api.go 32 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700701702703704705706707708709710711712713714715716717718719720721722723724725726727728729730731732733734735736737738739740741742743744745746747748749750751752753754755756757758759760761762763764765766767768769770771772773774775776777778779780781782783784785786787788789790791792793794795796797798799800801802803804805806807808809810811812813814815816817818819820821822823824825826827828829830831832833834835836837838839840841842843844845846847848849850851852853854855856857858859860861862863864865866867868869870871872873874875876877878879880881882883884885886887888889890891892893894895896897898899900901902903904905906907908909910911912913914915916917918919920921922923924925926927928929930931932933934935936937938939940941942943944945946947948949950951952953954955956957958959960961962963964965966967968969970971972973974975976977978979980981982983984985986987988989990991992993994995996997998999100010011002100310041005100610071008100910101011101210131014101510161017
  1. package api
  2. import (
  3. ctx "context"
  4. "encoding/json"
  5. "connectrpc.com/connect"
  6. "google.golang.org/protobuf/encoding/protojson"
  7. apiv1 "github.com/OliveTin/OliveTin/gen/olivetin/api/v1"
  8. apiv1connect "github.com/OliveTin/OliveTin/gen/olivetin/api/v1/apiv1connect"
  9. "github.com/google/uuid"
  10. log "github.com/sirupsen/logrus"
  11. "fmt"
  12. "net/http"
  13. "sync"
  14. acl "github.com/OliveTin/OliveTin/internal/acl"
  15. auth "github.com/OliveTin/OliveTin/internal/auth"
  16. config "github.com/OliveTin/OliveTin/internal/config"
  17. entities "github.com/OliveTin/OliveTin/internal/entities"
  18. executor "github.com/OliveTin/OliveTin/internal/executor"
  19. installationinfo "github.com/OliveTin/OliveTin/internal/installationinfo"
  20. connectproto "go.akshayshah.org/connectproto"
  21. )
  22. type oliveTinAPI struct {
  23. executor *executor.Executor
  24. cfg *config.Config
  25. // streamingClients is a set of currently connected clients.
  26. // The empty struct value models set semantics (keys only) and keeps add/remove O(1).
  27. // We use a map for efficient membership and deletion; ordering is not required.
  28. streamingClients map[*streamingClient]struct{}
  29. streamingClientsMutex sync.RWMutex
  30. }
  31. // This is used to avoid race conditions when iterating over the connectedClients map.
  32. // and holds the lock for as minimal time as possible to avoid blocking the API for too long.
  33. func (api *oliveTinAPI) copyOfStreamingClients() []*streamingClient {
  34. api.streamingClientsMutex.RLock()
  35. defer api.streamingClientsMutex.RUnlock()
  36. clients := make([]*streamingClient, 0, len(api.streamingClients))
  37. for client := range api.streamingClients {
  38. clients = append(clients, client)
  39. }
  40. return clients
  41. }
  42. type streamingClient struct {
  43. channel chan *apiv1.EventStreamResponse
  44. AuthenticatedUser *acl.AuthenticatedUser
  45. }
  46. func (api *oliveTinAPI) KillAction(ctx ctx.Context, req *connect.Request[apiv1.KillActionRequest]) (*connect.Response[apiv1.KillActionResponse], error) {
  47. ret := &apiv1.KillActionResponse{
  48. ExecutionTrackingId: req.Msg.ExecutionTrackingId,
  49. }
  50. var execReqLogEntry *executor.InternalLogEntry
  51. execReqLogEntry, ret.Found = api.executor.GetLog(req.Msg.ExecutionTrackingId)
  52. if !ret.Found {
  53. log.Warnf("Killing execution request not possible - not found by tracking ID: %v", req.Msg.ExecutionTrackingId)
  54. return connect.NewResponse(ret), nil
  55. }
  56. log.Warnf("Killing execution request by tracking ID: %v", req.Msg.ExecutionTrackingId)
  57. action := execReqLogEntry.Binding.Action
  58. if action == nil {
  59. log.Warnf("Killing execution request not possible - action not found: %v", execReqLogEntry.ActionTitle)
  60. ret.Killed = false
  61. return connect.NewResponse(ret), nil
  62. }
  63. user := acl.UserFromContext(ctx, req, api.cfg)
  64. api.killActionByTrackingId(user, action, execReqLogEntry, ret)
  65. return connect.NewResponse(ret), nil
  66. }
  67. func (api *oliveTinAPI) killActionByTrackingId(user *acl.AuthenticatedUser, action *config.Action, execReqLogEntry *executor.InternalLogEntry, ret *apiv1.KillActionResponse) {
  68. if !acl.IsAllowedKill(api.cfg, user, action) {
  69. log.Warnf("Killing execution request not possible - user not allowed to kill this action: %v", execReqLogEntry.ExecutionTrackingID)
  70. ret.Killed = false
  71. }
  72. err := api.executor.Kill(execReqLogEntry)
  73. if err != nil {
  74. log.Warnf("Killing execution request err: %v", err)
  75. ret.AlreadyCompleted = true
