2021-04-07 07:13:34 +08:00
|
|
|
package controller
|
|
|
|
|
|
|
|
|
|
import (
|
|
|
|
|
"github.com/gravitl/netmaker/models"
|
2021-05-30 04:18:22 +08:00
|
|
|
"github.com/gravitl/netmaker/functions"
|
2021-04-07 07:13:34 +08:00
|
|
|
"github.com/gravitl/netmaker/serverctl"
|
2021-05-06 06:03:37 +08:00
|
|
|
"github.com/gravitl/netmaker/servercfg"
|
2021-04-07 07:13:34 +08:00
|
|
|
"encoding/json"
|
|
|
|
|
"strings"
|
|
|
|
|
"net/http"
|
|
|
|
|
"github.com/gorilla/mux"
|
|
|
|
|
)
|
|
|
|
|
|
|
|
|
|
func serverHandlers(r *mux.Router) {
|
2021-08-10 05:04:16 +08:00
|
|
|
r.HandleFunc("/api/server/addnetwork/{network}", securityCheckServer(true, http.HandlerFunc(addNetwork))).Methods("POST")
|
|
|
|
|
r.HandleFunc("/api/server/getconfig", securityCheckServer(false, http.HandlerFunc(getConfig))).Methods("GET")
|
|
|
|
|
r.HandleFunc("/api/server/removenetwork/{network}", securityCheckServer(true, http.HandlerFunc(removeNetwork))).Methods("DELETE")
|
2021-04-07 07:13:34 +08:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
//Security check is middleware for every function and just checks to make sure that its the master calling
|
2021-04-13 12:42:35 +08:00
|
|
|
//Only admin should have access to all these network-level actions
|
2021-04-07 07:13:34 +08:00
|
|
|
//or maybe some Users once implemented
|
2021-08-10 05:04:16 +08:00
|
|
|
func securityCheckServer(adminonly bool, next http.Handler) http.HandlerFunc {
|
2021-04-07 07:13:34 +08:00
|
|
|
return func(w http.ResponseWriter, r *http.Request) {
|
|
|
|
|
var errorResponse = models.ErrorResponse{
|
|
|
|
|
Code: http.StatusInternalServerError, Message: "W1R3: It's not you it's me.",
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
bearerToken := r.Header.Get("Authorization")
|
|
|
|
|
|
|
|
|
|
var tokenSplit = strings.Split(bearerToken, " ")
|
|
|
|
|
var authToken = ""
|
|
|
|
|
if len(tokenSplit) < 2 {
|
2021-06-01 23:14:34 +08:00
|
|
|
errorResponse = models.ErrorResponse{
|
|
|
|
|
Code: http.StatusUnauthorized, Message: "W1R3: You are unauthorized to access this endpoint.",
|
|
|
|
|
}
|
|
|
|
|
returnErrorResponse(w, r, errorResponse)
|
|
|
|
|
return
|
|
|
|
|
} else {
|
2021-04-07 07:13:34 +08:00
|
|
|
authToken = tokenSplit[1]
|
|
|
|
|
}
|
|
|
|
|
//all endpoints here require master so not as complicated
|
|
|
|
|
//still might not be a good way of doing this
|
2021-08-10 05:04:16 +08:00
|
|
|
user, _, isadmin, err := functions.VerifyUserToken(authToken)
|
|
|
|
|
errorResponse = models.ErrorResponse{
|
|
|
|
|
Code: http.StatusUnauthorized, Message: "W1R3: You are unauthorized to access this endpoint.",
|
|
|
|
|
}
|
|
|
|
|
if !adminonly && (err != nil || user == "") {
|
|
|
|
|
returnErrorResponse(w, r, errorResponse)
|
|
|
|
|
}
|
2021-06-01 23:14:34 +08:00
|
|
|
if !isadmin && !authenticateMasterServer(authToken) {
|
2021-08-10 05:04:16 +08:00
|
|
|
returnErrorResponse(w, r, errorResponse)
|
|
|
|
|
}
|
2021-06-01 23:14:34 +08:00
|
|
|
next.ServeHTTP(w, r)
|
2021-04-07 07:13:34 +08:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
//Consider a more secure way of setting master key
|
|
|
|
|
func authenticateMasterServer(tokenString string) bool {
|
2021-05-06 06:03:37 +08:00
|
|
|
if tokenString == servercfg.GetMasterKey() {
|
2021-04-07 07:13:34 +08:00
|
|
|
return true
|
|
|
|
|
}
|
|
|
|
|
return false
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func removeNetwork(w http.ResponseWriter, r *http.Request) {
|
|
|
|
|
// Set header
|
|
|
|
|
w.Header().Set("Content-Type", "application/json")
|
|
|
|
|
|
|
|
|
|
// get params
|
|
|
|
|
var params = mux.Vars(r)
|
|
|
|
|
|
|
|
|
|
success, err := serverctl.RemoveNetwork(params["network"])
|
|
|
|
|
|
|
|
|
|
if err != nil || !success {
|
|
|
|
|
json.NewEncoder(w).Encode("Could not remove server from network " + params["network"])
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
json.NewEncoder(w).Encode("Server removed from network " + params["network"])
|
|
|
|
|
}
|
|
|
|
|
|
2021-05-06 06:03:37 +08:00
|
|
|
func getConfig(w http.ResponseWriter, r *http.Request) {
|
2021-06-01 23:14:34 +08:00
|
|
|
// Set header
|
2021-05-06 06:03:37 +08:00
|
|
|
w.Header().Set("Content-Type", "application/json")
|
|
|
|
|
|
|
|
|
|
// get params
|
|
|
|
|
|
2021-06-02 10:32:20 +08:00
|
|
|
scfg := servercfg.GetServerConfig()
|
2021-05-06 06:03:37 +08:00
|
|
|
w.WriteHeader(http.StatusOK)
|
|
|
|
|
json.NewEncoder(w).Encode(scfg)
|
|
|
|
|
}
|
|
|
|
|
|
2021-06-02 10:32:20 +08:00
|
|
|
/*
|
|
|
|
|
func getMongoConfig(w http.ResponseWriter, r *http.Request) {
|
|
|
|
|
// Set header
|
|
|
|
|
w.Header().Set("Content-Type", "application/json")
|
|
|
|
|
|
|
|
|
|
// get params
|
|
|
|
|
|
|
|
|
|
mcfg := servercfg.GetMongoConfig()
|
|
|
|
|
w.WriteHeader(http.StatusOK)
|
|
|
|
|
json.NewEncoder(w).Encode(mcfg)
|
|
|
|
|
}
|
|
|
|
|
*/
|
|
|
|
|
|
2021-04-07 07:13:34 +08:00
|
|
|
func addNetwork(w http.ResponseWriter, r *http.Request) {
|
|
|
|
|
// Set header
|
|
|
|
|
w.Header().Set("Content-Type", "application/json")
|
|
|
|
|
|
|
|
|
|
// get params
|
|
|
|
|
var params = mux.Vars(r)
|
|
|
|
|
|
|
|
|
|
success, err := serverctl.AddNetwork(params["network"])
|
|
|
|
|
|
|
|
|
|
if err != nil || !success {
|
|
|
|
|
json.NewEncoder(w).Encode("Could not add server to network " + params["network"])
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
json.NewEncoder(w).Encode("Server added to network " + params["network"])
|
|
|
|
|
}
|
