2021-03-26 00:17:52 +08:00
|
|
|
package controller
|
|
|
|
|
|
|
|
import (
|
2021-04-23 04:52:44 +08:00
|
|
|
"encoding/json"
|
2022-11-15 03:41:34 +08:00
|
|
|
"errors"
|
2022-02-01 11:43:12 +08:00
|
|
|
"fmt"
|
2021-04-23 04:52:44 +08:00
|
|
|
"net/http"
|
|
|
|
"strings"
|
2021-10-09 03:07:12 +08:00
|
|
|
|
2021-04-23 04:52:44 +08:00
|
|
|
"github.com/gorilla/mux"
|
2022-12-09 03:24:11 +08:00
|
|
|
"github.com/gravitl/netclient/nmproxy/manager"
|
2021-07-22 06:55:19 +08:00
|
|
|
"github.com/gravitl/netmaker/database"
|
2021-12-07 04:31:08 +08:00
|
|
|
"github.com/gravitl/netmaker/logger"
|
2021-10-06 03:02:09 +08:00
|
|
|
"github.com/gravitl/netmaker/logic"
|
2022-09-14 03:25:56 +08:00
|
|
|
"github.com/gravitl/netmaker/logic/pro"
|
2021-04-23 04:52:44 +08:00
|
|
|
"github.com/gravitl/netmaker/models"
|
2022-09-14 03:25:56 +08:00
|
|
|
"github.com/gravitl/netmaker/models/promodels"
|
2022-01-22 06:22:56 +08:00
|
|
|
"github.com/gravitl/netmaker/mq"
|
2021-07-25 04:13:24 +08:00
|
|
|
"github.com/gravitl/netmaker/servercfg"
|
2021-04-23 04:52:44 +08:00
|
|
|
"golang.org/x/crypto/bcrypt"
|
2021-03-26 00:17:52 +08:00
|
|
|
)
|
|
|
|
|
|
|
|
func nodeHandlers(r *mux.Router) {
|
|
|
|
|
2022-04-20 06:24:19 +08:00
|
|
|
r.HandleFunc("/api/nodes", authorize(false, false, "user", http.HandlerFunc(getAllNodes))).Methods("GET")
|
|
|
|
r.HandleFunc("/api/nodes/{network}", authorize(false, true, "network", http.HandlerFunc(getNetworkNodes))).Methods("GET")
|
|
|
|
r.HandleFunc("/api/nodes/{network}/{nodeid}", authorize(true, true, "node", http.HandlerFunc(getNode))).Methods("GET")
|
|
|
|
r.HandleFunc("/api/nodes/{network}/{nodeid}", authorize(false, true, "node", http.HandlerFunc(updateNode))).Methods("PUT")
|
|
|
|
r.HandleFunc("/api/nodes/{network}/{nodeid}", authorize(true, true, "node", http.HandlerFunc(deleteNode))).Methods("DELETE")
|
|
|
|
r.HandleFunc("/api/nodes/{network}/{nodeid}/createrelay", authorize(false, true, "user", http.HandlerFunc(createRelay))).Methods("POST")
|
|
|
|
r.HandleFunc("/api/nodes/{network}/{nodeid}/deleterelay", authorize(false, true, "user", http.HandlerFunc(deleteRelay))).Methods("DELETE")
|
|
|
|
r.HandleFunc("/api/nodes/{network}/{nodeid}/creategateway", authorize(false, true, "user", http.HandlerFunc(createEgressGateway))).Methods("POST")
|
|
|
|
r.HandleFunc("/api/nodes/{network}/{nodeid}/deletegateway", authorize(false, true, "user", http.HandlerFunc(deleteEgressGateway))).Methods("DELETE")
|
2022-09-15 01:26:31 +08:00
|
|
|
r.HandleFunc("/api/nodes/{network}/{nodeid}/createingress", logic.SecurityCheck(false, http.HandlerFunc(createIngressGateway))).Methods("POST")
|
|
|
|
r.HandleFunc("/api/nodes/{network}/{nodeid}/deleteingress", logic.SecurityCheck(false, http.HandlerFunc(deleteIngressGateway))).Methods("DELETE")
|
2022-12-10 19:58:54 +08:00
|
|
|
r.HandleFunc("/api/nodes/{network}/{nodeid}", authorize(true, true, "node", http.HandlerFunc(updateNode))).Methods("POST")
|
2022-09-14 03:25:56 +08:00
|
|
|
r.HandleFunc("/api/nodes/{network}", nodeauth(checkFreeTierLimits(node_l, http.HandlerFunc(createNode)))).Methods("POST")
|
2021-04-23 04:52:44 +08:00
|
|
|
r.HandleFunc("/api/nodes/adm/{network}/authenticate", authenticate).Methods("POST")
|
2021-03-26 00:17:52 +08:00
|
|
|
}
|
|
|
|
|
2022-09-06 20:20:24 +08:00
|
|
|
// swagger:route POST /api/nodes/adm/{network}/authenticate nodes authenticate
|
|
|
|
//
|
|
|
|
// Authenticate to make further API calls related to a network.
|
|
|
|
//
|
2022-11-02 23:22:40 +08:00
|
|
|
// Schemes: https
|
2022-09-06 20:20:24 +08:00
|
|
|
//
|
2022-11-02 23:22:40 +08:00
|
|
|
// Security:
|
|
|
|
// oauth
|
2022-09-11 12:51:59 +08:00
|
|
|
//
|
2022-11-02 23:22:40 +08:00
|
|
|
// Responses:
|
|
|
|
// 200: successResponse
|
2021-03-26 00:17:52 +08:00
|
|
|
func authenticate(response http.ResponseWriter, request *http.Request) {
|
|
|
|
|
2021-04-23 04:52:44 +08:00
|
|
|
var authRequest models.AuthParams
|
2022-12-21 04:29:09 +08:00
|
|
|
var result models.Node
|
2021-04-23 04:52:44 +08:00
|
|
|
var errorResponse = models.ErrorResponse{
|
|
|
|
Code: http.StatusInternalServerError, Message: "W1R3: It's not you it's me.",
|
|
|
|
}
|
2021-03-26 00:17:52 +08:00
|
|
|
|
2021-04-23 04:52:44 +08:00
|
|
|
decoder := json.NewDecoder(request.Body)
|
|
|
|
decoderErr := decoder.Decode(&authRequest)
|
|
|
|
defer request.Body.Close()
|
2021-03-26 00:17:52 +08:00
|
|
|
|
2021-04-23 04:52:44 +08:00
|
|
|
if decoderErr != nil {
|
2021-04-24 04:19:02 +08:00
|
|
|
errorResponse.Code = http.StatusBadRequest
|
|
|
|
errorResponse.Message = decoderErr.Error()
|
2022-07-12 17:38:15 +08:00
|
|
|
logger.Log(0, request.Header.Get("user"), "error decoding request body: ",
|
|
|
|
decoderErr.Error())
|
2022-09-15 01:26:31 +08:00
|
|
|
logic.ReturnErrorResponse(response, request, errorResponse)
|
2021-03-27 04:13:51 +08:00
|
|
|
return
|
2022-09-27 20:06:33 +08:00
|
|
|
}
|
|
|
|
errorResponse.Code = http.StatusBadRequest
|
|
|
|
if authRequest.ID == "" {
|
|
|
|
errorResponse.Message = "W1R3: ID can't be empty"
|
|
|
|
logger.Log(0, request.Header.Get("user"), errorResponse.Message)
|
|
|
|
logic.ReturnErrorResponse(response, request, errorResponse)
|
|
|
|
return
|
|
|
|
} else if authRequest.Password == "" {
|
|
|
|
errorResponse.Message = "W1R3: Password can't be empty"
|
|
|
|
logger.Log(0, request.Header.Get("user"), errorResponse.Message)
|
|
|
|
logic.ReturnErrorResponse(response, request, errorResponse)
|
|
|
|
return
|
|
|
|
}
|
|
|
|
var err error
|
|
|
|
result, err = logic.GetNodeByID(authRequest.ID)
|
|
|
|
if err != nil {
|
2022-10-06 03:24:05 +08:00
|
|
|
result, err = logic.GetDeletedNodeByID(authRequest.ID)
|
|
|
|
if err != nil {
|
|
|
|
errorResponse.Code = http.StatusBadRequest
|
|
|
|
errorResponse.Message = err.Error()
|
|
|
|
logger.Log(0, request.Header.Get("user"),
|
|
|
|
fmt.Sprintf("failed to get node info [%s]: %v", authRequest.ID, err))
|
|
|
|
logic.ReturnErrorResponse(response, request, errorResponse)
|
|
|
|
return
|
|
|
|
}
|
2022-09-27 20:06:33 +08:00
|
|
|
}
|
2022-12-21 04:29:09 +08:00
|
|
|
host, err := logic.GetHost(result.HostID.String())
|
2022-12-22 19:42:33 +08:00
|
|
|
if err != nil {
|
|
|
|
errorResponse.Code = http.StatusBadRequest
|
|
|
|
errorResponse.Message = err.Error()
|
|
|
|
logger.Log(0, request.Header.Get("user"),
|
|
|
|
"error retrieving host: ", err.Error())
|
|
|
|
logic.ReturnErrorResponse(response, request, errorResponse)
|
|
|
|
return
|
|
|
|
}
|
2021-04-23 04:52:44 +08:00
|
|
|
|
2022-12-21 04:29:09 +08:00
|
|
|
err = bcrypt.CompareHashAndPassword([]byte(host.HostPass), []byte(authRequest.Password))
|
2022-09-27 20:06:33 +08:00
|
|
|
if err != nil {
|
|
|
|
errorResponse.Code = http.StatusBadRequest
|
|
|
|
errorResponse.Message = err.Error()
|
|
|
|
logger.Log(0, request.Header.Get("user"),
|
|
|
|
"error validating user password: ", err.Error())
|
|
|
|
logic.ReturnErrorResponse(response, request, errorResponse)
|
|
|
|
return
|
|
|
|
}
|
