mirror of
https://github.com/gravitl/netmaker.git
synced 2025-09-05 20:54:18 +08:00
3d765f9cf1
* add support for egress ranges on acl policy * add egress ranges to acl rules * add egress ranges to acl policies * Add egress ranges to acl rules * add egress ranges to fw update * fetch acl rules for egress networks * apply egress policies for devices * configure user policies for egresss routes * fix gw tag name migration * fix egress acl rules for static nodes * add egress ranges for static nodes on ingress gw * fileter acl IPs to be unique * cleanup IOT logic from peer update * make acl Rule Dst List * cleanup egress ranges from acl policies * create user group default acl policy for gateways * remove remote access name ids * rm egress ranges removal from acl policies * simplify user permissions on nodes * add additional nameservers to extclient dns * remove debug logs * fix static checks
168 lines
5.6 KiB
Go
168 lines
5.6 KiB
Go
package auth
|
|
|
|
import (
|
|
"fmt"
|
|
"net/http"
|
|
|
|
"github.com/gravitl/netmaker/servercfg"
|
|
)
|
|
|
|
var htmlBaseTemplate = `<!DOCTYPE html>
|
|
<html lang="en">
|
|
|
|
<head>
|
|
<meta charset="UTF-8">
|
|
<meta name="viewport" content="width=device-width, initial-scale=1.0, user-scalable=yes">
|
|
<meta http-equiv="X-UA-Compatible" content="ie=edge">
|
|
<title>Netmaker :: SSO</title>
|
|
<script type="text/javascript">
|
|
function redirect()
|
|
{
|
|
window.location.href="` + fmt.Sprintf("https://dashboard.%s/login", servercfg.GetNmBaseDomain()) + `";
|
|
}
|
|
</script>
|
|
<style>
|
|
html,
|
|
body {
|
|
margin: 0px;
|
|
padding: 0px;
|
|
}
|
|
|
|
body {
|
|
height: 100vh;
|
|
overflow: hidden;
|
|
display: flex;
|
|
flex-flow: column nowrap;
|
|
justify-content: center;
|
|
align-items: center;
|
|
}
|
|
|
|
#logo {
|
|
width: 150px;
|
|
}
|
|
|
|
h3 {
|
|
margin-bottom: 3rem;
|
|
color: rgb(25, 135, 84);
|
|
font-size: xx-large;
|
|
}
|
|
|
|
h4 {
|
|
margin-bottom: 0px;
|
|
}
|
|
|
|
p {
|
|
margin-top: 0px;
|
|
margin-bottom: 0px;
|
|
}
|
|
.back-to-login-btn {
|
|
background: #5E5DF0;
|
|
border-radius: 999px;
|
|
box-shadow: #5E5DF0 0 10px 20px -10px;
|
|
box-sizing: border-box;
|
|
color: #FFFFFF;
|
|
cursor: pointer;
|
|
font-family: Inter,Helvetica,"Apple Color Emoji","Segoe UI Emoji",NotoColorEmoji,"Noto Color Emoji","Segoe UI Symbol","Android Emoji",EmojiSymbols,-apple-system,system-ui,"Segoe UI",Roboto,"Helvetica Neue","Noto Sans",sans-serif;
|
|
font-size: 16px;
|
|
font-weight: 700;
|
|
line-height: 24px;
|
|
opacity: 1;
|
|
outline: 0 solid transparent;
|
|
padding: 8px 18px;
|
|
user-select: none;
|
|
-webkit-user-select: none;
|
|
touch-action: manipulation;
|
|
width: fit-content;
|
|
word-break: break-word;
|
|
border: 0;
|
|
margin: 20px;
|
|
}
|
|
</style>
|
|
</head>
|
|
|
|
<body>
|
|
<img
|
|
src="https://raw.githubusercontent.com/gravitl/netmaker-docs/master/images/netmaker-github/netmaker-teal.png"
|
|
alt="netmaker logo"
|
|
id="logo"
|
|
>
|
|
%s
|
|
<button class="back-to-login-btn" onClick="redirect()" role="button">Back To Login</button>
|
|
|
|
</body>
|
|
</html>`
|
|
|
|
var oauthNotConfigured = fmt.Sprintf(htmlBaseTemplate, `<h2>Your Netmaker server does not have OAuth configured.</h2>
|
|
<p>Please visit the docs <a href="https://docs.netmaker.io/docs/server-installation/integrating-oauth" target="_blank" rel="noopener">here</a> to learn how to.</p>`)
|
|
|
|
var oauthStateInvalid = fmt.Sprintf(htmlBaseTemplate, `<h2>Invalid OAuth Session. Please re-try again.</h2>`)
|
|
|
|
