grafana/pkg/services/anonymous/anonimpl/client.go

package anonimpl

import (
	"context"
	"net/http"
	"strings"
	"time"

	"github.com/grafana/grafana/pkg/infra/log"
	"github.com/grafana/grafana/pkg/services/anonymous"
	"github.com/grafana/grafana/pkg/services/authn"
	"github.com/grafana/grafana/pkg/services/org"
	"github.com/grafana/grafana/pkg/setting"
)

var _ authn.ContextAwareClient = new(Anonymous)

const timeoutTag = 2 * time.Minute

type Anonymous struct {
	cfg               *setting.Cfg
	log               log.Logger
	orgService        org.Service
	anonDeviceService anonymous.Service
}

func (a *Anonymous) Name() string {
	return authn.ClientAnonymous
}

func (a *Anonymous) Authenticate(ctx context.Context, r *authn.Request) (*authn.Identity, error) {
	o, err := a.orgService.GetByName(ctx, &org.GetOrgByNameQuery{Name: a.cfg.AnonymousOrgName})
	if err != nil {
		a.log.FromContext(ctx).Error("Failed to find organization", "name", a.cfg.AnonymousOrgName, "error", err)
		return nil, err
	}

	httpReqCopy := &http.Request{}
	if r.HTTPRequest != nil && r.HTTPRequest.Header != nil {
		// avoid r.HTTPRequest.Clone(context.Background()) as we do not require a full clone
		httpReqCopy.Header = r.HTTPRequest.Header.Clone()
		httpReqCopy.RemoteAddr = r.HTTPRequest.RemoteAddr
	}

	go func() {
		defer func() {
			if err := recover(); err != nil {
				a.log.Warn("Tag anon session panic", "err", err)
			}
		}()

		newCtx, cancel := context.WithTimeout(context.Background(), timeoutTag)
		defer cancel()
		if err := a.anonDeviceService.TagDevice(newCtx, httpReqCopy, anonymous.AnonDeviceUI); err != nil {
			a.log.Warn("Failed to tag anonymous session", "error", err)
		}
	}()

	return &authn.Identity{
		ID:           authn.AnonymousNamespaceID,
		OrgID:        o.ID,
		OrgName:      o.Name,
		OrgRoles:     map[int64]org.RoleType{o.ID: org.RoleType(a.cfg.AnonymousOrgRole)},
		ClientParams: authn.ClientParams{SyncPermissions: true},
	}, nil
}

func (a *Anonymous) Test(ctx context.Context, r *authn.Request) bool {
	// If anonymous client is register it can always be used for authentication
	return true
}

func (a *Anonymous) Priority() uint {
	return 100
}

func (a *Anonymous) UsageStatFn(ctx context.Context) (map[string]any, error) {
	m := map[string]any{}

	// Add stats about anonymous auth
	m["stats.anonymous.customized_role.count"] = 0
	if !strings.EqualFold(a.cfg.AnonymousOrgRole, "Viewer") {
		m["stats.anonymous.customized_role.count"] = 1
	}

	return m, nil
}
Anon: Scaffold anon service (#74744) * remove API tagging method and authed tagging * add anonstore move debug to after cache change test order fix issue where mysql trims to second * add old device cleanup lint utc-ize everything trim whitespace * remove dangling setting * Add delete devices * Move anonymous authnclient to anonimpl * Add simple post login hook * move registration of Background Service cleanup * add updated_at index * do not untag device if login err * add delete device integration test 2023-09-25 22:25:29 +08:00			`package anonimpl`
Auth: Add anonymous authn client (#59637) * Authn: Add Client interface and Reqeust and Identity structures * Authn: Implement Authenticate method in service * Authn: Add tracing * Authn: Add logger * AuthN: Implement Anonymous client 2022-12-02 22:10:03 +08:00
			`import (`
			`"context"`
AnonymousAuth: Fix concurrent read-write crash (#68637) clone http req before tagging 2023-05-22 19:27:28 +08:00			`"net/http"`
Authn: Stat registration (#62934) * reorganize auth usage stats * usage stat privilege elevators * stat count of modified role * cfg related info * add authn anon client * kv store * ensure anon enabled is collected even if client is not registered * fix usage stats test 2023-02-07 00:23:53 +08:00			`"strings"`
Auth: Add authed device tagging (#72442) * add authed device tagging * fix config * implement feedback * implement feedback * add reverse untag behavior * remove duplicate stat * Update pkg/services/anonymous/anonimpl/impl.go 2023-08-01 00:04:28 +08:00			`"time"`
Auth: Add anonymous authn client (#59637) * Authn: Add Client interface and Reqeust and Identity structures * Authn: Implement Authenticate method in service * Authn: Add tracing * Authn: Add logger * AuthN: Implement Anonymous client 2022-12-02 22:10:03 +08:00
			`"github.com/grafana/grafana/pkg/infra/log"`
Authn: Anon session service (#63052) * add anon sessions package * add usage stat fn * implement count for cache * add anonservice to authn broker * lint * add tests for remote cache count * move anon service to services * wrap tagging in goroutine * make func used 2023-02-21 23:21:18 +08:00			`"github.com/grafana/grafana/pkg/services/anonymous"`
Auth: Add anonymous authn client (#59637) * Authn: Add Client interface and Reqeust and Identity structures * Authn: Implement Authenticate method in service * Authn: Add tracing * Authn: Add logger * AuthN: Implement Anonymous client 2022-12-02 22:10:03 +08:00			`"github.com/grafana/grafana/pkg/services/authn"`
			`"github.com/grafana/grafana/pkg/services/org"`
			`"github.com/grafana/grafana/pkg/setting"`
			`)`

