server

package
v0.15.3 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Oct 5, 2025 License: Apache-2.0 Imports: 86 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	PROVIDER_NAME_DELIMITER = "_"
	SESSION_COOKIE          = "openrun_session"
	AUTH_KEY                = "authenticated"
	USER_KEY                = "user" // email/userid/nickname (for git email/nickname/userid)
	USER_ID_KEY             = "user_id"
	USER_EMAIL_KEY          = "email"
	USER_NICKNAME_KEY       = "nickname"
	PROVIDER_NAME_KEY       = "provider_name"
	GROUPS_KEY              = "groups"
	SESSION_INDEX_KEY       = "session_index"
	NONCE_KEY               = "nonce"
	REDIRECT_URL            = "redirect"
)
View Source 
const (
	DRY_RUN_ARG = "dryRun"
	PROMOTE_ARG = "promote"
)
View Source 
const (
	DEFAULT_CERT_FILE = "default.crt"
	DEFAULT_KEY_FILE  = "default.key"
	APPSPECS          = "appspecs"
)
View Source 
const (
	DOCKER_COMMAND = "docker"
	PODMAN_COMMAND = "podman"
)
View Source 
const (
	APP = "app"
)
View Source 
const CURRENT_AUDIT_DB_VERSION = 1
View Source 
const RBAC_AUTH_PREFIX = "rbac:"
View Source 
const RBAC_CUSTOM_PREFIX = "custom:" // used for app level custom permissions
View Source 
const RBAC_GROUP_PREFIX = "group:"
View Source 
const RBAC_ROLE_PREFIX = "role:"
View Source 
const (
	REALM = "openrun"
)
View Source 
const SAML_AUTH_PREFIX = "saml_"

The flow is 1. At service startup, SAMLServiceProvider is initialized 2. For apps using SAML, CheckSAMLAuth is called to check if the user is authenticated 3. CheckSAMLAuth verifies the session cookie to see if the user is authenticated. If yes, done 4. If the user is not authenticated, login function is called (API is currently on the app domain) 5. Login creates a sessionid and nonce. Saves entry in DB with sessionid as key and state map as value 6. Login creates a cookie with the nonce and redirect url. Redirects to the SAML provider's login page, with sessionid in RelayState 7. SAML provider's login page redirects to the ACS api on the callback domain, with sessionid in RelayState 8. ACS api validates the sessionid, and updates the state map in the DB with the user id and groups info 9. ACS api redirects to the redirect API on the app domain, again passing the sessionid in the relay parameter 10. redirect API validates the passed sessionid, nonce from DB statemap against nonce from cookie, 11. redirect sets the session cookie in authenticated state, with the user id and groups info and deletes the DB entry 12. Redirects back to original app url, which will again call CheckSAMLAuth and find the authenticated cookie

Variables

View Source 
var (
	COMPRESSION_ENABLED_MIME_TYPES = []string{
		"text/html",
		"text/css",
		"text/plain",
		"text/xml",
		"text/x-component",
		"text/javascript",
		"application/x-javascript",
		"application/javascript",
		"application/json",
		"application/manifest+json",
		"application/vnd.api+json",
		"application/xml",
		"application/xhtml+xml",
		"application/rss+xml",
		"application/atom+xml",
		"application/vnd.ms-fontobject",
		"application/x-font-ttf",
		"application/x-font-opentype",
		"application/x-font-truetype",
		"image/svg+xml",
		"image/x-icon",
		"image/vnd.microsoft.icon",
		"font/ttf",
		"font/eot",
		"font/otf",
		"font/opentype",
	}
)

Functions

func GenerateSelfSignedCertificate 

func GenerateSelfSignedCertificate(certPath, keyPath string, validityDuration time.Duration) error

func MatchGlob 

func MatchGlob(appPathGlob string, app types.AppPathDomain) (bool, error)

func ParseGlob 

func ParseGlob(appPathGlob string, apps []types.AppPathDomain) ([]types.AppPathDomain, error)

ParseGlob parses a path spec in the format of domain:path. If domain is not specified, it will match empty domain. glob patters are supported, *:** matches all apps.

func ParseGlobFromInfo 

func ParseGlobFromInfo(appPathGlob string, apps []types.AppInfo) ([]types.AppInfo, error)

ParseGlobFromInfo parses a path spec in the format of domain:path. If domain is not specified, it will match empty domain. glob patters are supported, *:** matches all apps.