  76. ret.Killed = false
  77. } else {
  78. ret.Killed = true
  79. }
  80. }
  81. func (api *oliveTinAPI) StartAction(ctx ctx.Context, req *connect.Request[apiv1.StartActionRequest]) (*connect.Response[apiv1.StartActionResponse], error) {
  82. args := make(map[string]string)
  83. for _, arg := range req.Msg.Arguments {
  84. args[arg.Name] = arg.Value
  85. }
  86. pair := api.executor.FindBindingByID(req.Msg.BindingId)
  87. if pair == nil || pair.Action == nil {
  88. return nil, connect.NewError(connect.CodeNotFound, fmt.Errorf("action with ID %s not found", req.Msg.BindingId))
  89. }
  90. authenticatedUser := acl.UserFromContext(ctx, req, api.cfg)
  91. execReq := executor.ExecutionRequest{
  92. Binding: pair,
  93. TrackingID: req.Msg.UniqueTrackingId,
  94. Arguments: args,
  95. AuthenticatedUser: authenticatedUser,
  96. Cfg: api.cfg,
  97. }
  98. api.executor.ExecRequest(&execReq)
  99. ret := &apiv1.StartActionResponse{
  100. ExecutionTrackingId: execReq.TrackingID,
  101. }
  102. return connect.NewResponse(ret), nil
  103. }
  104. func (api *oliveTinAPI) PasswordHash(ctx ctx.Context, req *connect.Request[apiv1.PasswordHashRequest]) (*connect.Response[apiv1.PasswordHashResponse], error) {
  105. hash, err := createHash(req.Msg.Password)
  106. if err != nil {
  107. return nil, connect.NewError(connect.CodeInternal, fmt.Errorf("error creating hash: %w", err))
  108. }
  109. ret := &apiv1.PasswordHashResponse{
  110. Hash: hash,
  111. }
  112. return connect.NewResponse(ret), nil
  113. }
  114. func (api *oliveTinAPI) LocalUserLogin(ctx ctx.Context, req *connect.Request[apiv1.LocalUserLoginRequest]) (*connect.Response[apiv1.LocalUserLoginResponse], error) {
  115. // Check if local user authentication is enabled
  116. if !api.cfg.AuthLocalUsers.Enabled {
  117. return connect.NewResponse(&apiv1.LocalUserLoginResponse{
  118. Success: false,
  119. }), nil
  120. }
  121. match := checkUserPassword(api.cfg, req.Msg.Username, req.Msg.Password)
  122. response := connect.NewResponse(&apiv1.LocalUserLoginResponse{
  123. Success: match,
  124. })
  125. if match {
  126. // Set authentication cookie for successful login
  127. user := api.cfg.FindUserByUsername(req.Msg.Username)
  128. if user != nil {
  129. sid := uuid.NewString()
  130. // Register the session in the session storage
  131. auth.RegisterUserSession(api.cfg, "local", sid, user.Username)
  132. log.WithFields(log.Fields{
  133. "username": user.Username,
  134. }).Info("LocalUserLogin: Session created and registered")
  135. // Set the authentication cookie in the response headers
  136. cookie := &http.Cookie{
  137. Name: "olivetin-sid-local",
  138. Value: sid,
  139. MaxAge: 31556952, // 1 year
  140. HttpOnly: true,
  141. Path: "/",
  142. }
  143. response.Header().Set("Set-Cookie", cookie.String())
  144. }
  145. log.WithFields(log.Fields{
  146. "username": req.Msg.Username,
  147. }).Info("LocalUserLogin: User logged in successfully.")
  148. } else {
  149. log.WithFields(log.Fields{
  150. "username": req.Msg.Username,
  151. }).Warn("LocalUserLogin: User login failed.")
  152. }
  153. return response, nil
  154. }
  155. func (api *oliveTinAPI) StartActionAndWait(ctx ctx.Context, req *connect.Request[apiv1.StartActionAndWaitRequest]) (*connect.Response[apiv1.StartActionAndWaitResponse], error) {
  156. args := make(map[string]string)
  157. for _, arg := range req.Msg.Arguments {
  158. args[arg.Name] = arg.Value
  159. }
  160. user := acl.UserFromContext(ctx, req, api.cfg)
  161. execReq := executor.ExecutionRequest{
  162. Binding: api.executor.FindBindingByID(req.Msg.ActionId),
  163. TrackingID: uuid.NewString(),
  164. Arguments: args,
  165. AuthenticatedUser: user,
  166. Cfg: api.cfg,
  167. }
  168. wg, _ := api.executor.ExecRequest(&execReq)
  169. wg.Wait()
  170. internalLogEntry, ok := api.executor.GetLog(execReq.TrackingID)
  171. if ok {
  172. return connect.NewResponse(&apiv1.StartActionAndWaitResponse{
  173. LogEntry: api.internalLogEntryToPb(internalLogEntry, user),
  174. }), nil
  175. } else {
  176. return nil, fmt.Errorf("execution not found")
  177. }
  178. }
  179. func (api *oliveTinAPI) StartActionByGet(ctx ctx.Context, req *connect.Request[apiv1.StartActionByGetRequest]) (*connect.Response[apiv1.StartActionByGetResponse], error) {
  180. args := make(map[string]string)
  181. execReq := executor.ExecutionRequest{
  182. Binding: api.executor.FindBindingByID(req.Msg.ActionId),
  183. TrackingID: uuid.NewString(),
  184. Arguments: args,
  185. AuthenticatedUser: acl.UserFromContext(ctx, req, api.cfg),
  186. Cfg: api.cfg,
  187. }