AuthN: Rebuild Authenticate so we only have to call it once in context handler (#61705) * API: Add reqSignedIn to router groups * AuthN: Add fall through in context handler * AuthN: Add IsAnonymous field * AuthN: add priority to context aware clients * ContextHandler: Add comment * AuthN: Add a simple priority queue * AuthN: Add Name to client interface * AuthN: register clients with function * AuthN: update mock and fake to implement interface * AuthN: rewrite test without reflection * AuthN: add comment * AuthN: fix queue insert * AuthN: rewrite tests * AuthN: make the queue generic so we can reuse it for hooks * ContextHandler: Add fixme for auth headers * AuthN: remove unused variable * AuthN: use multierror * AuthN: write proper tests for queue * AuthN: Add queue item that can store the value and priority Co-authored-by: Jo <joao.guerreiro@grafana.com> 2023-01-26 17:50:44 +08:00			`var _ authn.ContextAwareClient = new(Anonymous)`
Auth: Add anonymous authn client (#59637) * Authn: Add Client interface and Reqeust and Identity structures * Authn: Implement Authenticate method in service * Authn: Add tracing * Authn: Add logger * AuthN: Implement Anonymous client 2022-12-02 22:10:03 +08:00
Auth: Add authed device tagging (#72442) * add authed device tagging * fix config * implement feedback * implement feedback * add reverse untag behavior * remove duplicate stat * Update pkg/services/anonymous/anonimpl/impl.go 2023-08-01 00:04:28 +08:00			`const timeoutTag = 2 * time.Minute`

Auth: Add anonymous authn client (#59637) * Authn: Add Client interface and Reqeust and Identity structures * Authn: Implement Authenticate method in service * Authn: Add tracing * Authn: Add logger * AuthN: Implement Anonymous client 2022-12-02 22:10:03 +08:00			`type Anonymous struct {`
Auth: Rename Sessions to Devices in counting (#72432) * rename session to device * rename session to device 2023-07-27 17:09:08 +08:00			`cfg *setting.Cfg`
			`log log.Logger`
			`orgService org.Service`
			`anonDeviceService anonymous.Service`
Auth: Add anonymous authn client (#59637) * Authn: Add Client interface and Reqeust and Identity structures * Authn: Implement Authenticate method in service * Authn: Add tracing * Authn: Add logger * AuthN: Implement Anonymous client 2022-12-02 22:10:03 +08:00			`}`

AuthN: Rebuild Authenticate so we only have to call it once in context handler (#61705) * API: Add reqSignedIn to router groups * AuthN: Add fall through in context handler * AuthN: Add IsAnonymous field * AuthN: add priority to context aware clients * ContextHandler: Add comment * AuthN: Add a simple priority queue * AuthN: Add Name to client interface * AuthN: register clients with function * AuthN: update mock and fake to implement interface * AuthN: rewrite test without reflection * AuthN: add comment * AuthN: fix queue insert * AuthN: rewrite tests * AuthN: make the queue generic so we can reuse it for hooks * ContextHandler: Add fixme for auth headers * AuthN: remove unused variable * AuthN: use multierror * AuthN: write proper tests for queue * AuthN: Add queue item that can store the value and priority Co-authored-by: Jo <joao.guerreiro@grafana.com> 2023-01-26 17:50:44 +08:00			`func (a *Anonymous) Name() string {`
			`return authn.ClientAnonymous`
			`}`

