zishuo/netmaker
1
0
Fork 0
mirror of https://github.com/gravitl/netmaker.git synced 2025-10-04 16:33:49 +08:00
Code Issues Packages Projects Releases Wiki Activity

added host pull model, made API

Browse Source
This commit is contained in:
0xdcarns
2023-03-22 14:47:13 -04:00
parent d3a7e704f2
commit 63eac1e79c
4 changed files with 67 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
controllers/node.go
View File

@@ -19,6 +19,8 @@ import (
"golang.org/x/crypto/bcrypt"
)
var hostIDHeader = "host-id"
func nodeHandlers(r *mux.Router) {
r.HandleFunc("/api/nodes", authorize(false, false, "user", http.HandlerFunc(getAllNodes))).Methods(http.MethodGet)
@@ -152,7 +154,7 @@ func authenticate(response http.ResponseWriter, request *http.Request) {
// even if it's technically ok
// This is kind of a poor man's RBAC. There's probably a better/smarter way.
// TODO: Consider better RBAC implementations
func authorize(nodesAllowed, networkCheck bool, authNetwork string, next http.Handler) http.HandlerFunc {
func authorize(hostAllowed, networkCheck bool, authNetwork string, next http.Handler) http.HandlerFunc {
return func(w http.ResponseWriter, r *http.Request) {
var errorResponse = models.ErrorResponse{
Code: http.StatusUnauthorized, Message: logic.Unauthorized_Msg,
@@ -184,11 +186,11 @@ func authorize(nodesAllowed, networkCheck bool, authNetwork string, next http.Ha
logic.ReturnErrorResponse(w, r, errorResponse)
return
}
//check if node instead of user
if nodesAllowed {
// check if host instead of user
if hostAllowed {
// TODO --- should ensure that node is only operating on itself
if _, _, _, err := logic.VerifyToken(authToken); err == nil {
if hostID, _, _, err := logic.VerifyHostToken(authToken); err == nil {
r.Header.Set(hostIDHeader, hostID)
// this indicates request is from a node
// used for failover - if a getNode comes from node, this will trigger a metrics wipe
next.ServeHTTP(w, r)
@@ -244,6 +246,7 @@ func authorize(nodesAllowed, networkCheck bool, authNetwork string, next http.Ha
} else {
isAuthorized = (nodeID == params["netid"])
}
case "host":
case "user":
isAuthorized = true
default: