zishuo/netmaker
1
0
Fork 0
mirror of https://github.com/gravitl/netmaker.git synced 2025-10-16 05:41:13 +08:00
Code Issues Packages Projects Releases Wiki Activity

removed references to AccessKey model

Browse Source
This commit is contained in:
0xdcarns
2023-03-13 16:02:44 -04:00
parent bcbe355281
commit 0b7df753f7
19 changed files with 119 additions and 1047 deletions
Download Patch File Download Diff File Expand all files Collapse all files

82
auth/nodecallback.go
View File

@@ -106,12 +106,12 @@ func HandleNodeSSOCallback(w http.ResponseWriter, r *http.Request) {
var answer string var answer string
// The registation logic is starting here: // The registation logic is starting here:
// we request access key with 1 use for the required network // we request access key with 1 use for the required network
accessToken, err := requestAccessKey(reqKeyIf.Network, 1, userClaims.getUserName()) // accessToken, err := requestAccessKey(reqKeyIf.Network, 1, userClaims.getUserName())
if err != nil { // if err != nil {
answer = fmt.Sprintf("Error from the netmaker controller %s", err.Error()) // answer = fmt.Sprintf("Error from the netmaker controller %s", err.Error())
} else { // } else {
answer = fmt.Sprintf("AccessToken: %s", accessToken) // answer = fmt.Sprintf("AccessToken: %s", accessToken)
} // }
logger.Log(0, "Updating the token for the client request ... ") logger.Log(0, "Updating the token for the client request ... ")
// Give the user the access token via Pass in the DB // Give the user the access token via Pass in the DB
reqKeyIf.Pass = answer reqKeyIf.Pass = answer
@@ -184,44 +184,44 @@ func RegisterNodeSSO(w http.ResponseWriter, r *http.Request) {
// == private == // == private ==
// API to create an access key for a given network with a given name // API to create an access key for a given network with a given name
func requestAccessKey(network string, uses int, name string) (accessKey string, err error) { // func requestAccessKey(network string, uses int, name string) (accessKey string, err error) {
var sAccessKey models.AccessKey // var sAccessKey models.AccessKey
var sNetwork models.Network // var sNetwork models.Network
sNetwork, err = logic.GetParentNetwork(network) // sNetwork, err = logic.GetParentNetwork(network)
if err != nil { // if err != nil {
logger.Log(0, "err calling GetParentNetwork API=%s", err.Error()) // logger.Log(0, "err calling GetParentNetwork API=%s", err.Error())
return "", fmt.Errorf("internal controller error %s", err.Error()) // return "", fmt.Errorf("internal controller error %s", err.Error())
} // }
// If a key already exists, we recreate it. // // If a key already exists, we recreate it.
// @TODO Is that a preferred handling ? We could also trying to re-use. // // @TODO Is that a preferred handling ? We could also trying to re-use.
// can happen if user started log in but did not finish // // can happen if user started log in but did not finish
for _, currentkey := range sNetwork.AccessKeys { // for _, currentkey := range sNetwork.AccessKeys {
if currentkey.Name == name { // if currentkey.Name == name {
logger.Log(0, "erasing existing AccessKey for: ", name) // logger.Log(0, "erasing existing AccessKey for: ", name)
err = logic.DeleteKey(currentkey.Name, network) // err = logic.DeleteKey(currentkey.Name, network)
if err != nil { // if err != nil {
logger.Log(0, "err calling CreateAccessKey API ", err.Error()) // logger.Log(0, "err calling CreateAccessKey API ", err.Error())
return "", fmt.Errorf("key already exists. Contact admin to resolve") // return "", fmt.Errorf("key already exists. Contact admin to resolve")
} // }
break // break
} // }
} // }
// Only one usage is needed - for the next time new access key will be required // // Only one usage is needed - for the next time new access key will be required
// it will be created next time after another IdP approval // // it will be created next time after another IdP approval
sAccessKey.Uses = 1 // sAccessKey.Uses = 1
sAccessKey.Name = name // sAccessKey.Name = name
accessToken, err := logic.CreateAccessKey(sAccessKey, sNetwork) // accessToken, err := logic.CreateAccessKey(sAccessKey, sNetwork)
if err != nil { // if err != nil {
logger.Log(0, "err calling CreateAccessKey API ", err.Error()) // logger.Log(0, "err calling CreateAccessKey API ", err.Error())
return "", fmt.Errorf("error from the netmaker controller %s", err.Error()) // return "", fmt.Errorf("error from the netmaker controller %s", err.Error())
} else { // } else {
logger.Log(1, "created access key", sAccessKey.Name, "on", network) // logger.Log(1, "created access key", sAccessKey.Name, "on", network)
} // }
return accessToken.AccessString, nil // return accessToken.AccessString, nil
} // }
func isUserIsAllowed(username, network string, shouldAddUser bool) (*models.User, error) { func isUserIsAllowed(username, network string, shouldAddUser bool) (*models.User, error) {

9
auth/nodesession.go
View File

@@ -85,7 +85,7 @@ func SessionHandler(conn *websocket.Conn) {
} }
return return
} }
user, err := isUserIsAllowed(loginMessage.User, loginMessage.Network, false) _, err = isUserIsAllowed(loginMessage.User, loginMessage.Network, false)
if err != nil { if err != nil {
err = conn.WriteMessage(websocket.CloseMessage, websocket.FormatCloseMessage(websocket.CloseNormalClosure, "")) err = conn.WriteMessage(websocket.CloseMessage, websocket.FormatCloseMessage(websocket.CloseNormalClosure, ""))
if err != nil { if err != nil {
@@ -93,12 +93,7 @@ func SessionHandler(conn *websocket.Conn) {
} }
return return
} }
accessToken, err := requestAccessKey(loginMessage.Network, 1, user.UserName)
if err != nil {
req.Pass = fmt.Sprintf("Error from the netmaker controller %s", err.Error())
} else {
req.Pass = fmt.Sprintf("AccessToken: %s", accessToken)
}
// Give the user the access token via Pass in the DB // Give the user the access token via Pass in the DB
if err = netcache.Set(stateStr, req); err != nil { if err = netcache.Set(stateStr, req); err != nil {
logger.Log(0, "machine failed to complete join on network,", loginMessage.Network, "-", err.Error()) logger.Log(0, "machine failed to complete join on network,", loginMessage.Network, "-", err.Error())

35
cli/cmd/keys/create.go
View File

@@ -1,35 +0,0 @@
package keys
import (
"log"
"strconv"
"github.com/gravitl/netmaker/cli/functions"
"github.com/gravitl/netmaker/models"
"github.com/spf13/cobra"
)
var keyName string
var keysCreateCmd = &cobra.Command{
Use: "create [NETWORK NAME] [NUM USES]",
Args: cobra.ExactArgs(2),
Short: "Create an access key",
Long: `Create an access key`,
Run: func(cmd *cobra.Command, args []string) {
keyUses, err := strconv.ParseInt(args[1], 10, 64)
if err != nil {
log.Fatal(err)
}
key := &models.AccessKey{Uses: int(keyUses)}
if keyName != "" {
key.Name = keyName
}
functions.PrettyPrint(functions.CreateKey(args[0], key))
},
}
func init() {
keysCreateCmd.Flags().StringVar(&keyName, "name", "", "Name of the key")
rootCmd.AddCommand(keysCreateCmd)
}

