mirror of
https://github.com/gravitl/netmaker.git
synced 2025-10-30 11:46:28 +08:00
added setting node limits
This commit is contained in:
afeiszli
@@ -40,6 +40,7 @@ type ServerConfig struct {
|
||||
APIPort string `yaml:"apiport"`
|
||||
GRPCHost string `yaml:"grpchost"`
|
||||
GRPCPort string `yaml:"grpcport"`
|
||||
DefaultNodeLimit int32 `yaml:"defaultnodelimit"`
|
||||
MasterKey string `yaml:"masterkey"`
|
||||
AllowedOrigin string `yaml:"allowedorigin"`
|
||||
RestBackend string `yaml:"restbackend"`
|
||||
|
||||
@@ -20,14 +20,14 @@ import (
|
||||
|
||||
func dnsHandlers(r *mux.Router) {
|
||||
|
||||
r.HandleFunc("/api/dns", securityCheck(http.HandlerFunc(getAllDNS))).Methods("GET")
|
||||
r.HandleFunc("/api/dns/adm/{network}/nodes", securityCheck(http.HandlerFunc(getNodeDNS))).Methods("GET")
|
||||
r.HandleFunc("/api/dns/adm/{network}/custom", securityCheck(http.HandlerFunc(getCustomDNS))).Methods("GET")
|
||||
r.HandleFunc("/api/dns/adm/{network}", securityCheck(http.HandlerFunc(getDNS))).Methods("GET")
|
||||
r.HandleFunc("/api/dns/{network}", securityCheck(http.HandlerFunc(createDNS))).Methods("POST")
|
||||
r.HandleFunc("/api/dns/adm/pushdns", securityCheck(http.HandlerFunc(pushDNS))).Methods("POST")
|
||||
r.HandleFunc("/api/dns/{network}/{domain}", securityCheck(http.HandlerFunc(deleteDNS))).Methods("DELETE")
|
||||
r.HandleFunc("/api/dns/{network}/{domain}", securityCheck(http.HandlerFunc(updateDNS))).Methods("PUT")
|
||||
r.HandleFunc("/api/dns", securityCheck(true, http.HandlerFunc(getAllDNS))).Methods("GET")
|
||||
r.HandleFunc("/api/dns/adm/{network}/nodes", securityCheck(false, http.HandlerFunc(getNodeDNS))).Methods("GET")
|
||||
r.HandleFunc("/api/dns/adm/{network}/custom", securityCheck(false, http.HandlerFunc(getCustomDNS))).Methods("GET")
|
||||
r.HandleFunc("/api/dns/adm/{network}", securityCheck(false, http.HandlerFunc(getDNS))).Methods("GET")
|
||||
r.HandleFunc("/api/dns/{network}", securityCheck(false, http.HandlerFunc(createDNS))).Methods("POST")
|
||||
r.HandleFunc("/api/dns/adm/pushdns", securityCheck(false, http.HandlerFunc(pushDNS))).Methods("POST")
|
||||
r.HandleFunc("/api/dns/{network}/{domain}", securityCheck(false, http.HandlerFunc(deleteDNS))).Methods("DELETE")
|
||||
r.HandleFunc("/api/dns/{network}/{domain}", securityCheck(false, http.HandlerFunc(updateDNS))).Methods("PUT")
|
||||
}
|
||||
|
||||
//Gets all nodes associated with network, including pending nodes
|
||||
|
||||
@@ -24,13 +24,13 @@ import (
|
||||
|
||||
func extClientHandlers(r *mux.Router) {
|
||||
|
||||
r.HandleFunc("/api/extclients", securityCheck(http.HandlerFunc(getAllExtClients))).Methods("GET")
|
||||
r.HandleFunc("/api/extclients/{network}", securityCheck(http.HandlerFunc(getNetworkExtClients))).Methods("GET")
|
||||
r.HandleFunc("/api/extclients/{network}/{clientid}", securityCheck(http.HandlerFunc(getExtClient))).Methods("GET")
|
||||
