mirror of
https://github.com/gravitl/netmaker.git
synced 2025-09-10 15:14:22 +08:00
2e8d95e80e
* user mgmt models * define user roles * define models for new user mgmt and groups * oauth debug log * initialize user role after db conn * print oauth token in debug log * user roles CRUD apis * user groups CRUD Apis * additional api checks * add additional scopes * add additional scopes url * add additional scopes url * rm additional scopes url * setup middlleware permission checks * integrate permission check into middleware * integrate permission check into middleware * check for headers for subjects * refactor user role models * refactor user groups models * add new user to pending user via RAC login * untracked * allow multiple groups for an user * change json tag * add debug headers * refer network controls form roles, add debug headers * refer network controls form roles, add debug headers * replace auth checks, add network id to role model * nodes handler * migration funcs * invoke sync users migration func * add debug logs * comment middleware * fix get all nodes api * add debug logs * fix middleware error nil check * add new func to get username from jwt * fix jwt parsing * abort on error * allow multiple network roles * allow multiple network roles * add migration func * return err if jwt parsing fails * set global check to true when accessing user apis * set netid for acls api calls * set netid for acls api calls * update role and groups routes * add validation checks * add invite flow apis and magic links * add invited user via oauth signup automatically * create invited user on oauth signup, with groups in the invite * add group validation for user invite * update create user handler with new role mgmt * add validation checks * create user invites tables * add error logging for email invite * fix invite singup url * debug log * get query params from url * get query params from url * add query escape * debug log * debug log * fix user signup via invite api * set admin field for backward compatbility * use new role id for user apis * deprecate use of old admin fields * deprecate usage of old user fields * add user role as service user if empty * setup email sender * delete invite after user singup * add plaform user role * redirect on invite verification link * fix invite redirect * temporary redirect * fix invite redirect * point invite link to frontend * fix query params lookup * add resend support, configure email interface types * fix groups and user creation * validate user groups, add check for metrics api in middleware * add invite url to invite model * migrate rac apis to new user mgmt * handle network nodes * add platform user to default role * fix user role migration * add default on rag creation and cleanup after deletion * fix rac apis * change to invite code param * filter nodes and hosts based on user network access * extend create user group req to accomodate users * filter network based on user access * format oauth error * move user roles and groups * fix get user v1 api * move user mgmt func to pro * add user auth type to user model * fix roles init * remove platform role from group object * list only platform roles * add network roles to invite req * create default groups and roles * fix middleware for global access * create default role * fix nodes filter with global network roles * block selfupdate of groups and network roles * delete netID if net roles are empty * validate user roles nd groups on