2021-03-26 00:17:52 +08:00
|
|
|
package controller
|
|
|
|
|
|
|
|
|
|
import (
|
2021-04-23 04:52:44 +08:00
|
|
|
"encoding/json"
|
|
|
|
|
"errors"
|
|
|
|
|
"net/http"
|
|
|
|
|
"strings"
|
|
|
|
|
"time"
|
2021-10-09 03:07:12 +08:00
|
|
|
|
2021-04-23 04:52:44 +08:00
|
|
|
"github.com/gorilla/mux"
|
2021-07-22 06:55:19 +08:00
|
|
|
"github.com/gravitl/netmaker/database"
|
2021-04-23 04:52:44 +08:00
|
|
|
"github.com/gravitl/netmaker/functions"
|
2021-12-07 04:31:08 +08:00
|
|
|
"github.com/gravitl/netmaker/logger"
|
2021-10-06 03:02:09 +08:00
|
|
|
"github.com/gravitl/netmaker/logic"
|
2021-04-23 04:52:44 +08:00
|
|
|
"github.com/gravitl/netmaker/models"
|
2021-07-25 04:13:24 +08:00
|
|
|
"github.com/gravitl/netmaker/servercfg"
|
2021-04-23 04:52:44 +08:00
|
|
|
"golang.org/x/crypto/bcrypt"
|
2021-03-26 00:17:52 +08:00
|
|
|
)
|
|
|
|
|
|
|
|
|
|
func nodeHandlers(r *mux.Router) {
|
|
|
|
|
|
2021-07-24 06:24:34 +08:00
|
|
|
r.HandleFunc("/api/nodes", authorize(false, "user", http.HandlerFunc(getAllNodes))).Methods("GET")
|
2021-04-23 04:52:44 +08:00
|
|
|
r.HandleFunc("/api/nodes/{network}", authorize(true, "network", http.HandlerFunc(getNetworkNodes))).Methods("GET")
|
|
|
|
|
r.HandleFunc("/api/nodes/{network}/{macaddress}", authorize(true, "node", http.HandlerFunc(getNode))).Methods("GET")
|
|
|
|
|
r.HandleFunc("/api/nodes/{network}/{macaddress}", authorize(true, "node", http.HandlerFunc(updateNode))).Methods("PUT")
|
|
|
|
|
r.HandleFunc("/api/nodes/{network}/{macaddress}", authorize(true, "node", http.HandlerFunc(deleteNode))).Methods("DELETE")
|
2021-09-14 08:25:27 +08:00
|
|
|
r.HandleFunc("/api/nodes/{network}/{macaddress}/createrelay", authorize(true, "user", http.HandlerFunc(createRelay))).Methods("POST")
|
|
|
|
|
r.HandleFunc("/api/nodes/{network}/{macaddress}/deleterelay", authorize(true, "user", http.HandlerFunc(deleteRelay))).Methods("DELETE")
|
2021-07-24 06:24:34 +08:00
|
|
|
r.HandleFunc("/api/nodes/{network}/{macaddress}/creategateway", authorize(true, "user", http.HandlerFunc(createEgressGateway))).Methods("POST")
|
|
|
|
|
r.HandleFunc("/api/nodes/{network}/{macaddress}/deletegateway", authorize(true, "user", http.HandlerFunc(deleteEgressGateway))).Methods("DELETE")
|
2021-07-03 11:25:36 +08:00
|
|
|
r.HandleFunc("/api/nodes/{network}/{macaddress}/createingress", securityCheck(false, http.HandlerFunc(createIngressGateway))).Methods("POST")
|
|
|
|
|
r.HandleFunc("/api/nodes/{network}/{macaddress}/deleteingress", securityCheck(false, http.HandlerFunc(deleteIngressGateway))).Methods("DELETE")
|
2021-07-24 06:24:34 +08:00
|
|
|
r.HandleFunc("/api/nodes/{network}/{macaddress}/approve", authorize(true, "user", http.HandlerFunc(uncordonNode))).Methods("POST")
|
2021-04-23 04:52:44 +08:00
|
|
|
r.HandleFunc("/api/nodes/{network}", createNode).Methods("POST")
|
|
|
|
|
r.HandleFunc("/api/nodes/adm/{network}/lastmodified", authorize(true, "network", http.HandlerFunc(getLastModified))).Methods("GET")
|
|
|
|
|
r.HandleFunc("/api/nodes/adm/{network}/authenticate", authenticate).Methods("POST")
|
2021-03-26 00:17:52 +08:00
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
//Node authenticates using its password and retrieves a JWT for authorization.
|
|
|
|
|
func authenticate(response http.ResponseWriter, request *http.Request) {
|
|
|
|
|
|
2021-07-22 06:55:19 +08:00
|
|
|
var params = mux.Vars(request)
|
|
|
|
|
networkname := params["network"]
|
2021-04-23 04:52:44 +08:00
|
|
|
//Auth request consists of Mac Address and Password (from node that is authorizing
|
|
|
|
|
//in case of Master, auth is ignored and mac is set to "mastermac"
|
|
|
|
|
var authRequest models.AuthParams
|
|
|
|
|
var result models.Node
|
|
|
|
|
var errorResponse = models.ErrorResponse{
|
|
|
|
|
Code: http.StatusInternalServerError, Message: "W1R3: It's not you it's me.",
|
|
|
|
|
}
|
2021-03-26 00:17:52 +08:00
|
|
|
|
2021-04-23 04:52:44 +08:00
|
|
|
//Get password fnd mac rom request
|
|
|
|
|
decoder := json.NewDecoder(request.Body)
|
|
|
|
|
decoderErr := decoder.Decode(&authRequest)
|
|
|
|
|
defer request.Body.Close()
|
2021-03-26 00:17:52 +08:00
|
|
|
|
2021-04-23 04:52:44 +08:00
|
|
|
if decoderErr != nil {
|
2021-04-24 04:19:02 +08:00
|
|
|
errorResponse.Code = http.StatusBadRequest
|
|
|
|
|
errorResponse.Message = decoderErr.Error()
|
2021-04-23 04:52:44 +08:00
|
|
|
returnErrorResponse(response, request, errorResponse)
|
2021-03-27 04:13:51 +08:00
|
|
|
return
|
2021-04-23 04:52:44 +08:00
|
|
|
} else {
|
|
|
|
|
errorResponse.Code = http.StatusBadRequest
|
|
|
|
|
if authRequest.MacAddress == "" {
|
|
|
|
|
errorResponse.Message = "W1R3: MacAddress can't be empty"
|
|
|
|
|
returnErrorResponse(response, request, errorResponse)
|
|
|
|
|
return
|
|
|
|
|
} else if authRequest.Password == "" {
|
|
|
|
|
errorResponse.Message = "W1R3: Password can't be empty"
|
|
|
|
|
returnErrorResponse(response, request, errorResponse)
|
|
|
|
|
return
|
|
|
|
|
} else {
|
|
|
|
|
|
2021-10-09 03:07:12 +08:00
|
|
|
//Search DB for node with Mac Address. Ignore pending nodes (they should not be able to authenticate with API until approved).
|
2021-07-22 06:55:19 +08:00
|
|
|
collection, err := database.FetchRecords(database.NODES_TABLE_NAME)
|
|
|
|
|
if err != nil {
|
|
|
|
|
errorResponse.Code = http.StatusBadRequest
|
|
|
|
|
errorResponse.Message = err.Error()
|
|
|
|
|
returnErrorResponse(response, request, errorResponse)
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
for _, value := range collection {
|
|
|
|
|
if err := json.Unmarshal([]byte(value), &result); err != nil {
|
|
|
|
|
continue
|
|
|
|
|
}
|
2021-07-27 00:24:36 +08:00
|
|
|
if result.MacAddress == authRequest.MacAddress && result.IsPending != "yes" && result.Network == networkname {
|
2021-07-22 06:55:19 +08:00
|
|
|
break
|
|
|
|
|
}
|
|
|
|
|
}
|
2021-04-23 04:52:44 +08:00
|
|
|
|
|
|
|
|
if err != nil {
|
2021-04-24 04:19:02 +08:00
|
|
|
errorResponse.Code = http.StatusBadRequest
|
|
|
|
|
errorResponse.Message = err.Error()
|
2021-04-23 04:52:44 +08:00
|
|
|
returnErrorResponse(response, request, errorResponse)
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
//compare password from request to stored password in database
|
|
|
|
|
//might be able to have a common hash (certificates?) and compare those so that a password isn't passed in in plain text...