var userNotAllowed = fmt.Sprintf(htmlBaseTemplate, `<h2>Your account does not have access to the dashboard. Please contact your administrator for more information about your account.</h2>
|
|
<p>Non-Admins can access the netmaker networks using <a href="https://docs.netmaker.io/docs/remote-access-client-rac#downloadinstallation" target="_blank" rel="noopener">our Netmaker Desktop App.</a></p>`)
|
|
|
|
var userFirstTimeSignUp = fmt.Sprintf(htmlBaseTemplate, `<h2>Thank you for signing up. Please contact your administrator for access.</h2>`)
|
|
|
|
var userSignUpApprovalPending = fmt.Sprintf(htmlBaseTemplate, `<h2>Your account is yet to be approved. Please contact your administrator for access.</h2>`)
|
|
|
|
var userNotFound = fmt.Sprintf(htmlBaseTemplate, `<h2>User Not Found.</h2>`)
|
|
|
|
var somethingwentwrong = fmt.Sprintf(htmlBaseTemplate, `<h2>Something went wrong. Contact Admin.</h2>`)
|
|
|
|
var notallowedtosignup = fmt.Sprintf(htmlBaseTemplate, `<h2>Your email is not allowed. Please contact your administrator.</h2>`)
|
|
|
|
var authTypeMismatch = fmt.Sprintf(htmlBaseTemplate, `<h2>It looks like you already have an account with us using Basic Authentication.</h2>
|
|
<p>To continue, please log in with your existing credentials or reset your password if needed.</p>`)
|
|
|
|
func handleOauthUserNotFound(response http.ResponseWriter) {
|
|
response.Header().Set("Content-Type", "text/html; charset=utf-8")
|
|
response.WriteHeader(http.StatusNotFound)
|
|
response.Write([]byte(userNotFound))
|
|
}
|
|
|
|
func handleOauthUserNotAllowed(response http.ResponseWriter) {
|
|
response.Header().Set("Content-Type", "text/html; charset=utf-8")
|
|
response.WriteHeader(http.StatusForbidden)
|
|
response.Write([]byte(userNotAllowed))
|
|
}
|
|
func handleFirstTimeOauthUserSignUp(response http.ResponseWriter) {
|
|
response.Header().Set("Content-Type", "text/html; charset=utf-8")
|
|
response.WriteHeader(http.StatusForbidden)
|
|
response.Write([]byte(userFirstTimeSignUp))
|
|
}
|
|
|
|
func handleOauthUserSignUpApprovalPending(response http.ResponseWriter) {
|
|
response.Header().Set("Content-Type", "text/html; charset=utf-8")
|
|
response.WriteHeader(http.StatusForbidden)
|
|
response.Write([]byte(userSignUpApprovalPending))
|
|
}
|
|
|
|
func handleOauthUserNotAllowedToSignUp(response http.ResponseWriter) {
|
|
response.Header().Set("Content-Type", "text/html; charset=utf-8")
|
|
response.WriteHeader(http.StatusForbidden)
|
|
response.Write([]byte(notallowedtosignup))
|
|
}
|
|
|
|
// handleOauthNotConfigured - returns an appropriate html page when oauth is not configured on netmaker server but an oauth login was attempted
|
|
func handleOauthNotConfigured(response http.ResponseWriter) {
|
|
response.Header().Set("Content-Type", "text/html; charset=utf-8")
|
|
response.WriteHeader(http.StatusInternalServerError)
|
|
response.Write([]byte(oauthNotConfigured))
|
|
}
|
|
|
|
func handleOauthNotValid(response http.ResponseWriter) {
|
|
response.Header().Set("Content-Type", "text/html; charset=utf-8")
|
|
response.WriteHeader(http.StatusBadRequest)
|
|
response.Write([]byte(oauthStateInvalid))
|
|
}
|
|
|
|
func handleSomethingWentWrong(response http.ResponseWriter) {
|
|
response.Header().Set("Content-Type", "text/html; charset=utf-8")
|
|
response.WriteHeader(http.StatusInternalServerError)
|
|
response.Write([]byte(somethingwentwrong))
|
|
}
|
|
|
|
func handleAuthTypeMismatch(response http.ResponseWriter) {
|
|
response.Header().Set("Content-Type", "text/html; charset=utf-8")
|
|
response.WriteHeader(http.StatusBadRequest)
|
|
response.Write([]byte(authTypeMismatch))
|
|
}
|