Add permission checking capabilities, closes #43, #42, #44

.env.sample

@@ -34,3 +34,6 @@ SMTP_HOST=localhost:1025
 SMTP_USER=
 SMTP_PASS=
 SMTP_FROM="Crust" <[email protected]>
+
+SUBSCRIPTION_KEY=E7ox7cDMmBzsFS15Ub43KKdbBg6gqOYiUhK3nRN0BlpNzt88mHLycahhVfrJCccc
+SUBSCRIPTION_DOMAIN=local.crust.tech

cmd/system-cli/main.go

@@ -23,7 +23,6 @@ func main() {
 
 	var commands []string
 	if len(os.Args) > 0 {
-
 		// @todo migrate to a proper solution (eg: https://github.com/spf13/cobra)
 		commands = os.Args[1:]
 		for a, arg := range os.Args {

cmd/system/main.go

@@ -4,14 +4,26 @@ import (
 	"log"
 	"os"
 
+	context "github.com/SentimensRG/ctx"
+	"github.com/SentimensRG/ctx/sigctx"
+
+	"github.com/crusttech/crust/internal/subscription"
 	service "github.com/crusttech/crust/system"
 
 	"github.com/crusttech/crust/internal/auth"
 	"github.com/crusttech/crust/internal/rbac"
 )
 
 func main() {
-	flags("system", service.Flags, auth.Flags, rbac.Flags)
+	ctx := context.AsContext(sigctx.New())
+
+	flags(
+		"system",
+		service.Flags,
+		auth.Flags,
+		rbac.Flags,
+		subscription.Flags,
+	)
 
 	// log to stdout not stderr
 	log.SetOutput(os.Stdout)
@@ -30,7 +42,16 @@ func main() {
 	case "help":
 	case "merge-users":
 	default:
-		if err := service.Start(); err != nil {
+		log.Println("Validating subscription")
+		// Checks subscription & runs internal checker that runs every 24h
+		if err := subscription.Check(ctx); err != nil {
+			log.Printf("Subscription could not be validated, reason: %v", err)
+			os.Exit(-1)
+		} else {
+			log.Println("Subscription valdiated")
+		}
+
+		if err := service.StartRestAPI(ctx); err != nil {
 			log.Fatalf("Error starting/running: %+v", err)
 		}
 	}

internal/config/subscription.go

@@ -0,0 +1,33 @@
+package config
+
+import (
+	"github.com/namsral/flag"
+)
+
+type (
+	Subscription struct {
+		Key    string
+		Domain string
+	}
+)
+
+var subscription *Subscription
+
+func (c *Subscription) Validate() error {
+	if c == nil {
+		return nil
+	}
+
+	return nil
+}
+
+func (*Subscription) Init(prefix ...string) *Subscription {
+	if subscription != nil {
+		return subscription
+	}
+
+	subscription = new(Subscription)
+	flag.StringVar(&subscription.Key, "subscription-key", "", "Subscription key")
+	flag.StringVar(&subscription.Domain, "subscription-domain", "", "Domain")
+	return subscription
+}

internal/subscription/check.go

@@ -0,0 +1,52 @@
+package subscription
+
+import (
+	"context"
+
+	"github.com/pkg/errors"
+
+	"github.com/crusttech/permit/pkg/permit"
+)
+
+// Check for subscription
+func Check(ctx context.Context) error {
+	p := permit.Permit{
+		Key:    flags.subscription.Key,
+		Domain: flags.subscription.Domain,
+	}
+
+	// Do not collect stats on local domains.
+	// if p.Domain != "local.crust.tech" {
+	// @todo collect & pass attributes (no of users....) to be validated by permit.crust.tech subscription server.
+	p.Attributes = map[string]int{
+		"messaging.enabled": 1,
+		// "messaging.max-public-channels": 1,
+		// "messaging.max-messages": 1,
+		// "messaging.max-users": 1,
+		// "messaging.max-private-channels": 1,
+
+		"system.enabled": 1,
+		// "system.max-organisations": 1,
+		// "system.max-users": 1,
+		// "system.max-teams": 1,
+
+		"compose.enabled": 1,
+		// "compose.max-modules": 1,
+		// "compose.max-pages": 1,
+		// "compose.max-triggers": 1,
+		// "compose.max-users": 1,
+		// "compose.max-namespaces": 1,
+		// "compose.max-charts": 1,
+	}
+	// }
+
+	if p, err := permit.Check(ctx, p); err != nil {
+		return errors.Wrap(err, "unable to check for licence")
+	} else if !p.IsValid() {
+		return err
+	} else if p.Domain != flags.subscription.Domain {
+		return errors.Errorf("subscription domains do not match (%s <> %s)", p.Domain, flags.subscription.Domain)
+	}
+
+	return nil
+}

internal/subscription/flags.go

@@ -0,0 +1,35 @@
+package subscription
+
+import (
+	"github.com/crusttech/crust/internal/config"
+)
+
+type (
+	localFlags struct {
+		subscription *config.Subscription
+	}
+)
+
+var flags *localFlags
+
+// Flags matches signature for main()
+func Flags(prefix ...string) {
+	new(localFlags).Init(prefix...)
+}
+
+func (f *localFlags) Validate() error {
+	if err := f.subscription.Validate(); err != nil {
+		return err
+	}
+	return nil
+}
+
+func (f *localFlags) Init(prefix ...string) *localFlags {
+	if flags != nil {
+		return flags
+	}
+	flags = &localFlags{
+		new(config.Subscription).Init(prefix...),
+	}
+	return flags
+}

system/start.go

@@ -1,14 +1,13 @@
 package service
 
 import (
+	"context"
 	"fmt"
 	"log"
 	"net"
 	"net/http"
 	"os"
 
-	"github.com/SentimensRG/ctx"
-	"github.com/SentimensRG/ctx/sigctx"
 	"github.com/pkg/errors"
 	"github.com/titpetric/factory/resputil"
 
@@ -75,7 +74,7 @@ func InitDb() error {
 	return nil
 }
 
-func Start() error {
+func StartRestAPI(ctx context.Context) error {
 	log.Printf("Starting "+os.Args[0]+", version: %v, built on: %v", version.Version, version.BuildTime)
 	log.Println("Starting http server on address " + flags.http.Addr)
 	listener, err := net.Listen("tcp", flags.http.Addr)
@@ -87,9 +86,8 @@ func Start() error {
 		go metrics.NewMonitor(flags.monitor.Interval)
 	}
 
-	var deadline = sigctx.New()
-	go http.Serve(listener, Routes(ctx.AsContext(deadline)))
-	<-deadline.Done()
+	go http.Serve(listener, Routes(ctx))
+	<-ctx.Done()
 
 	return nil
 }