Auth (#208)

* login/logout workflow * login-workflow fix * auth * comments fix
contiv · Nov 8, 2016 · ed9a33a · ed9a33a
1 parent d2c5ddb
commit ed9a33a
Show file tree

Hide file tree

Showing 26 changed files with 22,421 additions and 21,497 deletions.
diff --git a/app/app.css b/app/app.css
@@ -19,7 +19,7 @@ table thead th[sortfield] span{
     color: #b6b6b8
 }
 
-.login{
+.background{
     /* This image will be displayed fullscreen */
     background: url('images/loginbackground.jpeg') no-repeat center center;
 

diff --git a/app/app.module.ts b/app/app.module.ts
@@ -5,8 +5,6 @@ import { NgModule } from '@angular/core';
 import { BrowserModule } from '@angular/platform-browser';
 import { HttpModule } from "@angular/http";
 import { APP_BASE_HREF, HashLocationStrategy, LocationStrategy } from '@angular/common';
-import { LoginModule } from "./login/login.module";
-import { MenuModule } from "./menu/menu.module";
 import { DashboardModule } from "./dashboard/dashboard.module";
 import { NetworkPoliciesModule } from "./network_policies/networkpolicies.module";
 import { ApplicationGroupsModule } from "./applicationgroups/applicationgroups.module.ts";
@@ -25,8 +23,12 @@ import { CRUDHelperService } from "./components/utils/crudhelperservice";
 import { InspectService } from "./components/utils/inspectservice";
 import { NetworkService } from "./components/utils/networkservice";
 import { NodesService } from "./components/utils/nodesservice";
+import { MenuModule } from "./menu/menu.module";
 import { AppComponent } from "./app.component";
 import appRoutes from "./app.routes.ts";
+import {LoginModule} from "./login/login.module";
+import {AuthService} from "./components/utils/authservice";
+import {AuthGuard} from "./components/utils/authguard";
 
 @NgModule({
     imports: [
@@ -58,6 +60,8 @@ import appRoutes from "./app.routes.ts";
         InspectService,
         NetworkService,
         NodesService,
+        AuthService,
+        AuthGuard,
         { provide: APP_BASE_HREF, useValue: '' },
         { provide: LocationStrategy, useClass: HashLocationStrategy }
     ],

diff --git a/app/app.routes.ts b/app/app.routes.ts
@@ -25,13 +25,19 @@ import {ServicelbListComponent} from "./service_lbs/servicelblistctrl";
 import {ServicelbCreateComponent} from "./service_lbs/servicelbcreatectrl";
 import {ServicelbDetailsComponent} from "./service_lbs/servicelbdetailsctrl";
 import {LoginComponent} from "./login/loginctrl";
+import {AuthGuard} from "./components/utils/authguard";
+import {UnauthorizedComponent} from "./login/unauthorized";
+import {LogoutComponent} from "./login/logoutctrl";
 
 const routes = [
-    {path: 'login', component: LoginComponent},
+    {path: 'login', component: LoginComponent, canActivate: [AuthGuard]},
+    {path: 'logout', component: LogoutComponent, canActivate: [AuthGuard]},
+    {path: 'unauthorized', component: UnauthorizedComponent, canActivate: [AuthGuard]},
     {path: '', redirectTo: 'login', pathMatch: 'full'},
     {
         path: 'm',
         component: MenuComponent,
+        canActivateChild: [AuthGuard],
         children: [
             {path: '', redirectTo: 'dashboard', pathMatch: 'full'},
             {path: 'dashboard', component: DashboardComponent},

diff --git a/app/components/directives/authdirective.ts b/app/components/directives/authdirective.ts
@@ -0,0 +1,30 @@
+/**
+ * Created by cshampur on 11/7/16.
+ */
+
+import {Directive, ElementRef, Renderer, Input, OnInit, TemplateRef, ViewContainerRef} from "@angular/core";
+import {AuthService} from "../utils/authservice";
+
+@Directive({
+    selector: '[auth]'
+})
+
+export class AuthDirective implements OnInit{
+
+    @Input('auth') auth: string;
+    constructor(private authService: AuthService,
+                private templateRef: TemplateRef<any>,
+                private viewContainer: ViewContainerRef){
+        this.auth = '';
+    }
+
+    ngOnInit(){
+        if (this.auth == this.authService.authTokenPayload['role']){
+            this.viewContainer.createEmbeddedView(this.templateRef);
+        }
+        else{
+            this.viewContainer.clear();
+        }
+    }
+}
+
diff --git a/app/components/directives/directives.module.ts b/app/components/directives/directives.module.ts
@@ -9,6 +9,7 @@ import {FormsModule} from "@angular/forms";
 import {CtvAccordionComponent} from "./accordiondirective";
 import {CtvCollapsibleComponent} from "./collapsibledirective";
 import {CtvNamevalueComponent} from "./namevaluedirective";
+import {AuthDirective} from "./authdirective";
 @NgModule({
     imports: [
         CommonModule, FormsModule
@@ -21,7 +22,8 @@ import {CtvNamevalueComponent} from "./namevaluedirective";
         CtvTpaginationComponent,
         CtvAccordionComponent,
         CtvCollapsibleComponent,
-        CtvNamevalueComponent
+        CtvNamevalueComponent,
+        AuthDirective
     ],
     exports: [
         ErrorMessageComponent,
@@ -31,7 +33,8 @@ import {CtvNamevalueComponent} from "./namevaluedirective";
         CtvTpaginationComponent,
         CtvAccordionComponent,
         CtvCollapsibleComponent,
-        CtvNamevalueComponent
+        CtvNamevalueComponent,
+        AuthDirective
     ]
 })
 export class DirectivesModule {}
diff --git a/app/components/models/collection.ts b/app/components/models/collection.ts
@@ -59,7 +59,7 @@ export class Collection extends BaseCollection {
             collection.http.put(url, model).map((res: Response) => res.json()).toPromise()
                 .then(function successCallback(response) {
                     _.remove(collection.models, function (n) {
-                        return n.key == model.key;
+                        return n['key'] == model['key'];
                     });
                     collection.models.push(response);
                     resolve(response);
@@ -83,7 +83,7 @@ export class Collection extends BaseCollection {
             collection.http.delete(url).map((res: Response) => res.json()).toPromise()
                 .then(function successCallback(response) {
                     _.remove(collection.models, function (n) {
-                        return n.key == model.key;
+                        return n['key'] == model['key'];
                     });
                     resolve(response);
                 }, function errorCallback(response) {

