Worked a little on anonymous access, needs more work

LICENSE.md

@@ -0,0 +1,14 @@
+Copyright 2014-2015 Torkel Ödegaard, Raintank Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License"); you
+may not use this file except in compliance with the License. You may
+obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+implied. See the License for the specific language governing
+permissions and limitations under the License.
+

conf/grafana.dev.ini

@@ -4,23 +4,4 @@ app_mode = development
 router_logging = false
 static_root_path = grafana/src
 
-[oauth]
-enabled = true
-
-[oauth.github]
-enabled = true
-client_id = de054205006b9baa2e17
-client_secret = 72b7ea52d9f1096fdf36cea95e95362a307e0322
-scopes = user:email
-auth_url = https://github.com/login/oauth/authorize
-token_url = https://github.com/login/oauth/access_token
-
-[oauth.google]
-enabled = true
-client_id = 106011922963-4pvl05e9urtrm8bbqr0vouosj3e8p8kb.apps.googleusercontent.com
-client_secret = K2evIa4QhfbhhAm3SO72t2Zv
-scopes = https://www.googleapis.com/auth/userinfo.profile https://www.googleapis.com/auth/userinfo.email
-auth_url = https://accounts.google.com/o/oauth2/auth
-token_url = https://accounts.google.com/o/oauth2/token
-
 

conf/grafana.ini

@@ -34,21 +34,25 @@ session_id_hashfunc = sha1
 ; Session hash key, default is use random string
 session_id_hashkey =
 
-[oauth]
-enabled = true
+[auth]
+anonymous = false
+anonymous_account_id =
 
-[oauth.github]
+[auth.grafana]
 enabled = true
-client_id = de054205006b9baa2e17
-client_secret = 72b7ea52d9f1096fdf36cea95e95362a307e0322
+
+[auth.github]
+enabled = false
+client_id = some_id
+client_secret = some_secret
 scopes = user:email
 auth_url = https://github.com/login/oauth/authorize
 token_url = https://github.com/login/oauth/access_token
 
-[oauth.google]
-enabled = true
-client_id = 106011922963-4pvl05e9urtrm8bbqr0vouosj3e8p8kb.apps.googleusercontent.com
-client_secret = K2evIa4QhfbhhAm3SO72t2Zv
+[auth.google]
+enabled = false
+client_id = some_client_id
+client_secret = some_client_secret
 scopes = https://www.googleapis.com/auth/userinfo.profile https://www.googleapis.com/auth/userinfo.email
 auth_url = https://accounts.google.com/o/oauth2/auth
 token_url = https://accounts.google.com/o/oauth2/token

pkg/middleware/auth.go

@@ -16,6 +16,8 @@ func authGetRequestAccountId(c *Context, sess session.Store) (int64, error) {
 	accountId := sess.Get("accountId")
 
 	urlQuery := c.Req.URL.Query()
+
+	// TODO: check that this is a localhost request
 	if len(urlQuery["render"]) > 0 {
 		accId, _ := strconv.ParseInt(urlQuery["accountId"][0], 10, 64)
 		sess.Set("accountId", accId)
@@ -23,6 +25,10 @@ func authGetRequestAccountId(c *Context, sess session.Store) (int64, error) {
 	}
 
 	if accountId == nil {
+		if setting.Anonymous {
+			return setting.AnonymousAccountId, nil
+		}
+
 		return -1, errors.New("Auth: session account id not found")
 	}
 

pkg/setting/setting.go

@@ -57,6 +57,10 @@ var (
 	RouterLogging      bool
 	StaticRootPath     string
 
+	// Http auth
+	Anonymous          bool
+	AnonymousAccountId int64
+
 	// Session settings.
 	SessionOptions session.Options
 
@@ -161,6 +165,14 @@ func NewConfigContext() {
 	StaticRootPath = Cfg.MustValue("server", "static_root_path", path.Join(WorkDir, "webapp"))
 	RouterLogging = Cfg.MustBool("server", "router_logging", false)
 
+	// Http auth
+	Anonymous = Cfg.MustBool("auth", "anonymous", false)
+	AnonymousAccountId = Cfg.MustInt64("auth", "anonymous_account_id", 0)
+
+	if Anonymous && AnonymousAccountId == 0 {
+		log.Fatal(3, "Must specify account id for anonymous access")
+	}
+
 	// PhantomJS rendering
 	ImagesDir = "data/png"
 	PhantomDir = "_vendor/phantomjs"

pkg/social/social.go

@@ -33,24 +33,19 @@ var (
 )
 
 func NewOAuthService() {
-	if !setting.Cfg.MustBool("oauth", "enabled") {
-		return
-	}
-
 	setting.OAuthService = &setting.OAuther{}
 	setting.OAuthService.OAuthInfos = make(map[string]*setting.OAuthInfo)
 
-	allOauthes := []string{"github", "google", "twitter"}
+	allOauthes := []string{"github", "google"}
 
-	// Load all OAuth config data.
 	for _, name := range allOauthes {
 		info := &setting.OAuthInfo{
-			ClientId:     setting.Cfg.MustValue("oauth."+name, "client_id"),
-			ClientSecret: setting.Cfg.MustValue("oauth."+name, "client_secret"),
-			Scopes:       setting.Cfg.MustValueArray("oauth."+name, "scopes", " "),
-			AuthUrl:      setting.Cfg.MustValue("oauth."+name, "auth_url"),
-			TokenUrl:     setting.Cfg.MustValue("oauth."+name, "token_url"),
-			Enabled:      setting.Cfg.MustBool("oauth."+name, "enabled"),
+			ClientId:     setting.Cfg.MustValue("auth."+name, "client_id"),
+			ClientSecret: setting.Cfg.MustValue("auth."+name, "client_secret"),
+			Scopes:       setting.Cfg.MustValueArray("auth."+name, "scopes", " "),
+			AuthUrl:      setting.Cfg.MustValue("auth."+name, "auth_url"),
+			TokenUrl:     setting.Cfg.MustValue("auth."+name, "token_url"),
+			Enabled:      setting.Cfg.MustBool("auth."+name, "enabled"),
 		}
 
 		if !info.Enabled {