|
|
|
|
|
//TODO: Consider a way of hashing the password client side before sending, or using certificates
|
|
|
|
|
err = bcrypt.CompareHashAndPassword([]byte(result.Password), []byte(authRequest.Password))
|
|
|
|
|
if err != nil {
|
2021-04-24 04:19:02 +08:00
|
|
|
errorResponse.Code = http.StatusBadRequest
|
|
|
|
|
errorResponse.Message = err.Error()
|
2021-04-23 04:52:44 +08:00
|
|
|
returnErrorResponse(response, request, errorResponse)
|
|
|
|
|
return
|
|
|
|
|
} else {
|
|
|
|
|
//Create a new JWT for the node
|
2021-10-27 00:27:29 +08:00
|
|
|
tokenString, _ := logic.CreateJWT(authRequest.MacAddress, result.Network)
|
2021-04-23 04:52:44 +08:00
|
|
|
|
|
|
|
|
if tokenString == "" {
|
2021-04-24 04:19:02 +08:00
|
|
|
errorResponse.Code = http.StatusBadRequest
|
|
|
|
|
errorResponse.Message = "Could not create Token"
|
2021-04-23 04:52:44 +08:00
|
|
|
returnErrorResponse(response, request, errorResponse)
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
var successResponse = models.SuccessResponse{
|
|
|
|
|
Code: http.StatusOK,
|
|
|
|
|
Message: "W1R3: Device " + authRequest.MacAddress + " Authorized",
|
|
|
|
|
Response: models.SuccessfulLoginResponse{
|
|
|
|
|
AuthToken: tokenString,
|
|
|
|
|
MacAddress: authRequest.MacAddress,
|
|
|
|
|
},
|
|
|
|
|
}
|
|
|
|
|
//Send back the JWT
|
|
|
|
|
successJSONResponse, jsonError := json.Marshal(successResponse)
|
|
|
|
|
|
|
|
|
|
if jsonError != nil {
|
2021-04-24 04:19:02 +08:00
|
|
|
errorResponse.Code = http.StatusBadRequest
|
|
|
|
|
errorResponse.Message = err.Error()
|
2021-04-23 04:52:44 +08:00
|
|
|
returnErrorResponse(response, request, errorResponse)
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
response.WriteHeader(http.StatusOK)
|
|
|
|
|
response.Header().Set("Content-Type", "application/json")
|
|
|
|
|
response.Write(successJSONResponse)
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
2021-03-26 00:17:52 +08:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
//The middleware for most requests to the API
|
|
|
|
|
//They all pass through here first
|
|
|
|
|
//This will validate the JWT (or check for master token)
|
2021-04-13 12:42:35 +08:00
|
|
|
//This will also check against the authNetwork and make sure the node should be accessing that endpoint,
|
2021-03-26 00:17:52 +08:00
|
|
|
//even if it's technically ok
|
|
|
|
|
//This is kind of a poor man's RBAC. There's probably a better/smarter way.
|
|
|
|
|
//TODO: Consider better RBAC implementations
|
2021-04-13 12:42:35 +08:00
|
|
|
func authorize(networkCheck bool, authNetwork string, next http.Handler) http.HandlerFunc {
|
2021-04-23 04:52:44 +08:00
|
|
|
return func(w http.ResponseWriter, r *http.Request) {
|
|
|
|
|
var errorResponse = models.ErrorResponse{
|
|
|
|
|
Code: http.StatusInternalServerError, Message: "W1R3: It's not you it's me.",
|
|
|
|
|
}
|
2021-03-26 00:17:52 +08:00
|
|
|
|
|
|
|
|
var params = mux.Vars(r)
|
|
|
|
|
|
2021-04-13 12:42:35 +08:00
|
|
|
networkexists, _ := functions.NetworkExists(params["network"])
|
|
|
|
|
//check that the request is for a valid network
|
2021-04-23 04:52:44 +08:00
|
|
|
//if (networkCheck && !networkexists) || err != nil {
|
|
|
|
|
if networkCheck && !networkexists {
|
|
|
|
|
errorResponse = models.ErrorResponse{
|
|
|
|
|
Code: http.StatusNotFound, Message: "W1R3: This network does not exist. ",
|
|
|
|
|
}
|
|
|
|
|
returnErrorResponse(w, r, errorResponse)
|
2021-03-27 04:13:51 +08:00
|
|
|
return
|
2021-04-23 04:52:44 +08:00
|
|
|
} else {
|
|
|
|
|
w.Header().Set("Content-Type", "application/json")
|
2021-03-26 00:17:52 +08:00
|
|
|
|
2021-04-23 04:52:44 +08:00
|
|
|
//get the auth token
|
|
|
|
|
bearerToken := r.Header.Get("Authorization")
|
2021-03-26 00:17:52 +08:00
|
|
|
|
2021-04-23 04:52:44 +08:00
|
|
|
var tokenSplit = strings.Split(bearerToken, " ")
|
2021-03-26 10:29:36 +08:00
|
|
|
|
2021-04-23 04:52:44 +08:00
|
|
|
//I put this in in case the user doesn't put in a token at all (in which case it's empty)
|
|
|
|
|
//There's probably a smarter way of handling this.
|
|
|
|
|
var authToken = "928rt238tghgwe@TY@$Y@#WQAEGB2FC#@HG#@$Hddd"
|
2021-03-26 00:17:52 +08:00
|
|
|
|
2021-04-23 04:52:44 +08:00
|
|
|
if len(tokenSplit) > 1 {
|
|
|
|
|
authToken = tokenSplit[1]
|
|
|
|
|
} else {
|
|
|
|
|
errorResponse = models.ErrorResponse{
|
|
|
|
|
Code: http.StatusUnauthorized, Message: "W1R3: Missing Auth Token.",
|
|
|
|
|
}
|
|
|
|
|
returnErrorResponse(w, r, errorResponse)
|
|
|
|
|
return
|
|
|
|
|
}
|
2021-03-26 00:17:52 +08:00
|
|
|
|
2021-04-23 04:52:44 +08:00
|
|
|
//This checks if
|
|
|
|
|
//A: the token is the master password
|
|
|
|
|
//B: the token corresponds to a mac address, and if so, which one
|
2021-10-09 03:07:12 +08:00
|
|
|
//TODO: There's probably a better way of dealing with the "master token"/master password. Plz Help.
|
2021-07-19 23:30:27 +08:00
|
|
|
var isAuthorized = false
|
2021-05-30 04:18:22 +08:00
|
|
|
var macaddress = ""
|
2021-10-27 00:27:29 +08:00
|
|
|
username, networks, isadmin, errN := logic.VerifyUserToken(authToken)
|
2021-07-02 12:03:46 +08:00
|
|
|
isnetadmin := isadmin
|
|
|
|
|
if errN == nil && isadmin {
|
2021-07-19 23:30:27 +08:00
|
|
|
macaddress = "mastermac"
|
|
|
|
|
isAuthorized = true
|
2021-07-27 22:48:58 +08:00
|
|
|
r.Header.Set("ismasterkey", "yes")
|
2021-04-23 04:52:44 +08:00
|
|
|
}
|
2021-07-19 23:30:27 +08:00
|
|
|
if !isadmin && params["network"] != "" {
|
|
|
|
|
if functions.SliceContains(networks, params["network"]) {
|
|
|
|
|
isnetadmin = true
|
|
|
|
|
}
|
|
|
|
|
}
|
2021-04-23 04:52:44 +08:00
|
|
|
//The mastermac (login with masterkey from config) can do everything!! May be dangerous.
