[WIP] API refactor (#1737)

* refactor openpitrix API Signed-off-by: hongming <talonwan@yunify.com> * add openpitrix mock client Signed-off-by: hongming <talonwan@yunify.com> * refactor tenant API Signed-off-by: hongming <talonwan@yunify.com> * refactor IAM API Signed-off-by: hongming <talonwan@yunify.com> * refactor IAM API Signed-off-by: hongming <talonwan@yunify.com>
2020-01-13 13:36:21 +08:00
parent c40d1542a2
commit 71849f028f
66 changed files with 5415 additions and 4366 deletions
--- a/pkg/apiserver/iam/auth.go
+++ b/pkg/apiserver/iam/auth.go
@@ -19,38 +19,15 @@ package iam

 import (
 	"fmt"
-	"github.com/dgrijalva/jwt-go"
 	"github.com/emicklei/go-restful"
-	"k8s.io/klog"
+	iamv1alpha2 "kubesphere.io/kubesphere/pkg/api/iam/v1alpha2"
 	"kubesphere.io/kubesphere/pkg/models"
 	"kubesphere.io/kubesphere/pkg/models/iam"
 	"kubesphere.io/kubesphere/pkg/server/errors"
 	"kubesphere.io/kubesphere/pkg/utils/iputil"
-	"kubesphere.io/kubesphere/pkg/utils/jwtutil"
 	"net/http"
 )

-type Spec struct {
-	Token string `json:"token" description:"access token"`
-}
-
-type Status struct {
-	Authenticated bool                   `json:"authenticated" description:"is authenticated"`
-	User          map[string]interface{} `json:"user,omitempty" description:"user info"`
-}
-
-type TokenReview struct {
-	APIVersion string  `json:"apiVersion" description:"Kubernetes API version"`
-	Kind       string  `json:"kind" description:"kind of the API object"`
-	Spec       *Spec   `json:"spec,omitempty"`
-	Status     *Status `json:"status,omitempty" description:"token review status"`
-}
-
-type LoginRequest struct {
-	Username string `json:"username" description:"username"`
-	Password string `json:"password" description:"password"`
-}
-
 type OAuthRequest struct {
 	GrantType    string `json:"grant_type"`
 	Username     string `json:"username,omitempty" description:"username"`
@@ -58,36 +35,6 @@ type OAuthRequest struct {
 	RefreshToken string `json:"refresh_token,omitempty"`
 }

-const (
-	KindTokenReview = "TokenReview"
-)
-
-func Login(req *restful.Request, resp *restful.Response) {
-	var loginRequest LoginRequest
-
-	err := req.ReadEntity(&loginRequest)
-
-	if err != nil || loginRequest.Username == "" || loginRequest.Password == "" {
-		resp.WriteHeaderAndEntity(http.StatusUnauthorized, errors.New("incorrect username or password"))
-		return
-	}
-
-	ip := iputil.RemoteIp(req.Request)
-
-	token, err := iam.Login(loginRequest.Username, loginRequest.Password, ip)
-
-	if err != nil {
-		if serviceError, ok := err.(restful.ServiceError); ok {
-			resp.WriteHeaderAndEntity(serviceError.Code, errors.New(serviceError.Message))
-			return
-		}
-		resp.WriteHeaderAndEntity(http.StatusUnauthorized, errors.Wrap(err))
-		return
-	}
-
-	resp.WriteAsJson(token)
-}
-
 func OAuth(req *restful.Request, resp *restful.Response) {

 	authRequest := &OAuthRequest{}
@@ -120,72 +67,3 @@ func OAuth(req *restful.Request, resp *restful.Response) {
 	resp.WriteEntity(result)

 }
-
-// k8s token review
-func TokenReviewHandler(req *restful.Request, resp *restful.Response) {
-	var tokenReview TokenReview
-
-	err := req.ReadEntity(&tokenReview)
-
-	if err != nil {
-		resp.WriteHeaderAndEntity(http.StatusBadRequest, errors.Wrap(err))
-		return
-	}
-
-	if tokenReview.Spec == nil {
-		resp.WriteHeaderAndEntity(http.StatusBadRequest, errors.New("token must not be null"))
-		return
-	}
-
-	uToken := tokenReview.Spec.Token
-
-	token, err := jwtutil.ValidateToken(uToken)
-
-	if err != nil {
-		klog.Errorln("token review failed", uToken, err)
-		failed := TokenReview{APIVersion: tokenReview.APIVersion,
-			Kind: KindTokenReview,
-			Status: &Status{
-				Authenticated: false,
-			},
-		}
-		resp.WriteAsJson(failed)
-		return
-	}
-
-	claims := token.Claims.(jwt.MapClaims)
-
-	username, ok := claims["username"].(string)
-
-	if !ok {
-		resp.WriteHeaderAndEntity(http.StatusBadRequest, errors.New("username not found"))
-		return
-	}
-
-	user, err := iam.GetUserInfo(username)
-
-	if err != nil {
-		resp.WriteHeaderAndEntity(http.StatusInternalServerError, errors.Wrap(err))
-		return
-	}
-
-	groups, err := iam.GetUserGroups(username)
-
-	if err != nil {
-		resp.WriteHeaderAndEntity(http.StatusInternalServerError, errors.Wrap(err))
-		return
-	}
-
-	user.Groups = groups
-
-	success := TokenReview{APIVersion: tokenReview.APIVersion,
-		Kind: KindTokenReview,
-		Status: &Status{
-			Authenticated: true,
-			User:          map[string]interface{}{"username": user.Username, "uid": user.Username, "groups": user.Groups},
-		},
-	}
-
-	resp.WriteAsJson(success)
-	return
-}