mirror of
https://github.com/gravitl/netmaker.git
synced 2025-09-04 04:04:17 +08:00
771 lines
25 KiB
Go
771 lines
25 KiB
Go
package controller
|
|
|
|
import (
|
|
"encoding/json"
|
|
"fmt"
|
|
"net/http"
|
|
"strings"
|
|
|
|
"github.com/gorilla/mux"
|
|
"github.com/gravitl/netmaker/database"
|
|
"github.com/gravitl/netmaker/logger"
|
|
"github.com/gravitl/netmaker/logic"
|
|
"github.com/gravitl/netmaker/models"
|
|
"github.com/gravitl/netmaker/mq"
|
|
"github.com/gravitl/netmaker/servercfg"
|
|
"golang.org/x/crypto/bcrypt"
|
|
"golang.org/x/exp/slog"
|
|
)
|
|
|
|
var hostIDHeader = "host-id"
|
|
|
|
func nodeHandlers(r *mux.Router) {
|
|
|
|
r.HandleFunc("/api/nodes", logic.SecurityCheck(true, http.HandlerFunc(getAllNodes))).Methods(http.MethodGet)
|
|
r.HandleFunc("/api/nodes/{network}", logic.SecurityCheck(true, http.HandlerFunc(getNetworkNodes))).Methods(http.MethodGet)
|
|
r.HandleFunc("/api/nodes/{network}/{nodeid}", Authorize(true, true, "node", http.HandlerFunc(getNode))).Methods(http.MethodGet)
|
|
r.HandleFunc("/api/nodes/{network}/{nodeid}", logic.SecurityCheck(true, http.HandlerFunc(updateNode))).Methods(http.MethodPut)
|
|
r.HandleFunc("/api/nodes/{network}/{nodeid}", Authorize(true, true, "node", http.HandlerFunc(deleteNode))).Methods(http.MethodDelete)
|
|
r.HandleFunc("/api/nodes/{network}/{nodeid}/creategateway", logic.SecurityCheck(true, checkFreeTierLimits(limitChoiceEgress, http.HandlerFunc(createEgressGateway)))).Methods(http.MethodPost)
|
|
r.HandleFunc("/api/nodes/{network}/{nodeid}/deletegateway", logic.SecurityCheck(true, http.HandlerFunc(deleteEgressGateway))).Methods(http.MethodDelete)
|
|
r.HandleFunc("/api/nodes/{network}/{nodeid}/createingress", logic.SecurityCheck(true, checkFreeTierLimits(limitChoiceIngress, http.HandlerFunc(createGateway)))).Methods(http.MethodPost)
|
|
r.HandleFunc("/api/nodes/{network}/{nodeid}/deleteingress", logic.SecurityCheck(true, http.HandlerFunc(deleteGateway))).Methods(http.MethodDelete)
|
|
r.HandleFunc("/api/nodes/adm/{network}/authenticate", authenticate).Methods(http.MethodPost)
|
|
r.HandleFunc("/api/v1/nodes/{network}/status", logic.SecurityCheck(true, http.HandlerFunc(getNetworkNodeStatus))).Methods(http.MethodGet)
|
|
r.HandleFunc("/api/v1/nodes/migrate", migrate).Methods(http.MethodPost)
|
|
}
|
|
|
|
func authenticate(response http.ResponseWriter, request *http.Request) {
|
|
|
|
var authRequest models.AuthParams
|
|
var result models.Node
|
|
var errorResponse = models.ErrorResponse{
|
|
Code: http.StatusInternalServerError, Message: "W1R3: It's not you it's me.",
|
|
}
|
|
|
|
decoder := json.NewDecoder(request.Body)
|
|
decoderErr := decoder.Decode(&authRequest)
|
|
defer request.Body.Close()
|
|
|
|
if decoderErr != nil {
|
|
errorResponse.Code = http.StatusBadRequest
|
|
errorResponse.Message = decoderErr.Error()
|
|
logger.Log(0, request.Header.Get("user"), "error decoding request body: ",
|
|
decoderErr.Error())
|
|
logic.ReturnErrorResponse(response, request, errorResponse)
|
|
return
|
|
}
|
|
errorResponse.Code = http.StatusBadRequest
|
|
if authRequest.ID == "" {
|
|
errorResponse.Message = "W1R3: ID can't be empty"
|
|
logger.Log(0, request.Header.Get("user"), errorResponse.Message)
|
|
logic.ReturnErrorResponse(response, request, errorResponse)
|
|
return
|
|
} else if authRequest.Password == "" {
|
|
errorResponse.Message = "W1R3: Password can't be empty"
|
|
logger.Log(0, request.Header.Get("user"), errorResponse.Message)
|
|
logic.ReturnErrorResponse(response, request, errorResponse)
|
|
return
|
|
}
|
|
var err error
|
|
result, err = logic.GetNodeByID(authRequest.ID)
|
|
if err != nil {
|
|