|
|
|
|
|
if macaddress == "mastermac" {
|
2021-03-26 00:17:52 +08:00
|
|
|
isAuthorized = true
|
2021-07-27 22:48:58 +08:00
|
|
|
r.Header.Set("ismasterkey", "yes")
|
2021-04-23 04:52:44 +08:00
|
|
|
//for everyone else, there's poor man's RBAC. The "cases" are defined in the routes in the handlers
|
|
|
|
|
//So each route defines which access network should be allowed to access it
|
|
|
|
|
} else {
|
|
|
|
|
switch authNetwork {
|
|
|
|
|
case "all":
|
|
|
|
|
isAuthorized = true
|
|
|
|
|
case "nodes":
|
2021-07-02 12:03:46 +08:00
|
|
|
isAuthorized = (macaddress != "") || isnetadmin
|
2021-04-23 04:52:44 +08:00
|
|
|
case "network":
|
2021-07-02 12:03:46 +08:00
|
|
|
if isnetadmin {
|
|
|
|
|
isAuthorized = true
|
|
|
|
|
} else {
|
2021-10-27 00:27:29 +08:00
|
|
|
node, err := logic.GetNodeByMacAddress(params["network"], macaddress)
|
2021-07-19 23:30:27 +08:00
|
|
|
if err != nil {
|
|
|
|
|
errorResponse = models.ErrorResponse{
|
|
|
|
|
Code: http.StatusUnauthorized, Message: "W1R3: Missing Auth Token.",
|
|
|
|
|
}
|
|
|
|
|
returnErrorResponse(w, r, errorResponse)
|
|
|
|
|
return
|
2021-04-23 04:52:44 +08:00
|
|
|
}
|
2021-07-19 23:30:27 +08:00
|
|
|
isAuthorized = (node.Network == params["network"])
|
2021-07-02 12:03:46 +08:00
|
|
|
}
|
2021-04-23 04:52:44 +08:00
|
|
|
case "node":
|
2021-07-19 23:30:27 +08:00
|
|
|
if isnetadmin {
|
|
|
|
|
isAuthorized = true
|
|
|
|
|
} else {
|
2021-07-02 12:03:46 +08:00
|
|
|
isAuthorized = (macaddress == params["macaddress"])
|
|
|
|
|
}
|
2021-07-24 06:24:34 +08:00
|
|
|
case "user":
|
|
|
|
|
isAuthorized = true
|
2021-04-23 04:52:44 +08:00
|
|
|
default:
|
|
|
|
|
isAuthorized = false
|
|
|
|
|
}
|
2021-03-26 00:17:52 +08:00
|
|
|
}
|
2021-04-23 04:52:44 +08:00
|
|
|
if !isAuthorized {
|
|
|
|
|
errorResponse = models.ErrorResponse{
|
|
|
|
|
Code: http.StatusUnauthorized, Message: "W1R3: You are unauthorized to access this endpoint.",
|
|
|
|
|
}
|
|
|
|
|
returnErrorResponse(w, r, errorResponse)
|
|
|
|
|
return
|
|
|
|
|
} else {
|
|
|
|
|
//If authorized, this function passes along it's request and output to the appropriate route function.
|
2021-07-19 23:30:27 +08:00
|
|
|
if username == "" {
|
|
|
|
|
username = "(user not found)"
|
|
|
|
|
}
|
|
|
|
|
r.Header.Set("user", username)
|
2021-04-23 04:52:44 +08:00
|
|
|
next.ServeHTTP(w, r)
|
2021-03-26 00:17:52 +08:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2021-04-13 12:42:35 +08:00
|
|
|
//Gets all nodes associated with network, including pending nodes
|
|
|
|
|
func getNetworkNodes(w http.ResponseWriter, r *http.Request) {
|
2021-03-26 00:17:52 +08:00
|
|
|
|
|
|
|
|
w.Header().Set("Content-Type", "application/json")
|
|
|
|
|
|
2021-05-28 02:57:59 +08:00
|
|
|
var nodes []models.Node
|
2021-03-26 00:17:52 +08:00
|
|
|
var params = mux.Vars(r)
|
2021-07-19 23:30:27 +08:00
|
|
|
networkName := params["network"]
|
2021-10-06 03:02:09 +08:00
|
|
|
nodes, err := logic.GetNetworkNodes(networkName)
|
2021-05-06 05:24:24 +08:00
|
|
|
if err != nil {
|
|
|
|
|
returnErrorResponse(w, r, formatError(err, "internal"))
|
|
|
|
|
return
|
|
|
|
|
}
|
2021-03-26 00:17:52 +08:00
|
|
|
|
2021-05-06 05:24:24 +08:00
|
|
|
//Returns all the nodes in JSON format
|
2021-12-07 04:31:08 +08:00
|
|
|
logger.Log(2, r.Header.Get("user"), "fetched nodes on network", networkName)
|
2021-05-06 05:24:24 +08:00
|
|
|
w.WriteHeader(http.StatusOK)
|
|
|
|
|
json.NewEncoder(w).Encode(nodes)
|
|
|
|
|
}
|
2021-03-26 00:17:52 +08:00
|
|
|
|
2021-04-13 12:42:35 +08:00
|
|
|
//A separate function to get all nodes, not just nodes for a particular network.
|
2021-03-26 00:17:52 +08:00
|
|
|
//Not quite sure if this is necessary. Probably necessary based on front end but may want to review after iteration 1 if it's being used or not
|
|
|
|
|
func getAllNodes(w http.ResponseWriter, r *http.Request) {
|
2021-04-23 04:52:44 +08:00
|
|
|
w.Header().Set("Content-Type", "application/json")
|
2021-10-27 00:27:29 +08:00
|
|
|
user, err := logic.GetUser(r.Header.Get("user"))
|
2021-07-27 22:48:58 +08:00
|
|
|
if err != nil && r.Header.Get("ismasterkey") != "yes" {
|
2021-04-23 04:52:44 +08:00
|
|
|
returnErrorResponse(w, r, formatError(err, "internal"))
|
|
|
|
|
return
|
|
|
|
|
}
|
2021-07-25 04:13:24 +08:00
|
|
|
var nodes []models.Node
|
2021-07-29 04:08:50 +08:00
|
|
|
if user.IsAdmin || r.Header.Get("ismasterkey") == "yes" {
|
2021-10-27 00:27:29 +08:00
|
|
|
nodes, err = logic.GetAllNodes()
|
2021-07-25 04:13:24 +08:00
|
|
|
if err != nil {
|
|
|
|
|
returnErrorResponse(w, r, formatError(err, "internal"))
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
} else {
|
|
|
|
|
nodes, err = getUsersNodes(user)
|
|
|
|
|
if err != nil {
|
|
|
|
|
returnErrorResponse(w, r, formatError(err, "internal"))
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
}
|
2021-03-26 00:17:52 +08:00
|
|
|
//Return all the nodes in JSON format
|
2021-12-07 04:31:08 +08:00
|
|
|
logger.Log(2, r.Header.Get("user"), "fetched nodes")
|
2021-04-23 04:52:44 +08:00
|
|
|
w.WriteHeader(http.StatusOK)
|
2021-04-13 11:19:01 +08:00
|
|
|
json.NewEncoder(w).Encode(nodes)
|
2021-03-26 00:17:52 +08:00
|
|
|
}
|
|
|
|
|
|
2021-07-25 04:13:24 +08:00
|
|
|
func getUsersNodes(user models.User) ([]models.Node, error) {
|
2021-07-24 06:24:34 +08:00
|
|
|
var nodes []models.Node
|
2021-07-25 04:13:24 +08:00
|
|
|
var err error
|
2021-07-24 06:24:34 +08:00
|
|
|
for _, networkName := range user.Networks {
|
2021-10-06 03:02:09 +08:00
|
|
|
tmpNodes, err := logic.GetNetworkNodes(networkName)
|
2021-07-24 06:24:34 +08:00
|
|
|
if err != nil {
|
|
|
|
|
continue
|
|
|
|
|
}
|
|
|
|
|
nodes = append(nodes, tmpNodes...)