r.HandleFunc("/api/extclients/{network}/{clientid}/{type}", securityCheck(http.HandlerFunc(getExtClientConf))).Methods("GET")
|
||||
r.HandleFunc("/api/extclients/{network}/{clientid}", securityCheck(http.HandlerFunc(updateExtClient))).Methods("PUT")
|
||||
r.HandleFunc("/api/extclients/{network}/{clientid}", securityCheck(http.HandlerFunc(deleteExtClient))).Methods("DELETE")
|
||||
r.HandleFunc("/api/extclients/{network}/{macaddress}", securityCheck(http.HandlerFunc(createExtClient))).Methods("POST")
|
||||
r.HandleFunc("/api/extclients", securityCheck(true, http.HandlerFunc(getAllExtClients))).Methods("GET")
|
||||
r.HandleFunc("/api/extclients/{network}", securityCheck(false, http.HandlerFunc(getNetworkExtClients))).Methods("GET")
|
||||
r.HandleFunc("/api/extclients/{network}/{clientid}", securityCheck(false, http.HandlerFunc(getExtClient))).Methods("GET")
|
||||
r.HandleFunc("/api/extclients/{network}/{clientid}/{type}", securityCheck(false, http.HandlerFunc(getExtClientConf))).Methods("GET")
|
||||
r.HandleFunc("/api/extclients/{network}/{clientid}", securityCheck(false, http.HandlerFunc(updateExtClient))).Methods("PUT")
|
||||
r.HandleFunc("/api/extclients/{network}/{clientid}", securityCheck(false, http.HandlerFunc(deleteExtClient))).Methods("DELETE")
|
||||
r.HandleFunc("/api/extclients/{network}/{macaddress}", securityCheck(false, http.HandlerFunc(createExtClient))).Methods("POST")
|
||||
}
|
||||
|
||||
// TODO: Implement Validation
|
||||
|
||||
@@ -19,10 +19,10 @@ import (
|
||||
|
||||
func intClientHandlers(r *mux.Router) {
|
||||
|
||||
r.HandleFunc("/api/intclient/{clientid}", securityCheck(http.HandlerFunc(getIntClient))).Methods("GET")
|
||||
r.HandleFunc("/api/intclients", securityCheck(http.HandlerFunc(getAllIntClients))).Methods("GET")
|
||||
r.HandleFunc("/api/intclients/deleteall", securityCheck(http.HandlerFunc(deleteAllIntClients))).Methods("DELETE")
|
||||
r.HandleFunc("/api/intclient/{clientid}", securityCheck(http.HandlerFunc(updateIntClient))).Methods("PUT")
|
||||
r.HandleFunc("/api/intclient/{clientid}", securityCheck(false, http.HandlerFunc(getIntClient))).Methods("GET")
|
||||
r.HandleFunc("/api/intclients", securityCheck(false, http.HandlerFunc(getAllIntClients))).Methods("GET")
|
||||
r.HandleFunc("/api/intclients/deleteall", securityCheck(false, http.HandlerFunc(deleteAllIntClients))).Methods("DELETE")
|
||||
r.HandleFunc("/api/intclient/{clientid}", securityCheck(false, http.HandlerFunc(updateIntClient))).Methods("PUT")
|
||||
r.HandleFunc("/api/intclient/register", http.HandlerFunc(registerIntClient)).Methods("POST")
|
||||
r.HandleFunc("/api/intclient/{clientid}", http.HandlerFunc(deleteIntClient)).Methods("DELETE")
|
||||
}
|
||||
|
||||
@@ -23,22 +23,23 @@ import (
|
||||
)
|
||||
|
||||
func networkHandlers(r *mux.Router) {
|
||||
r.HandleFunc("/api/networks", securityCheck(http.HandlerFunc(getNetworks))).Methods("GET")
|
||||