result, err = logic.GetDeletedNodeByID(authRequest.ID)
|
|
if err != nil {
|
|
errorResponse.Code = http.StatusBadRequest
|
|
errorResponse.Message = err.Error()
|
|
logger.Log(0, request.Header.Get("user"),
|
|
fmt.Sprintf("failed to get node info [%s]: %v", authRequest.ID, err))
|
|
logic.ReturnErrorResponse(response, request, errorResponse)
|
|
return
|
|
}
|
|
}
|
|
host, err := logic.GetHost(result.HostID.String())
|
|
if err != nil {
|
|
errorResponse.Code = http.StatusBadRequest
|
|
errorResponse.Message = err.Error()
|
|
logger.Log(0, request.Header.Get("user"),
|
|
"error retrieving host: ", result.HostID.String(), err.Error())
|
|
logic.ReturnErrorResponse(response, request, errorResponse)
|
|
return
|
|
}
|
|
err = bcrypt.CompareHashAndPassword([]byte(host.HostPass), []byte(authRequest.Password))
|
|
if err != nil {
|
|
errorResponse.Code = http.StatusBadRequest
|
|
errorResponse.Message = err.Error()
|
|
logger.Log(0, request.Header.Get("user"),
|
|
"error validating user password: ", err.Error())
|
|
logic.ReturnErrorResponse(response, request, errorResponse)
|
|
return
|
|
}
|
|
|
|
tokenString, err := logic.CreateJWT(authRequest.ID, authRequest.MacAddress, result.Network)
|
|
if tokenString == "" {
|
|
errorResponse.Code = http.StatusBadRequest
|
|
errorResponse.Message = "Could not create Token"
|
|
logger.Log(0, request.Header.Get("user"),
|
|
fmt.Sprintf("%s: %v", errorResponse.Message, err))
|
|
logic.ReturnErrorResponse(response, request, errorResponse)
|
|
return
|
|
}
|
|
|
|
var successResponse = models.SuccessResponse{
|
|
Code: http.StatusOK,
|
|
Message: "W1R3: Device " + authRequest.ID + " Authorized",
|
|
Response: models.SuccessfulLoginResponse{
|
|
AuthToken: tokenString,
|
|
ID: authRequest.ID,
|
|
},
|
|
}
|
|
successJSONResponse, jsonError := json.Marshal(successResponse)
|
|
|
|
if jsonError != nil {
|
|
errorResponse.Code = http.StatusBadRequest
|
|
errorResponse.Message = err.Error()
|
|
logger.Log(0, request.Header.Get("user"),
|
|
"error marshalling resp: ", err.Error())
|
|
logic.ReturnErrorResponse(response, request, errorResponse)
|
|
return
|
|
}
|
|
response.WriteHeader(http.StatusOK)
|
|
response.Header().Set("Content-Type", "application/json")
|
|
response.Write(successJSONResponse)
|
|
}
|
|
|
|
// The middleware for most requests to the API
|
|
// They all pass through here first
|
|
// This will validate the JWT (or check for master token)
|
|
// This will also check against the authNetwork and make sure the node should be accessing that endpoint,
|
|
// even if it's technically ok
|
|
// This is kind of a poor man's RBAC. There's probably a better/smarter way.
|
|
// TODO: Consider better RBAC implementations
|
|
func Authorize(
|
|
hostAllowed, networkCheck bool,
|
|
authNetwork string,
|
|
next http.Handler,
|
|
) http.HandlerFunc {
|
|
return func(w http.ResponseWriter, r *http.Request) {
|
|
var errorResponse = models.ErrorResponse{
|
|
Code: http.StatusForbidden, Message: logic.Forbidden_Msg,
|
|
}
|
|
|
|
var params = mux.Vars(r)
|
|
|
|
networkexists, _ := logic.NetworkExists(params["network"])
|
|
//check that the request is for a valid network
|
|
//if (networkCheck && !networkexists) || err != nil {
|
|
if networkCheck && !networkexists {
|
|
logic.ReturnErrorResponse(w, r, errorResponse)
|
|
return
|
|
} else {
|
|
w.Header().Set("Content-Type", "application/json")
|
|
|
|
//get the auth token
|
|
bearerToken := r.Header.Get("Authorization")
|
|
|
|
var tokenSplit = strings.Split(bearerToken, " ")
|
|
|
|
//I put this in in case the user doesn't put in a token at all (in which case it's empty)
|
|
//There's probably a smarter way of handling this.
