mirror of
https://github.com/gravitl/netmaker.git
synced 2024-09-21 07:46:04 +08:00
742 lines
22 KiB
Go
742 lines
22 KiB
Go
package controller
|
|
|
|
import (
|
|
"context"
|
|
"encoding/base64"
|
|
"encoding/json"
|
|
"errors"
|
|
"fmt"
|
|
"net/http"
|
|
"os"
|
|
"strings"
|
|
"time"
|
|
|
|
"github.com/go-playground/validator/v10"
|
|
"github.com/gorilla/mux"
|
|
"github.com/gravitl/netmaker/config"
|
|
"github.com/gravitl/netmaker/functions"
|
|
"github.com/gravitl/netmaker/models"
|
|
"github.com/gravitl/netmaker/mongoconn"
|
|
"go.mongodb.org/mongo-driver/bson"
|
|
"go.mongodb.org/mongo-driver/mongo"
|
|
"go.mongodb.org/mongo-driver/mongo/options"
|
|
)
|
|
|
|
func networkHandlers(r *mux.Router) {
|
|
r.HandleFunc("/api/networks", securityCheck(http.HandlerFunc(getNetworks))).Methods("GET")
|
|
r.HandleFunc("/api/networks", securityCheck(http.HandlerFunc(createNetwork))).Methods("POST")
|
|
r.HandleFunc("/api/networks/{networkname}", securityCheck(http.HandlerFunc(getNetwork))).Methods("GET")
|
|
r.HandleFunc("/api/networks/{networkname}", securityCheck(http.HandlerFunc(updateNetwork))).Methods("PUT")
|
|
r.HandleFunc("/api/networks/{networkname}", securityCheck(http.HandlerFunc(deleteNetwork))).Methods("DELETE")
|
|
r.HandleFunc("/api/networks/{networkname}/keyupdate", securityCheck(http.HandlerFunc(keyUpdate))).Methods("POST")
|
|
r.HandleFunc("/api/networks/{networkname}/keys", securityCheck(http.HandlerFunc(createAccessKey))).Methods("POST")
|
|
r.HandleFunc("/api/networks/{networkname}/keys", securityCheck(http.HandlerFunc(getAccessKeys))).Methods("GET")
|
|
r.HandleFunc("/api/networks/{networkname}/keys/{name}", securityCheck(http.HandlerFunc(deleteAccessKey))).Methods("DELETE")
|
|
}
|
|
|
|
//Security check is middleware for every function and just checks to make sure that its the master calling
|
|
//Only admin should have access to all these network-level actions
|
|
//or maybe some Users once implemented
|
|
func securityCheck(next http.Handler) http.HandlerFunc {
|
|
return func(w http.ResponseWriter, r *http.Request) {
|
|
var errorResponse = models.ErrorResponse{
|
|
Code: http.StatusUnauthorized, Message: "W1R3: It's not you it's me.",
|
|
}
|
|
|
|
var params = mux.Vars(r)
|
|
bearerToken := r.Header.Get("Authorization")
|
|
err := SecurityCheck(params["networkname"], bearerToken)
|
|
if err != nil {
|
|
errorResponse.Message = err.Error()
|
|
returnErrorResponse(w, r, errorResponse)
|
|
return
|
|
}
|
|
next.ServeHTTP(w, r)
|
|
}
|
|
}
|
|
func SecurityCheck(netname, token string) error {
|
|
hasnetwork := netname != ""
|
|
networkexists, err := functions.NetworkExists(netname)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
if hasnetwork && !networkexists {
|
|
//errorResponse = models.ErrorResponse{
|
|
// Code: http.StatusNotFound, Message: "W1R3: This network does not exist.",
|
|
//}
|
|
//returnErrorResponse(w, r, errorResponse)
|
|
return errors.New("This network does not exist")
|
|
}
|
|
|
|
var hasBearer = true
|
|
var tokenSplit = strings.Split(token, " ")
|
|
var authToken = ""
|
|
|
|
if len(tokenSplit) < 2 {
|
|
hasBearer = false
|
|
} else {
|
|
authToken = tokenSplit[1]
|
|
}
|
|
//all endpoints here require master so not as complicated
|
|
//still might not be a good way of doing this
|
|
if !hasBearer || !authenticateMaster(authToken) {
|
|
//errorResponse = models.ErrorResponse{
|
|
// Code: http.StatusUnauthorized, Message: "W1R3: You are unauthorized to access this endpoint.",
