zishuo/netmaker
1
0
Fork 0
mirror of https://github.com/gravitl/netmaker.git synced 2025-10-10 19:20:42 +08:00
Code Issues Packages Projects Releases Wiki Activity

removed debugging println

Browse Source
This commit is contained in:
Matthew R Kasun
2021-10-14 11:27:04 -04:00
parent 4356aea65a
commit 2bf2e65736
1 changed files with 29 additions and 40 deletions
Download Patch File Download Diff File Expand all files Collapse all files

69
controllers/userHttpController.go
View File

@@ -28,11 +28,11 @@ func userHandlers(r *mux.Router) {
r.HandleFunc("/api/users", authorizeUserAdm(http.HandlerFunc(getUsers))).Methods("GET") r.HandleFunc("/api/users", authorizeUserAdm(http.HandlerFunc(getUsers))).Methods("GET")
} }
// Node authenticates using its password and retrieves a JWT for authorization. //Node authenticates using its password and retrieves a JWT for authorization.
func authenticateUser(response http.ResponseWriter, request *http.Request) { func authenticateUser(response http.ResponseWriter, request *http.Request) {
// Auth request consists of Mac Address and Password (from node that is authorizing //Auth request consists of Mac Address and Password (from node that is authorizing
// in case of Master, auth is ignored and mac is set to "mastermac" //in case of Master, auth is ignored and mac is set to "mastermac"
var authRequest models.UserAuthParams var authRequest models.UserAuthParams
var errorResponse = models.ErrorResponse{ var errorResponse = models.ErrorResponse{
Code: http.StatusInternalServerError, Message: "W1R3: It's not you it's me.", Code: http.StatusInternalServerError, Message: "W1R3: It's not you it's me.",
@@ -53,7 +53,7 @@ func authenticateUser(response http.ResponseWriter, request *http.Request) {
} }
if jwt == "" { if jwt == "" {
// very unlikely that err is !nil and no jwt returned, but handle it anyways. //very unlikely that err is !nil and no jwt returned, but handle it anyways.
returnErrorResponse(response, request, formatError(errors.New("No token returned"), "internal")) returnErrorResponse(response, request, formatError(errors.New("No token returned"), "internal"))
return return
} }
@@ -67,7 +67,7 @@ func authenticateUser(response http.ResponseWriter, request *http.Request) {
UserName: username, UserName: username,
}, },
} }
// Send back the JWT //Send back the JWT
successJSONResponse, jsonError := json.Marshal(successResponse) successJSONResponse, jsonError := json.Marshal(successResponse)
if jsonError != nil { if jsonError != nil {
@@ -79,7 +79,6 @@ func authenticateUser(response http.ResponseWriter, request *http.Request) {
response.Write(successJSONResponse) response.Write(successJSONResponse)
} }
// VerifyAuthRequest - verifies an auth request
func VerifyAuthRequest(authRequest models.UserAuthParams) (string, error) { func VerifyAuthRequest(authRequest models.UserAuthParams) (string, error) {
var result models.User var result models.User
if authRequest.UserName == "" { if authRequest.UserName == "" {
@@ -87,7 +86,7 @@ func VerifyAuthRequest(authRequest models.UserAuthParams) (string, error) {
} else if authRequest.Password == "" { } else if authRequest.Password == "" {
return "", errors.New("password can't be empty") return "", errors.New("password can't be empty")
} }
//Search DB for node with Mac Address. Ignore pending nodes (they should not be able to authenticate with API until approved). //Search DB for node with Mac Address. Ignore pending nodes (they should not be able to authenticate with API untill approved).
record, err := database.FetchRecord(database.USERS_TABLE_NAME, authRequest.UserName) record, err := database.FetchRecord(database.USERS_TABLE_NAME, authRequest.UserName)
if err != nil { if err != nil {
return "", errors.New("incorrect credentials") return "", errors.New("incorrect credentials")
@@ -96,9 +95,9 @@ func VerifyAuthRequest(authRequest models.UserAuthParams) (string, error) {
return "", errors.New("incorrect credentials") return "", errors.New("incorrect credentials")
} }
// compare password from request to stored password in database //compare password from request to stored password in database
// might be able to have a common hash (certificates?) and compare those so that a password isn't passed in in plain text... //might be able to have a common hash (certificates?) and compare those so that a password isn't passed in in plain text...
// TODO: Consider a way of hashing the password client side before sending, or using certificates //TODO: Consider a way of hashing the password client side before sending, or using certificates
if err = bcrypt.CompareHashAndPassword([]byte(result.Password), []byte(authRequest.Password)); err != nil { if err = bcrypt.CompareHashAndPassword([]byte(result.Password), []byte(authRequest.Password)); err != nil {
return "", errors.New("incorrect credentials") return "", errors.New("incorrect credentials")
} }
@@ -108,19 +107,19 @@ func VerifyAuthRequest(authRequest models.UserAuthParams) (string, error) {
return tokenString, nil return tokenString, nil
} }
// The middleware for most requests to the API //The middleware for most requests to the API
// They all pass through here first //They all pass through here first
// This will validate the JWT (or check for master token) //This will validate the JWT (or check for master token)
// This will also check against the authNetwork and make sure the node should be accessing that endpoint, //This will also check against the authNetwork and make sure the node should be accessing that endpoint,
// even if it's technically ok //even if it's technically ok
// This is kind of a poor man's RBAC. There's probably a better/smarter way. //This is kind of a poor man's RBAC. There's probably a better/smarter way.