diff --git a/app/components/utils/authMatrix.ts b/app/components/utils/authMatrix.ts
@@ -0,0 +1,29 @@
+/**
+ * Created by cshampur on 11/4/16.
+ */
+
+export const AuthMatrix = {
+    'dashboard':                                {'DevOps':'y', 'SysAdmin':'y'},
+    'networkpolicies/list':                     {'DevOps':'y', 'SysAdmin':'y'},
+    'networkpolicies/isolation/create':         {'DevOps':'n', 'SysAdmin':'y'},
+    'networkpolicies/isolation/details':        {'DevOps':'y', 'SysAdmin':'y'},
+    'networkpolicies/isolation/edit':           {'DevOps':'n', 'SysAdmin':'y'},
+    'networkpolicies/bandwidth/create':         {'DevOps':'y', 'SysAdmin':'y'},
+    'networkpolicies/bandwidth/details':        {'DevOps':'y', 'SysAdmin':'y'},
+    'networkpolicies/bandwidth/edit':           {'DevOps':'n', 'SysAdmin':'y'},
+    'applicationgroups/list':                   {'DevOps':'y', 'SysAdmin':'y'},
+    'applicationgroups/create':                 {'DevOps':'n', 'SysAdmin':'y'},
+    'applicationgroups/details':                {'DevOps':'y', 'SysAdmin':'y'},
+    'applicationgroups/edit':                   {'DevOps':'n', 'SysAdmin':'y'},
+    'settings/cluster':                         {'DevOps':'n', 'SysAdmin':'y'},
+    'settings/networks':                        {'DevOps':'n', 'SysAdmin':'y'},
+    'organizations/list':                       {'DevOps':'y', 'SysAdmin':'y'},
+    'organizations/create':                     {'DevOps':'n', 'SysAdmin':'y'},
+    'organizations/details':                    {'DevOps':'y', 'SysAdmin':'y'},
+    'networks/list':                            {'DevOps':'y', 'SysAdmin':'y'},
+    'networks/create':                          {'DevOps':'n', 'SysAdmin':'y'},
+    'networks/details':                         {'DevOps':'y', 'SysAdmin':'y'},
+    'servicelbs/list':                          {'DevOps':'y', 'SysAdmin':'y'},
+    'servicelbs/create':                        {'DevOps':'n', 'SysAdmin':'y'},
+    'servicelbs/details':                       {'DevOps':'y', 'SysAdmin':'y'}
+}
diff --git a/app/components/utils/authguard.ts b/app/components/utils/authguard.ts
@@ -0,0 +1,80 @@
+/**
+ * Created by cshampur on 11/4/16.
+ */
+import { Injectable }       from '@angular/core';
+import {CanActivate, Router, ActivatedRouteSnapshot, RouterStateSnapshot, CanActivateChild} from '@angular/router';
+import {AuthService} from "./authservice";
+import {AuthMatrix} from "./authMatrix";
+import {isNull} from "util";
+
+@Injectable()
+export class AuthGuard implements CanActivate, CanActivateChild {
+
+    accessMatrix:any;
+    unguardedUrls: string[];
+
+    constructor(private authService: AuthService, private router: Router) {
+        this.accessMatrix = AuthMatrix;
+        this.unguardedUrls = ['/unauthorized', '/login', '/logout'];
+    }
+
+    canActivate(route: ActivatedRouteSnapshot, state: RouterStateSnapshot): boolean {
+        let url: string = state.url;
+        if (this.unguardedUrls.indexOf(url) > -1)
+            return true;
+        return this.checkLogin(url);
+    }
+
+    canActivateChild(route: ActivatedRouteSnapshot, state: RouterStateSnapshot): boolean {
+        return this.canActivate(route, state);
+    }
+
+    checkLogin(url: string): boolean {
+
+        if (this.authService.isLoggedIn) {
+            if (this.checkAccess(url))
+                if (this.authService.validateExpiry())
+                    return true;
+                else{
+                    this.loadLogin(url);
+                    return false;
+                }
+            else{
+                this.router.navigate(['/unauthorized']);
+                return false;
+            }
+
+        }
+        // Validate Token Expiration
+        if (!isNull(localStorage.getItem("authToken"))){
+            this.authService.extractBody();
+            if(this.authService.validateExpiry()){
+                this.authService.isLoggedIn = true;
+                if(this.checkAccess(url))
+                    return true;
+                else{
+                    this.router.navigate(['/unauthorized']);
+                }
+            }
+        }
+
+        this.loadLogin(url);
+        return false;
+    }
+
+    loadLogin(url: string): void{
+        // Clean the local storage
+        this.authService.cleanuplocalstorage();
+        // Store the attempted URL for redirecting
+        this.authService.redirectUrl = url;
+        // Navigate to the login page
+        this.router.navigate(['/login']);
+    }
+
+    checkAccess(url:string): boolean{
+        return this.authService.checkAccess(url);
+    }
+
+
+
+}