2022-07-29 20:37:09 +02:00
|
|
|
package http
|
2022-05-03 16:02:51 +02:00
|
|
|
|
|
|
|
import (
|
|
|
|
"encoding/json"
|
|
|
|
"fmt"
|
2022-06-14 10:32:54 +02:00
|
|
|
"github.com/netbirdio/netbird/management/server/http/api"
|
|
|
|
"google.golang.org/grpc/codes"
|
|
|
|
"google.golang.org/grpc/status"
|
2022-05-03 16:02:51 +02:00
|
|
|
"net/http"
|
|
|
|
|
|
|
|
"github.com/netbirdio/netbird/management/server"
|
|
|
|
"github.com/netbirdio/netbird/management/server/jwtclaims"
|
|
|
|
"github.com/rs/xid"
|
|
|
|
|
|
|
|
"github.com/gorilla/mux"
|
|
|
|
log "github.com/sirupsen/logrus"
|
|
|
|
)
|
|
|
|
|
2022-05-21 15:21:39 +02:00
|
|
|
// Groups is a handler that returns groups of the account
|
|
|
|
type Groups struct {
|
|
|
|
jwtExtractor jwtclaims.ClaimsExtractor
|
|
|
|
accountManager server.AccountManager
|
|
|
|
authAudience string
|
|
|
|
}
|
|
|
|
|
2022-05-03 16:02:51 +02:00
|
|
|
func NewGroups(accountManager server.AccountManager, authAudience string) *Groups {
|
|
|
|
return &Groups{
|
|
|
|
accountManager: accountManager,
|
|
|
|
authAudience: authAudience,
|
|
|
|
jwtExtractor: *jwtclaims.NewClaimsExtractor(nil),
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
// GetAllGroupsHandler list for the account
|
|
|
|
func (h *Groups) GetAllGroupsHandler(w http.ResponseWriter, r *http.Request) {
|
2022-11-05 10:24:50 +01:00
|
|
|
account, _, err := getJWTAccount(h.accountManager, h.jwtExtractor, h.authAudience, r)
|
2022-05-03 16:02:51 +02:00
|
|
|
if err != nil {
|
|
|
|
log.Error(err)
|
|
|
|
http.Redirect(w, r, "/", http.StatusInternalServerError)
|
|
|
|
return
|
|
|
|
}
|
|
|
|
|
2022-06-14 10:32:54 +02:00
|
|
|
var groups []*api.Group
|
2022-05-21 15:21:39 +02:00
|
|
|
for _, g := range account.Groups {
|
|
|
|
groups = append(groups, toGroupResponse(account, g))
|
|
|
|
}
|
|
|
|
|
|
|
|
writeJSONObject(w, groups)
|
2022-05-03 16:02:51 +02:00
|
|
|
}
|
|
|
|
|
2022-06-14 10:32:54 +02:00
|
|
|
// UpdateGroupHandler handles update to a group identified by a given ID
|
|
|
|
func (h *Groups) UpdateGroupHandler(w http.ResponseWriter, r *http.Request) {
|
2022-11-05 10:24:50 +01:00
|
|
|
account, _, err := getJWTAccount(h.accountManager, h.jwtExtractor, h.authAudience, r)
|
2022-06-14 10:32:54 +02:00
|
|
|
if err != nil {
|
|
|
|
http.Redirect(w, r, "/", http.StatusInternalServerError)
|
|
|
|
return
|
|
|
|
}
|
|
|
|
|
|
|
|
vars := mux.Vars(r)
|
|
|
|
groupID, ok := vars["id"]
|
|
|
|
if !ok {
|
|
|
|
http.Error(w, "group ID field is missing", http.StatusBadRequest)
|
|
|
|
return
|
|
|
|
}
|
|
|
|
if len(groupID) == 0 {
|
|
|
|
http.Error(w, "group ID can't be empty", http.StatusUnprocessableEntity)
|
|
|
|
return
|
|
|
|
}
|
|
|
|
|
|
|
|
_, ok = account.Groups[groupID]
|
|
|
|
if !ok {
|
|
|
|