|
|
// }
|
|
// returnErrorResponse(w, r, errorResponse)
|
|
return errors.New("You are unauthorized to access this endpoint")
|
|
} //else {
|
|
return nil
|
|
}
|
|
|
|
//Consider a more secure way of setting master key
|
|
func authenticateMaster(tokenString string) bool {
|
|
if tokenString == config.Config.Server.MasterKey || (tokenString == os.Getenv("MASTER_KEY") && tokenString != "") {
|
|
return true
|
|
}
|
|
return false
|
|
}
|
|
|
|
//simple get all networks function
|
|
func getNetworks(w http.ResponseWriter, r *http.Request) {
|
|
|
|
networks, err := functions.ListNetworks()
|
|
|
|
if err != nil {
|
|
returnErrorResponse(w, r, formatError(err, "internal"))
|
|
return
|
|
} else {
|
|
w.WriteHeader(http.StatusOK)
|
|
json.NewEncoder(w).Encode(networks)
|
|
return
|
|
}
|
|
}
|
|
|
|
func ValidateNetworkUpdate(network models.NetworkUpdate) error {
|
|
v := validator.New()
|
|
|
|
// _ = v.RegisterValidation("addressrange_valid", func(fl validator.FieldLevel) bool {
|
|
// isvalid := fl.Field().String() == "" || functions.IsIpCIDR(fl.Field().String())
|
|
// return isvalid
|
|
// })
|
|
//_ = v.RegisterValidation("addressrange6_valid", func(fl validator.FieldLevel) bool {
|
|
// isvalid := fl.Field().String() == "" || functions.IsIpCIDR(fl.Field().String())
|
|
// return isvalid
|
|
// })
|
|
|
|
// _ = v.RegisterValidation("localrange_valid", func(fl validator.FieldLevel) bool {
|
|
// isvalid := fl.Field().String() == "" || functions.IsIpCIDR(fl.Field().String())
|
|
// return isvalid
|
|
// })
|
|
|
|
// _ = v.RegisterValidation("netid_valid", func(fl validator.FieldLevel) bool {
|
|
// return true
|
|
// })
|
|
|
|
// _ = v.RegisterValidation("displayname_unique", func(fl validator.FieldLevel) bool {
|
|
// return true
|
|
// })
|
|
|
|
err := v.Struct(network)
|
|
|
|
if err != nil {
|
|
for _, e := range err.(validator.ValidationErrors) {
|
|
fmt.Println(e)
|
|
}
|
|
}
|
|
return err
|
|
}
|
|
|
|
func ValidateNetworkCreate(network models.Network) error {
|
|
|
|
v := validator.New()
|
|
|
|
// _ = v.RegisterValidation("addressrange_valid", func(fl validator.FieldLevel) bool {
|
|
// isvalid := functions.IsIpCIDR(fl.Field().String())
|
|
// return isvalid
|
|
// })
|
|
_ = v.RegisterValidation("addressrange6_valid", func(fl validator.FieldLevel) bool {
|
|
isvalid := true
|
|
if *network.IsDualStack {
|
|
isvalid = functions.IsIpCIDR(fl.Field().String())
|
|
}
|
|
return isvalid
|
|
})
|
|
//
|
|
// _ = v.RegisterValidation("localrange_valid", func(fl validator.FieldLevel) bool {
|
|
// isvalid := fl.Field().String() == "" || functions.IsIpCIDR(fl.Field().String())
|
|
// return isvalid
|
|
// })
|
|
//
|
|
_ = v.RegisterValidation("netid_valid", func(fl validator.FieldLevel) bool {
|
|
isFieldUnique, _ := functions.IsNetworkNameUnique(fl.Field().String())
|
|
// inCharSet := functions.NameInNetworkCharSet(fl.Field().String())
|
|
return isFieldUnique
|
|
})
|
|
//
|
|
_ = v.RegisterValidation("displayname_unique", func(fl validator.FieldLevel) bool {
|
|
isFieldUnique, _ := functions.IsNetworkDisplayNameUnique(fl.Field().String())
|
|
return isFieldUnique
|
|
})
|
|
|
|
err := v.Struct(network)
|
|
|
|
if err != nil {
|
|
for _, e := range err.(validator.ValidationErrors) {
|
|
fmt.Println(e)
|
|
}
|
|
}
|
|
return err
|
|
}
|
|
|
|
//Simple get network function
|
|
func getNetwork(w http.ResponseWriter, r *http.Request) {
|
|
// set header.
