softplayer-backend/internal/controllers/accounts.go

package controllers

import (
	"context"
	"fmt"
	"time"

	"git.badhouseplants.net/softplayer/softplayer-backend/internal/helpers/hash"
	"git.badhouseplants.net/softplayer/softplayer-backend/internal/helpers/kube"
	"github.com/google/uuid"
	corev1 "k8s.io/api/core/v1"
	rbacv1 "k8s.io/api/rbac/v1"
	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"

	"k8s.io/apimachinery/pkg/types"
	ctrl "sigs.k8s.io/controller-runtime"
)

type Account struct {
	Controller ctrl.Manager
	Params     AccountParams
	Data       *AccountData
	Token      string
}

type AccountParams struct {
	HashCost int16
}

type AccountData struct {
	Username string
	Password string
	Email    string
	UUID     string
}

func (acc *Account) Create(ctx context.Context) error {
	client := acc.Controller.GetClient()
	acc.Data.UUID = uuid.New().String()

	passwordHash, err := hash.HashPassword(acc.Data.Password, int(acc.Params.HashCost))
	if err != nil {
		return nil
	}

	namespace := &corev1.Namespace{
		ObjectMeta: metav1.ObjectMeta{
			Name: acc.Data.UUID,
			Labels: map[string]string{
				"username":       acc.Data.Username,
				"email-verified": "false",
				"managed-by":     "softplayer",
			},
		},
	}

	if err := kube.Create(ctx, client, namespace, true); err != nil {
		return err
	}

	if err := client.Get(ctx, types.NamespacedName{
		Name: acc.Data.UUID,
	}, namespace); err != nil {
		if err := client.Delete(ctx, namespace); err != nil {
			return err
		}
		return err
	}

	// Create a secret with the account data
	secret := &corev1.Secret{
		ObjectMeta: metav1.ObjectMeta{
			Name:      acc.Data.Username,
			Namespace: "softplayer-accounts",
		},
		StringData: map[string]string{
			"uuid":     acc.Data.UUID,
			"email":    acc.Data.Email,
			"password": passwordHash,
		},
	}

	if err := client.Create(ctx, kube.SetOwnerRef(ctx, client, secret, namespace)); err != nil {
		if err := client.Delete(ctx, namespace); err != nil {
			return err
		}
		return err
	}

	// Prepare RBAC resources for the account
	role := &rbacv1.Role{
		ObjectMeta: metav1.ObjectMeta{Name: acc.Data.Username, Namespace: acc.Data.UUID},
		Rules:      []rbacv1.PolicyRule{{Verbs: []string{"get", "watch", "list", "create", "patch", "delete", "update"}, APIGroups: []string{""}, Resources: []string{"configmaps", "secrets"}}},
	}

	if err := client.Create(ctx, role); err != nil {
		if err := client.Delete(ctx, namespace); err != nil {
			return err
		}
		return err
	}

	sa := &corev1.ServiceAccount{
		ObjectMeta: metav1.ObjectMeta{
			Name:      acc.Data.UUID,
			Namespace: acc.Data.UUID,
		},
	}

	if err := client.Create(ctx, sa); err != nil {
		if err := client.Delete(ctx, namespace); err != nil {
			return err
		}
		return err
	}

	rb := &rbacv1.RoleBinding{
		ObjectMeta: metav1.ObjectMeta{
			Name:      acc.Data.UUID,
			Namespace: acc.Data.UUID,
		},
		Subjects: []rbacv1.Subject{
			{
				Kind:      "ServiceAccount",
				Name:      acc.Data.UUID,
				Namespace: acc.Data.UUID,
			},
		},
		RoleRef: rbacv1.RoleRef{
			APIGroup: "rbac.authorization.k8s.io",
			Kind:     "Role",
			Name:     acc.Data.Username,
		},
	}

	if err := client.Create(ctx, rb); err != nil {
		if err := client.Delete(ctx, namespace); err != nil {
			return err
		}
		return err
	}

