2022-07-29 20:37:09 +02:00
|
|
|
package http
|
2022-05-05 08:58:34 +02:00
|
|
|
|
|
|
|
import (
|
2022-09-22 09:06:32 +02:00
|
|
|
"encoding/json"
|
|
|
|
"fmt"
|
|
|
|
"github.com/gorilla/mux"
|
2022-06-14 10:32:54 +02:00
|
|
|
"github.com/netbirdio/netbird/management/server/http/api"
|
2022-10-13 18:26:31 +02:00
|
|
|
log "github.com/sirupsen/logrus"
|
2022-09-22 09:06:32 +02:00
|
|
|
"google.golang.org/grpc/codes"
|
|
|
|
"google.golang.org/grpc/status"
|
2022-05-05 08:58:34 +02:00
|
|
|
"net/http"
|
|
|
|
|
|
|
|
"github.com/netbirdio/netbird/management/server"
|
|
|
|
"github.com/netbirdio/netbird/management/server/jwtclaims"
|
|
|
|
)
|
|
|
|
|
|
|
|
type UserHandler struct {
|
|
|
|
accountManager server.AccountManager
|
|
|
|
authAudience string
|
|
|
|
jwtExtractor jwtclaims.ClaimsExtractor
|
|
|
|
}
|
|
|
|
|
|
|
|
func NewUserHandler(accountManager server.AccountManager, authAudience string) *UserHandler {
|
|
|
|
return &UserHandler{
|
|
|
|
accountManager: accountManager,
|
|
|
|
authAudience: authAudience,
|
|
|
|
jwtExtractor: *jwtclaims.NewClaimsExtractor(nil),
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2022-09-22 09:06:32 +02:00
|
|
|
// UpdateUser is a PUT requests to update User data
|
|
|
|
func (h *UserHandler) UpdateUser(w http.ResponseWriter, r *http.Request) {
|
|
|
|
if r.Method != http.MethodPut {
|
|
|
|
http.Error(w, "", http.StatusBadRequest)
|
|
|
|
}
|
|
|
|
|
2022-11-05 10:24:50 +01:00
|
|
|
account, _, err := getJWTAccount(h.accountManager, h.jwtExtractor, h.authAudience, r)
|
2022-09-22 09:06:32 +02:00
|
|
|
if err != nil {
|
|
|
|
log.Error(err)
|
|
|
|
http.Redirect(w, r, "/", http.StatusInternalServerError)
|
|
|
|
return
|
|
|
|
}
|
|
|
|
|
|
|
|
vars := mux.Vars(r)
|
|
|
|
userID := vars["id"]
|
|
|
|
if len(userID) == 0 {
|
2022-09-23 14:18:42 +02:00
|
|
|
http.Error(w, "invalid user ID", http.StatusBadRequest)
|
2022-09-22 09:06:32 +02:00
|
|
|
return
|
|
|
|
}
|
|
|
|
|
|
|
|
req := &api.PutApiUsersIdJSONRequestBody{}
|
|
|
|
err = json.NewDecoder(r.Body).Decode(&req)
|
|
|
|
if err != nil {
|
|
|
|
http.Error(w, err.Error(), http.StatusBadRequest)
|
|
|
|
return
|
|
|
|
}
|
|
|
|
|
2022-09-23 14:18:42 +02:00
|
|
|
userRole := server.StrRoleToUserRole(req.Role)
|
|
|
|
if userRole == server.UserRoleUnknown {
|
|
|
|
http.Error(w, "invalid user role", http.StatusBadRequest)
|
|
|
|
return
|
|
|
|
}
|
|
|
|
|
2022-09-22 09:06:32 +02:00
|
|
|
newUser, err := h.accountManager.SaveUser(account.Id, &server.User{
|
|
|
|
Id: userID,
|
2022-09-23 14:18:42 +02:00
|
|
|
Role: userRole,
|
2022-09-22 09:06:32 +02:00
|
|
|
AutoGroups: req.AutoGroups,
|
|
|
|
})
|
|
|
|
if err != nil {
|
|
|
|
if e, ok := status.FromError(err); ok {
|
|
|
|
switch e.Code() {
|
|
|
|
case codes.NotFound:
|
|
|
|
http.Error(w, fmt.Sprintf("couldn't find a user for ID %s", userID), http.StatusNotFound)
|
|
|
|
default:
|
|
|
|
http.Error(w, "failed to update user", http.StatusInternalServerError)
|
|
|
|
}
|
|
|
|
}
|
|
|
|
return
|
|
|
|
}
|
|
|
|
writeJSONObject(w, toUserResponse(newUser))
|
|
|
|
|
|
|
|
}
|
|
|
|
|
2022-10-13 18:26:31 +02:00
|
|
|
// CreateUserHandler creates a User in the system with a status "invited" (effectively this is a user invite).