  188. _, uniqueTrackingId := api.executor.ExecRequest(&execReq)
  189. return connect.NewResponse(&apiv1.StartActionByGetResponse{
  190. ExecutionTrackingId: uniqueTrackingId,
  191. }), nil
  192. }
  193. func (api *oliveTinAPI) StartActionByGetAndWait(ctx ctx.Context, req *connect.Request[apiv1.StartActionByGetAndWaitRequest]) (*connect.Response[apiv1.StartActionByGetAndWaitResponse], error) {
  194. args := make(map[string]string)
  195. user := acl.UserFromContext(ctx, req, api.cfg)
  196. execReq := executor.ExecutionRequest{
  197. Binding: api.executor.FindBindingByID(req.Msg.ActionId),
  198. TrackingID: uuid.NewString(),
  199. Arguments: args,
  200. AuthenticatedUser: user,
  201. Cfg: api.cfg,
  202. }
  203. wg, _ := api.executor.ExecRequest(&execReq)
  204. wg.Wait()
  205. internalLogEntry, ok := api.executor.GetLog(execReq.TrackingID)
  206. if ok {
  207. return connect.NewResponse(&apiv1.StartActionByGetAndWaitResponse{
  208. LogEntry: api.internalLogEntryToPb(internalLogEntry, user),
  209. }), nil
  210. } else {
  211. return nil, connect.NewError(connect.CodeNotFound, fmt.Errorf("execution not found"))
  212. }
  213. }
  214. func (api *oliveTinAPI) internalLogEntryToPb(logEntry *executor.InternalLogEntry, authenticatedUser *acl.AuthenticatedUser) *apiv1.LogEntry {
  215. pble := &apiv1.LogEntry{
  216. ActionTitle: logEntry.ActionTitle,
  217. ActionIcon: logEntry.ActionIcon,
  218. ActionId: logEntry.ActionId,
  219. DatetimeStarted: logEntry.DatetimeStarted.Format("2006-01-02 15:04:05"),
  220. DatetimeFinished: logEntry.DatetimeFinished.Format("2006-01-02 15:04:05"),
  221. DatetimeIndex: logEntry.Index,
  222. Output: logEntry.Output,
  223. TimedOut: logEntry.TimedOut,
  224. Blocked: logEntry.Blocked,
  225. ExitCode: logEntry.ExitCode,
  226. Tags: logEntry.Tags,
  227. ExecutionTrackingId: logEntry.ExecutionTrackingID,
  228. ExecutionStarted: logEntry.ExecutionStarted,
  229. ExecutionFinished: logEntry.ExecutionFinished,
  230. User: logEntry.Username,
  231. }
  232. if !pble.ExecutionFinished {
  233. pble.CanKill = acl.IsAllowedKill(api.cfg, authenticatedUser, logEntry.Binding.Action)
  234. }
  235. return pble
  236. }
  237. func getExecutionStatusByTrackingID(api *oliveTinAPI, executionTrackingId string) *executor.InternalLogEntry {
  238. logEntry, ok := api.executor.GetLog(executionTrackingId)
  239. if !ok {
  240. return nil
  241. }
  242. return logEntry
  243. }
  244. func getMostRecentExecutionStatusById(api *oliveTinAPI, actionId string) *executor.InternalLogEntry {
  245. var ile *executor.InternalLogEntry
  246. logs := api.executor.GetLogsByActionId(actionId)
  247. if len(logs) == 0 {
  248. return nil
  249. } else {
  250. // Get last log entry
  251. ile = logs[len(logs)-1]
  252. }
  253. return ile
  254. }
  255. func (api *oliveTinAPI) ExecutionStatus(ctx ctx.Context, req *connect.Request[apiv1.ExecutionStatusRequest]) (*connect.Response[apiv1.ExecutionStatusResponse], error) {
  256. res := &apiv1.ExecutionStatusResponse{}
  257. user := acl.UserFromContext(ctx, req, api.cfg)
  258. if err := api.checkDashboardAccess(user); err != nil {
  259. return nil, err
  260. }
  261. var ile *executor.InternalLogEntry
  262. if req.Msg.ExecutionTrackingId != "" {
  263. ile = getExecutionStatusByTrackingID(api, req.Msg.ExecutionTrackingId)
  264. } else {
  265. ile = getMostRecentExecutionStatusById(api, req.Msg.ActionId)
  266. }
  267. if ile == nil {
  268. return nil, connect.NewError(connect.CodeNotFound, fmt.Errorf("execution not found for tracking ID %s or action ID %s", req.Msg.ExecutionTrackingId, req.Msg.ActionId))
  269. } else {
  270. res.LogEntry = api.internalLogEntryToPb(ile, user)
  271. }
  272. return connect.NewResponse(res), nil
  273. }
  274. func (api *oliveTinAPI) Logout(ctx ctx.Context, req *connect.Request[apiv1.LogoutRequest]) (*connect.Response[apiv1.LogoutResponse], error) {
  275. user := acl.UserFromContext(ctx, req, api.cfg)
  276. log.WithFields(log.Fields{
  277. "username": user.Username,
  278. "provider": user.Provider,
  279. }).Info("Logout: User logged out")
  280. response := connect.NewResponse(&apiv1.LogoutResponse{})
  281. // Clear the authentication cookie by setting it to expire
  282. cookie := &http.Cookie{
  283. Name: "olivetin-sid-local",
  284. Value: "",
  285. MaxAge: -1, // This tells the browser to delete the cookie
  286. HttpOnly: true,
  287. Path: "/",
  288. }
  289. response.Header().Set("Set-Cookie", cookie.String())
  290. return response, nil
  291. }
  292. func (api *oliveTinAPI) GetActionBinding(ctx ctx.Context, req *connect.Request[apiv1.GetActionBindingRequest]) (*connect.Response[apiv1.GetActionBindingResponse], error) {
