From db7be6e26ef2529b9311f13f96adfcb81664b355 Mon Sep 17 00:00:00 2001
From: niravparikh05 <nir.parikh05@gmail.com>
Date: Mon, 25 Apr 2022 17:24:08 +0530
Subject: [PATCH 1/2] changes to support prompt

---
 internal/dao/project.go   | 23 +++++++++++++++--------
 main.go                   |  1 +
 pkg/auth/v3/middleware.go | 22 ++++++++++++++++------
 3 files changed, 32 insertions(+), 14 deletions(-)

diff --git a/internal/dao/project.go b/internal/dao/project.go
index 04f1800..2a54aed 100644
--- a/internal/dao/project.go
+++ b/internal/dao/project.go
@@ -9,24 +9,31 @@ import (
 	"github.com/uptrace/bun"
 )
 
-func GetProjectOrganization(ctx context.Context, db bun.IDB, name string) (string, string, error) {
-	type projectOrg struct {
-		Project      string
-		Organization string
-	}
-	var r projectOrg
+type ProjectOrg struct {
+	Project        string
+	Organization   string
+	ProjectId      string
+	OrganizationId string
+	PartnerId      string
+}
+
+func GetProjectOrganization(ctx context.Context, db bun.IDB, name string) (ProjectOrg, error) {
+	var r ProjectOrg
 	err := db.NewSelect().Table("authsrv_project").
 		ColumnExpr("authsrv_project.name as project").
 		ColumnExpr("authsrv_organization.name as organization").
+		ColumnExpr("authsrv_project.id as project_id").
+		ColumnExpr("authsrv_organization.id as organization_id").
+		ColumnExpr("authsrv_organization.partner_id as partner_id").
 		Join(`JOIN authsrv_organization ON authsrv_project.organization_id=authsrv_organization.id`).
 		Where("authsrv_project.name = ?", name).
 		Where("authsrv_project.trash = ?", false).
 		Where("authsrv_organization.trash = ?", false).
 		Scan(ctx, &r)
 	if err != nil {
-		return "", "", err
+		return r, err
 	}
-	return r.Project, r.Organization, nil
+	return r, nil
 }
 
 func GetFileteredProjects(ctx context.Context, db bun.IDB, account, partner, org uuid.UUID) ([]models.Project, error) {
diff --git a/main.go b/main.go
index edc18ec..e91ef0b 100644
--- a/main.go
+++ b/main.go
@@ -585,6 +585,7 @@ func runRPC(wg *sync.WaitGroup, ctx context.Context) {
 			ExcludeRPCMethods: []string{
 				"/rafay.dev.sentry.rpc.Bootstrap/GetBootstrapAgentTemplate",
 				"/rafay.dev.sentry.rpc.Bootstrap/RegisterBootstrapAgent",
+				"/rafay.dev.sentry.rpc.KubeConfig/GetForClusterWebSession", //TODO: enable auth from prompt
 			},
 			ExcludeAuthzMethods: []string{
 				"/rafay.dev.rpc.v3.User/GetUserInfo",
diff --git a/pkg/auth/v3/middleware.go b/pkg/auth/v3/middleware.go
index bb41491..6584740 100644
--- a/pkg/auth/v3/middleware.go
+++ b/pkg/auth/v3/middleware.go
@@ -49,21 +49,21 @@ func (am *authMiddleware) ServeHTTP(rw http.ResponseWriter, r *http.Request, nex
 	// Auth is primarily done via grpc endpoints, this is only used
 	// for endoints which do not go through grpc As of now, it is just
 	// prompt.
-	var proj string
-	var org string
+	var poResp dao.ProjectOrg
 
 	if strings.HasPrefix(r.URL.String(), "/v2/debug/prompt/project/") {
 		// /v2/debug/prompt/project/:project/cluster/:cluster_name
 		splits := strings.Split(r.URL.String(), "/")
 		if len(splits) > 5 {
 			// we have to fetch the org info for casbin
-			proj, org, err := dao.GetProjectOrganization(r.Context(), am.db, splits[5])
+			res, err := dao.GetProjectOrganization(r.Context(), am.db, splits[5])
 			if err != nil {
 				_log.Errorf("Failed to authenticate: unable to find project")
 				http.Error(rw, http.StatusText(http.StatusForbidden), http.StatusForbidden)
 				return
 			}
-			_log.Info("found project with organization %s %s", proj, org)
+			_log.Info("found project with organization ", res.Organization)
+			poResp = res
 		}
 	} else {
 		// The middleware to only used with routes which does not have
@@ -79,8 +79,8 @@ func (am *authMiddleware) ServeHTTP(rw http.ResponseWriter, r *http.Request, nex
 		XSessionToken: r.Header.Get("X-Session-Token"),
 		XApiKey:       r.Header.Get("X-RAFAY-API-KEYID"),
 		Cookie:        r.Header.Get("Cookie"),
-		Project:       proj,
-		Org:           org,
+		Project:       poResp.Project,
+		Org:           poResp.Organization,
 	}
 	res, err := am.ac.IsRequestAllowed(r.Context(), r, req)
 	if err != nil {
@@ -92,6 +92,16 @@ func (am *authMiddleware) ServeHTTP(rw http.ResponseWriter, r *http.Request, nex
 	s := res.GetStatus()
 	switch s {
 	case commonpbv3.RequestStatus_RequestAllowed:
+		//udpate the session data response to be used within prompt
+		res.SessionData.Organization = poResp.OrganizationId
+		res.SessionData.Partner = poResp.PartnerId
+		res.SessionData.Project = &commonpbv3.ProjectData{
+			List: []*commonpbv3.ProjectRole{
+				{
+					ProjectId: poResp.ProjectId,
+				},
+			},
+		}
 		ctx := context.WithValue(r.Context(), common.SessionDataKey, res.SessionData)
 		next(rw, r.WithContext(ctx))
 		return

From 6cc586408231b132a9eeae9e47f4218da36e150d Mon Sep 17 00:00:00 2001
From: niravparikh05 <nir.parikh05@gmail.com>
Date: Mon, 25 Apr 2022 17:59:31 +0530
Subject: [PATCH 2/2] fix for get user kubeconfig

---
 pkg/sentry/kubeconfig/kubeconfig.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pkg/sentry/kubeconfig/kubeconfig.go b/pkg/sentry/kubeconfig/kubeconfig.go
index 39ac5bf..7abd720 100644
--- a/pkg/sentry/kubeconfig/kubeconfig.go
+++ b/pkg/sentry/kubeconfig/kubeconfig.go
@@ -103,7 +103,7 @@ func getProjectsForAccount(ctx context.Context, accountID, orgID, partnerID stri
 		}
 		projects = append(projects, ap.ProjectID)
 		projectsMap[ap.ProjectID] = ap.Scope
-		if ap.Scope == "ORGANIZATION" {
+		if ap.Scope == "organization" {
 			isOrgScope = true
 		}
 	}