|
|
|
|
|
}
|
|
|
|
|
return nodes, err
|
|
|
|
|
}
|
|
|
|
|
|
2021-03-26 00:17:52 +08:00
|
|
|
//Get an individual node. Nothin fancy here folks.
|
|
|
|
|
func getNode(w http.ResponseWriter, r *http.Request) {
|
|
|
|
|
// set header.
|
|
|
|
|
w.Header().Set("Content-Type", "application/json")
|
|
|
|
|
|
2021-04-23 04:52:44 +08:00
|
|
|
var params = mux.Vars(r)
|
2021-03-26 00:17:52 +08:00
|
|
|
|
2021-04-13 12:42:35 +08:00
|
|
|
node, err := GetNode(params["macaddress"], params["network"])
|
2021-04-23 04:52:44 +08:00
|
|
|
if err != nil {
|
|
|
|
|
returnErrorResponse(w, r, formatError(err, "internal"))
|
|
|
|
|
return
|
|
|
|
|
}
|
2021-12-07 04:31:08 +08:00
|
|
|
logger.Log(2, r.Header.Get("user"), "fetched node", params["macaddress"])
|
2021-04-13 11:19:01 +08:00
|
|
|
w.WriteHeader(http.StatusOK)
|
2021-03-26 00:17:52 +08:00
|
|
|
json.NewEncoder(w).Encode(node)
|
|
|
|
|
}
|
|
|
|
|
|
2021-04-13 12:42:35 +08:00
|
|
|
//Get the time that a network of nodes was last modified.
|
2021-03-26 00:17:52 +08:00
|
|
|
//TODO: This needs to be refactored
|
|
|
|
|
//Potential way to do this: On UpdateNode, set a new field for "LastModified"
|
2021-04-13 12:42:35 +08:00
|
|
|
//If we go with the existing way, we need to at least set network.NodesLastModified on UpdateNode
|
2021-03-26 00:17:52 +08:00
|
|
|
func getLastModified(w http.ResponseWriter, r *http.Request) {
|
2021-04-23 04:52:44 +08:00
|
|
|
// set header.
|
|
|
|
|
w.Header().Set("Content-Type", "application/json")
|
2021-03-26 00:17:52 +08:00
|
|
|
|
2021-04-23 04:52:44 +08:00
|
|
|
var params = mux.Vars(r)
|
2021-07-22 06:55:19 +08:00
|
|
|
network, err := GetNetwork(params["network"])
|
2021-04-23 04:52:44 +08:00
|
|
|
if err != nil {
|
|
|
|
|
returnErrorResponse(w, r, formatError(err, "internal"))
|
|
|
|
|
return
|
|
|
|
|
}
|
2021-12-07 04:31:08 +08:00
|
|
|
logger.Log(2, r.Header.Get("user"), "called last modified")
|
2021-04-13 11:19:01 +08:00
|
|
|
w.WriteHeader(http.StatusOK)
|
2021-04-28 23:12:48 +08:00
|
|
|
json.NewEncoder(w).Encode(network.NodesLastModified)
|
2021-05-06 05:24:24 +08:00
|
|
|
}
|
2021-03-26 00:17:52 +08:00
|
|
|
|
|
|
|
|
func createNode(w http.ResponseWriter, r *http.Request) {
|
|
|
|
|
w.Header().Set("Content-Type", "application/json")
|
|
|
|
|
|
2021-04-23 04:52:44 +08:00
|
|
|
var params = mux.Vars(r)
|
2021-03-26 00:17:52 +08:00
|
|
|
|
|
|
|
|
var errorResponse = models.ErrorResponse{
|
2021-04-23 04:52:44 +08:00
|
|
|
Code: http.StatusInternalServerError, Message: "W1R3: It's not you it's me.",
|
2021-03-26 00:17:52 +08:00
|
|
|
}
|
2021-04-23 04:52:44 +08:00
|
|
|
networkName := params["network"]
|
|
|
|
|
networkexists, err := functions.NetworkExists(networkName)
|
|
|
|
|
|
|
|
|
|
if err != nil {
|
|
|
|
|
returnErrorResponse(w, r, formatError(err, "internal"))
|
|
|
|
|
return
|
|
|
|
|
} else if !networkexists {
|
|
|
|
|
errorResponse = models.ErrorResponse{
|
|
|
|
|
Code: http.StatusNotFound, Message: "W1R3: Network does not exist! ",
|
|
|
|
|
}
|
|
|
|
|
returnErrorResponse(w, r, errorResponse)
|
|
|
|
|
return
|
|
|
|
|
}
|
2021-03-26 00:17:52 +08:00
|
|
|
|
|
|
|
|
var node models.Node
|
|
|
|
|
|
|
|
|
|
//get node from body of request
|
2021-04-13 11:19:01 +08:00
|
|
|
err = json.NewDecoder(r.Body).Decode(&node)
|
2021-04-23 04:52:44 +08:00
|
|
|
if err != nil {
|
|
|
|
|
returnErrorResponse(w, r, formatError(err, "internal"))
|
|
|
|
|
return
|
|
|
|
|
}
|
2021-03-26 00:17:52 +08:00
|
|
|
|
2021-04-13 12:42:35 +08:00
|
|
|
node.Network = networkName
|
2021-03-26 00:17:52 +08:00
|
|
|
|
2021-10-27 00:27:29 +08:00
|
|
|
network, err := logic.GetNetworkByNode(&node)
|
2021-04-23 04:52:44 +08:00
|
|
|
if err != nil {
|
|
|
|
|
returnErrorResponse(w, r, formatError(err, "internal"))
|
|
|
|
|
return
|
|
|
|
|
}
|
2021-03-26 00:17:52 +08:00
|
|
|
|
|
|
|
|
//Check to see if key is valid
|
2021-04-13 12:42:35 +08:00
|
|
|
//TODO: Triple inefficient!!! This is the third call to the DB we make for networks
|
2021-10-27 00:27:29 +08:00
|
|
|
validKey := logic.IsKeyValid(networkName, node.AccessKey)
|
2021-03-26 00:17:52 +08:00
|
|
|
|
|
|
|
|
if !validKey {
|
2021-04-13 12:42:35 +08:00
|
|
|
//Check to see if network will allow manual sign up
|
2021-03-26 00:17:52 +08:00
|
|
|
//may want to switch this up with the valid key check and avoid a DB call that way.
|
2021-07-24 06:24:34 +08:00
|
|
|
if network.AllowManualSignUp == "yes" {
|
2021-07-27 00:24:36 +08:00
|
|
|
node.IsPending = "yes"
|
2021-04-23 04:52:44 +08:00
|
|
|
} else {
|
2021-03-26 00:17:52 +08:00
|
|
|
errorResponse = models.ErrorResponse{
|
|
|
|
|
Code: http.StatusUnauthorized, Message: "W1R3: Key invalid, or none provided.",
|
|
|
|
|
}
|
|
|
|
|
returnErrorResponse(w, r, errorResponse)
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2021-10-06 03:02:09 +08:00
|
|
|
node, err = logic.CreateNode(node, networkName)
|
2021-04-23 04:52:44 +08:00
|
|
|
if err != nil {
|
|
|
|
|
returnErrorResponse(w, r, formatError(err, "internal"))
|
|
|
|
|
return
|
|
|
|
|
}
|
2021-12-07 04:31:08 +08:00
|
|
|
logger.Log(1, r.Header.Get("user"), "created new node", node.Name, "on network", node.Network)
|
2021-04-13 11:19:01 +08:00
|
|
|
w.WriteHeader(http.StatusOK)
|
2021-03-26 00:17:52 +08:00
|
|
|
json.NewEncoder(w).Encode(node)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
//Takes node out of pending state
|
|
|
|
|
//TODO: May want to use cordon/uncordon terminology instead of "ispending".