|
|
var authToken = "928rt238tghgwe@TY@$Y@#WQAEGB2FC#@HG#@$Hddd"
|
|
|
|
if len(tokenSplit) > 1 {
|
|
authToken = tokenSplit[1]
|
|
} else {
|
|
logic.ReturnErrorResponse(w, r, errorResponse)
|
|
return
|
|
}
|
|
// check if host instead of user
|
|
if hostAllowed {
|
|
// TODO --- should ensure that node is only operating on itself
|
|
if hostID, _, _, err := logic.VerifyHostToken(authToken); err == nil {
|
|
r.Header.Set(hostIDHeader, hostID)
|
|
// this indicates request is from a node
|
|
// used for failover - if a getNode comes from node, this will trigger a metrics wipe
|
|
next.ServeHTTP(w, r)
|
|
return
|
|
}
|
|
}
|
|
|
|
var isAuthorized = false
|
|
var nodeID = ""
|
|
username, issuperadmin, isadmin, errN := logic.VerifyUserToken(authToken)
|
|
if errN != nil {
|
|
logic.ReturnErrorResponse(w, r, logic.FormatError(errN, logic.Unauthorized_Msg))
|
|
return
|
|
}
|
|
|
|
isnetadmin := issuperadmin || isadmin
|
|
if issuperadmin || isadmin {
|
|
nodeID = "mastermac"
|
|
isAuthorized = true
|
|
r.Header.Set("ismasterkey", "yes")
|
|
}
|
|
//The mastermac (login with masterkey from config) can do everything!! May be dangerous.
|
|
if nodeID == "mastermac" {
|
|
isAuthorized = true
|
|
r.Header.Set("ismasterkey", "yes")
|
|
//for everyone else, there's poor man's RBAC. The "cases" are defined in the routes in the handlers
|
|
//So each route defines which access network should be allowed to access it
|
|
} else {
|
|
switch authNetwork {
|
|
case "all":
|
|
isAuthorized = true
|
|
case "nodes":
|
|
isAuthorized = (nodeID != "") || isnetadmin
|
|
case "network":
|
|
if isnetadmin {
|
|
isAuthorized = true
|
|
} else {
|
|
node, err := logic.GetNodeByID(nodeID)
|
|
if err != nil {
|
|
logic.ReturnErrorResponse(w, r, errorResponse)
|
|
return
|
|
}
|
|
isAuthorized = (node.Network == params["network"])
|
|
}
|
|
case "node":
|
|
if isnetadmin {
|
|
isAuthorized = true
|
|
} else {
|
|
isAuthorized = (nodeID == params["netid"])
|
|
}
|
|
case "host":
|
|
case "user":
|
|
isAuthorized = true
|
|
default:
|
|
isAuthorized = false
|
|
}
|
|
}
|
|
if !isAuthorized {
|
|
logic.ReturnErrorResponse(w, r, errorResponse)
|
|
return
|
|
} else {
|
|
//If authorized, this function passes along it's request and output to the appropriate route function.