2022-09-30 23:29:03 +08:00
|
|
|
// creates network role,node client (added here to resolve any missing configuration in MQ)
|
2022-09-30 02:29:18 +08:00
|
|
|
event := mq.MqDynsecPayload{
|
|
|
|
Commands: []mq.MqDynSecCmd{
|
|
|
|
|
|
|
|
{
|
|
|
|
Command: mq.CreateRoleCmd,
|
|
|
|
RoleName: result.Network,
|
|
|
|
Textname: "Network wide role with Acls for nodes",
|
|
|
|
Acls: mq.FetchNetworkAcls(result.Network),
|
|
|
|
},
|
|
|
|
{
|
|
|
|
Command: mq.CreateClientCmd,
|
2022-12-21 04:29:09 +08:00
|
|
|
Username: result.HostID.String(),
|
2022-09-30 02:29:18 +08:00
|
|
|
Password: authRequest.Password,
|
2022-12-21 04:29:09 +08:00
|
|
|
Textname: host.Name,
|
2022-09-30 02:29:18 +08:00
|
|
|
Roles: []mq.MqDynSecRole{
|
|
|
|
{
|
2022-09-30 23:29:03 +08:00
|
|
|
Rolename: mq.NodeRole,
|
2022-09-30 02:29:18 +08:00
|
|
|
Priority: -1,
|
|
|
|
},
|
|
|
|
{
|
|
|
|
Rolename: result.Network,
|
|
|
|
Priority: -1,
|
2022-09-30 01:24:41 +08:00
|
|
|
},
|
2022-09-27 20:06:33 +08:00
|
|
|
},
|
2022-09-30 02:29:18 +08:00
|
|
|
Groups: make([]mq.MqDynSecGroup, 0),
|
2022-09-27 20:06:33 +08:00
|
|
|
},
|
|
|
|
},
|
|
|
|
}
|
2022-09-30 02:29:18 +08:00
|
|
|
|
2022-09-27 20:06:33 +08:00
|
|
|
if err := mq.PublishEventToDynSecTopic(event); err != nil {
|
2022-09-30 01:24:41 +08:00
|
|
|
logger.Log(0, fmt.Sprintf("failed to send DynSec command [%v]: %v",
|
2022-09-30 02:29:18 +08:00
|
|
|
event.Commands, err.Error()))
|
2022-09-27 20:06:33 +08:00
|
|
|
errorResponse.Code = http.StatusInternalServerError
|
|
|
|
errorResponse.Message = fmt.Sprintf("could not create mq client for node [%s]: %v", result.ID, err)
|
|
|
|
return
|
|
|
|
}
|
2021-04-23 04:52:44 +08:00
|
|
|
|
2022-09-27 20:06:33 +08:00
|
|
|
tokenString, err := logic.CreateJWT(authRequest.ID, authRequest.MacAddress, result.Network)
|
|
|
|
if tokenString == "" {
|
|
|
|
errorResponse.Code = http.StatusBadRequest
|
|
|
|
errorResponse.Message = "Could not create Token"
|
|
|
|
logger.Log(0, request.Header.Get("user"),
|
|
|
|
fmt.Sprintf("%s: %v", errorResponse.Message, err))
|
|
|
|
logic.ReturnErrorResponse(response, request, errorResponse)
|
|
|
|
return
|
|
|
|
}
|
2021-04-23 04:52:44 +08:00
|
|
|
|
2022-09-27 20:06:33 +08:00
|
|
|
var successResponse = models.SuccessResponse{
|
|
|
|
Code: http.StatusOK,
|
|
|
|
Message: "W1R3: Device " + authRequest.ID + " Authorized",
|
|
|
|
Response: models.SuccessfulLoginResponse{
|
|
|
|
AuthToken: tokenString,
|
|
|
|
ID: authRequest.ID,
|
|
|
|
},
|
|
|
|
}
|
|
|
|
successJSONResponse, jsonError := json.Marshal(successResponse)
|
2021-04-23 04:52:44 +08:00
|
|
|
|
2022-09-27 20:06:33 +08:00
|
|
|
if jsonError != nil {
|
|
|
|
errorResponse.Code = http.StatusBadRequest
|
|
|
|
errorResponse.Message = err.Error()
|
|
|
|
logger.Log(0, request.Header.Get("user"),
|
|
|
|
"error marshalling resp: ", err.Error())
|
|
|
|
logic.ReturnErrorResponse(response, request, errorResponse)
|
|
|
|
return
|
2021-04-23 04:52:44 +08:00
|
|
|
}
|
2022-09-27 20:06:33 +08:00
|
|
|
response.WriteHeader(http.StatusOK)
|
|
|
|
response.Header().Set("Content-Type", "application/json")
|
|
|
|
response.Write(successJSONResponse)
|
|
|
|
|
2021-03-26 00:17:52 +08:00
|
|
|
}
|
|
|
|
|
2022-04-21 03:44:33 +08:00
|
|
|
// auth middleware for api calls from nodes where node is has not yet joined the server (register, join)
|
|
|
|
func nodeauth(next http.Handler) http.HandlerFunc {
|
|
|
|
return func(w http.ResponseWriter, r *http.Request) {
|
|
|
|
bearerToken := r.Header.Get("Authorization")
|
|
|
|
var tokenSplit = strings.Split(bearerToken, " ")
|
|
|
|
var token = ""
|
|
|
|
if len(tokenSplit) < 2 {
|
|
|
|
errorResponse := models.ErrorResponse{
|
|
|
|
Code: http.StatusUnauthorized, Message: "W1R3: You are unauthorized to access this endpoint.",
|
|
|
|
}
|
2022-09-15 01:26:31 +08:00
|
|
|
logic.ReturnErrorResponse(w, r, errorResponse)
|
2022-04-21 03:44:33 +08:00
|
|
|
return
|
|
|
|
} else {
|
|
|
|
token = tokenSplit[1]
|
|
|
|
}
|
|
|
|
found := false
|
|
|
|
networks, err := logic.GetNetworks()
|
|
|
|
if err != nil {
|
|
|
|
logger.Log(0, "no networks", err.Error())
|
|
|
|
errorResponse := models.ErrorResponse{
|
|
|
|
Code: http.StatusNotFound, Message: "no networks",
|
|
|
|
}
|
2022-09-15 01:26:31 +08:00
|
|
|
logic.ReturnErrorResponse(w, r, errorResponse)
|
2022-04-21 03:44:33 +08:00
|
|
|
return
|
|
|
|
}
|
|
|
|
for _, network := range networks {
|
|
|
|
for _, key := range network.AccessKeys {
|
|
|
|
if key.Value == token {
|
|
|
|
found = true
|
|
|
|
break
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
if !found {
|
|
|
|
logger.Log(0, "valid access key not found")
|
|
|
|
errorResponse := models.ErrorResponse{
|
|
|
|
Code: http.StatusUnauthorized, Message: "You are unauthorized to access this endpoint.",
|
|
|
|
}
|
2022-09-15 01:26:31 +08:00
|
|
|
logic.ReturnErrorResponse(w, r, errorResponse)
|
2022-04-21 03:44:33 +08:00
|
|
|
return
|
|
|
|
}
|
|
|
|
next.ServeHTTP(w, r)
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2022-08-18 16:49:35 +08:00
|
|
|
// The middleware for most requests to the API
|
|
|
|
// They all pass through here first
|
|
|
|
// This will validate the JWT (or check for master token)
|
|
|
|
// This will also check against the authNetwork and make sure the node should be accessing that endpoint,
|
|
|
|
// even if it's technically ok
|
|
|
|
// This is kind of a poor man's RBAC. There's probably a better/smarter way.
|
|
|
|
// TODO: Consider better RBAC implementations
|
2022-04-20 06:24:19 +08:00
|
|
|
func authorize(nodesAllowed, networkCheck bool, authNetwork string, next http.Handler) http.HandlerFunc {
|
2021-04-23 04:52:44 +08:00
|
|
|
return func(w http.ResponseWriter, r *http.Request) {
|
|
|
|
var errorResponse = models.ErrorResponse{
|
2022-09-15 01:26:31 +08:00
|
|
|
Code: http.StatusUnauthorized, Message: logic.Unauthorized_Msg,
|
2021-04-23 04:52:44 +08:00
|
|
|
}
|
2021-03-26 00:17:52 +08:00
|
|
|
|
|
|
|
var params = mux.Vars(r)
|
|
|
|
|
2022-09-15 01:26:31 +08:00
|
|
|
networkexists, _ := logic.NetworkExists(params["network"])
|
2021-04-13 12:42:35 +08:00
|
|
|
//check that the request is for a valid network
|
2021-04-23 04:52:44 +08:00
|
|
|
//if (networkCheck && !networkexists) || err != nil {
|
|
|
|
if networkCheck && !networkexists {
|
2022-09-15 01:26:31 +08:00
|
|
|
logic.ReturnErrorResponse(w, r, errorResponse)
|
2021-03-27 04:13:51 +08:00
|
|
|
return
|
2021-04-23 04:52:44 +08:00
|
|
|
} else {
|
|
|
|
w.Header().Set("Content-Type", "application/json")
|
2021-03-26 00:17:52 +08:00
|
|
|
|
2021-04-23 04:52:44 +08:00
|
|
|
//get the auth token
|
|
|
|
bearerToken := r.Header.Get("Authorization")
|
2021-03-26 00:17:52 +08:00
|
|
|
|
2021-04-23 04:52:44 +08:00
|
|
|
var tokenSplit = strings.Split(bearerToken, " ")
|
2021-03-26 10:29:36 +08:00
|
|
|
|
2021-04-23 04:52:44 +08:00
|
|
|
//I put this in in case the user doesn't put in a token at all (in which case it's empty)
|
|
|
|
//There's probably a smarter way of handling this.