	tokenName := fmt.Sprintf("sa-%s", acc.Data.UUID)
	saSec := &corev1.Secret{
		ObjectMeta: metav1.ObjectMeta{
			Name:      tokenName,
			Namespace: acc.Data.UUID,
			Annotations: map[string]string{
				"kubernetes.io/service-account.name": acc.Data.UUID,
			},
		},
		Type: "kubernetes.io/service-account-token",
	}

	if err := client.Create(ctx, saSec); err != nil {
		if err := client.Delete(ctx, namespace); err != nil {
			return err
		}
		return err
	}
	if err := kube.WaitUntilCreated(ctx, client, saSec, 10, time.Millisecond*50); err != nil {
		return err
	}

	acc.Token, err = acc.getToken(ctx, saSec)
	if err != nil {
		if err := client.Delete(ctx, namespace); err != nil {
			return err
		}
		return err
	}
	return nil
}

func (acc *Account) Login(ctx context.Context) error {
	client := acc.Controller.GetClient()
	sec := &corev1.Secret{}

	if err := client.Get(ctx, types.NamespacedName{
		Namespace: "softplayer-accounts",
		Name:      acc.Data.Username,
	}, sec); err != nil {
		return err
	}

	if err := hash.CheckPasswordHash(acc.Data.Password, string(sec.Data["password"])); err != nil {
		return err
	}

	acc.Data.UUID = string(sec.Data["uuid"])
	tokenName := fmt.Sprintf("sa-%s", acc.Data.UUID)
	saSec := &corev1.Secret{
		ObjectMeta: metav1.ObjectMeta{
			Name:      tokenName,
			Namespace: acc.Data.UUID,
			Annotations: map[string]string{
				"kubernetes.io/service-account.name": acc.Data.UUID,
			},
		},
		Type: "kubernetes.io/service-account-token",
	}
	var err error
	acc.Token, err = acc.getToken(ctx, saSec)
	if err != nil {
		return err
	}
	return nil
}

func (acc *Account) getToken(ctx context.Context, saSec *corev1.Secret) (string, error) {
	client := acc.Controller.GetClient()
	if err := client.Get(ctx, types.NamespacedName{
		Namespace: acc.Data.UUID,
		Name:      saSec.ObjectMeta.Name,
	}, saSec); err != nil {
		return "", err
	}
	return string(saSec.Data["token"]), nil
}
Init commit 2024-03-19 15:49:29 +00:00			`package controllers`

			`import (`
			`"context"`
			`"fmt"`
This is a combination of 4 commits. Fix the image 2024-03-19 16:20:32 +00:00			`"time"`
Init commit 2024-03-19 15:49:29 +00:00
WIP: Something is going on 2024-03-21 17:39:32 +00:00			`"git.badhouseplants.net/softplayer/softplayer-backend/internal/helpers/hash"`
Verification emails 2024-03-21 20:10:56 +00:00			`"git.badhouseplants.net/softplayer/softplayer-backend/internal/helpers/kube"`
Init commit 2024-03-19 15:49:29 +00:00			`"github.com/google/uuid"`
			`corev1 "k8s.io/api/core/v1"`
			`rbacv1 "k8s.io/api/rbac/v1"`
			`metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"`
This is a combination of 4 commits. Fix the image 2024-03-19 16:20:32 +00:00
Init commit 2024-03-19 15:49:29 +00:00			`"k8s.io/apimachinery/pkg/types"`
			`ctrl "sigs.k8s.io/controller-runtime"`
			`)`

			`type Account struct {`
			`Controller ctrl.Manager`
WIP: Something is going on 2024-03-21 17:39:32 +00:00			`Params AccountParams`
Init commit 2024-03-19 15:49:29 +00:00			`Data *AccountData`
WIP: Something is going on 2024-03-21 17:39:32 +00:00			`Token string`
Init commit 2024-03-19 15:49:29 +00:00			`}`

