From fa10fa6a47c302278594c6b4dc1284215835a39a Mon Sep 17 00:00:00 2001
From: Jose Diaz-Gonzalez <email@josediazgonzalez.com>
Date: Thu, 7 Jul 2022 02:54:14 -0400
Subject: [PATCH] feat: implement service filtering

If a user implements the user-auth-service trigger in a plugin and that plugin does not echo the passed in app(s) on stdout, the app is assumed to not exist. This mirrors the functionality for applications in regards to auth filtering.

This may still need auditing to ensure it covers everything and doesn't cause issues, but local testing implies that everything is working as expected.
---
 commands              |  2 +-
 common-functions      | 87 +++++++++++++++++++++++++++++++++++++++----
 functions             |  2 +-
 install               |  3 +-
 post-app-clone-setup  |  3 +-
 post-app-rename-setup |  3 +-
 pre-delete            | 16 ++------
 pre-restore           |  6 +--
 pre-start             |  6 +--
 9 files changed, 94 insertions(+), 34 deletions(-)

diff --git a/commands b/commands
index 7aa345c..2fb4cda 100755
--- a/commands
+++ b/commands
@@ -1,7 +1,7 @@
 #!/usr/bin/env bash
 source "$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)/config"
 [[ " help $PLUGIN_COMMAND_PREFIX:help $PLUGIN_COMMAND_PREFIX $PLUGIN_COMMAND_PREFIX:default " == *" $1 "* ]] || [[ "$1" == "$PLUGIN_COMMAND_PREFIX:"* ]] || exit "$DOKKU_NOT_IMPLEMENTED_EXIT"
-source "$PLUGIN_BASE_PATH/common/functions"
+source "$PLUGIN_CORE_AVAILABLE_PATH/common/functions"
 set -eo pipefail
 [[ $DOKKU_TRACE ]] && set -x
 
diff --git a/common-functions b/common-functions
index a53bc4c..38648bb 100755
--- a/common-functions
+++ b/common-functions
@@ -16,6 +16,64 @@ add_to_links_file() {
   sort "$LINKS_FILE" -u -o "$LINKS_FILE"
 }
 
+auth_service_filter() {
+  declare desc="calls user-service plugin trigger"
+  declare SERVICES=("$@")
+  local user_auth_count
+
+  if [[ "${#SERVICES[@]}" -eq 0 ]]; then
+    return
+  fi
+
+  user_auth_count="$(find "$PLUGIN_PATH"/enabled/*/user-auth-service 2>/dev/null | wc -l)"
+
+  # no plugin trigger exists
+  if [[ $user_auth_count == 0 ]]; then
+    # echo out all the services since there is no plugin trigger
+    for SERVICE in "${SERVICES[@]}"; do
+      [[ -n "$SERVICE" ]] && echo "$SERVICE"
+    done
+    return 0
+  fi
+
+  # this plugin trigger exists in the core `20_events` plugin
+  if [[ "$user_auth_count" == 1 ]] && [[ -f "$PLUGIN_PATH"/enabled/20_events/user-auth-service ]]; then
+  # echo out all the services since there is no valid plugin trigger
+    for SERVICE in "${SERVICES[@]}"; do
+      [[ -n "$SERVICE" ]] && echo "$SERVICE"
+    done
+    return 0
+  fi
+
+  export SSH_USER=${SSH_USER:=$USER}
+  export SSH_NAME=${NAME:="default"}
+  # the output of this trigger should be all the services a user has access to
+  plugn trigger user-auth-service "$SSH_USER" "$SSH_NAME" "${SERVICES[@]}"
+}
+
+fn-services-list() {
+  declare desc="prints a filtered list of all local apps"
+  declare FILTER="$1"
+  local detected_services filtered_services services
+
+  local detected_services=("$(ls "$PLUGIN_DATA_ROOT" 2>/dev/null)")
+  if [[ "$FILTER" == "false" ]]; then
+    for service in "${detected_services[@]}"; do
+      if [[ -n "$service" ]]; then 
+        echo "$service"
+      fi
+    done
+    return
+  fi
+
+  filtered_services="$(auth_service_filter "${detected_services[@]}" 2>/dev/null)"
+  for service in "$filtered_services"; do
+    if [[ -n "$service" ]]; then 
+      echo "$service"
+    fi
+  done
+}
+
 docker_ports_options() {
   declare desc="export a list of exposed ports"
   declare PORTS=("$@")
@@ -180,7 +238,8 @@ service_app_links() {
   local SERVICE LINKED_APP
 
