1 files changed, 63 insertions, 0 deletions
diff --git a/app/controllers/api_console_redirect.go b/app/controllers/api_console_redirect.go
new file mode 100644
index 0000000..701bbf3
--- /dev/null
+++ b/app/controllers/api_console_redirect.go
@@ -0,0 +1,63 @@
+package controllers
+import (
+        "net/http"
+        "code.crute.us/mcrute/golib/echo/controller"
+        "github.com/labstack/echo/v4"
+        "github.com/prometheus/client_golang/prometheus"
+        "github.com/prometheus/client_golang/prometheus/promauto"
+)
+var consoleAllowed = promauto.NewCounterVec(prometheus.CounterOpts{
+        Namespace: "aws_access", // Legacy Namespace
+        Name:      "broker_console_access_total",
+        Help:      "Total number of console logins allowed by broker",
+}, []string{"account"})
+type jsonConsoleUrl struct {
+        ConsoleURL string `json:"console_url"`
+}
+type APIConsoleRedirectHandler struct {
+        FederationIssuerEndpoint string
+        *AWSAPI
+}
+func NewAPIConsoleRedirectHandler(a *AWSAPI, fe string) echo.HandlerFunc {
+        al := &APIConsoleRedirectHandler{fe, a}
+        h := &controller.ContentTypeNegotiatingHandler{
+                DefaultHandler: al.Handle,
+                Handlers: map[string]echo.HandlerFunc{
+                        contentTypeV1: al.Handle,
+                },
+        }
+        return h.Handle
+}
+func (h *APIConsoleRedirectHandler) Handle(c echo.Context) error {
+        rc, err := h.GetContext(c) // Does all authorization checks
+        if err != nil {
+                return err
+        }
+        u, err := rc.AWS.GetFederationURL(rc.Principal.Username, h.FederationIssuerEndpoint)
+        if err != nil {
+                c.Logger().Errorf("Error fetching console URL: %w", err)
+                return echo.ErrBadRequest
+        }
+        c.Logger().Infof(
+                "Allowing '%s' to access account console '%s'",
+                rc.Principal.Username, rc.Account.Name,
+        )
+        consoleAllowed.With(prometheus.Labels{
+                "account": rc.Account.ShortName,
+        }).Inc()
+        if c.QueryParam("redirect") == "1" {
+                return c.Redirect(http.StatusFound, u)
+        } else {
+                return c.JSON(http.StatusOK, &jsonConsoleUrl{u})
+        }
+}

diff --git a/app/controllers/api_console_redirect.go b/app/controllers/api_console_redirect.go new file mode 100644 index 0000000..701bbf3 --- /dev/null +++ b/app/controllers/api_console_redirect.go
@@ -0,0 +1,63 @@
	1	package controllers
	2
	3	import (
	4	"net/http"
	5
	6	"code.crute.us/mcrute/golib/echo/controller"
	7	"github.com/labstack/echo/v4"
	8	"github.com/prometheus/client_golang/prometheus"
	9	"github.com/prometheus/client_golang/prometheus/promauto"
	10	)
	11
	12	var consoleAllowed = promauto.NewCounterVec(prometheus.CounterOpts{
	13	Namespace: "aws_access", // Legacy Namespace
	14	Name: "broker_console_access_total",
	15	Help: "Total number of console logins allowed by broker",
	16	}, []string{"account"})
	17
	18	type jsonConsoleUrl struct {
	19	ConsoleURL string `json:"console_url"`
	20	}
	21
	22	type APIConsoleRedirectHandler struct {
	23	FederationIssuerEndpoint string
	24	*AWSAPI
	25	}
	26
	27	func NewAPIConsoleRedirectHandler(a *AWSAPI, fe string) echo.HandlerFunc {
	28	al := &APIConsoleRedirectHandler{fe, a}
	29	h := &controller.ContentTypeNegotiatingHandler{
	30	DefaultHandler: al.Handle,
	31	Handlers: map[string]echo.HandlerFunc{
	32	contentTypeV1: al.Handle,
	33	},
	34	}
	35	return h.Handle
	36	}
	37
	38	func (h *APIConsoleRedirectHandler) Handle(c echo.Context) error {
	39	rc, err := h.GetContext(c) // Does all authorization checks
	40	if err != nil {
	41	return err
	42	}
	43
	44	u, err := rc.AWS.GetFederationURL(rc.Principal.Username, h.FederationIssuerEndpoint)
	45	if err != nil {
	46	c.Logger().Errorf("Error fetching console URL: %w", err)
	47	return echo.ErrBadRequest
	48	}
	49
	50	c.Logger().Infof(
	51	"Allowing '%s' to access account console '%s'",
	52	rc.Principal.Username, rc.Account.Name,
	53	)
	54	consoleAllowed.With(prometheus.Labels{
	55	"account": rc.Account.ShortName,
	56	}).Inc()
	57
	58	if c.QueryParam("redirect") == "1" {
	59	return c.Redirect(http.StatusFound, u)
	60	} else {
	61	return c.JSON(http.StatusOK, &jsonConsoleUrl{u})
	62	}
	63	}