mirror of
https://github.com/gravitl/netmaker.git
synced 2025-10-05 08:47:35 +08:00
Merge branch 'develop' into bugfix_v0.16.0_swagger_sections
This commit is contained in:
Alex Feiszli
@@ -7,11 +7,17 @@ import (
|
||||
"net/http"
|
||||
|
||||
"github.com/gorilla/mux"
|
||||
"github.com/gorilla/websocket"
|
||||
"github.com/gravitl/netmaker/auth"
|
||||
"github.com/gravitl/netmaker/database"
|
||||
"github.com/gravitl/netmaker/logger"
|
||||
"github.com/gravitl/netmaker/logic"
|
||||
"github.com/gravitl/netmaker/models"
|
||||
"github.com/gravitl/netmaker/servercfg"
|
||||
)
|
||||
|
||||
var (
|
||||
upgrader = websocket.Upgrader{}
|
||||
)
|
||||
|
||||
func userHandlers(r *mux.Router) {
|
||||
@@ -19,15 +25,17 @@ func userHandlers(r *mux.Router) {
|
||||
r.HandleFunc("/api/users/adm/hasadmin", hasAdmin).Methods("GET")
|
||||
r.HandleFunc("/api/users/adm/createadmin", createAdmin).Methods("POST")
|
||||
r.HandleFunc("/api/users/adm/authenticate", authenticateUser).Methods("POST")
|
||||
r.HandleFunc("/api/users/{username}", securityCheck(false, continueIfUserMatch(http.HandlerFunc(updateUser)))).Methods("PUT")
|
||||
r.HandleFunc("/api/users/networks/{username}", securityCheck(true, http.HandlerFunc(updateUserNetworks))).Methods("PUT")
|
||||
r.HandleFunc("/api/users/{username}/adm", securityCheck(true, http.HandlerFunc(updateUserAdm))).Methods("PUT")
|
||||
r.HandleFunc("/api/users/{username}", securityCheck(true, http.HandlerFunc(createUser))).Methods("POST")
|
||||
r.HandleFunc("/api/users/{username}", securityCheck(true, http.HandlerFunc(deleteUser))).Methods("DELETE")
|
||||
r.HandleFunc("/api/users/{username}", securityCheck(false, continueIfUserMatch(http.HandlerFunc(getUser)))).Methods("GET")
|
||||
r.HandleFunc("/api/users", securityCheck(true, http.HandlerFunc(getUsers))).Methods("GET")
|
||||
r.HandleFunc("/api/users/{username}", logic.SecurityCheck(false, logic.ContinueIfUserMatch(http.HandlerFunc(updateUser)))).Methods("PUT")
|
||||
r.HandleFunc("/api/users/networks/{username}", logic.SecurityCheck(true, http.HandlerFunc(updateUserNetworks))).Methods("PUT")
|
||||
r.HandleFunc("/api/users/{username}/adm", logic.SecurityCheck(true, http.HandlerFunc(updateUserAdm))).Methods("PUT")
|
||||
r.HandleFunc("/api/users/{username}", logic.SecurityCheck(true, checkFreeTierLimits(users_l, http.HandlerFunc(createUser)))).Methods("POST")
|
||||
r.HandleFunc("/api/users/{username}", logic.SecurityCheck(true, http.HandlerFunc(deleteUser))).Methods("DELETE")
|
||||
r.HandleFunc("/api/users/{username}", logic.SecurityCheck(false, logic.ContinueIfUserMatch(http.HandlerFunc(getUser)))).Methods("GET")
|
||||
r.HandleFunc("/api/users", logic.SecurityCheck(true, http.HandlerFunc(getUsers))).Methods("GET")
|
||||
r.HandleFunc("/api/oauth/login", auth.HandleAuthLogin).Methods("GET")
|
||||
r.HandleFunc("/api/oauth/callback", auth.HandleAuthCallback).Methods("GET")
|
||||
r.HandleFunc("/api/oauth/node-handler", socketHandler)
|
||||
r.HandleFunc("/api/oauth/register/{regKey}", auth.RegisterNodeSSO).Methods("GET")
|
||||
}
|
||||
|
||||
// swagger:route POST /api/users/adm/authenticate user authenticateUser
|
||||
@@ -50,13 +58,18 @@ func authenticateUser(response http.ResponseWriter, request *http.Request) {
|
||||
Code: http.StatusInternalServerError, Message: "W1R3: It's not you it's me.",
|
||||
}
|
||||
|
||||
if !servercfg.IsBasicAuthEnabled() {
|
||||
logic.ReturnErrorResponse(response, request, logic.FormatError(fmt.Errorf("basic auth is disabled"), "badrequest"))
|
||||
return
|
||||
}
|
||||
|
||||
decoder := json.NewDecoder(request.Body)
|
||||
decoderErr := decoder.Decode(&authRequest)
|
||||
defer request.Body.Close()
|
||||
if decoderErr != nil {
|
||||
logger.Log(0, "error decoding request body: ",
|
||||
decoderErr.Error())
|
||||
returnErrorResponse(response, request, errorResponse)
|
||||
logic.ReturnErrorResponse(response, request, errorResponse)
|
||||
return
|
||||
}
|
||||
username := authRequest.UserName
|
||||
@@ -64,14 +77,14 @@ func authenticateUser(response http.ResponseWriter, request *http.Request) {
|
||||
if err != nil {
|
||||
logger.Log(0, username, "user validation failed: ",
|
||||
err.Error())
|
||||
returnErrorResponse(response, request, formatError(err, "badrequest"))
|
||||
logic.ReturnErrorResponse(response, request, logic.FormatError(err, "badrequest"))
|
||||
return
|
||||
}
|
||||
|
||||
if jwt == "" {
|
||||
// very unlikely that err is !nil and no jwt returned, but handle it anyways.
