
||||
"github.com/google/uuid"
|
||||
"golang.org/x/crypto/bcrypt"
|
||||
corev1 "k8s.io/api/core/v1"
|
||||
rbacv1 "k8s.io/api/rbac/v1"
|
||||
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
||||
@@ -20,14 +20,15 @@ import (
|
||||
|
||||
type Account struct {
|
||||
Controller ctrl.Manager
|
||||
Params AccountParams
|
||||
Params AccountParams
|
||||
Data *AccountData
|
||||
Token string
|
||||
Token string
|
||||
}
|
||||
|
||||
type AccountParams struct {
|
||||
HashCost int16
|
||||
}
|
||||
|
||||
type AccountData struct {
|
||||
Username string
|
||||
Password string
|
||||
@@ -35,29 +36,19 @@ type AccountData struct {
|
||||
UUID string
|
||||
}
|
||||
|
||||
func HashPassword(password string) (string, error) {
|
||||
bytes, err := bcrypt.GenerateFromPassword([]byte(password), 1)
|
||||
return string(bytes), err
|
||||
}
|
||||
|
||||
func CheckPasswordHash(password, hash string) bool {
|
||||
err := bcrypt.CompareHashAndPassword([]byte(hash), []byte(password))
|
||||
return err == nil
|
||||
}
|
||||
|
||||
func waitUntilCreated(ctx context.Context, client client.Client ,obj client.Object, attemps int, timeout time.Duration) error {
|
||||
func waitUntilCreated(ctx context.Context, client client.Client, obj client.Object, attemps int, timeout time.Duration) error {
|
||||
log.Printf("Waiting %d", attemps)
|
||||
if err := client.Get(ctx, types.NamespacedName{
|
||||
Namespace: obj.GetNamespace(),
|
||||
Name: obj.GetName(),
|
||||
Name: obj.GetName(),
|
||||
}, obj); err != nil {
|
||||
if attemps > 0 {
|
||||
time.Sleep(timeout)
|
||||
waitUntilCreated(ctx, client, obj, attemps - 1, timeout)
|
||||
waitUntilCreated(ctx, client, obj, attemps-1, timeout)
|
||||
} else {
|
||||
return err
|
||||
}
|
||||
}
|
||||
}
|
||||
return nil
|
||||
}
|
||||
|
||||
@@ -66,11 +57,11 @@ func (acc *Account) Create(ctx context.Context) error {
|
||||
|
||||
acc.Data.UUID = uuid.New().String()
|
||||
log.Println(acc.Data.UUID)
|
||||
passwordHash, err := HashPassword(acc.Data.Password)
|
||||
passwordHash, err := hash.HashPassword(acc.Data.Password, int(acc.Params.HashCost))
|
||||
if err != nil {
|
||||
return nil
|
||||
}
|
||||
|
||||
|
||||
namespace := corev1.Namespace{
|
||||
ObjectMeta: metav1.ObjectMeta{
|
||||
Name: acc.Data.UUID,
|
||||
@@ -81,13 +72,12 @@ func (acc *Account) Create(ctx context.Context) error {
|
||||
return err
|
||||
}
|
||||
|
||||
if err := waitUntilCreated(ctx, client, &namespace, 10, time.Millisecond * 50); err != nil {
|
||||
if err := waitUntilCreated(ctx, client, &namespace, 10, time.Millisecond*50); err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
|
||||
if err := client.Get(ctx, types.NamespacedName{
|
||||
Name: acc.Data.UUID,
|
||||
Name: acc.Data.UUID,
|
||||
}, &namespace); err != nil {
|
||||
if err := client.Delete(ctx, &namespace); err != nil {
|
||||
return err
|
||||
@@ -97,14 +87,14 @@ func (acc *Account) Create(ctx context.Context) error {
|
||||
// Create a secret with the account data
|
||||
secret := corev1.Secret{
|
||||
ObjectMeta: metav1.ObjectMeta{
|
||||
Name: acc.Data.Username,
|
||||
Name: acc.Data.Username,
|
||||
Namespace: "softplayer-accounts",
|
||||
OwnerReferences: []metav1.OwnerReference{
|
||||
OwnerReferences: []metav1.OwnerReference{
|
||||
metav1.OwnerReference{
|
||||
APIVersion: "v1",
|
||||
Kind: "Namespace",
|
||||
Name: acc.Data.UUID,
|
||||
UID: namespace.UID,
|
||||
APIVersion: "v1",
|
||||
Kind: "Namespace",
|
||||
Name: acc.Data.UUID,
|
||||
UID: namespace.UID,
|
||||
},
|
||||
},
|
||||
},
|
||||
@@ -132,26 +122,25 @@ func (acc *Account) Create(ctx context.Context) error {
|
||||
return err
|
||||
}
|
||||
|
||||
|
||||
sa := &corev1.ServiceAccount{
|
||||
ObjectMeta: metav1.ObjectMeta{
|
||||
Name: acc.Data.UUID,
|
||||
ObjectMeta: metav1.ObjectMeta{
|
||||
Name: acc.Data.UUID,
|
||||
Namespace: acc.Data.UUID,
|
||||
},
|
||||
}
|
||||