|
|
if username == "" {
|
|
username = "(user not found)"
|
|
}
|
|
r.Header.Set("user", username)
|
|
next.ServeHTTP(w, r)
|
|
}
|
|
}
|
|
}
|
|
}
|
|
|
|
// @Summary Gets all nodes associated with network including pending nodes
|
|
// @Router /api/nodes/adm/{network} [get]
|
|
// @Securitydefinitions.oauth2.application OAuth2Application
|
|
// @Tags Nodes
|
|
// @Success 200 {array} models.Node
|
|
// @Failure 500 {object} models.ErrorResponse
|
|
func getNetworkNodes(w http.ResponseWriter, r *http.Request) {
|
|
w.Header().Set("Content-Type", "application/json")
|
|
var params = mux.Vars(r)
|
|
networkName := params["network"]
|
|
nodes, err := logic.GetNetworkNodes(networkName)
|
|
if err != nil {
|
|
logger.Log(0, r.Header.Get("user"),
|
|
fmt.Sprintf("error fetching nodes on network %s: %v", networkName, err))
|
|
logic.ReturnErrorResponse(w, r, logic.FormatError(err, "internal"))
|
|
return
|
|
}
|
|
filteredNodes := []models.Node{}
|
|
if r.Header.Get("ismaster") != "yes" {
|
|
username := r.Header.Get("user")
|
|
user, err := logic.GetUser(username)
|
|
if err != nil {
|
|
logic.ReturnErrorResponse(w, r, logic.FormatError(err, "internal"))
|
|
return
|
|
}
|
|
userPlatformRole, err := logic.GetRole(user.PlatformRoleID)
|
|
if err != nil {
|
|
logic.ReturnErrorResponse(w, r, logic.FormatError(err, "internal"))
|
|
return
|
|
}
|
|
|
|
if !userPlatformRole.FullAccess {
|
|
nodesMap := make(map[string]struct{})
|
|
networkRoles := user.NetworkRoles[models.NetworkID(networkName)]
|
|
for networkRoleID := range networkRoles {
|
|
userPermTemplate, err := logic.GetRole(networkRoleID)
|
|
if err != nil {
|
|
logic.ReturnErrorResponse(w, r, logic.FormatError(err, "internal"))
|
|
return
|
|
}
|
|
if userPermTemplate.FullAccess {
|
|
break
|
|
}
|
|
if rsrcPerms, ok := userPermTemplate.NetworkLevelAccess[models.RemoteAccessGwRsrc]; ok {
|
|
if _, ok := rsrcPerms[models.AllRemoteAccessGwRsrcID]; ok {
|
|
for _, node := range nodes {
|
|
if _, ok := nodesMap[node.ID.String()]; ok {
|
|
continue
|
|
}
|
|
if node.IsIngressGateway {
|
|
nodesMap[node.ID.String()] = struct{}{}
|
|
filteredNodes = append(filteredNodes, node)
|
|
}
|
|
}
|
|
} else {
|
|
for gwID, scope := range rsrcPerms {
|
|
if _, ok := nodesMap[gwID.String()]; ok {
|
|
continue
|
|
}
|
|
if scope.Read {
|
|
gwNode, err := logic.GetNodeByID(gwID.String())
|
|
if err == nil && gwNode.IsIngressGateway {
|
|
filteredNodes = append(filteredNodes, gwNode)
|
|
}
|
|
}
|
|
}
|
|
}
|
|
}
|
|
|
|
}
|
|
}
|
|
}
|
|
if len(filteredNodes) > 0 {
|
|
nodes = filteredNodes
|
|
}
|
|
|
|
nodes = logic.AddStaticNodestoList(nodes)
|
|
nodes = logic.AddStatusToNodes(nodes, false)
|
|
// returns all the nodes in JSON/API format
|
|
apiNodes := logic.GetAllNodesAPI(nodes[:])
|
|
logger.Log(2, r.Header.Get("user"), "fetched nodes on network", networkName)
|
|
w.WriteHeader(http.StatusOK)
|
|
json.NewEncoder(w).Encode(apiNodes)
|
|
}
|
|
|
|
// @Summary Get all nodes across all networks
|
|
// @Router /api/nodes [get]
|
|
// @Tags Nodes
|
|
// @Securitydefinitions.oauth2.application OAuth2Application
|
|
// @Success 200 {array} models.ApiNode
|
|
// @Failure 500 {object} models.ErrorResponse
|
|
// Not quite sure if this is necessary. Probably necessary based on front end but may want to review after iteration 1 if it's being used or not
|
|
func getAllNodes(w http.ResponseWriter, r *http.Request) {
|
|
w.Header().Set("Content-Type", "application/json")
|
|