|
||||
logger.Log(0, username, "jwt token is empty")
|
||||
returnErrorResponse(response, request, formatError(errors.New("no token returned"), "internal"))
|
||||
logic.ReturnErrorResponse(response, request, logic.FormatError(errors.New("no token returned"), "internal"))
|
||||
return
|
||||
}
|
||||
|
||||
@@ -89,7 +102,7 @@ func authenticateUser(response http.ResponseWriter, request *http.Request) {
|
||||
if jsonError != nil {
|
||||
logger.Log(0, username,
|
||||
"error marshalling resp: ", err.Error())
|
||||
returnErrorResponse(response, request, errorResponse)
|
||||
logic.ReturnErrorResponse(response, request, errorResponse)
|
||||
return
|
||||
}
|
||||
logger.Log(2, username, "was authenticated")
|
||||
@@ -115,7 +128,7 @@ func hasAdmin(w http.ResponseWriter, r *http.Request) {
|
||||
hasadmin, err := logic.HasAdmin()
|
||||
if err != nil {
|
||||
logger.Log(0, "failed to check for admin: ", err.Error())
|
||||
returnErrorResponse(w, r, formatError(err, "internal"))
|
||||
logic.ReturnErrorResponse(w, r, logic.FormatError(err, "internal"))
|
||||
return
|
||||
}
|
||||
|
||||
@@ -158,7 +171,7 @@ func getUser(w http.ResponseWriter, r *http.Request) {
|
||||
|
||||
if err != nil {
|
||||
logger.Log(0, usernameFetched, "failed to fetch user: ", err.Error())
|
||||
returnErrorResponse(w, r, formatError(err, "internal"))
|
||||
logic.ReturnErrorResponse(w, r, logic.FormatError(err, "internal"))
|
||||
return
|
||||
}
|
||||
logger.Log(2, r.Header.Get("user"), "fetched user", usernameFetched)
|
||||
@@ -184,7 +197,7 @@ func getUsers(w http.ResponseWriter, r *http.Request) {
|
||||
|
||||
if err != nil {
|
||||
logger.Log(0, "failed to fetch users: ", err.Error())
|
||||
returnErrorResponse(w, r, formatError(err, "internal"))
|
||||
logic.ReturnErrorResponse(w, r, logic.FormatError(err, "internal"))
|
||||
return
|
||||
}
|
||||
|
||||
@@ -213,17 +226,23 @@ func createAdmin(w http.ResponseWriter, r *http.Request) {
|
||||
|
||||
logger.Log(0, admin.UserName, "error decoding request body: ",
|
||||
err.Error())
|
||||
returnErrorResponse(w, r, formatError(err, "badrequest"))
|
||||
logic.ReturnErrorResponse(w, r, logic.FormatError(err, "badrequest"))
|
||||
return
|
||||
}
|
||||
admin, err = logic.CreateAdmin(admin)
|
||||
|
||||
if !servercfg.IsBasicAuthEnabled() {
|
||||
logic.ReturnErrorResponse(w, r, logic.FormatError(fmt.Errorf("basic auth is disabled"), "badrequest"))
|
||||
return
|
||||
}
|
||||
|
||||
admin, err = logic.CreateAdmin(admin)
|
||||
if err != nil {
|
||||
logger.Log(0, admin.UserName, "failed to create admin: ",
|
||||
err.Error())
|
||||
returnErrorResponse(w, r, formatError(err, "badrequest"))
|
||||
logic.ReturnErrorResponse(w, r, logic.FormatError(err, "badrequest"))
|
||||
return
|
||||
}
|
||||
|
||||
logger.Log(1, admin.UserName, "was made a new admin")
|
||||
json.NewEncoder(w).Encode(admin)
|
||||
}
|
||||
@@ -247,14 +266,15 @@ func createUser(w http.ResponseWriter, r *http.Request) {
|
||||
if err != nil {
|
||||
logger.Log(0, user.UserName, "error decoding request body: ",
|
||||
err.Error())
|
||||
returnErrorResponse(w, r, formatError(err, "badrequest"))
|
||||
logic.ReturnErrorResponse(w, r, logic.FormatError(err, "badrequest"))
|
||||
return
|
||||
}
|
