mirror of
https://github.com/gravitl/netmaker.git
synced 2024-11-13 04:54:48 +08:00
2e8d95e80e
* user mgmt models * define user roles * define models for new user mgmt and groups * oauth debug log * initialize user role after db conn * print oauth token in debug log * user roles CRUD apis * user groups CRUD Apis * additional api checks * add additional scopes * add additional scopes url * add additional scopes url * rm additional scopes url * setup middlleware permission checks * integrate permission check into middleware * integrate permission check into middleware * check for headers for subjects * refactor user role models * refactor user groups models * add new user to pending user via RAC login * untracked * allow multiple groups for an user * change json tag * add debug headers * refer network controls form roles, add debug headers * refer network controls form roles, add debug headers * replace auth checks, add network id to role model * nodes handler * migration funcs * invoke sync users migration func * add debug logs * comment middleware * fix get all nodes api * add debug logs * fix middleware error nil check * add new func to get username from jwt * fix jwt parsing * abort on error * allow multiple network roles * allow multiple network roles * add migration func * return err if jwt parsing fails * set global check to true when accessing user apis * set netid for acls api calls * set netid for acls api calls * update role and groups routes * add validation checks * add invite flow apis and magic links * add invited user via oauth signup automatically * create invited user on oauth signup, with groups in the invite * add group validation for user invite * update create user handler with new role mgmt * add validation checks * create user invites tables * add error logging for email invite * fix invite singup url * debug log * get query params from url * get query params from url * add query escape * debug log * debug log * fix user signup via invite api * set admin field for backward compatbility * use new role id for user apis * deprecate use of old admin fields * deprecate usage of old user fields * add user role as service user if empty * setup email sender * delete invite after user singup * add plaform user role * redirect on invite verification link * fix invite redirect * temporary redirect * fix invite redirect * point invite link to frontend * fix query params lookup * add resend support, configure email interface types * fix groups and user creation * validate user groups, add check for metrics api in middleware * add invite url to invite model * migrate rac apis to new user mgmt * handle network nodes * add platform user to default role * fix user role migration * add default on rag creation and cleanup after deletion * fix rac apis * change to invite code param * filter nodes and hosts based on user network access * extend create user group req to accomodate users * filter network based on user access * format oauth error * move user roles and groups * fix get user v1 api * move user mgmt func to pro * add user auth type to user model * fix roles init * remove platform role from group object * list only platform roles * add network roles to invite req * create default groups and roles * fix middleware for global access * create default role * fix nodes filter with global network roles * block selfupdate of groups and network roles * delete netID if net roles are empty * validate user roles nd groups on update * set extclient permission scope when rag vpn access is set * allow deletion of roles and groups * replace _ with - in role naming convention * fix failover middleware mgmt * format oauth templates * fetch route temaplate * return err if user wrong login type * check user groups on rac apis * fix rac apis * fix resp msg * add validation checks for admin invite * return oauth type * format group err msg * fix html tag * clean up default groups * create default rag role * add UI name to roles * remove default net group from user when deleted * reorder migration funcs * fix duplicacy of hosts * check old field for migration * from pro to ce make all secondary users admins * from pro to ce make all secondary users admins * revert: from pro to ce make all secondary users admins * make sure downgrades work * fix pending users approval * fix duplicate hosts * fix duplicate hosts entries * fix cache reference issue * feat: configure FRONTEND_URL during installation * disable user vpn access when network roles are modified * rm vpn acces when roles or groups are deleted * add http to frontend url * revert crypto version * downgrade crytpo version * add platform id check on user invites --------- Co-authored-by: the_aceix <aceixsmartx@gmail.com>