  293. user := acl.UserFromContext(ctx, req, api.cfg)
  294. if err := api.checkDashboardAccess(user); err != nil {
  295. return nil, err
  296. }
  297. binding := api.executor.FindBindingByID(req.Msg.BindingId)
  298. if binding == nil {
  299. return nil, connect.NewError(connect.CodeNotFound, fmt.Errorf("action with ID %s not found", req.Msg.BindingId))
  300. }
  301. return connect.NewResponse(&apiv1.GetActionBindingResponse{
  302. Action: buildAction(binding, &DashboardRenderRequest{
  303. cfg: api.cfg,
  304. AuthenticatedUser: user,
  305. ex: api.executor,
  306. }),
  307. }), nil
  308. }
  309. func (api *oliveTinAPI) GetDashboard(ctx ctx.Context, req *connect.Request[apiv1.GetDashboardRequest]) (*connect.Response[apiv1.GetDashboardResponse], error) {
  310. user := acl.UserFromContext(ctx, req, api.cfg)
  311. if err := api.checkDashboardAccess(user); err != nil {
  312. return nil, err
  313. }
  314. dashboardRenderRequest := api.createDashboardRenderRequest(user)
  315. if api.isDefaultDashboard(req.Msg.Title) {
  316. return api.buildDefaultDashboardResponse(dashboardRenderRequest)
  317. }
  318. return api.buildCustomDashboardResponse(dashboardRenderRequest, req.Msg.Title)
  319. }
  320. func (api *oliveTinAPI) checkDashboardAccess(user *acl.AuthenticatedUser) error {
  321. if user.IsGuest() && api.cfg.AuthRequireGuestsToLogin {
  322. return connect.NewError(connect.CodePermissionDenied, fmt.Errorf("guests are not allowed to access the dashboard"))
  323. }
  324. return nil
  325. }
  326. func (api *oliveTinAPI) createDashboardRenderRequest(user *acl.AuthenticatedUser) *DashboardRenderRequest {
  327. return &DashboardRenderRequest{
  328. AuthenticatedUser: user,
  329. cfg: api.cfg,
  330. ex: api.executor,
  331. }
  332. }
  333. func (api *oliveTinAPI) isDefaultDashboard(title string) bool {
  334. return title == "default" || title == "" || title == "Actions"
  335. }
  336. func (api *oliveTinAPI) buildDefaultDashboardResponse(rr *DashboardRenderRequest) (*connect.Response[apiv1.GetDashboardResponse], error) {
  337. db := buildDefaultDashboard(rr)
  338. res := &apiv1.GetDashboardResponse{
  339. Dashboard: db,
  340. }
  341. return connect.NewResponse(res), nil
  342. }
  343. func (api *oliveTinAPI) buildCustomDashboardResponse(rr *DashboardRenderRequest, title string) (*connect.Response[apiv1.GetDashboardResponse], error) {
  344. res := &apiv1.GetDashboardResponse{
  345. Dashboard: renderDashboard(rr, title),
  346. }
  347. return connect.NewResponse(res), nil
  348. }
  349. func (api *oliveTinAPI) GetLogs(ctx ctx.Context, req *connect.Request[apiv1.GetLogsRequest]) (*connect.Response[apiv1.GetLogsResponse], error) {
  350. user := acl.UserFromContext(ctx, req, api.cfg)
  351. if err := api.checkDashboardAccess(user); err != nil {
  352. return nil, err
  353. }
  354. ret := &apiv1.GetLogsResponse{}
  355. logEntries, paging := api.executor.GetLogTrackingIdsACL(api.cfg, user, req.Msg.StartOffset, api.cfg.LogHistoryPageSize)
  356. for _, le := range logEntries {
  357. ret.Logs = append(ret.Logs, api.internalLogEntryToPb(le, user))
  358. }
  359. ret.CountRemaining = paging.CountRemaining
  360. ret.PageSize = paging.PageSize
  361. ret.TotalCount = paging.TotalCount
  362. ret.StartOffset = paging.StartOffset
  363. return connect.NewResponse(ret), nil
  364. }
  365. func (api *oliveTinAPI) GetActionLogs(ctx ctx.Context, req *connect.Request[apiv1.GetActionLogsRequest]) (*connect.Response[apiv1.GetActionLogsResponse], error) {
  366. user := acl.UserFromContext(ctx, req, api.cfg)
  367. if err := api.checkDashboardAccess(user); err != nil {
  368. return nil, err
  369. }
  370. ret := &apiv1.GetActionLogsResponse{}
  371. filtered := api.filterLogsByACL(api.executor.GetLogsByActionId(req.Msg.ActionId), user)
  372. page := paginate(int64(len(filtered)), api.cfg.LogHistoryPageSize, req.Msg.StartOffset)
  373. if page.empty {
  374. ret.CountRemaining = 0
  375. ret.PageSize = page.size
  376. ret.TotalCount = page.total
  377. ret.StartOffset = page.start
  378. return connect.NewResponse(ret), nil
  379. }
  380. // Newest-first slicing: compute reversed indices
  381. startIdx := page.total - page.end
  382. endIdx := page.total - page.start
  383. if startIdx < 0 { startIdx = 0 }
  384. if endIdx > int64(len(filtered)) { endIdx = int64(len(filtered)) }
  385. for _, le := range filtered[startIdx:endIdx] {
  386. ret.Logs = append(ret.Logs, api.internalLogEntryToPb(le, user))
  387. }
  388. // Entries older than the returned newest page
  389. ret.CountRemaining = page.start
  390. ret.PageSize = page.size
  391. ret.TotalCount = page.total
