mirror of
https://github.com/gravitl/netmaker.git
synced 2025-09-05 20:54:18 +08:00
307a3d1e4b
* feat: api access tokens
* revoke all user tokens
* redefine access token api routes, add auto egress option to enrollment keys
* add server settings apis, add db table for settigs
* handle server settings updates
* switch to using settings from DB
* fix sever settings migration
* revet force migration for settings
* fix server settings database write
* egress model
* fix revoked tokens to be unauthorized
* update egress model
* remove unused functions
* convert access token to sql schema
* switch access token to sql schema
* fix merge conflicts
* fix server settings types
* bypass basic auth setting for super admin
* add TODO comment
* setup api handlers for egress revamp
* use single DB, fix update nat boolean field
* extend validaiton checks for egress ranges
* add migration to convert to new egress model
* fix panic interface conversion
* publish peer update on settings update
* revoke token generated by an user
* add user token creation restriction by user role
* add forbidden check for access token creation
* revoke user token when group or role is changed
* add default group to admin users on update
* chore(go): import style changes from migration branch;
1. Singular file names for table schema.
2. No table name method.
3. Use .Model instead of .Table.
4. No unnecessary tagging.
* remove nat check on egress gateway request
* Revert "remove nat check on egress gateway request"
This reverts commit 0aff12a189.
* remove nat check on egress gateway request
* feat(go): add db middleware;
* feat(go): restore method;
* feat(go): add user access token schema;
* add inet gw status to egress model
* fetch node ids in the tag, add inet gw info clients
* add inet gw info to node from egress list
* add migration logic internet gws
* create default acl policies
* add egress info
* add egress TODO
* add egress TODO
* fix user auth api:
* add reference id to acl policy
* add egress response from DB
* publish peer update on egress changes
* re initalise oauth and email config
* set verbosity
* normalise cidr on egress req
* add egress id to acl group
* change acls to use egress id
* resolve merge conflicts
* fix egress reference errors
* move egress model to schema
* add api context to DB
* sync auto update settings with hosts
* sync auto update settings with hosts
* check acl for egress node
* check for egress policy in the acl dst groups
* fix acl rules for egress policies with new models
* add status to egress model
* fix inet node func
* mask secret and convert jwt duration to minutes
* enable egress policies on creation
* convert jwt duration to minutes
* add relevant ranges to inet egress
* skip non active egress routes
* resolve merge conflicts
* fix static check
* update gorm tag for primary key on egress model
* create user policies for egress resources
* resolve merge conflicts
* get egress info on failover apis, add egress src validation for inet gws
* add additional validation checks on egress req
* add additional validation checks on egress req
* skip all resources for inet policy
* delete associated egress acl policies
* fix failover of inetclient
* avoid setting inet client asd inet gw
* fix all resource egress policy
* fix inet gw egress rule
* check for node egress on relay req
* fix egress acl rules comms
* add new field for egress info on node
* check acl policy in failover ctx
* avoid default host to be set as inet client
* fix relayed egress node
* add valid error messaging for egress validate func
* return if inet default host
* jump port detection to 51821
* check host ports on pull
* check user access gws via acls