243 lines
5.9 KiB
Go
243 lines
5.9 KiB
Go
// -build ee
|
|
package main
|
|
|
|
import (
|
|
"context"
|
|
"flag"
|
|
"fmt"
|
|
"os"
|
|
"os/signal"
|
|
"path/filepath"
|
|
"runtime/debug"
|
|
"sync"
|
|
"syscall"
|
|
|
|
"github.com/gravitl/netmaker/config"
|
|
controller "github.com/gravitl/netmaker/controllers"
|
|
"github.com/gravitl/netmaker/database"
|
|
"github.com/gravitl/netmaker/functions"
|
|
"github.com/gravitl/netmaker/logger"
|
|
"github.com/gravitl/netmaker/logic"
|
|
"github.com/gravitl/netmaker/migrate"
|
|
"github.com/gravitl/netmaker/models"
|
|
"github.com/gravitl/netmaker/mq"
|
|
"github.com/gravitl/netmaker/netclient/ncutils"
|
|
"github.com/gravitl/netmaker/servercfg"
|
|
"github.com/gravitl/netmaker/serverctl"
|
|
"golang.org/x/exp/slog"
|
|
)
|
|
|
|
var version = "v0.25.0"
|
|
|
|
// @title NetMaker
|
|
// @version 0.24.3
|
|
// @description NetMaker API Docs
|
|
// @tag.name APIUsage
|
|
// @tag.description.markdown
|
|
// @tag.name Authentication
|
|
// @tag.description.markdown
|
|
// @tag.name Pricing
|
|
// @tag.description.markdown
|
|
// @host api.demo.netmaker.io
|
|
|
|
// Start DB Connection and start API Request Handler
|
|
func main() {
|
|
absoluteConfigPath := flag.String("c", "", "absolute path to configuration file")
|
|
flag.Parse()
|
|
setupConfig(*absoluteConfigPath)
|
|
servercfg.SetVersion(version)
|
|
fmt.Println(models.RetrieveLogo()) // print the logo
|
|
initialize() // initial db and acls
|
|
logic.SetAllocatedIpMap()
|
|
defer logic.ClearAllocatedIpMap()
|
|
setGarbageCollection()
|
|
setVerbosity()
|
|
if servercfg.DeployedByOperator() && !servercfg.IsPro {
|
|
logic.SetFreeTierLimits()
|
|
}
|
|
defer database.CloseDB()
|
|
ctx, stop := signal.NotifyContext(context.Background(), syscall.SIGTERM, os.Interrupt)
|
|
defer stop()
|
|
var waitGroup sync.WaitGroup
|
|
startControllers(&waitGroup, ctx) // start the api endpoint and mq and stun
|
|
startHooks()
|
|
<-ctx.Done()
|
|
waitGroup.Wait()
|
|
}
|
|
|
|
func setupConfig(absoluteConfigPath string) {
|
|
if len(absoluteConfigPath) > 0 {
|
|
cfg, err := config.ReadConfig(absoluteConfigPath)
|
|
if err != nil {
|
|
logger.Log(0, fmt.Sprintf("failed parsing config at: %s", absoluteConfigPath))
|
|
return
|
|
}
|
|
config.Config = cfg
|
|
}
|
|
}
|
|
|
|
func startHooks() {
|
|
err := logic.TimerCheckpoint()
|
|
if err != nil {
|
|
logger.Log(1, "Timer error occurred: ", err.Error())
|
|
}
|
|
logic.EnterpriseCheck()
|
|
}
|
|
|
|
func initialize() { // Client Mode Prereq Check
|
|
var err error
|
|
|
|
if servercfg.GetMasterKey() == "" {
|
|
logger.Log(0, "warning: MASTER_KEY not set, this could make account recovery difficult")
|
|
}
|
|
|
|
if servercfg.GetNodeID() == "" {
|
|
logger.FatalLog("error: must set NODE_ID, currently blank")
|
|
}
|
|
|
|
if err = database.InitializeDatabase(); err != nil {
|
|
logger.FatalLog("Error connecting to database: ", err.Error())
|
|
}
|
|
logger.Log(0, "database successfully connected")
|
|
migrate.Run()
|
|
|
|
logic.SetJWTSecret()
|
|
logic.InitialiseRoles()
|
|
err = serverctl.SetDefaults()
|
|
if err != nil {
|
|
logger.FatalLog("error setting defaults: ", err.Error())
|
|
}
|
|
|
|
if servercfg.IsDNSMode() {
|
|
err := functions.SetDNSDir()
|
|
if err != nil {
|
|
logger.FatalLog(err.Error())
|
|
}
|
|
}
|
|
|
|
if servercfg.IsMessageQueueBackend() {
|
|
if err = mq.ServerStartNotify(); err != nil {
|
|
logger.Log(0, "error occurred when notifying nodes of startup", err.Error())
|
|
}
|
|
}
|
|
}
|
|
|
|
func startControllers(wg *sync.WaitGroup, ctx context.Context) {
|
|
if servercfg.IsDNSMode() {
|
|
err := logic.SetDNS()
|
|
if err != nil {
|
|
logger.Log(0, "error occurred initializing DNS: ", err.Error())
|
|
}
|
|
}
|
|
|
|
//Run Rest Server
|
|
if servercfg.IsRestBackend() {
|
|
if !servercfg.DisableRemoteIPCheck() && servercfg.GetAPIHost() == "127.0.0.1" {
|
|
err := servercfg.SetHost()
|
|
if err != nil {
|
|
logger.FatalLog("Unable to Set host. Exiting...", err.Error())
|
|
}
|
|
}
|
|
wg.Add(1)
|
|
go controller.HandleRESTRequests(wg, ctx)
|
|
}
|
|
//Run MessageQueue
|
|
if servercfg.IsMessageQueueBackend() {
|
|
wg.Add(1)
|
|
go runMessageQueue(wg, ctx)
|
|
}
|
|
|
|
if !servercfg.IsRestBackend() && !servercfg.IsMessageQueueBackend() {
|
|
logger.Log(
|
|
0,
|
|
"No Server Mode selected, so nothing is being served! Set Rest mode (REST_BACKEND) or MessageQueue (MESSAGEQUEUE_BACKEND) to 'true'.",
|
|
)
|
|
}
|
|
|
|
wg.Add(1)
|
|
go logic.StartHookManager(ctx, wg)
|
|
}
|
|
|
|
// Should we be using a context vice a waitgroup????????????