Types

type AdminBasicAuth 

type AdminBasicAuth struct {
	*types.Logger
	// contains filtered or unexported fields
}

AdminBasicAuth implements basic auth for the admin user account. Cache the success auth header to avoid the bcrypt hash check penalty Basic auth is supported for admin user only, and changing it requires service restart. Caching the sha of the successful auth header allows us to skip the bcrypt check which significantly improves performance.

func NewAdminBasicAuth 

func NewAdminBasicAuth(logger *types.Logger, config *types.ServerConfig) *AdminBasicAuth

func (*AdminBasicAuth) BasicAuth 

func (a *AdminBasicAuth) BasicAuth(authHeader string) (username, password string, ok bool)

type AppStore 

type AppStore struct {
	*types.Logger
	// contains filtered or unexported fields
}

AppStore is a store of apps. List of apps is stored in memory. Apps are initialized lazily, AddApp has to be called before GetApp to initialize the app

func NewAppStore 

func NewAppStore(logger *types.Logger, server *Server) *AppStore

func (*AppStore) AddApp 

func (a *AppStore) AddApp(app *app.App)

func (*AppStore) ClearApps 

func (a *AppStore) ClearApps(pathDomains []types.AppPathDomain)

ClearApps removes the specified apps from the in memory App cache Also clears the app info cache for all apps (so that it is reloaded on next request)

func (*AppStore) ClearAppsAudit 

func (a *AppStore) ClearAppsAudit(ctx context.Context, pathDomains []types.AppPathDomain, op string) error

ClearApps removes the specified apps from the in memory App cache and creates an audit entry. Also clears the app info cache for all apps (so that it is reloaded on next request)

func (*AppStore) ClearAppsNoNotify 

func (a *AppStore) ClearAppsNoNotify(pathDomains []types.AppPathDomain)

ClearApps removes the specified apps from the in memory App cache Also clears the app info cache for all apps (so that it is reloaded on next request) This does not notify other servers of the app update (intended for use from the listener)

func (*AppStore) ClearLinkedApps 

func (a *AppStore) ClearLinkedApps(pathDomain types.AppPathDomain) error

func (*AppStore) GetAllAppsInfo 

func (a *AppStore) GetAllAppsInfo() ([]types.AppInfo, error)

func (*AppStore) GetAllDomains 

func (a *AppStore) GetAllDomains() (map[string]bool, error)

func (*AppStore) GetApp 

func (a *AppStore) GetApp(pathDomain types.AppPathDomain) (*app.App, error)

func (*AppStore) GetAppInfo 

func (a *AppStore) GetAppInfo(appId types.AppId) (types.AppInfo, bool)

func (*AppStore) GetAppsFullInfo 

func (a *AppStore) GetAppsFullInfo() ([]types.AppInfo, map[string]bool, error)

func (*AppStore) ResetAllAppCache 

func (a *AppStore) ResetAllAppCache()

type CacheDir 

type CacheDir struct {
	// contains filtered or unexported fields
}

type ContextShared 

type ContextShared struct {
	UserId    string
	AppId     string
	Operation string
	Target    string
	DryRun    bool
}

type Handler 

type Handler struct {
	*types.Logger
	// contains filtered or unexported fields
}

func NewTCPHandler 

func NewTCPHandler(logger *types.Logger, config *types.ServerConfig, server *Server) *Handler

NewTCPHandler creates a new handler for HTTP/HTTPS requests. App API's are mounted amd authentication is enabled. It also mounts the internal APIs if admin over TCP is enabled

func NewUDSHandler 

func NewUDSHandler(logger *types.Logger, config *types.ServerConfig, server *Server) *Handler

NewUDSHandler creates a new handler for admin APIs over the unix domain socket

type InmemoryKVStore added in v0.15.3 

type InmemoryKVStore struct {
	// contains filtered or unexported fields
}

func NewInmemoryKVStore added in v0.15.3 

func NewInmemoryKVStore() *InmemoryKVStore

func (*InmemoryKVStore) DeleteKV added in v0.15.3 

func (s *InmemoryKVStore) DeleteKV(ctx context.Context, key string) error

func (*InmemoryKVStore) FetchKV added in v0.15.3 

func (s *InmemoryKVStore) FetchKV(ctx context.Context, key string) (map[string]any, error)