23
cli/cmd/keys/delete.go
View File

@@ -1,23 +0,0 @@
package keys
import (
"fmt"
"github.com/gravitl/netmaker/cli/functions"
"github.com/spf13/cobra"
)
var keysDeleteCmd = &cobra.Command{
Use: "delete [NETWORK NAME] [KEY NAME]",
Args: cobra.ExactArgs(2),
Short: "Delete a key",
Long: `Delete a key`,
Run: func(cmd *cobra.Command, args []string) {
functions.DeleteKey(args[0], args[1])
fmt.Println("Success")
},
}
func init() {
rootCmd.AddCommand(keysDeleteCmd)
}

20
cli/cmd/keys/list.go
View File

@@ -1,20 +0,0 @@
package keys
import (
"github.com/gravitl/netmaker/cli/functions"
"github.com/spf13/cobra"
)
var keysListCmd = &cobra.Command{
Use: "list [NETWORK NAME]",
Args: cobra.ExactArgs(1),
Short: "List all keys associated with a network",
Long: `List all keys associated with a network`,
Run: func(cmd *cobra.Command, args []string) {
functions.PrettyPrint(functions.GetKeys(args[0]))
},
}
func init() {
rootCmd.AddCommand(keysListCmd)
}

28
cli/cmd/keys/root.go
View File

@@ -1,28 +0,0 @@
package keys
import (
"os"
"github.com/spf13/cobra"
)
// rootCmd represents the base command when called without any subcommands
var rootCmd = &cobra.Command{
Use: "keys",
Short: "Manage access keys associated with a network",
Long: `Manage access keys associated with a network`,
}
// GetRoot returns the root subcommand
func GetRoot() *cobra.Command {
return rootCmd
}
// Execute adds all child commands to the root command and sets flags appropriately.
// This is called by main.main(). It only needs to happen once to the rootCmd.
func Execute() {
err := rootCmd.Execute()
if err != nil {
os.Exit(1)
}
}

2
cli/cmd/root.go
View File

@@ -10,7 +10,6 @@ import (
"github.com/gravitl/netmaker/cli/cmd/enrollment_key" "github.com/gravitl/netmaker/cli/cmd/enrollment_key"
"github.com/gravitl/netmaker/cli/cmd/ext_client" "github.com/gravitl/netmaker/cli/cmd/ext_client"
"github.com/gravitl/netmaker/cli/cmd/host" "github.com/gravitl/netmaker/cli/cmd/host"
"github.com/gravitl/netmaker/cli/cmd/keys"
"github.com/gravitl/netmaker/cli/cmd/metrics" "github.com/gravitl/netmaker/cli/cmd/metrics"
"github.com/gravitl/netmaker/cli/cmd/network" "github.com/gravitl/netmaker/cli/cmd/network"
"github.com/gravitl/netmaker/cli/cmd/network_user" "github.com/gravitl/netmaker/cli/cmd/network_user"
@@ -47,7 +46,6 @@ func init() {
// Bind subcommands here // Bind subcommands here
rootCmd.AddCommand(network.GetRoot()) rootCmd.AddCommand(network.GetRoot())
rootCmd.AddCommand(context.GetRoot()) rootCmd.AddCommand(context.GetRoot())
rootCmd.AddCommand(keys.GetRoot())
rootCmd.AddCommand(acl.GetRoot()) rootCmd.AddCommand(acl.GetRoot())
rootCmd.AddCommand(node.GetRoot()) rootCmd.AddCommand(node.GetRoot())
rootCmd.AddCommand(dns.GetRoot()) rootCmd.AddCommand(dns.GetRoot())

23
cli/functions/keys.go
View File

@@ -1,23 +0,0 @@
package functions
import (
"fmt"
"net/http"
"github.com/gravitl/netmaker/models"
)
// GetKeys - fetch all access keys of a network
func GetKeys(networkName string) *[]models.AccessKey {
return request[[]models.AccessKey](http.MethodGet, fmt.Sprintf("/api/networks/%s/keys", networkName), nil)
}
// CreateKey - create an access key
func CreateKey(networkName string, key *models.AccessKey) *models.AccessKey {
return request[models.AccessKey](http.MethodPost, fmt.Sprintf("/api/networks/%s/keys", networkName), key)
}
// DeleteKey - delete an access key
func DeleteKey(networkName, keyName string) {
request[string](http.MethodDelete, fmt.Sprintf("/api/networks/%s/keys/%s", networkName, keyName), nil)
}

24
controllers/docs.go
View File

@@ -203,27 +203,6 @@ type networkBodyResponse struct {
Network models.Network `json:"network"` Network models.Network `json:"network"`
} }
// swagger:parameters createAccessKey
type accessKeyBodyParam struct {
// Access Key
// in: body
AccessKey models.AccessKey `json:"access_key"`
}
// swagger:response accessKeyBodyResponse
type accessKeyBodyResponse struct {
// Access Key
// in: body
AccessKey models.AccessKey `json:"access_key"`
}
// swagger:response accessKeySliceBodyResponse
type accessKeySliceBodyResponse struct {
// Access Keys
// in: body
AccessKey []models.AccessKey `json:"access_key"`
}
// swagger:parameters updateNetworkACL getNetworkACL // swagger:parameters updateNetworkACL getNetworkACL
type aclContainerBodyParam struct { type aclContainerBodyParam struct {
// ACL Container // ACL Container
@@ -373,9 +352,6 @@ func useUnused() bool {
_ = networkPathParam{} _ = networkPathParam{}
_ = networkAccessKeyNamePathParam{} _ = networkAccessKeyNamePathParam{}
_ = networkBodyResponse{} _ = networkBodyResponse{}
_ = accessKeyBodyParam{}
_ = accessKeyBodyResponse{}
_ = accessKeySliceBodyResponse{}
_ = aclContainerBodyParam{} _ = aclContainerBodyParam{}
_ = aclContainerResponse{} _ = aclContainerResponse{}
_ = nodeSliceResponse{} _ = nodeSliceResponse{}

