mirror of
https://github.com/gravitl/netmaker.git
synced 2024-09-20 23:36:18 +08:00
compiling with changes pushed for json token. Have NOT TESTED. Will probably run into issues. Need to test multiple egress ranges, AllowedIPs, and overriding connection strings.
This commit is contained in:
parent
e11a15dfff
commit
977da6b129
|
@ -36,10 +36,13 @@ type EnvironmentConfig struct {
|
||||||
|
|
||||||
// ServerConfig :
|
// ServerConfig :
|
||||||
type ServerConfig struct {
|
type ServerConfig struct {
|
||||||
|
APIConnString string `yaml:"apiconn"`
|
||||||
APIHost string `yaml:"apihost"`
|
APIHost string `yaml:"apihost"`
|
||||||
APIPort string `yaml:"apiport"`
|
APIPort string `yaml:"apiport"`
|
||||||
|
GRPCConnString string `yaml:"grpcconn"`
|
||||||
GRPCHost string `yaml:"grpchost"`
|
GRPCHost string `yaml:"grpchost"`
|
||||||
GRPCPort string `yaml:"grpcport"`
|
GRPCPort string `yaml:"grpcport"`
|
||||||
|
GRPCSecure string `yaml:"grpcsecure"`
|
||||||
DefaultNodeLimit int32 `yaml:"defaultnodelimit"`
|
DefaultNodeLimit int32 `yaml:"defaultnodelimit"`
|
||||||
MasterKey string `yaml:"masterkey"`
|
MasterKey string `yaml:"masterkey"`
|
||||||
AllowedOrigin string `yaml:"allowedorigin"`
|
AllowedOrigin string `yaml:"allowedorigin"`
|
||||||
|
@ -48,6 +51,8 @@ type ServerConfig struct {
|
||||||
ClientMode string `yaml:"clientmode"`
|
ClientMode string `yaml:"clientmode"`
|
||||||
DNSMode string `yaml:"dnsmode"`
|
DNSMode string `yaml:"dnsmode"`
|
||||||
DisableRemoteIPCheck string `yaml:"disableremoteipcheck"`
|
DisableRemoteIPCheck string `yaml:"disableremoteipcheck"`
|
||||||
|
DisableDefaultNet string `yaml:"disabledefaultnet"`
|
||||||
|
GRPCSSL string `yaml:"grpcssl"`
|
||||||
}
|
}
|
||||||
|
|
||||||
type WG struct {
|
type WG struct {
|
||||||
|
|
|
@ -84,7 +84,7 @@ func grpcAuthorize(ctx context.Context) error {
|
||||||
}
|
}
|
||||||
emptynode := models.Node{}
|
emptynode := models.Node{}
|
||||||
node, err := functions.GetNodeByMacAddress(network, mac)
|
node, err := functions.GetNodeByMacAddress(network, mac)
|
||||||
if err != nil || node == emptynode {
|
if err != nil || node.MacAddress == emptynode.MacAddress {
|
||||||
return status.Errorf(codes.Unauthenticated, "Node does not exist.")
|
return status.Errorf(codes.Unauthenticated, "Node does not exist.")
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -6,11 +6,10 @@ import (
|
||||||
"encoding/json"
|
"encoding/json"
|
||||||
"errors"
|
"errors"
|
||||||
"fmt"
|
"fmt"
|
||||||
"net"
|
|
||||||
"net/http"
|
"net/http"
|
||||||
"strings"
|
"strings"
|
||||||
"time"
|
"time"
|
||||||
|
"github.com/jinzhu/copier"
|
||||||
"github.com/go-playground/validator/v10"
|
"github.com/go-playground/validator/v10"
|
||||||
"github.com/gorilla/mux"
|
"github.com/gorilla/mux"
|
||||||
"github.com/gravitl/netmaker/functions"
|
"github.com/gravitl/netmaker/functions"
|
||||||
|
@ -194,13 +193,14 @@ func ValidateNetworkCreate(network models.Network) error {
|
||||||
//
|
//
|
||||||
_ = v.RegisterValidation("netid_valid", func(fl validator.FieldLevel) bool {
|
_ = v.RegisterValidation("netid_valid", func(fl validator.FieldLevel) bool {
|
||||||
isFieldUnique, _ := functions.IsNetworkNameUnique(fl.Field().String())
|
isFieldUnique, _ := functions.IsNetworkNameUnique(fl.Field().String())
|
||||||
// inCharSet := functions.NameInNetworkCharSet(fl.Field().String())
|
inCharSet := functions.NameInNetworkCharSet(fl.Field().String())
|
||||||
return isFieldUnique
|
return isFieldUnique && inCharSet
|
||||||
})
|
})
|
||||||
//
|
//
|
||||||
_ = v.RegisterValidation("displayname_unique", func(fl validator.FieldLevel) bool {
|
_ = v.RegisterValidation("displayname_valid", func(fl validator.FieldLevel) bool {
|
||||||
isFieldUnique, _ := functions.IsNetworkDisplayNameUnique(fl.Field().String())
|
isFieldUnique, _ := functions.IsNetworkDisplayNameUnique(fl.Field().String())
|
||||||
return isFieldUnique
|
inCharSet := functions.NameInNetworkCharSet(fl.Field().String())
|
||||||
|
return isFieldUnique && inCharSet
|
||||||
})
|
})
|
||||||
|
|
||||||
err := v.Struct(network)
|
err := v.Struct(network)
|
||||||
|
@ -677,12 +677,28 @@ func CreateAccessKey(accesskey models.AccessKey, network models.Network) (models
|
||||||
}
|
}
|
||||||
|
|
||||||
netID := network.NetID
|
netID := network.NetID
|
||||||
grpcaddress := net.JoinHostPort(servercfg.GetGRPCHost(), servercfg.GetGRPCPort())
|
|
||||||
apiaddress := net.JoinHostPort(servercfg.GetAPIHost(), servercfg.GetAPIPort())
|
|
||||||
wgport := servercfg.GetGRPCWGPort()
|
|
||||||
|
|
||||||
accessstringdec := wgport + "|" +grpcaddress + "|" + apiaddress + "|" + netID + "|" + accesskey.Value + "|" + privAddr
|
var accessToken models.AccessToken
|
||||||
accesskey.AccessString = base64.StdEncoding.EncodeToString([]byte(accessstringdec))
|
var tokensrvcfg models.ServerConfig
|
||||||
|