|
|
|
|
var authToken = "928rt238tghgwe@TY@$Y@#WQAEGB2FC#@HG#@$Hddd"
|
2021-03-26 00:17:52 +08:00
|
|
|
|
2021-04-23 04:52:44 +08:00
|
|
|
if len(tokenSplit) > 1 {
|
|
|
|
authToken = tokenSplit[1]
|
|
|
|
} else {
|
2022-09-15 01:26:31 +08:00
|
|
|
logic.ReturnErrorResponse(w, r, errorResponse)
|
2021-04-23 04:52:44 +08:00
|
|
|
return
|
|
|
|
}
|
2022-04-20 06:24:19 +08:00
|
|
|
//check if node instead of user
|
|
|
|
if nodesAllowed {
|
|
|
|
// TODO --- should ensure that node is only operating on itself
|
|
|
|
if _, _, _, err := logic.VerifyToken(authToken); err == nil {
|
2022-09-30 02:49:44 +08:00
|
|
|
|
|
|
|
// this indicates request is from a node
|
|
|
|
// used for failover - if a getNode comes from node, this will trigger a metrics wipe
|
2022-04-20 06:24:19 +08:00
|
|
|
next.ServeHTTP(w, r)
|
2022-04-22 02:22:34 +08:00
|
|
|
return
|
2022-04-20 06:24:19 +08:00
|
|
|
}
|
|
|
|
}
|
2021-03-26 00:17:52 +08:00
|
|
|
|
2021-07-19 23:30:27 +08:00
|
|
|
var isAuthorized = false
|
2022-01-11 06:52:21 +08:00
|
|
|
var nodeID = ""
|
2021-10-27 00:27:29 +08:00
|
|
|
username, networks, isadmin, errN := logic.VerifyUserToken(authToken)
|
2022-02-16 02:53:36 +08:00
|
|
|
if errN != nil {
|
2022-09-15 01:26:31 +08:00
|
|
|
logic.ReturnErrorResponse(w, r, errorResponse)
|
2022-02-16 02:53:36 +08:00
|
|
|
return
|
|
|
|
}
|
2022-09-14 03:25:56 +08:00
|
|
|
|
2021-07-02 12:03:46 +08:00
|
|
|
isnetadmin := isadmin
|
|
|
|
if errN == nil && isadmin {
|
2022-01-11 06:52:21 +08:00
|
|
|
nodeID = "mastermac"
|
2021-07-19 23:30:27 +08:00
|
|
|
isAuthorized = true
|
2021-07-27 22:48:58 +08:00
|
|
|
r.Header.Set("ismasterkey", "yes")
|
2021-04-23 04:52:44 +08:00
|
|
|
}
|
2021-07-19 23:30:27 +08:00
|
|
|
if !isadmin && params["network"] != "" {
|
2022-09-14 03:25:56 +08:00
|
|
|
if logic.StringSliceContains(networks, params["network"]) && pro.IsUserNetAdmin(params["network"], username) {
|
2021-07-19 23:30:27 +08:00
|
|
|
isnetadmin = true
|
|
|
|
}
|
|
|
|
}
|
2021-04-23 04:52:44 +08:00
|
|
|
//The mastermac (login with masterkey from config) can do everything!! May be dangerous.
|
2022-01-11 06:52:21 +08:00
|
|
|
if nodeID == "mastermac" {
|
2021-03-26 00:17:52 +08:00
|
|
|
isAuthorized = true
|
2021-07-27 22:48:58 +08:00
|
|
|
r.Header.Set("ismasterkey", "yes")
|
2021-04-23 04:52:44 +08:00
|
|
|
//for everyone else, there's poor man's RBAC. The "cases" are defined in the routes in the handlers
|
|
|
|
//So each route defines which access network should be allowed to access it
|
|
|
|
} else {
|
|
|
|
switch authNetwork {
|
|
|
|
case "all":
|
|
|
|
isAuthorized = true
|
|
|
|
case "nodes":
|
2022-01-11 06:52:21 +08:00
|
|
|
isAuthorized = (nodeID != "") || isnetadmin
|
2021-04-23 04:52:44 +08:00
|
|
|
case "network":
|
2021-07-02 12:03:46 +08:00
|
|
|
if isnetadmin {
|
|
|
|
isAuthorized = true
|
|
|
|
} else {
|
2022-01-11 06:52:21 +08:00
|
|
|
node, err := logic.GetNodeByID(nodeID)
|
2021-07-19 23:30:27 +08:00
|
|
|
if err != nil {
|
2022-09-15 01:26:31 +08:00
|
|
|
logic.ReturnErrorResponse(w, r, errorResponse)
|
2021-07-19 23:30:27 +08:00
|
|
|
return
|
2021-04-23 04:52:44 +08:00
|
|
|
}
|
2021-07-19 23:30:27 +08:00
|
|
|
isAuthorized = (node.Network == params["network"])
|
2021-07-02 12:03:46 +08:00
|
|
|
}
|
2021-04-23 04:52:44 +08:00
|
|
|
case "node":
|
2021-07-19 23:30:27 +08:00
|
|
|
if isnetadmin {
|
|
|
|
isAuthorized = true
|
|
|
|
} else {
|
2022-01-11 06:52:21 +08:00
|
|
|
isAuthorized = (nodeID == params["netid"])
|
2021-07-02 12:03:46 +08:00
|
|
|
}
|
2021-07-24 06:24:34 +08:00
|
|
|
case "user":
|
|
|
|
isAuthorized = true
|
2021-04-23 04:52:44 +08:00
|
|
|
default:
|
|
|
|
isAuthorized = false
|
|
|
|
}
|
2021-03-26 00:17:52 +08:00
|
|
|
}
|
2021-04-23 04:52:44 +08:00
|
|
|
if !isAuthorized {
|
2022-09-15 01:26:31 +08:00
|
|
|
logic.ReturnErrorResponse(w, r, errorResponse)
|
2021-04-23 04:52:44 +08:00
|
|
|
return
|
|
|
|
} else {
|
|
|
|
//If authorized, this function passes along it's request and output to the appropriate route function.
|
2021-07-19 23:30:27 +08:00
|
|
|
if username == "" {
|
|
|
|
username = "(user not found)"
|
|
|
|
}
|
|
|
|
r.Header.Set("user", username)
|
2021-04-23 04:52:44 +08:00
|
|
|
next.ServeHTTP(w, r)
|
2021-03-26 00:17:52 +08:00
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2022-09-06 20:20:24 +08:00
|
|
|
// swagger:route GET /api/nodes/{network} nodes getNetworkNodes
|
|
|
|
//
|
2022-09-11 12:51:59 +08:00
|
|
|
// Gets all nodes associated with network including pending nodes.
|
2022-09-06 20:20:24 +08:00
|
|
|
//
|
2022-11-02 23:22:40 +08:00
|
|
|
// Schemes: https
|
2022-09-06 20:20:24 +08:00
|
|
|
//
|
2022-11-02 23:22:40 +08:00
|
|
|
// Security:
|
|
|
|
// oauth
|
2022-09-11 12:51:59 +08:00
|
|
|
//
|
2022-11-02 23:22:40 +08:00
|
|
|
// Responses:
|
|
|
|
// 200: nodeSliceResponse
|
2021-04-13 12:42:35 +08:00
|
|
|
func getNetworkNodes(w http.ResponseWriter, r *http.Request) {
|
2021-03-26 00:17:52 +08:00
|
|
|
w.Header().Set("Content-Type", "application/json")
|
|
|
|
var params = mux.Vars(r)
|
2021-07-19 23:30:27 +08:00
|
|
|
networkName := params["network"]
|
2021-10-06 03:02:09 +08:00
|
|
|
nodes, err := logic.GetNetworkNodes(networkName)
|
2021-05-06 05:24:24 +08:00
|
|
|
if err != nil {
|
2022-07-12 17:38:15 +08:00
|
|
|
logger.Log(0, r.Header.Get("user"),
|
|
|
|
fmt.Sprintf("error fetching nodes on network %s: %v", networkName, err))
|
2022-09-15 01:26:31 +08:00
|
|
|
logic.ReturnErrorResponse(w, r, logic.FormatError(err, "internal"))
|
2021-05-06 05:24:24 +08:00
|
|
|
return
|
|
|
|
}
|
2021-03-26 00:17:52 +08:00
|
|
|
|
2021-05-06 05:24:24 +08:00
|
|
|
//Returns all the nodes in JSON format
|
2021-12-07 04:31:08 +08:00
|
|
|
logger.Log(2, r.Header.Get("user"), "fetched nodes on network", networkName)
|
2021-05-06 05:24:24 +08:00
|
|
|
w.WriteHeader(http.StatusOK)
|
|
|
|
json.NewEncoder(w).Encode(nodes)
|
|
|
|
}
|
2021-03-26 00:17:52 +08:00
|
|
|
|
2022-09-06 20:20:24 +08:00
|
|
|
// swagger:route GET /api/nodes nodes getAllNodes
|
|
|
|
//
|
|
|
|
// Get all nodes across all networks.
|
|
|
|
//
|
2022-11-02 23:22:40 +08:00
|
|
|
// Schemes: https
|
2022-09-06 20:20:24 +08:00
|
|
|
//
|
2022-11-02 23:22:40 +08:00
|
|
|
// Security:
|
|
|
|
// oauth
|
|
|
|
//
|
|
|
|
// Responses:
|
|
|
|
// 200: nodeSliceResponse
|
2022-09-11 12:51:59 +08:00
|
|
|
//
|
2022-08-18 16:49:35 +08:00
|
|
|
// Not quite sure if this is necessary. Probably necessary based on front end but may want to review after iteration 1 if it's being used or not
|
2021-03-26 00:17:52 +08:00
|
|
|
func getAllNodes(w http.ResponseWriter, r *http.Request) {
|
2021-04-23 04:52:44 +08:00
|
|
|
w.Header().Set("Content-Type", "application/json")
|
2021-10-27 00:27:29 +08:00
|
|
|
user, err := logic.GetUser(r.Header.Get("user"))
|
2021-07-27 22:48:58 +08:00
|
|
|
if err != nil && r.Header.Get("ismasterkey") != "yes" {
|
2022-07-12 17:38:15 +08:00
|
|
|
logger.Log(0, r.Header.Get("user"),
|
|
|
|
"error fetching user info: ", err.Error())
|
2022-09-15 01:26:31 +08:00
|
|
|
logic.ReturnErrorResponse(w, r, logic.FormatError(err, "internal"))
|
2021-04-23 04:52:44 +08:00
|
|
|
return
|
|
|
|
}
|
2022-12-21 04:29:09 +08:00
|
|
|
var nodes []models.Node
|
2021-07-29 04:08:50 +08:00
|
|
|
if user.IsAdmin || r.Header.Get("ismasterkey") == "yes" {
|
2021-10-27 00:27:29 +08:00
|
|
|
nodes, err = logic.GetAllNodes()
|
2021-07-25 04:13:24 +08:00
|
|
|
if err != nil {
|
2022-07-12 17:38:15 +08:00
|
|
|
logger.Log(0, "error fetching all nodes info: ", err.Error())
|
2022-09-15 01:26:31 +08:00
|
|
|
logic.ReturnErrorResponse(w, r, logic.FormatError(err, "internal"))
|
2021-07-25 04:13:24 +08:00
|
|
|
return
|
|
|
|
}
|
|
|
|
} else {
|
|
|
|
nodes, err = getUsersNodes(user)
|
|
|
|
if err != nil {
|
2022-07-12 17:38:15 +08:00
|
|
|
logger.Log(0, r.Header.Get("user"),
|
|
|
|
"error fetching nodes: ", err.Error())
|
2022-09-15 01:26:31 +08:00
|
|
|
logic.ReturnErrorResponse(w, r, logic.FormatError(err, "internal"))
|
2021-07-25 04:13:24 +08:00
|
|
|
return
|
|
|
|
}
|
|
|
|
}
|
2021-03-26 00:17:52 +08:00
|
|
|
//Return all the nodes in JSON format
|
2022-02-19 08:37:12 +08:00
|
|
|
logger.Log(3, r.Header.Get("user"), "fetched all nodes they have access to")
|
2021-04-23 04:52:44 +08:00
|
|
|
w.WriteHeader(http.StatusOK)
|
2022-03-08 09:23:18 +08:00
|
|
|
json.NewEncoder(w).Encode(nodes)
|
2021-03-26 00:17:52 +08:00
|
|
|
}
|
|
|
|
|
2022-12-21 04:29:09 +08:00
|
|
|
func getUsersNodes(user models.User) ([]models.Node, error) {
|
|
|
|
var nodes []models.Node
|
2021-07-25 04:13:24 +08:00
|
|
|
var err error
|
2021-07-24 06:24:34 +08:00
|
|
|
for _, networkName := range user.Networks {
|
2021-10-06 03:02:09 +08:00
|
|
|
tmpNodes, err := logic.GetNetworkNodes(networkName)
|
2021-07-24 06:24:34 +08:00
|
|
|
if err != nil {
|
|
|
|
continue
|
|
|
|
}
|
|
|
|
nodes = append(nodes, tmpNodes...)