http.Error(w, fmt.Sprintf("couldn't find group with ID %s", groupID), http.StatusNotFound)
|
|
|
|
return
|
|
|
|
}
|
|
|
|
|
|
|
|
allGroup, err := account.GetGroupAll()
|
|
|
|
if err != nil {
|
|
|
|
http.Error(w, err.Error(), http.StatusInternalServerError)
|
|
|
|
return
|
|
|
|
}
|
|
|
|
if allGroup.ID == groupID {
|
|
|
|
http.Error(w, "updating group ALL is not allowed", http.StatusMethodNotAllowed)
|
|
|
|
return
|
|
|
|
}
|
|
|
|
|
|
|
|
var req api.PutApiGroupsIdJSONRequestBody
|
|
|
|
if err := json.NewDecoder(r.Body).Decode(&req); err != nil {
|
|
|
|
http.Error(w, err.Error(), http.StatusBadRequest)
|
|
|
|
return
|
|
|
|
}
|
|
|
|
|
|
|
|
if *req.Name == "" {
|
|
|
|
http.Error(w, "group name shouldn't be empty", http.StatusUnprocessableEntity)
|
|
|
|
return
|
|
|
|
}
|
|
|
|
|
|
|
|
group := server.Group{
|
|
|
|
ID: groupID,
|
|
|
|
Name: *req.Name,
|
|
|
|
Peers: peerIPsToKeys(account, req.Peers),
|
|
|
|
}
|
|
|
|
|
|
|
|
if err := h.accountManager.SaveGroup(account.Id, &group); err != nil {
|
|
|
|
log.Errorf("failed updating group %s under account %s %v", groupID, account.Id, err)
|
|
|
|
http.Redirect(w, r, "/", http.StatusInternalServerError)
|
|
|
|
return
|
|
|
|
}
|
|
|
|
|
|
|
|
writeJSONObject(w, toGroupResponse(account, &group))
|
|
|
|
}
|
|
|
|
|
|
|
|
// PatchGroupHandler handles patch updates to a group identified by a given ID
|
|
|
|
func (h *Groups) PatchGroupHandler(w http.ResponseWriter, r *http.Request) {
|
2022-11-05 10:24:50 +01:00
|
|
|
account, _, err := getJWTAccount(h.accountManager, h.jwtExtractor, h.authAudience, r)
|
2022-06-14 10:32:54 +02:00
|
|
|
if err != nil {
|
|
|
|
http.Redirect(w, r, "/", http.StatusInternalServerError)
|
|
|
|
return
|
|
|
|
}
|
|
|
|
|
|
|
|
vars := mux.Vars(r)
|
|
|
|
groupID := vars["id"]
|
|
|
|
if len(groupID) == 0 {
|
|
|
|
http.Error(w, "invalid group Id", http.StatusBadRequest)
|
|
|
|
return
|
|
|
|
}
|
|
|
|
|
|
|
|
_, ok := account.Groups[groupID]
|
|
|
|
if !ok {
|
|
|
|
http.Error(w, fmt.Sprintf("couldn't find group id %s", groupID), http.StatusNotFound)
|
|
|
|
return
|
|
|
|
}
|
|
|
|
|
|
|
|
allGroup, err := account.GetGroupAll()
|
|
|
|
if err != nil {
|
|
|
|
http.Error(w, err.Error(), http.StatusInternalServerError)
|
|
|
|
return
|
|
|
|
}
|
|
|
|
|
|
|
|
if allGroup.ID == groupID {
|
|
|
|
http.Error(w, "updating group ALL is not allowed", http.StatusMethodNotAllowed)
|
|
|
|
return
|
|
|
|
}
|
|
|
|
|
|
|
|
var req api.PatchApiGroupsIdJSONRequestBody
|
|
|
|
if err := json.NewDecoder(r.Body).Decode(&req); err != nil {
|
|
|
|
http.Error(w, err.Error(), http.StatusBadRequest)
|
|
|
|
return
|
|
|
|
}
|
|
|
|
|
|
|
|
if len(req) == 0 {
|
|
|
|
http.Error(w, "no patch instruction received", http.StatusBadRequest)
|
|
|
|
return
|
|
|
|
}
|
|
|
|
|
|
|
|
var operations []server.GroupUpdateOperation