var tokenwgcfg models.WG
|
||||||
|
srvcfg := servercfg.GetServerConfig()
|
||||||
|
wgcfg := servercfg.GetWGConfig()
|
||||||
|
copier.Copy(tokensrvcfg, srvcfg)
|
||||||
|
copier.Copy(tokenwgcfg, wgcfg)
|
||||||
|
|
||||||
|
accessToken.ServerConfig = tokensrvcfg
|
||||||
|
accessToken.WG = tokenwgcfg
|
||||||
|
accessToken.ClientConfig.Network = netID
|
||||||
|
accessToken.ClientConfig.Key = accesskey.Value
|
||||||
|
accessToken.ClientConfig.LocalRange = privAddr
|
||||||
|
|
||||||
|
tokenjson, err := json.Marshal(accessToken)
|
||||||
|
if err != nil {
|
||||||
|
return accesskey, err
|
||||||
|
}
|
||||||
|
|
||||||
|
accesskey.AccessString = base64.StdEncoding.EncodeToString([]byte(tokenjson))
|
||||||
|
|
||||||
//validate accesskey
|
//validate accesskey
|
||||||
v := validator.New()
|
v := validator.New()
|
||||||
err = v.Struct(accesskey)
|
err = v.Struct(accesskey)
|
||||||
|
@ -716,10 +732,23 @@ func CreateAccessKey(accesskey models.AccessKey, network models.Network) (models
|
||||||
func GetSignupToken(netID string) (models.AccessKey, error) {
|
func GetSignupToken(netID string) (models.AccessKey, error) {
|
||||||
|
|
||||||
var accesskey models.AccessKey
|
var accesskey models.AccessKey
|
||||||
address := net.JoinHostPort(servercfg.GetGRPCHost(), servercfg.GetGRPCPort())
|
var accessToken models.AccessToken
|
||||||
|
var tokensrvcfg models.ServerConfig
|
||||||
|
var tokenwgcfg models.WG
|
||||||
|
srvcfg := servercfg.GetServerConfig()
|
||||||
|
wgcfg := servercfg.GetWGConfig()
|
||||||
|
copier.Copy(tokensrvcfg, srvcfg)
|
||||||
|
copier.Copy(tokenwgcfg, wgcfg)
|
||||||
|
|
||||||
accessstringdec := address + "|" + netID + "|" + "" + "|"
|
accessToken.ServerConfig = tokensrvcfg
|
||||||
accesskey.AccessString = base64.StdEncoding.EncodeToString([]byte(accessstringdec))
|
accessToken.WG = tokenwgcfg
|
||||||
|
|
||||||
|
tokenjson, err := json.Marshal(accessToken)
|
||||||
|
if err != nil {
|
||||||
|
return accesskey, err
|
||||||
|
}
|
||||||
|
|
||||||
|
accesskey.AccessString = base64.StdEncoding.EncodeToString([]byte(tokenjson))
|
||||||
return accesskey, nil
|
return accesskey, nil
|
||||||
}
|
}
|
||||||
func getSignupToken(w http.ResponseWriter, r *http.Request) {
|
func getSignupToken(w http.ResponseWriter, r *http.Request) {
|
||||||
|
|
|
@ -612,7 +612,7 @@ func CreateEgressGateway(gateway models.EgressGatewayRequest) (models.Node, erro
|
||||||
{"postup", nodechange.PostUp},
|
{"postup", nodechange.PostUp},
|
||||||
{"postdown", nodechange.PostDown},
|
{"postdown", nodechange.PostDown},
|
||||||
{"isegressgateway", nodechange.IsEgressGateway},
|
{"isegressgateway", nodechange.IsEgressGateway},
|
||||||
{"egressgatewayrange", nodechange.EgressGatewayRange},
|
{"egressgatewayranges", nodechange.EgressGatewayRanges},
|
||||||
{"lastmodified", nodechange.LastModified},
|
{"lastmodified", nodechange.LastModified},
|
||||||
}},
|
}},
|
||||||
}
|
}
|
||||||
|
@ -636,10 +636,10 @@ func CreateEgressGateway(gateway models.EgressGatewayRequest) (models.Node, erro
|
||||||
|
|
||||||
func ValidateEgressGateway(gateway models.EgressGatewayRequest) error {
|
func ValidateEgressGateway(gateway models.EgressGatewayRequest) error {
|
||||||
var err error
|
var err error
|
||||||
isIp := functions.IsIpCIDR(gateway.RangeString)
|
//isIp := functions.IsIpCIDR(gateway.RangeString)
|
||||||
empty := gateway.RangeString == ""
|
empty := len(gateway.Ranges)==0
|
||||||
if empty || !isIp {
|
if empty {
|
||||||
err = errors.New("IP Range Not Valid")
|
err = errors.New("IP Ranges Cannot Be Empty")
|
||||||
}
|
}
|
||||||
empty = gateway.Interface == ""
|
empty = gateway.Interface == ""
|
||||||
if empty {
|
if empty {
|
||||||
|
@ -670,7 +670,7 @@ func DeleteEgressGateway(network, macaddress string) (models.Node, error) {
|
||||||
}
|
}
|
||||||
|
|
||||||
nodechange.IsEgressGateway = false
|
nodechange.IsEgressGateway = false
|
||||||
nodechange.EgressGatewayRange = ""
|
nodechange.EgressGatewayRanges = []string{}
|
||||||
nodechange.PostUp = ""
|
nodechange.PostUp = ""
|
||||||
nodechange.PostDown = ""
|
nodechange.PostDown = ""
|
||||||
|
|
||||||
|
@ -685,7 +685,7 @@ func DeleteEgressGateway(network, macaddress string) (models.Node, error) {
|
||||||
{"postup", nodechange.PostUp},
|
{"postup", nodechange.PostUp},
|
||||||
{"postdown", nodechange.PostDown},
|
{"postdown", nodechange.PostDown},
|
||||||
{"isegressgateway", nodechange.IsEgressGateway},
|
{"isegressgateway", nodechange.IsEgressGateway},
|
||||||
{"egressgatewayrange", nodechange.EgressGatewayRange},
|
{"egressgatewayranges", nodechange.EgressGatewayRanges},
|
||||||
{"lastmodified", nodechange.LastModified},
|
{"lastmodified", nodechange.LastModified},
|
||||||
}},
|
}},
|
||||||
}
|
}
|
||||||
|
|
|
@ -555,7 +555,7 @@ func GetNodeObj(id primitive.ObjectID) models.Node {
|
||||||
//Switch to REGEX?