* add validation check for default host and failover for inet clients
* add error messaging for acl policy check
* fix inet gw status
* ignore failover req for peer using inet gw
* check for allowed egress ranges for a peer
* add egress routes to static nodes by access
* avoid setting failvoer as inet client
* fix egress error messaging
* fix extclients egress comms
* fix inet gw acting as inet client
* return formatted error on update acl validation
* add default route for static nodes on inetclient
* check relay node acting as inetclient
* move inet node info to separate field, fix all resouces policy
* remove debug logs
---------
Co-authored-by: Vishal Dalwadi <dalwadivishal26@gmail.com>
384 lines
13 KiB
Go
384 lines
13 KiB
Go
package models
|
|
|
|
import (
|
|
"net"
|
|
"strings"
|
|
"time"
|
|
|
|
jwt "github.com/golang-jwt/jwt/v4"
|
|
"golang.zx2c4.com/wireguard/wgctrl/wgtypes"
|
|
)
|
|
|
|
const (
|
|
// PLACEHOLDER_KEY_TEXT - access key placeholder text if option turned off
|
|
PLACEHOLDER_KEY_TEXT = "ACCESS_KEY"
|
|
// PLACEHOLDER_TOKEN_TEXT - access key token placeholder text if option turned off
|
|
PLACEHOLDER_TOKEN_TEXT = "ACCESS_TOKEN"
|
|
)
|
|
|
|
// AuthParams - struct for auth params
|
|
type AuthParams struct {
|
|
MacAddress string `json:"macaddress"`
|
|
ID string `json:"id"`
|
|
Password string `json:"password"`
|
|
}
|
|
|
|
// IngressGwUsers - struct to hold users on a ingress gw
|
|
type IngressGwUsers struct {
|
|
NodeID string `json:"node_id"`
|
|
Network string `json:"network"`
|
|
Users []ReturnUser `json:"users"`
|
|
}
|
|
|
|
// UserRemoteGws - struct to hold user's remote gws
|
|
type UserRemoteGws struct {
|
|
GwID string `json:"remote_access_gw_id"`
|
|
GWName string `json:"gw_name"`
|
|
Network string `json:"network"`
|
|
Connected bool `json:"connected"`
|
|
IsInternetGateway bool `json:"is_internet_gateway"`
|
|
GwClient ExtClient `json:"gw_client"`
|
|
GwPeerPublicKey string `json:"gw_peer_public_key"`
|
|
GwListenPort int `json:"gw_listen_port"`
|
|
Metadata string `json:"metadata"`
|
|
AllowedEndpoints []string `json:"allowed_endpoints"`
|
|
NetworkAddresses []string `json:"network_addresses"`
|
|
Status NodeStatus `json:"status"`
|
|
DnsAddress string `json:"dns_address"`
|
|
Addresses string `json:"addresses"`
|
|
}
|
|
|
|
// UserRAGs - struct for user access gws
|
|
type UserRAGs struct {
|
|
GwID string `json:"remote_access_gw_id"`
|
|
GWName string `json:"gw_name"`
|
|
Network string `json:"network"`
|
|
Connected bool `json:"connected"`
|
|
IsInternetGateway bool `json:"is_internet_gateway"`
|
|
Metadata string `json:"metadata"`
|
|
}
|
|
|
|
// UserRemoteGwsReq - struct to hold user remote acccess gws req
|
|
type UserRemoteGwsReq struct {
|
|
RemoteAccessClientID string `json:"remote_access_clientid"`
|
|
}
|
|
|
|
// SuccessfulUserLoginResponse - successlogin struct
|
|
type SuccessfulUserLoginResponse struct {
|
|
UserName string
|
|
AuthToken string
|
|
}
|
|
|
|
// Claims is a struct that will be encoded to a JWT.
|
|
// jwt.StandardClaims is an embedded type to provide expiry time
|
|
type Claims struct {
|
|
ID string
|
|
MacAddress string
|
|
Network string
|
|
jwt.RegisteredClaims
|
|
}
|
|
|
|
// SuccessfulLoginResponse is struct to send the request response
|
|
type SuccessfulLoginResponse struct {
|
|
ID string
|
|
AuthToken string
|
|
}
|
|
|
|
// ErrorResponse is struct for error
|
|
type ErrorResponse struct {
|
|
Code int
|
|
Message string
|
|
}
|
|
|
|
// NodeAuth - struct for node auth
|
|
type NodeAuth struct {
|
|
Network string
|
|
Password string
|
|
MacAddress string // Depricated
|
|
ID string
|
|
}
|
|
|
|
// SuccessResponse is struct for sending error message with code.