|
|
|
|
|
|
|
|
for _, patch := range req {
|
|
|
|
switch patch.Path {
|
|
|
|
case api.GroupPatchOperationPathName:
|
|
|
|
if patch.Op != api.GroupPatchOperationOpReplace {
|
|
|
|
http.Error(w, fmt.Sprintf("Name field only accepts replace operation, got %s", patch.Op),
|
|
|
|
http.StatusBadRequest)
|
|
|
|
return
|
|
|
|
}
|
|
|
|
|
|
|
|
if len(patch.Value) == 0 || patch.Value[0] == "" {
|
|
|
|
http.Error(w, "Group name shouldn't be empty", http.StatusUnprocessableEntity)
|
|
|
|
return
|
|
|
|
}
|
|
|
|
|
|
|
|
operations = append(operations, server.GroupUpdateOperation{
|
|
|
|
Type: server.UpdateGroupName,
|
|
|
|
Values: patch.Value,
|
|
|
|
})
|
|
|
|
case api.GroupPatchOperationPathPeers:
|
|
|
|
switch patch.Op {
|
|
|
|
case api.GroupPatchOperationOpReplace:
|
|
|
|
peerKeys := peerIPsToKeys(account, &patch.Value)
|
|
|
|
operations = append(operations, server.GroupUpdateOperation{
|
|
|
|
Type: server.UpdateGroupPeers,
|
|
|
|
Values: peerKeys,
|
|
|
|
})
|
|
|
|
case api.GroupPatchOperationOpRemove:
|
|
|
|
peerKeys := peerIPsToKeys(account, &patch.Value)
|
|
|
|
operations = append(operations, server.GroupUpdateOperation{
|
|
|
|
Type: server.RemovePeersFromGroup,
|
|
|
|
Values: peerKeys,
|
|
|
|
})
|
|
|
|
case api.GroupPatchOperationOpAdd:
|
|
|
|
peerKeys := peerIPsToKeys(account, &patch.Value)
|
|
|
|
operations = append(operations, server.GroupUpdateOperation{
|
|
|
|
Type: server.InsertPeersToGroup,
|
|
|
|
Values: peerKeys,
|
|
|
|
})
|
|
|
|
default:
|
|
|
|
http.Error(w, "invalid operation, \"%s\", for Peers field", http.StatusBadRequest)
|
|
|
|
return
|
|
|
|
}
|
|
|
|
default:
|
|
|
|
http.Error(w, "invalid patch path", http.StatusBadRequest)
|
|
|
|
return
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
group, err := h.accountManager.UpdateGroup(account.Id, groupID, operations)
|
|
|
|
|
|
|
|
if err != nil {
|
|
|
|
errStatus, ok := status.FromError(err)
|
|
|
|
if ok && errStatus.Code() == codes.Internal {
|
|
|
|
http.Error(w, errStatus.String(), http.StatusInternalServerError)
|
|
|
|
return
|
|
|
|
}
|
|
|
|
|
|
|
|
if ok && errStatus.Code() == codes.NotFound {
|
|
|
|
http.Error(w, errStatus.String(), http.StatusNotFound)
|
|
|
|
return
|
|
|
|
}
|
|
|
|
|
|
|
|
log.Errorf("failed updating group %s under account %s %v", groupID, account.Id, err)
|
|
|
|
http.Redirect(w, r, "/", http.StatusInternalServerError)
|
|
|
|
return
|
|
|
|
}
|
|
|
|
|
|
|
|
writeJSONObject(w, toGroupResponse(account, group))
|
|
|
|
}
|
|
|
|
|
|
|
|
// CreateGroupHandler handles group creation request
|
|
|
|
func (h *Groups) CreateGroupHandler(w http.ResponseWriter, r *http.Request) {
|
2022-11-05 10:24:50 +01:00
|
|
|
account, _, err := getJWTAccount(h.accountManager, h.jwtExtractor, h.authAudience, r)
|
2022-05-03 16:02:51 +02:00
