Skip to content

Commit

Permalink
Add admins config to dashboard recipe
Browse files Browse the repository at this point in the history
  • Loading branch information
nkshah2 committed Sep 11, 2023
1 parent 0d35cb9 commit 83628c1
Show file tree
Hide file tree
Showing 5 changed files with 78 additions and 1 deletion.
8 changes: 8 additions & 0 deletions recipe/dashboard/apiKeyProtector.go
Original file line number Diff line number Diff line change
@@ -1,13 +1,21 @@
package dashboard

import (
"errors"
"github.com/supertokens/supertokens-golang/recipe/dashboard/dashboardmodels"
errors2 "github.com/supertokens/supertokens-golang/recipe/dashboard/errors"
"github.com/supertokens/supertokens-golang/supertokens"
)

func apiKeyProtector(apiImpl dashboardmodels.APIInterface, tenantId string, options dashboardmodels.APIOptions, userContext supertokens.UserContext, call func() (interface{}, error)) error {
shouldAllowAccess, err := (*options.RecipeImplementation.ShouldAllowAccess)(options.Req, options.Config, userContext)
if err != nil {
if errors.As(err, &errors2.ForbiddenAccessError{}) {
return supertokens.SendNon200Response(options.Res, 403, map[string]interface{}{
"message": err.Error(),
})
}

return err
}

Expand Down
2 changes: 2 additions & 0 deletions recipe/dashboard/dashboardmodels/models.go
Original file line number Diff line number Diff line change
Expand Up @@ -17,6 +17,7 @@ package dashboardmodels

type TypeInput struct {
ApiKey string
Admins *[]string
Override *OverrideStruct
}

Expand All @@ -29,6 +30,7 @@ const (

type TypeNormalisedInput struct {
ApiKey string
Admins []string
AuthMode TypeAuthMode
Override OverrideStruct
}
Expand Down
9 changes: 9 additions & 0 deletions recipe/dashboard/errors/errors.go
Original file line number Diff line number Diff line change
@@ -0,0 +1,9 @@
package errors

type ForbiddenAccessError struct {
Msg string
}

func (err ForbiddenAccessError) Error() string {
return err.Msg
}
42 changes: 41 additions & 1 deletion recipe/dashboard/recipeimplementation.go
Original file line number Diff line number Diff line change
Expand Up @@ -17,7 +17,9 @@ package dashboard

import (
"fmt"
"github.com/supertokens/supertokens-golang/recipe/dashboard/constants"
"github.com/supertokens/supertokens-golang/recipe/dashboard/dashboardmodels"
"github.com/supertokens/supertokens-golang/recipe/dashboard/errors"
"github.com/supertokens/supertokens-golang/recipe/dashboard/validationUtils"
"github.com/supertokens/supertokens-golang/supertokens"
"net/http"
Expand Down Expand Up @@ -47,7 +49,45 @@ func makeRecipeImplementation(querier supertokens.Querier) dashboardmodels.Recip

status, ok := verifyResponse["status"]

return ok && status.(string) == "OK", nil
if !ok || status != "OK" {
return false, nil
}

// For all non GET requests we also want to check if the user is allowed to perform this operation
if req.Method != http.MethodGet {
// We dont want to block the analytics API
if strings.HasSuffix(req.RequestURI, constants.DashboardAnalyticsAPI) {
return true, nil
}

// We do not want to block the sign out request
if strings.HasSuffix(req.RequestURI, constants.SignOutAPI) {
return true, nil
}

admins := config.Admins

// If the user has provided no admins, allow
if len(admins) == 0 {
return true, nil
}

emailInHeaders := req.Header.Get("email")

if emailInHeaders == "" {
supertokens.LogDebugMessage("User Dashboard: Returning Unauthorised because no email was provided in headers")
return false, nil
}

if supertokens.DoesSliceContainString(emailInHeaders, admins) {
supertokens.LogDebugMessage("User Dashboard: Throwing OPERATION_NOT_ALLOWED because user is not an admin")
return false, errors.ForbiddenAccessError{
Msg: "You are not permitted to perform this operation",
}
}
}

return true, nil
}

validateKeyResponse, err := validationUtils.ValidateApiKey(req, config, userContext)
Expand Down
18 changes: 18 additions & 0 deletions recipe/dashboard/utils.go
Original file line number Diff line number Diff line change
Expand Up @@ -18,6 +18,7 @@ package dashboard
import (
"github.com/supertokens/supertokens-golang/recipe/dashboard/dashboardmodels"
"github.com/supertokens/supertokens-golang/supertokens"
"strings"
)

func validateAndNormaliseUserInput(appInfo supertokens.NormalisedAppinfo, config *dashboardmodels.TypeInput) dashboardmodels.TypeNormalisedInput {
Expand All @@ -42,6 +43,17 @@ func validateAndNormaliseUserInput(appInfo supertokens.NormalisedAppinfo, config
}
}

if _config.ApiKey != "" && config.Admins != nil {
supertokens.LogDebugMessage("User Dashboard: Providing 'Admins' has no effect when using an apiKey.")
}

admins := []string{}
if _config.Admins != nil {
admins = *_config.Admins
}

typeNormalisedInput.Admins = admins

return typeNormalisedInput
}

Expand All @@ -58,3 +70,9 @@ func makeTypeNormalisedInput(appInfo supertokens.NormalisedAppinfo) dashboardmod
},
}
}

func normaliseEmail(email string) string {
_email := strings.TrimSpace(email)
_email = strings.ToLower(_email)
return _email
}

0 comments on commit 83628c1

Please sign in to comment.