|
|
|
|
func (h *UserHandler) CreateUserHandler(w http.ResponseWriter, r *http.Request) {
|
|
|
|
if r.Method != http.MethodPost {
|
|
|
|
http.Error(w, "", http.StatusNotFound)
|
|
|
|
}
|
|
|
|
|
2022-11-05 10:24:50 +01:00
|
|
|
account, _, err := getJWTAccount(h.accountManager, h.jwtExtractor, h.authAudience, r)
|
2022-10-13 18:26:31 +02:00
|
|
|
if err != nil {
|
|
|
|
log.Error(err)
|
|
|
|
}
|
|
|
|
|
|
|
|
req := &api.PostApiUsersJSONRequestBody{}
|
|
|
|
err = json.NewDecoder(r.Body).Decode(&req)
|
|
|
|
if err != nil {
|
|
|
|
http.Error(w, err.Error(), http.StatusBadRequest)
|
|
|
|
return
|
|
|
|
}
|
|
|
|
|
|
|
|
if server.StrRoleToUserRole(req.Role) == server.UserRoleUnknown {
|
|
|
|
http.Error(w, "unknown user role "+req.Role, http.StatusBadRequest)
|
|
|
|
return
|
|
|
|
}
|
|
|
|
|
|
|
|
newUser, err := h.accountManager.CreateUser(account.Id, &server.UserInfo{
|
|
|
|
Email: req.Email,
|
|
|
|
Name: *req.Name,
|
|
|
|
Role: req.Role,
|
|
|
|
AutoGroups: req.AutoGroups,
|
|
|
|
})
|
|
|
|
if err != nil {
|
|
|
|
if e, ok := server.FromError(err); ok {
|
|
|
|
switch e.Type() {
|
|
|
|
case server.UserAlreadyExists:
|
|
|
|
http.Error(w, "You can't invite users with an existing NetBird account.", http.StatusPreconditionFailed)
|
|
|
|
return
|
|
|
|
default:
|
|
|
|
}
|
|
|
|
}
|
|
|
|
http.Error(w, "failed to invite", http.StatusInternalServerError)
|
|
|
|
return
|
|
|
|
}
|
|
|
|
writeJSONObject(w, toUserResponse(newUser))
|
|
|
|
}
|
|
|
|
|
2022-05-05 08:58:34 +02:00
|
|
|
// GetUsers returns a list of users of the account this user belongs to.
|
|
|
|
// It also gathers additional user data (like email and name) from the IDP manager.
|
2022-06-14 10:32:54 +02:00
|
|
|
func (h *UserHandler) GetUsers(w http.ResponseWriter, r *http.Request) {
|
2022-05-05 08:58:34 +02:00
|
|
|
if r.Method != http.MethodGet {
|
|
|
|
http.Error(w, "", http.StatusBadRequest)
|
|
|
|
}
|
|
|
|
|
2022-11-05 10:24:50 +01:00
|
|
|
account, user, err := getJWTAccount(h.accountManager, h.jwtExtractor, h.authAudience, r)
|
2022-05-05 08:58:34 +02:00
|
|
|
if err != nil {
|
2022-11-05 10:24:50 +01:00
|
|
|
http.Redirect(w, r, "/", http.StatusInternalServerError)
|
|
|
|
return
|
2022-05-05 08:58:34 +02:00
|
|
|
}
|
|
|
|
|
2022-11-05 10:24:50 +01:00
|
|
|
data, err := h.accountManager.GetUsersFromAccount(account.Id, user.Id)
|
2022-05-05 08:58:34 +02:00
|
|
|
if err != nil {
|
|
|
|
log.Error(err)
|
|
|
|
http.Redirect(w, r, "/", http.StatusInternalServerError)
|
|
|
|
return
|
|
|
|
}
|
|
|
|
|
2022-10-13 18:26:31 +02:00
|
|
|
users := make([]*api.User, 0)
|
2022-05-21 17:27:04 +02:00
|
|
|
for _, r := range data {
|
|
|
|
users = append(users, toUserResponse(r))
|
|
|
|
}
|
|
|
|
|
|
|
|
writeJSONObject(w, users)
|
|
|
|
}
|
|
|
|
|
2022-06-14 10:32:54 +02:00
|
|
|
func toUserResponse(user *server.UserInfo) *api.User {
|
2022-09-22 09:06:32 +02:00
|
|
|
|
|
|
|
autoGroups := user.AutoGroups
|
|
|
|
if autoGroups == nil {
|
|
|
|
autoGroups = []string{}
|
|
|
|
}
|
|
|
|
|
2022-10-13 18:26:31 +02:00
|
|
|
var userStatus api.UserStatus
|
|
|
|
switch user.Status {
|
|
|
|
case "active":
|
|
|
|
userStatus = api.UserStatusActive
|
|
|
|
case "invited":
|
|
|
|
userStatus = api.UserStatusInvited
|
|
|
|
default:
|
|
|
|
userStatus = api.UserStatusDisabled
|
|
|
|
}
|
|
|
|
|
2022-06-14 10:32:54 +02:00
|
|
|
return &api.User{
|
2022-09-22 09:06:32 +02:00
|
|
|
Id: user.ID,
|
|
|
|
Name: user.Name,
|
|
|
|
Email: user.Email,
|
|
|
|
Role: user.Role,
|
|
|
|
AutoGroups: autoGroups,
|
2022-10-13 18:26:31 +02:00
|
|
|
Status: userStatus,
|
2022-05-21 17:27:04 +02:00
|
|
|
}
|
2022-05-05 08:58:34 +02:00
|
|
|
}
|