var nodes []models.Node
|
|
nodes, err := logic.GetAllNodes()
|
|
if err != nil {
|
|
logger.Log(0, "error fetching all nodes info: ", err.Error())
|
|
logic.ReturnErrorResponse(w, r, logic.FormatError(err, "internal"))
|
|
return
|
|
}
|
|
username := r.Header.Get("user")
|
|
if r.Header.Get("ismaster") == "no" {
|
|
user, err := logic.GetUser(username)
|
|
if err != nil {
|
|
return
|
|
}
|
|
userPlatformRole, err := logic.GetRole(user.PlatformRoleID)
|
|
if err != nil {
|
|
return
|
|
}
|
|
if !userPlatformRole.FullAccess {
|
|
nodes = logic.GetFilteredNodesByUserAccess(*user, nodes)
|
|
}
|
|
|
|
}
|
|
nodes = logic.AddStaticNodestoList(nodes)
|
|
nodes = logic.AddStatusToNodes(nodes, false)
|
|
// return all the nodes in JSON/API format
|
|
apiNodes := logic.GetAllNodesAPI(nodes[:])
|
|
logger.Log(3, r.Header.Get("user"), "fetched all nodes they have access to")
|
|
logic.SortApiNodes(apiNodes[:])
|
|
w.WriteHeader(http.StatusOK)
|
|
json.NewEncoder(w).Encode(apiNodes)
|
|
}
|
|
|
|
// @Summary Get all nodes status on the network
|
|
// @Router /api/v1/nodes/{network}/status [get]
|
|
// @Tags Nodes
|
|
// @Securitydefinitions.oauth2.application OAuth2Application
|
|
// @Success 200 {array} models.ApiNode
|
|
// @Failure 500 {object} models.ErrorResponse
|
|
// Not quite sure if this is necessary. Probably necessary based on front end but may want to review after iteration 1 if it's being used or not
|
|
func getNetworkNodeStatus(w http.ResponseWriter, r *http.Request) {
|
|
var params = mux.Vars(r)
|
|
netID := params["network"]
|
|
// validate network
|
|
_, err := logic.GetNetwork(netID)
|
|
if err != nil {
|
|
logic.ReturnErrorResponse(w, r, logic.FormatError(fmt.Errorf("failed to get network %v", err), "badrequest"))
|
|
return
|
|
}
|
|
var nodes []models.Node
|
|
nodes, err = logic.GetNetworkNodes(netID)
|
|
if err != nil {
|
|
logger.Log(0, "error fetching all nodes info: ", err.Error())
|
|
logic.ReturnErrorResponse(w, r, logic.FormatError(err, "internal"))
|
|
return
|
|
}
|
|
username := r.Header.Get("user")
|
|
if r.Header.Get("ismaster") == "no" {
|
|
user, err := logic.GetUser(username)
|
|
if err != nil {
|
|
return
|
|
}
|
|
userPlatformRole, err := logic.GetRole(user.PlatformRoleID)
|
|
if err != nil {
|
|
return
|
|
}
|
|
if !userPlatformRole.FullAccess {
|
|
nodes = logic.GetFilteredNodesByUserAccess(*user, nodes)
|
|
}
|
|
|
|
}
|
|
nodes = logic.AddStaticNodestoList(nodes)
|
|
nodes = logic.AddStatusToNodes(nodes, false)
|
|
// return all the nodes in JSON/API format
|
|
apiNodesStatusMap := logic.GetNodesStatusAPI(nodes[:])
|
|
logger.Log(3, r.Header.Get("user"), "fetched all nodes they have access to")
|
|
logic.ReturnSuccessResponseWithJson(w, r, apiNodesStatusMap, "fetched nodes with metric status")
|
|
}
|
|
|
|
// @Summary Get an individual node
|
|
// @Router /api/nodes/{network}/{nodeid} [get]
|
|
// @Tags Nodes
|
|
// @Security oauth2
|
|
// @Success 200 {object} models.NodeGet
|
|
// @Failure 500 {object} models.ErrorResponse
|
|
func getNode(w http.ResponseWriter, r *http.Request) {
|
|
// set header.
|
|
w.Header().Set("Content-Type", "application/json")
|
|
|
|
var params = mux.Vars(r)
|
|
nodeid := params["nodeid"]
|
|
|
|
node, err := logic.ValidateParams(nodeid, params["network"])
|
|
if err != nil {
|
|
logic.ReturnErrorResponse(w, r, logic.FormatError(err, "badrequest"))
|
|
return
|
|
}
|
|
host, err := logic.GetHost(node.HostID.String())
|
|
if err != nil {
|
|
