mirror of
https://github.com/gravitl/netmaker.git
synced 2025-09-06 13:14:24 +08:00
merge develop
This commit is contained in:
0xdcarns
commit
8f8b4c8b70
23 changed files with 59 additions and 973 deletions
|
|
@ -106,12 +106,12 @@ func HandleNodeSSOCallback(w http.ResponseWriter, r *http.Request) {
|
|||
var answer string
|
||||
// The registation logic is starting here:
|
||||
// we request access key with 1 use for the required network
|
||||
accessToken, err := requestAccessKey(reqKeyIf.Network, 1, userClaims.getUserName())
|
||||
if err != nil {
|
||||
answer = fmt.Sprintf("Error from the netmaker controller %s", err.Error())
|
||||
} else {
|
||||
answer = fmt.Sprintf("AccessToken: %s", accessToken)
|
||||
}
|
||||
// accessToken, err := requestAccessKey(reqKeyIf.Network, 1, userClaims.getUserName())
|
||||
// if err != nil {
|
||||
// answer = fmt.Sprintf("Error from the netmaker controller %s", err.Error())
|
||||
// } else {
|
||||
// answer = fmt.Sprintf("AccessToken: %s", accessToken)
|
||||
// }
|
||||
logger.Log(0, "Updating the token for the client request ... ")
|
||||
// Give the user the access token via Pass in the DB
|
||||
reqKeyIf.Pass = answer
|
||||
|
|
@ -184,44 +184,44 @@ func RegisterNodeSSO(w http.ResponseWriter, r *http.Request) {
|
|||
|
||||
// == private ==
|
||||
// API to create an access key for a given network with a given name
|
||||
func requestAccessKey(network string, uses int, name string) (accessKey string, err error) {
|
||||
// func requestAccessKey(network string, uses int, name string) (accessKey string, err error) {
|
||||
|
||||
var sAccessKey models.AccessKey
|
||||
var sNetwork models.Network
|
||||
// var sAccessKey models.AccessKey
|
||||
// var sNetwork models.Network
|
||||
|
||||
sNetwork, err = logic.GetParentNetwork(network)
|
||||
if err != nil {
|
||||
logger.Log(0, "err calling GetParentNetwork API=%s", err.Error())
|
||||
return "", fmt.Errorf("internal controller error %s", err.Error())
|
||||
}
|
||||
// If a key already exists, we recreate it.
|
||||
// @TODO Is that a preferred handling ? We could also trying to re-use.
|
||||
// can happen if user started log in but did not finish
|
||||
for _, currentkey := range sNetwork.AccessKeys {
|
||||
if currentkey.Name == name {
|
||||
logger.Log(0, "erasing existing AccessKey for: ", name)
|
||||
err = logic.DeleteKey(currentkey.Name, network)
|
||||
if err != nil {
|
||||
logger.Log(0, "err calling CreateAccessKey API ", err.Error())
|
||||
return "", fmt.Errorf("key already exists. Contact admin to resolve")
|
||||
}
|
||||
break
|
||||
}
|
||||
}
|
||||
// Only one usage is needed - for the next time new access key will be required
|
||||
// it will be created next time after another IdP approval
|
||||
sAccessKey.Uses = 1
|
||||
sAccessKey.Name = name
|
||||
// sNetwork, err = logic.GetParentNetwork(network)
|
||||
// if err != nil {
|
||||
// logger.Log(0, "err calling GetParentNetwork API=%s", err.Error())
|
||||
// return "", fmt.Errorf("internal controller error %s", err.Error())
|
||||
// }
|
||||
// // If a key already exists, we recreate it.
|
||||
// // @TODO Is that a preferred handling ? We could also trying to re-use.
|
||||
// // can happen if user started log in but did not finish
|
||||
// for _, currentkey := range sNetwork.AccessKeys {
|
||||
// if currentkey.Name == name {
|
||||
// logger.Log(0, "erasing existing AccessKey for: ", name)
|
||||
// err = logic.DeleteKey(currentkey.Name, network)
|
||||
// if err != nil {
|
||||
// logger.Log(0, "err calling CreateAccessKey API ", err.Error())
|
||||
// return "", fmt.Errorf("key already exists. Contact admin to resolve")
|
||||
// }
|
||||
// break
|
||||
// }
|
||||
// }
|
||||
// // Only one usage is needed - for the next time new access key will be required
|
||||
// // it will be created next time after another IdP approval
|
||||
// sAccessKey.Uses = 1
|
||||
// sAccessKey.Name = name
|
||||
|
||||
accessToken, err := logic.CreateAccessKey(sAccessKey, sNetwork)
|
||||
if err != nil {
|
||||
logger.Log(0, "err calling CreateAccessKey API ", err.Error())
|
||||
return "", fmt.Errorf("error from the netmaker controller %s", err.Error())
|
||||
} else {
|
||||
logger.Log(1, "created access key", sAccessKey.Name, "on", network)
|
||||
}
|
||||
return accessToken.AccessString, nil
|
||||
}
|
||||
// accessToken, err := logic.CreateAccessKey(sAccessKey, sNetwork)
|
||||
// if err != nil {
|
||||
// logger.Log(0, "err calling CreateAccessKey API ", err.Error())
|
||||
// return "", fmt.Errorf("error from the netmaker controller %s", err.Error())
|
||||
// } else {
|
||||
// logger.Log(1, "created access key", sAccessKey.Name, "on", network)
|
||||
// }
|
||||
// return accessToken.AccessString, nil
|
||||
// }
|
||||
|
||||
func isUserIsAllowed(username, network string, shouldAddUser bool) (*models.User, error) {
|
||||
|
||||
|
|
|
|||
|
|
@ -85,7 +85,7 @@ func SessionHandler(conn *websocket.Conn) {
|
|||
}
|
||||
return
|
||||
}
|
||||
user, err := isUserIsAllowed(loginMessage.User, loginMessage.Network, false)
|
||||
_, err = isUserIsAllowed(loginMessage.User, loginMessage.Network, false)
|
||||
if err != nil {
|
||||
err = conn.WriteMessage(websocket.CloseMessage, websocket.FormatCloseMessage(websocket.CloseNormalClosure, ""))
|
||||
if err != nil {
|
||||
|
|
@ -93,12 +93,7 @@ func SessionHandler(conn *websocket.Conn) {
|
|||
}
|
||||
return
|
||||
}
|
||||
accessToken, err := requestAccessKey(loginMessage.Network, 1, user.UserName)
|
||||
if err != nil {
|
||||
req.Pass = fmt.Sprintf("Error from the netmaker controller %s", err.Error())
|
||||
} else {
|
||||
req.Pass = fmt.Sprintf("AccessToken: %s", accessToken)
|
||||
}
|
||||
|
||||
// Give the user the access token via Pass in the DB
|
||||
if err = netcache.Set(stateStr, req); err != nil {
|
||||
logger.Log(0, "machine failed to complete join on network,", loginMessage.Network, "-", err.Error())
|
||||
|
|
|
|||
|
|
@ -1,35 +0,0 @@
|
|||
package keys
|
||||
|
||||
import (
|
||||
"log"
|
||||
"strconv"
|
||||
|
||||
"github.com/gravitl/netmaker/cli/functions"
|
||||
"github.com/gravitl/netmaker/models"
|
||||
"github.com/spf13/cobra"
|
||||
)
|
||||
|
||||
var keyName string
|
||||
|
||||
var keysCreateCmd = &cobra.Command{
|
||||
Use: "create [NETWORK NAME] [NUM USES]",
|
||||