This is a combination of 4 commits. Fix the image 2024-03-19 16:20:32 +00:00			`type AccountParams struct {`
			`HashCost int16`
			`}`
WIP: Something is going on 2024-03-21 17:39:32 +00:00
Init commit 2024-03-19 15:49:29 +00:00			`type AccountData struct {`
			`Username string`
			`Password string`
			`Email string`
			`UUID string`
			`}`

			`func (acc *Account) Create(ctx context.Context) error {`
			`client := acc.Controller.GetClient()`
			`acc.Data.UUID = uuid.New().String()`
Verification emails 2024-03-21 20:10:56 +00:00
WIP: Something is going on 2024-03-21 17:39:32 +00:00			`passwordHash, err := hash.HashPassword(acc.Data.Password, int(acc.Params.HashCost))`
Init commit 2024-03-19 15:49:29 +00:00			`if err != nil {`
			`return nil`
			`}`
WIP: Something is going on 2024-03-21 17:39:32 +00:00
Verification emails 2024-03-21 20:10:56 +00:00			`namespace := &corev1.Namespace{`
Init commit 2024-03-19 15:49:29 +00:00			`ObjectMeta: metav1.ObjectMeta{`
			`Name: acc.Data.UUID,`
Verification emails 2024-03-21 20:10:56 +00:00			`Labels: map[string]string{`
Create an env using api 2024-04-03 18:05:23 +00:00			`"username": acc.Data.Username,`
Verification emails 2024-03-21 20:10:56 +00:00			`"email-verified": "false",`
Add a list function 2024-04-15 13:45:05 +00:00			`"managed-by": "softplayer",`
Verification emails 2024-03-21 20:10:56 +00:00			`},`
Init commit 2024-03-19 15:49:29 +00:00			`},`
			`}`
Create an env using api 2024-04-03 18:05:23 +00:00
			`if err := kube.Create(ctx, client, namespace, true); err != nil {`
This is a combination of 4 commits. Fix the image 2024-03-19 16:20:32 +00:00			`return err`
			`}`

Init commit 2024-03-19 15:49:29 +00:00			`if err := client.Get(ctx, types.NamespacedName{`
WIP: Something is going on 2024-03-21 17:39:32 +00:00			`Name: acc.Data.UUID,`
Verification emails 2024-03-21 20:10:56 +00:00			`}, namespace); err != nil {`
			`if err := client.Delete(ctx, namespace); err != nil {`
Init commit 2024-03-19 15:49:29 +00:00			`return err`
			`}`
			`return err`
			`}`
Verification emails 2024-03-21 20:10:56 +00:00
Init commit 2024-03-19 15:49:29 +00:00			`// Create a secret with the account data`
Verification emails 2024-03-21 20:10:56 +00:00			`secret := &corev1.Secret{`
Init commit 2024-03-19 15:49:29 +00:00			`ObjectMeta: metav1.ObjectMeta{`
WIP: Something is going on 2024-03-21 17:39:32 +00:00			`Name: acc.Data.Username,`
Init commit 2024-03-19 15:49:29 +00:00			`Namespace: "softplayer-accounts",`
			`},`
			`StringData: map[string]string{`
Revert "Move email and uuid to labels" This reverts commit 89dbe6120af77f099406cc63de81f29eb29bde6e. 2024-05-01 10:09:32 +00:00			`"uuid": acc.Data.UUID,`
			`"email": acc.Data.Email,`
Init commit 2024-03-19 15:49:29 +00:00			`"password": passwordHash,`
			`},`
			`}`
Verification emails 2024-03-21 20:10:56 +00:00
			`if err := client.Create(ctx, kube.SetOwnerRef(ctx, client, secret, namespace)); err != nil {`
			`if err := client.Delete(ctx, namespace); err != nil {`
Init commit 2024-03-19 15:49:29 +00:00			`return err`
			`}`
			`return err`
			`}`
Create an env using api 2024-04-03 18:05:23 +00:00
Verification emails 2024-03-21 20:10:56 +00:00			`// Prepare RBAC resources for the account`
Init commit 2024-03-19 15:49:29 +00:00			`role := &rbacv1.Role{`
			`ObjectMeta: metav1.ObjectMeta{Name: acc.Data.Username, Namespace: acc.Data.UUID},`
Let users update resources 2024-05-02 11:46:01 +00:00			`Rules: []rbacv1.PolicyRule{{Verbs: []string{"get", "watch", "list", "create", "patch", "delete", "update"}, APIGroups: []string{""}, Resources: []string{"configmaps", "secrets"}}},`
Init commit 2024-03-19 15:49:29 +00:00			`}`
Verification emails 2024-03-21 20:10:56 +00:00
Init commit 2024-03-19 15:49:29 +00:00			`if err := client.Create(ctx, role); err != nil {`
Verification emails 2024-03-21 20:10:56 +00:00			`if err := client.Delete(ctx, namespace); err != nil {`
Init commit 2024-03-19 15:49:29 +00:00			`return err`
			`}`
			`return err`
			`}`