update * set extclient permission scope when rag vpn access is set * allow deletion of roles and groups * replace _ with - in role naming convention * fix failover middleware mgmt * format oauth templates * fetch route temaplate * return err if user wrong login type * check user groups on rac apis * fix rac apis * fix resp msg * add validation checks for admin invite * return oauth type * format group err msg * fix html tag * clean up default groups * create default rag role * add UI name to roles * remove default net group from user when deleted * reorder migration funcs * fix duplicacy of hosts * check old field for migration * from pro to ce make all secondary users admins * from pro to ce make all secondary users admins * revert: from pro to ce make all secondary users admins * make sure downgrades work * fix pending users approval * fix duplicate hosts * fix duplicate hosts entries * fix cache reference issue * feat: configure FRONTEND_URL during installation * disable user vpn access when network roles are modified * rm vpn acces when roles or groups are deleted * add http to frontend url * revert crypto version * downgrade crytpo version * add platform id check on user invites --------- Co-authored-by: the_aceix <aceixsmartx@gmail.com>
151 lines
5.6 KiB
Go
151 lines
5.6 KiB
Go
//go:build ee
|
|
// +build ee
|
|
|
|
package pro
|
|
|
|
import (
|
|
"time"
|
|
|
|
controller "github.com/gravitl/netmaker/controllers"
|
|
"github.com/gravitl/netmaker/logger"
|
|
"github.com/gravitl/netmaker/logic"
|
|
"github.com/gravitl/netmaker/models"
|
|
"github.com/gravitl/netmaker/mq"
|
|
"github.com/gravitl/netmaker/pro/auth"
|
|
proControllers "github.com/gravitl/netmaker/pro/controllers"
|
|
proLogic "github.com/gravitl/netmaker/pro/logic"
|
|
"github.com/gravitl/netmaker/servercfg"
|
|
"golang.org/x/exp/slog"
|
|
)
|
|
|
|
// InitPro - Initialize Pro Logic
|
|
func InitPro() {
|
|
servercfg.IsPro = true
|
|
models.SetLogo(retrieveProLogo())
|
|
controller.HttpMiddlewares = append(
|
|
controller.HttpMiddlewares,
|
|
proControllers.OnlyServerAPIWhenUnlicensedMiddleware,
|
|
)
|
|
controller.HttpHandlers = append(
|
|
controller.HttpHandlers,
|
|
proControllers.MetricHandlers,
|
|
proControllers.RelayHandlers,
|
|
proControllers.UserHandlers,
|
|
proControllers.FailOverHandlers,
|
|
proControllers.InetHandlers,
|
|
)
|
|
logic.EnterpriseCheckFuncs = append(logic.EnterpriseCheckFuncs, func() {
|
|
// == License Handling ==
|
|
enableLicenseHook := false
|
|
licenseKeyValue := servercfg.GetLicenseKey()
|
|
netmakerTenantID := servercfg.GetNetmakerTenantID()
|
|
if licenseKeyValue != "" && netmakerTenantID != "" {
|
|
enableLicenseHook = true
|
|
}
|
|
if !enableLicenseHook {
|
|
err := initTrial()
|
|
if err != nil {
|
|
logger.Log(0, "failed to init trial", err.Error())
|
|
enableLicenseHook = true
|
|
}
|
|
trialEndDate, err := getTrialEndDate()
|
|
if err != nil {
|
|
slog.Error("failed to get trial end date", "error", err)
|
|
enableLicenseHook = true
|
|
} else {
|
|
// check if trial ended
|
|
if time.Now().After(trialEndDate) {
|
|
// trial ended already
|
|
enableLicenseHook = true
|
|
}
|
|
}
|
|
|
|
}
|
|
|
|
if enableLicenseHook {
|
|
logger.Log(0, "starting license checker")
|
|
ClearLicenseCache()
|
|
if err := ValidateLicense(); err != nil {
|
|
slog.Error(err.Error())
|
|
return
|
|
}
|
|
logger.Log(0, "proceeding with Paid Tier license")
|
|
logic.SetFreeTierForTelemetry(false)
|
|
// == End License Handling ==
|
|