func (*InmemoryKVStore) StoreKV added in v0.15.3 

func (s *InmemoryKVStore) StoreKV(ctx context.Context, key string, value map[string]any, expireAt *time.Time) error

func (*InmemoryKVStore) StoreKVBlob added in v0.15.3 

func (s *InmemoryKVStore) StoreKVBlob(ctx context.Context, key string, value []byte, expireAt *time.Time) error

func (*InmemoryKVStore) UpdateKV added in v0.15.3 

func (s *InmemoryKVStore) UpdateKV(ctx context.Context, key string, value map[string]any) error

func (*InmemoryKVStore) UpdateKVBlob added in v0.15.3 

func (s *InmemoryKVStore) UpdateKVBlob(ctx context.Context, key string, value []byte) error

type KVStore added in v0.15.3 

type KVStore interface {
	FetchKV(ctx context.Context, key string) (map[string]any, error)
	StoreKV(ctx context.Context, key string, value map[string]any, expireAt *time.Time) error
	StoreKVBlob(ctx context.Context, key string, value []byte, expireAt *time.Time) error

	UpdateKV(ctx context.Context, key string, value map[string]any) error
	UpdateKVBlob(ctx context.Context, key string, value []byte) error
	DeleteKV(ctx context.Context, key string) error
}

KVStore is an interface for a key-value store. Implemented by metadata.Metadata

type OAuthManager added in v0.15.3 

type OAuthManager struct {
	*types.Logger
	// contains filtered or unexported fields
}

OAuthManager manages the OAuth providers and their configurations (also OIDC)

func NewOAuthManager added in v0.15.3 

func NewOAuthManager(logger *types.Logger, config *types.ServerConfig, db KVStore) *OAuthManager

func (*OAuthManager) CheckAuth added in v0.15.3 

func (s *OAuthManager) CheckAuth(w http.ResponseWriter, r *http.Request, appProvider string) (string, []string, error)

func (*OAuthManager) RegisterRoutes added in v0.15.3 

func (s *OAuthManager) RegisterRoutes(mux *chi.Mux)

func (*OAuthManager) Setup added in v0.15.3 

func (s *OAuthManager) Setup(sessionKey []byte, sessionBlockKey []byte) error

func (*OAuthManager) ValidateAuthType added in v0.15.3 

func (s *OAuthManager) ValidateAuthType(authType string) bool

func (*OAuthManager) ValidateProviderName added in v0.15.3 

func (s *OAuthManager) ValidateProviderName(provider string) bool

type RBACManager added in v0.15.0 

type RBACManager struct {
	*types.Logger
	// contains filtered or unexported fields
}

func NewRBACHandler added in v0.15.0 

func NewRBACHandler(logger *types.Logger, rbacConfig *types.RBACConfig, serverConfig *types.ServerConfig) (*RBACManager, error)

func (*RBACManager) Authorize added in v0.15.0 

func (h *RBACManager) Authorize(user string, appPathDomain types.AppPathDomain,
	appAuthSetting string, permission types.RBACPermission, groups []string, isAppLevelPermission bool) (bool, error)

func (*RBACManager) UpdateRBACConfig added in v0.15.0 

func (h *RBACManager) UpdateRBACConfig(rbacConfig *types.RBACConfig) error

type Repo 

type Repo struct {
	// contains filtered or unexported fields
}

type RepoCache 

type RepoCache struct {
	// contains filtered or unexported fields
}

func NewRepoCache 

func NewRepoCache(server *Server) (*RepoCache, error)

func (*RepoCache) CheckoutRepo 

func (r *RepoCache) CheckoutRepo(sourceUrl, branch, commit, gitAuth string, isDev bool) (string, string, string, string, error)

func (*RepoCache) Cleanup 

func (r *RepoCache) Cleanup()

func (*RepoCache) GetSha 

func (r *RepoCache) GetSha(sourceUrl, branch, gitAuth string) (string, error)

type SAMLManager added in v0.15.3 

type SAMLManager struct {
	*types.Logger
	// contains filtered or unexported fields
}