|
//Switch to REGEX?
|
||||||
func NameInNetworkCharSet(name string) bool {
|
func NameInNetworkCharSet(name string) bool {
|
||||||
|
|
||||||
charset := "abcdefghijklmnopqrstuvwxyz1234567890-_"
|
charset := "abcdefghijklmnopqrstuvwxyz1234567890-_."
|
||||||
|
|
||||||
for _, char := range name {
|
for _, char := range name {
|
||||||
if !strings.Contains(charset, strings.ToLower(string(char))) {
|
if !strings.Contains(charset, strings.ToLower(string(char))) {
|
||||||
|
|
1
go.mod
1
go.mod
|
@ -9,6 +9,7 @@ require (
|
||||||
github.com/golang/protobuf v1.5.2 // indirect
|
github.com/golang/protobuf v1.5.2 // indirect
|
||||||
github.com/gorilla/handlers v1.5.1
|
github.com/gorilla/handlers v1.5.1
|
||||||
github.com/gorilla/mux v1.8.0
|
github.com/gorilla/mux v1.8.0
|
||||||
|
github.com/jinzhu/copier v0.3.2 // indirect
|
||||||
github.com/skip2/go-qrcode v0.0.0-20200617195104-da1b6568686e // indirect
|
github.com/skip2/go-qrcode v0.0.0-20200617195104-da1b6568686e // indirect
|
||||||
github.com/stretchr/testify v1.6.1
|
github.com/stretchr/testify v1.6.1
|
||||||
github.com/txn2/txeh v1.3.0
|
github.com/txn2/txeh v1.3.0
|
||||||
|
|
2
go.sum
2
go.sum
|
@ -93,6 +93,8 @@ github.com/gorilla/mux v1.8.0 h1:i40aqfkR1h2SlN9hojwV5ZA91wcXFOvkdNIeFDP5koI=
|
||||||
github.com/gorilla/mux v1.8.0/go.mod h1:DVbg23sWSpFRCP0SfiEN6jmj59UnW/n46BH5rLB71So=
|
github.com/gorilla/mux v1.8.0/go.mod h1:DVbg23sWSpFRCP0SfiEN6jmj59UnW/n46BH5rLB71So=
|
||||||
github.com/hashicorp/hcl v1.0.0/go.mod h1:E5yfLk+7swimpb2L/Alb/PJmXilQ/rhwaUYs4T20WEQ=
|
github.com/hashicorp/hcl v1.0.0/go.mod h1:E5yfLk+7swimpb2L/Alb/PJmXilQ/rhwaUYs4T20WEQ=
|
||||||
github.com/inconshreveable/mousetrap v1.0.0/go.mod h1:PxqpIevigyE2G7u3NXJIT2ANytuPF1OarO4DADm73n8=
|
github.com/inconshreveable/mousetrap v1.0.0/go.mod h1:PxqpIevigyE2G7u3NXJIT2ANytuPF1OarO4DADm73n8=
|
||||||
|
github.com/jinzhu/copier v0.3.2 h1:QdBOCbaouLDYaIPFfi1bKv5F5tPpeTwXe4sD0jqtz5w=
|
||||||
|
github.com/jinzhu/copier v0.3.2/go.mod h1:24xnZezI2Yqac9J61UC6/dG/k76ttpq0DdJI3QmUvro=
|
||||||
github.com/jmespath/go-jmespath v0.4.0 h1:BEgLn5cpjn8UN1mAw4NjwDrS35OdebyEtFe+9YPoQUg=
|
github.com/jmespath/go-jmespath v0.4.0 h1:BEgLn5cpjn8UN1mAw4NjwDrS35OdebyEtFe+9YPoQUg=
|
||||||
github.com/jmespath/go-jmespath v0.4.0/go.mod h1:T8mJZnbsbmF+m6zOOFylbeCJqk5+pHWvzYPziyZiYoo=
|
github.com/jmespath/go-jmespath v0.4.0/go.mod h1:T8mJZnbsbmF+m6zOOFylbeCJqk5+pHWvzYPziyZiYoo=
|
||||||
github.com/jmespath/go-jmespath/internal/testify v1.5.1 h1:shLQSRRSCCPj3f2gpwzGwWFoC7ycTf1rcQZHOlsJ6N8=
|
github.com/jmespath/go-jmespath/internal/testify v1.5.1 h1:shLQSRRSCCPj3f2gpwzGwWFoC7ycTf1rcQZHOlsJ6N8=
|
||||||
|
|
5
main.go
5
main.go
|
@ -146,8 +146,11 @@ func runGRPC(wg *sync.WaitGroup, installserver bool) {
|
||||||
log.Println("Agent Server succesfully started on port " + grpcport + " (gRPC)")
|
log.Println("Agent Server succesfully started on port " + grpcport + " (gRPC)")
|
||||||
|
|
||||||
if installserver {
|
if installserver {
|
||||||
|
success := true
|
||||||
|
if !servercfg.DisableDefaultNet() {
|
||||||
log.Println("Adding server to default network")
|
log.Println("Adding server to default network")
|
||||||
success, err := serverctl.AddNetwork("default")
|
success, err = serverctl.AddNetwork("default")
|
||||||
|
}
|
||||||
if err != nil {
|
if err != nil {
|
||||||
log.Printf("Error adding to default network: %v", err)
|
log.Printf("Error adding to default network: %v", err)
|
||||||
log.Println("Unable to add server to network. Continuing.")
