netmaker/controllers/user.go

585 lines
19 KiB
Go
Raw Normal View History

2021-03-26 00:17:52 +08:00
package controller
import (
2021-04-18 02:03:01 +08:00
"encoding/json"
"errors"
"fmt"
2021-04-18 02:03:01 +08:00
"net/http"
"github.com/gorilla/mux"
2022-09-14 03:25:56 +08:00
"github.com/gorilla/websocket"
2021-10-22 03:28:58 +08:00
"github.com/gravitl/netmaker/auth"
2021-12-07 04:31:08 +08:00
"github.com/gravitl/netmaker/logger"
2021-10-22 03:28:58 +08:00
"github.com/gravitl/netmaker/logic"
2021-04-18 02:03:01 +08:00
"github.com/gravitl/netmaker/models"
"github.com/gravitl/netmaker/mq"
2022-09-14 03:25:56 +08:00
"github.com/gravitl/netmaker/servercfg"
"golang.org/x/exp/slog"
2022-09-14 03:25:56 +08:00
)
var (
upgrader = websocket.Upgrader{}
2021-03-26 00:17:52 +08:00
)
func userHandlers(r *mux.Router) {
r.HandleFunc("/api/users/adm/hassuperadmin", hasSuperAdmin).Methods(http.MethodGet)
r.HandleFunc("/api/users/adm/createsuperadmin", createSuperAdmin).Methods(http.MethodPost)
r.HandleFunc("/api/users/adm/transfersuperadmin/{username}", logic.SecurityCheck(true, http.HandlerFunc(transferSuperAdmin))).Methods(http.MethodPost)
r.HandleFunc("/api/users/adm/authenticate", authenticateUser).Methods(http.MethodPost)
r.HandleFunc("/api/users/{username}", logic.SecurityCheck(true, http.HandlerFunc(updateUser))).Methods(http.MethodPut)
r.HandleFunc("/api/users/{username}", logic.SecurityCheck(true, checkFreeTierLimits(limitChoiceUsers, http.HandlerFunc(createUser)))).Methods(http.MethodPost)
r.HandleFunc("/api/users/{username}", logic.SecurityCheck(true, http.HandlerFunc(deleteUser))).Methods(http.MethodDelete)
r.HandleFunc("/api/users/{username}", logic.SecurityCheck(false, logic.ContinueIfUserMatch(http.HandlerFunc(getUser)))).Methods(http.MethodGet)
r.HandleFunc("/api/users", logic.SecurityCheck(true, http.HandlerFunc(getUsers))).Methods(http.MethodGet)
r.HandleFunc("/api/oauth/login", auth.HandleAuthLogin).Methods(http.MethodGet)
r.HandleFunc("/api/oauth/callback", auth.HandleAuthCallback).Methods(http.MethodGet)
2023-01-02 15:48:40 +08:00
r.HandleFunc("/api/oauth/headless", auth.HandleHeadlessSSO)
2023-04-13 23:36:13 +08:00
r.HandleFunc("/api/oauth/register/{regKey}", auth.RegisterHostSSO).Methods(http.MethodGet)
2021-03-26 00:17:52 +08:00
}
// swagger:route POST /api/users/adm/authenticate authenticate authenticateUser
2022-09-06 20:20:24 +08:00
//
// User authenticates using its password and retrieves a JWT for authorization.
2022-09-06 20:20:24 +08:00
//
2023-01-02 15:48:40 +08:00
// Schemes: https
2022-09-06 20:20:24 +08:00
//
2023-01-02 15:48:40 +08:00
// Security:
// oauth
2022-09-06 20:20:24 +08:00
//
2023-01-02 15:48:40 +08:00
// Responses:
// 200: successResponse
2021-03-26 00:17:52 +08:00
func authenticateUser(response http.ResponseWriter, request *http.Request) {
// Auth request consists of Mac Address and Password (from node that is authorizing
// in case of Master, auth is ignored and mac is set to "mastermac"
2021-04-18 02:03:01 +08:00
var authRequest models.UserAuthParams
var errorResponse = models.ErrorResponse{
Code: http.StatusInternalServerError, Message: "W1R3: It's not you it's me.",
}
2022-09-14 03:25:56 +08:00
if !servercfg.IsBasicAuthEnabled() {
2022-09-15 01:26:31 +08:00
logic.ReturnErrorResponse(response, request, logic.FormatError(fmt.Errorf("basic auth is disabled"), "badrequest"))
2022-09-14 03:25:56 +08:00
return
}
2021-04-18 02:03:01 +08:00
decoder := json.NewDecoder(request.Body)
decoderErr := decoder.Decode(&authRequest)
defer request.Body.Close()
if decoderErr != nil {
logger.Log(0, "error decoding request body: ",
decoderErr.Error())
2022-09-15 01:26:31 +08:00
logic.ReturnErrorResponse(response, request, errorResponse)
return
2021-04-30 06:14:13 +08:00
}
if val := request.Header.Get("From-Ui"); val == "true" {
// request came from UI, if normal user block Login
user, err := logic.GetUser(authRequest.UserName)
if err != nil {
logger.Log(0, authRequest.UserName, "user validation failed: ",
err.Error())
logic.ReturnErrorResponse(response, request, logic.FormatError(err, "unauthorized"))
return
}
if !(user.IsAdmin || user.IsSuperAdmin) {
logic.ReturnErrorResponse(response, request, logic.FormatError(errors.New("only admins can access dashboard"), "unauthorized"))
return
}
}
username := authRequest.UserName
2021-10-22 08:32:23 +08:00
jwt, err := logic.VerifyAuthRequest(authRequest)
2021-04-30 06:14:13 +08:00
if err != nil {
logger.Log(0, username, "user validation failed: ",
err.Error())
2022-09-15 01:26:31 +08:00
logic.ReturnErrorResponse(response, request, logic.FormatError(err, "badrequest"))
2021-04-30 23:30:19 +08:00
return
2021-04-30 06:14:13 +08:00
}
if jwt == "" {
// very unlikely that err is !nil and no jwt returned, but handle it anyways.
logger.Log(0, username, "jwt token is empty")
2022-09-15 01:26:31 +08:00
logic.ReturnErrorResponse(response, request, logic.FormatError(errors.New("no token returned"), "internal"))
2021-04-30 06:14:13 +08:00
return
}
var successResponse = models.SuccessResponse{
Code: http.StatusOK,
2021-07-19 23:30:27 +08:00
Message: "W1R3: Device " + username + " Authorized",
2021-04-30 06:14:13 +08:00
Response: models.SuccessfulUserLoginResponse{
AuthToken: jwt,
2021-07-19 23:30:27 +08:00
UserName: username,
2021-04-30 06:14:13 +08:00
},
}
// Send back the JWT
2021-04-30 06:14:13 +08:00
successJSONResponse, jsonError := json.Marshal(successResponse)
if jsonError != nil {
logger.Log(0, username,
"error marshalling resp: ", err.Error())
2022-09-15 01:26:31 +08:00
logic.ReturnErrorResponse(response, request, errorResponse)
2021-04-30 06:14:13 +08:00
return
2021-03-26 00:17:52 +08:00
}
2021-12-07 04:31:08 +08:00
logger.Log(2, username, "was authenticated")
2021-04-30 06:14:13 +08:00
response.Header().Set("Content-Type", "application/json")
response.Write(successJSONResponse)
go func() {
if servercfg.IsPro && servercfg.GetRacAutoDisable() {
// enable all associeated clients for the user
clients, err := logic.GetAllExtClients()
if err != nil {
slog.Error("error getting clients: ", "error", err)
return
}
for _, client := range clients {
if client.OwnerID == username && !client.Enabled {
slog.Info(fmt.Sprintf("enabling ext client %s for user %s due to RAC autodisabling feature", client.ClientID, client.OwnerID))
if newClient, err := logic.ToggleExtClientConnectivity(&client, true); err != nil {
slog.Error("error enabling ext client in RAC autodisable hook", "error", err)
continue // dont return but try for other clients
} else {
// publish peer update to ingress gateway
if ingressNode, err := logic.GetNodeByID(newClient.IngressGatewayID); err == nil {
if err = mq.PublishPeerUpdate(); err != nil {
slog.Error("error updating ext clients on", "ingress", ingressNode.ID.String(), "err", err.Error())
}
}
}
}
}
}
}()
2021-04-30 06:14:13 +08:00
}
// swagger:route GET /api/users/adm/hassuperadmin user hasSuperAdmin
2022-09-06 20:20:24 +08:00
//
// Checks whether the server has an admin.
//
2023-01-02 15:48:40 +08:00
// Schemes: https
2022-09-06 20:20:24 +08:00
//
2023-01-02 15:48:40 +08:00
// Security:
// oauth
2022-09-11 12:51:59 +08:00
//
2023-01-02 15:48:40 +08:00
// Responses:
// 200: hasAdmin
func hasSuperAdmin(w http.ResponseWriter, r *http.Request) {
2021-03-26 00:17:52 +08:00
w.Header().Set("Content-Type", "application/json")
hasSuperAdmin, err := logic.HasSuperAdmin()
2021-08-10 01:30:40 +08:00
if err != nil {
logger.Log(0, "failed to check for admin: ", err.Error())
2022-09-15 01:26:31 +08:00
logic.ReturnErrorResponse(w, r, logic.FormatError(err, "internal"))
2021-08-10 01:30:40 +08:00
return
2021-09-06 22:36:14 +08:00
}
2021-03-26 00:17:52 +08:00
json.NewEncoder(w).Encode(hasSuperAdmin)
2021-03-26 00:17:52 +08:00
}
// swagger:route GET /api/users/{username} user getUser
2022-09-06 20:20:24 +08:00
//
// Get an individual user.
//
2023-01-02 15:48:40 +08:00
// Schemes: https
2022-09-06 20:20:24 +08:00
//
2023-01-02 15:48:40 +08:00
// Security:
// oauth
2022-09-11 12:51:59 +08:00
//
2023-01-02 15:48:40 +08:00
// Responses:
// 200: userBodyResponse
2021-03-26 00:17:52 +08:00
func getUser(w http.ResponseWriter, r *http.Request) {
// set header.
w.Header().Set("Content-Type", "application/json")
2021-04-18 02:03:01 +08:00
var params = mux.Vars(r)
2021-07-19 23:30:27 +08:00
usernameFetched := params["username"]
user, err := logic.GetReturnUser(usernameFetched)
2021-03-26 00:17:52 +08:00
if err != nil {
logger.Log(0, usernameFetched, "failed to fetch user: ", err.Error())
2022-09-15 01:26:31 +08:00
logic.ReturnErrorResponse(w, r, logic.FormatError(err, "internal"))
2021-03-26 00:17:52 +08:00
return
}
2021-12-07 04:31:08 +08:00
logger.Log(2, r.Header.Get("user"), "fetched user", usernameFetched)
2021-03-26 00:17:52 +08:00
json.NewEncoder(w).Encode(user)
}
// swagger:route GET /api/users user getUsers
2022-09-06 20:20:24 +08:00
//
2022-09-11 12:51:59 +08:00
// Get all users.
2022-09-06 20:20:24 +08:00
//
2023-01-02 15:48:40 +08:00
// Schemes: https
2022-09-06 20:20:24 +08:00
//
2023-01-02 15:48:40 +08:00
// Security:
// oauth
2022-09-11 12:51:59 +08:00
//
2023-01-02 15:48:40 +08:00
// Responses:
// 200: userBodyResponse
2021-07-02 12:03:46 +08:00
func getUsers(w http.ResponseWriter, r *http.Request) {
// set header.
w.Header().Set("Content-Type", "application/json")
2021-07-02 12:03:46 +08:00
2021-10-22 03:28:58 +08:00
users, err := logic.GetUsers()
2021-07-02 12:03:46 +08:00
if err != nil {
logger.Log(0, "failed to fetch users: ", err.Error())
2022-09-15 01:26:31 +08:00
logic.ReturnErrorResponse(w, r, logic.FormatError(err, "internal"))
return
}
2021-07-02 12:03:46 +08:00
2023-04-04 02:36:38 +08:00
logic.SortUsers(users[:])
2021-12-07 04:31:08 +08:00
logger.Log(2, r.Header.Get("user"), "fetched users")
json.NewEncoder(w).Encode(users)
2021-07-02 12:03:46 +08:00
}
// swagger:route POST /api/users/adm/createsuperadmin user createAdmin
2022-09-06 20:20:24 +08:00
//
// Make a user an admin.
//
2023-01-02 15:48:40 +08:00
// Schemes: https
2022-09-06 20:20:24 +08:00
//
2023-01-02 15:48:40 +08:00
// Security:
// oauth
2022-09-11 12:51:59 +08:00
//
2023-01-02 15:48:40 +08:00
// Responses:
// 200: userBodyResponse
func createSuperAdmin(w http.ResponseWriter, r *http.Request) {
2021-03-26 00:17:52 +08:00
w.Header().Set("Content-Type", "application/json")
var u models.User
2021-10-15 04:36:14 +08:00
err := json.NewDecoder(r.Body).Decode(&u)
if err != nil {
slog.Error("error decoding request body", "error", err.Error())
2022-09-15 01:26:31 +08:00
logic.ReturnErrorResponse(w, r, logic.FormatError(err, "badrequest"))
return
}
2021-04-30 23:30:19 +08:00
2022-09-14 03:25:56 +08:00
if !servercfg.IsBasicAuthEnabled() {
2022-09-15 01:26:31 +08:00
logic.ReturnErrorResponse(w, r, logic.FormatError(fmt.Errorf("basic auth is disabled"), "badrequest"))
2022-09-14 03:25:56 +08:00
return
}
err = logic.CreateSuperAdmin(&u)
2021-04-18 02:03:01 +08:00
if err != nil {
slog.Error("failed to create admin", "error", err.Error())
2022-09-15 01:26:31 +08:00
logic.ReturnErrorResponse(w, r, logic.FormatError(err, "badrequest"))
2021-04-18 02:03:01 +08:00
return
}
logger.Log(1, u.UserName, "was made a super admin")
json.NewEncoder(w).Encode(logic.ToReturnUser(u))
2021-03-26 00:17:52 +08:00
}
// swagger:route POST /api/users/adm/transfersuperadmin user transferSuperAdmin
2022-09-06 20:20:24 +08:00
//
// Transfers superadmin role to an admin user.
2022-09-06 20:20:24 +08:00
//
2023-01-02 15:48:40 +08:00
// Schemes: https
2022-09-06 20:20:24 +08:00
//
2023-01-02 15:48:40 +08:00
// Security:
// oauth
2022-09-11 12:51:59 +08:00
//
2023-01-02 15:48:40 +08:00
// Responses:
// 200: userBodyResponse
func transferSuperAdmin(w http.ResponseWriter, r *http.Request) {
w.Header().Set("Content-Type", "application/json")
caller, err := logic.GetUser(r.Header.Get("user"))
if err != nil {
logic.ReturnErrorResponse(w, r, logic.FormatError(err, "internal"))
}
if !caller.IsSuperAdmin {
logic.ReturnErrorResponse(w, r, logic.FormatError(errors.New("only superadmin can assign the superadmin role to another user"), "forbidden"))
return
}
var params = mux.Vars(r)
username := params["username"]
u, err := logic.GetUser(username)
if err != nil {
slog.Error("error getting user", "user", u.UserName, "error", err.Error())
2022-09-15 01:26:31 +08:00
logic.ReturnErrorResponse(w, r, logic.FormatError(err, "badrequest"))
return
}
if !u.IsAdmin {
logic.ReturnErrorResponse(w, r, logic.FormatError(errors.New("only admins can be promoted to superadmin role"), "forbidden"))
return
}
if !servercfg.IsBasicAuthEnabled() {
logic.ReturnErrorResponse(w, r, logic.FormatError(fmt.Errorf("basic auth is disabled"), "badrequest"))
return
}
2022-09-14 03:25:56 +08:00
u.IsSuperAdmin = true
u.IsAdmin = false
err = logic.UpsertUser(*u)
if err != nil {
slog.Error("error updating user to superadmin: ", "user", u.UserName, "error", err.Error())
logic.ReturnErrorResponse(w, r, logic.FormatError(err, "internal"))
return
}
caller.IsSuperAdmin = false
caller.IsAdmin = true
err = logic.UpsertUser(*caller)
if err != nil {
slog.Error("error demoting user to admin: ", "user", caller.UserName, "error", err.Error())
logic.ReturnErrorResponse(w, r, logic.FormatError(err, "internal"))
return
}
slog.Info("user was made a super admin", "user", u.UserName)
json.NewEncoder(w).Encode(logic.ToReturnUser(*u))
2021-07-02 12:03:46 +08:00
}
// swagger:route POST /api/users/{username} user createUser
2022-09-06 20:20:24 +08:00
//
// Create a user.
2022-09-06 20:20:24 +08:00
//
2023-01-02 15:48:40 +08:00
// Schemes: https
2022-09-06 20:20:24 +08:00
//
2023-01-02 15:48:40 +08:00
// Security:
// oauth
2022-09-11 12:51:59 +08:00
//
2023-01-02 15:48:40 +08:00
// Responses:
// 200: userBodyResponse
func createUser(w http.ResponseWriter, r *http.Request) {
w.Header().Set("Content-Type", "application/json")
caller, err := logic.GetUser(r.Header.Get("user"))
if err != nil {
2022-09-15 01:26:31 +08:00
logic.ReturnErrorResponse(w, r, logic.FormatError(err, "internal"))
}
var user models.User
err = json.NewDecoder(r.Body).Decode(&user)
if err != nil {
logger.Log(0, user.UserName, "error decoding request body: ",
err.Error())
2022-09-15 01:26:31 +08:00
logic.ReturnErrorResponse(w, r, logic.FormatError(err, "badrequest"))
return
}
if !caller.IsSuperAdmin && user.IsAdmin {
err = errors.New("only superadmin can create admin users")
slog.Error("error creating new user: ", "user", user.UserName, "error", err)
logic.ReturnErrorResponse(w, r, logic.FormatError(err, "forbidden"))
return
}
if user.IsSuperAdmin {
err = errors.New("additional superadmins cannot be created")
slog.Error("error creating new user: ", "user", user.UserName, "error", err)
logic.ReturnErrorResponse(w, r, logic.FormatError(err, "forbidden"))
return
}
if !servercfg.IsPro && !user.IsAdmin {
logic.ReturnErrorResponse(w, r, logic.FormatError(err, "forbidden"))
return
}
err = logic.CreateUser(&user)
if err != nil {
slog.Error("error creating new user: ", "user", user.UserName, "error", err.Error())
logic.ReturnErrorResponse(w, r, logic.FormatError(err, "badrequest"))
return
}
slog.Info("user was created", "username", user.UserName)
json.NewEncoder(w).Encode(logic.ToReturnUser(user))
}
// swagger:route PUT /api/users/{username} user updateUser
2022-09-06 20:20:24 +08:00
//
// Update a user.