|
|
type SuccessResponse struct {
|
|
Code int
|
|
Message string
|
|
Response interface{}
|
|
}
|
|
|
|
// DisplayKey - what is displayed for key
|
|
type DisplayKey struct {
|
|
Name string `json:"name" bson:"name"`
|
|
Uses int `json:"uses" bson:"uses"`
|
|
}
|
|
|
|
// GlobalConfig - global config
|
|
type GlobalConfig struct {
|
|
Name string `json:"name" bson:"name"`
|
|
}
|
|
|
|
// CheckInResponse - checkin response
|
|
type CheckInResponse struct {
|
|
Success bool `json:"success" bson:"success"`
|
|
NeedPeerUpdate bool `json:"needpeerupdate" bson:"needpeerupdate"`
|
|
NeedConfigUpdate bool `json:"needconfigupdate" bson:"needconfigupdate"`
|
|
NeedKeyUpdate bool `json:"needkeyupdate" bson:"needkeyupdate"`
|
|
NeedDelete bool `json:"needdelete" bson:"needdelete"`
|
|
NodeMessage string `json:"nodemessage" bson:"nodemessage"`
|
|
IsPending bool `json:"ispending" bson:"ispending"`
|
|
}
|
|
|
|
// PeersResponse - peers response
|
|
type PeersResponse struct {
|
|
PublicKey string `json:"publickey" bson:"publickey"`
|
|
Endpoint string `json:"endpoint" bson:"endpoint"`
|
|
Address string `json:"address" bson:"address"`
|
|
Address6 string `json:"address6" bson:"address6"`
|
|
LocalAddress string `json:"localaddress" bson:"localaddress"`
|
|
LocalListenPort int32 `json:"locallistenport" bson:"locallistenport"`
|
|
IsEgressGateway string `json:"isegressgateway" bson:"isegressgateway"`
|
|
EgressGatewayRanges string `json:"egressgatewayrange" bson:"egressgatewayrange"`
|
|
ListenPort int32 `json:"listenport" bson:"listenport"`
|
|
KeepAlive int32 `json:"persistentkeepalive" bson:"persistentkeepalive"`
|
|
}
|
|
|
|
// ExtPeersResponse - ext peers response
|
|
type ExtPeersResponse struct {
|
|
PublicKey string `json:"publickey" bson:"publickey"`
|
|
Endpoint string `json:"endpoint" bson:"endpoint"`
|
|
Address string `json:"address" bson:"address"`
|
|
Address6 string `json:"address6" bson:"address6"`
|
|
LocalAddress string `json:"localaddress" bson:"localaddress"`
|
|
LocalListenPort int32 `json:"locallistenport" bson:"locallistenport"`
|
|
ListenPort int32 `json:"listenport" bson:"listenport"`
|
|
KeepAlive int32 `json:"persistentkeepalive" bson:"persistentkeepalive"`
|
|
}
|
|
|
|
type EgressRangeMetric struct {
|
|
Network string `json:"network"`
|
|
RouteMetric uint32 `json:"route_metric"` // preffered range 1-999
|
|
Nat bool `json:"nat"`
|
|
}
|
|
|
|
// EgressGatewayRequest - egress gateway request
|
|
type EgressGatewayRequest struct {
|
|
NodeID string `json:"nodeid" bson:"nodeid"`
|
|
NetID string `json:"netid" bson:"netid"`
|
|
NatEnabled string `json:"natenabled" bson:"natenabled"`
|
|
Ranges []string `json:"ranges" bson:"ranges"`
|
|
RangesWithMetric []EgressRangeMetric `json:"ranges_with_metric"`
|
|
}
|
|
|
|
// RelayRequest - relay request struct
|
|
type RelayRequest struct {
|
|
NodeID string `json:"nodeid"`
|
|
NetID string `json:"netid"`
|
|
RelayedNodes []string `json:"relayaddrs"`
|
|
}
|
|
|
|
// HostRelayRequest - struct for host relay creation
|
|
type HostRelayRequest struct {
|
|
HostID string `json:"host_id"`
|
|
RelayedHosts []string `json:"relayed_hosts"`
|
|
}
|
|
|
|
// IngressRequest - ingress request struct
|
|
type IngressRequest struct {
|
|
ExtclientDNS string `json:"extclientdns"`
|
|
IsInternetGateway bool `json:"is_internet_gw"`
|
|
Metadata string `json:"metadata"`
|
|
PersistentKeepalive int32 `json:"persistentkeepalive"`
|
|
MTU int32 `json:"mtu"`
|
|
}
|
|
|
|
// InetNodeReq - exit node request struct
|
|
type InetNodeReq struct {
|
|
InetNodeClientIDs []string `json:"inet_node_client_ids"`
|
|
}
|
|
|
|
// ServerUpdateData - contains data to configure server
|
|
// and if it should set peers
|
|
type ServerUpdateData struct {
|
|
UpdatePeers bool `json:"updatepeers" bson:"updatepeers"`
|
|
Node LegacyNode `json:"servernode" bson:"servernode"`