Args: cobra.ExactArgs(2),
|
||||
Short: "Create an access key",
|
||||
Long: `Create an access key`,
|
||||
Run: func(cmd *cobra.Command, args []string) {
|
||||
keyUses, err := strconv.ParseInt(args[1], 10, 64)
|
||||
if err != nil {
|
||||
log.Fatal(err)
|
||||
}
|
||||
key := &models.AccessKey{Uses: int(keyUses)}
|
||||
if keyName != "" {
|
||||
key.Name = keyName
|
||||
}
|
||||
functions.PrettyPrint(functions.CreateKey(args[0], key))
|
||||
},
|
||||
}
|
||||
|
||||
func init() {
|
||||
keysCreateCmd.Flags().StringVar(&keyName, "name", "", "Name of the key")
|
||||
rootCmd.AddCommand(keysCreateCmd)
|
||||
}
|
||||
|
|
@ -1,23 +0,0 @@
|
|||
package keys
|
||||
|
||||
import (
|
||||
"fmt"
|
||||
|
||||
"github.com/gravitl/netmaker/cli/functions"
|
||||
"github.com/spf13/cobra"
|
||||
)
|
||||
|
||||
var keysDeleteCmd = &cobra.Command{
|
||||
Use: "delete [NETWORK NAME] [KEY NAME]",
|
||||
Args: cobra.ExactArgs(2),
|
||||
Short: "Delete a key",
|
||||
Long: `Delete a key`,
|
||||
Run: func(cmd *cobra.Command, args []string) {
|
||||
functions.DeleteKey(args[0], args[1])
|
||||
fmt.Println("Success")
|
||||
},
|
||||
}
|
||||
|
||||
func init() {
|
||||
rootCmd.AddCommand(keysDeleteCmd)
|
||||
}
|
||||
|
|
@ -1,20 +0,0 @@
|
|||
package keys
|
||||
|
||||
import (
|
||||
"github.com/gravitl/netmaker/cli/functions"
|
||||
"github.com/spf13/cobra"
|
||||
)
|
||||
|
||||
var keysListCmd = &cobra.Command{
|
||||
Use: "list [NETWORK NAME]",
|
||||
Args: cobra.ExactArgs(1),
|
||||
Short: "List all keys associated with a network",
|
||||
Long: `List all keys associated with a network`,
|
||||
Run: func(cmd *cobra.Command, args []string) {
|
||||
functions.PrettyPrint(functions.GetKeys(args[0]))
|
||||
},
|
||||
}
|
||||
|
||||
func init() {
|
||||
rootCmd.AddCommand(keysListCmd)
|
||||
}
|
||||
|
|
@ -1,28 +0,0 @@
|
|||
package keys
|
||||
|
||||
import (
|
||||
"os"
|
||||
|
||||
"github.com/spf13/cobra"
|
||||
)
|
||||
|
||||
// rootCmd represents the base command when called without any subcommands
|
||||
var rootCmd = &cobra.Command{
|
||||
Use: "keys",
|
||||
Short: "Manage access keys associated with a network",
|
||||
Long: `Manage access keys associated with a network`,
|
||||
}
|
||||
|
||||
// GetRoot returns the root subcommand
|
||||
func GetRoot() *cobra.Command {
|
||||
return rootCmd
|
||||
}
|
||||
|
||||
// Execute adds all child commands to the root command and sets flags appropriately.
|
||||
// This is called by main.main(). It only needs to happen once to the rootCmd.
|
||||
func Execute() {
|
||||
err := rootCmd.Execute()
|
||||
if err != nil {
|
||||
os.Exit(1)
|
||||
}
|
||||
}
|
||||
|
|
@ -10,7 +10,6 @@ import (
|
|||
"github.com/gravitl/netmaker/cli/cmd/enrollment_key"
|
||||
"github.com/gravitl/netmaker/cli/cmd/ext_client"
|
||||
"github.com/gravitl/netmaker/cli/cmd/host"
|
||||
"github.com/gravitl/netmaker/cli/cmd/keys"
|
||||
"github.com/gravitl/netmaker/cli/cmd/metrics"
|
||||
"github.com/gravitl/netmaker/cli/cmd/network"
|
||||
"github.com/gravitl/netmaker/cli/cmd/network_user"
|
||||
|
|
@ -47,7 +46,6 @@ func init() {
|
|||
// Bind subcommands here
|
||||
rootCmd.AddCommand(network.GetRoot())
|
||||
rootCmd.AddCommand(context.GetRoot())
|
||||
rootCmd.AddCommand(keys.GetRoot())
|
||||
rootCmd.AddCommand(acl.GetRoot())
|
||||
rootCmd.AddCommand(node.GetRoot())
|
||||
rootCmd.AddCommand(dns.GetRoot())
|
||||
|
|
|
|||
|
|
@ -1,23 +0,0 @@
|
|||
package functions
|
||||
|
||||
import (
|
||||
"fmt"
|
||||
"net/http"
|
||||
|
||||
"github.com/gravitl/netmaker/models"
|
||||
)
|
||||
|
||||
// GetKeys - fetch all access keys of a network
|
||||
func GetKeys(networkName string) *[]models.AccessKey {
|
||||
return request[[]models.AccessKey](http.MethodGet, fmt.Sprintf("/api/networks/%s/keys", networkName), nil)
|
||||
}
|
||||
|
||||
// CreateKey - create an access key
|
||||
func CreateKey(networkName string, key *models.AccessKey) *models.AccessKey {
|
||||
return request[models.AccessKey](http.MethodPost, fmt.Sprintf("/api/networks/%s/keys", networkName), key)
|
||||
}
|
||||
|
||||
// DeleteKey - delete an access key
|
||||
func DeleteKey(networkName, keyName string) {
|
||||
request[string](http.MethodDelete, fmt.Sprintf("/api/networks/%s/keys/%s", networkName, keyName), nil)
|
||||
}
|
||||
|
|
@ -30,7 +30,7 @@ services:
|
|||
VERBOSITY: "1"
|
||||
MQ_PASSWORD: "REPLACE_MQ_PASSWORD"
|
||||
MQ_USERNAME: "REPLACE_MQ_USERNAME"
|
||||
DEFAULT_PROXY_MODE: "auto"
|
||||
DEFAULT_PROXY_MODE: "off"
|
||||
ports:
|
||||
- "3478:3478/udp"
|
||||
netmaker-ui:
|
||||
|
|
|
|||
|
|
@ -33,7 +33,7 @@ services:
|
|||
METRICS_EXPORTER: "on"
|
||||
LICENSE_KEY: "YOUR_LICENSE_KEY"
|
||||
NETMAKER_ACCOUNT_ID: "YOUR_ACCOUNT_ID"
|
||||
DEFAULT_PROXY_MODE: "auto"
|
||||
DEFAULT_PROXY_MODE: "off"
|
||||
ports:
|
||||
- "3478:3478/udp"
|
||||
netmaker-ui:
|
||||
|
|
|
|||
|
|
@ -38,7 +38,7 @@ services:
|
|||
FRONTEND_URL: "" # "https://dashboard.<netmaker base domain>"
|
||||
AZURE_TENANT: "" # "<only for azure, you may optionally specify the tenant for the OAuth>"
|
||||
OIDC_ISSUER: "" # https://oidc.yourprovider.com - URL of oidc provider
|
||||
DEFAULT_PROXY_MODE: "auto" # if ON, all new clients will enable proxy by default if OFF, all new clients will disable proxy by default, if AUTO, stick with the existing logic for NAT detection
|
||||
DEFAULT_PROXY_MODE: "off" # if ON, all new clients will enable proxy by default if OFF, all new clients will disable proxy by default, if AUTO, stick with the existing logic for NAT detection
|
||||
ports:
|
||||
- "3478:3478/udp" # the stun port
|
||||
netmaker-ui: # The Netmaker UI Component
|
||||
|
|
|
|||
|
|
@ -28,7 +28,7 @@ services:
|
|||
MQ_PASSWORD: "REPLACE_MQ_PASSWORD"
|
||||
MQ_USERNAME: "REPLACE_MQ_USERNAME"
|
||||
STUN_PORT: "3478"
|
||||
DEFAULT_PROXY_MODE: "auto"
|
||||
DEFAULT_PROXY_MODE: "off"
|
||||
ports:
|
||||
- "3478:3478/udp"
|
||||
netmaker-ui:
|
||||
|
|
|
|||
|
|
@ -203,27 +203,6 @@ type networkBodyResponse struct {
|
|||
Network models.Network `json:"network"`
|
||||
}
|
||||
|
||||
// swagger:parameters createAccessKey
|
||||
type accessKeyBodyParam struct {
|
||||
// Access Key
|
||||
// in: body
|
||||
AccessKey models.AccessKey `json:"access_key"`
|
||||
}
|
||||
|
||||
// swagger:response accessKeyBodyResponse
|
||||
type accessKeyBodyResponse struct {
|
||||
