Net 1227 v1 (#3066)

* generalise smtp config * copy over smtp vars * env new line * fix master key api access * comment user tests * fix network and user invite for master key access * remove email sender type * user mgmt commands * check user role on CE * user role nmtcl cmds * user groups commands * fix role and groups command * fix user create cmd * add usage info * rm user role check * fix user update cmd * fix static check * add backwards comptability support for extclient api for mobile * rm debug logs * set frontend url from base domain if empty
2024-09-20 07:16:06 +08:00 · 2024-08-26 18:27:45 +05:30 · 2024-08-26 18:27:45 +05:30 · 936e1b4d45
parent f18937f1e8
commit 936e1b4d45
6 changed files with 12 additions and 28 deletions
--- a/controllers/middleware.go
+++ b/controllers/middleware.go
@ -6,7 +6,6 @@ import (
 	"strings"

 	"github.com/gorilla/mux"
-	"github.com/gravitl/netmaker/logger"
 	"github.com/gravitl/netmaker/logic"
 	"github.com/gravitl/netmaker/models"
 )
@ -105,7 +104,6 @@ func userMiddleWare(handler http.Handler) http.Handler {
 		}

 		r.Header.Set("RSRC_TYPE", r.Header.Get("TARGET_RSRC"))
-		logger.Log(0, "URL ------> ", route)
 		handler.ServeHTTP(w, r)
 	})
 }
--- a/pro/auth/google.go
+++ b/pro/auth/google.go
@ -69,22 +69,17 @@ func handleGoogleCallback(w http.ResponseWriter, r *http.Request) {
 		handleOauthNotConfigured(w)
 		return
 	}
-	logger.Log(0, "CALLBACK ----> 1")
-
-	logger.Log(0, "CALLBACK ----> 2")
 	var inviteExists bool
 	// check if invite exists for User
 	in, err := logic.GetUserInvite(content.Email)
 	if err == nil {
 		inviteExists = true
 	}
-	logger.Log(0, fmt.Sprintf("CALLBACK ----> 3  %v", inviteExists))
 	// check if user approval is already pending
 	if !inviteExists && logic.IsPendingUser(content.Email) {
 		handleOauthUserSignUpApprovalPending(w)
 		return
 	}
-	logger.Log(0, "CALLBACK ----> 4")
 	_, err = logic.GetUser(content.Email)
 	if err != nil {
 		if database.IsEmptyRecord(err) { // user must not exist, so try to make one
@ -95,7 +90,6 @@ func handleGoogleCallback(w http.ResponseWriter, r *http.Request) {
 					logic.ReturnErrorResponse(w, r, logic.FormatError(err, "internal"))
 					return
 				}
-				logger.Log(0, "CALLBACK ----> 4.0")

 				if err = logic.CreateUser(&user); err != nil {
 					handleSomethingWentWrong(w)
@ -124,7 +118,6 @@ func handleGoogleCallback(w http.ResponseWriter, r *http.Request) {
 			return
 		}
 	}
-	logger.Log(0, "CALLBACK ----> 6")
 	user, err := logic.GetUser(content.Email)
 	if err != nil {
 		logger.Log(0, "error fetching user: ", err.Error())
@ -186,7 +179,6 @@ func getGoogleUserInfo(state string, code string) (*OAuthUser, error) {
 	if err != nil {
 		return nil, fmt.Errorf("failed reading response body: %s", err.Error())
 	}
-	logger.Log(0, fmt.Sprintf("---------------> USERINFO: %v, token: %s", string(contents), token.AccessToken))
 	var userInfo = &OAuthUser{}
 	if err = json.Unmarshal(contents, userInfo); err != nil {
 		return nil, fmt.Errorf("failed parsing email from response data: %s", err.Error())
--- a/pro/controllers/users.go
+++ b/pro/controllers/users.go
@ -7,6 +7,7 @@ import (
 	"fmt"
 	"net/http"
 	"net/url"
+	"strings"