||||
|
||||
user, err = logic.CreateUser(user)
|
||||
if err != nil {
|
||||
logger.Log(0, user.UserName, "error creating new user: ",
|
||||
err.Error())
|
||||
returnErrorResponse(w, r, formatError(err, "badrequest"))
|
||||
logic.ReturnErrorResponse(w, r, logic.FormatError(err, "badrequest"))
|
||||
return
|
||||
}
|
||||
logger.Log(1, user.UserName, "was created")
|
||||
@@ -282,7 +302,7 @@ func updateUserNetworks(w http.ResponseWriter, r *http.Request) {
|
||||
if err != nil {
|
||||
logger.Log(0, username,
|
||||
"failed to update user networks: ", err.Error())
|
||||
returnErrorResponse(w, r, formatError(err, "internal"))
|
||||
logic.ReturnErrorResponse(w, r, logic.FormatError(err, "internal"))
|
||||
return
|
||||
}
|
||||
var userchange models.User
|
||||
@@ -291,14 +311,20 @@ func updateUserNetworks(w http.ResponseWriter, r *http.Request) {
|
||||
if err != nil {
|
||||
logger.Log(0, username, "error decoding request body: ",
|
||||
err.Error())
|
||||
returnErrorResponse(w, r, formatError(err, "badrequest"))
|
||||
logic.ReturnErrorResponse(w, r, logic.FormatError(err, "badrequest"))
|
||||
return
|
||||
}
|
||||
err = logic.UpdateUserNetworks(userchange.Networks, userchange.IsAdmin, &user)
|
||||
err = logic.UpdateUserNetworks(userchange.Networks, userchange.Groups, userchange.IsAdmin, &models.ReturnUser{
|
||||
Groups: user.Groups,
|
||||
IsAdmin: user.IsAdmin,
|
||||
Networks: user.Networks,
|
||||
UserName: user.UserName,
|
||||
})
|
||||
|
||||
if err != nil {
|
||||
logger.Log(0, username,
|
||||
"failed to update user networks: ", err.Error())
|
||||
returnErrorResponse(w, r, formatError(err, "badrequest"))
|
||||
logic.ReturnErrorResponse(w, r, logic.FormatError(err, "badrequest"))
|
||||
return
|
||||
}
|
||||
logger.Log(1, username, "status was updated")
|
||||
@@ -326,13 +352,13 @@ func updateUser(w http.ResponseWriter, r *http.Request) {
|
||||
if err != nil {
|
||||
logger.Log(0, username,
|
||||
"failed to update user info: ", err.Error())
|
||||
returnErrorResponse(w, r, formatError(err, "internal"))
|
||||
logic.ReturnErrorResponse(w, r, logic.FormatError(err, "internal"))
|
||||
return
|
||||
}
|
||||
if auth.IsOauthUser(&user) == nil {
|
||||
err := fmt.Errorf("cannot update user info for oauth user %s", username)
|
||||
logger.Log(0, err.Error())
|
||||
returnErrorResponse(w, r, formatError(err, "forbidden"))
|
||||
logic.ReturnErrorResponse(w, r, logic.FormatError(err, "forbidden"))
|
||||
return
|
||||
}
|
||||
var userchange models.User
|
||||
@@ -341,7 +367,7 @@ func updateUser(w http.ResponseWriter, r *http.Request) {
|
||||
if err != nil {
|
||||
logger.Log(0, username, "error decoding request body: ",
|
||||
err.Error())
|
||||
returnErrorResponse(w, r, formatError(err, "badrequest"))
|
||||
logic.ReturnErrorResponse(w, r, logic.FormatError(err, "badrequest"))
|
||||
return
|
||||
}
|
||||
userchange.Networks = nil
|
||||
@@ -349,7 +375,7 @@ func updateUser(w http.ResponseWriter, r *http.Request) {
|
||||
if err != nil {
|
||||
logger.Log(0, username,
|
||||
"failed to update user info: ", err.Error())
|
||||
returnErrorResponse(w, r, formatError(err, "badrequest"))
|
||||
logic.ReturnErrorResponse(w, r, logic.FormatError(err, "badrequest"))
|
||||
return