logger.Log(0, r.Header.Get("user"),
|
|
fmt.Sprintf("error fetching host for node [ %s ] info: %v", nodeid, err))
|
|
logic.ReturnErrorResponse(w, r, logic.FormatError(err, "internal"))
|
|
return
|
|
}
|
|
allNodes, err := logic.GetAllNodes()
|
|
if err != nil {
|
|
logger.Log(
|
|
0,
|
|
r.Header.Get("user"),
|
|
fmt.Sprintf(
|
|
"error fetching wg peers config for host [ %s ]: %v",
|
|
host.ID.String(),
|
|
err,
|
|
),
|
|
)
|
|
logic.ReturnErrorResponse(w, r, logic.FormatError(err, "internal"))
|
|
return
|
|
}
|
|
hostPeerUpdate, err := logic.GetPeerUpdateForHost(node.Network, host, allNodes, nil, nil)
|
|
if err != nil && !database.IsEmptyRecord(err) {
|
|
logger.Log(
|
|
0,
|
|
r.Header.Get("user"),
|
|
fmt.Sprintf(
|
|
"error fetching wg peers config for host [ %s ]: %v",
|
|
host.ID.String(),
|
|
err,
|
|
),
|
|
)
|
|
logic.ReturnErrorResponse(w, r, logic.FormatError(err, "internal"))
|
|
return
|
|
}
|
|
server := logic.GetServerInfo()
|
|
response := models.NodeGet{
|
|
Node: node,
|
|
Host: *host,
|
|
HostPeers: hostPeerUpdate.Peers,
|
|
Peers: hostPeerUpdate.NodePeers,
|
|
ServerConfig: server,
|
|
PeerIDs: hostPeerUpdate.PeerIDs,
|
|
}
|
|
|
|
logger.Log(2, r.Header.Get("user"), "fetched node", params["nodeid"])
|
|
w.WriteHeader(http.StatusOK)
|
|
json.NewEncoder(w).Encode(response)
|
|
}
|
|
|
|
// == EGRESS ==
|
|
|
|
// @Summary Create an egress gateway
|
|
// @Router /api/nodes/{network}/{nodeid}/creategateway [post]
|
|
// @Tags Nodes
|
|
// @Security oauth2
|
|
// @Success 200 {object} models.ApiNode
|
|
// @Failure 500 {object} models.ErrorResponse
|
|
func createEgressGateway(w http.ResponseWriter, r *http.Request) {
|
|
var gateway models.EgressGatewayRequest
|
|
var params = mux.Vars(r)
|
|
node, err := logic.ValidateParams(params["nodeid"], params["network"])
|
|
if err != nil {
|
|
logic.ReturnErrorResponse(w, r, logic.FormatError(err, "badrequest"))
|
|
return
|
|
}
|
|
w.Header().Set("Content-Type", "application/json")
|
|
if err := json.NewDecoder(r.Body).Decode(&gateway); err != nil {
|
|
logger.Log(0, r.Header.Get("user"), "error decoding request body: ", err.Error())
|
|
logic.ReturnErrorResponse(w, r, logic.FormatError(err, "badrequest"))
|
|
return
|
|
}
|
|
gateway.NetID = params["network"]
|
|
gateway.NodeID = params["nodeid"]
|
|
err = logic.ValidateEgressRange(gateway.NetID, gateway.Ranges)
|
|
if err != nil {
|
|
logger.Log(0, r.Header.Get("user"), "error validating egress range: ", err.Error())
|
|
logic.ReturnErrorResponse(w, r, logic.FormatError(err, "badrequest"))
|
|
return
|
|
}
|
|
node, err = logic.CreateEgressGateway(gateway)
|
|
if err != nil {
|
|
logger.Log(0, r.Header.Get("user"),
|
|
fmt.Sprintf("failed to create egress gateway on node [%s] on network [%s]: %v",
|
|
gateway.NodeID, gateway.NetID, err))
|
|
logic.ReturnErrorResponse(w, r, logic.FormatError(err, "internal"))
|
|
return
|
|
}
|
|
|
|
apiNode := node.ConvertToAPINode()
|
|
logger.Log(
|
|
1,
|
|
r.Header.Get("user"),
|
|
"created egress gateway on node",
|
|
gateway.NodeID,
|
|
"on network",
|
|
gateway.NetID,
|
|
)
|
|
w.WriteHeader(http.StatusOK)
|
|
json.NewEncoder(w).Encode(apiNode)
|
|
go func() {
|
|
if err := mq.NodeUpdate(&node); err != nil {
|
|
slog.Error("error publishing node update to node", "node", node.ID, "error", err)
|
|
}
|
|
mq.PublishPeerUpdate(false)
|
|
}()
|
|
}
|
|
|
|
// @Summary Delete an egress gateway
|
|
// @Router /api/nodes/{network}/{nodeid}/deletegateway [delete]
