webhttp

package
v0.23.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Mar 21, 2026 License: Apache-2.0 Imports: 32 Imported by: 0

Documentation

Overview

Package webhttp provides HTTP handlers for the Tinkerbell web UI.

Index

Constants

View Source 
const (
	DefaultItemsPerPage = 10
	MaxItemsPerPage     = 100

	// ContextKeyBaseURL is the key used to store the URL prefix in Gin context.
	ContextKeyBaseURL = "baseURL"
)

Common constants.

View Source 
const (
	// MaxSearchResults is the maximum total number of search results to return.
	MaxSearchResults = 20
	// MaxSearchResultsPerType is the maximum number of results per resource type.
	MaxSearchResultsPerType = 5
	// MinSearchQueryLength is the minimum query length required to perform a search.
	// This prevents overly broad searches that would fetch all resources.
	MinSearchQueryLength = 3
)
View Source 
const (
	// SessionDurationSeconds is the duration in seconds that auth cookies remain valid.
	// Set to 8 hours to reduce exposure window if credentials are compromised.
	SessionDurationSeconds = 3600 * 8
)

Variables

View Source 
var TinkerbellResources = []TinkerbellResource{
	{"hardware", "tinkerbell.org"},
	{"templates", "tinkerbell.org"},
	{"workflows", "tinkerbell.org"},
	{"workflowrulesets", "tinkerbell.org"},
	{"machines", "bmc.tinkerbell.org"},
	{"jobs", "bmc.tinkerbell.org"},
	{"tasks", "bmc.tinkerbell.org"},
}

TinkerbellResources defines all Tinkerbell CRD resources to check permissions for. Exported so templates can access the list.

Functions

func AuthMiddleware 

func AuthMiddleware(log logr.Logger, baseURL string) gin.HandlerFunc

AuthMiddleware checks if user has a valid token before accessing protected routes.

func AutoLoginMiddleware 

func AutoLoginMiddleware(client *KubeClient, namespace string) gin.HandlerFunc

AutoLoginMiddleware injects a pre-configured KubeClient into the request context. Used when auto-login is enabled to bypass cookie-based authentication. When namespace is non-empty it is stored as the service-account namespace so that downstream handlers can fall back to namespace-scoped queries.

func GetBMCJobStatus 

func GetBMCJobStatus(conditions []bmcv1alpha1.JobCondition) string

GetBMCJobStatus determines the status of a BMC job from its conditions.

func GetBaseURL 

func GetBaseURL(c *gin.Context) string

GetBaseURL retrieves the URL prefix from the Gin context. Returns empty string if not set (for backwards compatibility).

func GetDashboardData 

func GetDashboardData() templates.DashboardData

GetDashboardData returns the parsed CRD data for the dashboard. Data is cached after first parse.

func GetHardwareInterfaces 

func GetHardwareInterfaces(hw tinkv1alpha1.Hardware) []templates.HardwareInterface

GetHardwareInterfaces extracts all network interfaces from hardware.

func GetHardwareList 

func GetHardwareList(c *gin.Context, log logr.Logger) ([]string, templates.HardwarePageData)

GetHardwareList fetches and returns paginated hardware data.

func GetHardwareStatus 

func GetHardwareStatus(hw tinkv1alpha1.Hardware) string

GetHardwareStatus determines hardware status.

func GetKubeNamespaces 

func GetKubeNamespaces(ctx context.Context, c *gin.Context, kubeClient *KubeClient, log logr.Logger) []string

GetKubeNamespaces fetches namespaces from the Kubernetes cluster. Returns empty list if the user doesn't have permission to list namespaces.

func GetPaginatedBMCJobs 

func GetPaginatedBMCJobs(jobs []webtpl.BMCJob, page, itemsPerPage int) webtpl.BMCJobPageData

GetPaginatedBMCJobs creates paginated BMC job data.

func GetPaginatedBMCMachines 

func GetPaginatedBMCMachines(machines []webtpl.BMCMachine, page, itemsPerPage int) webtpl.BMCMachinePageData

GetPaginatedBMCMachines creates paginated BMC machine data.

func GetPaginatedBMCTasks 

func GetPaginatedBMCTasks(tasks []webtpl.BMCTask, page, itemsPerPage int) webtpl.BMCTaskPageData