   pushd "$PLUGIN_DATA_ROOT" >/dev/null
-  for SERVICE in *; do
+  for SERVICE in $(fn-services-list); do
+    [[ -n "$SERVICE" ]] || continue
     [[ -f "$SERVICE/LINKS" ]] || continue
     for LINKED_APP in $(<"$SERVICE/LINKS"); do
       if [[ "$LINKED_APP" == "$APP" ]]; then
@@ -575,16 +634,16 @@ service_links() {
 
 service_list() {
   declare desc="list all services and their status"
-  local SERVICES=$(ls "$PLUGIN_DATA_ROOT" 2>/dev/null)
 
-  if [[ -z $SERVICES ]]; then
+  services=("$(fn-services-list true)")
+  if [[ "${#services[@]}" -eq 0 ]] || [[ -z "$services" ]]; then
     dokku_log_warn "There are no $PLUGIN_SERVICE services"
     return
   fi
 
   dokku_log_info2_quiet "$PLUGIN_SERVICE services"
-  for SERVICE in $SERVICES; do
-    echo "$SERVICE"
+  for service in "${services[@]}"; do
+    echo "$service"
   done
 }
 
@@ -895,9 +954,21 @@ update_plugin_scheme_for_app() {
 
 verify_service_name() {
   declare desc="verify that a service exists"
-  declare SERVICE="$1"
-  [[ -z "$SERVICE" ]] && dokku_log_fail "(verify_service_name) SERVICE must not be null"
-  [[ ! -d "$PLUGIN_DATA_ROOT/$SERVICE" ]] && dokku_log_fail "$PLUGIN_SERVICE service $SERVICE does not exist"
+  declare SERVICE="$@"
+
+  if [[ -z "$SERVICE" ]]; then
+    dokku_log_fail "SERVICE must not be empty"
+  fi
+
+  if [[ ! -d "$PLUGIN_DATA_ROOT/$SERVICE" ]]; then
+    dokku_log_fail "$PLUGIN_SERVICE service $SERVICE does not exist"
+  fi
+
+  SERVICE="$(auth_service_filter "$SERVICE")"
+  if [[ -z "$SERVICE" ]]; then
+    dokku_log_fail "$PLUGIN_SERVICE service $SERVICE does not exist"
+  fi
+
   return 0
 }
 
diff --git a/functions b/functions
index 845054b..1bf87d1 100755
--- a/functions
+++ b/functions
@@ -3,7 +3,7 @@ source "$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)/config"
 set -eo pipefail
 [[ $DOKKU_TRACE ]] && set -x
 source "$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)/common-functions"
-source "$PLUGIN_BASE_PATH/common/functions"
+source "$PLUGIN_CORE_AVAILABLE_PATH/common/functions"
 source "$PLUGIN_AVAILABLE_PATH/config/functions"
 if [[ -f "$PLUGIN_AVAILABLE_PATH/docker-options/functions" ]]; then
   source "$PLUGIN_AVAILABLE_PATH/docker-options/functions"
diff --git a/install b/install
index d78c878..70a1d13 100755
--- a/install
+++ b/install
@@ -44,8 +44,7 @@ EOL
 
   chmod 0440 "$_SUDOERS_FILE"
 
-  local SERVICES=$(ls "$PLUGIN_DATA_ROOT" 2>/dev/null)
-  for SERVICE in $SERVICES; do
+  for SERVICE in $(fn-services-list false); do
     local SERVICE_ROOT="$PLUGIN_DATA_ROOT/$SERVICE"
 
     if [[ ! -f "$SERVICE_ROOT/IMAGE" ]] || [[ ! -f "$SERVICE_ROOT/IMAGE_VERSION" ]]; then
diff --git a/post-app-clone-setup b/post-app-clone-setup
index 50a005b..c5d762d 100755
--- a/post-app-clone-setup
+++ b/post-app-clone-setup
@@ -8,8 +8,7 @@ set -eo pipefail
 plugin-post-app-clone-setup() {
   declare OLD_APP_NAME="$1" NEW_APP_NAME="$2"
 