157
controllers/migrate.go
View File

@@ -1,17 +1,7 @@
package controller package controller
import ( import (
"encoding/json"
"io"
"net/http" "net/http"
"strings"
"github.com/gorilla/mux"
"github.com/gravitl/netmaker/database"
"github.com/gravitl/netmaker/logger"
"github.com/gravitl/netmaker/logic"
"github.com/gravitl/netmaker/models"
"golang.org/x/crypto/bcrypt"
) )
// swagger:route PUT /api/nodes/{network}/{nodeid}/migrate nodes migrateNode // swagger:route PUT /api/nodes/{network}/{nodeid}/migrate nodes migrateNode
@@ -26,78 +16,79 @@ import (
// Responses: // Responses:
// 200: nodeJoinResponse // 200: nodeJoinResponse
func migrate(w http.ResponseWriter, r *http.Request) { func migrate(w http.ResponseWriter, r *http.Request) {
// TODO adapt with enrollment-keys or re-think how this works
// we decode our body request params // we decode our body request params
data := models.MigrationData{} // data := models.MigrationData{}
err := json.NewDecoder(r.Body).Decode(&data) // err := json.NewDecoder(r.Body).Decode(&data)
if err != nil { // if err != nil {
logger.Log(0, r.Header.Get("user"), "error decoding request body: ", err.Error()) // logger.Log(0, r.Header.Get("user"), "error decoding request body: ", err.Error())
logic.ReturnErrorResponse(w, r, logic.FormatError(err, "badrequest")) // logic.ReturnErrorResponse(w, r, logic.FormatError(err, "badrequest"))
return // return
} // }
params := mux.Vars(r) // params := mux.Vars(r)
//check authorization // //check authorization
record, err := database.FetchRecord(database.NODES_TABLE_NAME, data.LegacyNodeID) // record, err := database.FetchRecord(database.NODES_TABLE_NAME, data.LegacyNodeID)
if err != nil { // if err != nil {
logger.Log(0, "no record for legacy node", data.LegacyNodeID, err.Error()) // logger.Log(0, "no record for legacy node", data.LegacyNodeID, err.Error())
logic.ReturnErrorResponse(w, r, logic.FormatError(err, "badrequest")) // logic.ReturnErrorResponse(w, r, logic.FormatError(err, "badrequest"))
return // return
} // }
var legacyNode models.LegacyNode // var legacyNode models.LegacyNode
if err = json.Unmarshal([]byte(record), &legacyNode); err != nil { // if err = json.Unmarshal([]byte(record), &legacyNode); err != nil {
logger.Log(0, "error decoding legacy node", err.Error()) // logger.Log(0, "error decoding legacy node", err.Error())
logic.ReturnErrorResponse(w, r, logic.FormatError(err, "badrequest")) // logic.ReturnErrorResponse(w, r, logic.FormatError(err, "badrequest"))
return // return
} // }
if err := bcrypt.CompareHashAndPassword([]byte(legacyNode.Password), []byte(data.Password)); err != nil { // if err := bcrypt.CompareHashAndPassword([]byte(legacyNode.Password), []byte(data.Password)); err != nil {
logger.Log(0, "error decoding legacy password", err.Error()) // logger.Log(0, "error decoding legacy password", err.Error())
logic.ReturnErrorResponse(w, r, logic.FormatError(err, "unauthorized")) // logic.ReturnErrorResponse(w, r, logic.FormatError(err, "unauthorized"))
return // return
} // }
network, err := logic.GetNetwork(params["network"]) // network, err := logic.GetNetwork(params["network"])
if err != nil { // if err != nil {
logger.Log(0, "error retrieving network: ", err.Error()) // logger.Log(0, "error retrieving network: ", err.Error())
logic.ReturnErrorResponse(w, r, logic.FormatError(err, "badrequest")) // logic.ReturnErrorResponse(w, r, logic.FormatError(err, "badrequest"))
return // return
} // }
key, err := logic.CreateAccessKey(models.AccessKey{}, network) // key, err := logic.CreateAccessKey(models.AccessKey{}, network)
if err != nil { // if err != nil {
logger.Log(0, "error creating key: ", err.Error()) // logger.Log(0, "error creating key: ", err.Error())
logic.ReturnErrorResponse(w, r, logic.FormatError(err, "badrequest")) // logic.ReturnErrorResponse(w, r, logic.FormatError(err, "badrequest"))
return // return
} // }
data.JoinData.Key = key.Value // data.JoinData.Key = key.Value
payload, err := json.Marshal(data.JoinData) // payload, err := json.Marshal(data.JoinData)
if err != nil { // if err != nil {
logger.Log(0, "error encoding data: ", err.Error()) // logger.Log(0, "error encoding data: ", err.Error())
logic.ReturnErrorResponse(w, r, logic.FormatError(err, "badrequest")) // logic.ReturnErrorResponse(w, r, logic.FormatError(err, "badrequest"))
return // return
} // }
r.Body = io.NopCloser(strings.NewReader(string(payload))) // r.Body = io.NopCloser(strings.NewReader(string(payload)))
r.ContentLength = int64(len(string(payload))) // r.ContentLength = int64(len(string(payload)))
logger.Log(3, "deleteing legacy node", data.LegacyNodeID, legacyNode.ID, legacyNode.Name) // logger.Log(3, "deleteing legacy node", data.LegacyNodeID, legacyNode.ID, legacyNode.Name)
if err := database.DeleteRecord(database.NODES_TABLE_NAME, data.LegacyNodeID); err != nil { // if err := database.DeleteRecord(database.NODES_TABLE_NAME, data.LegacyNodeID); err != nil {
logger.Log(0, "error deleting legacy node", legacyNode.Name, err.Error()) // logger.Log(0, "error deleting legacy node", legacyNode.Name, err.Error())
} // }
createNode(w, r) // // createNode(w, r) should not have been tied to another handler func
//newly created node has same node id as legacy node allowing using legacyNode.ID in gateway creation // //newly created node has same node id as legacy node allowing using legacyNode.ID in gateway creation
logger.Log(3, "re-creating legacy gateways") // logger.Log(3, "re-creating legacy gateways")
if legacyNode.IsIngressGateway == "yes" { // if legacyNode.IsIngressGateway == "yes" {
if _, err := logic.CreateIngressGateway(legacyNode.Network, legacyNode.ID, false); err != nil { // if _, err := logic.CreateIngressGateway(legacyNode.Network, legacyNode.ID, false); err != nil {
logger.Log(0, "error creating ingress gateway during migration", err.Error()) // logger.Log(0, "error creating ingress gateway during migration", err.Error())
} // }
} // }
if legacyNode.IsEgressGateway == "yes" { // if legacyNode.IsEgressGateway == "yes" {
if _, err := logic.CreateEgressGateway(legacyNode.EgressGatewayRequest); err != nil { // if _, err := logic.CreateEgressGateway(legacyNode.EgressGatewayRequest); err != nil {
logger.Log(0, "error creating egress gateway during migration", err.Error()) // logger.Log(0, "error creating egress gateway during migration", err.Error())
} // }
} // }
if legacyNode.IsRelay == "yes" { // if legacyNode.IsRelay == "yes" {
if _, _, err := logic.CreateRelay(models.RelayRequest{ // if _, _, err := logic.CreateRelay(models.RelayRequest{
NodeID: legacyNode.ID, // NodeID: legacyNode.ID,
NetID: legacyNode.Network, // NetID: legacyNode.Network,
RelayAddrs: legacyNode.RelayAddrs, // RelayAddrs: legacyNode.RelayAddrs,
}); err != nil { // }); err != nil {
logger.Log(0, "error creating relay during migration", err.Error()) // logger.Log(0, "error creating relay during migration", err.Error())
} // }
} // }
} }