// TODO: Consider better RBAC implementations //TODO: Consider better RBAC implementations
func authorizeUser(next http.Handler) http.HandlerFunc { func authorizeUser(next http.Handler) http.HandlerFunc {
return func(w http.ResponseWriter, r *http.Request) { return func(w http.ResponseWriter, r *http.Request) {
w.Header().Set("Content-Type", "application/json") w.Header().Set("Content-Type", "application/json")
var params = mux.Vars(r) var params = mux.Vars(r)
// get the auth token //get the auth token
bearerToken := r.Header.Get("Authorization") bearerToken := r.Header.Get("Authorization")
username := params["username"] username := params["username"]
err := ValidateUserToken(bearerToken, username, false) err := ValidateUserToken(bearerToken, username, false)
@@ -151,7 +150,6 @@ func authorizeUserAdm(next http.Handler) http.HandlerFunc {
} }
} }
// ValidateUserToken - self explained
func ValidateUserToken(token string, user string, adminonly bool) error { func ValidateUserToken(token string, user string, adminonly bool) error {
var tokenSplit = strings.Split(token, " ") var tokenSplit = strings.Split(token, " ")
//I put this in in case the user doesn't put in a token at all (in which case it's empty) //I put this in in case the user doesn't put in a token at all (in which case it's empty)
@@ -181,7 +179,6 @@ func ValidateUserToken(token string, user string, adminonly bool) error {
return nil return nil
} }
// HasAdmin - checks if server has an admin
func HasAdmin() (bool, error) { func HasAdmin() (bool, error) {
collection, err := database.FetchRecords(database.USERS_TABLE_NAME) collection, err := database.FetchRecords(database.USERS_TABLE_NAME)
@@ -221,7 +218,6 @@ func hasAdmin(w http.ResponseWriter, r *http.Request) {
} }
// GetUser - gets a user
func GetUser(username string) (models.ReturnUser, error) { func GetUser(username string) (models.ReturnUser, error) {
var user models.ReturnUser var user models.ReturnUser
@@ -235,7 +231,6 @@ func GetUser(username string) (models.ReturnUser, error) {
return user, err return user, err
} }
// GetUserInternal - gets an internal user
func GetUserInternal(username string) (models.User, error) { func GetUserInternal(username string) (models.User, error) {
var user models.User var user models.User
@@ -249,7 +244,6 @@ func GetUserInternal(username string) (models.User, error) {
return user, err return user, err
} }
// GetUsers - gets users
func GetUsers() ([]models.ReturnUser, error) { func GetUsers() ([]models.ReturnUser, error) {
var users []models.ReturnUser var users []models.ReturnUser
@@ -273,7 +267,7 @@ func GetUsers() ([]models.ReturnUser, error) {
return users, err return users, err
} }
// Get an individual node. Nothin fancy here folks. //Get an individual node. Nothin fancy here folks.
func getUser(w http.ResponseWriter, r *http.Request) { func getUser(w http.ResponseWriter, r *http.Request) {
// set header. // set header.
w.Header().Set("Content-Type", "application/json") w.Header().Set("Content-Type", "application/json")
@@ -290,7 +284,7 @@ func getUser(w http.ResponseWriter, r *http.Request) {
json.NewEncoder(w).Encode(user) json.NewEncoder(w).Encode(user)
} }
// Get an individual node. Nothin fancy here folks. //Get an individual node. Nothin fancy here folks.
func getUsers(w http.ResponseWriter, r *http.Request) { func getUsers(w http.ResponseWriter, r *http.Request) {
// set header. // set header.