// Access Key
|
||||
// in: body
|
||||
AccessKey models.AccessKey `json:"access_key"`
|
||||
}
|
||||
|
||||
// swagger:response accessKeySliceBodyResponse
|
||||
type accessKeySliceBodyResponse struct {
|
||||
// Access Keys
|
||||
// in: body
|
||||
AccessKey []models.AccessKey `json:"access_key"`
|
||||
}
|
||||
|
||||
// swagger:parameters updateNetworkACL getNetworkACL
|
||||
type aclContainerBodyParam struct {
|
||||
// ACL Container
|
||||
|
|
@ -373,9 +352,6 @@ func useUnused() bool {
|
|||
_ = networkPathParam{}
|
||||
_ = networkAccessKeyNamePathParam{}
|
||||
_ = networkBodyResponse{}
|
||||
_ = accessKeyBodyParam{}
|
||||
_ = accessKeyBodyResponse{}
|
||||
_ = accessKeySliceBodyResponse{}
|
||||
_ = aclContainerBodyParam{}
|
||||
_ = aclContainerResponse{}
|
||||
_ = nodeSliceResponse{}
|
||||
|
|
|
|||
|
|
@ -25,9 +25,6 @@ func networkHandlers(r *mux.Router) {
|
|||
r.HandleFunc("/api/networks/{networkname}", logic.SecurityCheck(false, http.HandlerFunc(updateNetwork))).Methods(http.MethodPut)
|
||||
r.HandleFunc("/api/networks/{networkname}", logic.SecurityCheck(true, http.HandlerFunc(deleteNetwork))).Methods(http.MethodDelete)
|
||||
r.HandleFunc("/api/networks/{networkname}/keyupdate", logic.SecurityCheck(true, http.HandlerFunc(keyUpdate))).Methods(http.MethodPost)
|
||||
r.HandleFunc("/api/networks/{networkname}/keys", logic.SecurityCheck(false, http.HandlerFunc(createAccessKey))).Methods(http.MethodPost)
|
||||
r.HandleFunc("/api/networks/{networkname}/keys", logic.SecurityCheck(false, http.HandlerFunc(getAccessKeys))).Methods(http.MethodGet)
|
||||
r.HandleFunc("/api/networks/{networkname}/keys/{name}", logic.SecurityCheck(false, http.HandlerFunc(deleteAccessKey))).Methods(http.MethodDelete)
|
||||
// ACLs
|
||||
r.HandleFunc("/api/networks/{networkname}/acls", logic.SecurityCheck(true, http.HandlerFunc(updateNetworkACL))).Methods(http.MethodPut)
|
||||
r.HandleFunc("/api/networks/{networkname}/acls", logic.SecurityCheck(true, http.HandlerFunc(getNetworkACL))).Methods(http.MethodGet)
|
||||
|
|
@ -72,12 +69,6 @@ func getNetworks(w http.ResponseWriter, r *http.Request) {
|
|||
}
|
||||
}
|
||||
}
|
||||
if !servercfg.IsDisplayKeys() {
|
||||
for i, net := range allnetworks {
|
||||
net.AccessKeys = logic.RemoveKeySensitiveInfo(net.AccessKeys)
|
||||
allnetworks[i] = net
|
||||
}
|
||||
}
|
||||
|
||||
logger.Log(2, r.Header.Get("user"), "fetched networks.")
|
||||
w.WriteHeader(http.StatusOK)
|
||||
|
|
@ -107,9 +98,7 @@ func getNetwork(w http.ResponseWriter, r *http.Request) {
|
|||
logic.ReturnErrorResponse(w, r, logic.FormatError(err, "internal"))
|
||||
return
|
||||
}
|
||||
if !servercfg.IsDisplayKeys() {
|
||||
network.AccessKeys = logic.RemoveKeySensitiveInfo(network.AccessKeys)
|
||||
}
|
||||
|
||||
logger.Log(2, r.Header.Get("user"), "fetched network", netname)
|
||||
w.WriteHeader(http.StatusOK)
|
||||
json.NewEncoder(w).Encode(network)
|
||||
|
|
@ -426,117 +415,3 @@ func createNetwork(w http.ResponseWriter, r *http.Request) {
|
|||
w.WriteHeader(http.StatusOK)
|
||||
json.NewEncoder(w).Encode(network)
|
||||
}
|
||||
|
||||
// swagger:route POST /api/networks/{networkname}/keys networks createAccessKey
|
||||
//
|
||||
// Create a network access key.
|
||||
//
|
||||
// Schemes: https
|
||||
//
|
||||
// Security:
|
||||
// oauth
|
||||
//
|
||||
// Responses:
|
||||
// 200: accessKeyBodyResponse
|
||||
//
|
||||
// BEGIN KEY MANAGEMENT SECTION
|
||||
func createAccessKey(w http.ResponseWriter, r *http.Request) {
|
||||
w.Header().Set("Content-Type", "application/json")
|
||||
var params = mux.Vars(r)
|
||||
var accesskey models.AccessKey
|
||||
// start here
|
||||
netname := params["networkname"]
|
||||
network, err := logic.GetParentNetwork(netname)
|
||||
if err != nil {
|
||||
logger.Log(0, r.Header.Get("user"), "failed to get network info: ",
|
||||
err.Error())
|
||||
logic.ReturnErrorResponse(w, r, logic.FormatError(err, "internal"))
|
||||
return
|
||||
}
|
||||
err = json.NewDecoder(r.Body).Decode(&accesskey)
|
||||
if err != nil {
|
||||
logger.Log(0, r.Header.Get("user"), "error decoding request body: ",
|
||||
err.Error())
|
||||
logic.ReturnErrorResponse(w, r, logic.FormatError(err, "badrequest"))
|
||||
return
|
||||
}
|
||||
key, err := logic.CreateAccessKey(accesskey, network)
|
||||
if err != nil {
|
||||
logger.Log(0, r.Header.Get("user"), "failed to create access key: ",
|
||||
err.Error())
|
||||
logic.ReturnErrorResponse(w, r, logic.FormatError(err, "badrequest"))
|
||||
return
|
||||
}
|
||||
|
||||
// do not allow access key creations view API with user names
|
||||
if _, err = logic.GetUser(key.Name); err == nil {
|
||||
logger.Log(0, "access key creation with invalid name attempted by", r.Header.Get("user"))
|
||||
logic.ReturnErrorResponse(w, r, logic.FormatError(fmt.Errorf("cannot create access key with user name"), "badrequest"))
|
||||
logic.DeleteKey(key.Name, network.NetID)
|
||||
return
|
||||
}
|
||||
|
||||
logger.Log(1, r.Header.Get("user"), "created access key", accesskey.Name, "on", netname)
|
||||
w.WriteHeader(http.StatusOK)
|
||||
json.NewEncoder(w).Encode(key)
|
||||
}
|
||||
|
||||
// swagger:route GET /api/networks/{networkname}/keys networks getAccessKeys
|
||||
//
|
||||
// Get network access keys for a network.
|
||||
//
|
||||
// Schemes: https
|
||||
//
|
||||
// Security:
|
||||
// oauth
|
||||
//
|
||||
// Responses:
|
||||
// 200: accessKeySliceBodyResponse
|
||||
func getAccessKeys(w http.ResponseWriter, r *http.Request) {
|
||||
w.Header().Set("Content-Type", "application/json")
|
||||
var params = mux.Vars(r)
|
||||
network := params["networkname"]
|
||||
keys, err := logic.GetKeys(network)
|
||||
if err != nil {
|
||||
logger.Log(0, r.Header.Get("user"), fmt.Sprintf("failed to get keys for network [%s]: %v",
|
||||
network, err))
|
||||
logic.ReturnErrorResponse(w, r, logic.FormatError(err, "internal"))
|
||||
return
|
||||
}
|
||||
if !servercfg.IsDisplayKeys() {
|
||||
keys = logic.RemoveKeySensitiveInfo(keys)
|
||||
}
|
||||
logger.Log(2, r.Header.Get("user"), "fetched access keys on network", network)
|
||||
w.WriteHeader(http.StatusOK)
|
||||
json.NewEncoder(w).Encode(keys)
|
||||
}
|
||||
|
||||
// swagger:route DELETE /api/networks/{networkname}/keys/{name} networks deleteAccessKey
|
||||
//
|
||||
// Delete a network access key.
