zishuo/netmaker
1
0
Fork 0
mirror of https://github.com/gravitl/netmaker.git synced 2025-10-30 19:56:28 +08:00
Code Issues Packages Projects Releases Wiki Activity

added logging

Browse Source
This commit is contained in:
afeiszli
2021-07-19 11:30:27 -04:00
parent 7457c1c3ec c360eb1878
commit f9b987767a
52 changed files with 1315 additions and 849 deletions
Download Patch File Download Diff File Expand all files Collapse all files

289
controllers/networkHttpController.go
View File

@@ -9,6 +9,7 @@ import (
"net/http"
"strings"
"time"
"github.com/go-playground/validator/v10"
"github.com/gorilla/mux"
"github.com/gravitl/netmaker/functions"
@@ -20,8 +21,11 @@ import (
"go.mongodb.org/mongo-driver/mongo/options"
)
const ALL_NETWORK_ACCESS = "THIS_USER_HAS_ALL"
const NO_NETWORKS_PRESENT = "THIS_USER_HAS_NONE"
func networkHandlers(r *mux.Router) {
r.HandleFunc("/api/networks", securityCheck(true, http.HandlerFunc(getNetworks))).Methods("GET")
r.HandleFunc("/api/networks", securityCheck(false, http.HandlerFunc(getNetworks))).Methods("GET")
r.HandleFunc("/api/networks", securityCheck(true, http.HandlerFunc(createNetwork))).Methods("POST")
r.HandleFunc("/api/networks/{networkname}", securityCheck(false, http.HandlerFunc(getNetwork))).Methods("GET")
r.HandleFunc("/api/networks/{networkname}", securityCheck(false, http.HandlerFunc(updateNetwork))).Methods("PUT")
@@ -30,7 +34,7 @@ func networkHandlers(r *mux.Router) {
r.HandleFunc("/api/networks/{networkname}/keyupdate", securityCheck(false, http.HandlerFunc(keyUpdate))).Methods("POST")
r.HandleFunc("/api/networks/{networkname}/keys", securityCheck(false, http.HandlerFunc(createAccessKey))).Methods("POST")
r.HandleFunc("/api/networks/{networkname}/keys", securityCheck(false, http.HandlerFunc(getAccessKeys))).Methods("GET")
r.HandleFunc("/api/networks/{networkname}/signuptoken", securityCheck(false, http.HandlerFunc(getSignupToken))).Methods("GET")
r.HandleFunc("/api/networks/{networkname}/signuptoken", securityCheck(false, http.HandlerFunc(getSignupToken))).Methods("GET")
r.HandleFunc("/api/networks/{networkname}/keys/{name}", securityCheck(false, http.HandlerFunc(deleteAccessKey))).Methods("DELETE")
}
@@ -45,7 +49,7 @@ func securityCheck(reqAdmin bool, next http.Handler) http.HandlerFunc {
var params = mux.Vars(r)
bearerToken := r.Header.Get("Authorization")
err := SecurityCheck(reqAdmin, params["networkname"], bearerToken)
err, networks, username := SecurityCheck(reqAdmin, params["networkname"], bearerToken)
if err != nil {
if strings.Contains(err.Error(), "does not exist") {
errorResponse.Code = http.StatusNotFound
@@ -54,18 +58,26 @@ func securityCheck(reqAdmin bool, next http.Handler) http.HandlerFunc {
returnErrorResponse(w, r, errorResponse)
return
}
networksJson, err := json.Marshal(&networks)
if err != nil {
errorResponse.Message = err.Error()
returnErrorResponse(w, r, errorResponse)
return
}
r.Header.Set("user", username)
r.Header.Set("networks", string(networksJson))
next.ServeHTTP(w, r)
}
}
func SecurityCheck(reqAdmin bool, netname, token string) error {
hasnetwork := netname != ""
func SecurityCheck(reqAdmin bool, netname, token string) (error, []string, string) {
networkexists, err := functions.NetworkExists(netname)
if err != nil {
return err
return err, nil, ""
}
if hasnetwork && !networkexists {
return errors.New("This network does not exist")
if netname != "" && !networkexists {
return errors.New("This network does not exist"), nil, ""
}
var hasBearer = true
@@ -77,23 +89,30 @@ func SecurityCheck(reqAdmin bool, netname, token string) error {
} else {
authToken = tokenSplit[1]
}
userNetworks := []string{}
//all endpoints here require master so not as complicated
if !hasBearer || !authenticateMaster(authToken) {
_, networks, isadmin, err := functions.VerifyUserToken(authToken)
isMasterAuthenticated := authenticateMaster(authToken)
username := ""
if !hasBearer || !isMasterAuthenticated {
userName, networks, isadmin, err := functions.VerifyUserToken(authToken)
username = userName
if err != nil {
return errors.New("Error verifying user token")
return errors.New("Error verifying user token"), nil, username
}
if !isadmin && reqAdmin {
return errors.New("You are unauthorized to access this endpoint")
} else if !isadmin && netname != ""{
if !functions.SliceContains(networks, netname){
return errors.New("You are unauthorized to access this endpoint")
}
} else if !isadmin {
return errors.New("You are unauthorized to access this endpoint")
return errors.New("You are unauthorized to access this endpoint"), nil, username
}
userNetworks = networks
if isadmin {
userNetworks = []string{ALL_NETWORK_ACCESS}
}
} else if isMasterAuthenticated {
userNetworks = []string{ALL_NETWORK_ACCESS}
}
return nil
if len(userNetworks) == 0 {
userNetworks = append(userNetworks, NO_NETWORKS_PRESENT)
}
return nil, userNetworks, username
}
//Consider a more secure way of setting master key
@@ -107,16 +126,33 @@ func authenticateMaster(tokenString string) bool {
//simple get all networks function
func getNetworks(w http.ResponseWriter, r *http.Request) {
allnetworks, err := functions.ListNetworks()