|
log.Println("Unable to add server to network. Continuing.")
|
||||||
|
|
31
models/accessToken.go
Normal file
31
models/accessToken.go
Normal file
|
@ -0,0 +1,31 @@
|
||||||
|
package models
|
||||||
|
|
||||||
|
type AccessToken struct {
|
||||||
|
ServerConfig
|
||||||
|
ClientConfig
|
||||||
|
WG
|
||||||
|
}
|
||||||
|
|
||||||
|
type ClientConfig struct {
|
||||||
|
Network string `json:"network"`
|
||||||
|
Key string `json:"key"`
|
||||||
|
LocalRange string `json:"localrange"`
|
||||||
|
}
|
||||||
|
|
||||||
|
type ServerConfig struct {
|
||||||
|
APIConnString string `json:"apiconn"`
|
||||||
|
APIHost string `json:"apihost"`
|
||||||
|
APIPort string `json:"apiport"`
|
||||||
|
GRPCConnString string `json:"grpcconn"`
|
||||||
|
GRPCHost string `json:"grpchost"`
|
||||||
|
GRPCPort string `json:"grpcport"`
|
||||||
|
GRPCSSL string `json:"grpcssl"`
|
||||||
|
}
|
||||||
|
|
||||||
|
type WG struct {
|
||||||
|
GRPCWireGuard string `json:"grpcwg"`
|
||||||
|
GRPCWGAddress string `json:"grpcaddr"`
|
||||||
|
GRPCWGPort string `json:"grpcport"`
|
||||||
|
GRPCWGPubKey string `json:"pubkey"`
|
||||||
|
GRPCWGEndpoint string `json:"endpoint"`
|
||||||
|
}
|
|
@ -16,8 +16,8 @@ type Network struct {
|
||||||
// AddressRange6 string `json:"addressrange6" bson:"addressrange6" validate:"required_with=isdualstack true,cidrv6"`
|
// AddressRange6 string `json:"addressrange6" bson:"addressrange6" validate:"required_with=isdualstack true,cidrv6"`
|
||||||
AddressRange6 string `json:"addressrange6" bson:"addressrange6" validate:"addressrange6_valid"`
|
AddressRange6 string `json:"addressrange6" bson:"addressrange6" validate:"addressrange6_valid"`
|
||||||
//can't have min=1 with omitempty
|
//can't have min=1 with omitempty
|
||||||
DisplayName string `json:"displayname,omitempty" bson:"displayname,omitempty" validate:"omitempty,alphanum,min=2,max=20,displayname_unique"`
|
DisplayName string `json:"displayname,omitempty" bson:"displayname,omitempty" validate:"omitempty,min=1,max=20,displayname_valid"`
|
||||||
NetID string `json:"netid" bson:"netid" validate:"required,alphanum,min=1,max=12,netid_valid"`
|
NetID string `json:"netid" bson:"netid" validate:"required,min=1,max=12,netid_valid"`
|
||||||
NodesLastModified int64 `json:"nodeslastmodified" bson:"nodeslastmodified"`
|
NodesLastModified int64 `json:"nodeslastmodified" bson:"nodeslastmodified"`
|
||||||
NetworkLastModified int64 `json:"networklastmodified" bson:"networklastmodified"`
|
NetworkLastModified int64 `json:"networklastmodified" bson:"networklastmodified"`
|
||||||
DefaultInterface string `json:"defaultinterface" bson:"defaultinterface"`
|
DefaultInterface string `json:"defaultinterface" bson:"defaultinterface"`
|
||||||
|
@ -47,8 +47,8 @@ type NetworkUpdate struct {
|
||||||
// AddressRange6 string `json:"addressrange6" bson:"addressrange6" validate:"required_with=isdualstack true,cidrv6"`
|
// AddressRange6 string `json:"addressrange6" bson:"addressrange6" validate:"required_with=isdualstack true,cidrv6"`
|
||||||
AddressRange6 string `json:"addressrange6" bson:"addressrange6" validate:"omitempty,cidr"`
|
AddressRange6 string `json:"addressrange6" bson:"addressrange6" validate:"omitempty,cidr"`
|
||||||
//can't have min=1 with omitempty
|
//can't have min=1 with omitempty
|
||||||
DisplayName string `json:"displayname,omitempty" bson:"displayname,omitempty" validate:"omitempty,alphanum,min=2,max=20"`
|
DisplayName string `json:"displayname,omitempty" bson:"displayname,omitempty" validate:"omitempty,validnetid,min=1,max=20"`
|
||||||
NetID string `json:"netid" bson:"netid" validate:"omitempty,alphanum,min=1,max=12"`
|
NetID string `json:"netid" bson:"netid" validate:"omitempty,validnetid,min=1,max=15"`
|
||||||
NodesLastModified int64 `json:"nodeslastmodified" bson:"nodeslastmodified"`
|
NodesLastModified int64 `json:"nodeslastmodified" bson:"nodeslastmodified"`
|
||||||
NetworkLastModified int64 `json:"networklastmodified" bson:"networklastmodified"`
|
NetworkLastModified int64 `json:"networklastmodified" bson:"networklastmodified"`
|
||||||
DefaultInterface string `json:"defaultinterface" bson:"defaultinterface"`
|
DefaultInterface string `json:"defaultinterface" bson:"defaultinterface"`
|
||||||
|
@ -86,7 +86,11 @@ func (network *Network) SetDefaults() {
|
||||||
network.DisplayName = network.NetID
|
network.DisplayName = network.NetID
|
||||||
}
|
}
|
||||||
if network.DefaultInterface == "" {
|
if network.DefaultInterface == "" {
|
||||||
|
if len(network.NetID) < 13 {
