Prototype with single host server and no admin panel (#2)

Reviewed-on: wrenn/sandbox#2 Co-authored-by: pptx704 <rafeed@omukk.dev> Co-committed-by: pptx704 <rafeed@omukk.dev>
2026-03-22 21:01:23 +00:00
parent bd78cc068c
commit 32e5a5a715
293 changed files with 46885 additions and 1033 deletions
--- a/envd/internal/permissions/authenticate.go
+++ b/envd/internal/permissions/authenticate.go
@ -0,0 +1,49 @@
+// SPDX-License-Identifier: Apache-2.0
+
+package permissions
+
+import (
+	"context"
+	"fmt"
+	"os/user"
+
+	"connectrpc.com/authn"
+	"connectrpc.com/connect"
+
+	"git.omukk.dev/wrenn/sandbox/envd/internal/execcontext"
+)
+
+func AuthenticateUsername(_ context.Context, req authn.Request) (any, error) {
+	username, _, ok := req.BasicAuth()
+	if !ok {
+		// When no username is provided, ignore the authentication method (not all endpoints require it)
+		// Missing user is then handled in the GetAuthUser function
+		return nil, nil
+	}
+
+	u, err := GetUser(username)
+	if err != nil {
+		return nil, authn.Errorf("invalid username: '%s'", username)
+	}
+
+	return u, nil
+}
+
+func GetAuthUser(ctx context.Context, defaultUser string) (*user.User, error) {
+	u, ok := authn.GetInfo(ctx).(*user.User)
+	if !ok {
+		username, err := execcontext.ResolveDefaultUsername(nil, defaultUser)
+		if err != nil {
+			return nil, connect.NewError(connect.CodeUnauthenticated, fmt.Errorf("no user specified"))
+		}
+
+		u, err := GetUser(username)
+		if err != nil {
+			return nil, authn.Errorf("invalid default user: '%s'", username)
+		}
+
+		return u, nil
+	}
+
+	return u, nil
+}