|
||||
//
|
||||
// Schemes: https
|
||||
//
|
||||
// Security:
|
||||
// oauth
|
||||
//
|
||||
// Responses:
|
||||
// 200:
|
||||
// *: stringJSONResponse
|
||||
//
|
||||
// delete key. Has to do a little funky logic since it's not a collection item
|
||||
func deleteAccessKey(w http.ResponseWriter, r *http.Request) {
|
||||
w.Header().Set("Content-Type", "application/json")
|
||||
var params = mux.Vars(r)
|
||||
keyname := params["name"]
|
||||
netname := params["networkname"]
|
||||
err := logic.DeleteKey(keyname, netname)
|
||||
if err != nil {
|
||||
logger.Log(0, r.Header.Get("user"), fmt.Sprintf("failed to delete key [%s] for network [%s]: %v",
|
||||
keyname, netname, err))
|
||||
logic.ReturnErrorResponse(w, r, logic.FormatError(err, "badrequest"))
|
||||
return
|
||||
}
|
||||
logger.Log(1, r.Header.Get("user"), "deleted access key", keyname, "on network,", netname)
|
||||
w.WriteHeader(http.StatusOK)
|
||||
}
|
||||
|
|
|
|||
|
|
@ -86,118 +86,6 @@ func TestDeleteNetwork(t *testing.T) {
|
|||
})
|
||||
}
|
||||
|
||||
func TestCreateKey(t *testing.T) {
|
||||
createNet()
|
||||
keys, _ := logic.GetKeys("skynet")
|
||||
for _, key := range keys {
|
||||
logic.DeleteKey(key.Name, "skynet")
|
||||
}
|
||||
var accesskey models.AccessKey
|
||||
var network models.Network
|
||||
network.NetID = "skynet"
|
||||
t.Run("NameTooLong", func(t *testing.T) {
|
||||
network, err := logic.GetNetwork("skynet")
|
||||
assert.Nil(t, err)
|
||||
accesskey.Name = "ThisisareallylongkeynamethatwillfailThisisareallylongkeynamethatwillfailThisisareallylongkeynamethatwillfailThisisareallylongkeynamethatwillfailThisisareallylongkeynamethatwillfailThisisareallylongkeynamethatwillfailThisisareallylongkeynamethatwillfailThisisareallylongkeynamethatwillfailThisisareallylongkeynamethatwillfailThisisareallylongkeynamethatwillfailThisisareallylongkeynamethatwillfailThisisareallylongkeynamethatwillfailThisisareallylongkeynamethatwillfailThisisareallylongkeynamethatwillfailThisisareallylongkeynamethatwillfailThisisareallylongkeynamethatwillfailThisisareallylongkeynamethatwillfailThisisareallylongkeynamethatwillfailThisisareallylongkeynamethatwillfailThisisareallylongkeynamethatwillfailThisisareallylongkeynamethatwillfailThisisareallylongkeynamethatwillfailThisisareallylongkeynamethatwillfailThisisareallylongkeynamethatwillfailThisisareallylongkeynamethatwillfailThisisareallylongkeynamethatwillfailThisisareallylongkeynamethatwillfailThisisareallylongkeynamethatwillfailThisisareallylongkeynamethatwillfailThisisareallylongkeynamethatwillfailThisisareallylongkeynamethatwillfailThisisareallylongkeynamethatwillfailThisisareallylongkeynamethatwillfailThisisareallylongkeynamethatwillfailThisisareallylongkeynamethatwillfailThisisareallylongkeynamethatwillfailThisisareallylongkeynamethatwillfailThisisareallylongkeynamethatwillfailThisisareallylongkeynamethatwillfailThisisareallylongkeynamethatwillfailThisisareallylongkeynamethatwillfailThisisareallylongkeynamethatwillfailThisisareallylongkeynamethatwillfailThisisareallylongkeynamethatwillfailThisisareallylongkeynamethatwillfail"
|
||||
_, err = logic.CreateAccessKey(accesskey, network)
|
||||
assert.NotNil(t, err)
|
||||
assert.Contains(t, err.Error(), "Field validation for 'Name' failed on the 'max' tag")
|
||||
})
|
||||
t.Run("BlankName", func(t *testing.T) {
|
||||
network, err := logic.GetNetwork("skynet")
|
||||
assert.Nil(t, err)
|
||||
accesskey.Name = ""
|
||||
key, err := logic.CreateAccessKey(accesskey, network)
|
||||
assert.Nil(t, err)
|
||||
assert.NotEqual(t, "", key.Name)
|
||||
})
|
||||
t.Run("InvalidValue", func(t *testing.T) {
|
||||
network, err := logic.GetNetwork("skynet")
|
||||
assert.Nil(t, err)
|
||||
accesskey.Value = "bad-value"
|
||||
_, err = logic.CreateAccessKey(accesskey, network)
|
||||
assert.NotNil(t, err)
|
||||
assert.Contains(t, err.Error(), "Field validation for 'Value' failed on the 'alphanum' tag")
|
||||
})
|
||||
t.Run("BlankValue", func(t *testing.T) {
|
||||
network, err := logic.GetNetwork("skynet")
|
||||
assert.Nil(t, err)
|
||||
accesskey.Name = "mykey"
|
||||
accesskey.Value = ""
|
||||
key, err := logic.CreateAccessKey(accesskey, network)
|
||||
assert.Nil(t, err)
|
||||
assert.NotEqual(t, "", key.Value)
|
||||
assert.Equal(t, accesskey.Name, key.Name)
|
||||
})
|
||||
t.Run("ValueTooLong", func(t *testing.T) {
|
||||
network, err := logic.GetNetwork("skynet")
|
||||
assert.Nil(t, err)
|
||||
accesskey.Name = "keyname"
|
||||
accesskey.Value = "AccessKeyValuethatistoolong"
|
||||
_, err = logic.CreateAccessKey(accesskey, network)
|
||||
assert.NotNil(t, err)
|
||||
assert.Contains(t, err.Error(), "Field validation for 'Value' failed on the 'max' tag")
|
||||
})
|
||||
t.Run("BlankUses", func(t *testing.T) {
|
||||
network, err := logic.GetNetwork("skynet")
|
||||
assert.Nil(t, err)
|
||||
accesskey.Uses = 0
|
||||
accesskey.Value = ""
|
||||
key, err := logic.CreateAccessKey(accesskey, network)
|
||||
assert.Nil(t, err)
|
||||
assert.Equal(t, 1, key.Uses)
|
||||
})
|
||||
t.Run("DuplicateKey", func(t *testing.T) {
|
||||
network, err := logic.GetNetwork("skynet")
|
||||
assert.Nil(t, err)
|
||||
accesskey.Name = "mykey"
|
||||
_, err = logic.CreateAccessKey(accesskey, network)
|
||||
assert.NotNil(t, err)
|
||||
assert.EqualError(t, err, "duplicate AccessKey Name")
|
||||
})
|
||||
}
|
||||
|
||||
func TestGetKeys(t *testing.T) {
|
||||
deleteAllNetworks()
|
||||
createNet()
|
||||
network, err := logic.GetNetwork("skynet")
|
||||
assert.Nil(t, err)
|
||||
var key models.AccessKey
|
||||
key.Name = "mykey"
|
||||
_, err = logic.CreateAccessKey(key, network)
|
||||
assert.Nil(t, err)
|
||||
t.Run("KeyExists", func(t *testing.T) {
|
||||
keys, err := logic.GetKeys(network.NetID)
|
||||
assert.Nil(t, err)
|
||||
