2022-07-29 20:37:09 +02:00
|
|
|
package http
|
2021-08-12 12:49:10 +02:00
|
|
|
|
|
|
|
import (
|
|
|
|
"encoding/json"
|
2022-09-11 23:16:40 +02:00
|
|
|
"fmt"
|
2021-08-20 22:33:43 +02:00
|
|
|
"github.com/gorilla/mux"
|
2022-03-26 12:08:54 +01:00
|
|
|
"github.com/netbirdio/netbird/management/server"
|
2022-06-14 10:32:54 +02:00
|
|
|
"github.com/netbirdio/netbird/management/server/http/api"
|
|
|
|
"github.com/netbirdio/netbird/management/server/jwtclaims"
|
2021-08-12 12:49:10 +02:00
|
|
|
log "github.com/sirupsen/logrus"
|
2021-08-20 22:33:43 +02:00
|
|
|
"google.golang.org/grpc/codes"
|
|
|
|
"google.golang.org/grpc/status"
|
2022-06-14 10:32:54 +02:00
|
|
|
"net/http"
|
|
|
|
"time"
|
2021-08-12 12:49:10 +02:00
|
|
|
)
|
|
|
|
|
|
|
|
// SetupKeys is a handler that returns a list of setup keys of the account
|
|
|
|
type SetupKeys struct {
|
2022-02-22 11:28:19 +01:00
|
|
|
accountManager server.AccountManager
|
2022-06-14 10:32:54 +02:00
|
|
|
jwtExtractor jwtclaims.ClaimsExtractor
|
2022-01-24 11:21:30 +01:00
|
|
|
authAudience string
|
2021-08-12 12:49:10 +02:00
|
|
|
}
|
|
|
|
|
2022-02-22 11:28:19 +01:00
|
|
|
func NewSetupKeysHandler(accountManager server.AccountManager, authAudience string) *SetupKeys {
|
2021-08-12 12:49:10 +02:00
|
|
|
return &SetupKeys{
|
|
|
|
accountManager: accountManager,
|
2022-01-24 11:21:30 +01:00
|
|
|
authAudience: authAudience,
|
2022-06-14 10:32:54 +02:00
|
|
|
jwtExtractor: *jwtclaims.NewClaimsExtractor(nil),
|
2021-08-12 12:49:10 +02:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2022-09-11 23:16:40 +02:00
|
|
|
// CreateSetupKeyHandler is a POST requests that creates a new SetupKey
|
|
|
|
func (h *SetupKeys) CreateSetupKeyHandler(w http.ResponseWriter, r *http.Request) {
|
|
|
|
account, err := getJWTAccount(h.accountManager, h.jwtExtractor, h.authAudience, r)
|
2021-08-23 21:43:05 +02:00
|
|
|
if err != nil {
|
2022-09-11 23:16:40 +02:00
|
|
|
log.Error(err)
|
|
|
|
http.Redirect(w, r, "/", http.StatusInternalServerError)
|
2021-08-23 21:43:05 +02:00
|
|
|
return
|
|
|
|
}
|
|
|
|
|
2022-06-14 10:32:54 +02:00
|
|
|
req := &api.PostApiSetupKeysJSONRequestBody{}
|
2022-09-11 23:16:40 +02:00
|
|
|
err = json.NewDecoder(r.Body).Decode(&req)
|
2021-08-20 22:33:43 +02:00
|
|
|
if err != nil {
|
|
|
|
http.Error(w, err.Error(), http.StatusBadRequest)
|
|
|
|
return
|
|
|
|
}
|
|
|
|
|
2022-06-14 10:32:54 +02:00
|
|
|
if req.Name == "" {
|
|
|
|
http.Error(w, "Setup key name shouldn't be empty", http.StatusUnprocessableEntity)
|
|
|
|
return
|
|
|
|
}
|
|
|
|
|
|
|
|
if !(server.SetupKeyType(req.Type) == server.SetupKeyReusable ||
|
|
|
|
server.SetupKeyType(req.Type) == server.SetupKeyOneOff) {
|
|
|
|
|
2021-08-22 11:29:25 +02:00
|
|
|
http.Error(w, "unknown setup key type "+string(req.Type), http.StatusBadRequest)
|
|
|
|
return
|
|
|
|
}
|
|
|
|
|
2022-06-14 10:32:54 +02:00
|
|
|
expiresIn := time.Duration(req.ExpiresIn) * time.Second
|
|
|
|
|
2022-09-11 23:16:40 +02:00
|
|
|
if req.AutoGroups == nil {
|
|
|
|
req.AutoGroups = []string{}
|
|
|
|
}
|
|
|
|
// newExpiresIn := time.Duration(req.ExpiresIn) * time.Second
|
|
|
|
// newKey.ExpiresAt = time.Now().Add(newExpiresIn)
|
|
|
|