//
2023-01-02 15:48:40 +08:00
// Schemes: https
2022-09-06 20:20:24 +08:00
//
2023-01-02 15:48:40 +08:00
// Security:
// oauth
2022-09-11 12:51:59 +08:00
//
2023-01-02 15:48:40 +08:00
// Responses:
// 200: userBodyResponse
2021-03-26 00:17:52 +08:00
func updateUser(w http.ResponseWriter, r *http.Request) {
w.Header().Set("Content-Type", "application/json")
var params = mux.Vars(r)
// start here
var caller *models.User
var err error
var ismaster bool
if r.Header.Get("user") == logic.MasterUser {
ismaster = true
} else {
caller, err = logic.GetUser(r.Header.Get("user"))
if err != nil {
logic.ReturnErrorResponse(w, r, logic.FormatError(err, "internal"))
}
2023-03-31 03:10:17 +08:00
}
2021-07-19 23:30:27 +08:00
username := params["username"]
user, err := logic.GetUser(username)
2021-04-18 02:03:01 +08:00
if err != nil {
logger.Log(0, username,
"failed to update user info: ", err.Error())
2022-09-15 01:26:31 +08:00
logic.ReturnErrorResponse(w, r, logic.FormatError(err, "internal"))
2021-04-18 02:03:01 +08:00
return
}
var userchange models.User
// we decode our body request params
err = json.NewDecoder(r.Body).Decode(&userchange)
2021-03-26 00:17:52 +08:00
if err != nil {
slog.Error("failed to decode body", "error ", err.Error())
2022-09-15 01:26:31 +08:00
logic.ReturnErrorResponse(w, r, logic.FormatError(err, "badrequest"))
2021-04-18 02:03:01 +08:00
return
}
if user.UserName != userchange.UserName {
logic.ReturnErrorResponse(w, r, logic.FormatError(errors.New("user in param and request body not matching"), "badrequest"))
2023-03-31 03:10:17 +08:00
return
}
selfUpdate := false
if !ismaster && caller.UserName == user.UserName {
selfUpdate = true
2021-03-26 00:17:52 +08:00
}
if !ismaster && !selfUpdate {
if caller.IsAdmin && user.IsSuperAdmin {
slog.Error("non-superadmin user", "caller", caller.UserName, "attempted to update superadmin user", username)
logic.ReturnErrorResponse(w, r, logic.FormatError(errors.New("cannot update superadmin user"), "forbidden"))
return
}
if !caller.IsAdmin && !caller.IsSuperAdmin {
slog.Error("operation not allowed", "caller", caller.UserName, "attempted to update user", username)
logic.ReturnErrorResponse(w, r, logic.FormatError(errors.New("cannot update superadmin user"), "forbidden"))
return
}
if caller.IsAdmin && user.IsAdmin {
slog.Error("admin user cannot update another admin", "caller", caller.UserName, "attempted to update admin user", username)
logic.ReturnErrorResponse(w, r, logic.FormatError(errors.New("admin user cannot update another admin"), "forbidden"))
return
}
if caller.IsAdmin && userchange.IsAdmin {
err = errors.New("admin user cannot update role of an another user to admin")
slog.Error("failed to update user", "caller", caller.UserName, "attempted to update user", username, "error", err)
logic.ReturnErrorResponse(w, r, logic.FormatError(err, "forbidden"))
return
}
}
if !ismaster && selfUpdate {
if user.IsAdmin != userchange.IsAdmin || user.IsSuperAdmin != userchange.IsSuperAdmin {
slog.Error("user cannot change his own role", "caller", caller.UserName, "attempted to update user role", username)
logic.ReturnErrorResponse(w, r, logic.FormatError(errors.New("user not allowed to self assign role"), "forbidden"))
return
}
}
if ismaster {
if !user.IsSuperAdmin && userchange.IsSuperAdmin {
slog.Error("operation not allowed", "caller", logic.MasterUser, "attempted to update user role to superadmin", username)
logic.ReturnErrorResponse(w, r, logic.FormatError(errors.New("attempted to update user role to superadmin"), "forbidden"))
return
}
}
if auth.IsOauthUser(user) == nil && userchange.Password != "" {
err := fmt.Errorf("cannot update user's password for an oauth user %s", username)
2022-09-15 01:26:31 +08:00
logic.ReturnErrorResponse(w, r, logic.FormatError(err, "forbidden"))
return
}
user, err = logic.UpdateUser(&userchange, user)
if err != nil {
logger.Log(0, username,
"failed to update user info: ", err.Error())
2022-09-15 01:26:31 +08:00
logic.ReturnErrorResponse(w, r, logic.FormatError(err, "badrequest"))
return
}
logger.Log(1, username, "was updated")
json.NewEncoder(w).Encode(logic.ToReturnUser(*user))
2021-07-02 12:03:46 +08:00
}
// swagger:route DELETE /api/users/{username} user deleteUser
2022-09-06 20:20:24 +08:00
//
// Delete a user.