if err != nil {
returnErrorResponse(w, r, formatError(err, "internal"))
headerNetworks := r.Header.Get("networks")
networksSlice := []string{}
marshalErr := json.Unmarshal([]byte(headerNetworks), &networksSlice)
if marshalErr != nil {
returnErrorResponse(w, r, formatError(marshalErr, "internal"))
return
}
allnetworks := []models.Network{}
err := errors.New("Networks Error")
if networksSlice[0] == ALL_NETWORK_ACCESS {
allnetworks, err = functions.ListNetworks()
if err != nil {
returnErrorResponse(w, r, formatError(err, "internal"))
return
}
} else {
for _, network := range networksSlice {
netObject, parentErr := functions.GetParentNetwork(network)
if parentErr == nil {
allnetworks = append(allnetworks, netObject)
}
}
}
networks := RemoveComms(allnetworks)
functions.PrintUserLog(r.Header.Get("user"), "fetched networks.", 2)
w.WriteHeader(http.StatusOK)
json.NewEncoder(w).Encode(networks)
return
}
func RemoveComms(networks []models.Network) []models.Network {
@@ -137,13 +173,13 @@ func RemoveComms(networks []models.Network) []models.Network {
func ValidateNetworkUpdate(network models.NetworkUpdate) error {
v := validator.New()
_ = v.RegisterValidation("netid_valid", func(fl validator.FieldLevel) bool {
if fl.Field().String() == "" {
_ = v.RegisterValidation("netid_valid", func(fl validator.FieldLevel) bool {
if fl.Field().String() == "" {
return true
}
inCharSet := functions.NameInNetworkCharSet(fl.Field().String())
return inCharSet
})
inCharSet := functions.NameInNetworkCharSet(fl.Field().String())
return inCharSet
})
// _ = v.RegisterValidation("addressrange_valid", func(fl validator.FieldLevel) bool {
// isvalid := fl.Field().String() == "" || functions.IsIpCIDR(fl.Field().String())
@@ -231,6 +267,7 @@ func getNetwork(w http.ResponseWriter, r *http.Request) {
returnErrorResponse(w, r, formatError(err, "internal"))
return
}
functions.PrintUserLog(r.Header.Get("user"), "fetched network "+netname, 2)
w.WriteHeader(http.StatusOK)
json.NewEncoder(w).Encode(network)
}
@@ -257,6 +294,7 @@ func keyUpdate(w http.ResponseWriter, r *http.Request) {
returnErrorResponse(w, r, formatError(err, "internal"))
return
}
functions.PrintUserLog(r.Header.Get("user"), "updated key on network "+netname, 2)
w.WriteHeader(http.StatusOK)
json.NewEncoder(w).Encode(network)
}
@@ -329,7 +367,8 @@ func updateNetwork(w http.ResponseWriter, r *http.Request) {
w.Header().Set("Content-Type", "application/json")
var params = mux.Vars(r)
var network models.Network
network, err := functions.GetParentNetwork(params["networkname"])
netname := params["networkname"]
network, err := functions.GetParentNetwork(netname)
if err != nil {
returnErrorResponse(w, r, formatError(err, "internal"))
return
@@ -359,45 +398,47 @@ func updateNetwork(w http.ResponseWriter, r *http.Request) {
return
}
functions.PrintUserLog(r.Header.Get("user"), "updated network "+netname, 1)
w.WriteHeader(http.StatusOK)
json.NewEncoder(w).Encode(returnednetwork)
}
func updateNetworkNodeLimit(w http.ResponseWriter, r *http.Request) {
w.Header().Set("Content-Type", "application/json")
var params = mux.Vars(r)
var network models.Network
network, err := functions.GetParentNetwork(params["networkname"])
if err != nil {
returnErrorResponse(w, r, formatError(err, "internal"))
return
}
var networkChange models.NetworkUpdate
_ = json.NewDecoder(r.Body).Decode(&networkChange)
collection := mongoconn.Client.Database("netmaker").Collection("networks")
ctx, cancel := context.WithTimeout(context.Background(), 10*time.Second)
filter := bson.M{"netid": network.NetID}
if networkChange.NodeLimit !=0 {
update := bson.D{
{"$set", bson.D{
{"nodelimit", networkChange.NodeLimit},
}},
}
err := collection.FindOneAndUpdate(ctx, filter, update).Decode(&network)
defer cancel()
if err != nil {
returnErrorResponse(w, r, formatError(err, "badrequest"))
return
}
w.Header().Set("Content-Type", "application/json")
var params = mux.Vars(r)
var network models.Network
netname := params["networkname"]
network, err := functions.GetParentNetwork(netname)
if err != nil {
returnErrorResponse(w, r, formatError(err, "internal"))
return
}
w.WriteHeader(http.StatusOK)
json.NewEncoder(w).Encode(network)
}
var networkChange models.NetworkUpdate
_ = json.NewDecoder(r.Body).Decode(&networkChange)
collection := mongoconn.Client.Database("netmaker").Collection("networks")
ctx, cancel := context.WithTimeout(context.Background(), 10*time.Second)
filter := bson.M{"netid": network.NetID}
if networkChange.NodeLimit != 0 {
update := bson.D{
{"$set", bson.D{
{"nodelimit", networkChange.NodeLimit},
}},
}
err := collection.FindOneAndUpdate(ctx, filter, update).Decode(&network)
defer cancel()
if err != nil {
returnErrorResponse(w, r, formatError(err, "badrequest"))
return
}
}
functions.PrintUserLog(r.Header.Get("user"), "updated network node limit on, "+netname, 1)
w.WriteHeader(http.StatusOK)
json.NewEncoder(w).Encode(network)
}
func UpdateNetwork(networkChange models.NetworkUpdate, network models.Network) (models.Network, error) {
//NOTE: Network.NetID is intentionally NOT editable. It acts as a static ID for the network.
