Skip to content

Commit

Permalink
Merge pull request #105 from velrest/fix_permissions
Browse files Browse the repository at this point in the history
performance improvements and fix access issues
  • Loading branch information
velrest authored Aug 23, 2018
2 parents a1a92f5 + 257f07e commit 3cae3ab
Show file tree
Hide file tree
Showing 11 changed files with 63 additions and 87 deletions.
87 changes: 53 additions & 34 deletions backend/src/vault/vault-list.js
Original file line number Diff line number Diff line change
@@ -1,9 +1,7 @@
import rp from 'request-promise'
import http2 from 'http2'
import wrap from 'express-async-wrap'

import { getAuthenticator } from './vault-custom'

let host, prefix, auth
let host, prefix

function stripPrefix(path) {
if (path.startsWith(prefix)) {
Expand All @@ -12,47 +10,68 @@ function stripPrefix(path) {
return path
}

async function listVault(token, path) {
const rawResponse = await rp(
auth(token, {
forever: true,
uri: `${host}${path}?list=true`
async function listVault(token, path, client) {
const req = client.request({
':path': encodeURI(path) + '?list=true',
'X-Vault-Token': token
})

req.setEncoding('utf8')

// IMPORTANT: the data event can also be called if the sever has not yet
// returned the whole data set. We need to concatenate untill the request ends.
return new Promise(resolve => {
let data = ''
req.on('data', rawResponse => {
data += rawResponse
})
)
const resp = JSON.parse(rawResponse)
const result = {}
if (resp.data && resp.data.keys) {
result.values = resp.data.keys
.filter(key => !key.endsWith('/'))
.reduce((res, key) => {
res[key] = { path: stripPrefix(path + key) }
return res
}, {})

result.children = {}
await Promise.all(
resp.data.keys.filter(key => key.endsWith('/')).map(async key => {
result.children[key] = await listVault(token, path + key)
})
)
}
req.on('end', async () => {
let result = {}
try {
const resp = JSON.parse(data)
if (resp.data && resp.data.keys) {
result.values = resp.data.keys
.filter(key => !key.endsWith('/'))
.reduce((res, key) => {
res[key] = { path: stripPrefix(path + key) }
return res
}, {})

return result
result.children = {}
await Promise.all(
resp.data.keys.filter(key => key.endsWith('/')).map(async key => {
result.children[key] = await listVault(token, path + key, client)
})
)
} else {
result.values = {}
result.children = {}
}
} catch (e) {
console.log(path, ':', e)
} finally {
data = ''
}
resolve(result)
})
})
}

export default function vaultListhandler(service) {
host = service.host
prefix = service.prefix
auth = getAuthenticator(service.ca)

return wrap(async (req, res) => {
try {
res.send(
await listVault(
req.session.vaultToken,
service.prefix + service.backend
)
const client = http2.connect(host)

let response = await listVault(
req.session.vaultToken,
service.prefix + service.backend,
client
)
client.destroy()
res.send(response)
} catch (e) {
res.status(e.statusCode).send(e.message)
}
Expand Down
20 changes: 0 additions & 20 deletions frontend/app/components/crud-list-item/template.hbs
Original file line number Diff line number Diff line change
@@ -1,9 +1,4 @@
<tr>
{{#if showName}}
<td class="uk-width-1-3">
{{input-or-show value=entry.key edit=edit placeholder="description"}}
</td>
{{/if}}
<td colspan="{{if edit 2 1}}" class="{{if edit 'uk-width-2-3' 'uk-width-1-3'}}">
{{input-or-show value=entry.value edit=edit placeholder="value" clipboard=true mask=maskPassword}}
</td>
Expand All @@ -15,21 +10,6 @@
{{/unless}}
</tr>

{{#if entry.comment}}
<tr class="uk-border-remove">
<td colspan="3" class="padding-remove-top {{unless edit 'uk-text-small uk-text-muted'}}">
<div class="{{unless edit 'uk-margin-left'}}">
{{input-or-show
value=entry.comment
edit=edit
placeholder="Comment"
multiline=true
}}
</div>
</td>
</tr>
{{/if}}