|
|
w.Header().Set("Content-Type", "application/json")
|
|
var params = mux.Vars(r)
|
|
netname := params["networkname"]
|
|
network, err := GetNetwork(netname)
|
|
if err != nil {
|
|
returnErrorResponse(w, r, formatError(err, "internal"))
|
|
return
|
|
}
|
|
w.WriteHeader(http.StatusOK)
|
|
json.NewEncoder(w).Encode(network)
|
|
}
|
|
|
|
func GetNetwork(name string) (models.Network, error) {
|
|
var network models.Network
|
|
collection := mongoconn.Client.Database("netmaker").Collection("networks")
|
|
ctx, cancel := context.WithTimeout(context.Background(), 10*time.Second)
|
|
filter := bson.M{"netid": name}
|
|
err := collection.FindOne(ctx, filter, options.FindOne().SetProjection(bson.M{"_id": 0})).Decode(&network)
|
|
defer cancel()
|
|
if err != nil {
|
|
return models.Network{}, err
|
|
}
|
|
return network, nil
|
|
}
|
|
|
|
func keyUpdate(w http.ResponseWriter, r *http.Request) {
|
|
w.Header().Set("Content-Type", "application/json")
|
|
var params = mux.Vars(r)
|
|
netname := params["networkname"]
|
|
network, err := KeyUpdate(netname)
|
|
if err != nil {
|
|
returnErrorResponse(w, r, formatError(err, "internal"))
|
|
return
|
|
}
|
|
w.WriteHeader(http.StatusOK)
|
|
json.NewEncoder(w).Encode(network)
|
|
}
|
|
|
|
func KeyUpdate(netname string) (models.Network, error) {
|
|
network, err := functions.GetParentNetwork(netname)
|
|
if err != nil {
|
|
return models.Network{}, err
|
|
}
|
|
network.KeyUpdateTimeStamp = time.Now().Unix()
|
|
collection := mongoconn.Client.Database("netmaker").Collection("networks")
|
|
ctx, cancel := context.WithTimeout(context.Background(), 10*time.Second)
|
|
filter := bson.M{"netid": netname}
|
|
// prepare update model.