|
|
func runMessageQueue(wg *sync.WaitGroup, ctx context.Context) {
|
|
defer wg.Done()
|
|
brokerHost, _ := servercfg.GetMessageQueueEndpoint()
|
|
logger.Log(0, "connecting to mq broker at", brokerHost)
|
|
mq.SetupMQTT(true)
|
|
if mq.IsConnected() {
|
|
logger.Log(0, "connected to MQ Broker")
|
|
} else {
|
|
logger.FatalLog("error connecting to MQ Broker")
|
|
}
|
|
defer mq.CloseClient()
|
|
go mq.Keepalive(ctx)
|
|
go func() {
|
|
peerUpdate := make(chan *models.Node)
|
|
go logic.ManageZombies(ctx, peerUpdate)
|
|
go logic.DeleteExpiredNodes(ctx, peerUpdate)
|
|
for nodeUpdate := range peerUpdate {
|
|
if nodeUpdate == nil {
|
|
continue
|
|
}
|
|
node := nodeUpdate
|
|
node.Action = models.NODE_DELETE
|
|
node.PendingDelete = true
|
|
if err := mq.NodeUpdate(node); err != nil {
|
|
logger.Log(
|
|
0,
|
|
"failed to send peer update for deleted node: ",
|
|
node.ID.String(),
|
|
err.Error(),
|
|
)
|
|
}
|
|
if err := logic.DeleteNode(node, true); err != nil {
|
|
slog.Error(
|
|
"error deleting expired node",
|
|
"nodeid",
|
|
node.ID.String(),
|
|
"error",
|
|
err.Error(),
|
|
)
|
|
}
|
|
go mq.PublishDeletedNodePeerUpdate(node)
|
|
}
|
|
}()
|
|
<-ctx.Done()
|
|
logger.Log(0, "Message Queue shutting down")
|
|
}
|
|
|
|
func setVerbosity() {
|
|
verbose := int(servercfg.GetVerbosity())
|
|
logger.Verbosity = verbose
|
|
logLevel := &slog.LevelVar{}
|
|
replace := func(groups []string, a slog.Attr) slog.Attr {
|
|
if a.Key == slog.SourceKey {
|
|
a.Value = slog.StringValue(filepath.Base(a.Value.String()))
|
|
}
|
|
return a
|
|
}
|
|
logger := slog.New(
|
|
slog.NewJSONHandler(
|
|
os.Stderr,
|
|
&slog.HandlerOptions{AddSource: true, ReplaceAttr: replace, Level: logLevel},
|
|
),
|
|
)
|
|
slog.SetDefault(logger)
|
|
switch verbose {
|
|
case 4:
|
|
logLevel.Set(slog.LevelDebug)
|
|
case 3:
|
|
logLevel.Set(slog.LevelInfo)
|
|
case 2:
|
|
logLevel.Set(slog.LevelWarn)
|
|
default:
|
|
logLevel.Set(slog.LevelError)
|
|
}
|
|
}
|
|
|
|
func setGarbageCollection() {
|
|
_, gcset := os.LookupEnv("GOGC")
|
|
if !gcset {
|
|
debug.SetGCPercent(ncutils.DEFAULT_GC_PERCENT)
|
|
}
|
|
}
|