diff options
Diffstat (limited to 'app/controllers/api_console_redirect.go')
-rw-r--r-- | app/controllers/api_console_redirect.go | 63 |
1 files changed, 63 insertions, 0 deletions
diff --git a/app/controllers/api_console_redirect.go b/app/controllers/api_console_redirect.go new file mode 100644 index 0000000..701bbf3 --- /dev/null +++ b/app/controllers/api_console_redirect.go | |||
@@ -0,0 +1,63 @@ | |||
1 | package controllers | ||
2 | |||
3 | import ( | ||
4 | "net/http" | ||
5 | |||
6 | "code.crute.us/mcrute/golib/echo/controller" | ||
7 | "github.com/labstack/echo/v4" | ||
8 | "github.com/prometheus/client_golang/prometheus" | ||
9 | "github.com/prometheus/client_golang/prometheus/promauto" | ||
10 | ) | ||
11 | |||
12 | var consoleAllowed = promauto.NewCounterVec(prometheus.CounterOpts{ | ||
13 | Namespace: "aws_access", // Legacy Namespace | ||
14 | Name: "broker_console_access_total", | ||
15 | Help: "Total number of console logins allowed by broker", | ||
16 | }, []string{"account"}) | ||
17 | |||
18 | type jsonConsoleUrl struct { | ||
19 | ConsoleURL string `json:"console_url"` | ||
20 | } | ||
21 | |||
22 | type APIConsoleRedirectHandler struct { | ||
23 | FederationIssuerEndpoint string | ||
24 | *AWSAPI | ||
25 | } | ||
26 | |||
27 | func NewAPIConsoleRedirectHandler(a *AWSAPI, fe string) echo.HandlerFunc { | ||
28 | al := &APIConsoleRedirectHandler{fe, a} | ||
29 | h := &controller.ContentTypeNegotiatingHandler{ | ||
30 | DefaultHandler: al.Handle, | ||
31 | Handlers: map[string]echo.HandlerFunc{ | ||
32 | contentTypeV1: al.Handle, | ||
33 | }, | ||
34 | } | ||
35 | return h.Handle | ||
36 | } | ||
37 | |||
38 | func (h *APIConsoleRedirectHandler) Handle(c echo.Context) error { | ||
39 | rc, err := h.GetContext(c) // Does all authorization checks | ||
40 | if err != nil { | ||
41 | return err | ||
42 | } | ||
43 | |||
44 | u, err := rc.AWS.GetFederationURL(rc.Principal.Username, h.FederationIssuerEndpoint) | ||
45 | if err != nil { | ||
46 | c.Logger().Errorf("Error fetching console URL: %w", err) | ||
47 | return echo.ErrBadRequest | ||
48 | } | ||
49 | |||
50 | c.Logger().Infof( | ||
51 | "Allowing '%s' to access account console '%s'", | ||
52 | rc.Principal.Username, rc.Account.Name, | ||
53 | ) | ||
54 | consoleAllowed.With(prometheus.Labels{ | ||
55 | "account": rc.Account.ShortName, | ||
56 | }).Inc() | ||
57 | |||
58 | if c.QueryParam("redirect") == "1" { | ||
59 | return c.Redirect(http.StatusFound, u) | ||
60 | } else { | ||
61 | return c.JSON(http.StatusOK, &jsonConsoleUrl{u}) | ||
62 | } | ||
63 | } | ||