|
|
}
|
|
|
|
// Telemetry - contains UUID of the server and timestamp of last send to posthog
|
|
// also contains assymetrical encryption pub/priv keys for any server traffic
|
|
type Telemetry struct {
|
|
UUID string `json:"uuid" bson:"uuid"`
|
|
LastSend int64 `json:"lastsend" bson:"lastsend" swaggertype:"primitive,integer" format:"int64"`
|
|
TrafficKeyPriv []byte `json:"traffickeypriv" bson:"traffickeypriv"`
|
|
TrafficKeyPub []byte `json:"traffickeypub" bson:"traffickeypub"`
|
|
}
|
|
|
|
// ServerAddr - to pass to clients to tell server addresses and if it's the leader or not
|
|
type ServerAddr struct {
|
|
IsLeader bool `json:"isleader" bson:"isleader" yaml:"isleader"`
|
|
Address string `json:"address" bson:"address" yaml:"address"`
|
|
}
|
|
|
|
// TrafficKeys - struct to hold public keys
|
|
type TrafficKeys struct {
|
|
Mine []byte `json:"mine" bson:"mine" yaml:"mine"`
|
|
Server []byte `json:"server" bson:"server" yaml:"server"`
|
|
}
|
|
|
|
// HostPull - response of a host's pull
|
|
type HostPull struct {
|
|
Host Host `json:"host" yaml:"host"`
|
|
Nodes []Node `json:"nodes" yaml:"nodes"`
|
|
Peers []wgtypes.PeerConfig `json:"peers" yaml:"peers"`
|
|
ServerConfig ServerConfig `json:"server_config" yaml:"server_config"`
|
|
PeerIDs PeerMap `json:"peer_ids,omitempty" yaml:"peer_ids,omitempty"`
|
|
HostNetworkInfo HostInfoMap `json:"host_network_info,omitempty" yaml:"host_network_info,omitempty"`
|
|
EgressRoutes []EgressNetworkRoutes `json:"egress_network_routes"`
|
|
FwUpdate FwUpdate `json:"fw_update"`
|
|
ChangeDefaultGw bool `json:"change_default_gw"`
|
|
DefaultGwIp net.IP `json:"default_gw_ip"`
|
|
IsInternetGw bool `json:"is_inet_gw"`
|
|
EndpointDetection bool `json:"endpoint_detection"`
|
|
}
|
|
|
|
type DefaultGwInfo struct {
|
|
}
|
|
|
|
// NodeGet - struct for a single node get response
|
|
type NodeGet struct {
|
|
Node Node `json:"node" bson:"node" yaml:"node"`
|
|
Host Host `json:"host" yaml:"host"`
|
|
Peers []wgtypes.PeerConfig `json:"peers" bson:"peers" yaml:"peers"`
|
|
HostPeers []wgtypes.PeerConfig `json:"host_peers" bson:"host_peers" yaml:"host_peers"`
|
|
ServerConfig ServerConfig `json:"serverconfig" bson:"serverconfig" yaml:"serverconfig"`
|
|
PeerIDs PeerMap `json:"peerids,omitempty" bson:"peerids,omitempty" yaml:"peerids,omitempty"`
|
|
}
|
|
|
|
// NodeJoinResponse data returned to node in response to join
|
|
type NodeJoinResponse struct {
|
|
Node Node `json:"node" bson:"node" yaml:"node"`
|
|
Host Host `json:"host" yaml:"host"`
|
|
ServerConfig ServerConfig `json:"serverconfig" bson:"serverconfig" yaml:"serverconfig"`
|
|
Peers []wgtypes.PeerConfig `json:"peers" bson:"peers" yaml:"peers"`
|
|
}
|
|
|
|
// ServerConfig - struct for dealing with the server information for a netclient
|
|
type ServerConfig struct {
|
|
CoreDNSAddr string `yaml:"corednsaddr"`
|
|
API string `yaml:"api"`
|
|
APIHost string `yaml:"apihost"`
|
|
APIPort string `yaml:"apiport"`
|
|
DNSMode string `yaml:"dnsmode"`
|
|
Version string `yaml:"version"`
|
|
MQPort string `yaml:"mqport"`
|
|
MQUserName string `yaml:"mq_username"`
|
|
MQPassword string `yaml:"mq_password"`
|
|
BrokerType string `yaml:"broker_type"`
|
|
Server string `yaml:"server"`
|
|
Broker string `yaml:"broker"`
|
|
IsPro bool `yaml:"isee" json:"Is_EE"`
|
|
TrafficKey []byte `yaml:"traffickey"`
|
|
MetricInterval string `yaml:"metric_interval"`
|
|
MetricsPort int `yaml:"metrics_port"`
|
|
ManageDNS bool `yaml:"manage_dns"`
|
|
Stun bool `yaml:"stun"`
|
|
StunServers string `yaml:"stun_servers"`
|
|
EndpointDetection bool `yaml:"endpoint_detection"`
|
|
DefaultDomain string `yaml:"default_domain"`
|
|
}
|
|
|
|
// User.NameInCharset - returns if name is in charset below or not
|
|
func (user *User) NameInCharSet() bool {
|
|
charset := "abcdefghijklmnopqrstuvwxyz1234567890-."