			`sa := &corev1.ServiceAccount{`
WIP: Something is going on 2024-03-21 17:39:32 +00:00			`ObjectMeta: metav1.ObjectMeta{`
			`Name: acc.Data.UUID,`
Init commit 2024-03-19 15:49:29 +00:00			`Namespace: acc.Data.UUID,`
			`},`
			`}`
Create an env using api 2024-04-03 18:05:23 +00:00
Verification emails 2024-03-21 20:10:56 +00:00			`if err := client.Create(ctx, sa); err != nil {`
			`if err := client.Delete(ctx, namespace); err != nil {`
			`return err`
			`}`
			`return err`
			`}`

Init commit 2024-03-19 15:49:29 +00:00			`rb := &rbacv1.RoleBinding{`
			`ObjectMeta: metav1.ObjectMeta{`
WIP: Something is going on 2024-03-21 17:39:32 +00:00			`Name: acc.Data.UUID,`
			`Namespace: acc.Data.UUID,`
Init commit 2024-03-19 15:49:29 +00:00			`},`
WIP: Something is going on 2024-03-21 17:39:32 +00:00			`Subjects: []rbacv1.Subject{`
Try using ids 2024-05-02 11:02:38 +00:00			`{`
Init commit 2024-03-19 15:49:29 +00:00			`Kind: "ServiceAccount",`
			`Name: acc.Data.UUID,`
			`Namespace: acc.Data.UUID,`
			`},`
			`},`
WIP: Something is going on 2024-03-21 17:39:32 +00:00			`RoleRef: rbacv1.RoleRef{`
Init commit 2024-03-19 15:49:29 +00:00			`APIGroup: "rbac.authorization.k8s.io",`
			`Kind: "Role",`
			`Name: acc.Data.Username,`
			`},`
			`}`

			`if err := client.Create(ctx, rb); err != nil {`
Verification emails 2024-03-21 20:10:56 +00:00			`if err := client.Delete(ctx, namespace); err != nil {`
Init commit 2024-03-19 15:49:29 +00:00			`return err`
			`}`
			`return err`
			`}`

			`tokenName := fmt.Sprintf("sa-%s", acc.Data.UUID)`
			`saSec := &corev1.Secret{`
			`ObjectMeta: metav1.ObjectMeta{`
WIP: Something is going on 2024-03-21 17:39:32 +00:00			`Name: tokenName,`
Init commit 2024-03-19 15:49:29 +00:00			`Namespace: acc.Data.UUID,`
			`Annotations: map[string]string{`
			`"kubernetes.io/service-account.name": acc.Data.UUID,`
			`},`
			`},`
WIP: Something is going on 2024-03-21 17:39:32 +00:00			`Type: "kubernetes.io/service-account-token",`
Init commit 2024-03-19 15:49:29 +00:00			`}`