|
|
// @Tags Nodes
|
|
// @Security oauth2
|
|
// @Success 200 {object} models.ApiNode
|
|
// @Failure 500 {object} models.ErrorResponse
|
|
func deleteEgressGateway(w http.ResponseWriter, r *http.Request) {
|
|
|
|
w.Header().Set("Content-Type", "application/json")
|
|
var params = mux.Vars(r)
|
|
nodeid := params["nodeid"]
|
|
netid := params["network"]
|
|
node, err := logic.ValidateParams(nodeid, netid)
|
|
if err != nil {
|
|
logic.ReturnErrorResponse(w, r, logic.FormatError(err, "badrequest"))
|
|
return
|
|
}
|
|
node, err = logic.DeleteEgressGateway(netid, nodeid)
|
|
if err != nil {
|
|
logger.Log(0, r.Header.Get("user"),
|
|
fmt.Sprintf("failed to delete egress gateway on node [%s] on network [%s]: %v",
|
|
nodeid, netid, err))
|
|
logic.ReturnErrorResponse(w, r, logic.FormatError(err, "internal"))
|
|
return
|
|
}
|
|
|
|
apiNode := node.ConvertToAPINode()
|
|
logger.Log(
|
|
1,
|
|
r.Header.Get("user"),
|
|
"deleted egress gateway on node",
|
|
nodeid,
|
|
"on network",
|
|
netid,
|
|
)
|
|
w.WriteHeader(http.StatusOK)
|
|
json.NewEncoder(w).Encode(apiNode)
|
|
go func() {
|
|
if err := mq.NodeUpdate(&node); err != nil {
|
|
slog.Error("error publishing node update to node", "node", node.ID, "error", err)
|
|
}
|
|
mq.PublishPeerUpdate(false)
|
|
}()
|
|
}
|
|
|
|
// @Summary Update an individual node
|
|
// @Router /api/nodes/{network}/{nodeid} [put]
|
|
// @Tags Nodes
|
|
// @Security oauth2
|
|
// @Success 200 {object} models.ApiNode
|
|
// @Failure 500 {object} models.ErrorResponse
|
|
func updateNode(w http.ResponseWriter, r *http.Request) {
|
|
w.Header().Set("Content-Type", "application/json")
|
|
|
|
var params = mux.Vars(r)
|
|
|
|
//start here
|
|
nodeid := params["nodeid"]
|
|
currentNode, err := logic.ValidateParams(nodeid, params["network"])
|
|
if err != nil {
|
|
logic.ReturnErrorResponse(w, r, logic.FormatError(err, "badrequest"))
|
|
return
|
|
}
|
|
var newData models.ApiNode
|
|
// we decode our body request params
|
|
err = json.NewDecoder(r.Body).Decode(&newData)
|
|
if err != nil {
|
|
logger.Log(0, r.Header.Get("user"), "error decoding request body: ", err.Error())
|
|
logic.ReturnErrorResponse(w, r, logic.FormatError(err, "badrequest"))
|
|
return
|
|
}
|
|
err = logic.ValidateNodeIp(¤tNode, &newData)
|
|
if err != nil {
|
|
logic.ReturnErrorResponse(w, r, logic.FormatError(err, "badrequest"))
|
|
return
|
|
}
|
|
|
|
if !servercfg.IsPro {
|
|
newData.AdditionalRagIps = []string{}
|
|
}
|
|
newNode := newData.ConvertToServerNode(¤tNode)
|
|
if newNode == nil {
|
|
logic.ReturnErrorResponse(
|
|
w,
|
|
r,
|
|
logic.FormatError(fmt.Errorf("error converting node"), "badrequest"),
|
|
)
|
|
return
|
|
}
|
|
if newNode.IsInternetGateway && len(newNode.InetNodeReq.InetNodeClientIDs) > 0 {
|
|
err = logic.ValidateInetGwReq(*newNode, newNode.InetNodeReq, newNode.IsInternetGateway && currentNode.IsInternetGateway)
|
|
if err != nil {
|
|
logic.ReturnErrorResponse(w, r, logic.FormatError(err, "badrequest"))
|
|
return
|
|
}
|
|
}
|
|
relayUpdate := logic.RelayUpdates(¤tNode, newNode)
|
|
if relayUpdate && newNode.IsRelay {
|
|
err = logic.ValidateRelay(models.RelayRequest{
|
|
NodeID: newNode.ID.String(),
|
|
NetID: newNode.Network,
|
|
RelayedNodes: newNode.RelayedNodes,
|
|
}, true)
|
|
if err != nil {
|
|
logic.ReturnErrorResponse(w, r, logic.FormatError(err, "badrequest"))
|
|
return
|
|
}
|
|
}
|
|
host, err := logic.GetHost(newNode.HostID.String())
|
|
if err != nil {