|
|
update := bson.D{
|
|
{"$set", bson.D{
|
|
{"addressrange", network.AddressRange},
|
|
{"addressrange6", network.AddressRange6},
|
|
{"displayname", network.DisplayName},
|
|
{"defaultlistenport", network.DefaultListenPort},
|
|
{"defaultpostup", network.DefaultPostUp},
|
|
{"defaultpostdown", network.DefaultPostDown},
|
|
{"defaultkeepalive", network.DefaultKeepalive},
|
|
{"keyupdatetimestamp", network.KeyUpdateTimeStamp},
|
|
{"defaultsaveconfig", network.DefaultSaveConfig},
|
|
{"defaultinterface", network.DefaultInterface},
|
|
{"nodeslastmodified", network.NodesLastModified},
|
|
{"networklastmodified", network.NetworkLastModified},
|
|
{"allowmanualsignup", network.AllowManualSignUp},
|
|
{"checkininterval", network.DefaultCheckInInterval},
|
|
}},
|
|
}
|
|
err = collection.FindOneAndUpdate(ctx, filter, update).Decode(&network)
|
|
defer cancel()
|
|
if err != nil {
|
|
return models.Network{}, err
|
|
}
|
|
return network, nil
|
|
}
|
|
|
|
//Update a network
|
|
func AlertNetwork(netid string) error {
|
|
|
|
collection := mongoconn.Client.Database("netmaker").Collection("networks")
|
|
ctx, cancel := context.WithTimeout(context.Background(), 10*time.Second)
|
|
filter := bson.M{"netid": netid}
|
|
|
|
var network models.Network
|
|
|
|
network, err := functions.GetParentNetwork(netid)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
updatetime := time.Now().Unix()
|
|
update := bson.D{
|
|
{"$set", bson.D{
|
|
{"nodeslastmodified", updatetime},
|
|
{"networklastmodified", updatetime},
|
|
}},
|
|
}
|
|
|
|
err = collection.FindOneAndUpdate(ctx, filter, update).Decode(&network)
|
|
defer cancel()
|
|
|
|
return err
|
|
}
|
|
|
|
//Update a network
|
|
func updateNetwork(w http.ResponseWriter, r *http.Request) {
|
|
|
|
w.Header().Set("Content-Type", "application/json")
|
|
|
|
var params = mux.Vars(r)
|
|
|
|
var network models.Network
|
|
|
|
network, err := functions.GetParentNetwork(params["networkname"])
|
|
if err != nil {
|
|
returnErrorResponse(w, r, formatError(err, "internal"))
|
|
return
|
|
}
|
|
|
|
var networkChange models.NetworkUpdate
|
|
|
|
haschange := false
|
|
hasrangeupdate := false
|
|
haslocalrangeupdate := false
|
|
|
|
_ = json.NewDecoder(r.Body).Decode(&networkChange)
|
|
if networkChange.AddressRange == "" {
|
|
networkChange.AddressRange = network.AddressRange
|
|
}
|
|
if networkChange.AddressRange6 == "" {
|
|
networkChange.AddressRange6 = network.AddressRange6
|
|
}
|
|
if networkChange.NetID == "" {
|
|
networkChange.NetID = network.NetID
|
|
}
|
|
|
|
err = ValidateNetworkUpdate(networkChange)
|
|
if err != nil {
|
|
returnErrorResponse(w, r, formatError(err, "badrequest"))
|
|
return
|
|
}
|
|
|
|
//NOTE: Network.NetID is intentionally NOT editable. It acts as a static ID for the network.
|
|
//DisplayName can be changed instead, which is what shows on the front end
|
|
if networkChange.NetID != network.NetID {
|
|
returnErrorResponse(w, r, formatError(errors.New("NetID is not editable"), "badrequest"))
|
|
return
|
|
}
|
|
//MRK: I think this code block is redundant. valdiateNetworkUpdate(networkChange) covers this
|
|
if networkChange.AddressRange != "" {
|
|
|
|
network.AddressRange = networkChange.AddressRange
|
|
|
|
var isAddressOK bool = functions.IsIpCIDR(networkChange.AddressRange)
|
|
if !isAddressOK {
|
|
err := errors.New("Invalid Range of " + networkChange.AddressRange + " for addresses.")
|
|
returnErrorResponse(w, r, formatError(err, "internal"))
|
|
return
|
|
}
|
|
haschange = true
|
|
hasrangeupdate = true
|
|
|
|
}
|
|
if networkChange.LocalRange != "" {
|
|
network.LocalRange = networkChange.LocalRange
|
|
|
|
var isAddressOK bool = functions.IsIpCIDR(networkChange.LocalRange)
|
|
if !isAddressOK {
|
|
err := errors.New("Invalid Range of " + networkChange.LocalRange + " for internal addresses.")