|
||||
}
|
||||
logger.Log(1, username, "was updated")
|
||||
@@ -375,13 +401,13 @@ func updateUserAdm(w http.ResponseWriter, r *http.Request) {
|
||||
username := params["username"]
|
||||
user, err := GetUserInternal(username)
|
||||
if err != nil {
|
||||
returnErrorResponse(w, r, formatError(err, "internal"))
|
||||
logic.ReturnErrorResponse(w, r, logic.FormatError(err, "internal"))
|
||||
return
|
||||
}
|
||||
if auth.IsOauthUser(&user) != nil {
|
||||
err := fmt.Errorf("cannot update user info for oauth user %s", username)
|
||||
logger.Log(0, err.Error())
|
||||
returnErrorResponse(w, r, formatError(err, "forbidden"))
|
||||
logic.ReturnErrorResponse(w, r, logic.FormatError(err, "forbidden"))
|
||||
return
|
||||
}
|
||||
var userchange models.User
|
||||
@@ -390,18 +416,18 @@ func updateUserAdm(w http.ResponseWriter, r *http.Request) {
|
||||
if err != nil {
|
||||
logger.Log(0, username, "error decoding request body: ",
|
||||
err.Error())
|
||||
returnErrorResponse(w, r, formatError(err, "badrequest"))
|
||||
logic.ReturnErrorResponse(w, r, logic.FormatError(err, "badrequest"))
|
||||
return
|
||||
}
|
||||
if !user.IsAdmin {
|
||||
logger.Log(0, username, "not an admin user")
|
||||
returnErrorResponse(w, r, formatError(errors.New("not a admin user"), "badrequest"))
|
||||
logic.ReturnErrorResponse(w, r, logic.FormatError(errors.New("not a admin user"), "badrequest"))
|
||||
}
|
||||
user, err = logic.UpdateUser(userchange, user)
|
||||
if err != nil {
|
||||
logger.Log(0, username,
|
||||
"failed to update user (admin) info: ", err.Error())
|
||||
returnErrorResponse(w, r, formatError(err, "badrequest"))
|
||||
logic.ReturnErrorResponse(w, r, logic.FormatError(err, "badrequest"))
|
||||
return
|
||||
}
|
||||
logger.Log(1, username, "was updated (admin)")
|
||||
@@ -432,15 +458,31 @@ func deleteUser(w http.ResponseWriter, r *http.Request) {
|
||||
if err != nil {
|
||||
logger.Log(0, username,
|
||||
"failed to delete user: ", err.Error())
|
||||
returnErrorResponse(w, r, formatError(err, "internal"))
|
||||
logic.ReturnErrorResponse(w, r, logic.FormatError(err, "internal"))
|
||||
return
|
||||
} else if !success {
|
||||
err := errors.New("delete unsuccessful")
|
||||
logger.Log(0, username, err.Error())
|
||||
returnErrorResponse(w, r, formatError(err, "badrequest"))
|
||||
logic.ReturnErrorResponse(w, r, logic.FormatError(err, "badrequest"))
|
||||
return
|
||||
}
|
||||
|
||||
logger.Log(1, username, "was deleted")
|
||||
json.NewEncoder(w).Encode(params["username"] + " deleted.")
|
||||
}
|
||||
|
||||
// Called when vpn client dials in to start the auth flow and first stage is to get register URL itself
|
||||
func socketHandler(w http.ResponseWriter, r *http.Request) {
|
||||
// Upgrade our raw HTTP connection to a websocket based one
|
||||
conn, err := upgrader.Upgrade(w, r, nil)
|
||||
if err != nil {
|
||||
logger.Log(0, "error during connection upgrade for node sign-in:", err.Error())
|
||||
return
|
||||
}
|
||||
if conn == nil {
|
||||
logger.Log(0, "failed to establish web-socket connection during node sign-in")
|
||||
return
|
||||
}
|
||||
// Start handling the session
|
||||
go auth.SessionHandler(conn)
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user