SAMLManager manages the SAML providers and their configurations

func NewSAMLManager added in v0.15.3 

func NewSAMLManager(logger *types.Logger, config *types.ServerConfig, cookieStore *sessions.CookieStore, db KVStore) *SAMLManager

func (*SAMLManager) CheckSAMLAuth added in v0.15.3 

func (s *SAMLManager) CheckSAMLAuth(w http.ResponseWriter, r *http.Request, appProvider string) (string, []string, error)

func (*SAMLManager) RegisterRoutes added in v0.15.3 

func (s *SAMLManager) RegisterRoutes(mux *chi.Mux)

func (*SAMLManager) Setup added in v0.15.3 

func (s *SAMLManager) Setup(ctx context.Context) error

func (*SAMLManager) ValidateSAMLProvider added in v0.15.3 

func (s *SAMLManager) ValidateSAMLProvider(authType string) bool

type Server 

type Server struct {
	*types.Logger
	// contains filtered or unexported fields
}

Server is the instance of the OpenRun Server

func NewServer 

func NewServer(config *types.ServerConfig) (*Server, error)

NewServer creates a new instance of the OpenRun Server

func (*Server) Apply 

func (s *Server) Apply(ctx context.Context, inputTx types.Transaction, applyPath string, appPathGlob string, approve, dryRun, promote bool,
	reload types.AppReloadOption, branch, commit, gitAuth string, clobber,
	forceReload bool, lastRunCommitId string, repoCache *RepoCache, dev bool) (*types.AppApplyResponse, []types.AppPathDomain, error)

func (*Server) Authorize added in v0.15.1 

func (s *Server) Authorize(ctx context.Context, permission types.RBACPermission, isAppLevelPermission bool) (bool, error)

Authorize checks if the user has access to the specified permission

func (*Server) AuthorizeAny added in v0.15.1 

func (s *Server) AuthorizeAny(ctx context.Context, permissions []string) (bool, error)

AuthorizeAny checks if the user has access to any of the specified permissions Used for app level permissions, like actions access

func (*Server) AuthorizeList added in v0.15.0 

func (s *Server) AuthorizeList(userId string, app *types.AppInfo, groups []string) (bool, error)

AuthorizeList checks if the user has access to perform list operation on the specified app For RBAC mode, uses RBAC permissions. For non-RBAC mode, look at whether app is using same authentication types as used by the caller

func (*Server) CheckAppValid 

func (s *Server) CheckAppValid(domain, matchPath string) (string, error)

func (*Server) CompleteTransaction 

func (s *Server) CompleteTransaction(ctx context.Context, tx types.Transaction, entries []types.AppPathDomain, dryRun bool, op string) error

func (*Server) CreateApp 

func (s *Server) CreateApp(ctx context.Context, appPath string,
	approve, dryRun bool, appRequest *types.CreateAppRequest) (*types.AppCreateResponse, error)

func (*Server) CreateAppTx 

func (s *Server) CreateAppTx(ctx context.Context, currentTx types.Transaction, appPath string,
	approve, dryRun bool, appRequest *types.CreateAppRequest, repoCache *RepoCache) (*types.AppCreateResponse, error)

func (*Server) CreateSyncEntry 

func (s *Server) CreateSyncEntry(ctx context.Context, path string, scheduled, dryRun bool, sync *types.SyncMetadata) (*types.SyncCreateResponse, error)

func (*Server) DeleteApps 

func (s *Server) DeleteApps(ctx context.Context, appPathGlob string, dryRun bool) (*types.AppDeleteResponse, error)

func (*Server) DeleteSyncEntry 

func (s *Server) DeleteSyncEntry(ctx context.Context, id string, dryRun bool) (*types.SyncDeleteResponse, error)

func (*Server) FilterApps 

func (s *Server) FilterApps(appappPathGlob string, includeInternal bool) ([]types.AppInfo, error)

func (*Server) GetApp 

func (s *Server) GetApp(pathDomain types.AppPathDomain, init bool) (*app.App, error)

func (*Server) GetAppApi 

func (s *Server) GetAppApi(ctx context.Context, appPath string) (*types.AppGetResponse, error)

func (*Server) GetAppEntry 

func (s *Server) GetAppEntry(ctx context.Context, tx types.Transaction, pathDomain types.AppPathDomain) (*types.AppEntry, error)

func (*Server) GetAppSpec 

func (s *Server) GetAppSpec(name types.AppSpec) types.SpecFiles

func (*Server) GetApps 

func (s *Server) GetApps(ctx context.Context, appPathGlob string, internal bool) ([]types.AppResponse, error)

func (*Server) GetDynamicConfig added in v0.14.10 

func (s *Server) GetDynamicConfig() types.DynamicConfig

func (*Server) GetListAppsApp 

func (s *Server) GetListAppsApp() (*app.App, error)

func (*Server) InsertAuditEvent 

func (s *Server) InsertAuditEvent(event *types.AuditEvent) error

func (*Server) KVInitConstant added in v0.15.3 

func (s *Server) KVInitConstant(ctx context.Context, keyName string, newValue []byte) ([]byte, error)