  392. ret.StartOffset = page.start
  393. return connect.NewResponse(ret), nil
  394. }
  395. func (api *oliveTinAPI) pbLogsFiltered(entries []*executor.InternalLogEntry, user *acl.AuthenticatedUser) []*apiv1.LogEntry {
  396. out := make([]*apiv1.LogEntry, 0, len(entries))
  397. for _, e := range entries {
  398. if e == nil || e.Binding == nil || e.Binding.Action == nil {
  399. continue
  400. }
  401. if acl.IsAllowedLogs(api.cfg, user, e.Binding.Action) {
  402. out = append(out, api.internalLogEntryToPb(e, user))
  403. }
  404. }
  405. return out
  406. }
  407. func (api *oliveTinAPI) filterLogsByACL(entries []*executor.InternalLogEntry, user *acl.AuthenticatedUser) []*executor.InternalLogEntry {
  408. filtered := make([]*executor.InternalLogEntry, 0, len(entries))
  409. for _, e := range entries {
  410. if e == nil || e.Binding == nil || e.Binding.Action == nil {
  411. continue
  412. }
  413. if acl.IsAllowedLogs(api.cfg, user, e.Binding.Action) {
  414. filtered = append(filtered, e)
  415. }
  416. }
  417. return filtered
  418. }
  419. type pageInfo struct {
  420. total int64
  421. size int64
  422. start int64
  423. end int64
  424. empty bool
  425. }
  426. func paginate(total int64, size int64, start int64) pageInfo {
  427. if start < 0 {
  428. start = 0
  429. }
  430. if start >= total {
  431. return pageInfo{total: total, size: size, start: start, end: start, empty: true}
  432. }
  433. end := start + size
  434. if end > total {
  435. end = total
  436. }
  437. return pageInfo{total: total, size: size, start: start, end: end, empty: false}
  438. }
  439. /*
  440. This function is ONLY a helper for the UI - the arguments are validated properly
  441. on the StartAction -> Executor chain. This is here basically to provide helpful
  442. error messages more quickly before starting the action.
  443. */
  444. func (api *oliveTinAPI) ValidateArgumentType(ctx ctx.Context, req *connect.Request[apiv1.ValidateArgumentTypeRequest]) (*connect.Response[apiv1.ValidateArgumentTypeResponse], error) {
  445. err := executor.TypeSafetyCheck("", req.Msg.Value, req.Msg.Type)
  446. desc := ""
  447. if err != nil {
  448. desc = err.Error()
  449. }
  450. return connect.NewResponse(&apiv1.ValidateArgumentTypeResponse{
  451. Valid: err == nil,
  452. Description: desc,
  453. }), nil
  454. }
  455. func (api *oliveTinAPI) WhoAmI(ctx ctx.Context, req *connect.Request[apiv1.WhoAmIRequest]) (*connect.Response[apiv1.WhoAmIResponse], error) {
  456. user := acl.UserFromContext(ctx, req, api.cfg)
  457. if err := api.checkDashboardAccess(user); err != nil {
  458. return nil, err
  459. }
  460. res := &apiv1.WhoAmIResponse{
  461. AuthenticatedUser: user.Username,
  462. Usergroup: user.UsergroupLine,
  463. Provider: user.Provider,
  464. Sid: user.SID,
  465. Acls: user.Acls,
  466. }
  467. return connect.NewResponse(res), nil
  468. }
  469. func (api *oliveTinAPI) SosReport(ctx ctx.Context, req *connect.Request[apiv1.SosReportRequest]) (*connect.Response[apiv1.SosReportResponse], error) {
  470. sos := installationinfo.GetSosReport()
  471. if !api.cfg.InsecureAllowDumpSos {
  472. log.Info(sos)
  473. sos = "Your SOS Report has been logged to OliveTin logs.\n\nIf you are in a safe network, you can temporarily set `insecureAllowDumpSos: true` in your config.yaml, restart OliveTin, and refresh this page - it will put the output directly in the browser."
  474. }
  475. ret := &apiv1.SosReportResponse{
  476. Alert: sos,
  477. }
  478. return connect.NewResponse(ret), nil
  479. }
  480. func (api *oliveTinAPI) DumpVars(ctx ctx.Context, req *connect.Request[apiv1.DumpVarsRequest]) (*connect.Response[apiv1.DumpVarsResponse], error) {
  481. res := &apiv1.DumpVarsResponse{}
  482. if !api.cfg.InsecureAllowDumpVars {
  483. res.Alert = "Dumping variables is not allowed by default because it is insecure."
  484. return connect.NewResponse(res), nil
  485. }
  486. jsonstring, _ := json.MarshalIndent(entities.GetAll(), "", " ")
  487. fmt.Printf("%s", &jsonstring)
  488. res.Alert = "Dumping variables has been enabled in the configuration. Please set InsecureAllowDumpVars = false again after you don't need it anymore"
  489. return connect.NewResponse(res), nil
  490. }
  491. func (api *oliveTinAPI) DumpPublicIdActionMap(ctx ctx.Context, req *connect.Request[apiv1.DumpPublicIdActionMapRequest]) (*connect.Response[apiv1.DumpPublicIdActionMapResponse], error) {
  492. res := &apiv1.DumpPublicIdActionMapResponse{}
  493. res.Contents = make(map[string]*apiv1.ActionEntityPair)
  494. if !api.cfg.InsecureAllowDumpActionMap {
  495. res.Alert = "Dumping Public IDs is disallowed."