assert.NotEqual(t, models.AccessKey{}, keys)
|
||||
})
|
||||
t.Run("NonExistantKey", func(t *testing.T) {
|
||||
err := logic.DeleteKey("mykey", "skynet")
|
||||
assert.Nil(t, err)
|
||||
keys, err := logic.GetKeys(network.NetID)
|
||||
assert.Nil(t, err)
|
||||
assert.Equal(t, []models.AccessKey(nil), keys)
|
||||
})
|
||||
}
|
||||
func TestDeleteKey(t *testing.T) {
|
||||
createNet()
|
||||
network, err := logic.GetNetwork("skynet")
|
||||
assert.Nil(t, err)
|
||||
var key models.AccessKey
|
||||
key.Name = "mykey"
|
||||
_, err = logic.CreateAccessKey(key, network)
|
||||
assert.Nil(t, err)
|
||||
t.Run("ExistingKey", func(t *testing.T) {
|
||||
err := logic.DeleteKey("mykey", "skynet")
|
||||
assert.Nil(t, err)
|
||||
})
|
||||
t.Run("NonExistantKey", func(t *testing.T) {
|
||||
err := logic.DeleteKey("mykey", "skynet")
|
||||
assert.NotNil(t, err)
|
||||
assert.Equal(t, "key mykey does not exist", err.Error())
|
||||
})
|
||||
}
|
||||
|
||||
func TestSecurityCheck(t *testing.T) {
|
||||
//these seem to work but not sure it the tests are really testing the functionality
|
||||
|
||||
|
|
|
|||
|
|
@ -3,7 +3,6 @@ package controller
|
|||
import (
|
||||
"context"
|
||||
"encoding/json"
|
||||
"errors"
|
||||
"fmt"
|
||||
"net/http"
|
||||
"strings"
|
||||
|
|
@ -34,7 +33,6 @@ func nodeHandlers(r *mux.Router) {
|
|||
r.HandleFunc("/api/nodes/{network}/{nodeid}/createingress", logic.SecurityCheck(false, http.HandlerFunc(createIngressGateway))).Methods(http.MethodPost)
|
||||
r.HandleFunc("/api/nodes/{network}/{nodeid}/deleteingress", logic.SecurityCheck(false, http.HandlerFunc(deleteIngressGateway))).Methods(http.MethodDelete)
|
||||
r.HandleFunc("/api/nodes/{network}/{nodeid}", authorize(true, true, "node", http.HandlerFunc(updateNode))).Methods(http.MethodPost)
|
||||
r.HandleFunc("/api/nodes/{network}", nodeauth(checkFreeTierLimits(node_l, http.HandlerFunc(createNode)))).Methods(http.MethodPost)
|
||||
r.HandleFunc("/api/nodes/adm/{network}/authenticate", authenticate).Methods(http.MethodPost)
|
||||
r.HandleFunc("/api/v1/nodes/migrate", migrate).Methods(http.MethodPost)
|
||||
}
|
||||
|
|
@ -147,52 +145,6 @@ func authenticate(response http.ResponseWriter, request *http.Request) {
|
|||
response.Write(successJSONResponse)
|
||||
}
|
||||
|
||||
// auth middleware for api calls from nodes where node is has not yet joined the server (register, join)
|
||||
func nodeauth(next http.Handler) http.HandlerFunc {
|
||||
return func(w http.ResponseWriter, r *http.Request) {
|
||||
bearerToken := r.Header.Get("Authorization")
|
||||
var tokenSplit = strings.Split(bearerToken, " ")
|
||||
var token = ""
|
||||
if len(tokenSplit) < 2 {
|
||||
errorResponse := models.ErrorResponse{
|
||||
Code: http.StatusUnauthorized, Message: "W1R3: You are unauthorized to access this endpoint.",
|
||||
}
|
||||
logic.ReturnErrorResponse(w, r, errorResponse)
|
||||
return
|
||||
} else {
|
||||
token = tokenSplit[1]
|
||||
}
|
||||
found := false
|
||||
networks, err := logic.GetNetworks()
|
||||
if err != nil {
|
||||
logger.Log(0, "no networks", err.Error())
|
||||
errorResponse := models.ErrorResponse{
|
||||
Code: http.StatusNotFound, Message: "no networks",
|
||||
}
|
||||
logic.ReturnErrorResponse(w, r, errorResponse)
|
||||
return
|
||||
}
|
||||
for _, network := range networks {
|
||||
for _, key := range network.AccessKeys {
|
||||
if key.Value == token {
|
||||
found = true
|
||||
break
|
||||
}
|
||||
}
|
||||
}
|
||||
if !found {
|
||||
logger.Log(0, "valid access key not found")
|
||||
errorResponse := models.ErrorResponse{
|
||||
Code: http.StatusUnauthorized, Message: "You are unauthorized to access this endpoint.",
|
||||
}
|
||||
logic.ReturnErrorResponse(w, r, errorResponse)
|
||||
return
|
||||
}
|
||||
|
||||
next.ServeHTTP(w, r)
|
||||
}
|
||||
}
|
||||
|
||||
// The middleware for most requests to the API
|
||||
// They all pass through here first
|
||||
// This will validate the JWT (or check for master token)
|
||||
|
|
@ -462,218 +414,6 @@ func getNode(w http.ResponseWriter, r *http.Request) {
|
|||
json.NewEncoder(w).Encode(response)
|
||||
}
|
||||
|
||||
// swagger:route POST /api/nodes/{network} nodes createNode
|
||||
//
|
||||
// Create a node on a network.
|
||||
//
|
||||
// Schemes: https
|
||||
//
|
||||
// Security:
|
||||
// oauth
|
||||
//
|
||||
// Responses:
|
||||
// 200: nodeGetResponse
|
||||
func createNode(w http.ResponseWriter, r *http.Request) {
|
||||
w.Header().Set("Content-Type", "application/json")
|
||||
|
||||
var params = mux.Vars(r)
|
||||
|
||||
var errorResponse = models.ErrorResponse{
|
||||
Code: http.StatusInternalServerError, Message: "W1R3: It's not you it's me.",
|
||||
}
|
||||
networkName := params["network"]
|
||||
networkexists, err := logic.NetworkExists(networkName)
|
||||
|
||||
if err != nil {
|
||||
logger.Log(0, r.Header.Get("user"),
|
||||
fmt.Sprintf("failed to fetch network [%s] info: %v", networkName, err))
|
||||
logic.ReturnErrorResponse(w, r, logic.FormatError(err, "internal"))
|
||||
return
|
||||
} else if !networkexists {
|
||||
errorResponse = models.ErrorResponse{
|
||||
Code: http.StatusNotFound, Message: "W1R3: Network does not exist! ",
|
||||
}
|
||||
logger.Log(0, r.Header.Get("user"),
|
||||
fmt.Sprintf("network [%s] does not exist", networkName))
|
||||
logic.ReturnErrorResponse(w, r, errorResponse)
|
||||
return
|
||||
}
|
||||
|
||||
//get data from body of request
|
||||
data := models.JoinData{}
|
||||
err = json.NewDecoder(r.Body).Decode(&data)
|
||||
if err != nil {
|
||||
logger.Log(0, r.Header.Get("user"), "error decoding request body: ", err.Error())
|
||||
logic.ReturnErrorResponse(w, r, logic.FormatError(err, "badrequest"))
|
||||
return
|
||||
}
|
||||
|
||||
if !logic.IsVersionComptatible(data.Host.Version) {
|
||||