-  local SERVICES=$(ls "$PLUGIN_DATA_ROOT" 2>/dev/null)
-  for SERVICE in $SERVICES; do
+  for SERVICE in $(fn-services-list false); do
     if in_links_file "$SERVICE" "$OLD_APP_NAME"; then
       add_to_links_file "$SERVICE" "$NEW_APP_NAME"
     fi
diff --git a/post-app-rename-setup b/post-app-rename-setup
index 4bde916..6c1e16b 100755
--- a/post-app-rename-setup
+++ b/post-app-rename-setup
@@ -8,8 +8,7 @@ set -eo pipefail
 plugin-post-app-rename-setup() {
   declare OLD_APP_NAME="$1" NEW_APP_NAME="$2"
 
-  local SERVICES=$(ls "$PLUGIN_DATA_ROOT" 2>/dev/null)
-  for SERVICE in $SERVICES; do
+  for SERVICE in $(fn-services-list false); do
     if in_links_file "$SERVICE" "$OLD_APP_NAME"; then
       add_to_links_file "$SERVICE" "$NEW_APP_NAME"
     fi
diff --git a/pre-delete b/pre-delete
index c88c6cf..d315464 100755
--- a/pre-delete
+++ b/pre-delete
@@ -1,21 +1,13 @@
 #!/usr/bin/env bash
+source "$PLUGIN_CORE_AVAILABLE_PATH/common/functions"
 source "$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)/config"
-source "$PLUGIN_BASE_PATH/common/functions"
+source "$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)/functions"
 set -eo pipefail
 [[ $DOKKU_TRACE ]] && set -x
 
-PLUGIN_BASE_PATH="$PLUGIN_PATH"
-if [[ -n $DOKKU_API_VERSION ]]; then
-  PLUGIN_BASE_PATH="$PLUGIN_ENABLED_PATH"
-fi
-source "$PLUGIN_BASE_PATH/common/functions"
-source "$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)/functions"
-
 APP="$1"
-pushd "$PLUGIN_DATA_ROOT" >/dev/null
-for SERVICE in *; do
+for SERVICE in $(fn-services-list false); do
+  [[ -n "$SERVICE" ]] || continue
   dokku_log_verbose_quiet "Unlinking from $SERVICE"
   remove_from_links_file "$(basename "$SERVICE")" "$APP"
 done
-popd >/dev/null 2>&1 || pushd "/tmp" >/dev/null
-exit 0
diff --git a/pre-restore b/pre-restore
index a03ad3c..c332202 100755
--- a/pre-restore
+++ b/pre-restore
@@ -7,18 +7,18 @@ set -eo pipefail
 
 plugin-pre-restore() {
   declare SCHEDULER="$1" APP="$2"
+  local status
 
   if [[ "$SCHEDULER" != "docker-local" ]]; then
     return
   fi
 
-  local SERVICES=$(ls "$PLUGIN_DATA_ROOT" 2>/dev/null)
-  for SERVICE in $SERVICES; do
+  for SERVICE in $(fn-services-list false); do
     if ! in_links_file "$SERVICE" "$APP"; then
       continue
     fi
 
-    local status="$(service_status "$SERVICE")"
+    status="$(service_status "$SERVICE")"
     if [[ "$status" == "running" ]]; then
       continue
     fi
diff --git a/pre-start b/pre-start
index 672de9c..b3d83a8 100755
--- a/pre-start
+++ b/pre-start
@@ -7,14 +7,14 @@ set -eo pipefail
 
 plugin-pre-start() {
   declare APP="$1"
+  local status
 
-  local SERVICES=$(ls "$PLUGIN_DATA_ROOT" 2>/dev/null)
-  for SERVICE in $SERVICES; do
+  for SERVICE in $(fn-services-list false); do
     if ! in_links_file "$SERVICE" "$APP"; then
       continue
     fi
 
-    local status="$(service_status "$SERVICE")"
+    status="$(service_status "$SERVICE")"
     if [[ "$status" == "running" ]]; then
       continue
     fi