  496. return connect.NewResponse(res), nil
  497. }
  498. api.executor.MapActionIdToBindingLock.RLock()
  499. for k, v := range api.executor.MapActionIdToBinding {
  500. res.Contents[k] = &apiv1.ActionEntityPair{
  501. ActionTitle: v.Action.Title,
  502. EntityPrefix: "?",
  503. }
  504. }
  505. api.executor.MapActionIdToBindingLock.RUnlock()
  506. res.Alert = "Dumping variables has been enabled in the configuration. Please set InsecureAllowDumpActionMap = false again after you don't need it anymore"
  507. return connect.NewResponse(res), nil
  508. }
  509. func (api *oliveTinAPI) GetReadyz(ctx ctx.Context, req *connect.Request[apiv1.GetReadyzRequest]) (*connect.Response[apiv1.GetReadyzResponse], error) {
  510. res := &apiv1.GetReadyzResponse{
  511. Status: "OK",
  512. }
  513. return connect.NewResponse(res), nil
  514. }
  515. func (api *oliveTinAPI) EventStream(ctx ctx.Context, req *connect.Request[apiv1.EventStreamRequest], srv *connect.ServerStream[apiv1.EventStreamResponse]) error {
  516. log.Debugf("EventStream: %v", req.Msg)
  517. user := acl.UserFromContext(ctx, req, api.cfg)
  518. if err := api.checkDashboardAccess(user); err != nil {
  519. return err
  520. }
  521. client := &streamingClient{
  522. channel: make(chan *apiv1.EventStreamResponse, 10), // Buffered channel to hold Events
  523. AuthenticatedUser: user,
  524. }
  525. log.Infof("EventStream: client connected: %v", client.AuthenticatedUser.Username)
  526. api.streamingClientsMutex.Lock()
  527. api.streamingClients[client] = struct{}{}
  528. api.streamingClientsMutex.Unlock()
  529. // loop over client channel and send events to connectedClient
  530. for msg := range client.channel {
  531. log.Debugf("Sending event to client: %v", msg)
  532. if err := srv.Send(msg); err != nil {
  533. log.Errorf("Error sending event to client: %v", err)
  534. // Remove disconnected client from the list
  535. api.removeClient(client)
  536. break
  537. }
  538. }
  539. log.Infof("EventStream: client disconnected")
  540. return nil
  541. }
  542. func (api *oliveTinAPI) removeClient(clientToRemove *streamingClient) {
  543. api.streamingClientsMutex.Lock()
  544. delete(api.streamingClients, clientToRemove)
  545. api.streamingClientsMutex.Unlock()
  546. close(clientToRemove.channel)
  547. }
  548. func (api *oliveTinAPI) OnActionMapRebuilt() {
  549. toRemove := []*streamingClient{}
  550. for _, client := range api.copyOfStreamingClients() {
  551. select {
  552. case client.channel <- &apiv1.EventStreamResponse{
  553. Event: &apiv1.EventStreamResponse_ConfigChanged{
  554. ConfigChanged: &apiv1.EventConfigChanged{},
  555. },
  556. }:
  557. default:
  558. log.Warnf("EventStream: client channel is full, removing client")
  559. toRemove = append(toRemove, client)
  560. }
  561. }
  562. for _, client := range toRemove {
  563. api.removeClient(client)
  564. }
  565. }
  566. func (api *oliveTinAPI) OnExecutionStarted(ex *executor.InternalLogEntry) {
  567. toRemove := []*streamingClient{}
  568. for _, client := range api.copyOfStreamingClients() {
  569. select {
  570. case client.channel <- &apiv1.EventStreamResponse{
  571. Event: &apiv1.EventStreamResponse_ExecutionStarted{
  572. ExecutionStarted: &apiv1.EventExecutionStarted{
  573. LogEntry: api.internalLogEntryToPb(ex, client.AuthenticatedUser),
  574. },
  575. },
  576. }:
  577. default:
  578. log.Warnf("EventStream: client channel is full, removing client")
  579. toRemove = append(toRemove, client)
  580. }
  581. }
  582. for _, client := range toRemove {
  583. api.removeClient(client)
  584. }
  585. }
  586. func (api *oliveTinAPI) OnExecutionFinished(ex *executor.InternalLogEntry) {
  587. toRemove := []*streamingClient{}
  588. for _, client := range api.copyOfStreamingClients() {
  589. select {
  590. case client.channel <- &apiv1.EventStreamResponse{
  591. Event: &apiv1.EventStreamResponse_ExecutionFinished{
  592. ExecutionFinished: &apiv1.EventExecutionFinished{
  593. LogEntry: api.internalLogEntryToPb(ex, client.AuthenticatedUser),
  594. },
  595. },
  596. }:
  597. default:
  598. log.Warnf("EventStream: client channel is full, removing client")
  599. toRemove = append(toRemove, client)
  600. }
  601. }
  602. for _, client := range toRemove {
  603. api.removeClient(client)
  604. }
  605. }
  606. func (api *oliveTinAPI) GetDiagnostics(ctx ctx.Context, req *connect.Request[apiv1.GetDiagnosticsRequest]) (*connect.Response[apiv1.GetDiagnosticsResponse], error) {
  607. res := &apiv1.GetDiagnosticsResponse{