AddLicenseHooks()
|
|
} else {
|
|
logger.Log(0, "starting trial license hook")
|
|
addTrialLicenseHook()
|
|
}
|
|
|
|
if servercfg.GetServerConfig().RacAutoDisable {
|
|
AddRacHooks()
|
|
}
|
|
|
|
var authProvider = auth.InitializeAuthProvider()
|
|
if authProvider != "" {
|
|
slog.Info("OAuth provider,", authProvider+",", "initialized")
|
|
} else {
|
|
slog.Error("no OAuth provider found or not configured, continuing without OAuth")
|
|
}
|
|
proLogic.LoadNodeMetricsToCache()
|
|
})
|
|
logic.ResetFailOver = proLogic.ResetFailOver
|
|
logic.ResetFailedOverPeer = proLogic.ResetFailedOverPeer
|
|
logic.FailOverExists = proLogic.FailOverExists
|
|
logic.CreateFailOver = proLogic.CreateFailOver
|
|
logic.GetFailOverPeerIps = proLogic.GetFailOverPeerIps
|
|
logic.DenyClientNodeAccess = proLogic.DenyClientNode
|
|
logic.IsClientNodeAllowed = proLogic.IsClientNodeAllowed
|
|
logic.AllowClientNodeAccess = proLogic.RemoveDeniedNodeFromClient
|
|
logic.SetClientDefaultACLs = proLogic.SetClientDefaultACLs
|
|
logic.SetClientACLs = proLogic.SetClientACLs
|
|
logic.UpdateProNodeACLs = proLogic.UpdateProNodeACLs
|
|
logic.GetMetrics = proLogic.GetMetrics
|
|
logic.UpdateMetrics = proLogic.UpdateMetrics
|
|
logic.DeleteMetrics = proLogic.DeleteMetrics
|
|
logic.GetRelays = proLogic.GetRelays
|
|
logic.GetAllowedIpsForRelayed = proLogic.GetAllowedIpsForRelayed
|
|
logic.RelayedAllowedIPs = proLogic.RelayedAllowedIPs
|
|
logic.UpdateRelayed = proLogic.UpdateRelayed
|
|
logic.SetRelayedNodes = proLogic.SetRelayedNodes
|
|
logic.RelayUpdates = proLogic.RelayUpdates
|
|
logic.ValidateRelay = proLogic.ValidateRelay
|
|
logic.GetTrialEndDate = getTrialEndDate
|
|
logic.SetDefaultGw = proLogic.SetDefaultGw
|
|
logic.SetDefaultGwForRelayedUpdate = proLogic.SetDefaultGwForRelayedUpdate
|
|
logic.UnsetInternetGw = proLogic.UnsetInternetGw
|
|
logic.SetInternetGw = proLogic.SetInternetGw
|
|
logic.GetAllowedIpForInetNodeClient = proLogic.GetAllowedIpForInetNodeClient
|
|
mq.UpdateMetrics = proLogic.MQUpdateMetrics
|
|
mq.UpdateMetricsFallBack = proLogic.MQUpdateMetricsFallBack
|
|
logic.GetFilteredNodesByUserAccess = proLogic.GetFilteredNodesByUserAccess
|
|
logic.CreateRole = proLogic.CreateRole
|
|
logic.UpdateRole = proLogic.UpdateRole
|
|
logic.DeleteRole = proLogic.DeleteRole
|
|
logic.NetworkPermissionsCheck = proLogic.NetworkPermissionsCheck
|
|
logic.GlobalPermissionsCheck = proLogic.GlobalPermissionsCheck
|
|
logic.DeleteNetworkRoles = proLogic.DeleteNetworkRoles
|
|
logic.CreateDefaultNetworkRolesAndGroups = proLogic.CreateDefaultNetworkRolesAndGroups
|
|
logic.FilterNetworksByRole = proLogic.FilterNetworksByRole
|
|
logic.IsGroupsValid = proLogic.IsGroupsValid
|
|
logic.IsNetworkRolesValid = proLogic.IsNetworkRolesValid
|
|
logic.InitialiseRoles = proLogic.UserRolesInit
|
|
logic.UpdateUserGwAccess = proLogic.UpdateUserGwAccess
|
|
}
|
|
|
|
func retrieveProLogo() string {
|
|
return `
|
|
__ __ ______ ______ __ __ ______ __ __ ______ ______
|
|
/\ "-.\ \ /\ ___\ /\__ _\ /\ "-./ \ /\ __ \ /\ \/ / /\ ___\ /\ == \
|
|
\ \ \-. \ \ \ __\ \/_/\ \/ \ \ \-./\ \ \ \ __ \ \ \ _"-. \ \ __\ \ \ __<
|
|
\ \_\\"\_\ \ \_____\ \ \_\ \ \_\ \ \_\ \ \_\ \_\ \ \_\ \_\ \ \_____\ \ \_\ \_\
|
|
\/_/ \/_/ \/_____/ \/_/ \/_/ \/_/ \/_/\/_/ \/_/\/_/ \/_____/ \/_/ /_/
|
|
|
|
___ ___ ____
|
|
____ ____ ____ / _ \ / _ \ / __ \ ____ ____ ____
|
|
/___/ /___/ /___/ / ___/ / , _// /_/ / /___/ /___/ /___/
|
|
/___/ /___/ /___/ /_/ /_/|_| \____/ /___/ /___/ /___/
|
|
|
|
`
|
|
}
|