127
controllers/network.go
View File

@@ -25,9 +25,6 @@ func networkHandlers(r *mux.Router) {
r.HandleFunc("/api/networks/{networkname}", logic.SecurityCheck(false, http.HandlerFunc(updateNetwork))).Methods(http.MethodPut) r.HandleFunc("/api/networks/{networkname}", logic.SecurityCheck(false, http.HandlerFunc(updateNetwork))).Methods(http.MethodPut)
r.HandleFunc("/api/networks/{networkname}", logic.SecurityCheck(true, http.HandlerFunc(deleteNetwork))).Methods(http.MethodDelete) r.HandleFunc("/api/networks/{networkname}", logic.SecurityCheck(true, http.HandlerFunc(deleteNetwork))).Methods(http.MethodDelete)
r.HandleFunc("/api/networks/{networkname}/keyupdate", logic.SecurityCheck(true, http.HandlerFunc(keyUpdate))).Methods(http.MethodPost) r.HandleFunc("/api/networks/{networkname}/keyupdate", logic.SecurityCheck(true, http.HandlerFunc(keyUpdate))).Methods(http.MethodPost)
r.HandleFunc("/api/networks/{networkname}/keys", logic.SecurityCheck(false, http.HandlerFunc(createAccessKey))).Methods(http.MethodPost)
r.HandleFunc("/api/networks/{networkname}/keys", logic.SecurityCheck(false, http.HandlerFunc(getAccessKeys))).Methods(http.MethodGet)
r.HandleFunc("/api/networks/{networkname}/keys/{name}", logic.SecurityCheck(false, http.HandlerFunc(deleteAccessKey))).Methods(http.MethodDelete)
// ACLs // ACLs
r.HandleFunc("/api/networks/{networkname}/acls", logic.SecurityCheck(true, http.HandlerFunc(updateNetworkACL))).Methods(http.MethodPut) r.HandleFunc("/api/networks/{networkname}/acls", logic.SecurityCheck(true, http.HandlerFunc(updateNetworkACL))).Methods(http.MethodPut)
r.HandleFunc("/api/networks/{networkname}/acls", logic.SecurityCheck(true, http.HandlerFunc(getNetworkACL))).Methods(http.MethodGet) r.HandleFunc("/api/networks/{networkname}/acls", logic.SecurityCheck(true, http.HandlerFunc(getNetworkACL))).Methods(http.MethodGet)
@@ -72,12 +69,6 @@ func getNetworks(w http.ResponseWriter, r *http.Request) {
} }
} }
} }
if !servercfg.IsDisplayKeys() {
for i, net := range allnetworks {
net.AccessKeys = logic.RemoveKeySensitiveInfo(net.AccessKeys)
allnetworks[i] = net
}
}
logger.Log(2, r.Header.Get("user"), "fetched networks.") logger.Log(2, r.Header.Get("user"), "fetched networks.")
w.WriteHeader(http.StatusOK) w.WriteHeader(http.StatusOK)
@@ -107,9 +98,7 @@ func getNetwork(w http.ResponseWriter, r *http.Request) {
logic.ReturnErrorResponse(w, r, logic.FormatError(err, "internal")) logic.ReturnErrorResponse(w, r, logic.FormatError(err, "internal"))
return return
} }
if !servercfg.IsDisplayKeys() {
network.AccessKeys = logic.RemoveKeySensitiveInfo(network.AccessKeys)
}
logger.Log(2, r.Header.Get("user"), "fetched network", netname) logger.Log(2, r.Header.Get("user"), "fetched network", netname)
w.WriteHeader(http.StatusOK) w.WriteHeader(http.StatusOK)
json.NewEncoder(w).Encode(network) json.NewEncoder(w).Encode(network)
@@ -426,117 +415,3 @@ func createNetwork(w http.ResponseWriter, r *http.Request) {
w.WriteHeader(http.StatusOK) w.WriteHeader(http.StatusOK)
json.NewEncoder(w).Encode(network) json.NewEncoder(w).Encode(network)
} }
// swagger:route POST /api/networks/{networkname}/keys networks createAccessKey
//
// Create a network access key.
//
// Schemes: https
//
// Security:
// oauth
//
// Responses:
// 200: accessKeyBodyResponse
//
// BEGIN KEY MANAGEMENT SECTION
func createAccessKey(w http.ResponseWriter, r *http.Request) {
w.Header().Set("Content-Type", "application/json")
var params = mux.Vars(r)
var accesskey models.AccessKey
// start here
netname := params["networkname"]
network, err := logic.GetParentNetwork(netname)
if err != nil {
logger.Log(0, r.Header.Get("user"), "failed to get network info: ",
err.Error())
logic.ReturnErrorResponse(w, r, logic.FormatError(err, "internal"))
return
}
err = json.NewDecoder(r.Body).Decode(&accesskey)
if err != nil {
logger.Log(0, r.Header.Get("user"), "error decoding request body: ",
err.Error())
logic.ReturnErrorResponse(w, r, logic.FormatError(err, "badrequest"))
return
}
key, err := logic.CreateAccessKey(accesskey, network)
if err != nil {
logger.Log(0, r.Header.Get("user"), "failed to create access key: ",
err.Error())
logic.ReturnErrorResponse(w, r, logic.FormatError(err, "badrequest"))
return
}
// do not allow access key creations view API with user names
if _, err = logic.GetUser(key.Name); err == nil {
logger.Log(0, "access key creation with invalid name attempted by", r.Header.Get("user"))
logic.ReturnErrorResponse(w, r, logic.FormatError(fmt.Errorf("cannot create access key with user name"), "badrequest"))
logic.DeleteKey(key.Name, network.NetID)
return
}
logger.Log(1, r.Header.Get("user"), "created access key", accesskey.Name, "on", netname)
w.WriteHeader(http.StatusOK)
json.NewEncoder(w).Encode(key)
}
// swagger:route GET /api/networks/{networkname}/keys networks getAccessKeys
//
// Get network access keys for a network.
//
// Schemes: https
//
// Security:
// oauth
//
// Responses:
// 200: accessKeySliceBodyResponse
func getAccessKeys(w http.ResponseWriter, r *http.Request) {
w.Header().Set("Content-Type", "application/json")
var params = mux.Vars(r)
network := params["networkname"]
keys, err := logic.GetKeys(network)
if err != nil {
logger.Log(0, r.Header.Get("user"), fmt.Sprintf("failed to get keys for network [%s]: %v",
network, err))
logic.ReturnErrorResponse(w, r, logic.FormatError(err, "internal"))
return
}
if !servercfg.IsDisplayKeys() {
keys = logic.RemoveKeySensitiveInfo(keys)
}
logger.Log(2, r.Header.Get("user"), "fetched access keys on network", network)
w.WriteHeader(http.StatusOK)
json.NewEncoder(w).Encode(keys)
}
// swagger:route DELETE /api/networks/{networkname}/keys/{name} networks deleteAccessKey
//
// Delete a network access key.
//
// Schemes: https
//
// Security:
// oauth
//
// Responses:
// 200:
// *: stringJSONResponse
//
// delete key. Has to do a little funky logic since it's not a collection item
func deleteAccessKey(w http.ResponseWriter, r *http.Request) {
w.Header().Set("Content-Type", "application/json")
var params = mux.Vars(r)
keyname := params["name"]
netname := params["networkname"]
err := logic.DeleteKey(keyname, netname)
if err != nil {
logger.Log(0, r.Header.Get("user"), fmt.Sprintf("failed to delete key [%s] for network [%s]: %v",
keyname, netname, err))
logic.ReturnErrorResponse(w, r, logic.FormatError(err, "badrequest"))
return
}
logger.Log(1, r.Header.Get("user"), "deleted access key", keyname, "on network,", netname)
w.WriteHeader(http.StatusOK)
}