  608. SshFoundKey: installationinfo.Runtime.SshFoundKey,
  609. SshFoundConfig: installationinfo.Runtime.SshFoundConfig,
  610. }
  611. return connect.NewResponse(res), nil
  612. }
  613. func (api *oliveTinAPI) Init(ctx ctx.Context, req *connect.Request[apiv1.InitRequest]) (*connect.Response[apiv1.InitResponse], error) {
  614. user := acl.UserFromContext(ctx, req, api.cfg)
  615. loginRequired := user.IsGuest() && api.cfg.AuthRequireGuestsToLogin
  616. res := &apiv1.InitResponse{
  617. ShowFooter: api.cfg.ShowFooter,
  618. ShowNavigation: api.cfg.ShowNavigation,
  619. ShowNewVersions: api.cfg.ShowNewVersions,
  620. AvailableVersion: installationinfo.Runtime.AvailableVersion,
  621. CurrentVersion: installationinfo.Build.Version,
  622. PageTitle: api.cfg.PageTitle,
  623. SectionNavigationStyle: api.cfg.SectionNavigationStyle,
  624. DefaultIconForBack: api.cfg.DefaultIconForBack,
  625. EnableCustomJs: api.cfg.EnableCustomJs,
  626. AuthLoginUrl: api.cfg.AuthLoginUrl,
  627. AuthLocalLogin: api.cfg.AuthLocalUsers.Enabled,
  628. OAuth2Providers: buildPublicOAuth2ProvidersList(api.cfg),
  629. AdditionalLinks: buildAdditionalLinks(api.cfg.AdditionalNavigationLinks),
  630. StyleMods: api.cfg.StyleMods,
  631. RootDashboards: api.buildRootDashboards(user, api.cfg.Dashboards),
  632. AuthenticatedUser: user.Username,
  633. AuthenticatedUserProvider: user.Provider,
  634. EffectivePolicy: buildEffectivePolicy(user.EffectivePolicy),
  635. BannerMessage: api.cfg.BannerMessage,
  636. BannerCss: api.cfg.BannerCSS,
  637. ShowDiagnostics: user.EffectivePolicy.ShowDiagnostics,
  638. ShowLogList: user.EffectivePolicy.ShowLogList,
  639. LoginRequired: loginRequired,
  640. }
  641. return connect.NewResponse(res), nil
  642. }
  643. func (api *oliveTinAPI) buildRootDashboards(user *acl.AuthenticatedUser, dashboards []*config.DashboardComponent) []string {
  644. var rootDashboards []string
  645. dashboardRenderRequest := api.createDashboardRenderRequest(user)
  646. api.addDefaultDashboardIfNeeded(&rootDashboards, dashboardRenderRequest)
  647. api.addCustomDashboards(&rootDashboards, dashboards, dashboardRenderRequest)
  648. return rootDashboards
  649. }
  650. func (api *oliveTinAPI) addDefaultDashboardIfNeeded(rootDashboards *[]string, rr *DashboardRenderRequest) {
  651. defaultDashboard := buildDefaultDashboard(rr)
  652. if defaultDashboard != nil && len(defaultDashboard.Contents) > 0 {
  653. log.Infof("defaultDashboard: %+v", defaultDashboard.Contents)
  654. *rootDashboards = append(*rootDashboards, "Actions")
  655. }
  656. }
  657. func (api *oliveTinAPI) addCustomDashboards(rootDashboards *[]string, dashboards []*config.DashboardComponent, rr *DashboardRenderRequest) {
  658. for _, dashboard := range dashboards {
  659. // We have to build the dashboard response instead of just looping over config.dashboards,
  660. // because we need to check if the user has access to the dashboard
  661. db := renderDashboard(rr, dashboard.Title)
  662. if db != nil {
  663. *rootDashboards = append(*rootDashboards, dashboard.Title)
  664. }
  665. }
  666. }
  667. func buildPublicOAuth2ProvidersList(cfg *config.Config) []*apiv1.OAuth2Provider {
  668. var publicProviders []*apiv1.OAuth2Provider
  669. for _, provider := range cfg.AuthOAuth2Providers {
  670. publicProviders = append(publicProviders, &apiv1.OAuth2Provider{
  671. Title: provider.Title,
  672. Url: provider.AuthUrl,
  673. Icon: provider.Icon,
  674. })
  675. }
  676. return publicProviders
  677. }
  678. func buildAdditionalLinks(links []*config.NavigationLink) []*apiv1.AdditionalLink {
  679. var additionalLinks []*apiv1.AdditionalLink
  680. for _, link := range links {
  681. additionalLinks = append(additionalLinks, &apiv1.AdditionalLink{
  682. Title: link.Title,
  683. Url: link.Url,
  684. })
  685. }
  686. return additionalLinks
  687. }
  688. func (api *oliveTinAPI) OnOutputChunk(content []byte, executionTrackingId string) {
  689. toRemove := []*streamingClient{}
  690. for _, client := range api.copyOfStreamingClients() {
  691. select {
  692. case client.channel <- &apiv1.EventStreamResponse{
  693. Event: &apiv1.EventStreamResponse_OutputChunk{
  694. OutputChunk: &apiv1.EventOutputChunk{
  695. Output: string(content),
  696. ExecutionTrackingId: executionTrackingId,
  697. },
  698. },
  699. }:
  700. default:
  701. log.Warnf("EventStream: client channel is full, removing client")
  702. toRemove = append(toRemove, client)
  703. }
  704. }
  705. for _, client := range toRemove {