@@ -528,12 +569,13 @@ func deleteNetwork(w http.ResponseWriter, r *http.Request) {
if err != nil {
errtype := "badrequest"
if strings.Contains(err.Error(), "Node check failed"){
if strings.Contains(err.Error(), "Node check failed") {
errtype = "forbidden"
}
returnErrorResponse(w, r, formatError(err, errtype))
return
}
functions.PrintUserLog(r.Header.Get("user"), "deleted network "+network, 1)
w.WriteHeader(http.StatusOK)
json.NewEncoder(w).Encode(count)
}
@@ -585,6 +627,7 @@ func createNetwork(w http.ResponseWriter, r *http.Request) {
returnErrorResponse(w, r, formatError(err, "badrequest"))
return
}
functions.PrintUserLog(r.Header.Get("user"), "created network "+network.NetID, 1)
w.WriteHeader(http.StatusOK)
//json.NewEncoder(w).Encode(result)
}
@@ -633,7 +676,8 @@ func createAccessKey(w http.ResponseWriter, r *http.Request) {
var params = mux.Vars(r)
var accesskey models.AccessKey
//start here
network, err := functions.GetParentNetwork(params["networkname"])
netname := params["networkname"]
network, err := functions.GetParentNetwork(netname)
if err != nil {
returnErrorResponse(w, r, formatError(err, "internal"))
return
@@ -648,6 +692,7 @@ func createAccessKey(w http.ResponseWriter, r *http.Request) {
returnErrorResponse(w, r, formatError(err, "badrequest"))
return
}
functions.PrintUserLog(r.Header.Get("user"), "created access key "+netname, 1)
w.WriteHeader(http.StatusOK)
json.NewEncoder(w).Encode(key)
//w.Write([]byte(accesskey.AccessString))
@@ -666,10 +711,10 @@ func CreateAccessKey(accesskey models.AccessKey, network models.Network) (models
accesskey.Uses = 1
}
checkkeys, err := GetKeys(network.NetID)
if err != nil {
return models.AccessKey{}, errors.New("could not retrieve network keys")
}
checkkeys, err := GetKeys(network.NetID)
if err != nil {
return models.AccessKey{}, errors.New("could not retrieve network keys")
}
for _, key := range checkkeys {
if key.Name == accesskey.Name {
@@ -685,10 +730,11 @@ func CreateAccessKey(accesskey models.AccessKey, network models.Network) (models
netID := network.NetID
var accessToken models.AccessToken
s := servercfg.GetServerConfig()
w := servercfg.GetWGConfig()
var accessToken models.AccessToken
s := servercfg.GetServerConfig()
w := servercfg.GetWGConfig()
servervals := models.ServerConfig{
CoreDNSAddr: s.CoreDNSAddr,
APIConnString: s.APIConnString,
APIHost: s.APIHost,
APIPort: s.APIPort,
@@ -696,27 +742,27 @@ func CreateAccessKey(accesskey models.AccessKey, network models.Network) (models
GRPCHost: s.GRPCHost,
GRPCPort: s.GRPCPort,
GRPCSSL: s.GRPCSSL,
}
}
wgvals := models.WG{
GRPCWireGuard: w.GRPCWireGuard,
GRPCWGAddress: w.GRPCWGAddress,
GRPCWGPort: w.GRPCWGPort,
GRPCWGPubKey: w.GRPCWGPubKey,
GRPCWGEndpoint: s.APIHost,
}
GRPCWireGuard: w.GRPCWireGuard,
GRPCWGAddress: w.GRPCWGAddress,
GRPCWGPort: w.GRPCWGPort,
GRPCWGPubKey: w.GRPCWGPubKey,
GRPCWGEndpoint: s.APIHost,
}
accessToken.ServerConfig = servervals
accessToken.WG = wgvals
accessToken.ServerConfig = servervals
accessToken.WG = wgvals
accessToken.ClientConfig.Network = netID
accessToken.ClientConfig.Key = accesskey.Value
accessToken.ClientConfig.LocalRange = privAddr
tokenjson, err := json.Marshal(accessToken)
if err != nil {
return accesskey, err
}
tokenjson, err := json.Marshal(accessToken)
if err != nil {
return accesskey, err
}
accesskey.AccessString = base64.StdEncoding.EncodeToString([]byte(tokenjson))
accesskey.AccessString = base64.StdEncoding.EncodeToString([]byte(tokenjson))
//validate accesskey
v := validator.New()
@@ -752,52 +798,51 @@ func GetSignupToken(netID string) (models.AccessKey, error) {
var accesskey models.AccessKey
var accessToken models.AccessToken
s := servercfg.GetServerConfig()
w := servercfg.GetWGConfig()
servervals := models.ServerConfig{
APIConnString: s.APIConnString,
APIHost: s.APIHost,
APIPort: s.APIPort,
GRPCConnString: s.GRPCConnString,
GRPCHost: s.GRPCHost,
GRPCPort: s.GRPCPort,
GRPCSSL: s.GRPCSSL,
}
wgvals := models.WG{
GRPCWireGuard: w.GRPCWireGuard,
GRPCWGAddress: w.GRPCWGAddress,
GRPCWGPort: w.GRPCWGPort,
GRPCWGPubKey: w.GRPCWGPubKey,
GRPCWGEndpoint: s.APIHost,
}
s := servercfg.GetServerConfig()
w := servercfg.GetWGConfig()
servervals := models.ServerConfig{
APIConnString: s.APIConnString,
APIHost: s.APIHost,
APIPort: s.APIPort,
GRPCConnString: s.GRPCConnString,
GRPCHost: s.GRPCHost,
GRPCPort: s.GRPCPort,
GRPCSSL: s.GRPCSSL,
}
wgvals := models.WG{
GRPCWireGuard: w.GRPCWireGuard,
GRPCWGAddress: w.GRPCWGAddress,
GRPCWGPort: w.GRPCWGPort,
GRPCWGPubKey: w.GRPCWGPubKey,
