gravitl/netmaker
1
1
Fork 0
mirror of https://github.com/gravitl/netmaker.git synced 2025-09-05 20:54:18 +08:00
Code Issues Projects Releases Packages Wiki Activity
netmaker/pro/remote_access_client.go
Abhishek K 309e4795a1
NET-1950: Persist Server Settings in the DB (#3419) 
* feat: api access tokens

* revoke all user tokens

* redefine access token api routes, add auto egress option to enrollment keys

* add server settings apis, add db table for settigs

* handle server settings updates

* switch to using settings from DB

* fix sever settings migration

* revet force migration for settings

* fix server settings database write

* fix revoked tokens to be unauthorized

* remove unused functions

* convert access token to sql schema

* switch access token to sql schema

* fix merge conflicts

* fix server settings types

* bypass basic auth setting for super admin

* add TODO comment

* publish peer update on settings update

* chore(go): import style changes from migration branch;

1. Singular file names for table schema.
2. No table name method.
3. Use .Model instead of .Table.
4. No unnecessary tagging.

* remove nat check on egress gateway request

* Revert "remove nat check on egress gateway request"

This reverts commit 0aff12a189.

* feat(go): add db middleware;

* feat(go): restore method;

* feat(go): add user access token schema;

* fix user auth api:

* re initalise oauth and email config

* set verbosity

* sync auto update settings with hosts

* sync auto update settings with hosts

* mask secret and convert jwt duration to minutes

* convert jwt duration to minutes

* notify peers after settings update

* compare with curr settings before updating

* send host update to devices on auto update

---------

Co-authored-by: Vishal Dalwadi <dalwadivishal26@gmail.com>
2025-04-30 02:34:10 +04:00

95 lines
2.5 KiB
Go
Raw Blame History

//go:build ee
// +build ee
package pro
import (
"fmt"
"time"
"github.com/gravitl/netmaker/logic"
"github.com/gravitl/netmaker/models"
"github.com/gravitl/netmaker/mq"
"golang.org/x/exp/slog"
)
const racAutoDisableCheckInterval = 3 * time.Minute
// AddRacHooks - adds hooks for Remote Access Client
func AddRacHooks() {
slog.Debug("adding RAC autodisable hook")
logic.HookManagerCh <- models.HookDetails{
Hook: racAutoDisableHook,
Interval: racAutoDisableCheckInterval,
}
}
// racAutoDisableHook - checks if RAC is enabled and if it is, checks if it should be disabled
func racAutoDisableHook() error {
slog.Debug("running RAC autodisable hook")
users, err := logic.GetUsers()
if err != nil {
slog.Error("error getting users: ", "error", err)
return err
}
clients, err := logic.GetAllExtClients()
if err != nil {
slog.Error("error getting clients: ", "error", err)
return err
}
currentTime := time.Now()
validityDuration := logic.GetJwtValidityDuration()
for _, user := range users {
if user.PlatformRoleID == models.AdminRole ||
user.PlatformRoleID == models.SuperAdminRole {
continue
}
if !currentTime.After(user.LastLoginTime.Add(validityDuration)) {
continue
}
for _, client := range clients {
if client.RemoteAccessClientID == "" {
continue
}
if (client.OwnerID == user.UserName) &&
client.Enabled {
slog.Info(fmt.Sprintf("disabling ext client %s for user %s due to RAC autodisabling", client.ClientID, client.OwnerID))
if err := disableExtClient(&client); err != nil {
slog.Error("error disabling ext client in RAC autodisable hook", "error", err)
continue // dont return but try for other clients
}
}
}
}
slog.Debug("finished running RAC autodisable hook")
return nil
}
func disableExtClient(client *models.ExtClient) error {
if newClient, err := logic.ToggleExtClientConnectivity(client, false); err != nil {
return err
} else {
// publish peer update to ingress gateway
if ingressNode, err := logic.GetNodeByID(newClient.IngressGatewayID); err == nil {
if err = mq.PublishPeerUpdate(false); err != nil {
slog.Error("error updating ext clients on", "ingress", ingressNode.ID.String(), "err", err.Error())
}
ingressHost, err := logic.GetHost(ingressNode.HostID.String())
if err != nil {
return err
}
nodes, err := logic.GetAllNodes()
if err != nil {
return err
}
go mq.PublishSingleHostPeerUpdate(ingressHost, nodes, nil, []models.ExtClient{*client}, false, nil)
} else {
return err
}
}
return nil
}
Reference in a new issue View git blame Copy permalink