|
|
|
|
}
|
|
|
|
return nodes, err
|
|
|
|
}
|
|
|
|
|
2022-09-06 20:20:24 +08:00
|
|
|
// swagger:route GET /api/nodes/{network}/{nodeid} nodes getNode
|
|
|
|
//
|
|
|
|
// Get an individual node.
|
|
|
|
//
|
2022-11-02 23:22:40 +08:00
|
|
|
// Schemes: https
|
2022-09-06 20:20:24 +08:00
|
|
|
//
|
2022-11-02 23:22:40 +08:00
|
|
|
// Security:
|
|
|
|
// oauth
|
2022-09-11 12:51:59 +08:00
|
|
|
//
|
2022-11-02 23:22:40 +08:00
|
|
|
// Responses:
|
|
|
|
// 200: nodeResponse
|
2021-03-26 00:17:52 +08:00
|
|
|
func getNode(w http.ResponseWriter, r *http.Request) {
|
|
|
|
// set header.
|
|
|
|
w.Header().Set("Content-Type", "application/json")
|
|
|
|
|
2022-09-30 02:49:44 +08:00
|
|
|
nodeRequest := r.Header.Get("requestfrom") == "node"
|
|
|
|
|
2021-04-23 04:52:44 +08:00
|
|
|
var params = mux.Vars(r)
|
2022-07-12 17:38:15 +08:00
|
|
|
nodeid := params["nodeid"]
|
|
|
|
node, err := logic.GetNodeByID(nodeid)
|
2021-04-23 04:52:44 +08:00
|
|
|
if err != nil {
|
2022-07-12 17:38:15 +08:00
|
|
|
logger.Log(0, r.Header.Get("user"),
|
|
|
|
fmt.Sprintf("error fetching node [ %s ] info: %v", nodeid, err))
|
2022-09-15 01:26:31 +08:00
|
|
|
logic.ReturnErrorResponse(w, r, logic.FormatError(err, "internal"))
|
2021-04-23 04:52:44 +08:00
|
|
|
return
|
|
|
|
}
|
2022-04-26 04:30:18 +08:00
|
|
|
|
|
|
|
peerUpdate, err := logic.GetPeerUpdate(&node)
|
|
|
|
if err != nil && !database.IsEmptyRecord(err) {
|
2022-07-12 17:38:15 +08:00
|
|
|
logger.Log(0, r.Header.Get("user"),
|
|
|
|
fmt.Sprintf("error fetching wg peers config for node [ %s ]: %v", nodeid, err))
|
2022-09-15 01:26:31 +08:00
|
|
|
logic.ReturnErrorResponse(w, r, logic.FormatError(err, "internal"))
|
2022-04-26 04:30:18 +08:00
|
|
|
return
|
|
|
|
}
|
2022-12-21 04:29:09 +08:00
|
|
|
host, err := logic.GetHost(node.HostID.String())
|
|
|
|
if err != nil {
|
|
|
|
logger.Log(0, r.Header.Get("user"),
|
|
|
|
fmt.Sprintf("error fetching host for node [ %s ] info: %v", nodeid, err))
|
|
|
|
logic.ReturnErrorResponse(w, r, logic.FormatError(err, "internal"))
|
|
|
|
return
|
2022-09-02 16:52:28 +08:00
|
|
|
}
|
2022-12-21 04:29:09 +08:00
|
|
|
server := servercfg.GetServerInfo()
|
|
|
|
network, err := logic.GetNetwork(node.Network)
|
|
|
|
if err != nil {
|
|
|
|
logger.Log(0, r.Header.Get("user"),
|
|
|
|
fmt.Sprintf("error fetching network for node [ %s ] info: %v", nodeid, err))
|
|
|
|
logic.ReturnErrorResponse(w, r, logic.FormatError(err, "internal"))
|
|
|
|
return
|
|
|
|
}
|
|
|
|
legacy := node.Legacy(host, &server, &network)
|
2022-04-26 04:30:18 +08:00
|
|
|
response := models.NodeGet{
|
2022-12-21 04:29:09 +08:00
|
|
|
Node: *legacy,
|
|
|
|
Peers: peerUpdate.Peers,
|
|
|
|
ServerConfig: server,
|
2022-09-14 03:25:56 +08:00
|
|
|
PeerIDs: peerUpdate.PeerIDs,
|
2022-04-26 04:30:18 +08:00
|
|
|
}
|
2022-12-22 19:42:33 +08:00
|
|
|
if host.ProxyEnabled {
|
2022-11-20 12:05:29 +08:00
|
|
|
proxyPayload, err := logic.GetPeersForProxy(&node, false)
|
|
|
|
if err == nil {
|
|
|
|
response.ProxyUpdate = proxyPayload
|
|
|
|
} else {
|
|
|
|
logger.Log(0, "failed to get proxy update: ", err.Error())
|
|
|
|
}
|
|
|
|
}
|
2022-04-26 04:30:18 +08:00
|
|
|
|
2022-09-30 02:49:44 +08:00
|
|
|
if servercfg.Is_EE && nodeRequest {
|
2022-12-21 04:29:09 +08:00
|
|
|
if err = logic.EnterpriseResetAllPeersFailovers(node.ID.String(), node.Network); err != nil {
|
|
|
|
logger.Log(1, "failed to reset failover list during node config pull", node.ID.String(), node.Network)
|
2022-09-30 02:49:44 +08:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2022-01-11 06:52:21 +08:00
|
|
|
logger.Log(2, r.Header.Get("user"), "fetched node", params["nodeid"])
|
2021-04-13 11:19:01 +08:00
|
|
|
w.WriteHeader(http.StatusOK)
|
2022-04-26 04:30:18 +08:00
|
|
|
json.NewEncoder(w).Encode(response)
|
2021-03-26 00:17:52 +08:00
|
|
|
}
|
|
|
|
|
2022-09-06 20:20:24 +08:00
|
|
|
// swagger:route POST /api/nodes/{network} nodes createNode
|
|
|
|
//
|
|
|
|
// Create a node on a network.
|
|
|
|
//
|
2022-11-02 23:22:40 +08:00
|
|
|
// Schemes: https
|
2022-09-06 20:20:24 +08:00
|
|
|
//
|
2022-11-02 23:22:40 +08:00
|
|
|
// Security:
|
|
|
|
// oauth
|
2022-09-11 12:51:59 +08:00
|
|
|
//
|
2022-11-02 23:22:40 +08:00
|
|
|
// Responses:
|
|
|
|
// 200: nodeGetResponse
|
2021-03-26 00:17:52 +08:00
|
|
|
func createNode(w http.ResponseWriter, r *http.Request) {
|
|
|
|
w.Header().Set("Content-Type", "application/json")
|
|
|
|
|
2021-04-23 04:52:44 +08:00
|
|
|
var params = mux.Vars(r)
|
2021-03-26 00:17:52 +08:00
|
|
|
|
|
|
|
var errorResponse = models.ErrorResponse{
|
2021-04-23 04:52:44 +08:00
|
|
|
Code: http.StatusInternalServerError, Message: "W1R3: It's not you it's me.",
|
2021-03-26 00:17:52 +08:00
|
|
|
}
|
2021-04-23 04:52:44 +08:00
|
|
|
networkName := params["network"]
|
2022-09-15 01:26:31 +08:00
|
|
|
networkexists, err := logic.NetworkExists(networkName)
|
2021-04-23 04:52:44 +08:00
|
|
|
|
|
|
|
if err != nil {
|
2022-07-12 17:38:15 +08:00
|
|
|
logger.Log(0, r.Header.Get("user"),
|
|
|
|
fmt.Sprintf("failed to fetch network [%s] info: %v", networkName, err))
|
2022-09-15 01:26:31 +08:00
|
|
|
logic.ReturnErrorResponse(w, r, logic.FormatError(err, "internal"))
|
2021-04-23 04:52:44 +08:00
|
|
|
return
|
|
|
|
} else if !networkexists {
|
|
|
|
errorResponse = models.ErrorResponse{
|
|
|
|
Code: http.StatusNotFound, Message: "W1R3: Network does not exist! ",
|
|
|
|
}
|
2022-07-12 17:38:15 +08:00
|
|
|
logger.Log(0, r.Header.Get("user"),
|
|
|
|
fmt.Sprintf("network [%s] does not exist", networkName))
|
2022-09-15 01:26:31 +08:00
|
|
|
logic.ReturnErrorResponse(w, r, errorResponse)
|
2021-04-23 04:52:44 +08:00
|
|
|
return
|
|
|
|
}
|
2021-03-26 00:17:52 +08:00
|
|
|
|
2022-12-20 04:15:35 +08:00
|
|
|
//get data from body of request
|
|
|
|
data := models.JoinData{}
|
|
|
|
err = json.NewDecoder(r.Body).Decode(&data)
|
2021-04-23 04:52:44 +08:00
|
|
|
if err != nil {
|
2022-07-12 17:38:15 +08:00
|
|
|
logger.Log(0, r.Header.Get("user"), "error decoding request body: ", err.Error())
|
2022-09-15 01:26:31 +08:00
|
|
|
logic.ReturnErrorResponse(w, r, logic.FormatError(err, "badrequest"))
|
2021-04-23 04:52:44 +08:00
|
|
|
return
|
|
|
|
}
|
2021-03-26 00:17:52 +08:00
|
|
|
|
2022-12-20 04:15:35 +08:00
|
|
|
if !logic.IsVersionComptatible(data.Host.Version) {
|
2022-11-15 03:41:34 +08:00
|
|
|
err := errors.New("incomatible netclient version")
|
|
|
|
logic.ReturnErrorResponse(w, r, logic.FormatError(err, "badrequest"))
|
|
|
|
return
|
|
|
|
}
|
|
|
|
|
2022-12-20 04:15:35 +08:00
|
|
|
data.Node.Network = networkName
|
2021-03-26 00:17:52 +08:00
|
|
|
|
2022-12-20 04:15:35 +08:00
|
|
|
networkSettings, err := logic.GetNetworkSettings(networkName)
|
2021-04-23 04:52:44 +08:00
|
|
|
if err != nil {
|
2022-07-12 17:38:15 +08:00
|
|
|
logger.Log(0, r.Header.Get("user"),
|
2022-12-20 04:15:35 +08:00
|
|
|
fmt.Sprintf("failed to get network [%s] settings: %v", networkName, err))
|
2022-09-15 01:26:31 +08:00
|
|
|
logic.ReturnErrorResponse(w, r, logic.FormatError(err, "internal"))
|
2021-04-23 04:52:44 +08:00
|
|
|
return
|
|
|
|
}
|
2022-12-20 04:15:35 +08:00
|
|
|
data.Node.NetworkSettings(networkSettings)
|
|
|
|
keyName, validKey := logic.IsKeyValid(networkName, data.Key)
|
2021-03-26 00:17:52 +08:00
|
|
|
if !validKey {
|
2022-12-20 04:15:35 +08:00
|
|
|
errorResponse = models.ErrorResponse{
|
|
|
|
Code: http.StatusUnauthorized, Message: "W1R3: Key invalid, or none provided.",
|
2021-03-26 00:17:52 +08:00
|
|
|
}
|
2022-12-20 04:15:35 +08:00
|
|
|
logger.Log(0, r.Header.Get("user"),
|
|
|
|