r.HandleFunc("/api/networks", securityCheck(http.HandlerFunc(createNetwork))).Methods("POST")
|
||||
r.HandleFunc("/api/networks/{networkname}", securityCheck(http.HandlerFunc(getNetwork))).Methods("GET")
|
||||
r.HandleFunc("/api/networks/{networkname}", securityCheck(http.HandlerFunc(updateNetwork))).Methods("PUT")
|
||||
r.HandleFunc("/api/networks/{networkname}", securityCheck(http.HandlerFunc(deleteNetwork))).Methods("DELETE")
|
||||
r.HandleFunc("/api/networks/{networkname}/keyupdate", securityCheck(http.HandlerFunc(keyUpdate))).Methods("POST")
|
||||
r.HandleFunc("/api/networks/{networkname}/keys", securityCheck(http.HandlerFunc(createAccessKey))).Methods("POST")
|
||||
r.HandleFunc("/api/networks/{networkname}/keys", securityCheck(http.HandlerFunc(getAccessKeys))).Methods("GET")
|
||||
r.HandleFunc("/api/networks/{networkname}/signuptoken", securityCheck(http.HandlerFunc(getSignupToken))).Methods("GET")
|
||||
r.HandleFunc("/api/networks/{networkname}/keys/{name}", securityCheck(http.HandlerFunc(deleteAccessKey))).Methods("DELETE")
|
||||
r.HandleFunc("/api/networks", securityCheck(true, http.HandlerFunc(getNetworks))).Methods("GET")
|
||||
r.HandleFunc("/api/networks", securityCheck(true, http.HandlerFunc(createNetwork))).Methods("POST")
|
||||
r.HandleFunc("/api/networks/{networkname}", securityCheck(false, http.HandlerFunc(getNetwork))).Methods("GET")
|
||||
r.HandleFunc("/api/networks/{networkname}", securityCheck(false, http.HandlerFunc(updateNetwork))).Methods("PUT")
|
||||
r.HandleFunc("/api/networks/{networkname}/nodelimit", securityCheck(true, http.HandlerFunc(updateNetworkNodeLimit))).Methods("PUT")
|
||||
r.HandleFunc("/api/networks/{networkname}", securityCheck(true, http.HandlerFunc(deleteNetwork))).Methods("DELETE")
|
||||
r.HandleFunc("/api/networks/{networkname}/keyupdate", securityCheck(false, http.HandlerFunc(keyUpdate))).Methods("POST")
|
||||
r.HandleFunc("/api/networks/{networkname}/keys", securityCheck(false, http.HandlerFunc(createAccessKey))).Methods("POST")
|
||||
r.HandleFunc("/api/networks/{networkname}/keys", securityCheck(false, http.HandlerFunc(getAccessKeys))).Methods("GET")
|
||||
r.HandleFunc("/api/networks/{networkname}/signuptoken", securityCheck(false, http.HandlerFunc(getSignupToken))).Methods("GET")
|
||||
r.HandleFunc("/api/networks/{networkname}/keys/{name}", securityCheck(false, http.HandlerFunc(deleteAccessKey))).Methods("DELETE")
|
||||
}
|
||||
|
||||
//Security check is middleware for every function and just checks to make sure that its the master calling
|
||||
//Only admin should have access to all these network-level actions
|
||||
//or maybe some Users once implemented
|
||||
func securityCheck(next http.Handler) http.HandlerFunc {
|
||||
func securityCheck(reqAdmin bool, next http.Handler) http.HandlerFunc {
|
||||
return func(w http.ResponseWriter, r *http.Request) {
|
||||
var errorResponse = models.ErrorResponse{
|
||||