Auth: Add anonymous authn client (#59637) * Authn: Add Client interface and Reqeust and Identity structures * Authn: Implement Authenticate method in service * Authn: Add tracing * Authn: Add logger * AuthN: Implement Anonymous client 2022-12-02 22:10:03 +08:00			`func (a Anonymous) Authenticate(ctx context.Context, r authn.Request) (*authn.Identity, error) {`
			`o, err := a.orgService.GetByName(ctx, &org.GetOrgByNameQuery{Name: a.cfg.AnonymousOrgName})`
			`if err != nil {`
Chore: capitalise log message for auth packages (#74332) 2023-09-05 00:49:47 +08:00			`a.log.FromContext(ctx).Error("Failed to find organization", "name", a.cfg.AnonymousOrgName, "error", err)`
Auth: Add anonymous authn client (#59637) * Authn: Add Client interface and Reqeust and Identity structures * Authn: Implement Authenticate method in service * Authn: Add tracing * Authn: Add logger * AuthN: Implement Anonymous client 2022-12-02 22:10:03 +08:00			`return nil, err`
			`}`

AnonymousAuth: Fix concurrent read-write crash (#68637) clone http req before tagging 2023-05-22 19:27:28 +08:00			`httpReqCopy := &http.Request{}`
			`if r.HTTPRequest != nil && r.HTTPRequest.Header != nil {`
			`// avoid r.HTTPRequest.Clone(context.Background()) as we do not require a full clone`
			`httpReqCopy.Header = r.HTTPRequest.Header.Clone()`
			`httpReqCopy.RemoteAddr = r.HTTPRequest.RemoteAddr`
			`}`

Authn: Anon session service (#63052) * add anon sessions package * add usage stat fn * implement count for cache * add anonservice to authn broker * lint * add tests for remote cache count * move anon service to services * wrap tagging in goroutine * make func used 2023-02-21 23:21:18 +08:00			`go func() {`
			`defer func() {`
			`if err := recover(); err != nil {`
Chore: capitalise log message for auth packages (#74332) 2023-09-05 00:49:47 +08:00			`a.log.Warn("Tag anon session panic", "err", err)`
Authn: Anon session service (#63052) * add anon sessions package * add usage stat fn * implement count for cache * add anonservice to authn broker * lint * add tests for remote cache count * move anon service to services * wrap tagging in goroutine * make func used 2023-02-21 23:21:18 +08:00			`}`
			`}()`
Auth: Add authed device tagging (#72442) * add authed device tagging * fix config * implement feedback * implement feedback * add reverse untag behavior * remove duplicate stat * Update pkg/services/anonymous/anonimpl/impl.go 2023-08-01 00:04:28 +08:00
			`newCtx, cancel := context.WithTimeout(context.Background(), timeoutTag)`
			`defer cancel()`
Anon: Scaffold anon service (#74744) * remove API tagging method and authed tagging * add anonstore move debug to after cache change test order fix issue where mysql trims to second * add old device cleanup lint utc-ize everything trim whitespace * remove dangling setting * Add delete devices * Move anonymous authnclient to anonimpl * Add simple post login hook * move registration of Background Service cleanup * add updated_at index * do not untag device if login err * add delete device integration test 2023-09-25 22:25:29 +08:00			`if err := a.anonDeviceService.TagDevice(newCtx, httpReqCopy, anonymous.AnonDeviceUI); err != nil {`
Chore: capitalise log message for auth packages (#74332) 2023-09-05 00:49:47 +08:00			`a.log.Warn("Failed to tag anonymous session", "error", err)`
Authn: Anon session service (#63052) * add anon sessions package * add usage stat fn * implement count for cache * add anonservice to authn broker * lint * add tests for remote cache count * move anon service to services * wrap tagging in goroutine * make func used 2023-02-21 23:21:18 +08:00			`}`
			`}()`