|
||||||
network.DefaultInterface = "nm-" + network.NetID
|
network.DefaultInterface = "nm-" + network.NetID
|
||||||
|
} else {
|
||||||
|
network.DefaultInterface = network.NetID
|
||||||
|
}
|
||||||
}
|
}
|
||||||
if network.DefaultListenPort == 0 {
|
if network.DefaultListenPort == 0 {
|
||||||
network.DefaultListenPort = 51821
|
network.DefaultListenPort = 51821
|
||||||
|
|
|
@ -28,7 +28,7 @@ type Node struct {
|
||||||
Endpoint string `json:"endpoint" bson:"endpoint" validate:"required,ip"`
|
Endpoint string `json:"endpoint" bson:"endpoint" validate:"required,ip"`
|
||||||
PostUp string `json:"postup" bson:"postup"`
|
PostUp string `json:"postup" bson:"postup"`
|
||||||
PostDown string `json:"postdown" bson:"postdown"`
|
PostDown string `json:"postdown" bson:"postdown"`
|
||||||
AllowedIPs string `json:"allowedips" bson:"allowedips"`
|
AllowedIPs []string `json:"allowedips" bson:"allowedips"`
|
||||||
PersistentKeepalive int32 `json:"persistentkeepalive" bson:"persistentkeepalive" validate:"omitempty,numeric,max=1000"`
|
PersistentKeepalive int32 `json:"persistentkeepalive" bson:"persistentkeepalive" validate:"omitempty,numeric,max=1000"`
|
||||||
SaveConfig *bool `json:"saveconfig" bson:"saveconfig"`
|
SaveConfig *bool `json:"saveconfig" bson:"saveconfig"`
|
||||||
AccessKey string `json:"accesskey" bson:"accesskey"`
|
AccessKey string `json:"accesskey" bson:"accesskey"`
|
||||||
|
@ -48,6 +48,8 @@ type Node struct {
|
||||||
EgressGatewayRanges []string `json:"egressgatewayranges" bson:"egressgatewayranges"`
|
EgressGatewayRanges []string `json:"egressgatewayranges" bson:"egressgatewayranges"`
|
||||||
IngressGatewayRange string `json:"ingressgatewayrange" bson:"ingressgatewayrange"`
|
IngressGatewayRange string `json:"ingressgatewayrange" bson:"ingressgatewayrange"`
|
||||||
PostChanges string `json:"postchanges" bson:"postchanges"`
|
PostChanges string `json:"postchanges" bson:"postchanges"`
|
||||||
|
StaticIP string `json:"staticip" bson:"staticip"`
|
||||||
|
StaticPubKey string `json:"staticpubkey" bson:"staticpubkey"`
|
||||||
}
|
}
|
||||||
|
|
||||||
//node update struct --- only validations are different
|
//node update struct --- only validations are different
|
||||||
|
@ -62,7 +64,7 @@ type NodeUpdate struct {
|
||||||
Endpoint string `json:"endpoint" bson:"endpoint" validate:"omitempty,ip"`
|
Endpoint string `json:"endpoint" bson:"endpoint" validate:"omitempty,ip"`
|
||||||
PostUp string `json:"postup" bson:"postup"`
|
PostUp string `json:"postup" bson:"postup"`
|
||||||
PostDown string `json:"postdown" bson:"postdown"`
|
PostDown string `json:"postdown" bson:"postdown"`
|
||||||
AllowedIPs string `json:"allowedips" bson:"allowedips"`
|
AllowedIPs []string `json:"allowedips" bson:"allowedips"`
|
||||||
PersistentKeepalive int32 `json:"persistentkeepalive" bson:"persistentkeepalive" validate:"omitempty,numeric,max=1000"`
|
PersistentKeepalive int32 `json:"persistentkeepalive" bson:"persistentkeepalive" validate:"omitempty,numeric,max=1000"`
|
||||||
SaveConfig *bool `json:"saveconfig" bson:"saveconfig"`
|
SaveConfig *bool `json:"saveconfig" bson:"saveconfig"`
|
||||||
AccessKey string `json:"accesskey" bson:"accesskey"`
|
AccessKey string `json:"accesskey" bson:"accesskey"`
|
||||||
|
@ -80,8 +82,10 @@ type NodeUpdate struct {
|
||||||
IsIngressGateway bool `json:"isingressgateway" bson:"isingressgateway"`
|
IsIngressGateway bool `json:"isingressgateway" bson:"isingressgateway"`
|
||||||
IsEgressGateway bool `json:"isegressgateway" bson:"isegressgateway"`
|
IsEgressGateway bool `json:"isegressgateway" bson:"isegressgateway"`
|
||||||
IngressGatewayRange string `json:"ingressgatewayrange" bson:"ingressgatewayrange"`
|
IngressGatewayRange string `json:"ingressgatewayrange" bson:"ingressgatewayrange"`
|
||||||
EgressGatewayRange string `json:"gatewayrange" bson:"gatewayrange"`
|
EgressGatewayRanges []string `json:"egressgatewayranges" bson:"egressgatewayranges"`
|
||||||
PostChanges string `json:"postchanges" bson:"postchanges"`
|
PostChanges string `json:"postchanges" bson:"postchanges"`
|
||||||
|
StaticIP string `json:"staticip" bson:"staticip"`
|
||||||
|
StaticPubKey string `json:"staticpubkey" bson:"staticpubkey"`
|
||||||
}
|
}
|
||||||
|
|
||||||
//Duplicated function for NodeUpdates
|
//Duplicated function for NodeUpdates
|
||||||
|
@ -191,6 +195,13 @@ func (node *Node) SetDefaults() {
|
||||||
postup := parentNetwork.DefaultPostUp
|
postup := parentNetwork.DefaultPostUp
|
||||||
node.PostUp = postup
|