|
|
|
|
|
func uncordonNode(w http.ResponseWriter, r *http.Request) {
|
2021-04-23 04:52:44 +08:00
|
|
|
var params = mux.Vars(r)
|
2021-05-06 05:24:24 +08:00
|
|
|
w.Header().Set("Content-Type", "application/json")
|
|
|
|
|
node, err := UncordonNode(params["network"], params["macaddress"])
|
2021-04-23 04:52:44 +08:00
|
|
|
if err != nil {
|
|
|
|
|
returnErrorResponse(w, r, formatError(err, "internal"))
|
|
|
|
|
return
|
|
|
|
|
}
|
2021-12-07 04:31:08 +08:00
|
|
|
logger.Log(1, r.Header.Get("user"), "uncordoned node", node.Name)
|
2021-05-06 05:24:24 +08:00
|
|
|
w.WriteHeader(http.StatusOK)
|
|
|
|
|
json.NewEncoder(w).Encode("SUCCESS")
|
|
|
|
|
}
|
2021-03-26 00:17:52 +08:00
|
|
|
|
2021-10-27 00:27:29 +08:00
|
|
|
// UncordonNode - approves a node to join a network
|
2021-05-06 05:24:24 +08:00
|
|
|
func UncordonNode(network, macaddress string) (models.Node, error) {
|
2021-10-27 00:27:29 +08:00
|
|
|
node, err := logic.GetNodeByMacAddress(network, macaddress)
|
2021-05-06 05:24:24 +08:00
|
|
|
if err != nil {
|
|
|
|
|
return models.Node{}, err
|
|
|
|
|
}
|
2021-04-23 04:52:44 +08:00
|
|
|
node.SetLastModified()
|
2021-07-27 00:24:36 +08:00
|
|
|
node.IsPending = "no"
|
2021-08-06 02:27:37 +08:00
|
|
|
node.PullChanges = "yes"
|
2021-07-22 06:55:19 +08:00
|
|
|
data, err := json.Marshal(&node)
|
|
|
|
|
if err != nil {
|
|
|
|
|
return node, err
|
2021-04-23 04:52:44 +08:00
|
|
|
}
|
2021-10-27 00:27:29 +08:00
|
|
|
key, err := logic.GetRecordKey(node.MacAddress, node.Network)
|
2021-04-13 11:19:01 +08:00
|
|
|
if err != nil {
|
2021-07-22 06:55:19 +08:00
|
|
|
return node, err
|
2021-04-23 04:52:44 +08:00
|
|
|
}
|
2021-07-22 06:55:19 +08:00
|
|
|
|
|
|
|
|
err = database.Insert(key, string(data), database.NODES_TABLE_NAME)
|
|
|
|
|
return node, err
|
2021-04-13 11:19:01 +08:00
|
|
|
}
|
|
|
|
|
|
2021-05-20 01:59:10 +08:00
|
|
|
func createEgressGateway(w http.ResponseWriter, r *http.Request) {
|
|
|
|
|
var gateway models.EgressGatewayRequest
|
2021-05-06 05:24:24 +08:00
|
|
|
var params = mux.Vars(r)
|
|
|
|
|
w.Header().Set("Content-Type", "application/json")
|
2021-04-13 14:55:49 +08:00
|
|
|
err := json.NewDecoder(r.Body).Decode(&gateway)
|
2021-04-23 04:52:44 +08:00
|
|
|
if err != nil {
|
|
|
|
|
returnErrorResponse(w, r, formatError(err, "internal"))
|
|
|
|
|
return
|
|
|
|
|
}
|
2021-04-13 14:55:49 +08:00
|
|
|
gateway.NetID = params["network"]
|
|
|
|
|
gateway.NodeID = params["macaddress"]
|
2021-05-20 01:59:10 +08:00
|
|
|
node, err := CreateEgressGateway(gateway)
|
2021-04-23 04:52:44 +08:00
|
|
|
if err != nil {
|
|
|
|
|
returnErrorResponse(w, r, formatError(err, "internal"))
|
|
|
|
|
return
|
|
|
|
|
}
|
2021-12-07 04:31:08 +08:00
|
|
|
logger.Log(1, r.Header.Get("user"), "created egress gateway on node", gateway.NodeID, "on network", gateway.NetID)
|
2021-05-06 05:24:24 +08:00
|
|
|
w.WriteHeader(http.StatusOK)
|
|
|
|
|
json.NewEncoder(w).Encode(node)
|
|
|
|
|
}
|
2021-04-13 11:19:01 +08:00
|
|
|
|
2021-10-27 00:27:29 +08:00
|
|
|
// CreateEgressGateway - creates an egress gateway
|
2021-05-20 01:59:10 +08:00
|
|
|
func CreateEgressGateway(gateway models.EgressGatewayRequest) (models.Node, error) {
|
2021-10-27 00:27:29 +08:00
|
|
|
node, err := logic.GetNodeByMacAddress(gateway.NetID, gateway.NodeID)
|
2021-09-18 23:01:34 +08:00
|
|
|
if node.OS == "windows" || node.OS == "macos" { // add in darwin later
|
2021-08-31 03:58:23 +08:00
|
|
|
return models.Node{}, errors.New(node.OS + " is unsupported for egress gateways")
|
|
|
|
|
}
|
2021-04-23 04:52:44 +08:00
|
|
|
if err != nil {
|
2021-05-06 05:24:24 +08:00
|
|
|
return models.Node{}, err
|
|
|
|
|
}
|
2021-05-20 01:59:10 +08:00
|
|
|
err = ValidateEgressGateway(gateway)
|
2021-05-06 05:24:24 +08:00
|
|
|
if err != nil {
|
|
|
|
|
return models.Node{}, err
|
2021-04-23 04:52:44 +08:00
|
|
|
}
|
2021-07-27 00:24:36 +08:00
|
|
|
node.IsEgressGateway = "yes"
|
2021-07-22 06:55:19 +08:00
|
|
|
node.EgressGatewayRanges = gateway.Ranges
|
|
|
|
|
postUpCmd := "iptables -A FORWARD -i " + node.Interface + " -j ACCEPT; iptables -t nat -A POSTROUTING -o " + gateway.Interface + " -j MASQUERADE"
|
|
|
|
|
postDownCmd := "iptables -D FORWARD -i " + node.Interface + " -j ACCEPT; iptables -t nat -D POSTROUTING -o " + gateway.Interface + " -j MASQUERADE"
|
2021-06-01 06:05:48 +08:00
|
|
|
if gateway.PostUp != "" {
|
2021-07-22 06:55:19 +08:00
|
|
|
postUpCmd = gateway.PostUp
|
2021-04-13 14:55:49 +08:00
|
|
|
}
|
2021-06-01 06:05:48 +08:00
|
|
|
if gateway.PostDown != "" {
|
2021-07-22 06:55:19 +08:00
|
|
|
postDownCmd = gateway.PostDown
|
2021-04-13 14:55:49 +08:00
|
|
|
}
|
2021-06-01 06:05:48 +08:00
|
|
|
if node.PostUp != "" {
|
2021-07-22 06:55:19 +08:00
|
|
|
if !strings.Contains(node.PostUp, postUpCmd) {
|
2021-07-28 01:32:07 +08:00
|
|
|
postUpCmd = node.PostUp + "; " + postUpCmd
|
2021-06-01 06:05:48 +08:00
|
|
|
}
|
|
|
|
|
}
|
2021-07-19 23:30:27 +08:00
|
|
|
if node.PostDown != "" {
|
2021-07-22 06:55:19 +08:00
|
|
|
if !strings.Contains(node.PostDown, postDownCmd) {
|
2021-07-28 01:32:07 +08:00
|
|
|
postDownCmd = node.PostDown + "; " + postDownCmd