setupKey, err := h.accountManager.CreateSetupKey(account.Id, req.Name, server.SetupKeyType(req.Type), expiresIn,
|
|
|
|
req.AutoGroups)
|
2021-08-20 22:33:43 +02:00
|
|
|
if err != nil {
|
|
|
|
errStatus, ok := status.FromError(err)
|
|
|
|
if ok && errStatus.Code() == codes.NotFound {
|
|
|
|
http.Error(w, "account not found", http.StatusNotFound)
|
|
|
|
return
|
|
|
|
}
|
|
|
|
http.Error(w, "failed adding setup key", http.StatusInternalServerError)
|
|
|
|
return
|
|
|
|
}
|
|
|
|
|
|
|
|
writeSuccess(w, setupKey)
|
|
|
|
}
|
|
|
|
|
2022-09-11 23:16:40 +02:00
|
|
|
// GetSetupKeyHandler is a GET request to get a SetupKey by ID
|
|
|
|
func (h *SetupKeys) GetSetupKeyHandler(w http.ResponseWriter, r *http.Request) {
|
2022-06-14 10:32:54 +02:00
|
|
|
account, err := getJWTAccount(h.accountManager, h.jwtExtractor, h.authAudience, r)
|
2021-12-27 13:17:15 +01:00
|
|
|
if err != nil {
|
2022-02-11 17:18:18 +01:00
|
|
|
log.Error(err)
|
2021-12-27 13:17:15 +01:00
|
|
|
http.Redirect(w, r, "/", http.StatusInternalServerError)
|
|
|
|
return
|
|
|
|
}
|
|
|
|
|
2021-08-20 22:33:43 +02:00
|
|
|
vars := mux.Vars(r)
|
2022-09-11 23:16:40 +02:00
|
|
|
keyID := vars["id"]
|
|
|
|
if len(keyID) == 0 {
|
2021-08-20 22:33:43 +02:00
|
|
|
http.Error(w, "invalid key Id", http.StatusBadRequest)
|
|
|
|
return
|
|
|
|
}
|
|
|
|
|
2022-09-11 23:16:40 +02:00
|
|
|
key, err := h.accountManager.GetSetupKey(account.Id, keyID)
|
|
|
|
if err != nil {
|
|
|
|
errStatus, ok := status.FromError(err)
|
|
|
|
if ok && errStatus.Code() == codes.NotFound {
|
|
|
|
http.Error(w, fmt.Sprintf("setup key %s not found under account %s", keyID, account.Id), http.StatusNotFound)
|
|
|
|
return
|
|
|
|
}
|
|
|
|
log.Errorf("failed getting setup key %s under account %s %v", keyID, account.Id, err)
|
|
|
|
http.Redirect(w, r, "/", http.StatusInternalServerError)
|
2021-08-20 22:33:43 +02:00
|
|
|
return
|
|
|
|
}
|
|
|
|
|
2022-09-11 23:16:40 +02:00
|
|
|
writeSuccess(w, key)
|
|
|
|
}
|
2021-08-23 21:43:05 +02:00
|
|
|
|
2022-09-11 23:16:40 +02:00
|
|
|
// UpdateSetupKeyHandler is a PUT request to update server.SetupKey
|
|
|
|
func (h *SetupKeys) UpdateSetupKeyHandler(w http.ResponseWriter, r *http.Request) {
|
2022-06-14 10:32:54 +02:00
|
|
|
account, err := getJWTAccount(h.accountManager, h.jwtExtractor, h.authAudience, r)
|
2021-12-27 13:17:15 +01:00
|
|
|
if err != nil {
|
2022-02-11 17:18:18 +01:00
|
|
|
log.Error(err)
|
2021-12-27 13:17:15 +01:00
|
|
|
http.Redirect(w, r, "/", http.StatusInternalServerError)
|
|
|
|
return
|
|
|
|
}
|
2021-08-23 21:43:05 +02:00
|
|
|
|
2022-09-11 23:16:40 +02:00
|
|
|
vars := mux.Vars(r)
|
|
|
|
keyID := vars["id"]
|
|
|
|
if len(keyID) == 0 {
|
|
|
|
http.Error(w, "invalid key Id", http.StatusBadRequest)
|
|
|
|
return
|
|
|
|
}
|
|
|
|
|
|
|
|
req := &api.PutApiSetupKeysIdJSONRequestBody{}
|
|
|
|
err = json.NewDecoder(r.Body).Decode(&req)
|
|
|
|
if err != nil {
|
|
|
|
http.Error(w, err.Error(), http.StatusBadRequest)
|
2021-08-23 21:43:05 +02:00
|
|
|
return
|
2022-09-11 23:16:40 +02:00
|
|
|
}
|
2021-08-12 12:49:10 +02:00
|
|
|
|
2022-09-11 23:16:40 +02:00
|
|
|
if req.Name == "" {
|
|
|
|
http.Error(w, fmt.Sprintf("setup key name field is invalid: %s", req.Name), http.StatusBadRequest)
|
|
|
|
return
|
|
|
|