rb := &rbacv1.RoleBinding{
|
||||
ObjectMeta: metav1.ObjectMeta{
|
||||
Name: acc.Data.UUID,
|
||||
Namespace: acc.Data.UUID,
|
||||
Name: acc.Data.UUID,
|
||||
Namespace: acc.Data.UUID,
|
||||
},
|
||||
Subjects: []rbacv1.Subject{
|
||||
Subjects: []rbacv1.Subject{
|
||||
rbacv1.Subject{
|
||||
Kind: "ServiceAccount",
|
||||
Name: acc.Data.UUID,
|
||||
Namespace: acc.Data.UUID,
|
||||
},
|
||||
},
|
||||
RoleRef: rbacv1.RoleRef{
|
||||
RoleRef: rbacv1.RoleRef{
|
||||
APIGroup: "rbac.authorization.k8s.io",
|
||||
Kind: "Role",
|
||||
Name: acc.Data.Username,
|
||||
@@ -175,13 +164,13 @@ func (acc *Account) Create(ctx context.Context) error {
|
||||
tokenName := fmt.Sprintf("sa-%s", acc.Data.UUID)
|
||||
saSec := &corev1.Secret{
|
||||
ObjectMeta: metav1.ObjectMeta{
|
||||
Name: tokenName,
|
||||
Name: tokenName,
|
||||
Namespace: acc.Data.UUID,
|
||||
Annotations: map[string]string{
|
||||
"kubernetes.io/service-account.name": acc.Data.UUID,
|
||||
},
|
||||
},
|
||||
Type: "kubernetes.io/service-account-token",
|
||||
Type: "kubernetes.io/service-account-token",
|
||||
}
|
||||
|
||||
if err := client.Create(ctx, saSec); err != nil {
|
||||
@@ -190,7 +179,7 @@ func (acc *Account) Create(ctx context.Context) error {
|
||||
}
|
||||
return err
|
||||
}
|
||||
if err := waitUntilCreated(ctx, client, saSec, 10, time.Millisecond * 50); err != nil {
|
||||
if err := waitUntilCreated(ctx, client, saSec, 10, time.Millisecond*50); err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
@@ -204,7 +193,7 @@ func (acc *Account) Create(ctx context.Context) error {
|
||||
return nil
|
||||
}
|
||||
|
||||
func (acc *Account) Login (ctx context.Context) error {
|
||||
func (acc *Account) Login(ctx context.Context) error {
|
||||
client := acc.Controller.GetClient()
|
||||
sec := &corev1.Secret{}
|
||||
if err := client.Get(ctx, types.NamespacedName{
|
||||
@@ -213,7 +202,7 @@ func (acc *Account) Login (ctx context.Context) error {
|
||||
}, sec); err != nil {
|
||||
return err
|
||||
}
|
||||
if !CheckPasswordHash(acc.Data.Password, string(sec.Data["password"])){
|
||||
if !hash.CheckPasswordHash(acc.Data.Password, string(sec.Data["password"])) {
|
||||
err := errors.New("wrong password")
|
||||
return err
|
||||
}
|
||||
@@ -221,30 +210,29 @@ func (acc *Account) Login (ctx context.Context) error {
|
||||
tokenName := fmt.Sprintf("sa-%s", acc.Data.UUID)
|
||||
saSec := &corev1.Secret{
|
||||
ObjectMeta: metav1.ObjectMeta{
|
||||
Name: tokenName,
|
||||
Name: tokenName,
|
||||
Namespace: acc.Data.UUID,
|
||||
Annotations: map[string]string{
|
||||
"kubernetes.io/service-account.name": acc.Data.UUID,
|
||||
},
|
||||
},
|
||||
Type: "kubernetes.io/service-account-token",
|
||||
Type: "kubernetes.io/service-account-token",
|
||||
}
|
||||
var err error
|
||||
acc.Token, err = acc.getToken(ctx, saSec)
|
||||
if err != nil{
|
||||
return err
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
return nil
|
||||
}
|
||||
|
||||
func (acc *Account) getToken (ctx context.Context, saSec *corev1.Secret) (string, error) {
|
||||
func (acc *Account) getToken(ctx context.Context, saSec *corev1.Secret) (string, error) {
|
||||
client := acc.Controller.GetClient()
|
||||
if err := client.Get(ctx, types.NamespacedName{
|
||||
Namespace: acc.Data.UUID,
|
||||
Name: saSec.ObjectMeta.Name,
|
||||
Name: saSec.ObjectMeta.Name,
|
||||
}, saSec); err != nil {
|
||||
return "", err
|
||||
}
|
||||
return string(saSec.Data["token"]), nil
|
||||
}
|
||||
|
||||
|
||||
13
internal/controllers/email.go.tmp
Normal file
13
internal/controllers/email.go.tmp
Normal file
@@ -0,0 +1,13 @@
|
||||
# package controllers
|
||||
|
||||
import "context"
|
||||
|
||||
type EmailSvc struct {}
|
||||
|
||||
type EmailData strict {
|
||||
UserID string
|
||||
}
|
||||
|
||||
func (svc *EmailSvc) SendVerification(ctx context.Context) {
|
||||
|
||||
}
|
||||
Reference in New Issue
Block a user