|
2021-07-19 23:30:27 +08:00
|
|
|
}
|
|
|
|
|
}
|
2021-10-27 00:27:29 +08:00
|
|
|
key, err := logic.GetRecordKey(gateway.NodeID, gateway.NetID)
|
2021-04-23 04:52:44 +08:00
|
|
|
if err != nil {
|
2021-07-22 06:55:19 +08:00
|
|
|
return node, err
|
2021-04-23 04:52:44 +08:00
|
|
|
}
|
2021-07-28 01:32:07 +08:00
|
|
|
node.PostUp = postUpCmd
|
|
|
|
|
node.PostDown = postDownCmd
|
|
|
|
|
node.SetLastModified()
|
2021-08-06 02:27:37 +08:00
|
|
|
node.PullChanges = "yes"
|
2021-07-22 06:55:19 +08:00
|
|
|
nodeData, err := json.Marshal(&node)
|
2021-04-23 04:52:44 +08:00
|
|
|
if err != nil {
|
2021-07-22 06:55:19 +08:00
|
|
|
return node, err
|
2021-04-23 04:52:44 +08:00
|
|
|
}
|
2021-08-07 01:39:14 +08:00
|
|
|
if err = database.Insert(key, string(nodeData), database.NODES_TABLE_NAME); err != nil {
|
2021-05-06 05:24:24 +08:00
|
|
|
return models.Node{}, err
|
2021-04-23 04:52:44 +08:00
|
|
|
}
|
2021-08-07 01:47:39 +08:00
|
|
|
if err = functions.NetworkNodesUpdatePullChanges(node.Network); err != nil {
|
2021-08-07 01:39:14 +08:00
|
|
|
return models.Node{}, err
|
|
|
|
|
}
|
|
|
|
|
return node, nil
|
2021-04-13 14:55:49 +08:00
|
|
|
}
|
|
|
|
|
|
2021-05-20 01:59:10 +08:00
|
|
|
func ValidateEgressGateway(gateway models.EgressGatewayRequest) error {
|
2021-04-23 04:52:44 +08:00
|
|
|
var err error
|
2021-07-11 12:49:31 +08:00
|
|
|
//isIp := functions.IsIpCIDR(gateway.RangeString)
|
2021-07-19 23:30:27 +08:00
|
|
|
empty := len(gateway.Ranges) == 0
|
2021-07-11 12:49:31 +08:00
|
|
|
if empty {
|
|
|
|
|
err = errors.New("IP Ranges Cannot Be Empty")
|
2021-04-23 04:52:44 +08:00
|
|
|
}
|
2021-04-25 06:03:26 +08:00
|
|
|
empty = gateway.Interface == ""
|
|
|
|
|
if empty {
|
|
|
|
|
err = errors.New("Interface cannot be empty")
|
|
|
|
|
}
|
2021-04-23 04:52:44 +08:00
|
|
|
return err
|
2021-04-13 14:55:49 +08:00
|
|
|
}
|
|
|
|
|
|
2021-05-20 01:59:10 +08:00
|
|
|
func deleteEgressGateway(w http.ResponseWriter, r *http.Request) {
|
2021-04-23 04:52:44 +08:00
|
|
|
w.Header().Set("Content-Type", "application/json")
|
|
|
|
|
var params = mux.Vars(r)
|
2021-07-19 23:30:27 +08:00
|
|
|
nodeMac := params["macaddress"]
|
|
|
|
|
netid := params["network"]
|
|
|
|
|
node, err := DeleteEgressGateway(netid, nodeMac)
|
2021-04-23 04:52:44 +08:00
|
|
|
if err != nil {
|
|
|
|
|
returnErrorResponse(w, r, formatError(err, "internal"))
|
|
|
|
|
return
|
|
|
|
|
}
|
2021-12-07 04:31:08 +08:00
|
|
|
logger.Log(1, r.Header.Get("user"), "deleted egress gateway", nodeMac, "on network", netid)
|
2021-05-06 05:24:24 +08:00
|
|
|
w.WriteHeader(http.StatusOK)
|
|
|
|
|
json.NewEncoder(w).Encode(node)
|
|
|
|
|
}
|
2021-04-13 14:55:49 +08:00
|
|
|
|
2021-10-27 00:27:29 +08:00
|
|
|
// DeleteEgressGateway - deletes egress from node
|
2021-05-20 01:59:10 +08:00
|
|
|
func DeleteEgressGateway(network, macaddress string) (models.Node, error) {
|
2021-05-06 05:24:24 +08:00
|
|
|
|
2021-10-27 00:27:29 +08:00
|
|
|
node, err := logic.GetNodeByMacAddress(network, macaddress)
|
2021-05-06 05:24:24 +08:00
|
|
|
if err != nil {
|
|
|
|
|
return models.Node{}, err
|
|
|
|
|
}
|
2021-04-13 14:55:49 +08:00
|
|
|
|
2021-07-27 00:24:36 +08:00
|
|
|
node.IsEgressGateway = "no"
|
2021-07-22 06:55:19 +08:00
|
|
|
node.EgressGatewayRanges = []string{}
|
|
|
|
|
node.PostUp = ""
|
|
|
|
|
node.PostDown = ""
|
2021-10-01 22:33:32 +08:00
|
|
|
if node.IsIngressGateway == "yes" { // check if node is still an ingress gateway before completely deleting postdown/up rules
|
|
|
|
|
node.PostUp = "iptables -A FORWARD -i " + node.Interface + " -j ACCEPT; iptables -t nat -A POSTROUTING -o " + node.Interface + " -j MASQUERADE"
|
|
|
|
|
node.PostDown = "iptables -D FORWARD -i " + node.Interface + " -j ACCEPT; iptables -t nat -D POSTROUTING -o " + node.Interface + " -j MASQUERADE"
|
|
|
|
|
}
|
2021-07-22 06:55:19 +08:00
|
|
|
node.SetLastModified()
|
2021-08-06 02:27:37 +08:00
|
|
|
node.PullChanges = "yes"
|
2021-10-27 00:27:29 +08:00
|
|
|
key, err := logic.GetRecordKey(node.MacAddress, node.Network)
|
2021-04-23 04:52:44 +08:00
|
|
|
if err != nil {
|
2021-05-06 05:24:24 +08:00
|
|
|
return models.Node{}, err
|
2021-04-23 04:52:44 +08:00
|
|
|
}
|
2021-07-22 06:55:19 +08:00
|
|
|
data, err := json.Marshal(&node)
|
2021-04-23 04:52:44 +08:00
|
|
|
if err != nil {
|
2021-05-06 05:24:24 +08:00
|
|
|
return models.Node{}, err
|
2021-04-23 04:52:44 +08:00
|
|
|
}
|
2021-08-07 01:39:14 +08:00
|
|
|
if err = database.Insert(key, string(data), database.NODES_TABLE_NAME); err != nil {
|
2021-07-22 06:55:19 +08:00
|
|
|
return models.Node{}, err
|
|
|
|
|
}
|
2021-08-07 01:47:39 +08:00
|
|
|
if err = functions.NetworkNodesUpdatePullChanges(network); err != nil {
|
2021-05-06 05:24:24 +08:00
|
|
|
return models.Node{}, err
|
2021-04-23 04:52:44 +08:00
|
|
|
}
|
2021-05-06 05:24:24 +08:00
|
|
|
return node, nil
|
2021-04-23 04:52:44 +08:00
|
|
|
}
|
2021-07-19 23:30:27 +08:00
|
|
|
|
2021-05-16 21:49:01 +08:00
|
|
|
// == INGRESS ==
|
2021-05-20 01:59:10 +08:00
|
|
|
func createIngressGateway(w http.ResponseWriter, r *http.Request) {
|