112
controllers/network_test.go
View File

@@ -84,118 +84,6 @@ func TestDeleteNetwork(t *testing.T) {
}) })
} }
func TestCreateKey(t *testing.T) {
createNet()
keys, _ := logic.GetKeys("skynet")
for _, key := range keys {
logic.DeleteKey(key.Name, "skynet")
}
var accesskey models.AccessKey
var network models.Network
network.NetID = "skynet"
t.Run("NameTooLong", func(t *testing.T) {
network, err := logic.GetNetwork("skynet")
assert.Nil(t, err)
accesskey.Name = "ThisisareallylongkeynamethatwillfailThisisareallylongkeynamethatwillfailThisisareallylongkeynamethatwillfailThisisareallylongkeynamethatwillfailThisisareallylongkeynamethatwillfailThisisareallylongkeynamethatwillfailThisisareallylongkeynamethatwillfailThisisareallylongkeynamethatwillfailThisisareallylongkeynamethatwillfailThisisareallylongkeynamethatwillfailThisisareallylongkeynamethatwillfailThisisareallylongkeynamethatwillfailThisisareallylongkeynamethatwillfailThisisareallylongkeynamethatwillfailThisisareallylongkeynamethatwillfailThisisareallylongkeynamethatwillfailThisisareallylongkeynamethatwillfailThisisareallylongkeynamethatwillfailThisisareallylongkeynamethatwillfailThisisareallylongkeynamethatwillfailThisisareallylongkeynamethatwillfailThisisareallylongkeynamethatwillfailThisisareallylongkeynamethatwillfailThisisareallylongkeynamethatwillfailThisisareallylongkeynamethatwillfailThisisareallylongkeynamethatwillfailThisisareallylongkeynamethatwillfailThisisareallylongkeynamethatwillfailThisisareallylongkeynamethatwillfailThisisareallylongkeynamethatwillfailThisisareallylongkeynamethatwillfailThisisareallylongkeynamethatwillfailThisisareallylongkeynamethatwillfailThisisareallylongkeynamethatwillfailThisisareallylongkeynamethatwillfailThisisareallylongkeynamethatwillfailThisisareallylongkeynamethatwillfailThisisareallylongkeynamethatwillfailThisisareallylongkeynamethatwillfailThisisareallylongkeynamethatwillfailThisisareallylongkeynamethatwillfailThisisareallylongkeynamethatwillfailThisisareallylongkeynamethatwillfailThisisareallylongkeynamethatwillfailThisisareallylongkeynamethatwillfail"
_, err = logic.CreateAccessKey(accesskey, network)
assert.NotNil(t, err)
assert.Contains(t, err.Error(), "Field validation for 'Name' failed on the 'max' tag")
})
t.Run("BlankName", func(t *testing.T) {
network, err := logic.GetNetwork("skynet")
assert.Nil(t, err)
accesskey.Name = ""
key, err := logic.CreateAccessKey(accesskey, network)
assert.Nil(t, err)
assert.NotEqual(t, "", key.Name)
})
t.Run("InvalidValue", func(t *testing.T) {
network, err := logic.GetNetwork("skynet")
assert.Nil(t, err)
accesskey.Value = "bad-value"
_, err = logic.CreateAccessKey(accesskey, network)
assert.NotNil(t, err)
assert.Contains(t, err.Error(), "Field validation for 'Value' failed on the 'alphanum' tag")
})
t.Run("BlankValue", func(t *testing.T) {
network, err := logic.GetNetwork("skynet")
assert.Nil(t, err)
accesskey.Name = "mykey"
accesskey.Value = ""
key, err := logic.CreateAccessKey(accesskey, network)
assert.Nil(t, err)
assert.NotEqual(t, "", key.Value)
assert.Equal(t, accesskey.Name, key.Name)
})
t.Run("ValueTooLong", func(t *testing.T) {
network, err := logic.GetNetwork("skynet")
assert.Nil(t, err)
accesskey.Name = "keyname"
accesskey.Value = "AccessKeyValuethatistoolong"
_, err = logic.CreateAccessKey(accesskey, network)
assert.NotNil(t, err)
assert.Contains(t, err.Error(), "Field validation for 'Value' failed on the 'max' tag")
})
t.Run("BlankUses", func(t *testing.T) {
network, err := logic.GetNetwork("skynet")
assert.Nil(t, err)
accesskey.Uses = 0
accesskey.Value = ""
key, err := logic.CreateAccessKey(accesskey, network)
assert.Nil(t, err)
assert.Equal(t, 1, key.Uses)
})
t.Run("DuplicateKey", func(t *testing.T) {
network, err := logic.GetNetwork("skynet")
assert.Nil(t, err)
accesskey.Name = "mykey"
_, err = logic.CreateAccessKey(accesskey, network)
assert.NotNil(t, err)
assert.EqualError(t, err, "duplicate AccessKey Name")
})
}
func TestGetKeys(t *testing.T) {
deleteAllNetworks()
createNet()
network, err := logic.GetNetwork("skynet")
assert.Nil(t, err)
var key models.AccessKey
key.Name = "mykey"
_, err = logic.CreateAccessKey(key, network)
assert.Nil(t, err)
t.Run("KeyExists", func(t *testing.T) {
keys, err := logic.GetKeys(network.NetID)
assert.Nil(t, err)
assert.NotEqual(t, models.AccessKey{}, keys)
})
t.Run("NonExistantKey", func(t *testing.T) {
err := logic.DeleteKey("mykey", "skynet")
assert.Nil(t, err)
keys, err := logic.GetKeys(network.NetID)
assert.Nil(t, err)
assert.Equal(t, []models.AccessKey(nil), keys)
})
}
func TestDeleteKey(t *testing.T) {
createNet()
network, err := logic.GetNetwork("skynet")
assert.Nil(t, err)
var key models.AccessKey
key.Name = "mykey"
_, err = logic.CreateAccessKey(key, network)
assert.Nil(t, err)
t.Run("ExistingKey", func(t *testing.T) {
err := logic.DeleteKey("mykey", "skynet")
assert.Nil(t, err)
})
t.Run("NonExistantKey", func(t *testing.T) {
err := logic.DeleteKey("mykey", "skynet")
assert.NotNil(t, err)
assert.Equal(t, "key mykey does not exist", err.Error())
})
}
func TestSecurityCheck(t *testing.T) { func TestSecurityCheck(t *testing.T) {
//these seem to work but not sure it the tests are really testing the functionality //these seem to work but not sure it the tests are really testing the functionality