node.PostUp = postup
|
||||||
}
|
}
|
||||||
|
if node.StaticIP == "" {
|
||||||
|
node.StaticIP = "no"
|
||||||
|
}
|
||||||
|
if node.StaticPubKey == "" {
|
||||||
|
node.StaticPubKey = "no"
|
||||||
|
}
|
||||||
|
|
||||||
node.CheckInInterval = parentNetwork.DefaultCheckInInterval
|
node.CheckInInterval = parentNetwork.DefaultCheckInInterval
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
|
@ -6,10 +6,9 @@ import (
|
||||||
"os"
|
"os"
|
||||||
"encoding/base64"
|
"encoding/base64"
|
||||||
"errors"
|
"errors"
|
||||||
"strings"
|
|
||||||
"fmt"
|
"fmt"
|
||||||
"net"
|
|
||||||
"log"
|
"log"
|
||||||
|
"encoding/json"
|
||||||
"gopkg.in/yaml.v3"
|
"gopkg.in/yaml.v3"
|
||||||
nodepb "github.com/gravitl/netmaker/grpc"
|
nodepb "github.com/gravitl/netmaker/grpc"
|
||||||
"github.com/gravitl/netmaker/models"
|
"github.com/gravitl/netmaker/models"
|
||||||
|
@ -29,6 +28,8 @@ type ServerConfig struct {
|
||||||
GRPCAddress string `yaml:"grpcaddress"`
|
GRPCAddress string `yaml:"grpcaddress"`
|
||||||
APIAddress string `yaml:"apiaddress"`
|
APIAddress string `yaml:"apiaddress"`
|
||||||
AccessKey string `yaml:"accesskey"`
|
AccessKey string `yaml:"accesskey"`
|
||||||
|
GRPCSSL string `yaml:"grpcssl"`
|
||||||
|
GRPCWireGuard string `yaml:"grpcwg"`
|
||||||
}
|
}
|
||||||
|
|
||||||
type ListConfig struct {
|
type ListConfig struct {
|
||||||
|
@ -53,16 +54,19 @@ type NodeConfig struct {
|
||||||
IsLocal string `yaml:"islocal"`
|
IsLocal string `yaml:"islocal"`
|
||||||
IsDualStack string `yaml:"isdualstack"`
|
IsDualStack string `yaml:"isdualstack"`
|
||||||
IsIngressGateway string `yaml:"isingressgateway"`
|
IsIngressGateway string `yaml:"isingressgateway"`
|
||||||
AllowedIPs string `yaml:"allowedips"`
|
AllowedIPs []string `yaml:"allowedips"`
|
||||||
LocalRange string `yaml:"localrange"`
|
LocalRange string `yaml:"localrange"`
|
||||||
PostUp string `yaml:"postup"`
|
PostUp string `yaml:"postup"`
|
||||||
PostDown string `yaml:"postdown"`
|
PostDown string `yaml:"postdown"`
|
||||||
Port int32 `yaml:"port"`
|
Port int32 `yaml:"port"`
|
||||||
KeepAlive int32 `yaml:"keepalive"`
|
KeepAlive int32 `yaml:"keepalive"`
|
||||||
PublicKey string `yaml:"publickey"`
|
PublicKey string `yaml:"publickey"`
|
||||||
|
ServerPubKey string `yaml:"serverpubkey"`
|
||||||
PrivateKey string `yaml:"privatekey"`
|
PrivateKey string `yaml:"privatekey"`
|
||||||
Endpoint string `yaml:"endpoint"`
|
Endpoint string `yaml:"endpoint"`
|
||||||
PostChanges string `yaml:"postchanges"`
|
PostChanges string `yaml:"postchanges"`
|
||||||
|
StaticIP string `yaml:"staticip"`
|
||||||
|
StaticPubKey string `yaml:"staticpubkey"`
|
||||||
IPForwarding string `yaml:"ipforwarding"`
|
IPForwarding string `yaml:"ipforwarding"`
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -375,16 +379,34 @@ func GetCLIConfig(c *cli.Context) (ClientConfig, error){
|
||||||
log.Println("error decoding token")
|
log.Println("error decoding token")
|
||||||
return cfg, err
|
return cfg, err
|
||||||
}
|
}
|
||||||
token := string(tokenbytes)
|
var accesstoken models.AccessToken
|
||||||
tokenvals := strings.Split(token, "|")
|
if err := json.Unmarshal(tokenbytes, &accesstoken); err != nil {
|
||||||
|
log.Println("error converting token json to object", tokenbytes )
|
||||||
cfg.Server.GRPCAddress = tokenvals[1]
|
return cfg, err
|
||||||
cfg.Network = tokenvals[3]
|
|
||||||
cfg.Node.Network = tokenvals[3]
|
|
||||||
cfg.Server.AccessKey = tokenvals[4]
|
|
||||||
if len(tokenvals) > 4 {
|
|
||||||
cfg.Node.LocalRange = tokenvals[5]
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if accesstoken.ServerConfig.APIConnString != "" {
|
||||||
|
cfg.Server.APIAddress = accesstoken.ServerConfig.APIConnString
|
||||||
|
} else {
|
||||||
|
cfg.Server.APIAddress = accesstoken.ServerConfig.APIHost
|
||||||
|
if accesstoken.ServerConfig.APIPort != "" {
|
||||||
|
cfg.Server.APIAddress = cfg.Server.APIAddress + ":" + accesstoken.ServerConfig.APIPort
|
||||||
|
}
|
||||||
|
}
|
||||||
|
if accesstoken.ServerConfig.GRPCConnString != "" {
|
||||||
|
cfg.Server.GRPCAddress = accesstoken.ServerConfig.GRPCConnString
|
||||||
|
} else {
|
||||||
|
cfg.Server.GRPCAddress = accesstoken.ServerConfig.GRPCHost
|
||||||
|
if accesstoken.ServerConfig.GRPCPort != "" {
|
||||||
|
cfg.Server.GRPCAddress = cfg.Server.GRPCAddress + ":" + accesstoken.ServerConfig.GRPCPort
|
||||||
|
}
|
||||||
|
}
|
||||||
|
cfg.Network = accesstoken.ClientConfig.Network
|
||||||
|
cfg.Node.Network = accesstoken.ClientConfig.Network