err := errors.New("bad netclient version on node create: " + data.Host.Version)
|
||||
logic.ReturnErrorResponse(w, r, logic.FormatError(err, "badrequest"))
|
||||
return
|
||||
}
|
||||
|
||||
data.Node.Network = networkName
|
||||
|
||||
networkSettings, err := logic.GetNetworkSettings(networkName)
|
||||
if err != nil {
|
||||
logger.Log(0, r.Header.Get("user"),
|
||||
fmt.Sprintf("failed to get network [%s] settings: %v", networkName, err))
|
||||
logic.ReturnErrorResponse(w, r, logic.FormatError(err, "internal"))
|
||||
return
|
||||
}
|
||||
data.Node.NetworkSettings(networkSettings)
|
||||
keyName, validKey := logic.IsKeyValid(networkName, data.Key)
|
||||
if !validKey {
|
||||
errorResponse = models.ErrorResponse{
|
||||
Code: http.StatusUnauthorized, Message: "W1R3: Key invalid, or none provided.",
|
||||
}
|
||||
logger.Log(0, r.Header.Get("user"),
|
||||
fmt.Sprintf("failed to create node on network [%s]: %s",
|
||||
data.Node.Network, errorResponse.Message))
|
||||
logic.ReturnErrorResponse(w, r, errorResponse)
|
||||
return
|
||||
}
|
||||
logic.DecrimentKey(networkName, data.Key)
|
||||
user, err := pro.GetNetworkUser(networkName, promodels.NetworkUserID(keyName))
|
||||
if err == nil {
|
||||
if user.ID != "" {
|
||||
logger.Log(1, "associating new node with user", keyName)
|
||||
data.Node.OwnerID = string(user.ID)
|
||||
}
|
||||
}
|
||||
|
||||
key, keyErr := logic.RetrievePublicTrafficKey()
|
||||
if keyErr != nil {
|
||||
logger.Log(0, "error retrieving key: ", keyErr.Error())
|
||||
logic.ReturnErrorResponse(w, r, logic.FormatError(err, "internal"))
|
||||
return
|
||||
}
|
||||
if key == nil {
|
||||
logger.Log(0, "error: server traffic key is nil")
|
||||
logic.ReturnErrorResponse(w, r, logic.FormatError(err, "internal"))
|
||||
return
|
||||
}
|
||||
if data.Host.TrafficKeyPublic == nil {
|
||||
logger.Log(0, "error: node traffic key is nil")
|
||||
logic.ReturnErrorResponse(w, r, logic.FormatError(err, "internal"))
|
||||
return
|
||||
}
|
||||
server := servercfg.GetServerInfo()
|
||||
server.TrafficKey = key
|
||||
data.Node.Server = servercfg.GetServer()
|
||||
if !logic.HostExists(&data.Host) {
|
||||
logic.CheckHostPorts(&data.Host)
|
||||
if servercfg.GetBrokerType() == servercfg.EmqxBrokerType {
|
||||
// create EMQX credentials for host if it doesn't exists
|
||||
if err := mq.CreateEmqxUser(data.Host.ID.String(), data.Host.HostPass, false); err != nil {
|
||||
logger.Log(0, "failed to add host credentials to EMQX: ", data.Host.ID.String(), err.Error())
|
||||
return
|
||||
}
|
||||
}
|
||||
}
|
||||
if err := logic.CreateHost(&data.Host); err != nil {
|
||||
if errors.Is(err, logic.ErrHostExists) {
|
||||
logger.Log(3, "host exists .. no need to create")
|
||||
host, err := logic.GetHost(data.Host.ID.String())
|
||||
if err != nil {
|
||||
logger.Log(0, r.Header.Get("user"), "failed to find host:", err.Error())
|
||||
logic.ReturnErrorResponse(w, r, logic.FormatError(err, "internal"))
|
||||
return
|
||||
}
|
||||
logic.UpdateHostFromClient(&data.Host, host) // update the in memory struct values
|
||||
err = logic.UpsertHost(host)
|
||||
if err != nil {
|
||||
logger.Log(0, r.Header.Get("user"),
|
||||
fmt.Sprintf("failed to update host [ %s ]: %v", host.ID.String(), err))
|
||||
logic.ReturnErrorResponse(w, r, logic.FormatError(err, "internal"))
|
||||
return
|
||||
}
|
||||
data.Host = *host
|
||||
} else {
|
||||
logger.Log(0, "error creating host", err.Error())
|
||||
logic.ReturnErrorResponse(w, r, logic.FormatError(err, "badrequest"))
|
||||
return
|
||||
}
|
||||
}
|
||||
err = logic.AssociateNodeToHost(&data.Node, &data.Host)
|
||||
if err != nil {
|
||||
logger.Log(0, r.Header.Get("user"),
|
||||
fmt.Sprintf("failed to create node on network [%s]: %s",
|
||||
networkName, err))
|
||||
logic.ReturnErrorResponse(w, r, logic.FormatError(err, "internal"))
|
||||
return
|
||||
}
|
||||
|
||||
// check if key belongs to a user
|
||||
// if so add to their netuser data
|
||||
// if it fails remove the node and fail request
|
||||
if user != nil {
|
||||
var updatedUserNode bool
|
||||
user.Nodes = append(user.Nodes, data.Node.ID.String()) // add new node to user
|
||||
if err = pro.UpdateNetworkUser(networkName, user); err == nil {
|
||||
logger.Log(1, "added node", data.Node.ID.String(), data.Host.Name, "to user", string(user.ID))
|
||||
updatedUserNode = true
|
||||
}
|
||||
if !updatedUserNode { // user was found but not updated, so delete node
|
||||
logger.Log(0, "failed to add node to user", keyName)
|
||||
logic.DeleteNode(&data.Node, true)
|
||||
logic.ReturnErrorResponse(w, r, logic.FormatError(err, "internal"))
|
||||
return
|
||||
}
|
||||
}
|
||||
hostPeerUpdate, err := logic.GetPeerUpdateForHost(context.Background(), networkName, &data.Host, nil, nil)
|
||||
if err != nil && !database.IsEmptyRecord(err) {
|
||||
logger.Log(0, r.Header.Get("user"),
|
||||
fmt.Sprintf("error fetching wg peers config for host [ %s ]: %v", data.Host.ID.String(), err))
|
||||
logic.ReturnErrorResponse(w, r, logic.FormatError(err, "internal"))
|
||||
return
|
||||
}
|
||||
data.Host.HostPass = "" // client should not change password after join
|
||||
// concealing hash
|
||||
response := models.NodeJoinResponse{
|
||||
Node: data.Node,
|
||||
ServerConfig: server,
|
||||
Host: data.Host,
|
||||
Peers: hostPeerUpdate.Peers,
|
||||
}
|
||||
logger.Log(1, r.Header.Get("user"), "created new node", data.Host.Name, data.Node.ID.String(), "on network", networkName)
|
||||
w.WriteHeader(http.StatusOK)
|
||||
json.NewEncoder(w).Encode(response)
|
||||
|
||||
go func() {
|
||||
if err := mq.PublishPeerUpdate(); err != nil {
|
||||
logger.Log(1, "failed a peer update after creation of node", data.Host.Name)
|
||||
}
|
||||
}()
|
||||
//runForceServerUpdate(&data.Node, true)
|
||||
go func() {
|
||||