KVInitConstant initializes a constant value in the DB. If the value already exists, it returns the existing value. If the value does not exist, it inserts the new value and returns it. If another server inserts the value concurrently, it fetches the value from the DB and returns it.

func (*Server) ListSyncEntries 

func (s *Server) ListSyncEntries(ctx context.Context) (*types.SyncListResponse, error)

func (*Server) MatchApp 

func (s *Server) MatchApp(hostHeader, matchPath string) (types.AppInfo, error)

func (*Server) ParseGlob 

func (s *Server) ParseGlob(appGlob string) ([]types.AppInfo, error)

func (*Server) PreviewApp 

func (s *Server) PreviewApp(ctx context.Context, mainAppPath, commitId string, approve, dryRun bool) (*types.AppPreviewResponse, error)

func (*Server) PromoteApps 

func (s *Server) PromoteApps(ctx context.Context, appPathGlob string, dryRun bool) (*types.AppPromoteResponse, error)

func (*Server) ReloadApp 

func (s *Server) ReloadApp(ctx context.Context, tx types.Transaction, appEntry *types.AppEntry, stageAppEntry *types.AppEntry,
	approve, dryRun, promote bool, branch, commit, gitAuth string, repoCache *RepoCache, forceReload bool) (*types.AppReloadResult, error)

func (*Server) ReloadApps 

func (s *Server) ReloadApps(ctx context.Context, appPathGlob string, approve, dryRun, promote bool,
	branch, commit, gitAuth string, forceReload bool) (*types.AppReloadResponse, error)

func (*Server) RunSync 

func (s *Server) RunSync(ctx context.Context, id string, dryRun bool) (*types.SyncJobStatus, error)

func (*Server) SaveDynamicConfig added in v0.14.10 

func (s *Server) SaveDynamicConfig(ctx context.Context) error

func (*Server) StagedUpdate 

func (s *Server) StagedUpdate(ctx context.Context, appPathGlob string, dryRun, promote bool, handler stagedUpdateHandler, args map[string]any, op string) (*types.AppStagedUpdateResponse, error)

func (*Server) StagedUpdateAppsTx 

func (s *Server) StagedUpdateAppsTx(ctx context.Context, tx types.Transaction, appPathGlob string, promote bool, handler stagedUpdateHandler, args map[string]any) ([]any, []types.AppPathDomain, []types.AppPathDomain, error)

func (*Server) Start 

func (s *Server) Start() error

Start starts the OpenRun Server

func (*Server) Stop 

func (s *Server) Stop(ctx context.Context) error

Stop stops the OpenRun Server

func (*Server) TokenCreate 

func (s *Server) TokenCreate(ctx context.Context, appPath string, webhookType types.WebhookType, dryRun bool) (*types.TokenCreateResponse, error)

func (*Server) TokenDelete 

func (s *Server) TokenDelete(ctx context.Context, appPath string, webhookType types.WebhookType, dryRun bool) (*types.TokenDeleteResponse, error)

func (*Server) TokenList 

func (s *Server) TokenList(ctx context.Context, appPath string) (*types.TokenListResponse, error)

func (*Server) UpdateAppSettings 

func (s *Server) UpdateAppSettings(ctx context.Context, appPathGlob string, dryRun bool, updateAppRequest types.UpdateAppRequest) (*types.AppUpdateSettingsResponse, error)

func (*Server) UpdateDynamicConfig added in v0.14.10 

func (s *Server) UpdateDynamicConfig(ctx context.Context, newConfig *types.DynamicConfig, force bool) (*types.DynamicConfig, error)

func (*Server) VersionFiles 

func (s *Server) VersionFiles(ctx context.Context, mainAppPath, version string) (*types.AppVersionFilesResponse, error)

func (*Server) VersionList 

func (s *Server) VersionList(ctx context.Context, mainAppPath string) (*types.AppVersionListResponse, error)

func (*Server) VersionSwitch 

func (s *Server) VersionSwitch(ctx context.Context, mainAppPath string, dryRun bool, version string) (*types.AppVersionSwitchResponse, error)

Source Files

View all Source files

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.