2021-05-16 21:49:01 +08:00
|
|
|
var params = mux.Vars(r)
|
|
|
|
|
w.Header().Set("Content-Type", "application/json")
|
2021-07-19 23:30:27 +08:00
|
|
|
nodeMac := params["macaddress"]
|
|
|
|
|
netid := params["network"]
|
|
|
|
|
node, err := CreateIngressGateway(netid, nodeMac)
|
2021-05-16 21:49:01 +08:00
|
|
|
if err != nil {
|
|
|
|
|
returnErrorResponse(w, r, formatError(err, "internal"))
|
|
|
|
|
return
|
|
|
|
|
}
|
2021-12-07 04:31:08 +08:00
|
|
|
logger.Log(1, r.Header.Get("user"), "created ingress gateway on node", nodeMac, "on network", netid)
|
2021-05-16 21:49:01 +08:00
|
|
|
w.WriteHeader(http.StatusOK)
|
|
|
|
|
json.NewEncoder(w).Encode(node)
|
|
|
|
|
}
|
|
|
|
|
|
2021-10-27 00:27:29 +08:00
|
|
|
// CreateIngressGateway - creates an ingress gateway
|
2021-05-28 02:57:59 +08:00
|
|
|
func CreateIngressGateway(netid string, macaddress string) (models.Node, error) {
|
|
|
|
|
|
2021-10-27 00:27:29 +08:00
|
|
|
node, err := logic.GetNodeByMacAddress(netid, macaddress)
|
2021-09-18 23:01:34 +08:00
|
|
|
if node.OS == "windows" || node.OS == "macos" { // add in darwin later
|
2021-08-31 03:58:23 +08:00
|
|
|
return models.Node{}, errors.New(node.OS + " is unsupported for ingress gateways")
|
|
|
|
|
}
|
|
|
|
|
|
2021-07-19 23:30:27 +08:00
|
|
|
if err != nil {
|
|
|
|
|
return models.Node{}, err
|
|
|
|
|
}
|
2021-05-28 02:57:59 +08:00
|
|
|
|
2021-10-27 00:27:29 +08:00
|
|
|
network, err := logic.GetParentNetwork(netid)
|
2021-07-19 23:30:27 +08:00
|
|
|
if err != nil {
|
|
|
|
|
return models.Node{}, err
|
|
|
|
|
}
|
2021-07-27 00:24:36 +08:00
|
|
|
node.IsIngressGateway = "yes"
|
2021-07-22 06:55:19 +08:00
|
|
|
node.IngressGatewayRange = network.AddressRange
|
|
|
|
|
postUpCmd := "iptables -A FORWARD -i " + node.Interface + " -j ACCEPT; iptables -t nat -A POSTROUTING -o " + node.Interface + " -j MASQUERADE"
|
|
|
|
|
postDownCmd := "iptables -D FORWARD -i " + node.Interface + " -j ACCEPT; iptables -t nat -D POSTROUTING -o " + node.Interface + " -j MASQUERADE"
|
2021-07-19 23:30:27 +08:00
|
|
|
if node.PostUp != "" {
|
2021-07-22 06:55:19 +08:00
|
|
|
if !strings.Contains(node.PostUp, postUpCmd) {
|
2021-07-28 10:23:20 +08:00
|
|
|
postUpCmd = node.PostUp + "; " + postUpCmd
|
2021-07-19 23:30:27 +08:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
if node.PostDown != "" {
|
2021-07-22 06:55:19 +08:00
|
|
|
if !strings.Contains(node.PostDown, postDownCmd) {
|
2021-07-28 10:23:20 +08:00
|
|
|
postDownCmd = node.PostDown + "; " + postDownCmd
|
2021-07-19 23:30:27 +08:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
node.SetLastModified()
|
2021-07-29 04:08:50 +08:00
|
|
|
node.PostUp = postUpCmd
|
|
|
|
|
node.PostDown = postDownCmd
|
2021-08-06 02:27:37 +08:00
|
|
|
node.PullChanges = "yes"
|
2021-08-07 04:53:17 +08:00
|
|
|
node.UDPHolePunch = "no"
|
2021-10-27 00:27:29 +08:00
|
|
|
key, err := logic.GetRecordKey(node.MacAddress, node.Network)
|
2021-07-22 06:55:19 +08:00
|
|
|
if err != nil {
|
2021-07-19 23:30:27 +08:00
|
|
|
return models.Node{}, err
|
|
|
|
|
}
|
2021-07-22 06:55:19 +08:00
|
|
|
data, err := json.Marshal(&node)
|
2021-07-19 23:30:27 +08:00
|
|
|
if err != nil {
|
2021-07-22 06:55:19 +08:00
|
|
|
return models.Node{}, err
|
2021-07-19 23:30:27 +08:00
|
|
|
}
|
2021-07-22 06:55:19 +08:00
|
|
|
err = database.Insert(key, string(data), database.NODES_TABLE_NAME)
|
2021-07-19 23:30:27 +08:00
|
|
|
if err != nil {
|
2021-07-22 06:55:19 +08:00
|
|
|
return models.Node{}, err
|
2021-07-19 23:30:27 +08:00
|
|
|
}
|
2021-10-06 03:02:09 +08:00
|
|
|
err = logic.SetNetworkNodesLastModified(netid)
|
2021-07-22 06:55:19 +08:00
|
|
|
return node, err
|
2021-05-16 21:49:01 +08:00
|
|
|
}
|
|
|
|
|
|
2021-05-20 01:59:10 +08:00
|
|
|
func deleteIngressGateway(w http.ResponseWriter, r *http.Request) {
|
2021-05-16 21:49:01 +08:00
|
|
|
w.Header().Set("Content-Type", "application/json")
|
|
|
|
|
var params = mux.Vars(r)
|
2021-07-19 23:30:27 +08:00
|
|
|
nodeMac := params["macaddress"]
|
|
|
|
|
node, err := DeleteIngressGateway(params["network"], nodeMac)
|
2021-05-16 21:49:01 +08:00
|
|
|
if err != nil {
|
|
|
|
|
returnErrorResponse(w, r, formatError(err, "internal"))
|
|
|
|
|
return
|
|
|
|
|
}
|
2021-12-07 04:31:08 +08:00
|
|
|
logger.Log(1, r.Header.Get("user"), "deleted ingress gateway", nodeMac)
|
2021-05-16 21:49:01 +08:00
|
|
|
w.WriteHeader(http.StatusOK)
|
|
|
|
|
json.NewEncoder(w).Encode(node)
|
|
|
|
|
}
|
|
|
|
|
|
2021-10-27 00:27:29 +08:00
|
|
|
// DeleteIngressGateway - deletes an ingress gateway
|
2021-08-07 04:53:17 +08:00
|
|
|
func DeleteIngressGateway(networkName string, macaddress string) (models.Node, error) {
|
2021-05-16 21:49:01 +08:00
|
|
|
|
2021-10-27 00:27:29 +08:00
|
|
|
node, err := logic.GetNodeByMacAddress(networkName, macaddress)
|
2021-08-07 04:53:17 +08:00
|
|
|
if err != nil {
|
|
|
|
|
return models.Node{}, err
|
|
|
|
|
}
|
2021-10-27 00:27:29 +08:00
|
|
|
network, err := logic.GetParentNetwork(networkName)
|
2021-05-16 21:49:01 +08:00
|
|
|
if err != nil {
|
|
|
|
|
return models.Node{}, err
|
|
|
|
|
}
|
2021-08-07 04:53:17 +08:00
|
|
|