GRPCWGEndpoint: s.APIHost,
}
accessToken.ServerConfig = servervals
accessToken.WG = wgvals
accessToken.ServerConfig = servervals
accessToken.WG = wgvals
tokenjson, err := json.Marshal(accessToken)
if err != nil {
return accesskey, err
}
if err != nil {
return accesskey, err
}
accesskey.AccessString = base64.StdEncoding.EncodeToString([]byte(tokenjson))
return accesskey, nil
accesskey.AccessString = base64.StdEncoding.EncodeToString([]byte(tokenjson))
return accesskey, nil
}
func getSignupToken(w http.ResponseWriter, r *http.Request) {
w.Header().Set("Content-Type", "application/json")
var params = mux.Vars(r)
netID := params["networkname"]
w.Header().Set("Content-Type", "application/json")
var params = mux.Vars(r)
netID := params["networkname"]
token, err := GetSignupToken(netID)
if err != nil {
returnErrorResponse(w, r, formatError(err, "internal"))
return
}
w.WriteHeader(http.StatusOK)
json.NewEncoder(w).Encode(token)
if err != nil {
returnErrorResponse(w, r, formatError(err, "internal"))
return
}
functions.PrintUserLog(r.Header.Get("user"), "got signup token "+netID, 2)
w.WriteHeader(http.StatusOK)
json.NewEncoder(w).Encode(token)
}
//pretty simple get
func getAccessKeys(w http.ResponseWriter, r *http.Request) {
w.Header().Set("Content-Type", "application/json")
@@ -808,6 +853,7 @@ func getAccessKeys(w http.ResponseWriter, r *http.Request) {
returnErrorResponse(w, r, formatError(err, "internal"))
return
}
functions.PrintUserLog(r.Header.Get("user"), "fetched access keys on network "+network, 2)
w.WriteHeader(http.StatusOK)
json.NewEncoder(w).Encode(keys)
}
@@ -836,6 +882,7 @@ func deleteAccessKey(w http.ResponseWriter, r *http.Request) {
returnErrorResponse(w, r, formatError(err, "badrequest"))
return
}
functions.PrintUserLog(r.Header.Get("user"), "deleted access key "+keyname+" on network "+netname, 1)
w.WriteHeader(http.StatusOK)
}
func DeleteKey(keyname, netname string) error {

197
controllers/nodeHttpController.go
View File

@@ -5,10 +5,11 @@ import (
"encoding/json"
"errors"
"fmt"
"log"
"net/http"
"strings"
"time"
"log"
"github.com/gorilla/mux"
"github.com/gravitl/netmaker/functions"
"github.com/gravitl/netmaker/models"
@@ -184,13 +185,13 @@ func authorize(networkCheck bool, authNetwork string, next http.Handler) http.Ha
//B: the token corresponds to a mac address, and if so, which one
//TODO: There's probably a better way of dealing with the "master token"/master password. Plz Halp.
var isAuthorized = false
var isAuthorized = false
var macaddress = ""
_, networks, isadmin, errN := functions.VerifyUserToken(authToken)
username, networks, isadmin, errN := functions.VerifyUserToken(authToken)
isnetadmin := isadmin
if errN == nil && isadmin {
macaddress = "mastermac"
isAuthorized = true
macaddress = "mastermac"
isAuthorized = true
} else {
mac, _, err := functions.VerifyToken(authToken)
if err != nil {
@@ -202,11 +203,11 @@ func authorize(networkCheck bool, authNetwork string, next http.Handler) http.Ha
}
macaddress = mac
}
if !isadmin && params["network"] != ""{
if functions.SliceContains(networks, params["network"]){
isnetadmin = true
}
}
if !isadmin && params["network"] != "" {
if functions.SliceContains(networks, params["network"]) {
isnetadmin = true
}
}
//The mastermac (login with masterkey from config) can do everything!! May be dangerous.
if macaddress == "mastermac" {
isAuthorized = true
@@ -223,20 +224,20 @@ func authorize(networkCheck bool, authNetwork string, next http.Handler) http.Ha
if isnetadmin {
isAuthorized = true
} else {
node, err := functions.GetNodeByMacAddress(params["network"], macaddress)
if err != nil {
errorResponse = models.ErrorResponse{
Code: http.StatusUnauthorized, Message: "W1R3: Missing Auth Token.",
node, err := functions.GetNodeByMacAddress(params["network"], macaddress)
if err != nil {
errorResponse = models.ErrorResponse{
Code: http.StatusUnauthorized, Message: "W1R3: Missing Auth Token.",
}
returnErrorResponse(w, r, errorResponse)
return
}
returnErrorResponse(w, r, errorResponse)
return
}
isAuthorized = (node.Network == params["network"])
isAuthorized = (node.Network == params["network"])
}
case "node":
if isnetadmin {
isAuthorized = true
} else {
if isnetadmin {
isAuthorized = true
} else {
isAuthorized = (macaddress == params["macaddress"])
}
case "master":
@@ -253,6 +254,10 @@ func authorize(networkCheck bool, authNetwork string, next http.Handler) http.Ha
return
} else {
//If authorized, this function passes along it's request and output to the appropriate route function.