			`if err := client.Create(ctx, saSec); err != nil {`
Verification emails 2024-03-21 20:10:56 +00:00			`if err := client.Delete(ctx, namespace); err != nil {`
Init commit 2024-03-19 15:49:29 +00:00			`return err`
			`}`
			`return err`
			`}`
Verification emails 2024-03-21 20:10:56 +00:00			`if err := kube.WaitUntilCreated(ctx, client, saSec, 10, time.Millisecond*50); err != nil {`
This is a combination of 4 commits. Fix the image 2024-03-19 16:20:32 +00:00			`return err`
			`}`
Init commit 2024-03-19 15:49:29 +00:00
This is a combination of 4 commits. Fix the image 2024-03-19 16:20:32 +00:00			`acc.Token, err = acc.getToken(ctx, saSec)`
Init commit 2024-03-19 15:49:29 +00:00			`if err != nil {`
Verification emails 2024-03-21 20:10:56 +00:00			`if err := client.Delete(ctx, namespace); err != nil {`
Init commit 2024-03-19 15:49:29 +00:00			`return err`
			`}`
			`return err`
			`}`
			`return nil`
			`}`

WIP: Something is going on 2024-03-21 17:39:32 +00:00			`func (acc *Account) Login(ctx context.Context) error {`
Init commit 2024-03-19 15:49:29 +00:00			`client := acc.Controller.GetClient()`
			`sec := &corev1.Secret{}`
Verification emails 2024-03-21 20:10:56 +00:00
Init commit 2024-03-19 15:49:29 +00:00			`if err := client.Get(ctx, types.NamespacedName{`
			`Namespace: "softplayer-accounts",`
			`Name: acc.Data.Username,`
			`}, sec); err != nil {`
			`return err`
			`}`
Verification emails 2024-03-21 20:10:56 +00:00
			`if err := hash.CheckPasswordHash(acc.Data.Password, string(sec.Data["password"])); err != nil {`
Init commit 2024-03-19 15:49:29 +00:00			`return err`
			`}`
Verification emails 2024-03-21 20:10:56 +00:00
Revert "Move email and uuid to labels" This reverts commit 89dbe6120af77f099406cc63de81f29eb29bde6e. 2024-05-01 10:09:32 +00:00			`acc.Data.UUID = string(sec.Data["uuid"])`
Init commit 2024-03-19 15:49:29 +00:00			`tokenName := fmt.Sprintf("sa-%s", acc.Data.UUID)`
			`saSec := &corev1.Secret{`
			`ObjectMeta: metav1.ObjectMeta{`
WIP: Something is going on 2024-03-21 17:39:32 +00:00			`Name: tokenName,`
Init commit 2024-03-19 15:49:29 +00:00			`Namespace: acc.Data.UUID,`
			`Annotations: map[string]string{`
			`"kubernetes.io/service-account.name": acc.Data.UUID,`
			`},`
			`},`
WIP: Something is going on 2024-03-21 17:39:32 +00:00			`Type: "kubernetes.io/service-account-token",`
Init commit 2024-03-19 15:49:29 +00:00			`}`
			`var err error`
This is a combination of 4 commits. Fix the image 2024-03-19 16:20:32 +00:00			`acc.Token, err = acc.getToken(ctx, saSec)`
WIP: Something is going on 2024-03-21 17:39:32 +00:00			`if err != nil {`
			`return err`
Init commit 2024-03-19 15:49:29 +00:00			`}`
			`return nil`
			`}`

WIP: Something is going on 2024-03-21 17:39:32 +00:00			`func (acc Account) getToken(ctx context.Context, saSec corev1.Secret) (string, error) {`
Init commit 2024-03-19 15:49:29 +00:00			`client := acc.Controller.GetClient()`
			`if err := client.Get(ctx, types.NamespacedName{`
			`Namespace: acc.Data.UUID,`
WIP: Something is going on 2024-03-21 17:39:32 +00:00			`Name: saSec.ObjectMeta.Name,`
Init commit 2024-03-19 15:49:29 +00:00			`}, saSec); err != nil {`
			`return "", err`
			`}`
			`return string(saSec.Data["token"]), nil`
			`}`