 	"github.com/gorilla/mux"
 	"github.com/gravitl/netmaker/database"
@ -218,8 +219,12 @@ func inviteUsers(w http.ResponseWriter, r *http.Request) {
 			NetworkRoles:   inviteReq.NetworkRoles,
 			InviteCode:     logic.RandomString(8),
 		}
+		frontendURL := strings.TrimSuffix(servercfg.GetFrontendURL(), "/")
+		if frontendURL == "" {
+			frontendURL = fmt.Sprintf("https://dashboard.%s", servercfg.GetNmBaseDomain())
+		}
 		u, err := url.Parse(fmt.Sprintf("%s/invite?email=%s&invite_code=%s",
-			servercfg.GetFrontendURL(), url.QueryEscape(invite.Email), url.QueryEscape(invite.InviteCode)))
+			frontendURL, url.QueryEscape(invite.Email), url.QueryEscape(invite.InviteCode)))
 		if err != nil {
 			slog.Error("failed to parse to invite url", "error", err)
 			return
@ -808,21 +813,18 @@ func removeUserFromRemoteAccessGW(w http.ResponseWriter, r *http.Request) {
 func getUserRemoteAccessGwsV1(w http.ResponseWriter, r *http.Request) {
 	// set header.
 	w.Header().Set("Content-Type", "application/json")
-	logger.Log(0, "------------> 1. getUserRemoteAccessGwsV1")
 	var params = mux.Vars(r)
 	username := params["username"]
 	if username == "" {
 		logic.ReturnErrorResponse(w, r, logic.FormatError(errors.New("required params username"), "badrequest"))
 		return
 	}
-	logger.Log(0, "------------> 2. getUserRemoteAccessGwsV1")
 	user, err := logic.GetUser(username)
 	if err != nil {
 		logger.Log(0, username, "failed to fetch user: ", err.Error())
 		logic.ReturnErrorResponse(w, r, logic.FormatError(fmt.Errorf("failed to fetch user %s, error: %v", username, err), "badrequest"))
 		return
 	}
-	logger.Log(0, "------------> 3. getUserRemoteAccessGwsV1")
 	remoteAccessClientID := r.URL.Query().Get("remote_access_clientid")
 	var req models.UserRemoteGwsReq
 	if remoteAccessClientID == "" {
@ -833,7 +835,6 @@ func getUserRemoteAccessGwsV1(w http.ResponseWriter, r *http.Request) {
 			return
 		}
 	}
-	logger.Log(0, "------------> 4. getUserRemoteAccessGwsV1")
 	reqFromMobile := r.URL.Query().Get("from_mobile") == "true"
 	if req.RemoteAccessClientID == "" && remoteAccessClientID == "" {
 		logic.ReturnErrorResponse(w, r, logic.FormatError(errors.New("remote access client id cannot be empty"), "badrequest"))
@ -843,13 +844,11 @@ func getUserRemoteAccessGwsV1(w http.ResponseWriter, r *http.Request) {
 		req.RemoteAccessClientID = remoteAccessClientID
 	}
 	userGws := make(map[string][]models.UserRemoteGws)
-	logger.Log(0, "------------> 5. getUserRemoteAccessGwsV1")
 	allextClients, err := logic.GetAllExtClients()
 	if err != nil {
 		logic.ReturnErrorResponse(w, r, logic.FormatError(err, "internal"))
 		return
 	}
-	logger.Log(0, "------------> 6. getUserRemoteAccessGwsV1")
 	userGwNodes := proLogic.GetUserRAGNodes(*user)
 	logger.Log(0, fmt.Sprintf("1. User Gw Nodes: %+v", userGwNodes))
 	for _, extClient := range allextClients {
@ -890,7 +889,6 @@ func getUserRemoteAccessGwsV1(w http.ResponseWriter, r *http.Request) {
 	logger.Log(0, fmt.Sprintf("2. User Gw Nodes: %+v", userGwNodes))
 	// add remaining gw nodes to resp
 	for gwID := range userGwNodes {
-		logger.Log(0, "RAG ---> 1")
 		node, err := logic.GetNodeByID(gwID)
 		if err != nil {
 			continue
@ -901,7 +899,6 @@ func getUserRemoteAccessGwsV1(w http.ResponseWriter, r *http.Request) {
 		if node.PendingDelete {
 			continue
 		}
-		logger.Log(0, "RAG ---> 2")
 		host, err := logic.GetHost(node.HostID.String())
 		if err != nil {
 			continue
@ -910,7 +907,6 @@ func getUserRemoteAccessGwsV1(w http.ResponseWriter, r *http.Request) {
 		if err != nil {
 			slog.Error("failed to get node network", "error", err)
 		}
-		logger.Log(0, "RAG ---> 3")
 		gws := userGws[node.Network]

 		gws = append(gws, models.UserRemoteGws{
--- a/pro/logic/security.go
+++ b/pro/logic/security.go
@ -5,7 +5,6 @@ import (
 	"fmt"
 	"net/http"