if username == "" {
username = "(user not found)"
}
r.Header.Set("user", username)
next.ServeHTTP(w, r)
}
}
@@ -266,13 +271,15 @@ func getNetworkNodes(w http.ResponseWriter, r *http.Request) {
var nodes []models.Node
var params = mux.Vars(r)
nodes, err := GetNetworkNodes(params["network"])
networkName := params["network"]
nodes, err := GetNetworkNodes(networkName)
if err != nil {
returnErrorResponse(w, r, formatError(err, "internal"))
return
}
//Returns all the nodes in JSON format
functions.PrintUserLog(r.Header.Get("user"), "fetched nodes on network"+networkName, 2)
w.WriteHeader(http.StatusOK)
json.NewEncoder(w).Encode(nodes)
}
@@ -319,6 +326,7 @@ func getAllNodes(w http.ResponseWriter, r *http.Request) {
return
}
//Return all the nodes in JSON format
functions.PrintUserLog(r.Header.Get("user"), "fetched nodes", 2)
w.WriteHeader(http.StatusOK)
json.NewEncoder(w).Encode(nodes)
}
@@ -391,6 +399,7 @@ func getNode(w http.ResponseWriter, r *http.Request) {
returnErrorResponse(w, r, formatError(err, "internal"))
return
}
functions.PrintUserLog(r.Header.Get("user"), "fetched node "+params["macaddress"], 2)
w.WriteHeader(http.StatusOK)
json.NewEncoder(w).Encode(node)
}
@@ -409,6 +418,7 @@ func getLastModified(w http.ResponseWriter, r *http.Request) {
returnErrorResponse(w, r, formatError(err, "internal"))
return
}
functions.PrintUserLog(r.Header.Get("user"), "called last modified", 2)
w.WriteHeader(http.StatusOK)
json.NewEncoder(w).Encode(network.NodesLastModified)
}
@@ -503,6 +513,7 @@ func createNode(w http.ResponseWriter, r *http.Request) {
returnErrorResponse(w, r, formatError(err, "internal"))
return
}
functions.PrintUserLog(r.Header.Get("user"), "created new node "+node.Name+" on network "+node.Network, 1)
w.WriteHeader(http.StatusOK)
json.NewEncoder(w).Encode(node)
}
@@ -517,7 +528,7 @@ func uncordonNode(w http.ResponseWriter, r *http.Request) {
returnErrorResponse(w, r, formatError(err, "internal"))
return
}
fmt.Println("Node " + node.Name + " uncordoned.")
functions.PrintUserLog(r.Header.Get("user"), "uncordoned node "+node.Name, 1)
w.WriteHeader(http.StatusOK)
json.NewEncoder(w).Encode("SUCCESS")
}
@@ -563,6 +574,7 @@ func createEgressGateway(w http.ResponseWriter, r *http.Request) {
returnErrorResponse(w, r, formatError(err, "internal"))
return
}
functions.PrintUserLog(r.Header.Get("user"), "created egress gateway on node "+gateway.NodeID+" on network "+gateway.NetID, 1)
w.WriteHeader(http.StatusOK)
json.NewEncoder(w).Encode(node)
}
@@ -594,13 +606,13 @@ func CreateEgressGateway(gateway models.EgressGatewayRequest) (models.Node, erro
nodechange.PostUp = node.PostUp
}
}
if node.PostDown != "" {
if !strings.Contains(node.PostDown, nodechange.PostDown) {
nodechange.PostDown = node.PostDown + "; " + nodechange.PostDown
} else {
nodechange.PostDown = node.PostDown
}
}
if node.PostDown != "" {
if !strings.Contains(node.PostDown, nodechange.PostDown) {
nodechange.PostDown = node.PostDown + "; " + nodechange.PostDown
} else {
nodechange.PostDown = node.PostDown
}
}
collection := mongoconn.Client.Database("netmaker").Collection("nodes")
ctx, cancel := context.WithTimeout(context.Background(), 10*time.Second)
// Create filter
@@ -637,7 +649,7 @@ func CreateEgressGateway(gateway models.EgressGatewayRequest) (models.Node, erro
func ValidateEgressGateway(gateway models.EgressGatewayRequest) error {
var err error
//isIp := functions.IsIpCIDR(gateway.RangeString)
empty := len(gateway.Ranges)==0
empty := len(gateway.Ranges) == 0
if empty {
err = errors.New("IP Ranges Cannot Be Empty")
}
@@ -651,11 +663,14 @@ func ValidateEgressGateway(gateway models.EgressGatewayRequest) error {
func deleteEgressGateway(w http.ResponseWriter, r *http.Request) {
w.Header().Set("Content-Type", "application/json")
var params = mux.Vars(r)
node, err := DeleteEgressGateway(params["network"], params["macaddress"])
nodeMac := params["macaddress"]
netid := params["network"]
node, err := DeleteEgressGateway(netid, nodeMac)
if err != nil {
returnErrorResponse(w, r, formatError(err, "internal"))
return
}
functions.PrintUserLog(r.Header.Get("user"), "delete egress gateway "+nodeMac+" on network "+netid, 1)
w.WriteHeader(http.StatusOK)
json.NewEncoder(w).Encode(node)
}
@@ -705,15 +720,19 @@ func DeleteEgressGateway(network, macaddress string) (models.Node, error) {
}
return node, nil
}
// == INGRESS ==
func createIngressGateway(w http.ResponseWriter, r *http.Request) {
var params = mux.Vars(r)
w.Header().Set("Content-Type", "application/json")
node, err := CreateIngressGateway(params["network"], params["macaddress"])
nodeMac := params["macaddress"]
netid := params["network"]
node, err := CreateIngressGateway(netid, nodeMac)
if err != nil {
returnErrorResponse(w, r, formatError(err, "internal"))
return
}
functions.PrintUserLog(r.Header.Get("user"), "created ingress gateway on node "+nodeMac+" on network "+netid, 1)
w.WriteHeader(http.StatusOK)
json.NewEncoder(w).Encode(node)
}
@@ -721,77 +740,79 @@ func createIngressGateway(w http.ResponseWriter, r *http.Request) {
func CreateIngressGateway(netid string, macaddress string) (models.Node, error) {
node, err := functions.GetNodeByMacAddress(netid, macaddress)
if err != nil {
return models.Node{}, err
}
if err != nil {
return models.Node{}, err
}
network, err := functions.GetParentNetwork(netid)
if err != nil {
network, err := functions.GetParentNetwork(netid)
if err != nil {
log.Println("Could not find network.")