{{#if edit}}
<tr>
<td colspan="3">
Expand Down
16 changes: 1 addition & 15 deletions frontend/app/components/crud-list/component.js
Original file line number Diff line number Diff line change
@@ -1,6 +1,5 @@
import Component from '@ember/component'
import EmberObject from '@ember/object'
import { computed } from '@ember/object'

function external(internalModel) {
return internalModel.reduce((prev, curr) => {
Expand Down Expand Up @@ -38,21 +37,8 @@ export default Component.extend({
this.set('_model', internal(this.model))
},

showName: computed('_model', function() {
return (
this._model &&
this._model.some(e => {
return e.key !== 'value'
})
)
}),

actions: {
add() {
this._model.pushObject({ edit: true })
},

async save(index, { key = 'value', value, comment }) {
async save(index, { key = 'value', value, comment = '' }) {
this._model.replace(index, 1, [
EmberObject.create({ key, value, comment, edit: false })
])
Expand Down
10 changes: 1 addition & 9 deletions frontend/app/components/crud-list/template.hbs
Original file line number Diff line number Diff line change
Expand Up @@ -7,16 +7,13 @@
<table class="uk-table uk-table-small uk-table-divider uk-margin-remove uk-table-middle">
<thead>
<tr>
{{#if showName}}
<th>Name</th>
{{/if}}
<th>{{t 'vault.value'}}</th>
<th></th>
</tr>
</thead>
<tbody>
{{#each _model as |entry index|}}
{{crud-list-item entry=entry edit=entry.edit showName=showName index=index on-save=(action 'save') on-delete=(action 'delete')}}
{{crud-list-item entry=entry edit=entry.edit index=index on-save=(action 'save') on-delete=(action 'delete')}}
{{^}}
<tr>
<td colspan="3" class="uk-text-center">{{t 'global.empty'}}</td>
Expand All @@ -26,9 +23,4 @@
</table>
</form>
{{/card.body}}
{{#card.footer class='uk-text-right'}}
{{#uk-button color='primary' on-click=(action 'add')}}
{{t 'vault.add'}}
{{/uk-button}}
{{/card.footer}}
{{/uk-card}}
2 changes: 1 addition & 1 deletion frontend/app/components/vault-tree-node/component.js
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@ import Component from '@ember/component'
export default Component.extend({
tagName: '',

visible: true,
visible: false,

showOnOverview(property) {
return property !== 'path'
Expand Down
3 changes: 1 addition & 2 deletions frontend/app/gitlab/route.js
Original file line number Diff line number Diff line change
Expand Up @@ -7,8 +7,7 @@ import { computed } from '@ember/object'
export default Route.extend(RouteAccessMixin, {
//specify which groups have access to this route.
groups: computed(() => ({
requireAll: ['gitlab'],
requireOne: ['adsy-customer']
requireAll: ['gitlab', 'adsy-customer']
})),

i18n: service(),
Expand Down
2 changes: 2 additions & 0 deletions frontend/app/login/route.js
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,8 @@ import Route from '@ember/routing/route'
import UnauthenticatedRouteMixin from 'ember-simple-auth/mixins/unauthenticated-route-mixin'

export default Route.extend(UnauthenticatedRouteMixin, {
routeIfAlreadyAuthenticated: 'protected.dashboard',

activate() {
document.body.classList.add('login')
},
Expand Down
2 changes: 1 addition & 1 deletion frontend/app/timed-admin/confirm-subscriptions/route.js
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,7 @@ export default Route.extend(RouteAccessMixin, {
notify: service(),

groups: computed(() => ({
requireAll: ['timed', 'adsy-timed-admin']
requireAll: ['adsy-timed-admin']
})),

init() {
Expand Down
1 change: 0 additions & 1 deletion frontend/app/timed-admin/route.js
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,6 @@ import RouteAccessMixin from 'customer-center/mixins/route-access-mixin'

export default Route.extend(RouteAccessMixin, {
groups: computed(() => ({
requireAll: ['timed'],
requireOne: ['adsy-user', 'adsy-timed-admin']
}))
})
3 changes: 1 addition & 2 deletions frontend/app/timed-subscriptions/route.js
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,6 @@ import RouteAccessMixin from 'customer-center/mixins/route-access-mixin'

export default Route.extend(RouteAccessMixin, {
groups: computed(() => ({
requireAll: ['timed'],
requireOne: ['adsy-customer']
requireAll: ['timed', 'adsy-customer']
}))
})
4 changes: 2 additions & 2 deletions tools/docker/vault/scripts/init.sh
Original file line number Diff line number Diff line change
Expand Up @@ -11,12 +11,12 @@ vault write auth/userpass/users/user1 password=123qweasd policies=my-policy
# write some secrets
for i in {1..4}
do
vault write "secret/firewall/abc04-fw0$i.dummy-domain.ch" admin=topsecret
vault write "secret/firewall/abc04-fw0$i.dummy-domain.ch" value=topsecret
done

for user in "Hans-Peter" "Max-Mustermann" "Bea-Beispiel" "Tom-Taylor" "Adfinis-SyGroup-AG"
do
vault write "secret/firewall/abc04-fw02.dummy-domain.ch/VPN_Benutzer-Client_VPN/$user" user=topsecret
vault write "secret/firewall/abc04-fw02.dummy-domain.ch/VPN_Benutzer-Client_VPN/$user" value=topsecret
done

echo "You might need to set this environment var:"
Expand Down

0 comments on commit 3cae3ab

Please sign in to comment.