-	"github.com/gravitl/netmaker/logger"
 	"github.com/gravitl/netmaker/logic"
 	"github.com/gravitl/netmaker/models"
 )
@ -16,7 +15,6 @@ func NetworkPermissionsCheck(username string, r *http.Request) error {
 	if err != nil {
 		return err
 	}
-	logger.Log(0, "NET MIDDL----> 1")
 	userRole, err := logic.GetRole(user.PlatformRoleID)
 	if err != nil {
 		return errors.New("access denied")
@ -24,7 +22,6 @@ func NetworkPermissionsCheck(username string, r *http.Request) error {
 	if userRole.FullAccess {
 		return nil
 	}
-	logger.Log(0, "NET MIDDL----> 2")
 	// get info from header to determine the target rsrc
 	targetRsrc := r.Header.Get("TARGET_RSRC")
 	targetRsrcID := r.Header.Get("TARGET_RSRC_ID")
@ -81,7 +78,6 @@ func checkNetworkAccessPermissions(netRoleID models.UserRoleID, username, reqSco
 	if err != nil {
 		return err
 	}
-	logger.Log(0, "NET MIDDL----> 3", string(netRoleID))
 	if networkPermissionScope.FullAccess {
 		return nil
 	}
@ -92,7 +88,6 @@ func checkNetworkAccessPermissions(netRoleID models.UserRoleID, username, reqSco
 	if !ok {
 		return errors.New("access denied")
 	}
-	logger.Log(0, "NET MIDDL----> 4", string(netRoleID))
 	if allRsrcsTypePermissionScope, ok := rsrcPermissionScope[models.RsrcID(fmt.Sprintf("all_%s", targetRsrc))]; ok {
 		// handle extclient apis here
 		if models.RsrcType(targetRsrc) == models.ExtClientsRsrc && allRsrcsTypePermissionScope.SelfOnly && targetRsrcID != "" {
@ -118,7 +113,6 @@ func checkNetworkAccessPermissions(netRoleID models.UserRoleID, username, reqSco
 			}
 		}
 	}
-	logger.Log(0, "NET MIDDL----> 5", string(netRoleID))
 	if targetRsrcID == "" {
 		return errors.New("target rsrc id is empty")
 	}
@ -128,7 +122,6 @@ func checkNetworkAccessPermissions(netRoleID models.UserRoleID, username, reqSco
 			return nil
 		}
 	}
-	logger.Log(0, "NET MIDDL----> 6", string(netRoleID))
 	return errors.New("access denied")
 }

--- a/pro/logic/user_mgmt.go
+++ b/pro/logic/user_mgmt.go
@ -533,7 +533,7 @@ func HasNetworkRsrcScope(permissionTemplate models.UserRolePermissionTemplate, n
 func GetUserRAGNodes(user models.User) (gws map[string]models.Node) {
 	gws = make(map[string]models.Node)
 	userGwAccessScope := GetUserNetworkRolesWithRemoteVPNAccess(user)
-	logger.Log(0, fmt.Sprintf("User Gw Access Scope: %+v", userGwAccessScope))
+	logger.Log(3, fmt.Sprintf("User Gw Access Scope: %+v", userGwAccessScope))
 	_, allNetAccess := userGwAccessScope["*"]
 	nodes, err := logic.GetAllNodes()
 	if err != nil {
--- a/servercfg/serverconf.go
+++ b/servercfg/serverconf.go
@ -809,3 +809,8 @@ func GetAllowedEmailDomains() string {
 	}
 	return allowedDomains
 }
+
+// GetNmBaseDomain - fetches nm base domain
+func GetNmBaseDomain() string {
+	return os.Getenv("NM_DOMAIN")
+}