|
|
returnErrorResponse(w, r, formatError(err, "internal"))
|
|
return
|
|
}
|
|
haschange = true
|
|
haslocalrangeupdate = true
|
|
}
|
|
if networkChange.IsLocal != nil {
|
|
network.IsLocal = networkChange.IsLocal
|
|
}
|
|
if networkChange.IsDualStack != nil {
|
|
network.IsDualStack = networkChange.IsDualStack
|
|
}
|
|
if networkChange.DefaultListenPort != 0 {
|
|
network.DefaultListenPort = networkChange.DefaultListenPort
|
|
haschange = true
|
|
}
|
|
if networkChange.DefaultPostDown != "" {
|
|
network.DefaultPostDown = networkChange.DefaultPostDown
|
|
haschange = true
|
|
}
|
|
if networkChange.DefaultInterface != "" {
|
|
network.DefaultInterface = networkChange.DefaultInterface
|
|
haschange = true
|
|
}
|
|
if networkChange.DefaultPostUp != "" {
|
|
network.DefaultPostUp = networkChange.DefaultPostUp
|
|
haschange = true
|
|
}
|
|
if networkChange.DefaultKeepalive != 0 {
|
|
network.DefaultKeepalive = networkChange.DefaultKeepalive
|
|
haschange = true
|
|
}
|
|
if networkChange.DisplayName != "" {
|
|
network.DisplayName = networkChange.DisplayName
|
|
haschange = true
|
|
}
|
|
if networkChange.DefaultCheckInInterval != 0 {
|
|
network.DefaultCheckInInterval = networkChange.DefaultCheckInInterval
|
|
haschange = true
|
|
}
|
|
if networkChange.AllowManualSignUp != nil {
|
|
network.AllowManualSignUp = networkChange.AllowManualSignUp
|
|
haschange = true
|
|
}
|
|
|
|
collection := mongoconn.Client.Database("netmaker").Collection("networks")
|
|
ctx, cancel := context.WithTimeout(context.Background(), 10*time.Second)
|
|
filter := bson.M{"netid": params["networkname"]}
|
|
|
|
if haschange {
|
|
network.SetNetworkLastModified()
|
|
}
|
|
// prepare update model.
|
|
update := bson.D{
|
|
{"$set", bson.D{
|
|
{"addressrange", network.AddressRange},
|
|
{"addressrange6", network.AddressRange6},
|
|
{"displayname", network.DisplayName},
|
|
{"defaultlistenport", network.DefaultListenPort},
|
|
{"defaultpostup", network.DefaultPostUp},
|
|
{"defaultpostdown", network.DefaultPostDown},
|
|
{"defaultkeepalive", network.DefaultKeepalive},
|
|
{"defaultsaveconfig", network.DefaultSaveConfig},
|
|
{"defaultinterface", network.DefaultInterface},
|
|
{"nodeslastmodified", network.NodesLastModified},
|
|
{"networklastmodified", network.NetworkLastModified},
|
|
{"allowmanualsignup", network.AllowManualSignUp},
|
|
{"localrange", network.LocalRange},
|
|
{"islocal", network.IsLocal},
|
|
{"isdualstack", network.IsDualStack},
|
|
{"checkininterval", network.DefaultCheckInInterval},
|
|
}},
|
|
}
|
|
|
|
err = collection.FindOneAndUpdate(ctx, filter, update).Decode(&network)
|
|
defer cancel()
|
|
|
|
if err != nil {
|
|
returnErrorResponse(w, r, formatError(err, "internal"))
|
|
return
|
|
}
|
|
|
|
//Cycles through nodes and gives them new IP's based on the new range
|
|
//Pretty cool, but also pretty inefficient currently
|
|
if hasrangeupdate {
|
|
err = functions.UpdateNetworkNodeAddresses(params["networkname"])
|
|
if err != nil {
|
|
returnErrorResponse(w, r, formatError(err, "internal"))
|
|
return
|
|
}
|
|
}
|
|
if haslocalrangeupdate {
|
|