return models.Node{}, err
}
var nodechange models.Node
return models.Node{}, err
}
var nodechange models.Node
nodechange.IngressGatewayRange = network.AddressRange
nodechange.PostUp = "iptables -A FORWARD -i " + node.Interface + " -j ACCEPT; iptables -t nat -A POSTROUTING -o " + node.Interface + " -j MASQUERADE"
nodechange.PostDown = "iptables -D FORWARD -i " + node.Interface + " -j ACCEPT; iptables -t nat -D POSTROUTING -o " + node.Interface + " -j MASQUERADE"
if node.PostUp != "" {
if !strings.Contains(node.PostUp, nodechange.PostUp) {
nodechange.PostUp = node.PostUp + "; " + nodechange.PostUp
} else {
nodechange.PostUp = node.PostUp
}
}
if node.PostDown != "" {
if !strings.Contains(node.PostDown, nodechange.PostDown) {
nodechange.PostDown = node.PostDown + "; " + nodechange.PostDown
} else {
nodechange.PostDown = node.PostDown
}
}
nodechange.PostUp = "iptables -A FORWARD -i " + node.Interface + " -j ACCEPT; iptables -t nat -A POSTROUTING -o " + node.Interface + " -j MASQUERADE"
nodechange.PostDown = "iptables -D FORWARD -i " + node.Interface + " -j ACCEPT; iptables -t nat -D POSTROUTING -o " + node.Interface + " -j MASQUERADE"
if node.PostUp != "" {
if !strings.Contains(node.PostUp, nodechange.PostUp) {
nodechange.PostUp = node.PostUp + "; " + nodechange.PostUp
} else {
nodechange.PostUp = node.PostUp
}
}
if node.PostDown != "" {
if !strings.Contains(node.PostDown, nodechange.PostDown) {
nodechange.PostDown = node.PostDown + "; " + nodechange.PostDown
} else {
nodechange.PostDown = node.PostDown
}
}
collection := mongoconn.Client.Database("netmaker").Collection("nodes")
ctx, cancel := context.WithTimeout(context.Background(), 10*time.Second)
// Create filter
filter := bson.M{"macaddress": macaddress, "network": netid}
node.SetLastModified()
// prepare update model.
update := bson.D{
{"$set", bson.D{
{"postup", nodechange.PostUp},
{"postdown", nodechange.PostDown},
{"isingressgateway", true},
{"ingressgatewayrange", nodechange.IngressGatewayRange},
{"lastmodified", node.LastModified},
}},
}
var nodeupdate models.Node
err = collection.FindOneAndUpdate(ctx, filter, update).Decode(&nodeupdate)
defer cancel()
if err != nil {
ctx, cancel := context.WithTimeout(context.Background(), 10*time.Second)
// Create filter
filter := bson.M{"macaddress": macaddress, "network": netid}
node.SetLastModified()
// prepare update model.
update := bson.D{
{"$set", bson.D{
{"postup", nodechange.PostUp},
{"postdown", nodechange.PostDown},
{"isingressgateway", true},
{"ingressgatewayrange", nodechange.IngressGatewayRange},
{"lastmodified", node.LastModified},
}},
}
var nodeupdate models.Node
err = collection.FindOneAndUpdate(ctx, filter, update).Decode(&nodeupdate)
defer cancel()
if err != nil {
log.Println("error updating node to gateway")
return models.Node{}, err
}
err = SetNetworkNodesLastModified(netid)
if err != nil {
return node, err
}
//Get updated values to return
node, err = functions.GetNodeByMacAddress(netid, macaddress)
if err != nil {
return models.Node{}, err
}
err = SetNetworkNodesLastModified(netid)
if err != nil {
return node, err
}
//Get updated values to return
node, err = functions.GetNodeByMacAddress(netid, macaddress)
if err != nil {
log.Println("error finding node after update")
return node, err
}
return node, nil
return node, err
}
return node, nil
}
func deleteIngressGateway(w http.ResponseWriter, r *http.Request) {
w.Header().Set("Content-Type", "application/json")
var params = mux.Vars(r)
node, err := DeleteIngressGateway(params["network"], params["macaddress"])
nodeMac := params["macaddress"]
node, err := DeleteIngressGateway(params["network"], nodeMac)
if err != nil {
returnErrorResponse(w, r, formatError(err, "internal"))
return
}
functions.PrintUserLog(r.Header.Get("user"), "deleted ingress gateway"+nodeMac, 1)
w.WriteHeader(http.StatusOK)
json.NewEncoder(w).Encode(node)
}

215
controllers/userHttpController.go
View File

@@ -30,7 +30,7 @@ func userHandlers(r *mux.Router) {
r.HandleFunc("/api/users/{username}", authorizeUserAdm(http.HandlerFunc(createUser))).Methods("POST")
r.HandleFunc("/api/users/{username}", authorizeUser(http.HandlerFunc(deleteUser))).Methods("DELETE")
r.HandleFunc("/api/users/{username}", authorizeUser(http.HandlerFunc(getUser))).Methods("GET")
r.HandleFunc("/api/users", authorizeUserAdm(http.HandlerFunc(getUsers))).Methods("GET")
r.HandleFunc("/api/users", authorizeUserAdm(http.HandlerFunc(getUsers))).Methods("GET")
}
//Node authenticates using its password and retrieves a JWT for authorization.