dns := models.DNSUpdate{
|
||||
Action: models.DNSInsert,
|
||||
Name: data.Host.Name + "." + data.Node.Network,
|
||||
}
|
||||
if data.Node.Address.IP != nil {
|
||||
dns.Address = data.Node.Address.IP.String()
|
||||
//publish new node dns entry to all nodes on network
|
||||
if err := mq.PublishDNSUpdate(data.Node.Network, dns); err != nil {
|
||||
logger.Log(1, "failed to publish dns update on node creation", err.Error())
|
||||
}
|
||||
}
|
||||
if data.Node.Address6.IP != nil {
|
||||
dns.Address = data.Node.Address6.IP.String()
|
||||
//publish new node dns entry to all nodes on network
|
||||
if err := mq.PublishDNSUpdate(data.Node.Network, dns); err != nil {
|
||||
logger.Log(1, "failed to publish dns update on node creation", err.Error())
|
||||
}
|
||||
}
|
||||
//publish add dns records for network to new node
|
||||
if err := mq.PublishAllDNS(&data.Node); err != nil {
|
||||
logger.Log(1, "failed to publish dns update on node creation", err.Error())
|
||||
}
|
||||
}()
|
||||
}
|
||||
|
||||
// == EGRESS ==
|
||||
|
||||
// swagger:route POST /api/nodes/{network}/{nodeid}/creategateway nodes createEgressGateway
|
||||
|
|
|
|||
|
|
@ -467,5 +467,5 @@ func socketHandler(w http.ResponseWriter, r *http.Request) {
|
|||
return
|
||||
}
|
||||
// Start handling the session
|
||||
go auth.SessionHandler(conn)
|
||||
// go auth.SessionHandler(conn)
|
||||
}
|
||||
|
|
|
|||
|
|
@ -1,229 +0,0 @@
|
|||
package logic
|
||||
|
||||
import (
|
||||
"crypto/rand"
|
||||
"encoding/base64"
|
||||
"encoding/json"
|
||||
"errors"
|
||||
"math/big"
|
||||
"strings"
|
||||
"sync"
|
||||
|
||||
validator "github.com/go-playground/validator/v10"
|
||||
"github.com/gravitl/netmaker/database"
|
||||
"github.com/gravitl/netmaker/logger"
|
||||
"github.com/gravitl/netmaker/models"
|
||||
"github.com/gravitl/netmaker/servercfg"
|
||||
)
|
||||
|
||||
// CreateAccessKey - create access key
|
||||
func CreateAccessKey(accesskey models.AccessKey, network models.Network) (models.AccessKey, error) {
|
||||
|
||||
if accesskey.Name == "" {
|
||||
accesskey.Name = genKeyName()
|
||||
}
|
||||
|
||||
if accesskey.Value == "" {
|
||||
accesskey.Value = GenKey()
|
||||
}
|
||||
if accesskey.Uses == 0 {
|
||||
accesskey.Uses = 1
|
||||
}
|
||||
|
||||
checkkeys, err := GetKeys(network.NetID)
|
||||
if err != nil {
|
||||
return models.AccessKey{}, errors.New("could not retrieve network keys")
|
||||
}
|
||||
|
||||
for _, key := range checkkeys {
|
||||
if key.Name == accesskey.Name {
|
||||
return models.AccessKey{}, errors.New("duplicate AccessKey Name")
|
||||
}
|
||||
}
|
||||
|
||||
netID := network.NetID
|
||||
|
||||
var accessToken models.AccessToken
|
||||
|
||||
accessToken.APIConnString = servercfg.GetAPIConnString()
|
||||
accessToken.ClientConfig.Network = netID
|
||||
accessToken.ClientConfig.Key = accesskey.Value
|
||||
|
||||
tokenjson, err := json.Marshal(accessToken)
|
||||
if err != nil {
|
||||
return accesskey, err
|
||||
}
|
||||
|
||||
accesskey.AccessString = base64.StdEncoding.EncodeToString([]byte(tokenjson))
|
||||
|
||||
//validate accesskey
|
||||
v := validator.New()
|
||||
err = v.Struct(accesskey)
|
||||
if err != nil {
|
||||
for _, e := range err.(validator.ValidationErrors) {
|
||||
logger.Log(1, "validator", e.Error())
|
||||
}
|
||||
return models.AccessKey{}, err
|
||||
}
|
||||
|
||||
network.AccessKeys = append(network.AccessKeys, accesskey)
|
||||
data, err := json.Marshal(&network)
|
||||
if err != nil {
|
||||
return models.AccessKey{}, err
|
||||
}
|
||||
if err = database.Insert(network.NetID, string(data), database.NETWORKS_TABLE_NAME); err != nil {
|
||||
return models.AccessKey{}, err
|
||||
}
|
||||
|
||||
return accesskey, nil
|
||||
}
|
||||
|
||||
// DeleteKey - deletes a key
|
||||
func DeleteKey(keyname, netname string) error {
|
||||
network, err := GetParentNetwork(netname)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
//basically, turn the list of access keys into the list of access keys before and after the item
|
||||
//have not done any error handling for if there's like...1 item. I think it works? need to test.
|
||||
found := false
|
||||
var updatedKeys []models.AccessKey
|
||||
for _, currentkey := range network.AccessKeys {
|
||||
if currentkey.Name == keyname {
|
||||
found = true
|
||||
} else {
|
||||
updatedKeys = append(updatedKeys, currentkey)
|
||||
}
|
||||
}
|
||||
if !found {
|
||||
return errors.New("key " + keyname + " does not exist")
|
||||
}
|
||||
network.AccessKeys = updatedKeys
|
||||
data, err := json.Marshal(&network)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
if err := database.Insert(network.NetID, string(data), database.NETWORKS_TABLE_NAME); err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
return nil
|
||||
}
|
||||
|
||||
// GetKeys - fetches keys for network
|
||||
func GetKeys(net string) ([]models.AccessKey, error) {
|
||||
|
||||
record, err := database.FetchRecord(database.NETWORKS_TABLE_NAME, net)
|
||||
if err != nil {
|
||||
return []models.AccessKey{}, err
|
||||
}
|
||||
network, err := ParseNetwork(record)
|
||||
if err != nil {
|
||||
return []models.AccessKey{}, err
|
||||
}
|
||||
return network.AccessKeys, nil
|
||||
}
|
||||
|
||||
// DecrimentKey - decriments key uses
|
||||
func DecrimentKey(networkName string, keyvalue string) {
|
||||
|
||||
var network models.Network
|
||||
|
||||
network, err := GetParentNetwork(networkName)
|
||||
if err != nil {
|
||||
return
|
||||
}
|
||||
|
||||
for i := len(network.AccessKeys) - 1; i >= 0; i-- {
|
||||
|
||||
currentkey := network.AccessKeys[i]
|
||||
if currentkey.Value == keyvalue {
|
||||
network.AccessKeys[i].Uses--
|
||||
if network.AccessKeys[i].Uses < 1 {
|
||||
network.AccessKeys = append(network.AccessKeys[:i],
|
||||
network.AccessKeys[i+1:]...)