Code: http.StatusUnauthorized, Message: "W1R3: It's not you it's me.",
|
||||
@@ -46,7 +47,7 @@ func securityCheck(next http.Handler) http.HandlerFunc {
|
||||
|
||||
var params = mux.Vars(r)
|
||||
bearerToken := r.Header.Get("Authorization")
|
||||
err := SecurityCheck(params["networkname"], bearerToken)
|
||||
err := SecurityCheck(reqAdmin, params["networkname"], bearerToken)
|
||||
if err != nil {
|
||||
if strings.Contains(err.Error(), "does not exist") {
|
||||
errorResponse.Code = http.StatusNotFound
|
||||
@@ -58,7 +59,8 @@ func securityCheck(next http.Handler) http.HandlerFunc {
|
||||
next.ServeHTTP(w, r)
|
||||
}
|
||||
}
|
||||
func SecurityCheck(netname, token string) error {
|
||||
|
||||
func SecurityCheck(reqAdmin bool, netname, token string) error {
|
||||
hasnetwork := netname != ""
|
||||
networkexists, err := functions.NetworkExists(netname)
|
||||
if err != nil {
|
||||
@@ -83,7 +85,9 @@ func SecurityCheck(netname, token string) error {
|
||||
if err != nil {
|
||||
return errors.New("Error verifying user token")
|
||||
}
|
||||
if !isadmin && netname != ""{
|
||||
if !isadmin && reqAdmin {
|
||||
return errors.New("You are unauthorized to access this endpoint")
|
||||
} else if !isadmin && netname != ""{
|
||||
if !functions.SliceContains(networks, netname){
|
||||
return errors.New("You are unauthorized to access this endpoint")
|
||||
}
|
||||
@@ -352,6 +356,42 @@ func updateNetwork(w http.ResponseWriter, r *http.Request) {
|
||||
json.NewEncoder(w).Encode(returnednetwork)
|
||||
}
|
||||
|
||||
func updateNetworkNodeLimit(w http.ResponseWriter, r *http.Request) {
|
||||
w.Header().Set("Content-Type", "application/json")
|
||||
var params = mux.Vars(r)
|
||||
var network models.Network
|
||||
network, err := functions.GetParentNetwork(params["networkname"])
|
||||
if err != nil {
|
||||
returnErrorResponse(w, r, formatError(err, "internal"))
|
||||
return
|
||||
}
|
||||
|
||||
var networkChange models.NetworkUpdate
|
||||
|
||||
_ = json.NewDecoder(r.Body).Decode(&networkChange)
|
||||
|
||||
collection := mongoconn.Client.Database("netmaker").Collection("networks")
|
||||
ctx, cancel := context.WithTimeout(context.Background(), 10*time.Second)
|
||||
filter := bson.M{"netid": network.NetID}
|
||||
|
||||
if networkChange.NodeLimit !=0 {
|
||||
update := bson.D{
|
||||
{"$set", bson.D{
|
||||
{"nodelimit", networkChange.NodeLimit},
|
||||
}},
|
||||
}
|
||||
err := collection.FindOneAndUpdate(ctx, filter, update).Decode(&network)
|
||||
defer cancel()
|
||||
if err != nil {
|
||||
returnErrorResponse(w, r, formatError(err, "badrequest"))
|
||||
return
|
||||
}
|
||||
}
|
||||
w.WriteHeader(http.StatusOK)
|
||||
json.NewEncoder(w).Encode(network)
|
||||
}
|
||||
|
||||
|
||||
func UpdateNetwork(networkChange models.NetworkUpdate, network models.Network) (models.Network, error) {
|
||||
//NOTE: Network.NetID is intentionally NOT editable. It acts as a static ID for the network.