fmt.Sprintf("failed to create node on network [%s]: %s",
|
|
|
|
data.Node.Network, errorResponse.Message))
|
|
|
|
logic.ReturnErrorResponse(w, r, errorResponse)
|
|
|
|
return
|
2021-03-26 00:17:52 +08:00
|
|
|
}
|
2022-09-14 03:25:56 +08:00
|
|
|
user, err := pro.GetNetworkUser(networkName, promodels.NetworkUserID(keyName))
|
|
|
|
if err == nil {
|
|
|
|
if user.ID != "" {
|
|
|
|
logger.Log(1, "associating new node with user", keyName)
|
2022-12-20 04:15:35 +08:00
|
|
|
data.Node.OwnerID = string(user.ID)
|
2022-09-14 03:25:56 +08:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2022-04-21 04:32:51 +08:00
|
|
|
key, keyErr := logic.RetrievePublicTrafficKey()
|
|
|
|
if keyErr != nil {
|
|
|
|
logger.Log(0, "error retrieving key: ", keyErr.Error())
|
2022-09-15 01:26:31 +08:00
|
|
|
logic.ReturnErrorResponse(w, r, logic.FormatError(err, "internal"))
|
2022-04-21 04:32:51 +08:00
|
|
|
return
|
|
|
|
}
|
|
|
|
if key == nil {
|
|
|
|
logger.Log(0, "error: server traffic key is nil")
|
2022-09-15 01:26:31 +08:00
|
|
|
logic.ReturnErrorResponse(w, r, logic.FormatError(err, "internal"))
|
2022-04-21 04:32:51 +08:00
|
|
|
return
|
|
|
|
}
|
2022-12-20 04:15:35 +08:00
|
|
|
if data.Host.TrafficKeyPublic == nil {
|
2022-04-21 04:32:51 +08:00
|
|
|
logger.Log(0, "error: node traffic key is nil")
|
2022-09-15 01:26:31 +08:00
|
|
|
logic.ReturnErrorResponse(w, r, logic.FormatError(err, "internal"))
|
2022-04-21 04:32:51 +08:00
|
|
|
return
|
|
|
|
}
|
2022-12-20 04:15:35 +08:00
|
|
|
server := servercfg.GetServerInfo()
|
|
|
|
server.TrafficKey = key
|
2022-09-30 23:39:45 +08:00
|
|
|
// consume password before hashing for mq client creation
|
2022-12-20 04:15:35 +08:00
|
|
|
nodePassword := data.Host.HostPass
|
|
|
|
data.Node.Server = servercfg.GetServer()
|
2022-12-22 03:43:46 +08:00
|
|
|
if err := logic.CreateHost(&data.Host); err != nil {
|
|
|
|
if errors.Is(err, logic.ErrHostExists) {
|
|
|
|
logger.Log(3, "host exists .. no need to create")
|
|
|
|
} else {
|
2022-12-21 19:08:52 +08:00
|
|
|
logger.Log(0, "error creating host", err.Error())
|
|
|
|
logic.ReturnErrorResponse(w, r, logic.FormatError(err, "badrequest"))
|
|
|
|
return
|
|
|
|
}
|
|
|
|
}
|
2022-12-20 04:15:35 +08:00
|
|
|
err = logic.CreateNode(&data.Node)
|
2021-04-23 04:52:44 +08:00
|
|
|
if err != nil {
|
2022-07-12 17:38:15 +08:00
|
|
|
logger.Log(0, r.Header.Get("user"),
|
|
|
|
fmt.Sprintf("failed to create node on network [%s]: %s",
|
2022-12-20 04:15:35 +08:00
|
|
|
networkName, err))
|
2022-09-15 01:26:31 +08:00
|
|
|
logic.ReturnErrorResponse(w, r, logic.FormatError(err, "internal"))
|
2021-04-23 04:52:44 +08:00
|
|
|
return
|
|
|
|
}
|
2022-01-25 20:31:50 +08:00
|
|
|
|
2022-09-14 03:25:56 +08:00
|
|
|
// check if key belongs to a user
|
|
|
|
// if so add to their netuser data
|
|
|
|
// if it fails remove the node and fail request
|
|
|
|
if user != nil {
|
|
|
|
var updatedUserNode bool
|
2022-12-20 04:15:35 +08:00
|
|
|
user.Nodes = append(user.Nodes, data.Node.ID.String()) // add new node to user
|
2022-09-14 03:25:56 +08:00
|
|
|
if err = pro.UpdateNetworkUser(networkName, user); err == nil {
|
2022-12-20 04:15:35 +08:00
|
|
|
logger.Log(1, "added node", data.Node.ID.String(), data.Host.Name, "to user", string(user.ID))
|
2022-09-14 03:25:56 +08:00
|
|
|
updatedUserNode = true
|
|
|
|
}
|
|
|
|
if !updatedUserNode { // user was found but not updated, so delete node
|
|
|
|
logger.Log(0, "failed to add node to user", keyName)
|
2022-12-20 04:15:35 +08:00
|
|
|
logic.DeleteNode(&data.Node, true)
|
2022-09-15 01:26:31 +08:00
|
|
|
logic.ReturnErrorResponse(w, r, logic.FormatError(err, "internal"))
|
2022-09-14 03:25:56 +08:00
|
|
|
return
|
|
|
|
}
|
|
|
|
}
|
2022-12-20 04:15:35 +08:00
|
|
|
peerUpdate, err := logic.GetPeerUpdate(&data.Node)
|
2022-04-26 04:30:18 +08:00
|
|
|
if err != nil && !database.IsEmptyRecord(err) {
|
2022-07-12 17:38:15 +08:00
|
|
|
logger.Log(0, r.Header.Get("user"),
|
2022-12-20 04:15:35 +08:00
|
|
|
fmt.Sprintf("error fetching wg peers config for node [ %s ]: %v", data.Node.ID.String(), err))
|
2022-09-15 01:26:31 +08:00
|
|
|
logic.ReturnErrorResponse(w, r, logic.FormatError(err, "internal"))
|
2022-04-26 04:30:18 +08:00
|
|
|
return
|
|
|
|
}
|
2022-12-20 04:15:35 +08:00
|
|
|
data.Node.Peers = peerUpdate.Peers
|
2022-09-30 21:01:57 +08:00
|
|
|
|
2022-11-02 23:22:40 +08:00
|
|
|
// Create client for this host in Mq
|
2022-09-30 02:29:18 +08:00
|
|
|
event := mq.MqDynsecPayload{
|
|
|
|
Commands: []mq.MqDynSecCmd{
|
2022-09-30 23:29:03 +08:00
|
|
|
{ // delete if any client exists already
|
2022-09-30 02:29:18 +08:00
|
|
|
Command: mq.DeleteClientCmd,
|
2022-12-20 04:15:35 +08:00
|
|
|
Username: data.Host.ID.String(),
|
2022-09-16 14:05:28 +08:00
|
|
|
},
|
2022-09-30 21:01:57 +08:00
|
|
|
{
|
|
|
|
Command: mq.CreateRoleCmd,
|
2022-12-20 04:15:35 +08:00
|
|
|
RoleName: networkName,
|
2022-09-30 21:01:57 +08:00
|
|
|
Textname: "Network wide role with Acls for nodes",
|
2022-12-20 04:15:35 +08:00
|
|
|
Acls: mq.FetchNetworkAcls(networkName),
|
2022-09-30 21:01:57 +08:00
|
|
|
},
|
2022-09-30 02:29:18 +08:00
|
|
|
{
|
|
|
|
Command: mq.CreateClientCmd,
|
2022-12-20 04:15:35 +08:00
|
|
|
Username: data.Host.ID.String(),
|
2022-09-30 02:29:18 +08:00
|
|
|
Password: nodePassword,
|
2022-12-20 04:15:35 +08:00
|
|
|
Textname: data.Host.Name,
|
2022-09-30 02:29:18 +08:00
|
|
|
Roles: []mq.MqDynSecRole{
|
|
|
|
{
|
2022-09-30 23:29:03 +08:00
|
|
|
Rolename: mq.NodeRole,
|
2022-09-30 02:29:18 +08:00
|
|
|
Priority: -1,
|
|
|
|
},
|
|
|
|
{
|
2022-12-20 04:15:35 +08:00
|
|
|
Rolename: networkName,
|
2022-09-30 02:29:18 +08:00
|
|
|
Priority: -1,
|
2022-09-30 01:24:41 +08:00
|
|
|
},
|
2022-09-14 18:29:22 +08:00
|
|
|
},
|
2022-09-30 02:29:18 +08:00
|
|
|
Groups: make([]mq.MqDynSecGroup, 0),
|
2022-09-14 18:29:22 +08:00
|
|
|
},
|
|
|
|
},
|
|
|
|
}
|
2022-09-30 02:29:18 +08:00
|
|
|
|
2022-09-27 00:25:24 +08:00
|
|
|
if err := mq.PublishEventToDynSecTopic(event); err != nil {
|
2022-09-30 01:24:41 +08:00
|
|
|
logger.Log(0, fmt.Sprintf("failed to send DynSec command [%v]: %v",
|
2022-09-30 02:29:18 +08:00
|
|
|
event.Commands, err.Error()))
|
2022-09-27 00:25:24 +08:00
|
|
|
}
|
2022-04-26 04:30:18 +08:00
|
|
|
|
2022-12-21 04:29:09 +08:00
|
|
|
response := models.NodeJoinResponse{
|
|
|
|
Node: data.Node,
|
2022-12-20 04:15:35 +08:00
|
|
|
ServerConfig: server,
|
2022-09-14 03:25:56 +08:00
|
|
|
PeerIDs: peerUpdate.PeerIDs,
|
2022-04-26 04:30:18 +08:00
|
|
|
}
|
|
|
|
|
2022-12-20 04:15:35 +08:00
|
|
|
//host, newNode := node.ConvertToNewNode()
|
2022-12-21 04:29:09 +08:00
|
|
|
|
|
|
|
logic.UpsertHost(&data.Host)
|
|
|
|
//logic.CreateNode()
|
|
|
|
//logic.SaveNode(data.Node)
|
2022-12-20 04:15:35 +08:00
|
|
|
|
|
|
|
logger.Log(1, r.Header.Get("user"), "created new node", data.Host.Name, "on network", networkName)
|
2021-04-13 11:19:01 +08:00
|
|
|
w.WriteHeader(http.StatusOK)
|
2022-04-26 04:30:18 +08:00
|
|
|
json.NewEncoder(w).Encode(response)
|
2022-12-20 04:15:35 +08:00
|
|
|
|
|
|
|
go func() {
|
2022-12-21 04:29:09 +08:00
|
|
|
if err := mq.PublishPeerUpdate(data.Node.Network, true); err != nil {
|
2022-12-20 04:15:35 +08:00
|
|
|
logger.Log(1, "failed a peer update after creation of node", data.Host.Name)
|
|
|
|
}
|
|
|
|
}()
|
|
|
|
//runForceServerUpdate(&data.Node, true)
|
2021-03-26 00:17:52 +08:00
|
|
|
}
|
|
|
|
|
2022-02-17 09:42:57 +08:00
|
|
|
// == EGRESS ==
|
|
|
|
|
2022-09-06 20:20:24 +08:00
|
|
|
// swagger:route POST /api/nodes/{network}/{nodeid}/creategateway nodes createEgressGateway
|
|
|
|
//
|
|
|
|
// Create an egress gateway.