|
||||
break
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
if newNetworkData, err := json.Marshal(&network); err != nil {
|
||||
logger.Log(2, "failed to decrement key")
|
||||
return
|
||||
} else {
|
||||
database.Insert(network.NetID, string(newNetworkData), database.NETWORKS_TABLE_NAME)
|
||||
}
|
||||
}
|
||||
|
||||
// IsKeyValid - check if key is valid
|
||||
func IsKeyValid(networkname string, keyvalue string) (string, bool) {
|
||||
|
||||
network, err := GetParentNetwork(networkname)
|
||||
if err != nil {
|
||||
return "", false
|
||||
}
|
||||
accesskeys := network.AccessKeys
|
||||
|
||||
var key models.AccessKey
|
||||
foundkey := false
|
||||
isvalid := false
|
||||
|
||||
for i := len(accesskeys) - 1; i >= 0; i-- {
|
||||
currentkey := accesskeys[i]
|
||||
if currentkey.Value == keyvalue {
|
||||
key = currentkey
|
||||
foundkey = true
|
||||
}
|
||||
}
|
||||
if foundkey {
|
||||
if key.Uses > 0 {
|
||||
isvalid = true
|
||||
}
|
||||
}
|
||||
return key.Name, isvalid
|
||||
}
|
||||
|
||||
// RemoveKeySensitiveInfo - remove sensitive key info
|
||||
func RemoveKeySensitiveInfo(keys []models.AccessKey) []models.AccessKey {
|
||||
var returnKeys []models.AccessKey
|
||||
for _, key := range keys {
|
||||
key.Value = models.PLACEHOLDER_KEY_TEXT
|
||||
key.AccessString = models.PLACEHOLDER_TOKEN_TEXT
|
||||
returnKeys = append(returnKeys, key)
|
||||
}
|
||||
return returnKeys
|
||||
}
|
||||
|
||||
const (
|
||||
maxr string = "ff578f57c15bb743beaa77d27637e02b598dffa9aebd15889187fe6eb3bdca516c3fa1a52eabef31f33b4b8c2e5b5524f1aa4f3329393912f40dbbe23d7f39723e0be05b6696b11f8eea0abe365a11d9f2735ac7e5b4e015ab19b35b84893685b37a9a0a62a566d6571d7e00d4241687f5c804f37cde9bf311c0781f51cc007c5a01a94f6cfcecea640b8e9ab7bd43e73e5df5d0e1eeb4d9b6cc44be67b7cad80808b17869561b579ffe0bbdeca5c83139e458000000000000000000000000000000000000000000000000000000000000000"
|
||||
)
|
||||
|
||||
var (
|
||||
uno sync.Once
|
||||
maxentropy *big.Int
|
||||
)
|
||||
|
||||
func init() {
|
||||
uno.Do(func() {
|
||||
maxentropy, _ = new(big.Int).SetString(maxr, 16)
|
||||
})
|
||||
}
|
||||
|
||||
// == private methods ==
|
||||
|
||||
func genKeyName() string {
|
||||
entropy, _ := rand.Int(rand.Reader, maxentropy)
|
||||
return strings.Join([]string{"key", entropy.Text(16)[:16]}, "-")
|
||||
}
|
||||
|
||||
// GenKey - generates random key of length 16
|
||||
func GenKey() string {
|
||||
entropy, _ := rand.Int(rand.Reader, maxentropy)
|
||||
return entropy.Text(16)[:16]
|
||||
}
|
||||
|
||||
// GenPassWord - generates random password of length 64
|
||||
func GenPassWord() string {
|
||||
entropy, _ := rand.Int(rand.Reader, maxentropy)
|
||||
return entropy.Text(62)[:64]
|
||||
}
|
||||
|
|
@ -1,21 +0,0 @@
|
|||
package logic
|
||||
|
||||
import "testing"
|
||||
|
||||
func Test_genKeyName(t *testing.T) {
|
||||
for i := 0; i < 100; i++ {
|
||||
kname := genKeyName()
|
||||
if len(kname) != 20 {
|
||||
t.Fatalf("improper length of key name, expected 20 got :%d", len(kname))
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
func Test_genKey(t *testing.T) {
|
||||
for i := 0; i < 100; i++ {
|
||||
kname := GenKey()
|
||||
if len(kname) != 16 {
|
||||
t.Fatalf("improper length of key name, expected 16 got :%d", len(kname))
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
@ -159,7 +159,6 @@ func GetNetworkSettings(networkname string) (models.Network, error) {
|
|||
if err = json.Unmarshal([]byte(networkData), &network); err != nil {
|
||||
return models.Network{}, err
|
||||
}
|
||||
network.AccessKeys = []models.AccessKey{}
|
||||
return network, nil
|
||||
}
|
||||
|
||||
|
|
@ -599,10 +598,13 @@ func networkNodesUpdateAction(networkName string, action string) error {
|
|||
return err
|
||||
}
|
||||
|
||||
for _, value := range collections {
|
||||
for k, value := range collections {
|
||||
var node models.Node
|
||||
err := json.Unmarshal([]byte(value), &node)
|
||||
if err != nil {
|
||||
if IsLegacyNode(k) { // ignore legacy nodes
|
||||
continue
|
||||
}
|
||||
fmt.Println("error in node address assignment!")
|
||||
return err
|
||||
}
|
||||
|
|
|
|||
|
|
@ -19,7 +19,6 @@ type Network struct {
|
|||
NodeLimit int32 `json:"nodelimit" bson:"nodelimit"`
|
||||
DefaultPostDown string `json:"defaultpostdown" bson:"defaultpostdown"`
|
||||
DefaultKeepalive int32 `json:"defaultkeepalive" bson:"defaultkeepalive" validate:"omitempty,max=1000"`
|
||||
AccessKeys []AccessKey `json:"accesskeys" bson:"accesskeys"`
|
||||
AllowManualSignUp string `json:"allowmanualsignup" bson:"allowmanualsignup" validate:"checkyesorno"`
|
||||
IsIPv4 string `json:"isipv4" bson:"isipv4" validate:"checkyesorno"`
|
||||
IsIPv6 string `json:"isipv6" bson:"isipv6" validate:"checkyesorno"`
|
||||
|
|
|
|||
|
|
@ -2,7 +2,6 @@ package models
|
|||
|
||||
import (
|
||||
"strings"
|
||||
"time"
|
||||
|
||||
jwt "github.com/golang-jwt/jwt/v4"
|
||||
"golang.zx2c4.com/wireguard/wgctrl/wgtypes"
|
||||
|
|
@ -102,15 +101,6 @@ type SuccessResponse struct {
|
|||
Response interface{}
|
||||
}
|
||||
|
||||
// AccessKey - access key struct
|
||||
type AccessKey struct {
|
||||
Name string `json:"name" bson:"name" validate:"omitempty,max=345"`
|
||||
Value string `json:"value" bson:"value" validate:"omitempty,alphanum,max=16"`
|
||||
AccessString string `json:"accessstring" bson:"accessstring"`
|
||||
Uses int `json:"uses" bson:"uses" validate:"numeric,min=0"`
|
||||
Expiration *time.Time `json:"expiration" bson:"expiration"`
|
||||
}
|
||||
|
||||
// DisplayKey - what is displayed for key
|
||||
type DisplayKey struct {
|
||||
Name string `json:"name" bson:"name"`
|
||||
|
|
|
|||
10
mq/mq.go
10
mq/mq.go
|
|
@ -2,6 +2,7 @@ package mq
|
|||
|
||||
import (
|
||||
"context"
|
||||
"fmt"
|
||||
"log"
|
||||
"time"
|
||||
|
||||
|
|
@ -53,19 +54,20 @@ func SetupMQTT() {
|
|||
opts := mqtt.NewClientOptions()
|
||||
setMqOptions(servercfg.GetMqUserName(), servercfg.GetMqPassword(), opts)
|
||||
opts.SetOnConnectHandler(func(client mqtt.Client) {
|
||||
if token := client.Subscribe("update/#", 0, mqtt.MessageHandler(UpdateNode)); token.WaitTimeout(MQ_TIMEOUT*time.Second) && token.Error() != nil {
|
||||
serverName := servercfg.GetServer()
|
||||
if token := client.Subscribe(fmt.Sprintf("update/%s/#", serverName), 0, mqtt.MessageHandler(UpdateNode)); token.WaitTimeout(MQ_TIMEOUT*time.Second) && token.Error() != nil {
|
||||
client.Disconnect(240)
|
||||
logger.Log(0, "node update subscription failed")
|
||||
}
|
||||
if token := client.Subscribe("host/serverupdate/#", 0, mqtt.MessageHandler(UpdateHost)); token.WaitTimeout(MQ_TIMEOUT*time.Second) && token.Error() != nil {
|
||||
if token := client.Subscribe(fmt.Sprintf("host/serverupdate/%s/#", serverName), 0, mqtt.MessageHandler(UpdateHost)); token.WaitTimeout(MQ_TIMEOUT*time.Second) && token.Error() != nil {
|
||||
client.Disconnect(240)
|
||||
logger.Log(0, "host update subscription failed")
|
||||
}
|
||||
if token := client.Subscribe("signal/#", 0, mqtt.MessageHandler(ClientPeerUpdate)); token.WaitTimeout(MQ_TIMEOUT*time.Second) && token.Error() != nil {
|
||||
if token := client.Subscribe(fmt.Sprintf("signal/%s/#", serverName), 0, mqtt.MessageHandler(ClientPeerUpdate)); token.WaitTimeout(MQ_TIMEOUT*time.Second) && token.Error() != nil {
|
||||
client.Disconnect(240)
|
||||
logger.Log(0, "node client subscription failed")
|
||||
}
|
||||
if token := client.Subscribe("metrics/#", 0, mqtt.MessageHandler(UpdateMetrics)); token.WaitTimeout(MQ_TIMEOUT*time.Second) && token.Error() != nil {
|
||||
if token := client.Subscribe(fmt.Sprintf("metrics/%s/#", serverName), 0, mqtt.MessageHandler(UpdateMetrics)); token.WaitTimeout(MQ_TIMEOUT*time.Second) && token.Error() != nil {
|
||||
client.Disconnect(240)
|
||||
logger.Log(0, "node metrics subscription failed")
|
||||
}
|
||||
|
|
|
|||
Loading…
Add table
Reference in a new issue