|
||||||
|
cfg.Server.AccessKey = accesstoken.ClientConfig.Key
|
||||||
|
cfg.Node.LocalRange = accesstoken.ClientConfig.LocalRange
|
||||||
|
cfg.Server.GRPCSSL = accesstoken.ServerConfig.GRPCSSL
|
||||||
|
cfg.Server.GRPCWireGuard = accesstoken.WG.GRPCWireGuard
|
||||||
if c.String("grpcserver") != "" {
|
if c.String("grpcserver") != "" {
|
||||||
cfg.Server.GRPCAddress = c.String("grpcserver")
|
cfg.Server.GRPCAddress = c.String("grpcserver")
|
||||||
}
|
}
|
||||||
|
@ -401,6 +423,13 @@ func GetCLIConfig(c *cli.Context) (ClientConfig, error){
|
||||||
if c.String("localrange") != "" {
|
if c.String("localrange") != "" {
|
||||||
cfg.Node.LocalRange = c.String("localrange")
|
cfg.Node.LocalRange = c.String("localrange")
|
||||||
}
|
}
|
||||||
|
if c.String("grpcssl") != "" {
|
||||||
|
cfg.Server.GRPCSSL = c.String("grpcssl")
|
||||||
|
}
|
||||||
|
if c.String("grpcwg") != "" {
|
||||||
|
cfg.Server.GRPCWireGuard = c.String("grpcwg")
|
||||||
|
}
|
||||||
|
|
||||||
} else {
|
} else {
|
||||||
cfg.Server.GRPCAddress = c.String("grpcserver")
|
cfg.Server.GRPCAddress = c.String("grpcserver")
|
||||||
cfg.Server.APIAddress = c.String("apiserver")
|
cfg.Server.APIAddress = c.String("apiserver")
|
||||||
|
@ -408,6 +437,8 @@ func GetCLIConfig(c *cli.Context) (ClientConfig, error){
|
||||||
cfg.Network = c.String("network")
|
cfg.Network = c.String("network")
|
||||||
cfg.Node.Network = c.String("network")
|
cfg.Node.Network = c.String("network")
|
||||||
cfg.Node.LocalRange = c.String("localrange")
|
cfg.Node.LocalRange = c.String("localrange")
|
||||||
|
cfg.Server.GRPCWireGuard = c.String("grpcwg")
|
||||||
|
cfg.Server.GRPCSSL = c.String("grpcssl")
|
||||||
}
|
}
|
||||||
cfg.Node.Name = c.String("name")
|
cfg.Node.Name = c.String("name")
|
||||||
cfg.Node.Interface = c.String("interface")
|
cfg.Node.Interface = c.String("interface")
|
||||||
|
@ -442,22 +473,32 @@ func GetCLIConfigRegister(c *cli.Context) (GlobalConfig, error){
|
||||||
log.Println("error decoding token")
|
log.Println("error decoding token")
|
||||||
return cfg, err
|
return cfg, err
|
||||||
}
|
}
|
||||||
token := string(tokenbytes)
|
var accesstoken models.AccessToken
|
||||||
tokenvals := strings.Split(token, "|")
|
if err := json.Unmarshal(tokenbytes, &accesstoken); err != nil {
|
||||||
|
log.Println("error converting token json to object", tokenbytes )
|
||||||
cfg.Client.ServerPrivateAddress, cfg.Client.ServerGRPCPort, err = net.SplitHostPort(tokenvals[1])
|
return cfg, err
|
||||||
|
}
|
||||||
|
cfg.Client.ServerPrivateAddress = accesstoken.WG.GRPCWGAddress
|
||||||
|
cfg.Client.ServerGRPCPort = accesstoken.WG.GRPCWGPort
|
||||||
if err != nil {
|
if err != nil {
|
||||||
log.Println("error decoding token grpcserver")
|
log.Println("error decoding token grpcserver")
|
||||||
return cfg, err
|
return cfg, err
|
||||||
}
|
}
|
||||||
cfg.Client.ServerPublicEndpoint, cfg.Client.ServerAPIPort, err = net.SplitHostPort(tokenvals[2])
|
|
||||||
if err != nil {
|
if err != nil {
|
||||||
log.Println("error decoding token apiserver")
|
log.Println("error decoding token apiserver")
|
||||||
return cfg, err
|
return cfg, err
|
||||||
}
|
}
|
||||||
|
if accesstoken.ServerConfig.APIConnString != "" {
|
||||||
cfg.Client.ServerWGPort = tokenvals[0]
|
cfg.Client.ServerPublicEndpoint = accesstoken.ServerConfig.APIConnString
|
||||||
cfg.Client.ServerKey = tokenvals[4]
|
} else {
|
||||||
|
cfg.Client.ServerPublicEndpoint = accesstoken.ServerConfig.APIHost
|
||||||
|
if accesstoken.ServerConfig.APIPort != "" {
|
||||||
|
cfg.Client.ServerAPIPort = accesstoken.ServerConfig.APIPort
|
||||||
|
}
|
||||||
|
}
|
||||||
|
cfg.Client.ServerWGPort = accesstoken.WG.GRPCWGPort
|
||||||
|
cfg.Client.ServerKey = accesstoken.ClientConfig.Key
|
||||||
|
cfg.Client.ServerKey = accesstoken.WG.GRPCWGPubKey
|
||||||
|
|
||||||
if c.String("grpcserver") != "" {
|
if c.String("grpcserver") != "" {
|
||||||
cfg.Client.ServerPrivateAddress = c.String("grpcserver")
|
cfg.Client.ServerPrivateAddress = c.String("grpcserver")
|
||||||
|
@ -465,8 +506,8 @@ func GetCLIConfigRegister(c *cli.Context) (GlobalConfig, error){
|
||||||
if c.String("apiserver") != "" {
|
if c.String("apiserver") != "" {
|
||||||
cfg.Client.ServerPublicEndpoint = c.String("apiserver")
|
cfg.Client.ServerPublicEndpoint = c.String("apiserver")
|
||||||
}
|
}
|
||||||
if c.String("key") != "" {
|
if c.String("pubkey") != "" {
|
||||||
cfg.Client.ServerKey = c.String("key")
|
cfg.Client.ServerKey = c.String("pubkey")
|