|
|
|
|
//
|
2022-11-02 23:22:40 +08:00
|
|
|
// Schemes: https
|
2022-09-06 20:20:24 +08:00
|
|
|
//
|
2022-11-02 23:22:40 +08:00
|
|
|
// Security:
|
|
|
|
// oauth
|
2022-09-11 12:51:59 +08:00
|
|
|
//
|
2022-11-02 23:22:40 +08:00
|
|
|
// Responses:
|
|
|
|
// 200: nodeResponse
|
2021-05-20 01:59:10 +08:00
|
|
|
func createEgressGateway(w http.ResponseWriter, r *http.Request) {
|
|
|
|
var gateway models.EgressGatewayRequest
|
2021-05-06 05:24:24 +08:00
|
|
|
var params = mux.Vars(r)
|
|
|
|
w.Header().Set("Content-Type", "application/json")
|
2021-04-13 14:55:49 +08:00
|
|
|
err := json.NewDecoder(r.Body).Decode(&gateway)
|
2021-04-23 04:52:44 +08:00
|
|
|
if err != nil {
|
2022-07-12 17:38:15 +08:00
|
|
|
logger.Log(0, r.Header.Get("user"), "error decoding request body: ", err.Error())
|
2022-09-15 01:26:31 +08:00
|
|
|
logic.ReturnErrorResponse(w, r, logic.FormatError(err, "badrequest"))
|
2021-04-23 04:52:44 +08:00
|
|
|
return
|
|
|
|
}
|
2021-04-13 14:55:49 +08:00
|
|
|
gateway.NetID = params["network"]
|
2022-01-11 06:52:21 +08:00
|
|
|
gateway.NodeID = params["nodeid"]
|
2021-12-08 01:46:55 +08:00
|
|
|
node, err := logic.CreateEgressGateway(gateway)
|
2021-04-23 04:52:44 +08:00
|
|
|
if err != nil {
|
2022-07-12 17:38:15 +08:00
|
|
|
logger.Log(0, r.Header.Get("user"),
|
|
|
|
fmt.Sprintf("failed to create egress gateway on node [%s] on network [%s]: %v",
|
|
|
|
gateway.NodeID, gateway.NetID, err))
|
2022-09-15 01:26:31 +08:00
|
|
|
logic.ReturnErrorResponse(w, r, logic.FormatError(err, "internal"))
|
2021-04-23 04:52:44 +08:00
|
|
|
return
|
|
|
|
}
|
2022-02-01 03:01:09 +08:00
|
|
|
|
2021-12-07 04:31:08 +08:00
|
|
|
logger.Log(1, r.Header.Get("user"), "created egress gateway on node", gateway.NodeID, "on network", gateway.NetID)
|
2021-05-06 05:24:24 +08:00
|
|
|
w.WriteHeader(http.StatusOK)
|
|
|
|
json.NewEncoder(w).Encode(node)
|
2022-02-01 03:01:09 +08:00
|
|
|
|
2022-02-17 09:42:57 +08:00
|
|
|
runUpdates(&node, true)
|
2021-05-06 05:24:24 +08:00
|
|
|
}
|
2021-04-13 11:19:01 +08:00
|
|
|
|
2022-09-06 20:20:24 +08:00
|
|
|
// swagger:route DELETE /api/nodes/{network}/{nodeid}/deletegateway nodes deleteEgressGateway
|
|
|
|
//
|
|
|
|
// Delete an egress gateway.
|
|
|
|
//
|
2022-11-02 23:22:40 +08:00
|
|
|
// Schemes: https
|
2022-09-06 20:20:24 +08:00
|
|
|
//
|
2022-11-02 23:22:40 +08:00
|
|
|
// Security:
|
|
|
|
// oauth
|
2022-09-11 12:51:59 +08:00
|
|
|
//
|
2022-11-02 23:22:40 +08:00
|
|
|
// Responses:
|
|
|
|
// 200: nodeResponse
|
2021-05-20 01:59:10 +08:00
|
|
|
func deleteEgressGateway(w http.ResponseWriter, r *http.Request) {
|
2021-04-23 04:52:44 +08:00
|
|
|
w.Header().Set("Content-Type", "application/json")
|
|
|
|
var params = mux.Vars(r)
|
2022-01-11 06:52:21 +08:00
|
|
|
nodeid := params["nodeid"]
|
2021-07-19 23:30:27 +08:00
|
|
|
netid := params["network"]
|
2022-01-11 06:52:21 +08:00
|
|
|
node, err := logic.DeleteEgressGateway(netid, nodeid)
|
2021-04-23 04:52:44 +08:00
|
|
|
if err != nil {
|
2022-07-12 17:38:15 +08:00
|
|
|
logger.Log(0, r.Header.Get("user"),
|
|
|
|
fmt.Sprintf("failed to delete egress gateway on node [%s] on network [%s]: %v",
|
|
|
|
nodeid, netid, err))
|
2022-09-15 01:26:31 +08:00
|
|
|
logic.ReturnErrorResponse(w, r, logic.FormatError(err, "internal"))
|
2021-04-23 04:52:44 +08:00
|
|
|
return
|
|
|
|
}
|
2022-02-01 03:01:09 +08:00
|
|
|
|
2022-07-12 17:38:15 +08:00
|
|
|
logger.Log(1, r.Header.Get("user"), "deleted egress gateway on node", nodeid, "on network", netid)
|
2021-05-06 05:24:24 +08:00
|
|
|
w.WriteHeader(http.StatusOK)
|
|
|
|
json.NewEncoder(w).Encode(node)
|
2022-02-01 03:01:09 +08:00
|
|
|
|
2022-02-17 09:42:57 +08:00
|
|
|
runUpdates(&node, true)
|
2021-05-06 05:24:24 +08:00
|
|
|
}
|
2021-04-13 14:55:49 +08:00
|
|
|
|
2021-05-16 21:49:01 +08:00
|
|
|
// == INGRESS ==
|
2021-12-11 10:09:42 +08:00
|
|
|
|
2022-09-06 20:20:24 +08:00
|
|
|
// swagger:route POST /api/nodes/{network}/{nodeid}/createingress nodes createIngressGateway
|
|
|
|
//
|
|
|
|
// Create an ingress gateway.