@@ -63,12 +63,13 @@ func authenticateUser(response http.ResponseWriter, request *http.Request) {
return
}
username := authRequest.UserName
var successResponse = models.SuccessResponse{
Code: http.StatusOK,
Message: "W1R3: Device " + authRequest.UserName + " Authorized",
Message: "W1R3: Device " + username + " Authorized",
Response: models.SuccessfulUserLoginResponse{
AuthToken: jwt,
UserName: authRequest.UserName,
UserName: username,
},
}
//Send back the JWT
@@ -78,6 +79,7 @@ func authenticateUser(response http.ResponseWriter, request *http.Request) {
returnErrorResponse(response, request, errorResponse)
return
}
functions.PrintUserLog(username, "was authenticated", 2)
response.Header().Set("Content-Type", "application/json")
response.Write(successJSONResponse)
}
@@ -112,7 +114,7 @@ func VerifyAuthRequest(authRequest models.UserAuthParams) (string, error) {
}
//Create a new JWT for the node
tokenString, _ := functions.CreateUserJWT(authRequest.UserName, result.Networks, result.IsAdmin)
tokenString, _ := functions.CreateUserJWT(authRequest.UserName, result.Networks, result.IsAdmin)
return tokenString, nil
}
@@ -126,36 +128,39 @@ func VerifyAuthRequest(authRequest models.UserAuthParams) (string, error) {
func authorizeUser(next http.Handler) http.HandlerFunc {
return func(w http.ResponseWriter, r *http.Request) {
w.Header().Set("Content-Type", "application/json")
var params = mux.Vars(r)
var params = mux.Vars(r)
//get the auth token
bearerToken := r.Header.Get("Authorization")
err := ValidateUserToken(bearerToken, params["username"], false)
username := params["username"]
err := ValidateUserToken(bearerToken, username, false)
if err != nil {
returnErrorResponse(w, r, formatError(err, "unauthorized"))
return
}
r.Header.Set("user", username)
next.ServeHTTP(w, r)
}
}
func authorizeUserAdm(next http.Handler) http.HandlerFunc {
return func(w http.ResponseWriter, r *http.Request) {
w.Header().Set("Content-Type", "application/json")
var params = mux.Vars(r)
return func(w http.ResponseWriter, r *http.Request) {
w.Header().Set("Content-Type", "application/json")
var params = mux.Vars(r)
//get the auth token
bearerToken := r.Header.Get("Authorization")
err := ValidateUserToken(bearerToken, params["username"], true)
if err != nil {
returnErrorResponse(w, r, formatError(err, "unauthorized"))
return
}
next.ServeHTTP(w, r)
}
//get the auth token
bearerToken := r.Header.Get("Authorization")
username := params["username"]
err := ValidateUserToken(bearerToken, username, true)
if err != nil {
returnErrorResponse(w, r, formatError(err, "unauthorized"))
return
}
r.Header.Set("user", username)
next.ServeHTTP(w, r)
}
}
func ValidateUserToken(token string, user string, adminonly bool) error {
var tokenSplit = strings.Split(token, " ")
@@ -241,79 +246,74 @@ func GetUser(username string) (models.User, error) {
func GetUsers() ([]models.User, error) {
var users []models.User
var users []models.User
collection := mongoconn.Client.Database("netmaker").Collection("users")
collection := mongoconn.Client.Database("netmaker").Collection("users")
ctx, cancel := context.WithTimeout(context.Background(), 10*time.Second)
ctx, cancel := context.WithTimeout(context.Background(), 10*time.Second)
cur, err := collection.Find(ctx, bson.M{}, options.Find().SetProjection(bson.M{"_id": 0}))
cur, err := collection.Find(ctx, bson.M{}, options.Find().SetProjection(bson.M{"_id": 0}))
if err != nil {
return users, err
}
if err != nil {
return users, err
}
defer cancel()
defer cancel()
for cur.Next(context.TODO()) {
for cur.Next(context.TODO()) {
var user models.User
err := cur.Decode(&user)
if err != nil {
return users, err
}
var user models.User
err := cur.Decode(&user)
if err != nil {
return users, err
}
// add network our array
users = append(users, user)
}
// add network our array
users = append(users, user)
}
if err := cur.Err(); err != nil {
return users, err
}
if err := cur.Err(); err != nil {
return users, err
}
return users, err
return users, err
}
//Get an individual node. Nothin fancy here folks.
func getUser(w http.ResponseWriter, r *http.Request) {
// set header.
w.Header().Set("Content-Type", "application/json")
var params = mux.Vars(r)
usernameFetched := params["username"]
user, err := GetUser(usernameFetched)
user, err := GetUser(params["username"])
if err != nil {
returnErrorResponse(w, r, formatError(err, "internal"))
return
}
functions.PrintUserLog(r.Header.Get("user"), "fetched user "+usernameFetched, 2)
json.NewEncoder(w).Encode(user)
}
//Get an individual node. Nothin fancy here folks.
func getUsers(w http.ResponseWriter, r *http.Request) {
// set header.
w.Header().Set("Content-Type", "application/json")
users, err := GetUsers()
if err != nil {
returnErrorResponse(w, r, formatError(err, "internal"))
return
}
json.NewEncoder(w).Encode(user)
functions.PrintUserLog(r.Header.Get("user"), "fetched users", 2)
json.NewEncoder(w).Encode(users)
}
//Get an individual node. Nothin fancy here folks.