||||||
}
|
}
|
||||||
if c.String("network") != "all" {
|
if c.String("network") != "all" {
|
||||||
cfg.Client.Network = c.String("network")
|
cfg.Client.Network = c.String("network")
|
||||||
|
|
|
@ -19,8 +19,10 @@ func SetHost() error {
|
||||||
}
|
}
|
||||||
func GetServerConfig() config.ServerConfig {
|
func GetServerConfig() config.ServerConfig {
|
||||||
var cfg config.ServerConfig
|
var cfg config.ServerConfig
|
||||||
|
cfg.APIConnString = GetAPIConnString()
|
||||||
cfg.APIHost = GetAPIHost()
|
cfg.APIHost = GetAPIHost()
|
||||||
cfg.APIPort = GetAPIPort()
|
cfg.APIPort = GetAPIPort()
|
||||||
|
cfg.GRPCConnString = GetGRPCConnString()
|
||||||
cfg.GRPCHost = GetGRPCHost()
|
cfg.GRPCHost = GetGRPCHost()
|
||||||
cfg.GRPCPort = GetGRPCPort()
|
cfg.GRPCPort = GetGRPCPort()
|
||||||
cfg.MasterKey = "(hidden)"
|
cfg.MasterKey = "(hidden)"
|
||||||
|
@ -41,10 +43,18 @@ func GetServerConfig() config.ServerConfig {
|
||||||
if IsDNSMode() {
|
if IsDNSMode() {
|
||||||
cfg.DNSMode = "on"
|
cfg.DNSMode = "on"
|
||||||
}
|
}
|
||||||
|
cfg.GRPCSSL = "off"
|
||||||
|
if IsGRPCSSL() {
|
||||||
|
cfg.GRPCSSL = "on"
|
||||||
|
}
|
||||||
cfg.DisableRemoteIPCheck = "off"
|
cfg.DisableRemoteIPCheck = "off"
|
||||||
if DisableRemoteIPCheck() {
|
if DisableRemoteIPCheck() {
|
||||||
cfg.DisableRemoteIPCheck = "on"
|
cfg.DisableRemoteIPCheck = "on"
|
||||||
}
|
}
|
||||||
|
cfg.DisableDefaultNet = "off"
|
||||||
|
if DisableDefaultNet() {
|
||||||
|
cfg.DisableRemoteIPCheck = "on"
|
||||||
|
}
|
||||||
return cfg
|
return cfg
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -63,7 +73,15 @@ func GetWGConfig() config.WG{
|
||||||
cfg.GRPCWGPrivKey = GetGRPCWGPrivKey()
|
cfg.GRPCWGPrivKey = GetGRPCWGPrivKey()
|
||||||
return cfg
|
return cfg
|
||||||
}
|
}
|
||||||
|
func GetAPIConnString() string {
|
||||||
|
conn := ""
|
||||||
|
if os.Getenv("SERVER_API_CONN_STRING") != "" {
|
||||||
|
conn = os.Getenv("SERVER_API_CONN_STRING")
|
||||||
|
} else if config.Config.Server.APIConnString != "" {
|
||||||
|
conn = config.Config.Server.APIConnString
|
||||||
|
}
|
||||||
|
return conn
|
||||||
|
}
|
||||||
func GetAPIHost() string {
|
func GetAPIHost() string {
|
||||||
serverhost := "127.0.0.1"
|
serverhost := "127.0.0.1"
|
||||||
if os.Getenv("SERVER_HTTP_HOST") != "" {
|
if os.Getenv("SERVER_HTTP_HOST") != "" {
|
||||||
|
@ -101,6 +119,15 @@ func GetDefaultNodeLimit() int32 {
|
||||||
}
|
}
|
||||||
return limit
|
return limit
|
||||||
}
|
}
|
||||||
|
func GetGRPCConnString() string {
|
||||||
|
conn := ""
|
||||||
|
if os.Getenv("SERVER_GRPC_CONN_STRING") != "" {
|
||||||
|
conn = os.Getenv("SERVER_GRPC_CONN_STRING")
|
||||||
|
} else if config.Config.Server.GRPCConnString != "" {
|
||||||
|
conn = config.Config.Server.GRPCConnString
|
||||||
|
}
|
||||||
|
return conn
|
||||||
|
}
|
||||||
|
|
||||||
func GetGRPCHost() string {
|
func GetGRPCHost() string {
|
||||||
serverhost := "127.0.0.1"
|
serverhost := "127.0.0.1"
|
||||||
|
@ -201,6 +228,21 @@ func IsDNSMode() bool {
|
||||||
}
|
}
|
||||||
return isdns
|
return isdns
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func IsGRPCSSL() bool {
|
||||||
|
isssl := false
|
||||||
|
if os.Getenv("GRPC_SSL") != "" {
|
||||||
|
if os.Getenv("GRPC_SSL") == "on" {
|
||||||
|
isssl = true
|
||||||
|
}
|
||||||
|
} else if config.Config.Server.DNSMode != "" {
|
||||||
|
if config.Config.Server.DNSMode == "on" {
|
||||||
|
isssl = true
|
||||||
|
}
|
||||||
|
}
|
||||||
|
return isssl
|
||||||
|
}
|
||||||
|
|
||||||
func DisableRemoteIPCheck() bool {
|
func DisableRemoteIPCheck() bool {
|
||||||
disabled := false
|
disabled := false
|
||||||
if os.Getenv("DISABLE_REMOTE_IP_CHECK") != "" {
|
if os.Getenv("DISABLE_REMOTE_IP_CHECK") != "" {
|
||||||
|
@ -214,6 +256,19 @@ func DisableRemoteIPCheck() bool {
|
||||||
}
|
}
|
||||||
return disabled
|
return disabled
|
||||||
}
|
}
|
||||||
|
func DisableDefaultNet() bool {
|
||||||
|
disabled := false
|
||||||
|
if os.Getenv("DISABLE_DEFAULT_NET") != "" {
|
||||||
|
if os.Getenv("DISABLE_DEFAULT_NET") == "on" {
|
||||||
|
disabled = true
|
||||||
|
}
|
||||||
|
} else if config.Config.Server.DisableDefaultNet != "" {
|
||||||
|
if config.Config.Server.DisableDefaultNet == "on" {
|
||||||
|
disabled= true
|
||||||
|
}
|
||||||
|
}
|
||||||
|
return disabled
|
||||||
|
}
|
||||||
func GetPublicIP() (string, error) {
|
func GetPublicIP() (string, error) {
|
||||||
|
|
||||||
endpoint := ""
|
endpoint := ""
|
||||||
|
|
Loading…
Reference in a new issue