GetPaginatedBMCTasks creates paginated BMC task data.

func GetPaginatedHardware 

func GetPaginatedHardware(hardware []webtpl.Hardware, page, itemsPerPage int) webtpl.HardwarePageData

GetPaginatedHardware creates paginated hardware data.

func GetPaginatedTemplates 

func GetPaginatedTemplates(templates []webtpl.Template, page, itemsPerPage int) webtpl.TemplatePageData

GetPaginatedTemplates creates paginated template data.

func GetPaginatedWorkflowRuleSets 

func GetPaginatedWorkflowRuleSets(rulesets []webtpl.WorkflowRuleSet, page, itemsPerPage int) webtpl.WorkflowRuleSetPageData

GetPaginatedWorkflowRuleSets creates paginated workflowruleset data.

func GetPaginatedWorkflows 

func GetPaginatedWorkflows(workflows []webtpl.Workflow, page, itemsPerPage int) webtpl.WorkflowPageData

GetPaginatedWorkflows creates paginated workflow data.

func GetSelectedNamespace 

func GetSelectedNamespace(c *gin.Context, namespaces []string) string

GetSelectedNamespace returns the selected namespace from query params. If no namespace is selected, uses smart defaults based on available namespaces.

func GetTokenAndAPIServerFromRequest 

func GetTokenAndAPIServerFromRequest(c *gin.Context) (string, string, bool)

GetTokenAndAPIServerFromRequest retrieves and decodes token, API server, and TLS verification setting from request.

func HandleAuthError 

func HandleAuthError(c *gin.Context, err error, log logr.Logger) bool

HandleAuthError checks if the error is an auth error and redirects to login if needed. Returns true if an auth error was detected and handled.

func HandleBMCJobData 

func HandleBMCJobData(c *gin.Context, log logr.Logger)

HandleBMCJobData handles the Job data endpoint (HTMX partial).

func HandleBMCJobDetail 

func HandleBMCJobDetail(c *gin.Context, log logr.Logger)

HandleBMCJobDetail handles the Job detail page route.

func HandleBMCJobList 

func HandleBMCJobList(c *gin.Context, log logr.Logger)

HandleBMCJobList handles the Job list page route.

func HandleBMCMachineData 

func HandleBMCMachineData(c *gin.Context, log logr.Logger)

HandleBMCMachineData handles the Machine data endpoint (HTMX partial).

func HandleBMCMachineDetail 

func HandleBMCMachineDetail(c *gin.Context, log logr.Logger)

HandleBMCMachineDetail handles the Machine detail page route.

func HandleBMCMachineList 

func HandleBMCMachineList(c *gin.Context, log logr.Logger)

HandleBMCMachineList handles the Machine list page route.

func HandleBMCTaskData 

func HandleBMCTaskData(c *gin.Context, log logr.Logger)

HandleBMCTaskData handles the BMC task data endpoint (HTMX partial).

func HandleBMCTaskDetail 

func HandleBMCTaskDetail(c *gin.Context, log logr.Logger)

HandleBMCTaskDetail handles the Task detail page route.

func HandleBMCTaskList 

func HandleBMCTaskList(c *gin.Context, log logr.Logger)

HandleBMCTaskList handles the Task list page route.

func HandleDashboard 

func HandleDashboard(c *gin.Context, log logr.Logger)

HandleDashboard handles the landing page / CRD browser.

func HandleGlobalSearch 

func HandleGlobalSearch(c *gin.Context, log logr.Logger)

HandleGlobalSearch handles the global search API endpoint.

func HandleHardwareData 

func HandleHardwareData(c *gin.Context, log logr.Logger)

HandleHardwareData handles the hardware data endpoint (HTMX partial).

func HandleHardwareDetail 

func HandleHardwareDetail(c *gin.Context, log logr.Logger)

HandleHardwareDetail handles the hardware detail page route.

func HandleHardwareList 

func HandleHardwareList(c *gin.Context, log logr.Logger)

HandleHardwareList handles the hardware list page route.

func HandleHome 

func HandleHome(c *gin.Context, log logr.Logger)

HandleHome handles the home page route.

func HandleLogin 

func HandleLogin(c *gin.Context, log logr.Logger)

HandleLogin renders the login page.

func HandleLoginValidate 

func HandleLoginValidate(c *gin.Context, log logr.Logger)

