Centralize rights management

2024-11-30 10:26:14 +01:00
parent 74ab902180
commit 184a106542
11 changed files with 209 additions and 235 deletions
--- a/remote_backend/src/app_config.rs
+++ b/remote_backend/src/app_config.rs
@ -29,7 +29,7 @@ pub struct AppConfig {
    #[arg(
        long,
        env,
-        default_value = "http://localhost:9001/.well-known/openid-configuration"
+        default_value = "http://localhost:9001/dex/.well-known/openid-configuration"
    )]
    pub oidc_configuration_url: String,

--- a/remote_backend/src/controllers/server_controller.rs
+++ b/remote_backend/src/controllers/server_controller.rs
@ -1,6 +1,8 @@
 use crate::app_config::AppConfig;
 use crate::controllers::HttpResult;
 use crate::extractors::auth_extractor::AuthExtractor;
+use crate::virtweb_client;
+use crate::virtweb_client::VMUuid;
 use actix_web::HttpResponse;

 #[derive(serde::Serialize)]
@ -15,3 +17,59 @@ pub async fn config(auth: AuthExtractor) -> HttpResult {
        disable_auth: AppConfig::get().unsecure_disable_login,
    }))
 }
+
+#[derive(Default, Debug, serde::Serialize)]
+pub struct Rights {
+    vms: Vec<VMInfoAndCaps>,
+    sys_info: bool,
+}
+
+#[derive(Debug, serde::Serialize)]
+pub struct VMInfoAndCaps {
+    uiid: VMUuid,
+    name: String,
+    description: Option<String>,
+    architecture: String,
+    memory: usize,
+    number_vcpu: usize,
+    can_get_state: bool,
+    can_start: bool,
+    can_shutdown: bool,
+    can_kill: bool,
+    can_reset: bool,
+    can_suspend: bool,
+    can_resume: bool,
+    can_screenshot: bool,
+}
+
+pub async fn rights() -> HttpResult {
+    let rights = virtweb_client::get_token_info().await?;
+
+    let mut res = Rights {
+        vms: vec![],
+        sys_info: rights.can_retrieve_system_info(),
+    };
+
+    for v in rights.list_vm() {
+        let vm_info = virtweb_client::vm_info(v).await?;
+
+        res.vms.push(VMInfoAndCaps {
+            uiid: vm_info.uuid,
+            name: vm_info.name,
+            description: vm_info.description.clone(),
+            architecture: vm_info.architecture.to_string(),
+            memory: vm_info.memory,
+            number_vcpu: vm_info.number_vcpu,
+            can_get_state: rights.is_route_allowed("GET", &v.route_state()),
+            can_start: rights.is_route_allowed("GET", &v.route_start()),
+            can_shutdown: rights.is_route_allowed("GET", &v.route_shutdown()),
+            can_kill: rights.is_route_allowed("GET", &v.route_kill()),
+            can_reset: rights.is_route_allowed("GET", &v.route_reset()),
+            can_suspend: rights.is_route_allowed("GET", &v.route_suspend()),
+            can_resume: rights.is_route_allowed("GET", &v.route_resume()),
+            can_screenshot: rights.is_route_allowed("GET", &v.route_screenshot()),
+        })
+    }
+
+    Ok(HttpResponse::Ok().json(res))
+}
--- a/remote_backend/src/controllers/sys_info_controller.rs
+++ b/remote_backend/src/controllers/sys_info_controller.rs
@ -2,20 +2,6 @@ use crate::controllers::HttpResult;
 use crate::virtweb_client;
 use actix_web::HttpResponse;

-#[derive(serde::Serialize)]
-struct SysInfoStatus {
-    allowed: bool,
-}
-
-/// Check if system info can be retrieved
-pub async fn config() -> HttpResult {
-    let info = virtweb_client::get_token_info().await?;
-
-    Ok(HttpResponse::Ok().json(SysInfoStatus {
-        allowed: info.can_retrieve_system_info(),
-    }))
-}
-
 /// Get current system status
 pub async fn status() -> HttpResult {
    Ok(HttpResponse::Ok().json(virtweb_client::get_server_info().await?))
--- a/remote_backend/src/controllers/vm_controller.rs
+++ b/remote_backend/src/controllers/vm_controller.rs
@ -5,54 +5,6 @@ use crate::virtweb_client;
 use crate::virtweb_client::VMUuid;
 use actix_web::{web, HttpResponse};

-#[derive(Debug, serde::Serialize)]
-pub struct VMInfoAndCaps {
-    uiid: VMUuid,
-    name: String,
-    description: Option<String>,
-    architecture: String,
-    memory: usize,
-    number_vcpu: usize,
-    can_get_state: bool,
-    can_start: bool,
-    can_shutdown: bool,
-    can_kill: bool,
-    can_reset: bool,
-    can_suspend: bool,
-    can_resume: bool,
-    can_screenshot: bool,
-}
-
-/// Get the list of VMs that can be controlled by VirtWeb remote
-pub async fn list() -> HttpResult {
-    let rights = virtweb_client::get_token_info().await?;
-
-    let mut res = vec![];
-
-    for v in rights.list_vm() {
-        let vm_info = virtweb_client::vm_info(v).await?;
-
-        res.push(VMInfoAndCaps {
-            uiid: vm_info.uuid,
-            name: vm_info.name,
-            description: vm_info.description.clone(),
-            architecture: vm_info.architecture.to_string(),
-            memory: vm_info.memory,
-            number_vcpu: vm_info.number_vcpu,
-            can_get_state: rights.is_route_allowed("GET", &v.route_state()),
-            can_start: rights.is_route_allowed("GET", &v.route_start()),
-            can_shutdown: rights.is_route_allowed("GET", &v.route_shutdown()),
-            can_kill: rights.is_route_allowed("GET", &v.route_kill()),
-            can_reset: rights.is_route_allowed("GET", &v.route_reset()),
-            can_suspend: rights.is_route_allowed("GET", &v.route_suspend()),
-            can_resume: rights.is_route_allowed("GET", &v.route_resume()),
-            can_screenshot: rights.is_route_allowed("GET", &v.route_screenshot()),
-        })
-    }
-
-    Ok(HttpResponse::Ok().json(res))
-}
-
 #[derive(serde::Deserialize)]
 pub struct ReqPath {
    uid: VMUuid,
--- a/remote_backend/src/main.rs
+++ b/remote_backend/src/main.rs
@ -82,8 +82,11 @@ async fn main() -> std::io::Result<()> {
                "/api/auth/sign_out",
                web::get().to(auth_controller::sign_out),
            )
+            .route(
+                "/api/server/rights",
+                web::get().to(server_controller::rights),
+            )
            // VM routes
-            .route("/api/vm/list", web::get().to(vm_controller::list))
            .route("/api/vm/{uid}/state", web::get().to(vm_controller::state))
            .route("/api/vm/{uid}/start", web::get().to(vm_controller::start))
            .route(
@ -102,10 +105,6 @@ async fn main() -> std::io::Result<()> {
                web::get().to(vm_controller::screenshot),
            )
            // Sys info routes
-            .route(
-                "/api/sysinfo/config",
-                web::get().to(sys_info_controller::config),
-            )
            .route(
                "/api/sysinfo/status",
                web::get().to(sys_info_controller::status),