260
controllers/node.go
View File

@@ -3,7 +3,6 @@ package controller
import ( import (
"context" "context"
"encoding/json" "encoding/json"
"errors"
"fmt" "fmt"
"net/http" "net/http"
"strings" "strings"
@@ -35,7 +34,6 @@ func nodeHandlers(r *mux.Router) {
r.HandleFunc("/api/nodes/{network}/{nodeid}/createingress", logic.SecurityCheck(false, http.HandlerFunc(createIngressGateway))).Methods(http.MethodPost) r.HandleFunc("/api/nodes/{network}/{nodeid}/createingress", logic.SecurityCheck(false, http.HandlerFunc(createIngressGateway))).Methods(http.MethodPost)
r.HandleFunc("/api/nodes/{network}/{nodeid}/deleteingress", logic.SecurityCheck(false, http.HandlerFunc(deleteIngressGateway))).Methods(http.MethodDelete) r.HandleFunc("/api/nodes/{network}/{nodeid}/deleteingress", logic.SecurityCheck(false, http.HandlerFunc(deleteIngressGateway))).Methods(http.MethodDelete)
r.HandleFunc("/api/nodes/{network}/{nodeid}", authorize(true, true, "node", http.HandlerFunc(updateNode))).Methods(http.MethodPost) r.HandleFunc("/api/nodes/{network}/{nodeid}", authorize(true, true, "node", http.HandlerFunc(updateNode))).Methods(http.MethodPost)
r.HandleFunc("/api/nodes/{network}", nodeauth(checkFreeTierLimits(node_l, http.HandlerFunc(createNode)))).Methods(http.MethodPost)
r.HandleFunc("/api/nodes/adm/{network}/authenticate", authenticate).Methods(http.MethodPost) r.HandleFunc("/api/nodes/adm/{network}/authenticate", authenticate).Methods(http.MethodPost)
} }
@@ -147,52 +145,6 @@ func authenticate(response http.ResponseWriter, request *http.Request) {
response.Write(successJSONResponse) response.Write(successJSONResponse)
} }
// auth middleware for api calls from nodes where node is has not yet joined the server (register, join)
func nodeauth(next http.Handler) http.HandlerFunc {
return func(w http.ResponseWriter, r *http.Request) {
bearerToken := r.Header.Get("Authorization")
var tokenSplit = strings.Split(bearerToken, " ")
var token = ""
if len(tokenSplit) < 2 {
errorResponse := models.ErrorResponse{
Code: http.StatusUnauthorized, Message: "W1R3: You are unauthorized to access this endpoint.",
}
logic.ReturnErrorResponse(w, r, errorResponse)
return
} else {
token = tokenSplit[1]
}
found := false
networks, err := logic.GetNetworks()
if err != nil {
logger.Log(0, "no networks", err.Error())
errorResponse := models.ErrorResponse{
Code: http.StatusNotFound, Message: "no networks",
}
logic.ReturnErrorResponse(w, r, errorResponse)
return
}
for _, network := range networks {
for _, key := range network.AccessKeys {
if key.Value == token {
found = true
break
}
}
}
if !found {
logger.Log(0, "valid access key not found")
errorResponse := models.ErrorResponse{
Code: http.StatusUnauthorized, Message: "You are unauthorized to access this endpoint.",
}
logic.ReturnErrorResponse(w, r, errorResponse)
return
}
next.ServeHTTP(w, r)
}
}
// The middleware for most requests to the API // The middleware for most requests to the API
// They all pass through here first // They all pass through here first
// This will validate the JWT (or check for master token) // This will validate the JWT (or check for master token)
@@ -462,218 +414,6 @@ func getNode(w http.ResponseWriter, r *http.Request) {
json.NewEncoder(w).Encode(response) json.NewEncoder(w).Encode(response)
} }
// swagger:route POST /api/nodes/{network} nodes createNode
//
// Create a node on a network.
//
// Schemes: https
//
// Security:
// oauth
//
// Responses:
// 200: nodeGetResponse
func createNode(w http.ResponseWriter, r *http.Request) {
w.Header().Set("Content-Type", "application/json")
var params = mux.Vars(r)
var errorResponse = models.ErrorResponse{
Code: http.StatusInternalServerError, Message: "W1R3: It's not you it's me.",
}
networkName := params["network"]
networkexists, err := logic.NetworkExists(networkName)
if err != nil {
logger.Log(0, r.Header.Get("user"),
fmt.Sprintf("failed to fetch network [%s] info: %v", networkName, err))
logic.ReturnErrorResponse(w, r, logic.FormatError(err, "internal"))
return
} else if !networkexists {
errorResponse = models.ErrorResponse{
Code: http.StatusNotFound, Message: "W1R3: Network does not exist! ",
}
logger.Log(0, r.Header.Get("user"),
fmt.Sprintf("network [%s] does not exist", networkName))
logic.ReturnErrorResponse(w, r, errorResponse)
return
}
//get data from body of request
data := models.JoinData{}
err = json.NewDecoder(r.Body).Decode(&data)
if err != nil {
logger.Log(0, r.Header.Get("user"), "error decoding request body: ", err.Error())
logic.ReturnErrorResponse(w, r, logic.FormatError(err, "badrequest"))
return
}
if !logic.IsVersionComptatible(data.Host.Version) {
err := errors.New("incompatible netclient version")
logic.ReturnErrorResponse(w, r, logic.FormatError(err, "badrequest"))
return
}
data.Node.Network = networkName
networkSettings, err := logic.GetNetworkSettings(networkName)
if err != nil {
logger.Log(0, r.Header.Get("user"),
fmt.Sprintf("failed to get network [%s] settings: %v", networkName, err))
logic.ReturnErrorResponse(w, r, logic.FormatError(err, "internal"))
return
}
data.Node.NetworkSettings(networkSettings)
keyName, validKey := logic.IsKeyValid(networkName, data.Key)
if !validKey {
errorResponse = models.ErrorResponse{
Code: http.StatusUnauthorized, Message: "W1R3: Key invalid, or none provided.",