  706. api.removeClient(client)
  707. }
  708. }
  709. func (api *oliveTinAPI) GetEntities(ctx ctx.Context, req *connect.Request[apiv1.GetEntitiesRequest]) (*connect.Response[apiv1.GetEntitiesResponse], error) {
  710. user := acl.UserFromContext(ctx, req, api.cfg)
  711. if err := api.checkDashboardAccess(user); err != nil {
  712. return nil, err
  713. }
  714. res := &apiv1.GetEntitiesResponse{
  715. EntityDefinitions: make([]*apiv1.EntityDefinition, 0),
  716. }
  717. for name, entityInstances := range entities.GetEntities() {
  718. def := &apiv1.EntityDefinition{
  719. Title: name,
  720. UsedOnDashboards: findDashboardsForEntity(name, api.cfg.Dashboards),
  721. }
  722. for _, e := range entityInstances {
  723. entity := &apiv1.Entity{
  724. Title: e.Title,
  725. UniqueKey: e.UniqueKey,
  726. Type: name,
  727. }
  728. def.Instances = append(def.Instances, entity)
  729. }
  730. res.EntityDefinitions = append(res.EntityDefinitions, def)
  731. }
  732. return connect.NewResponse(res), nil
  733. }
  734. func findDashboardsForEntity(entityTitle string, dashboards []*config.DashboardComponent) []string {
  735. var foundDashboards []string
  736. findEntityInComponents(entityTitle, "", dashboards, &foundDashboards)
  737. return foundDashboards
  738. }
  739. func findEntityInComponents(entityTitle string, parentTitle string, components []*config.DashboardComponent, foundDashboards *[]string) {
  740. for _, component := range components {
  741. if component.Entity == entityTitle {
  742. *foundDashboards = append(*foundDashboards, parentTitle)
  743. }
  744. if len(component.Contents) > 0 {
  745. findEntityInComponents(entityTitle, component.Title, component.Contents, foundDashboards)
  746. }
  747. }
  748. }
  749. func (api *oliveTinAPI) GetEntity(ctx ctx.Context, req *connect.Request[apiv1.GetEntityRequest]) (*connect.Response[apiv1.Entity], error) {
  750. user := acl.UserFromContext(ctx, req, api.cfg)
  751. if err := api.checkDashboardAccess(user); err != nil {
  752. return nil, err
  753. }
  754. res := &apiv1.Entity{}
  755. instances := entities.GetEntityInstances(req.Msg.Type)
  756. log.Infof("msg: %+v", req.Msg)
  757. if len(instances) == 0 {
  758. return nil, connect.NewError(connect.CodeNotFound, fmt.Errorf("entity type %s not found", req.Msg.Type))
  759. }
  760. if entity, ok := instances[req.Msg.UniqueKey]; !ok {
  761. return nil, connect.NewError(connect.CodeNotFound, fmt.Errorf("entity with unique key %s not found in type %s", req.Msg.UniqueKey, req.Msg.Type))
  762. } else {
  763. res.Title = entity.Title
  764. return connect.NewResponse(res), nil
  765. }
  766. }
  767. func (api *oliveTinAPI) RestartAction(ctx ctx.Context, req *connect.Request[apiv1.RestartActionRequest]) (*connect.Response[apiv1.StartActionResponse], error) {
  768. ret := &apiv1.StartActionResponse{
  769. ExecutionTrackingId: req.Msg.ExecutionTrackingId,
  770. }
  771. var execReqLogEntry *executor.InternalLogEntry
  772. execReqLogEntry, found := api.executor.GetLog(req.Msg.ExecutionTrackingId)
  773. if !found {
  774. log.Warnf("Restarting execution request not possible - not found by tracking ID: %v", req.Msg.ExecutionTrackingId)
  775. return connect.NewResponse(ret), nil
  776. }
  777. log.Warnf("Restarting execution request by tracking ID: %v", req.Msg.ExecutionTrackingId)
  778. action := execReqLogEntry.Binding.Action
  779. if action == nil {
  780. log.Warnf("Restarting execution request not possible - action not found: %v", execReqLogEntry.ActionTitle)
  781. return connect.NewResponse(ret), nil
  782. }
  783. return api.StartAction(ctx, &connect.Request[apiv1.StartActionRequest]{
  784. Msg: &apiv1.StartActionRequest{
  785. // FIXME
  786. UniqueTrackingId: req.Msg.ExecutionTrackingId,
  787. },
  788. })
  789. }
  790. func newServer(ex *executor.Executor) *oliveTinAPI {
  791. server := oliveTinAPI{}
  792. server.cfg = ex.Cfg
  793. server.executor = ex
  794. server.streamingClients = make(map[*streamingClient]struct{})
  795. ex.AddListener(&server)
  796. return &server
  797. }
  798. func GetNewHandler(ex *executor.Executor) (string, http.Handler) {
  799. server := newServer(ex)
  800. jsonOpt := connectproto.WithJSON(
  801. protojson.MarshalOptions{
  802. EmitUnpopulated: true, // https://github.com/OliveTin/OliveTin/issues/674
  803. },
  804. protojson.UnmarshalOptions{
  805. DiscardUnknown: true,
  806. },
  807. )
  808. return apiv1connect.NewOliveTinApiServiceHandler(server, jsonOpt)
  809. }