|
|
|
if err != nil {
|
|
|
|
http.Redirect(w, r, "/", http.StatusInternalServerError)
|
|
|
|
return
|
|
|
|
}
|
|
|
|
|
2022-06-14 10:32:54 +02:00
|
|
|
var req api.PostApiGroupsJSONRequestBody
|
2022-05-03 16:02:51 +02:00
|
|
|
if err := json.NewDecoder(r.Body).Decode(&req); err != nil {
|
|
|
|
http.Error(w, err.Error(), http.StatusBadRequest)
|
|
|
|
return
|
|
|
|
}
|
|
|
|
|
2022-06-14 10:32:54 +02:00
|
|
|
if req.Name == "" {
|
|
|
|
http.Error(w, "Group name shouldn't be empty", http.StatusUnprocessableEntity)
|
|
|
|
return
|
2022-05-03 16:02:51 +02:00
|
|
|
}
|
|
|
|
|
2022-05-21 15:21:39 +02:00
|
|
|
group := server.Group{
|
2022-06-14 10:32:54 +02:00
|
|
|
ID: xid.New().String(),
|
2022-05-21 15:21:39 +02:00
|
|
|
Name: req.Name,
|
2022-06-14 10:32:54 +02:00
|
|
|
Peers: peerIPsToKeys(account, req.Peers),
|
2022-05-21 15:21:39 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
if err := h.accountManager.SaveGroup(account.Id, &group); err != nil {
|
2022-06-14 10:32:54 +02:00
|
|
|
log.Errorf("failed creating group \"%s\" under account %s %v", req.Name, account.Id, err)
|
2022-05-03 16:02:51 +02:00
|
|
|
http.Redirect(w, r, "/", http.StatusInternalServerError)
|
|
|
|
return
|
|
|
|
}
|
|
|
|
|
2022-05-21 15:21:39 +02:00
|
|
|
writeJSONObject(w, toGroupResponse(account, &group))
|
2022-05-03 16:02:51 +02:00
|
|
|
}
|
|
|
|
|
2022-06-14 10:32:54 +02:00
|
|
|
// DeleteGroupHandler handles group deletion request
|
2022-05-03 16:02:51 +02:00
|
|
|
func (h *Groups) DeleteGroupHandler(w http.ResponseWriter, r *http.Request) {
|
2022-11-05 10:24:50 +01:00
|
|
|
account, _, err := getJWTAccount(h.accountManager, h.jwtExtractor, h.authAudience, r)
|
2022-05-03 16:02:51 +02:00
|
|
|
if err != nil {
|
|
|
|
http.Redirect(w, r, "/", http.StatusInternalServerError)
|
|
|
|
return
|
|
|
|
}
|
|
|
|
aID := account.Id
|
|
|
|
|
2022-06-14 10:32:54 +02:00
|
|
|
groupID := mux.Vars(r)["id"]
|
|
|
|
if len(groupID) == 0 {
|
2022-05-03 16:02:51 +02:00
|
|
|
http.Error(w, "invalid group ID", http.StatusBadRequest)
|
|
|
|
return
|
|
|
|
}
|
|
|
|
|
2022-06-14 10:32:54 +02:00
|
|
|
allGroup, err := account.GetGroupAll()
|
|
|
|
if err != nil {
|
|
|
|
http.Error(w, err.Error(), http.StatusInternalServerError)
|
|
|
|
return
|
|
|
|
}
|
|
|
|
|
|
|
|
if allGroup.ID == groupID {
|
|
|
|
http.Error(w, "deleting group ALL is not allowed", http.StatusMethodNotAllowed)
|
|
|
|
return
|
|
|
|
}
|
|
|
|
|
|
|
|
if err := h.accountManager.DeleteGroup(aID, groupID); err != nil {
|
|
|
|
log.Errorf("failed delete group %s under account %s %v", groupID, aID, err)
|
2022-05-03 16:02:51 +02:00
|
|
|
http.Redirect(w, r, "/", http.StatusInternalServerError)
|
|
|
|
return
|
|
|
|
}
|
|
|
|
|
|
|
|
writeJSONObject(w, "")
|
|
|
|
}
|
|
|
|
|
2022-06-14 10:32:54 +02:00
|