|
|
for _, char := range user.UserName {
|
|
if !strings.Contains(charset, strings.ToLower(string(char))) {
|
|
return false
|
|
}
|
|
}
|
|
return true
|
|
}
|
|
|
|
// ServerIDs - struct to hold server ids.
|
|
type ServerIDs struct {
|
|
ServerIDs []string `json:"server_ids"`
|
|
}
|
|
|
|
// JoinData - struct to hold data required for node to join a network on server
|
|
type JoinData struct {
|
|
Host Host `json:"host" yaml:"host"`
|
|
Node Node `json:"node" yaml:"node"`
|
|
Key string `json:"key" yaml:"key"`
|
|
}
|
|
|
|
// HookDetails - struct to hold hook info
|
|
type HookDetails struct {
|
|
Hook func() error
|
|
Interval time.Duration
|
|
}
|
|
|
|
// LicenseLimits - struct license limits
|
|
type LicenseLimits struct {
|
|
Servers int `json:"servers"`
|
|
Users int `json:"users"`
|
|
Hosts int `json:"hosts"`
|
|
Clients int `json:"clients"`
|
|
Networks int `json:"networks"`
|
|
}
|
|
|
|
type SignInReqDto struct {
|
|
FormFields FormFields `json:"formFields"`
|
|
}
|
|
|
|
type FormField struct {
|
|
Id string `json:"id"`
|
|
Value any `json:"value"`
|
|
}
|
|
|
|
type FormFields []FormField
|
|
|
|
type SignInResDto struct {
|
|
Status string `json:"status"`
|
|
User User `json:"user"`
|
|
}
|
|
|
|
type TenantLoginResDto struct {
|
|
Code int `json:"code"`
|
|
Message string `json:"message"`
|
|
Response struct {
|
|
UserName string `json:"UserName"`
|
|
AuthToken string `json:"AuthToken"`
|
|
} `json:"response"`
|
|
}
|
|
|
|
type SsoLoginReqDto struct {
|
|
OauthProvider string `json:"oauthprovider"`
|
|
}
|
|
|
|
type SsoLoginResDto struct {
|
|
User string `json:"UserName"`
|
|
AuthToken string `json:"AuthToken"`
|
|
}
|
|
|
|
type SsoLoginData struct {
|
|
Expiration time.Time `json:"expiration"`
|
|
OauthProvider string `json:"oauthprovider,omitempty"`
|
|
OauthCode string `json:"oauthcode,omitempty"`
|
|
Username string `json:"username,omitempty"`
|
|
AmbAccessToken string `json:"ambaccesstoken,omitempty"`
|
|
}
|
|
|
|
type LoginReqDto struct {
|
|
Email string `json:"email"`
|
|
TenantID string `json:"tenant_id"`
|
|
}
|
|
|
|
const (
|
|
ResHeaderKeyStAccessToken = "St-Access-Token"
|
|
)
|
|
|
|
type GetClientConfReqDto struct {
|
|
PreferredIp string `json:"preferred_ip"`
|
|
}
|
|
|
|
type RsrcURLInfo struct {
|
|
Method string
|
|
Path string
|
|
}
|