}
logger.Log(0, r.Header.Get("user"),
fmt.Sprintf("failed to create node on network [%s]: %s",
data.Node.Network, errorResponse.Message))
logic.ReturnErrorResponse(w, r, errorResponse)
return
}
logic.DecrimentKey(networkName, data.Key)
user, err := pro.GetNetworkUser(networkName, promodels.NetworkUserID(keyName))
if err == nil {
if user.ID != "" {
logger.Log(1, "associating new node with user", keyName)
data.Node.OwnerID = string(user.ID)
}
}
key, keyErr := logic.RetrievePublicTrafficKey()
if keyErr != nil {
logger.Log(0, "error retrieving key: ", keyErr.Error())
logic.ReturnErrorResponse(w, r, logic.FormatError(err, "internal"))
return
}
if key == nil {
logger.Log(0, "error: server traffic key is nil")
logic.ReturnErrorResponse(w, r, logic.FormatError(err, "internal"))
return
}
if data.Host.TrafficKeyPublic == nil {
logger.Log(0, "error: node traffic key is nil")
logic.ReturnErrorResponse(w, r, logic.FormatError(err, "internal"))
return
}
server := servercfg.GetServerInfo()
server.TrafficKey = key
data.Node.Server = servercfg.GetServer()
if !logic.HostExists(&data.Host) {
logic.CheckHostPorts(&data.Host)
if servercfg.GetBrokerType() == servercfg.EmqxBrokerType {
// create EMQX credentials for host if it doesn't exists
if err := mq.CreateEmqxUser(data.Host.ID.String(), data.Host.HostPass, false); err != nil {
logger.Log(0, "failed to add host credentials to EMQX: ", data.Host.ID.String(), err.Error())
return
}
}
}
if err := logic.CreateHost(&data.Host); err != nil {
if errors.Is(err, logic.ErrHostExists) {
logger.Log(3, "host exists .. no need to create")
host, err := logic.GetHost(data.Host.ID.String())
if err != nil {
logger.Log(0, r.Header.Get("user"), "failed to find host:", err.Error())
logic.ReturnErrorResponse(w, r, logic.FormatError(err, "internal"))
return
}
logic.UpdateHostFromClient(&data.Host, host) // update the in memory struct values
err = logic.UpsertHost(host)
if err != nil {
logger.Log(0, r.Header.Get("user"),
fmt.Sprintf("failed to update host [ %s ]: %v", host.ID.String(), err))
logic.ReturnErrorResponse(w, r, logic.FormatError(err, "internal"))
return
}
data.Host = *host
} else {
logger.Log(0, "error creating host", err.Error())
logic.ReturnErrorResponse(w, r, logic.FormatError(err, "badrequest"))
return
}
}
err = logic.AssociateNodeToHost(&data.Node, &data.Host)
if err != nil {
logger.Log(0, r.Header.Get("user"),
fmt.Sprintf("failed to create node on network [%s]: %s",
networkName, err))
logic.ReturnErrorResponse(w, r, logic.FormatError(err, "internal"))
return
}
// check if key belongs to a user
// if so add to their netuser data
// if it fails remove the node and fail request
if user != nil {
var updatedUserNode bool
user.Nodes = append(user.Nodes, data.Node.ID.String()) // add new node to user
if err = pro.UpdateNetworkUser(networkName, user); err == nil {
logger.Log(1, "added node", data.Node.ID.String(), data.Host.Name, "to user", string(user.ID))
updatedUserNode = true
}
if !updatedUserNode { // user was found but not updated, so delete node
logger.Log(0, "failed to add node to user", keyName)
logic.DeleteNode(&data.Node, true)
logic.ReturnErrorResponse(w, r, logic.FormatError(err, "internal"))
return
}
}
hostPeerUpdate, err := logic.GetPeerUpdateForHost(context.Background(), networkName, &data.Host, nil)
if err != nil && !database.IsEmptyRecord(err) {
logger.Log(0, r.Header.Get("user"),
fmt.Sprintf("error fetching wg peers config for host [ %s ]: %v", data.Host.ID.String(), err))
logic.ReturnErrorResponse(w, r, logic.FormatError(err, "internal"))
return
}
data.Host.HostPass = "" // client should not change password after join
// concealing hash
response := models.NodeJoinResponse{
Node: data.Node,
ServerConfig: server,
Host: data.Host,
Peers: hostPeerUpdate.Peers,
}
logger.Log(1, r.Header.Get("user"), "created new node", data.Host.Name, data.Node.ID.String(), "on network", networkName)
w.WriteHeader(http.StatusOK)
json.NewEncoder(w).Encode(response)
go func() {
if err := mq.PublishPeerUpdate(); err != nil {
logger.Log(1, "failed a peer update after creation of node", data.Host.Name)
}
}()
//runForceServerUpdate(&data.Node, true)
go func() {
dns := models.DNSUpdate{
Action: models.DNSInsert,
Name: data.Host.Name + "." + data.Node.Network,
}
if data.Node.Address.IP != nil {
dns.Address = data.Node.Address.IP.String()
//publish new node dns entry to all nodes on network
if err := mq.PublishDNSUpdate(data.Node.Network, dns); err != nil {
logger.Log(1, "failed to publish dns update on node creation", err.Error())
}
}
if data.Node.Address6.IP != nil {
dns.Address = data.Node.Address6.IP.String()
//publish new node dns entry to all nodes on network
if err := mq.PublishDNSUpdate(data.Node.Network, dns); err != nil {
logger.Log(1, "failed to publish dns update on node creation", err.Error())
}
}
//publish add dns records for network to new node
if err := mq.PublishAllDNS(&data.Node); err != nil {
logger.Log(1, "failed to publish dns update on node creation", err.Error())
}
}()
}
// == EGRESS == // == EGRESS ==
// swagger:route POST /api/nodes/{network}/{nodeid}/creategateway nodes createEgressGateway // swagger:route POST /api/nodes/{network}/{nodeid}/creategateway nodes createEgressGateway