|
|
|
|
//
|
2022-11-02 23:22:40 +08:00
|
|
|
// Schemes: https
|
2022-09-06 20:20:24 +08:00
|
|
|
//
|
2022-11-02 23:22:40 +08:00
|
|
|
// Security:
|
|
|
|
// oauth
|
2022-09-11 12:51:59 +08:00
|
|
|
//
|
2022-11-02 23:22:40 +08:00
|
|
|
// Responses:
|
|
|
|
// 200: nodeResponse
|
2021-05-20 01:59:10 +08:00
|
|
|
func createIngressGateway(w http.ResponseWriter, r *http.Request) {
|
2021-05-16 21:49:01 +08:00
|
|
|
var params = mux.Vars(r)
|
|
|
|
w.Header().Set("Content-Type", "application/json")
|
2022-01-11 06:52:21 +08:00
|
|
|
nodeid := params["nodeid"]
|
2021-07-19 23:30:27 +08:00
|
|
|
netid := params["network"]
|
2022-09-29 02:59:21 +08:00
|
|
|
type failoverData struct {
|
|
|
|
Failover bool `json:"failover"`
|
|
|
|
}
|
|
|
|
var failoverReqBody failoverData
|
|
|
|
json.NewDecoder(r.Body).Decode(&failoverReqBody)
|
|
|
|
|
|
|
|
node, err := logic.CreateIngressGateway(netid, nodeid, failoverReqBody.Failover)
|
2021-05-16 21:49:01 +08:00
|
|
|
if err != nil {
|
2022-07-12 17:38:15 +08:00
|
|
|
logger.Log(0, r.Header.Get("user"),
|
|
|
|
fmt.Sprintf("failed to create ingress gateway on node [%s] on network [%s]: %v",
|
|
|
|
nodeid, netid, err))
|
2022-09-15 01:26:31 +08:00
|
|
|
logic.ReturnErrorResponse(w, r, logic.FormatError(err, "internal"))
|
2021-05-16 21:49:01 +08:00
|
|
|
return
|
|
|
|
}
|
2022-02-01 03:01:09 +08:00
|
|
|
|
2022-09-30 02:49:44 +08:00
|
|
|
if servercfg.Is_EE && failoverReqBody.Failover {
|
|
|
|
if err = logic.EnterpriseResetFailoverFunc(node.Network); err != nil {
|
2022-12-21 04:29:09 +08:00
|
|
|
logger.Log(1, "failed to reset failover list during failover create", node.ID.String(), node.Network)
|
2022-09-30 02:49:44 +08:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2022-01-11 06:52:21 +08:00
|
|
|
logger.Log(1, r.Header.Get("user"), "created ingress gateway on node", nodeid, "on network", netid)
|
2021-05-16 21:49:01 +08:00
|
|
|
w.WriteHeader(http.StatusOK)
|
|
|
|
json.NewEncoder(w).Encode(node)
|
2022-02-01 03:01:09 +08:00
|
|
|
|
2022-02-17 09:42:57 +08:00
|
|
|
runUpdates(&node, true)
|
2021-05-16 21:49:01 +08:00
|
|
|
}
|
|
|
|
|
2022-09-06 20:20:24 +08:00
|
|
|
// swagger:route DELETE /api/nodes/{network}/{nodeid}/deleteingress nodes deleteIngressGateway
|
|
|
|
//
|
|
|
|
// Delete an ingress gateway.
|
|
|
|
//
|
2022-11-02 23:22:40 +08:00
|
|
|
// Schemes: https
|
2022-09-06 20:20:24 +08:00
|
|
|
//
|
2022-11-02 23:22:40 +08:00
|
|
|
// Security:
|
|
|
|
// oauth
|
2022-09-11 12:51:59 +08:00
|
|
|
//
|
2022-11-02 23:22:40 +08:00
|
|
|
// Responses:
|
|
|
|
// 200: nodeResponse
|
2021-05-20 01:59:10 +08:00
|
|
|
func deleteIngressGateway(w http.ResponseWriter, r *http.Request) {
|
2021-05-16 21:49:01 +08:00
|
|
|
w.Header().Set("Content-Type", "application/json")
|
|
|
|
var params = mux.Vars(r)
|
2022-01-11 06:52:21 +08:00
|
|
|
nodeid := params["nodeid"]
|
2022-07-12 17:38:15 +08:00
|
|
|
netid := params["network"]
|
2022-09-30 02:49:44 +08:00
|
|
|
node, wasFailover, err := logic.DeleteIngressGateway(netid, nodeid)
|
2021-05-16 21:49:01 +08:00
|
|
|
if err != nil {
|
2022-07-12 17:38:15 +08:00
|
|
|
logger.Log(0, r.Header.Get("user"),
|
|
|
|
fmt.Sprintf("failed to delete ingress gateway on node [%s] on network [%s]: %v",
|
|
|
|
nodeid, netid, err))
|
2022-09-15 01:26:31 +08:00
|
|
|
logic.ReturnErrorResponse(w, r, logic.FormatError(err, "internal"))
|
2021-05-16 21:49:01 +08:00
|
|
|
return
|
|
|
|
}
|
2022-02-01 03:01:09 +08:00
|
|
|
|
2022-09-30 02:49:44 +08:00
|
|
|
if servercfg.Is_EE && wasFailover {
|
|
|
|
if err = logic.EnterpriseResetFailoverFunc(node.Network); err != nil {
|
2022-12-21 04:29:09 +08:00
|
|
|
logger.Log(1, "failed to reset failover list during failover create", node.ID.String(), node.Network)
|
2022-09-30 02:49:44 +08:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2022-01-11 06:52:21 +08:00
|
|
|
logger.Log(1, r.Header.Get("user"), "deleted ingress gateway", nodeid)
|
2021-05-16 21:49:01 +08:00
|
|
|
w.WriteHeader(http.StatusOK)
|
|
|
|
json.NewEncoder(w).Encode(node)
|
2022-02-01 03:01:09 +08:00
|
|
|
|
2022-02-17 09:42:57 +08:00
|
|
|
runUpdates(&node, true)
|
2021-05-16 21:49:01 +08:00
|
|
|
}
|
|
|
|
|
2022-09-06 20:20:24 +08:00
|
|
|
// swagger:route PUT /api/nodes/{network}/{nodeid} nodes updateNode
|
|
|
|
//
|
|
|
|
// Update an individual node.
|
|
|
|
//
|
2022-11-02 23:22:40 +08:00
|
|
|
// Schemes: https
|
2022-09-06 20:20:24 +08:00
|
|
|
//
|
2022-11-02 23:22:40 +08:00
|
|
|
// Security:
|
|
|
|
// oauth
|
2022-09-11 12:51:59 +08:00
|
|
|
//
|
2022-11-02 23:22:40 +08:00
|
|
|
// Responses:
|
|
|
|
// 200: nodeResponse
|
2021-03-26 00:17:52 +08:00
|
|
|
func updateNode(w http.ResponseWriter, r *http.Request) {
|
|
|
|
w.Header().Set("Content-Type", "application/json")
|
|
|
|
|
|
|
|
var params = mux.Vars(r)
|
|
|
|
|
2022-12-21 04:29:09 +08:00
|
|
|
var node models.Node
|
2021-03-26 00:17:52 +08:00
|
|
|
//start here
|
2022-07-12 17:38:15 +08:00
|
|
|
nodeid := params["nodeid"]
|
|
|
|
node, err := logic.GetNodeByID(nodeid)
|
2021-04-23 04:52:44 +08:00
|
|
|
if err != nil {
|
2022-07-12 17:38:15 +08:00
|
|
|
logger.Log(0, r.Header.Get("user"),
|
|
|
|
fmt.Sprintf("error fetching node [ %s ] info: %v", nodeid, err))
|
2022-09-15 01:26:31 +08:00
|
|
|
logic.ReturnErrorResponse(w, r, logic.FormatError(err, "internal"))
|
2021-04-23 04:52:44 +08:00
|
|
|
return
|
|
|
|
}
|
2021-04-13 11:19:01 +08:00
|
|
|
|
2022-12-21 04:29:09 +08:00
|
|
|
var newNode models.Node
|
2021-04-23 04:52:44 +08:00
|
|
|
// we decode our body request params
|
2021-07-25 04:13:24 +08:00
|
|
|
err = json.NewDecoder(r.Body).Decode(&newNode)
|
2021-04-23 04:52:44 +08:00
|
|
|
if err != nil {
|
2022-07-12 17:38:15 +08:00
|
|
|
logger.Log(0, r.Header.Get("user"), "error decoding request body: ", err.Error())
|
2022-09-15 01:26:31 +08:00
|
|
|
logic.ReturnErrorResponse(w, r, logic.FormatError(err, "badrequest"))
|
2021-04-23 04:52:44 +08:00
|
|
|
return
|
|
|
|
}
|
2021-09-17 08:00:40 +08:00
|
|
|
relayupdate := false
|
2022-12-21 04:29:09 +08:00
|
|
|
if node.IsRelay && len(newNode.RelayAddrs) > 0 {
|
2021-09-17 09:49:09 +08:00
|
|
|
if len(newNode.RelayAddrs) != len(node.RelayAddrs) {
|
2021-09-18 22:33:14 +08:00
|
|
|
relayupdate = true
|
2021-09-17 09:49:09 +08:00
|
|
|
} else {
|
|
|
|
for i, addr := range newNode.RelayAddrs {
|
2021-09-18 22:33:14 +08:00
|
|
|
if addr != node.RelayAddrs[i] {
|
|
|
|
relayupdate = true
|
|
|
|
}
|
2021-09-17 08:00:40 +08:00
|
|
|
}
|
2021-09-17 09:49:09 +08:00
|
|
|
}
|
2021-09-17 08:00:40 +08:00
|
|
|
}
|
2022-06-13 23:40:14 +08:00
|
|
|
relayedUpdate := false
|
2022-12-21 04:29:09 +08:00
|
|
|
if node.IsRelayed && (node.Address.String() != newNode.Address.String() || node.Address6.String() != newNode.Address6.String()) {
|
2022-06-13 23:40:14 +08:00
|
|
|
relayedUpdate = true
|
|
|
|
}
|
2022-01-06 02:13:03 +08:00
|
|
|
|
|
|
|
if !servercfg.GetRce() {
|
|
|
|
newNode.PostDown = node.PostDown
|
|
|
|
newNode.PostUp = node.PostUp
|
|
|
|
}
|
2022-02-15 00:01:33 +08:00
|
|
|
ifaceDelta := logic.IfaceDelta(&node, &newNode)
|
|
|
|
|
2022-09-29 04:17:49 +08:00
|
|
|
if ifaceDelta && servercfg.Is_EE {
|
2022-12-21 04:29:09 +08:00
|
|
|
if err = logic.EnterpriseResetAllPeersFailovers(node.ID.String(), node.Network); err != nil {
|
|
|
|
logger.Log(0, "failed to reset failover lists during node update for node", node.ID.String(), node.Network)
|
2022-09-29 04:17:49 +08:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2021-10-27 00:27:29 +08:00
|
|
|
err = logic.UpdateNode(&node, &newNode)
|
2021-07-25 04:13:24 +08:00
|
|
|
if err != nil {
|
2022-07-12 17:38:15 +08:00
|
|
|
logger.Log(0, r.Header.Get("user"),
|
|
|
|
fmt.Sprintf("failed to update node info [ %s ] info: %v", nodeid, err))
|
2022-09-15 01:26:31 +08:00
|
|
|
logic.ReturnErrorResponse(w, r, logic.FormatError(err, "internal"))
|
2021-07-25 04:13:24 +08:00
|
|
|
return
|
|
|
|
}
|
2021-09-17 08:00:40 +08:00
|
|
|
if relayupdate {
|
2022-02-08 00:30:15 +08:00
|
|
|
updatenodes := logic.UpdateRelay(node.Network, node.RelayAddrs, newNode.RelayAddrs)
|
|
|
|
if len(updatenodes) > 0 {
|
|
|
|
for _, relayedNode := range updatenodes {
|
2022-02-17 09:42:57 +08:00
|
|
|
runUpdates(&relayedNode, false)
|
2022-02-08 00:30:15 +08:00
|
|
|
}
|
|
|
|
}
|
2021-09-17 08:00:40 +08:00
|
|
|
}
|
2022-06-13 23:40:14 +08:00
|
|
|
if relayedUpdate {
|
|
|
|
updateRelay(&node, &newNode)
|
|
|
|
}
|
2022-01-11 06:52:21 +08:00
|
|
|
if servercfg.IsDNSMode() {
|
2022-02-06 04:16:11 +08:00
|
|
|
logic.SetDNS()
|
2021-07-25 04:13:24 +08:00
|
|
|
}
|
2022-12-21 04:29:09 +08:00
|
|
|
logger.Log(1, r.Header.Get("user"), "updated node", node.ID.String(), "on network", node.Network)
|
2021-04-13 11:19:01 +08:00
|
|
|
w.WriteHeader(http.StatusOK)
|
2021-07-25 04:13:24 +08:00
|
|
|
json.NewEncoder(w).Encode(newNode)
|
2022-02-01 03:01:09 +08:00
|
|
|
|
2022-02-17 09:42:57 +08:00
|
|
|
runUpdates(&newNode, ifaceDelta)
|
2021-03-26 00:17:52 +08:00
|
|
|
}
|
|
|
|
|
2022-09-06 20:20:24 +08:00
|
|
|
// swagger:route DELETE /api/nodes/{network}/{nodeid} nodes deleteNode
|
|
|
|
//
|
|
|
|
// Delete an individual node.