|
||||
//DisplayName can be changed instead, which is what shows on the front end
|
||||
|
||||
@@ -28,8 +28,8 @@ func nodeHandlers(r *mux.Router) {
|
||||
r.HandleFunc("/api/nodes/{network}/{macaddress}/checkin", authorize(true, "node", http.HandlerFunc(checkIn))).Methods("POST")
|
||||
r.HandleFunc("/api/nodes/{network}/{macaddress}/creategateway", authorize(true, "master", http.HandlerFunc(createEgressGateway))).Methods("POST")
|
||||
r.HandleFunc("/api/nodes/{network}/{macaddress}/deletegateway", authorize(true, "master", http.HandlerFunc(deleteEgressGateway))).Methods("DELETE")
|
||||
r.HandleFunc("/api/nodes/{network}/{macaddress}/createingress", securityCheck(http.HandlerFunc(createIngressGateway))).Methods("POST")
|
||||
r.HandleFunc("/api/nodes/{network}/{macaddress}/deleteingress", securityCheck(http.HandlerFunc(deleteIngressGateway))).Methods("DELETE")
|
||||
r.HandleFunc("/api/nodes/{network}/{macaddress}/createingress", securityCheck(false, http.HandlerFunc(createIngressGateway))).Methods("POST")
|
||||
r.HandleFunc("/api/nodes/{network}/{macaddress}/deleteingress", securityCheck(false, http.HandlerFunc(deleteIngressGateway))).Methods("DELETE")
|
||||
r.HandleFunc("/api/nodes/{network}/{macaddress}/approve", authorize(true, "master", http.HandlerFunc(uncordonNode))).Methods("POST")
|
||||
r.HandleFunc("/api/nodes/{network}", createNode).Methods("POST")
|
||||
r.HandleFunc("/api/nodes/adm/{network}/lastmodified", authorize(true, "network", http.HandlerFunc(getLastModified))).Methods("GET")
|
||||
|
||||
@@ -22,6 +22,7 @@ type Network struct {
|
||||
NetworkLastModified int64 `json:"networklastmodified" bson:"networklastmodified"`
|
||||
DefaultInterface string `json:"defaultinterface" bson:"defaultinterface"`
|
||||
DefaultListenPort int32 `json:"defaultlistenport,omitempty" bson:"defaultlistenport,omitempty" validate:"omitempty,min=1024,max=65535"`
|
||||
NodeLimit int32 `json:"nodelimit" bson:"nodelimit"`
|
||||
DefaultPostUp string `json:"defaultpostup" bson:"defaultpostup"`
|
||||
DefaultPostDown string `json:"defaultpostdown" bson:"defaultpostdown"`
|
||||
KeyUpdateTimeStamp int64 `json:"keyupdatetimestamp" bson:"keyupdatetimestamp"`
|
||||
@@ -52,6 +53,7 @@ type NetworkUpdate struct {
|
||||
NetworkLastModified int64 `json:"networklastmodified" bson:"networklastmodified"`
|
||||
DefaultInterface string `json:"defaultinterface" bson:"defaultinterface"`
|
||||
DefaultListenPort int32 `json:"defaultlistenport,omitempty" bson:"defaultlistenport,omitempty" validate:"omitempty,min=1024,max=65535"`
|
||||
NodeLimit int32 `json:"nodelimit" bson:"nodelimit"`
|
||||
DefaultPostUp string `json:"defaultpostup" bson:"defaultpostup"`
|
||||
DefaultPostDown string `json:"defaultpostdown" bson:"defaultpostdown"`
|
||||
KeyUpdateTimeStamp int64 `json:"keyupdatetimestamp" bson:"keyupdatetimestamp"`
|
||||
@@ -89,6 +91,9 @@ func (network *Network) SetDefaults() {
|
||||
if network.DefaultListenPort == 0 {
|
||||
network.DefaultListenPort = 51821
|
||||
}
|
||||
if network.NodeLimit == 0 {
|
||||
network.NodeLimit = 999999999
|
||||
}
|
||||
if network.DefaultPostDown == "" {
|
||||
|
||||
}
|
||||
|
||||
@@ -6,6 +6,7 @@ import (
|
||||
"io/ioutil"
|
||||
"os"
|
||||
"errors"
|
||||
"strconv"
|
||||
)
|
||||
|
||||
func SetHost() error {
|
||||
@@ -89,6 +90,18 @@ func GetAPIPort() string {
|
||||
return apiport
|
||||
}
|
||||
|
||||
func GetDefaultNodeLimit() int32 {
|
||||
var limit int32
|
||||
limit = 999999999
|
||||
envlimit, err := strconv.Atoi(os.Getenv("DEFAULT_NODE_LIMIT"))
|
||||
if err == nil && envlimit != 0 {
|
||||
limit = int32(envlimit)
|
||||
} else if config.Config.Server.DefaultNodeLimit != 0 {
|
||||
limit = config.Config.Server.DefaultNodeLimit
|
||||
}
|
||||
return limit
|
||||
}
|
||||
|
||||
func GetGRPCHost() string {
|
||||
serverhost := "127.0.0.1"
|
||||
if IsGRPCWireGuard() {
|
||||
|
||||
Reference in New Issue
Block a user