err = functions.UpdateNetworkPrivateAddresses(params["networkname"])
|
|
if err != nil {
|
|
returnErrorResponse(w, r, formatError(err, "internal"))
|
|
return
|
|
}
|
|
}
|
|
returnnetwork, err := functions.GetParentNetwork(network.NetID)
|
|
if err != nil {
|
|
returnErrorResponse(w, r, formatError(err, "internal"))
|
|
return
|
|
}
|
|
|
|
w.WriteHeader(http.StatusOK)
|
|
json.NewEncoder(w).Encode(returnnetwork)
|
|
}
|
|
|
|
//Delete a network
|
|
//Will stop you if there's any nodes associated
|
|
func deleteNetwork(w http.ResponseWriter, r *http.Request) {
|
|
// Set header
|
|
w.Header().Set("Content-Type", "application/json")
|
|
|
|
var params = mux.Vars(r)
|
|
network := params["networkname"]
|
|
count, err := DeleteNetwork(network)
|
|
|
|
if err != nil {
|
|
returnErrorResponse(w, r, formatError(err, "badrequest"))
|
|
return
|
|
}
|
|
w.WriteHeader(http.StatusOK)
|
|
json.NewEncoder(w).Encode(count)
|
|
}
|
|
|
|
func DeleteNetwork(network string) (*mongo.DeleteResult, error) {
|
|
none := &mongo.DeleteResult{}
|
|
|
|
nodecount, err := functions.GetNetworkNodeNumber(network)
|
|
if err != nil {
|
|
//returnErrorResponse(w, r, formatError(err, "internal"))
|
|
return none, err
|
|
} else if nodecount > 0 {
|
|
//errorResponse := models.ErrorResponse{
|
|
// Code: http.StatusForbidden, Message: "W1R3: Node check failed. All nodes must be deleted before deleting network.",
|
|
//}
|
|
//returnErrorResponse(w, r, errorResponse)
|
|
return none, errors.New("Node check failed. All nodes must be deleted before deleting network")
|
|
}
|
|
|
|
collection := mongoconn.Client.Database("netmaker").Collection("networks")
|
|
filter := bson.M{"netid": network}
|
|
ctx, cancel := context.WithTimeout(context.Background(), 10*time.Second)
|
|
deleteResult, err := collection.DeleteOne(ctx, filter)
|
|
defer cancel()
|
|
if err != nil {
|
|
//returnErrorResponse(w, r, formatError(err, "internal"))
|
|
return none, err
|
|
}
|
|
return deleteResult, nil
|
|
}
|
|
|
|
//Create a network
|
|
//Pretty simple
|
|
func createNetwork(w http.ResponseWriter, r *http.Request) {
|
|
|
|
w.Header().Set("Content-Type", "application/json")
|
|
|
|
var network models.Network
|
|
|
|
// we decode our body request params
|
|
err := json.NewDecoder(r.Body).Decode(&network)
|
|
if err != nil {
|
|
returnErrorResponse(w, r, formatError(err, "internal"))
|
|
return
|
|
}
|
|
|
|
err = CreateNetwork(network)
|
|
if err != nil {
|
|
returnErrorResponse(w, r, formatError(err, "badrequest"))
|
|
return
|
|
}
|
|
w.WriteHeader(http.StatusOK)
|
|
//json.NewEncoder(w).Encode(result)
|
|
}
|
|
|
|
func CreateNetwork(network models.Network) error {
|
|
//TODO: Not really doing good validation here. Same as createNode, updateNode, and updateNetwork
|
|
//Need to implement some better validation across the board
|
|
|
|
if network.IsLocal == nil {
|
|
falsevar := false
|
|
network.IsLocal = &falsevar
|
|
}
|
|
if network.IsDualStack == nil {
|
|
falsevar := false
|
|
network.IsDualStack = &falsevar
|
|
}
|
|
|
|
err := ValidateNetworkCreate(network)
|
|
if err != nil {
|
|
//returnErrorResponse(w, r, formatError(err, "badrequest"))
|
|
return err
|
|
}
|
|
network.SetDefaults()
|
|
network.SetNodesLastModified()
|
|
network.SetNetworkLastModified()
|
|
network.KeyUpdateTimeStamp = time.Now().Unix()
|
|
|
|
collection := mongoconn.Client.Database("netmaker").Collection("networks")
|
|
ctx, cancel := context.WithTimeout(context.Background(), 10*time.Second)
|
|
|
|
// insert our network into the network table
|
|
_, err = collection.InsertOne(ctx, network)
|
|
defer cancel()
|
|
if err != nil {
|
|
return err
|
|
}
|
|
return nil
|
|
}
|
|
|
|
// BEGIN KEY MANAGEMENT SECTION
|
|
|
|
//TODO: Very little error handling
|
|
//accesskey is created as a json string inside the Network collection item in mongo
|
|
func createAccessKey(w http.ResponseWriter, r *http.Request) {
|
|
w.Header().Set("Content-Type", "application/json")
|
|
var params = mux.Vars(r)
|
|
var accesskey models.AccessKey
|
|
//start here
|
|
network, err := functions.GetParentNetwork(params["networkname"])
|
|
if err != nil {
|
|
returnErrorResponse(w, r, formatError(err, "internal"))
|
|
return
|
|
}
|
|
err = json.NewDecoder(r.Body).Decode(&accesskey)
|
|
if err != nil {
|
|
returnErrorResponse(w, r, formatError(err, "internal"))
|
|
return
|
|
}
|
|
key, err := CreateAccessKey(accesskey, network)
|
|
if err != nil {
|
|
returnErrorResponse(w, r, formatError(err, "badrequest"))
|
|
return
|
|
}
|
|
w.WriteHeader(http.StatusOK)
|
|
json.NewEncoder(w).Encode(key)
|
|
//w.Write([]byte(accesskey.AccessString))
|
|
}
|
|
|
|
func CreateAccessKey(accesskey models.AccessKey, network models.Network) (models.AccessKey, error) {
|
|
if accesskey.Name == "" {
|
|
accesskey.Name = functions.GenKeyName()
|
|
}
|
|
if accesskey.Value == "" {
|
|
accesskey.Value = functions.GenKey()
|
|
}
|
|
if accesskey.Uses == 0 {
|
|
accesskey.Uses = 1
|
|
}
|
|
for _, key := range network.AccessKeys {
|
|
if key.Name == accesskey.Name {
|
|
return models.AccessKey{}, errors.New("Duplicate AccessKey Name")
|
|
}
|
|
}
|
|
|
|
_, gconf, err := functions.GetGlobalConfig()
|
|
if err != nil {
|
|
//returnErrorResponse(w, r, formatError(err, "internal"))
|
|
return models.AccessKey{}, err
|
|
}
|
|
privAddr := ""
|
|
if network.IsLocal != nil {
|
|
if *network.IsLocal {
|
|
privAddr = network.LocalRange
|
|
}
|
|
}
|
|
|
|
//netID := params["networkname"]
|
|
address := gconf.ServerGRPC + gconf.PortGRPC
|
|
accessstringdec := address + "|" + network.NetID + "|" + accesskey.Value + "|" + privAddr
|
|
accesskey.AccessString = base64.StdEncoding.EncodeToString([]byte(accessstringdec))
|
|
//validate accesskey
|
|
v := validator.New()
|
|
err = v.Struct(accesskey)
|
|
if err != nil {
|
|
for _, e := range err.(validator.ValidationErrors) {
|
|
fmt.Println(e)
|
|
}
|
|
return models.AccessKey{}, err
|
|
}
|
|
network.AccessKeys = append(network.AccessKeys, accesskey)
|
|
collection := mongoconn.Client.Database("netmaker").Collection("networks")
|
|
ctx, cancel := context.WithTimeout(context.Background(), 10*time.Second)
|
|
// Create filter
|
|
filter := bson.M{"netid": network.NetID}
|
|
// Read update model from body request
|
|
fmt.Println("Adding key to " + network.NetID)
|
|
// prepare update model.