HandleLoginValidate validates the service token and API server URL. It performs comprehensive validation including URL format checking, token verification, and permission validation before setting secure authentication cookies.

func HandleLogout 

func HandleLogout(c *gin.Context)

HandleLogout logs out the user by clearing all authentication cookies.

func HandlePermissionCheck 

func HandlePermissionCheck(c *gin.Context, log logr.Logger)

HandlePermissionCheck handles checking permissions for a single resource. Called via HTMX to progressively load permission status for each resource.

func HandlePermissions 

func HandlePermissions(c *gin.Context, log logr.Logger)

HandlePermissions handles the permissions page showing user's Tinkerbell RBAC permissions. The page loads immediately with loading indicators, then fetches each resource's permissions via HTMX.

func HandleTemplateData 

func HandleTemplateData(c *gin.Context, log logr.Logger)

HandleTemplateData handles the template data endpoint (HTMX partial).

func HandleTemplateDetail 

func HandleTemplateDetail(c *gin.Context, log logr.Logger)

HandleTemplateDetail handles the template detail page route.

func HandleTemplateList 

func HandleTemplateList(c *gin.Context, log logr.Logger)

HandleTemplateList handles the template list page route.

func HandleWorkflowData 

func HandleWorkflowData(c *gin.Context, log logr.Logger)

HandleWorkflowData handles the workflow data endpoint (HTMX partial).

func HandleWorkflowDetail 

func HandleWorkflowDetail(c *gin.Context, log logr.Logger)

HandleWorkflowDetail handles the workflow detail page route.

func HandleWorkflowList 

func HandleWorkflowList(c *gin.Context, log logr.Logger)

HandleWorkflowList handles the workflow list page route.

func HandleWorkflowRuleSetData 

func HandleWorkflowRuleSetData(c *gin.Context, log logr.Logger)

HandleWorkflowRuleSetData handles the workflowruleset data endpoint (HTMX partial).

func HandleWorkflowRuleSetDetail 

func HandleWorkflowRuleSetDetail(c *gin.Context, log logr.Logger)

HandleWorkflowRuleSetDetail handles the workflowruleset detail page route.

func HandleWorkflowRuleSetList 

func HandleWorkflowRuleSetList(c *gin.Context, log logr.Logger)

HandleWorkflowRuleSetList handles the workflowruleset list page route.

func IsAuthError 

func IsAuthError(err error) bool

IsAuthError checks if an error is an authentication error that should trigger a logout. This does NOT include authorization (403 Forbidden) errors - those indicate the user is authenticated but lacks permission, and should not cause a logout.

func IsHTMXRequest 

func IsHTMXRequest(c *gin.Context) bool

IsHTMXRequest checks if the request is an HTMX request.

func RenderComponent 

func RenderComponent(ctx context.Context, w io.Writer, component templ.Component, log logr.Logger)

RenderComponent renders a templ component to the response writer and logs any errors.

func ValidateItemsPerPage 

func ValidateItemsPerPage(itemsPerPage int) int

ValidateItemsPerPage validates and normalizes the items per page value. Returns DefaultItemsPerPage if the value is invalid, less than 1, or greater than MaxItemsPerPage.

Types

type KubeClient 

type KubeClient struct {
	client.Client
	// contains filtered or unexported fields
}

KubeClient wraps a controller-runtime client for Kubernetes operations.

func GetKubeClientFromGinContext 

func GetKubeClientFromGinContext(c *gin.Context) (*KubeClient, error)

GetKubeClientFromGinContext gets the KubeClient from the request context (set by AuthMiddleware).

func NewKubeClientFromRestConfig 

func NewKubeClientFromRestConfig(config *rest.Config) (*KubeClient, error)

NewKubeClientFromRestConfig creates a Kubernetes client from an existing REST config.

func NewKubeClientFromTokenAndServer 

func NewKubeClientFromTokenAndServer(token, apiServer string, insecureSkipVerify bool) (*KubeClient, error)

NewKubeClientFromTokenAndServer creates a Kubernetes client using JWT token and API server URL.

func (*KubeClient) AuthorizationV1 

func (k *KubeClient) AuthorizationV1() kubernetes.Interface

AuthorizationV1 returns the authorization client interface.