|
|
|
|
//
|
2022-11-02 23:22:40 +08:00
|
|
|
// Schemes: https
|
2022-09-06 20:20:24 +08:00
|
|
|
//
|
2022-11-02 23:22:40 +08:00
|
|
|
// Security:
|
|
|
|
// oauth
|
2022-09-11 12:51:59 +08:00
|
|
|
//
|
2022-11-02 23:22:40 +08:00
|
|
|
// Responses:
|
|
|
|
// 200: nodeResponse
|
2021-03-26 00:17:52 +08:00
|
|
|
func deleteNode(w http.ResponseWriter, r *http.Request) {
|
|
|
|
// Set header
|
|
|
|
w.Header().Set("Content-Type", "application/json")
|
|
|
|
|
|
|
|
// get params
|
|
|
|
var params = mux.Vars(r)
|
2022-01-11 06:52:21 +08:00
|
|
|
var nodeid = params["nodeid"]
|
2022-10-05 01:42:03 +08:00
|
|
|
fromNode := r.Header.Get("requestfrom") == "node"
|
2022-11-15 22:52:17 +08:00
|
|
|
node, err := logic.GetNodeByID(nodeid)
|
2021-12-08 04:51:57 +08:00
|
|
|
if err != nil {
|
2022-11-15 22:52:17 +08:00
|
|
|
logger.Log(0, "error retrieving node to delete", err.Error())
|
|
|
|
logic.ReturnErrorResponse(w, r, logic.FormatError(err, "badrequest"))
|
|
|
|
return
|
2021-12-08 04:51:57 +08:00
|
|
|
}
|
2022-12-22 19:42:33 +08:00
|
|
|
host, err := logic.GetHost(node.HostID.String())
|
|
|
|
if err != nil {
|
|
|
|
logger.Log(0, "error retrieving host for node", node.ID.String(), err.Error())
|
|
|
|
logic.ReturnErrorResponse(w, r, logic.FormatError(err, "badrequest"))
|
|
|
|
return
|
|
|
|
}
|
2022-09-14 03:25:56 +08:00
|
|
|
if r.Header.Get("ismaster") != "yes" {
|
|
|
|
username := r.Header.Get("user")
|
|
|
|
if username != "" && !doesUserOwnNode(username, params["network"], nodeid) {
|
2022-09-15 01:26:31 +08:00
|
|
|
logic.ReturnErrorResponse(w, r, logic.FormatError(fmt.Errorf("user not permitted"), "badrequest"))
|
2022-09-14 03:25:56 +08:00
|
|
|
return
|
|
|
|
}
|
|
|
|
}
|
2022-11-15 22:52:17 +08:00
|
|
|
if err := logic.DeleteNode(&node, fromNode); err != nil {
|
|
|
|
logic.ReturnErrorResponse(w, r, logic.FormatError(fmt.Errorf("failed to delete node"), "internal"))
|
2022-01-18 22:06:43 +08:00
|
|
|
return
|
|
|
|
}
|
2022-12-22 19:42:33 +08:00
|
|
|
if host.ProxyEnabled {
|
2022-12-06 21:57:38 +08:00
|
|
|
mq.ProxyUpdate(&manager.ProxyManagerPayload{
|
|
|
|
Action: manager.DeleteNetwork,
|
|
|
|
Network: node.Network,
|
|
|
|
}, &node)
|
|
|
|
}
|
2022-10-05 01:42:03 +08:00
|
|
|
if fromNode {
|
2022-11-15 22:52:17 +08:00
|
|
|
//check if server should be removed from mq
|
|
|
|
found := false
|
|
|
|
// err is irrelevent
|
|
|
|
nodes, _ := logic.GetAllNodes()
|
|
|
|
for _, nodetocheck := range nodes {
|
|
|
|
if nodetocheck.HostID == node.HostID {
|
|
|
|
found = true
|
|
|
|
break
|
|
|
|
}
|
2022-10-05 01:42:03 +08:00
|
|
|
}
|
2022-11-15 22:52:17 +08:00
|
|
|
if !found {
|
|
|
|
// deletes node related role and client
|
|
|
|
event := mq.MqDynsecPayload{
|
|
|
|
Commands: []mq.MqDynSecCmd{
|
|
|
|
{
|
|
|
|
Command: mq.DeleteClientCmd,
|
2022-12-21 04:29:09 +08:00
|
|
|
Username: node.HostID.String(),
|
2022-11-15 22:52:17 +08:00
|
|
|
},
|
|
|
|
},
|
|
|
|
}
|
|
|
|
if err := mq.PublishEventToDynSecTopic(event); err != nil {
|
|
|
|
logger.Log(0, fmt.Sprintf("failed to send DynSec command [%v]: %v",
|
|
|
|
event.Commands, err.Error()))
|
|
|
|
}
|
2022-09-30 02:49:44 +08:00
|
|
|
}
|
|
|
|
}
|
2022-09-15 01:26:31 +08:00
|
|
|
logic.ReturnSuccessResponse(w, r, nodeid+" deleted.")
|
2022-01-11 06:52:21 +08:00
|
|
|
logger.Log(1, r.Header.Get("user"), "Deleted node", nodeid, "from network", params["network"])
|
2022-02-17 05:23:18 +08:00
|
|
|
runUpdates(&node, false)
|
2022-02-01 03:01:09 +08:00
|
|
|
}
|
|
|
|
|
2022-12-21 04:29:09 +08:00
|
|
|
func runUpdates(node *models.Node, ifaceDelta bool) {
|
2022-02-17 09:42:57 +08:00
|
|
|
go func() { // don't block http response
|
2022-02-17 10:10:02 +08:00
|
|
|
// publish node update if not server
|
|
|
|
if err := mq.NodeUpdate(node); err != nil {
|
2022-12-21 04:29:09 +08:00
|
|
|
logger.Log(1, "error publishing node update to node", node.ID.String(), err.Error())
|
2022-04-22 03:04:44 +08:00
|
|
|
}
|
|
|
|
}()
|
|
|
|
}
|
|
|
|
|
2022-12-21 04:29:09 +08:00
|
|
|
func updateRelay(oldnode, newnode *models.Node) {
|
2022-06-13 23:40:14 +08:00
|
|
|
relay := logic.FindRelay(oldnode)
|
|
|
|
newrelay := relay
|
2022-06-14 04:06:00 +08:00
|
|
|
//check if node's address has been updated and if so, update the relayAddrs of the relay node with the updated address of the relayed node
|
2022-12-21 04:29:09 +08:00
|
|
|
if oldnode.Address.String() != newnode.Address.String() {
|
2022-06-13 23:40:14 +08:00
|
|
|
for i, ip := range newrelay.RelayAddrs {
|
2022-12-21 04:29:09 +08:00
|
|
|
if ip == oldnode.Address.IP.String() {
|
2022-06-13 23:40:14 +08:00
|
|
|
newrelay.RelayAddrs = append(newrelay.RelayAddrs[:i], relay.RelayAddrs[i+1:]...)
|
2022-12-21 04:29:09 +08:00
|
|
|
newrelay.RelayAddrs = append(newrelay.RelayAddrs, newnode.Address.IP.String())
|
2022-06-13 23:40:14 +08:00
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
2022-06-14 04:06:00 +08:00
|
|
|
//check if node's address(v6) has been updated and if so, update the relayAddrs of the relay node with the updated address(v6) of the relayed node
|
2022-12-21 04:29:09 +08:00
|
|
|
if oldnode.Address6.String() != newnode.Address6.String() {
|
2022-06-13 23:40:14 +08:00
|
|
|
for i, ip := range newrelay.RelayAddrs {
|
2022-12-21 04:29:09 +08:00
|
|
|
if ip == oldnode.Address.IP.String() {
|
2022-06-13 23:40:14 +08:00
|
|
|
newrelay.RelayAddrs = append(newrelay.RelayAddrs[:i], newrelay.RelayAddrs[i+1:]...)
|
2022-12-21 04:29:09 +08:00
|
|
|
newrelay.RelayAddrs = append(newrelay.RelayAddrs, newnode.Address6.IP.String())
|
2022-06-13 23:40:14 +08:00
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
logic.UpdateNode(relay, newrelay)
|
|
|
|
}
|
2022-09-14 03:25:56 +08:00
|
|
|
|
|
|
|
func doesUserOwnNode(username, network, nodeID string) bool {
|
|
|
|
u, err := logic.GetUser(username)
|
|
|
|
if err != nil {
|
|
|
|
return false
|
|
|
|
}
|
|
|
|
if u.IsAdmin {
|
|
|
|
return true
|
|
|
|
}
|
|
|
|
|
|
|
|
netUser, err := pro.GetNetworkUser(network, promodels.NetworkUserID(u.UserName))
|
|
|
|
if err != nil {
|
|
|
|
return false
|
|
|
|
}
|
|
|
|
|
|
|
|
if netUser.AccessLevel == pro.NET_ADMIN {
|
|
|
|
return true
|
|
|
|
}
|
|
|
|
|
|
|
|
return logic.StringSliceContains(netUser.Nodes, nodeID)
|
|
|
|
}
|