admin user auth working

controllers/config/dnsconfig/Corefile

@@ -1,8 +0,0 @@
-skynet  {
-    reload 15s
-    hosts /root/dnsconfig/netmaker.hosts {
-	fallthrough	
-    }
-    forward . 8.8.8.8 8.8.4.4
-    log
-}

controllers/config/dnsconfig/netmaker.hosts

@@ -1 +0,0 @@
-10.0.0.1         node-4bukt.skynet

controllers/config/environments/dev.yaml

@@ -1,17 +0,0 @@
-server:
-  host: "localhost"
-  apiport: "8081"
-  grpcport: "50051"
-  masterkey: "secretkey"
-  allowedorigin: "*"
-  restbackend: true            
-  agentbackend: true
-  defaultnetname: "default"
-  defaultnetrange: "10.10.10.0/24"
-  createdefault: true
-mongoconn:
-  user: "mongoadmin"
-  pass: "mongopass"
-  host: "localhost"
-  port: "27017"
-  opts: '/?authSource=admin'

controllers/networkHttpController.go

@@ -64,10 +64,6 @@ func SecurityCheck(netname, token string) error {
 		return err
 	}
 	if hasnetwork && !networkexists {
-		//errorResponse = models.ErrorResponse{
-		//	Code: http.StatusNotFound, Message: "W1R3: This network does not exist.",
-		//}
-		//returnErrorResponse(w, r, errorResponse)
 		return errors.New("This network does not exist")
 	}
 
@@ -81,14 +77,12 @@ func SecurityCheck(netname, token string) error {
 		authToken = tokenSplit[1]
 	}
 	//all endpoints here require master so not as complicated
-	//still might not be a good  way of doing this
 	if !hasBearer || !authenticateMaster(authToken) {
-		//errorResponse = models.ErrorResponse{
-		//	Code: http.StatusUnauthorized, Message: "W1R3: You are unauthorized to access this endpoint.",
-		//	}
-		//	returnErrorResponse(w, r, errorResponse)
-		return errors.New("You are unauthorized to access this endpoint")
-	} //else {
+		_, isadmin, err := functions.VerifyUserToken(authToken)
+		if err != nil || !isadmin {
+			return errors.New("You are unauthorized to access this endpoint")
+		}
+	}
 	return nil
 }
 

controllers/nodeHttpController.go

@@ -32,7 +32,6 @@ func nodeHandlers(r *mux.Router) {
 	r.HandleFunc("/api/nodes/{network}/{macaddress}/deleteingress", securityCheck(http.HandlerFunc(deleteIngressGateway))).Methods("DELETE")
 	r.HandleFunc("/api/nodes/{network}/{macaddress}/approve", authorize(true, "master", http.HandlerFunc(uncordonNode))).Methods("POST")
 	r.HandleFunc("/api/nodes/{network}", createNode).Methods("POST")
-	//r.HandleFunc("/api/register", registerClient).Methods("POST")
 	r.HandleFunc("/api/nodes/adm/{network}/lastmodified", authorize(true, "network", http.HandlerFunc(getLastModified))).Methods("GET")
 	r.HandleFunc("/api/nodes/adm/{network}/authenticate", authenticate).Methods("POST")
 
@@ -184,17 +183,24 @@ func authorize(networkCheck bool, authNetwork string, next http.Handler) http.Ha
 			//A: the token is the master password
 			//B: the token corresponds to a mac address, and if so, which one
 			//TODO: There's probably a better way of dealing with the "master token"/master password. Plz Halp.
-			macaddress, _, err := functions.VerifyToken(authToken)
-			if err != nil {
-				errorResponse = models.ErrorResponse{
-					Code: http.StatusUnauthorized, Message: "W1R3: Error Verifying Auth Token.",
+
+                        var isAuthorized = false
+			var macaddress = ""
+                        _, isadmin, errN := functions.VerifyUserToken(authToken)
+                        if errN == nil && isadmin {
+	                        macaddress = "mastermac"
+                                isAuthorized = true
+			} else {
+				mac, _, err := functions.VerifyToken(authToken)
+				if err != nil {
+					errorResponse = models.ErrorResponse{
+						Code: http.StatusUnauthorized, Message: "W1R3: Error Verifying Auth Token.",
+					}
+					returnErrorResponse(w, r, errorResponse)
+					return
 				}
-				returnErrorResponse(w, r, errorResponse)
-				return
+				macaddress = mac
 			}
-
-			var isAuthorized = false
-
 			//The mastermac (login with masterkey from config) can do everything!! May be dangerous.
 			if macaddress == "mastermac" {
 				isAuthorized = true

controllers/serverHttpController.go

@@ -2,6 +2,7 @@ package controller
 
 import (
     "github.com/gravitl/netmaker/models"
+    "github.com/gravitl/netmaker/functions"
     "github.com/gravitl/netmaker/serverctl"
     "github.com/gravitl/netmaker/servercfg"
     "encoding/json"
@@ -38,13 +39,16 @@ func securityCheckServer(next http.Handler) http.HandlerFunc {
 		}
 		//all endpoints here require master so not as complicated
 		//still might not be a good  way of doing this
-		if !hasBearer || !authenticateMasterServer(authToken) {
-			errorResponse = models.ErrorResponse{
-				Code: http.StatusUnauthorized, Message: "W1R3: You are unauthorized to access this endpoint.",
+                _, isadmin, err := functions.VerifyUserToken(authToken)
+                if err != nil || !isadmin {
+			if (!hasBearer || !authenticateMasterServer(authToken)) && !isadmin {
+				errorResponse = models.ErrorResponse{
+					Code: http.StatusUnauthorized, Message: "W1R3: You are unauthorized to access this endpoint.",
+				}
+				returnErrorResponse(w, r, errorResponse)
+			} else {
+				next.ServeHTTP(w, r)
 			}
-			returnErrorResponse(w, r, errorResponse)
-		} else {
-			next.ServeHTTP(w, r)
 		}
 	}
 }

controllers/userHttpController.go

@@ -126,7 +126,7 @@ func authorizeUser(next http.Handler) http.HandlerFunc {
 
 		//get the auth token
 		bearerToken := r.Header.Get("Authorization")
-		err := ValidateToken(bearerToken)
+		err := ValidateUserToken(bearerToken)
 		if err != nil {
 			returnErrorResponse(w, r, formatError(err, "unauthorized"))
 			return
@@ -135,7 +135,7 @@ func authorizeUser(next http.Handler) http.HandlerFunc {
 	}
 }
 
-func ValidateToken(token string) error {
+func ValidateUserToken(token string) error {
 	var tokenSplit = strings.Split(token, " ")
 
 	//I put this in in case the user doesn't put in a token at all (in which case it's empty)
@@ -148,10 +148,6 @@ func ValidateToken(token string) error {
 		return errors.New("Missing Auth Token.")
 	}
 
-	//This checks if
-	//A: the token is the master password
-	//B: the token corresponds to a mac address, and if so, which one
-	//TODO: There's probably a better way of dealing with the "master token"/master password. Plz Halp.
 	username, _, err := functions.VerifyUserToken(authToken)
 	if err != nil {
 		return errors.New("Error Verifying Auth Token")