|
|
logger.Log(0, r.Header.Get("user"),
|
|
fmt.Sprintf("failed to get host for node [ %s ] info: %v", nodeid, err))
|
|
logic.ReturnErrorResponse(w, r, logic.FormatError(err, "internal"))
|
|
return
|
|
}
|
|
aclUpdate := currentNode.DefaultACL != newNode.DefaultACL
|
|
|
|
err = logic.UpdateNode(¤tNode, newNode)
|
|
if err != nil {
|
|
logger.Log(0, r.Header.Get("user"),
|
|
fmt.Sprintf("failed to update node info [ %s ] info: %v", nodeid, err))
|
|
logic.ReturnErrorResponse(w, r, logic.FormatError(err, "internal"))
|
|
return
|
|
}
|
|
if relayUpdate {
|
|
logic.UpdateRelayed(¤tNode, newNode)
|
|
}
|
|
if !currentNode.IsInternetGateway && newNode.IsInternetGateway {
|
|
logic.SetInternetGw(newNode, newNode.InetNodeReq)
|
|
}
|
|
if currentNode.IsInternetGateway && newNode.IsInternetGateway {
|
|
logic.UnsetInternetGw(newNode)
|
|
logic.SetInternetGw(newNode, newNode.InetNodeReq)
|
|
}
|
|
if !newNode.IsInternetGateway {
|
|
logic.UnsetInternetGw(newNode)
|
|
}
|
|
logic.UpsertNode(newNode)
|
|
logic.GetNodeStatus(newNode, false)
|
|
|
|
apiNode := newNode.ConvertToAPINode()
|
|
logger.Log(
|
|
1,
|
|
r.Header.Get("user"),
|
|
"updated node",
|
|
currentNode.ID.String(),
|
|
"on network",
|
|
currentNode.Network,
|
|
)
|
|
logic.LogEvent(&models.Event{
|
|
Action: models.Update,
|
|
Source: models.Subject{
|
|
ID: r.Header.Get("user"),
|
|
Name: r.Header.Get("user"),
|
|
Type: models.UserSub,
|
|
},
|
|
TriggeredBy: r.Header.Get("user"),
|
|
Target: models.Subject{
|
|
ID: newNode.ID.String(),
|
|
Name: host.Name,
|
|
Type: models.NodeSub,
|
|
},
|
|
Diff: models.Diff{
|
|
Old: currentNode,
|
|
New: newNode,
|
|
},
|
|
Origin: models.Dashboard,
|
|
})
|
|
w.WriteHeader(http.StatusOK)
|
|
json.NewEncoder(w).Encode(apiNode)
|
|
go func(aclUpdate, relayupdate bool, newNode *models.Node) {
|
|
if err := mq.NodeUpdate(newNode); err != nil {
|
|
slog.Error("error publishing node update to node", "node", newNode.ID, "error", err)
|
|
}
|
|
mq.PublishPeerUpdate(false)
|
|
if servercfg.IsDNSMode() {
|
|
logic.SetDNS()
|
|
}
|
|
}(aclUpdate, relayUpdate, newNode)
|
|
}
|
|
|
|
// @Summary Delete an individual node
|
|
// @Router /api/nodes/{network}/{nodeid} [delete]
|
|
// @Tags Nodes
|
|
// @Security oauth2
|
|
// @Success 200 {string} string "Node deleted."
|
|
// @Failure 500 {object} models.ErrorResponse
|
|
func deleteNode(w http.ResponseWriter, r *http.Request) {
|
|
// Set header
|
|
w.Header().Set("Content-Type", "application/json")
|
|
|
|
// get params
|
|
var params = mux.Vars(r)
|
|
var nodeid = params["nodeid"]
|
|
node, err := logic.ValidateParams(nodeid, params["network"])
|
|
if err != nil {
|
|
logic.ReturnErrorResponse(w, r, logic.FormatError(err, "badrequest"))
|
|
return
|
|
}
|
|
forceDelete := r.URL.Query().Get("force") == "true"
|
|
fromNode := r.Header.Get("requestfrom") == "node"
|
|
var gwClients []models.ExtClient
|
|
if node.IsIngressGateway {
|
|
gwClients = logic.GetGwExtclients(node.ID.String(), node.Network)
|
|
}
|
|
purge := forceDelete || fromNode
|
|
if err := logic.DeleteNode(&node, purge); err != nil {
|
|
logic.ReturnErrorResponse(
|
|
w,
|
|
r,
|
|
logic.FormatError(fmt.Errorf("failed to delete node"), "internal"),
|
|
)
|
|
return
|
|
}
|
|
|
|
logic.ReturnSuccessResponse(w, r, nodeid+" deleted.")
|
|
logger.Log(1, r.Header.Get("user"), "Deleted node", nodeid, "from network", params["network"])
|
|
go mq.PublishMqUpdatesForDeletedNode(node, !fromNode, gwClients)
|
|
}
|