|
|
// GetGroupHandler returns a group
|
2022-05-03 16:02:51 +02:00
|
|
|
func (h *Groups) GetGroupHandler(w http.ResponseWriter, r *http.Request) {
|
2022-11-05 10:24:50 +01:00
|
|
|
account, _, err := getJWTAccount(h.accountManager, h.jwtExtractor, h.authAudience, r)
|
2022-05-03 16:02:51 +02:00
|
|
|
if err != nil {
|
|
|
|
http.Redirect(w, r, "/", http.StatusInternalServerError)
|
|
|
|
return
|
|
|
|
}
|
|
|
|
|
|
|
|
switch r.Method {
|
|
|
|
case http.MethodGet:
|
|
|
|
groupID := mux.Vars(r)["id"]
|
|
|
|
if len(groupID) == 0 {
|
|
|
|
http.Error(w, "invalid group ID", http.StatusBadRequest)
|
|
|
|
return
|
|
|
|
}
|
|
|
|
|
|
|
|
group, err := h.accountManager.GetGroup(account.Id, groupID)
|
|
|
|
if err != nil {
|
|
|
|
http.Error(w, "group not found", http.StatusNotFound)
|
|
|
|
return
|
|
|
|
}
|
|
|
|
|
2022-05-21 15:21:39 +02:00
|
|
|
writeJSONObject(w, toGroupResponse(account, group))
|
2022-05-03 16:02:51 +02:00
|
|
|
default:
|
|
|
|
http.Error(w, "", http.StatusNotFound)
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2022-06-14 10:32:54 +02:00
|
|
|
func peerIPsToKeys(account *server.Account, peerIPs *[]string) []string {
|
|
|
|
var mappedPeerKeys []string
|
|
|
|
if peerIPs == nil {
|
|
|
|
return mappedPeerKeys
|
2022-05-03 16:02:51 +02:00
|
|
|
}
|
|
|
|
|
2022-06-14 10:32:54 +02:00
|
|
|
peersChecked := make(map[string]struct{})
|
|
|
|
|
|
|
|
for _, requestPeersIP := range *peerIPs {
|
|
|
|
_, ok := peersChecked[requestPeersIP]
|
|
|
|
if ok {
|
|
|
|
continue
|
|
|
|
}
|
|
|
|
peersChecked[requestPeersIP] = struct{}{}
|
|
|
|
for _, accountPeer := range account.Peers {
|
|
|
|
if accountPeer.IP.String() == requestPeersIP {
|
|
|
|
mappedPeerKeys = append(mappedPeerKeys, accountPeer.Key)
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
return mappedPeerKeys
|
2022-05-03 16:02:51 +02:00
|
|
|
}
|
2022-05-21 15:21:39 +02:00
|
|
|
|
2022-06-14 10:32:54 +02:00
|
|
|
func toGroupResponse(account *server.Account, group *server.Group) *api.Group {
|
|
|
|
cache := make(map[string]api.PeerMinimum)
|
|
|
|
gr := api.Group{
|
|
|
|
Id: group.ID,
|
|
|
|
Name: group.Name,
|
|
|
|
PeersCount: len(group.Peers),
|
2022-05-21 15:21:39 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
for _, pid := range group.Peers {
|
2022-06-14 10:32:54 +02:00
|
|
|
_, ok := cache[pid]
|
2022-05-21 15:21:39 +02:00
|
|
|
if !ok {
|
|
|
|
peer, ok := account.Peers[pid]
|
|
|
|
if !ok {
|
|
|
|
continue
|
|
|
|
}
|
2022-06-14 10:32:54 +02:00
|
|
|
peerResp := api.PeerMinimum{
|
|
|
|
Id: peer.IP.String(),
|
2022-05-21 15:21:39 +02:00
|
|
|
Name: peer.Name,
|
|
|
|
}
|
|
|
|
cache[pid] = peerResp
|
2022-06-14 10:32:54 +02:00
|
|
|
gr.Peers = append(gr.Peers, peerResp)
|
2022-05-21 15:21:39 +02:00
|
|
|
}
|
|
|
|
}
|
|
|
|
return &gr
|
|
|
|
}
|