func (*KubeClient) GetBMCJob 

func (k *KubeClient) GetBMCJob(ctx context.Context, namespace, name string) (*bmcv1alpha1.Job, error)

GetBMCJob returns a specific BMC job resource.

func (*KubeClient) GetBMCMachine 

func (k *KubeClient) GetBMCMachine(ctx context.Context, namespace, name string) (*bmcv1alpha1.Machine, error)

GetBMCMachine returns a specific BMC machine resource.

func (*KubeClient) GetBMCTask 

func (k *KubeClient) GetBMCTask(ctx context.Context, namespace, name string) (*bmcv1alpha1.Task, error)

GetBMCTask returns a specific BMC task resource.

func (*KubeClient) GetHardware 

func (k *KubeClient) GetHardware(ctx context.Context, namespace, name string) (*tinkv1alpha1.Hardware, error)

GetHardware returns a specific hardware resource.

func (*KubeClient) GetTemplate 

func (k *KubeClient) GetTemplate(ctx context.Context, namespace, name string) (*tinkv1alpha1.Template, error)

GetTemplate returns a specific template resource.

func (*KubeClient) GetWorkflow 

func (k *KubeClient) GetWorkflow(ctx context.Context, namespace, name string) (*tinkv1alpha1.Workflow, error)

GetWorkflow returns a specific workflow resource.

func (*KubeClient) GetWorkflowRuleSet 

func (k *KubeClient) GetWorkflowRuleSet(ctx context.Context, namespace, name string) (*tinkv1alpha1.WorkflowRuleSet, error)

GetWorkflowRuleSet returns a specific workflowruleset resource.

func (*KubeClient) ListBMCJobs 

func (k *KubeClient) ListBMCJobs(ctx context.Context, namespace string) (*bmcv1alpha1.JobList, error)

ListBMCJobs returns all BMC job resources, optionally filtered by namespace.

func (*KubeClient) ListBMCMachines 

func (k *KubeClient) ListBMCMachines(ctx context.Context, namespace string) (*bmcv1alpha1.MachineList, error)

ListBMCMachines returns all BMC machine resources, optionally filtered by namespace.

func (*KubeClient) ListBMCTasks 

func (k *KubeClient) ListBMCTasks(ctx context.Context, namespace string) (*bmcv1alpha1.TaskList, error)

ListBMCTasks returns all BMC task resources, optionally filtered by namespace.

func (*KubeClient) ListHardware 

func (k *KubeClient) ListHardware(ctx context.Context, namespace string) (*tinkv1alpha1.HardwareList, error)

ListHardware returns all hardware resources, optionally filtered by namespace.

func (*KubeClient) ListNamespaces 

func (k *KubeClient) ListNamespaces(ctx context.Context) ([]string, error)

ListNamespaces returns all namespace names that the user has access to.

func (*KubeClient) ListTemplates 

func (k *KubeClient) ListTemplates(ctx context.Context, namespace string) (*tinkv1alpha1.TemplateList, error)

ListTemplates returns all template resources, optionally filtered by namespace.

func (*KubeClient) ListWorkflowRuleSets 

func (k *KubeClient) ListWorkflowRuleSets(ctx context.Context, namespace string) (*tinkv1alpha1.WorkflowRuleSetList, error)

ListWorkflowRuleSets returns all workflowruleset resources, optionally filtered by namespace.

func (*KubeClient) ListWorkflows 

func (k *KubeClient) ListWorkflows(ctx context.Context, namespace string) (*tinkv1alpha1.WorkflowList, error)

ListWorkflows returns all workflow resources, optionally filtered by namespace.

type SearchResponse 

type SearchResponse struct {
	Results []SearchResult `json:"results"`
	Query   string         `json:"query"`
	Message string         `json:"message,omitempty"`
}

SearchResponse is the response for the global search endpoint.

type SearchResult 

type SearchResult struct {
	Name      string `json:"name"`
	Namespace string `json:"namespace"`
	Type      string `json:"type"`
	TypeLabel string `json:"typeLabel"`
	URL       string `json:"url"`
	Icon      string `json:"icon"`
}

SearchResult represents a single search result.

type TinkerbellResource 

type TinkerbellResource struct {
	Resource string
	Group    string
}

TinkerbellResource defines a Tinkerbell CRD resource for permission checking.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.