// delete ext clients belonging to ingress gateway
|
|
|
|
|
if err = DeleteGatewayExtClients(macaddress, networkName); err != nil {
|
|
|
|
|
return models.Node{}, err
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
node.UDPHolePunch = network.DefaultUDPHolePunch
|
2021-07-22 06:55:19 +08:00
|
|
|
node.LastModified = time.Now().Unix()
|
2021-07-27 00:24:36 +08:00
|
|
|
node.IsIngressGateway = "no"
|
2021-08-07 03:45:22 +08:00
|
|
|
node.IngressGatewayRange = ""
|
2021-08-07 03:42:12 +08:00
|
|
|
node.PullChanges = "yes"
|
2021-08-07 04:53:17 +08:00
|
|
|
|
2021-10-27 00:27:29 +08:00
|
|
|
key, err := logic.GetRecordKey(node.MacAddress, node.Network)
|
2021-05-16 21:49:01 +08:00
|
|
|
if err != nil {
|
|
|
|
|
return models.Node{}, err
|
|
|
|
|
}
|
2021-07-22 06:55:19 +08:00
|
|
|
data, err := json.Marshal(&node)
|
2021-05-16 21:49:01 +08:00
|
|
|
if err != nil {
|
|
|
|
|
return models.Node{}, err
|
|
|
|
|
}
|
2021-07-22 06:55:19 +08:00
|
|
|
err = database.Insert(key, string(data), database.NODES_TABLE_NAME)
|
2021-05-16 21:49:01 +08:00
|
|
|
if err != nil {
|
|
|
|
|
return models.Node{}, err
|
|
|
|
|
}
|
2021-10-06 03:02:09 +08:00
|
|
|
err = logic.SetNetworkNodesLastModified(networkName)
|
2021-07-22 06:55:19 +08:00
|
|
|
return node, err
|
2021-05-16 21:49:01 +08:00
|
|
|
}
|
2021-04-13 11:19:01 +08:00
|
|
|
|
2021-03-26 00:17:52 +08:00
|
|
|
func updateNode(w http.ResponseWriter, r *http.Request) {
|
|
|
|
|
w.Header().Set("Content-Type", "application/json")
|
|
|
|
|
|
|
|
|
|
var params = mux.Vars(r)
|
|
|
|
|
|
|
|
|
|
var node models.Node
|
|
|
|
|
//start here
|
2021-10-27 00:27:29 +08:00
|
|
|
node, err := logic.GetNodeByMacAddress(params["network"], params["macaddress"])
|
2021-04-23 04:52:44 +08:00
|
|
|
if err != nil {
|
|
|
|
|
returnErrorResponse(w, r, formatError(err, "internal"))
|
|
|
|
|
return
|
|
|
|
|
}
|
2021-04-13 11:19:01 +08:00
|
|
|
|
2021-07-25 04:13:24 +08:00
|
|
|
var newNode models.Node
|
2021-04-23 04:52:44 +08:00
|
|
|
// we decode our body request params
|
2021-07-25 04:13:24 +08:00
|
|
|
err = json.NewDecoder(r.Body).Decode(&newNode)
|
2021-04-23 04:52:44 +08:00
|
|
|
if err != nil {
|
|
|
|
|
returnErrorResponse(w, r, formatError(err, "badrequest"))
|
|
|
|
|
return
|
|
|
|
|
}
|
2021-08-06 02:27:37 +08:00
|
|
|
newNode.PullChanges = "yes"
|
2021-09-17 08:00:40 +08:00
|
|
|
relayupdate := false
|
|
|
|
|
if node.IsRelay == "yes" && len(newNode.RelayAddrs) > 0 {
|
2021-09-17 09:49:09 +08:00
|
|
|
if len(newNode.RelayAddrs) != len(node.RelayAddrs) {
|
2021-09-18 22:33:14 +08:00
|
|
|
relayupdate = true
|
2021-09-17 09:49:09 +08:00
|
|
|
} else {
|
|
|
|
|
for i, addr := range newNode.RelayAddrs {
|
2021-09-18 22:33:14 +08:00
|
|
|
if addr != node.RelayAddrs[i] {
|
|
|
|
|
relayupdate = true
|
|
|
|
|
}
|
2021-09-17 08:00:40 +08:00
|
|
|
}
|
2021-09-17 09:49:09 +08:00
|
|
|
}
|
2021-09-17 08:00:40 +08:00
|
|
|
}
|
2021-10-27 00:27:29 +08:00
|
|
|
err = logic.UpdateNode(&node, &newNode)
|
2021-07-25 04:13:24 +08:00
|
|
|
if err != nil {
|
|
|
|
|
returnErrorResponse(w, r, formatError(err, "internal"))
|
|
|
|
|
return
|
|
|
|
|
}
|
2021-09-17 08:00:40 +08:00
|
|
|
if relayupdate {
|
2021-09-17 09:49:09 +08:00
|
|
|
UpdateRelay(node.Network, node.RelayAddrs, newNode.RelayAddrs)
|
|
|
|
|
if err = functions.NetworkNodesUpdatePullChanges(node.Network); err != nil {
|
2021-12-07 04:31:08 +08:00
|
|
|
logger.Log(1, "error setting relay updates:", err.Error())
|
2021-09-17 09:49:09 +08:00
|
|
|
}
|
2021-09-17 08:00:40 +08:00
|
|
|
}
|
2021-03-26 00:17:52 +08:00
|
|
|
|
2021-07-25 04:13:24 +08:00
|
|
|
if servercfg.IsDNSMode() {
|
2021-10-27 00:27:29 +08:00
|
|
|
err = logic.SetDNS()
|
2021-07-25 04:13:24 +08:00
|
|
|
}
|
2021-04-23 04:52:44 +08:00
|
|
|
if err != nil {
|
|
|
|
|
returnErrorResponse(w, r, formatError(err, "internal"))
|
|
|
|
|
return
|
|
|
|
|
}
|
2021-12-07 04:31:08 +08:00
|
|
|
logger.Log(1, r.Header.Get("user"), "updated node", node.MacAddress, "on network", node.Network)
|
2021-04-13 11:19:01 +08:00
|
|
|
w.WriteHeader(http.StatusOK)
|
2021-07-25 04:13:24 +08:00
|
|
|
json.NewEncoder(w).Encode(newNode)
|
2021-03-26 00:17:52 +08:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
//Delete a node
|
|
|
|
|
//Pretty straightforward
|
|
|
|
|
func deleteNode(w http.ResponseWriter, r *http.Request) {
|
|
|
|
|
// Set header
|
|
|
|
|
w.Header().Set("Content-Type", "application/json")
|
|
|
|
|
|
|
|
|
|
// get params
|
|
|
|
|
var params = mux.Vars(r)
|
|
|
|
|
|
2021-08-03 06:06:26 +08:00
|
|
|
err := DeleteNode(params["macaddress"]+"###"+params["network"], false)
|
2021-03-26 00:17:52 +08:00
|
|
|
|
2021-04-13 11:19:01 +08:00
|
|
|
if err != nil {
|
2021-04-23 04:52:44 +08:00
|
|
|
returnErrorResponse(w, r, formatError(err, "internal"))
|
|
|
|
|
return
|
2021-03-26 00:17:52 +08:00
|
|
|
}
|
2021-12-07 04:31:08 +08:00
|
|
|
logger.Log(1, r.Header.Get("user"), "Deleted node", params["macaddress"], "from network", params["network"])
|
2021-04-23 04:52:44 +08:00
|
|
|
returnSuccessResponse(w, r, params["macaddress"]+" deleted.")
|
2021-03-26 00:17:52 +08:00
|
|
|
}
|