2
controllers/user.go
View File

@@ -467,5 +467,5 @@ func socketHandler(w http.ResponseWriter, r *http.Request) {
return return
} }
// Start handling the session // Start handling the session
go auth.SessionHandler(conn) // go auth.SessionHandler(conn)
} }

229
logic/accesskeys.go
View File

@@ -1,229 +0,0 @@
package logic
import (
"crypto/rand"
"encoding/base64"
"encoding/json"
"errors"
"math/big"
"strings"
"sync"
validator "github.com/go-playground/validator/v10"
"github.com/gravitl/netmaker/database"
"github.com/gravitl/netmaker/logger"
"github.com/gravitl/netmaker/models"
"github.com/gravitl/netmaker/servercfg"
)
// CreateAccessKey - create access key
func CreateAccessKey(accesskey models.AccessKey, network models.Network) (models.AccessKey, error) {
if accesskey.Name == "" {
accesskey.Name = genKeyName()
}
if accesskey.Value == "" {
accesskey.Value = GenKey()
}
if accesskey.Uses == 0 {
accesskey.Uses = 1
}
checkkeys, err := GetKeys(network.NetID)
if err != nil {
return models.AccessKey{}, errors.New("could not retrieve network keys")
}
for _, key := range checkkeys {
if key.Name == accesskey.Name {
return models.AccessKey{}, errors.New("duplicate AccessKey Name")
}
}
netID := network.NetID
var accessToken models.AccessToken
accessToken.APIConnString = servercfg.GetAPIConnString()
accessToken.ClientConfig.Network = netID
accessToken.ClientConfig.Key = accesskey.Value
tokenjson, err := json.Marshal(accessToken)
if err != nil {
return accesskey, err
}
accesskey.AccessString = base64.StdEncoding.EncodeToString([]byte(tokenjson))
//validate accesskey
v := validator.New()
err = v.Struct(accesskey)
if err != nil {
for _, e := range err.(validator.ValidationErrors) {
logger.Log(1, "validator", e.Error())
}
return models.AccessKey{}, err
}
network.AccessKeys = append(network.AccessKeys, accesskey)
data, err := json.Marshal(&network)
if err != nil {
return models.AccessKey{}, err
}
if err = database.Insert(network.NetID, string(data), database.NETWORKS_TABLE_NAME); err != nil {
return models.AccessKey{}, err
}
return accesskey, nil
}
// DeleteKey - deletes a key
func DeleteKey(keyname, netname string) error {
network, err := GetParentNetwork(netname)
if err != nil {
return err
}
//basically, turn the list of access keys into the list of access keys before and after the item
//have not done any error handling for if there's like...1 item. I think it works? need to test.
found := false
var updatedKeys []models.AccessKey
for _, currentkey := range network.AccessKeys {
if currentkey.Name == keyname {
found = true
} else {
updatedKeys = append(updatedKeys, currentkey)
}
}
if !found {
return errors.New("key " + keyname + " does not exist")
}
network.AccessKeys = updatedKeys
data, err := json.Marshal(&network)
if err != nil {
return err
}
if err := database.Insert(network.NetID, string(data), database.NETWORKS_TABLE_NAME); err != nil {
return err
}
return nil
}
// GetKeys - fetches keys for network
func GetKeys(net string) ([]models.AccessKey, error) {
record, err := database.FetchRecord(database.NETWORKS_TABLE_NAME, net)
if err != nil {
return []models.AccessKey{}, err
}
network, err := ParseNetwork(record)
if err != nil {
return []models.AccessKey{}, err
}
return network.AccessKeys, nil
}
// DecrimentKey - decriments key uses
func DecrimentKey(networkName string, keyvalue string) {
var network models.Network
network, err := GetParentNetwork(networkName)
if err != nil {
return
}
for i := len(network.AccessKeys) - 1; i >= 0; i-- {
currentkey := network.AccessKeys[i]
if currentkey.Value == keyvalue {
network.AccessKeys[i].Uses--
if network.AccessKeys[i].Uses < 1 {
network.AccessKeys = append(network.AccessKeys[:i],
network.AccessKeys[i+1:]...)
break
}
}
}
if newNetworkData, err := json.Marshal(&network); err != nil {
logger.Log(2, "failed to decrement key")
return
} else {
database.Insert(network.NetID, string(newNetworkData), database.NETWORKS_TABLE_NAME)
}
}
// IsKeyValid - check if key is valid
func IsKeyValid(networkname string, keyvalue string) (string, bool) {
network, err := GetParentNetwork(networkname)
if err != nil {
return "", false
}
accesskeys := network.AccessKeys
var key models.AccessKey
foundkey := false
isvalid := false
for i := len(accesskeys) - 1; i >= 0; i-- {
currentkey := accesskeys[i]
if currentkey.Value == keyvalue {
key = currentkey
foundkey = true
}
}
if foundkey {
if key.Uses > 0 {
isvalid = true
}
}
return key.Name, isvalid
}
// RemoveKeySensitiveInfo - remove sensitive key info
func RemoveKeySensitiveInfo(keys []models.AccessKey) []models.AccessKey {
var returnKeys []models.AccessKey
for _, key := range keys {
key.Value = models.PLACEHOLDER_KEY_TEXT
key.AccessString = models.PLACEHOLDER_TOKEN_TEXT
returnKeys = append(returnKeys, key)
}
return returnKeys
}
const (
maxr string = "ff578f57c15bb743beaa77d27637e02b598dffa9aebd15889187fe6eb3bdca516c3fa1a52eabef31f33b4b8c2e5b5524f1aa4f3329393912f40dbbe23d7f39723e0be05b6696b11f8eea0abe365a11d9f2735ac7e5b4e015ab19b35b84893685b37a9a0a62a566d6571d7e00d4241687f5c804f37cde9bf311c0781f51cc007c5a01a94f6cfcecea640b8e9ab7bd43e73e5df5d0e1eeb4d9b6cc44be67b7cad80808b17869561b579ffe0bbdeca5c83139e458000000000000000000000000000000000000000000000000000000000000000"
)
var (
uno sync.Once
maxentropy *big.Int
)
func init() {
uno.Do(func() {
maxentropy, _ = new(big.Int).SetString(maxr, 16)
})
}
// == private methods ==
func genKeyName() string {
entropy, _ := rand.Int(rand.Reader, maxentropy)
return strings.Join([]string{"key", entropy.Text(16)[:16]}, "-")
}
// GenKey - generates random key of length 16
func GenKey() string {
entropy, _ := rand.Int(rand.Reader, maxentropy)
return entropy.Text(16)[:16]
}
// GenPassWord - generates random password of length 64
func GenPassWord() string {
entropy, _ := rand.Int(rand.Reader, maxentropy)
return entropy.Text(62)[:64]
}

21
logic/accesskeys_test.go
View File

@@ -1,21 +0,0 @@
package logic
import "testing"
func Test_genKeyName(t *testing.T) {
for i := 0; i < 100; i++ {
kname := genKeyName()
if len(kname) != 20 {
t.Fatalf("improper length of key name, expected 20 got :%d", len(kname))
}
}
}
func Test_genKey(t *testing.T) {
for i := 0; i < 100; i++ {
kname := GenKey()
if len(kname) != 16 {
t.Fatalf("improper length of key name, expected 16 got :%d", len(kname))
}
}
}

1
logic/networks.go
View File

@@ -159,7 +159,6 @@ func GetNetworkSettings(networkname string) (models.Network, error) {
if err = json.Unmarshal([]byte(networkData), &network); err != nil { if err = json.Unmarshal([]byte(networkData), &network); err != nil {
return models.Network{}, err return models.Network{}, err
} }
network.AccessKeys = []models.AccessKey{}
return network, nil return network, nil
} }

1
models/network.go
View File

@@ -19,7 +19,6 @@ type Network struct {
NodeLimit int32 `json:"nodelimit" bson:"nodelimit"` NodeLimit int32 `json:"nodelimit" bson:"nodelimit"`
DefaultPostDown string `json:"defaultpostdown" bson:"defaultpostdown"` DefaultPostDown string `json:"defaultpostdown" bson:"defaultpostdown"`
DefaultKeepalive int32 `json:"defaultkeepalive" bson:"defaultkeepalive" validate:"omitempty,max=1000"` DefaultKeepalive int32 `json:"defaultkeepalive" bson:"defaultkeepalive" validate:"omitempty,max=1000"`
AccessKeys []AccessKey `json:"accesskeys" bson:"accesskeys"`
AllowManualSignUp string `json:"allowmanualsignup" bson:"allowmanualsignup" validate:"checkyesorno"` AllowManualSignUp string `json:"allowmanualsignup" bson:"allowmanualsignup" validate:"checkyesorno"`
IsIPv4 string `json:"isipv4" bson:"isipv4" validate:"checkyesorno"` IsIPv4 string `json:"isipv4" bson:"isipv4" validate:"checkyesorno"`
IsIPv6 string `json:"isipv6" bson:"isipv6" validate:"checkyesorno"` IsIPv6 string `json:"isipv6" bson:"isipv6" validate:"checkyesorno"`

10
models/structs.go
View File

@@ -2,7 +2,6 @@ package models
import ( import (
"strings" "strings"
"time"
jwt "github.com/golang-jwt/jwt/v4" jwt "github.com/golang-jwt/jwt/v4"
"golang.zx2c4.com/wireguard/wgctrl/wgtypes" "golang.zx2c4.com/wireguard/wgctrl/wgtypes"
@@ -102,15 +101,6 @@ type SuccessResponse struct {
Response interface{} Response interface{}
} }
// AccessKey - access key struct
type AccessKey struct {
Name string `json:"name" bson:"name" validate:"omitempty,max=345"`
Value string `json:"value" bson:"value" validate:"omitempty,alphanum,max=16"`
AccessString string `json:"accessstring" bson:"accessstring"`
Uses int `json:"uses" bson:"uses" validate:"numeric,min=0"`
Expiration *time.Time `json:"expiration" bson:"expiration"`
}
// DisplayKey - what is displayed for key // DisplayKey - what is displayed for key
type DisplayKey struct { type DisplayKey struct {
Name string `json:"name" bson:"name"` Name string `json:"name" bson:"name"`