2020-02-15 22:13:50 +00:00
|
|
|
package dehub
|
|
|
|
|
|
|
|
|
|
import (
|
2020-04-11 23:10:18 +00:00
|
|
|
"errors"
|
|
|
|
|
"fmt"
|
|
|
|
|
|
2020-03-29 21:16:36 +00:00
|
|
|
"dehub.dev/src/dehub.git/accessctl"
|
|
|
|
|
"dehub.dev/src/dehub.git/fs"
|
|
|
|
|
"dehub.dev/src/dehub.git/sigcred"
|
2020-02-15 22:13:50 +00:00
|
|
|
|
|
|
|
|
yaml "gopkg.in/yaml.v2"
|
|
|
|
|
)
|
|
|
|
|
|
|
|
|
|
// Account represents a single account defined in the Config.
|
|
|
|
|
type Account struct {
|
2020-04-26 20:23:03 +00:00
|
|
|
ID string `yaml:"id"`
|
|
|
|
|
Signifiers []sigcred.SignifierUnion `yaml:"signifiers"`
|
|
|
|
|
Meta map[string]string `yaml:"meta,omitempty"`
|
2020-02-15 22:13:50 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Config represents the structure of the main dehub configuration file, and is
|
|
|
|
|
// used to marshal/unmarshal the yaml file.
|
|
|
|
|
type Config struct {
|
2020-03-18 22:35:32 +00:00
|
|
|
Accounts []Account `yaml:"accounts"`
|
|
|
|
|
AccessControls []accessctl.AccessControl `yaml:"access_controls"`
|
2020-02-15 22:13:50 +00:00
|
|
|
}
|
|
|
|
|
|
2020-04-26 20:23:03 +00:00
|
|
|
func (proj *Project) loadConfig(fs fs.FS) (Config, error) {
|
2020-02-15 22:13:50 +00:00
|
|
|
rc, err := fs.Open(ConfigPath)
|
|
|
|
|
if err != nil {
|
|
|
|
|
return Config{}, fmt.Errorf("could not open config.yml: %w", err)
|
|
|
|
|
}
|
|
|
|
|
defer rc.Close()
|
|
|
|
|
|
|
|
|
|
var cfg Config
|
|
|
|
|
if err := yaml.NewDecoder(rc).Decode(&cfg); err != nil {
|
|
|
|
|
return cfg, fmt.Errorf("could not decode config.yml: %w", err)
|
|
|
|
|
}
|
|
|
|
|
|
2020-03-18 22:35:32 +00:00
|
|
|
// older config versions also had access_controls be an array, but not using
|
|
|
|
|
// the action field. So filter out array elements without the action field.
|
|
|
|
|
acl := cfg.AccessControls
|
|
|
|
|
cfg.AccessControls = cfg.AccessControls[:0]
|
|
|
|
|
for _, ac := range acl {
|
|
|
|
|
if ac.Action == "" {
|
|
|
|
|
continue
|
|
|
|
|
}
|
|
|
|
|
cfg.AccessControls = append(cfg.AccessControls, ac)
|
|
|
|
|
}
|
|
|
|
|
|
2020-02-15 22:13:50 +00:00
|
|
|
// TODO validate Config
|
|
|
|
|
|
|
|
|
|
return cfg, nil
|
|
|
|
|
}
|
|
|
|
|
|
2020-04-26 20:23:03 +00:00
|
|
|
// LoadConfig loads the Config object from the HEAD of the project's git repo,
|
|
|
|
|
// or directly from the filesystem if there is no HEAD yet.
|
|
|
|
|
func (proj *Project) LoadConfig() (Config, error) {
|
|
|
|
|
headFS, err := proj.headFS()
|
2020-02-15 22:13:50 +00:00
|
|
|
if err != nil {
|
|
|
|
|
return Config{}, fmt.Errorf("error retrieving repo HEAD: %w", err)
|
|
|
|
|
}
|
2020-04-26 20:23:03 +00:00
|
|
|
return proj.loadConfig(headFS)
|
2020-02-15 22:13:50 +00:00
|
|
|
}
|
|
|
|
|
|
2020-04-26 20:23:03 +00:00
|
|
|
func (proj *Project) signifierForCredential(fs fs.FS, cred sigcred.CredentialUnion) (sigcred.Signifier, error) {
|
|
|
|
|
cfg, err := proj.loadConfig(fs)
|
2020-02-15 22:13:50 +00:00
|
|
|
if err != nil {
|
|
|
|
|
return nil, fmt.Errorf("error loading config: %w", err)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
var account Account
|
|
|
|
|
var ok bool
|
|
|
|
|
for _, account = range cfg.Accounts {
|
|
|
|
|
if account.ID == cred.AccountID {
|
|
|
|
|
ok = true
|
|
|
|
|
break
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
if !ok {
|
|
|
|
|
return nil, fmt.Errorf("no account object for account id %q present in config", cred.AccountID)
|
|
|
|
|
}
|
|
|
|
|
|
2020-04-26 20:23:03 +00:00
|
|
|
for i, sigUn := range account.Signifiers {
|
|
|
|
|
sig := sigUn.Signifier(cred.AccountID)
|
|
|
|
|
if ok, err := sig.Signed(fs, cred); err != nil {
|
2020-02-15 22:13:50 +00:00
|
|
|
return nil, fmt.Errorf("error checking if signfier index:%d signed credential: %w", i, err)
|
|
|
|
|
} else if ok {
|
2020-04-26 20:23:03 +00:00
|
|
|
return sig, nil
|
2020-02-15 22:13:50 +00:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return nil, errors.New("no signifier found for credential")
|
|
|
|
|
}
|