Auth: Add anonymous authn client (#59637) * Authn: Add Client interface and Reqeust and Identity structures * Authn: Implement Authenticate method in service * Authn: Add tracing * Authn: Add logger * AuthN: Implement Anonymous client 2022-12-02 22:10:03 +08:00			`return &authn.Identity{`
AuthN: Fix namespaces for anonymous and render (#75661) * AuthN: remove IsAnonymous from identity struct and set correct namespace for anonymous and render * Don't parse user id for render namespace 2023-09-29 15:10:33 +08:00			`ID: authn.AnonymousNamespaceID,`
AuthN: Make client params part of the identity (#61050) * AuthN: Change client params to be a return value of authenticate * AuthN: move client params to be part of the identity 2023-01-06 03:17:41 +08:00			`OrgID: o.ID,`
			`OrgName: o.Name,`
			`OrgRoles: map[int64]org.RoleType{o.ID: org.RoleType(a.cfg.AnonymousOrgRole)},`
Auth: Add SyncPermissions post auth hook (#64205) * Add SyncPermissionsFromDB post auth hook * Delete FromDB prefix * Align tests * Fixes * Change SyncPermissionsHook prio 2023-03-08 20:35:54 +08:00			`ClientParams: authn.ClientParams{SyncPermissions: true},`
Auth: Add anonymous authn client (#59637) * Authn: Add Client interface and Reqeust and Identity structures * Authn: Implement Authenticate method in service * Authn: Add tracing * Authn: Add logger * AuthN: Implement Anonymous client 2022-12-02 22:10:03 +08:00			`}, nil`
			`}`
Authn: Add client for api keys (#60339) * AuthN: Add functionallity to test if auth client should be used * AuthN: Add bolierplate client for api keys and register it * AuthN: Add tests for api key client * Inject service * AuthN: Update client names * ContextHandler: Set authn service * AuthN: Implement authentication for api key client * ContextHandler: Use authn service for api keys if flag is enabled * AuthN: refactor authentication method to return additional value to indicate if client could perform authentication * update prefixes * Add namespaced id to identity * AuthN: Expand the Identity struct to include required fields from signed in user * Add error for disabled service account * Add function to write error response based on errutil.Error * Add error to log * Return errors based on errutil.Error * pass error * update log message * Fix namespaced ids * Add tests * Lint 2022-12-19 16:22:11 +08:00
			`func (a Anonymous) Test(ctx context.Context, r authn.Request) bool {`
			`// If anonymous client is register it can always be used for authentication`
			`return true`
			`}`
AuthN: Rebuild Authenticate so we only have to call it once in context handler (#61705) * API: Add reqSignedIn to router groups * AuthN: Add fall through in context handler * AuthN: Add IsAnonymous field * AuthN: add priority to context aware clients * ContextHandler: Add comment * AuthN: Add a simple priority queue * AuthN: Add Name to client interface * AuthN: register clients with function * AuthN: update mock and fake to implement interface * AuthN: rewrite test without reflection * AuthN: add comment * AuthN: fix queue insert * AuthN: rewrite tests * AuthN: make the queue generic so we can reuse it for hooks * ContextHandler: Add fixme for auth headers * AuthN: remove unused variable * AuthN: use multierror * AuthN: write proper tests for queue * AuthN: Add queue item that can store the value and priority Co-authored-by: Jo <joao.guerreiro@grafana.com> 2023-01-26 17:50:44 +08:00
			`func (a *Anonymous) Priority() uint {`
			`return 100`
			`}`
Authn: Stat registration (#62934) * reorganize auth usage stats * usage stat privilege elevators * stat count of modified role * cfg related info * add authn anon client * kv store * ensure anon enabled is collected even if client is not registered * fix usage stats test 2023-02-07 00:23:53 +08:00
Chore: use any rather than interface{} (#74066) 2023-08-30 23:46:47 +08:00			`func (a *Anonymous) UsageStatFn(ctx context.Context) (map[string]any, error) {`
			`m := map[string]any{}`
Authn: Stat registration (#62934) * reorganize auth usage stats * usage stat privilege elevators * stat count of modified role * cfg related info * add authn anon client * kv store * ensure anon enabled is collected even if client is not registered * fix usage stats test 2023-02-07 00:23:53 +08:00
			`// Add stats about anonymous auth`
			`m["stats.anonymous.customized_role.count"] = 0`
			`if !strings.EqualFold(a.cfg.AnonymousOrgRole, "Viewer") {`
			`m["stats.anonymous.customized_role.count"] = 1`
			`}`

			`return m, nil`
			`}`