|
|
update := bson.D{
|
|
{"$set", bson.D{
|
|
{"accesskeys", network.AccessKeys},
|
|
}},
|
|
}
|
|
err = collection.FindOneAndUpdate(ctx, filter, update).Decode(&network)
|
|
defer cancel()
|
|
if err != nil {
|
|
//returnErrorResponse(w, r, formatError(err, "internal"))
|
|
return models.AccessKey{}, err
|
|
}
|
|
return accesskey, nil
|
|
}
|
|
|
|
//pretty simple get
|
|
func getAccessKeys(w http.ResponseWriter, r *http.Request) {
|
|
w.Header().Set("Content-Type", "application/json")
|
|
var params = mux.Vars(r)
|
|
network := params["networkname"]
|
|
keys, err := GetKeys(network)
|
|
if err != nil {
|
|
returnErrorResponse(w, r, formatError(err, "internal"))
|
|
return
|
|
}
|
|
w.WriteHeader(http.StatusOK)
|
|
json.NewEncoder(w).Encode(keys)
|
|
}
|
|
func GetKeys(net string) ([]models.AccessKey, error) {
|
|
|
|
var network models.Network
|
|
collection := mongoconn.Client.Database("netmaker").Collection("networks")
|
|
ctx, cancel := context.WithTimeout(context.Background(), 10*time.Second)
|
|
filter := bson.M{"netid": net}
|
|
err := collection.FindOne(ctx, filter, options.FindOne().SetProjection(bson.M{"_id": 0})).Decode(&network)
|
|
defer cancel()
|
|
if err != nil {
|
|
return []models.AccessKey{}, err
|
|
}
|
|
return network.AccessKeys, nil
|
|
}
|
|
|
|
//delete key. Has to do a little funky logic since it's not a collection item
|
|
func deleteAccessKey(w http.ResponseWriter, r *http.Request) {
|
|
w.Header().Set("Content-Type", "application/json")
|
|
var params = mux.Vars(r)
|
|
keyname := params["name"]
|
|
netname := params["networkname"]
|
|
err := DeleteKey(keyname, netname)
|
|
if err != nil {
|
|
returnErrorResponse(w, r, formatError(err, "badrequest"))
|
|
return
|
|
}
|
|
w.WriteHeader(http.StatusOK)
|
|
}
|
|
func DeleteKey(keyname, netname string) error {
|
|
network, err := functions.GetParentNetwork(netname)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
//basically, turn the list of access keys into the list of access keys before and after the item
|
|
//have not done any error handling for if there's like...1 item. I think it works? need to test.
|
|
found := false
|
|
var updatedKeys []models.AccessKey
|
|
for _, currentkey := range network.AccessKeys {
|
|
if currentkey.Name == keyname {
|
|
found = true
|
|
} else {
|
|
updatedKeys = append(updatedKeys, currentkey)
|
|
}
|
|
}
|
|
if !found {
|
|
return errors.New("key " + keyname + " does not exist")
|
|
}
|
|
|
|
collection := mongoconn.Client.Database("netmaker").Collection("networks")
|
|
ctx, cancel := context.WithTimeout(context.Background(), 10*time.Second)
|
|
// Create filter
|
|
filter := bson.M{"netid": netname}
|
|
// prepare update model.
|
|
update := bson.D{
|
|
{"$set", bson.D{
|
|
{"accesskeys", updatedKeys},
|
|
}},
|
|
}
|
|
err = collection.FindOneAndUpdate(ctx, filter, update).Decode(&network)
|
|
defer cancel()
|
|
if err != nil {
|
|
return err
|
|
}
|
|
return nil
|
|
}
|