func getUsers(w http.ResponseWriter, r *http.Request) {
// set header.
w.Header().Set("Content-Type", "application/json")
users, err := GetUsers()
if err != nil {
returnErrorResponse(w, r, formatError(err, "internal"))
return
}
json.NewEncoder(w).Encode(users)
}
func CreateUser(user models.User) (models.User, error) {
hasadmin, err := HasAdmin()
if hasadmin && user.IsAdmin {
return models.User{}, errors.New("Admin already Exists")
}
err = ValidateUser("create", user)
err := ValidateUser("create", user)
if err != nil {
return models.User{}, err
}
@@ -326,7 +326,7 @@ func CreateUser(user models.User) (models.User, error) {
//set password to encrypted password
user.Password = string(hash)
tokenString, _ := functions.CreateUserJWT(user.UserName,user.Networks, user.IsAdmin)
tokenString, _ := functions.CreateUserJWT(user.UserName, user.Networks, user.IsAdmin)
if tokenString == "" {
//returnErrorResponse(w, r, errorResponse)
@@ -350,35 +350,34 @@ func createAdmin(w http.ResponseWriter, r *http.Request) {
var admin models.User
//get node from body of request
_ = json.NewDecoder(r.Body).Decode(&admin)
admin.IsAdmin = true
admin.IsAdmin = true
admin, err := CreateUser(admin)
if err != nil {
returnErrorResponse(w, r, formatError(err, "badrequest"))
return
}
functions.PrintUserLog(admin.UserName, "was made a new admin", 1)
json.NewEncoder(w).Encode(admin)
}
func createUser(w http.ResponseWriter, r *http.Request) {
w.Header().Set("Content-Type", "application/json")
w.Header().Set("Content-Type", "application/json")
var user models.User
//get node from body of request
_ = json.NewDecoder(r.Body).Decode(&user)
var user models.User
//get node from body of request
_ = json.NewDecoder(r.Body).Decode(&user)
user, err := CreateUser(user)
user, err := CreateUser(user)
if err != nil {
returnErrorResponse(w, r, formatError(err, "badrequest"))
return
}
json.NewEncoder(w).Encode(user)
if err != nil {
returnErrorResponse(w, r, formatError(err, "badrequest"))
return
}
functions.PrintUserLog(user.UserName, "was created", 1)
json.NewEncoder(w).Encode(user)
}
func UpdateUser(userchange models.User, user models.User) (models.User, error) {
err := ValidateUser("update", userchange)
@@ -391,9 +390,9 @@ func UpdateUser(userchange models.User, user models.User) (models.User, error) {
if userchange.UserName != "" {
user.UserName = userchange.UserName
}
if len(userchange.Networks) > 0 {
user.Networks = userchange.Networks
}
if len(userchange.Networks) > 0 {
user.Networks = userchange.Networks
}
if userchange.Password != "" {
//encrypt that password so we never see it again
hash, err := bcrypt.GenerateFromPassword([]byte(userchange.Password), 5)
@@ -445,7 +444,8 @@ func updateUser(w http.ResponseWriter, r *http.Request) {
var params = mux.Vars(r)
var user models.User
//start here
user, err := GetUser(params["username"])
username := params["username"]
user, err := GetUser(username)
if err != nil {
returnErrorResponse(w, r, formatError(err, "internal"))
return
@@ -463,32 +463,35 @@ func updateUser(w http.ResponseWriter, r *http.Request) {
returnErrorResponse(w, r, formatError(err, "badrequest"))
return
}
functions.PrintUserLog(username, "was updated", 1)
json.NewEncoder(w).Encode(user)
}
func updateUserAdm(w http.ResponseWriter, r *http.Request) {
w.Header().Set("Content-Type", "application/json")
var params = mux.Vars(r)
var user models.User
//start here
user, err := GetUser(params["username"])
if err != nil {
returnErrorResponse(w, r, formatError(err, "internal"))
return
}
var userchange models.User
// we decode our body request params
err = json.NewDecoder(r.Body).Decode(&userchange)
if err != nil {
returnErrorResponse(w, r, formatError(err, "internal"))
return
}
w.Header().Set("Content-Type", "application/json")
var params = mux.Vars(r)
var user models.User
//start here
username := params["username"]
user, err := GetUser(username)
if err != nil {
returnErrorResponse(w, r, formatError(err, "internal"))
return
}
var userchange models.User
// we decode our body request params
err = json.NewDecoder(r.Body).Decode(&userchange)
if err != nil {
returnErrorResponse(w, r, formatError(err, "internal"))
return
}
user, err = UpdateUser(userchange, user)
if err != nil {
returnErrorResponse(w, r, formatError(err, "badrequest"))
return
}
json.NewEncoder(w).Encode(user)
if err != nil {
returnErrorResponse(w, r, formatError(err, "badrequest"))
return
}
functions.PrintUserLog(username, "was updated (admin)", 1)
json.NewEncoder(w).Encode(user)
}
func DeleteUser(user string) (bool, error) {
@@ -521,7 +524,8 @@ func deleteUser(w http.ResponseWriter, r *http.Request) {
// get params
var params = mux.Vars(r)
success, err := DeleteUser(params["username"])
username := params["username"]
success, err := DeleteUser(username)
if err != nil {
returnErrorResponse(w, r, formatError(err, "internal"))
@@ -531,6 +535,7 @@ func deleteUser(w http.ResponseWriter, r *http.Request) {
return
}
functions.PrintUserLog(username, "was deleted", 1)
json.NewEncoder(w).Encode(params["username"] + " deleted.")
}