w.Header().Set("Content-Type", "application/json") w.Header().Set("Content-Type", "application/json")
@@ -306,9 +300,8 @@ func getUsers(w http.ResponseWriter, r *http.Request) {
json.NewEncoder(w).Encode(users) json.NewEncoder(w).Encode(users)
} }
// CreateUser - creates a user
func CreateUser(user models.User) (models.User, error) { func CreateUser(user models.User) (models.User, error) {
// check if user exists //check if user exists
if _, err := GetUser(user.UserName); err == nil { if _, err := GetUser(user.UserName); err == nil {
return models.User{}, errors.New("user exists") return models.User{}, errors.New("user exists")
} }
@@ -317,18 +310,18 @@ func CreateUser(user models.User) (models.User, error) {
return models.User{}, err return models.User{}, err
} }
// encrypt that password so we never see it again //encrypt that password so we never see it again
hash, err := bcrypt.GenerateFromPassword([]byte(user.Password), 5) hash, err := bcrypt.GenerateFromPassword([]byte(user.Password), 5)
if err != nil { if err != nil {
return user, err return user, err
} }
// set password to encrypted password //set password to encrypted password
user.Password = string(hash) user.Password = string(hash)
tokenString, _ := functions.CreateUserJWT(user.UserName, user.Networks, user.IsAdmin) tokenString, _ := functions.CreateUserJWT(user.UserName, user.Networks, user.IsAdmin)
if tokenString == "" { if tokenString == "" {
// returnErrorResponse(w, r, errorResponse) //returnErrorResponse(w, r, errorResponse)
return user, err return user, err
} }
@@ -346,7 +339,7 @@ func createAdmin(w http.ResponseWriter, r *http.Request) {
w.Header().Set("Content-Type", "application/json") w.Header().Set("Content-Type", "application/json")
var admin models.User var admin models.User
// get node from body of request //get node from body of request
_ = json.NewDecoder(r.Body).Decode(&admin) _ = json.NewDecoder(r.Body).Decode(&admin)
hasadmin, err := HasAdmin() hasadmin, err := HasAdmin()
if err != nil { if err != nil {
@@ -358,7 +351,6 @@ func createAdmin(w http.ResponseWriter, r *http.Request) {
return return
} }
admin.IsAdmin = true admin.IsAdmin = true
fmt.Println(admin)
admin, err = CreateUser(admin) admin, err = CreateUser(admin)
if err != nil { if err != nil {
@@ -373,7 +365,7 @@ func createUser(w http.ResponseWriter, r *http.Request) {
w.Header().Set("Content-Type", "application/json") w.Header().Set("Content-Type", "application/json")
var user models.User var user models.User
// get node from body of request //get node from body of request
_ = json.NewDecoder(r.Body).Decode(&user) _ = json.NewDecoder(r.Body).Decode(&user)
user, err := CreateUser(user) user, err := CreateUser(user)
@@ -386,7 +378,6 @@ func createUser(w http.ResponseWriter, r *http.Request) {
json.NewEncoder(w).Encode(user) json.NewEncoder(w).Encode(user)
} }
// UpdateUser - updates a given user
func UpdateUser(userchange models.User, user models.User) (models.User, error) { func UpdateUser(userchange models.User, user models.User) (models.User, error) {
//check if user exists //check if user exists
if _, err := GetUser(user.UserName); err != nil { if _, err := GetUser(user.UserName); err != nil {
@@ -407,13 +398,13 @@ func UpdateUser(userchange models.User, user models.User) (models.User, error) {
user.Networks = userchange.Networks user.Networks = userchange.Networks
} }
if userchange.Password != "" { if userchange.Password != "" {
// encrypt that password so we never see it again //encrypt that password so we never see it again
hash, err := bcrypt.GenerateFromPassword([]byte(userchange.Password), 5) hash, err := bcrypt.GenerateFromPassword([]byte(userchange.Password), 5)
if err != nil { if err != nil {
return userchange, err return userchange, err
} }
// set password to encrypted password //set password to encrypted password
userchange.Password = string(hash) userchange.Password = string(hash)
user.Password = userchange.Password user.Password = userchange.Password
@@ -436,7 +427,7 @@ func updateUser(w http.ResponseWriter, r *http.Request) {
w.Header().Set("Content-Type", "application/json") w.Header().Set("Content-Type", "application/json")
var params = mux.Vars(r) var params = mux.Vars(r)
var user models.User var user models.User
// start here //start here
username := params["username"] username := params["username"]
user, err := GetUserInternal(username) user, err := GetUserInternal(username)
if err != nil { if err != nil {
@@ -464,7 +455,7 @@ func updateUserAdm(w http.ResponseWriter, r *http.Request) {
w.Header().Set("Content-Type", "application/json") w.Header().Set("Content-Type", "application/json")
var params = mux.Vars(r) var params = mux.Vars(r)
var user models.User var user models.User
// start here //start here
username := params["username"] username := params["username"]
user, err := GetUserInternal(username) user, err := GetUserInternal(username)
if err != nil { if err != nil {
@@ -487,7 +478,6 @@ func updateUserAdm(w http.ResponseWriter, r *http.Request) {
json.NewEncoder(w).Encode(user) json.NewEncoder(w).Encode(user)
} }
// DeleteUser - deletes a given user
func DeleteUser(user string) (bool, error) { func DeleteUser(user string) (bool, error) {
if userRecord, err := database.FetchRecord(database.USERS_TABLE_NAME, user); err != nil || len(userRecord) == 0 { if userRecord, err := database.FetchRecord(database.USERS_TABLE_NAME, user); err != nil || len(userRecord) == 0 {
@@ -523,7 +513,6 @@ func deleteUser(w http.ResponseWriter, r *http.Request) {
json.NewEncoder(w).Encode(params["username"] + " deleted.") json.NewEncoder(w).Encode(params["username"] + " deleted.")
} }
// ValidateUser - validates a user model
func ValidateUser(operation string, user models.User) error { func ValidateUser(operation string, user models.User) error {
v := validator.New() v := validator.New()