}
|
2021-08-12 12:49:10 +02:00
|
|
|
|
2022-09-11 23:16:40 +02:00
|
|
|
if req.AutoGroups == nil {
|
|
|
|
http.Error(w, fmt.Sprintf("setup key AutoGroups field is invalid: %s", req.AutoGroups), http.StatusBadRequest)
|
|
|
|
return
|
|
|
|
}
|
|
|
|
|
|
|
|
newKey := &server.SetupKey{}
|
|
|
|
newKey.AutoGroups = req.AutoGroups
|
|
|
|
newKey.Revoked = req.Revoked
|
|
|
|
newKey.Name = req.Name
|
|
|
|
newKey.Id = keyID
|
|
|
|
|
|
|
|
newKey, err = h.accountManager.SaveSetupKey(account.Id, newKey)
|
|
|
|
|
|
|
|
if err != nil {
|
|
|
|
if e, ok := status.FromError(err); ok {
|
|
|
|
switch e.Code() {
|
|
|
|
case codes.NotFound:
|
|
|
|
http.Error(w, fmt.Sprintf("couldn't find setup key for ID %s", keyID), http.StatusNotFound)
|
|
|
|
default:
|
|
|
|
http.Error(w, "failed updating setup key", http.StatusInternalServerError)
|
|
|
|
}
|
2021-08-12 12:49:10 +02:00
|
|
|
}
|
2022-09-11 23:16:40 +02:00
|
|
|
return
|
2021-08-12 12:49:10 +02:00
|
|
|
}
|
2022-09-11 23:16:40 +02:00
|
|
|
writeSuccess(w, newKey)
|
|
|
|
}
|
|
|
|
|
|
|
|
// GetAllSetupKeysHandler is a GET request that returns a list of SetupKey
|
|
|
|
func (h *SetupKeys) GetAllSetupKeysHandler(w http.ResponseWriter, r *http.Request) {
|
|
|
|
|
|
|
|
account, err := getJWTAccount(h.accountManager, h.jwtExtractor, h.authAudience, r)
|
|
|
|
if err != nil {
|
|
|
|
log.Error(err)
|
|
|
|
http.Redirect(w, r, "/", http.StatusInternalServerError)
|
|
|
|
return
|
|
|
|
}
|
|
|
|
|
|
|
|
setupKeys, err := h.accountManager.ListSetupKeys(account.Id)
|
|
|
|
if err != nil {
|
|
|
|
log.Error(err)
|
|
|
|
http.Redirect(w, r, "/", http.StatusInternalServerError)
|
|
|
|
return
|
|
|
|
}
|
|
|
|
apiSetupKeys := make([]*api.SetupKey, 0)
|
|
|
|
for _, key := range setupKeys {
|
|
|
|
apiSetupKeys = append(apiSetupKeys, toResponseBody(key))
|
|
|
|
}
|
|
|
|
|
|
|
|
writeJSONObject(w, apiSetupKeys)
|
2021-08-12 12:49:10 +02:00
|
|
|
}
|
2021-08-20 22:33:43 +02:00
|
|
|
|
|
|
|
func writeSuccess(w http.ResponseWriter, key *server.SetupKey) {
|
|
|
|
w.WriteHeader(200)
|
|
|
|
w.Header().Set("Content-Type", "application/json")
|
|
|
|
err := json.NewEncoder(w).Encode(toResponseBody(key))
|
|
|
|
if err != nil {
|
|
|
|
http.Error(w, "failed handling request", http.StatusInternalServerError)
|
|
|
|
return
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2022-06-14 10:32:54 +02:00
|
|
|
func toResponseBody(key *server.SetupKey) *api.SetupKey {
|
2021-08-25 14:16:17 +02:00
|
|
|
var state string
|
|
|
|
if key.IsExpired() {
|
|
|
|
state = "expired"
|
|
|
|
} else if key.IsRevoked() {
|
|
|
|
state = "revoked"
|
|
|
|
} else if key.IsOverUsed() {
|
|
|
|
state = "overused"
|
|
|
|
} else {
|
|
|
|
state = "valid"
|
|
|
|
}
|
2022-09-11 23:16:40 +02:00
|
|
|
|
2022-06-14 10:32:54 +02:00
|
|
|
return &api.SetupKey{
|
2022-09-11 23:16:40 +02:00
|
|
|
Id: key.Id,
|
|
|
|
Key: key.Key,
|
|
|
|
Name: key.Name,
|
|
|
|
Expires: key.ExpiresAt,
|
|
|
|
Type: string(key.Type),
|
|
|
|
Valid: key.IsValid(),
|
|
|
|
Revoked: key.Revoked,
|
|
|
|
UsedTimes: key.UsedTimes,
|
|
|
|
LastUsed: key.LastUsed,
|
|
|
|
State: state,
|
|
|
|
AutoGroups: key.AutoGroups,
|
|
|
|
UpdatedAt: key.UpdatedAt,
|
2021-08-20 22:33:43 +02:00
|
|
|
}
|
|
|
|
}
|