//
2023-01-02 15:48:40 +08:00
// Schemes: https
2022-09-06 20:20:24 +08:00
//
2023-01-02 15:48:40 +08:00
// Security:
// oauth
2022-09-11 12:51:59 +08:00
//
2023-01-02 15:48:40 +08:00
// Responses:
// 200: userBodyResponse
2021-03-26 00:17:52 +08:00
func deleteUser(w http.ResponseWriter, r *http.Request) {
// Set header
w.Header().Set("Content-Type", "application/json")
// get params
var params = mux.Vars(r)
caller, err := logic.GetUser(r.Header.Get("user"))
if err != nil {
logic.ReturnErrorResponse(w, r, logic.FormatError(err, "internal"))
}
2021-07-19 23:30:27 +08:00
username := params["username"]
user, err := logic.GetUser(username)
if err != nil {
logger.Log(0, username,
"failed to update user info: ", err.Error())
logic.ReturnErrorResponse(w, r, logic.FormatError(err, "internal"))
return
}
if user.IsSuperAdmin {
slog.Error(
"failed to delete user: ", "user", username, "error", "superadmin cannot be deleted")
logic.ReturnErrorResponse(w, r, logic.FormatError(fmt.Errorf("superadmin cannot be deleted"), "internal"))
return
}
if !caller.IsSuperAdmin {
if caller.IsAdmin && user.IsAdmin {
slog.Error(
"failed to delete user: ", "user", username, "error", "admin cannot delete another admin user, including oneself")
logic.ReturnErrorResponse(w, r, logic.FormatError(fmt.Errorf("admin cannot delete another admin user, including oneself"), "internal"))
return
}
}
success, err := logic.DeleteUser(username)
2021-04-15 10:59:25 +08:00
if err != nil {
logger.Log(0, username,
"failed to delete user: ", err.Error())
2022-09-15 01:26:31 +08:00
logic.ReturnErrorResponse(w, r, logic.FormatError(err, "internal"))
2021-03-26 00:17:52 +08:00
return
2021-04-15 10:59:25 +08:00
} else if !success {
err := errors.New("delete unsuccessful")
logger.Log(0, username, err.Error())
2022-09-15 01:26:31 +08:00
logic.ReturnErrorResponse(w, r, logic.FormatError(err, "badrequest"))
2021-04-18 02:03:01 +08:00
return
}
// check and delete extclient with this ownerID
go func() {
extclients, err := logic.GetAllExtClients()
if err != nil {
slog.Error("failed to get extclients", "error", err)
return
}
for _, extclient := range extclients {
if extclient.OwnerID == user.UserName {
err = logic.DeleteExtClient(extclient.Network, extclient.ClientID)
if err != nil {
slog.Error("failed to delete extclient",
"id", extclient.ClientID, "owner", user.UserName, "error", err)
}
}
}
if servercfg.IsDNSMode() {
logic.SetDNS()
}
}()
2021-12-07 04:31:08 +08:00
logger.Log(1, username, "was deleted")
2021-03-26 00:17:52 +08:00
json.NewEncoder(w).Encode(params["username"] + " deleted.")
}
2022-09-14 03:25:56 +08:00
// Called when vpn client dials in to start the auth flow and first stage is to get register URL itself
func socketHandler(w http.ResponseWriter, r *http.Request) {
// Upgrade our raw HTTP connection to a websocket based one
conn, err := upgrader.Upgrade(w, r, nil)
if err != nil {
2022-09-15 22:23:19 +08:00
logger.Log(0, "error during connection upgrade for node sign-in:", err.Error())
return
}
if conn == nil {
logger.Log(0, "failed to establish web-socket connection during node sign-in")
2022-09-14 03:25:56 +08:00
return
}
// Start handling the session
2023-04-13 23:36:13 +08:00
go auth.SessionHandler(conn)
2022-09-14 03:25:56 +08:00
}