Add GET peer HTTP API endpoint (#670)

2025-08-09 23:27:58 +02:00 · 2023-02-07 20:11:08 +01:00
parent 64dbd5fbfc
commit 00a8092482
6 changed files with 244 additions and 20 deletions
--- a/management/server/peer_test.go
+++ b/management/server/peer_test.go
@ -1,6 +1,7 @@
 package server

 import (
+	"github.com/stretchr/testify/assert"
 	"testing"

 	"github.com/rs/xid"
@ -268,12 +269,7 @@ func TestAccountManager_GetPeerNetwork(t *testing.T) {
 		t.Fatal(err)
 	}

-	var setupKey *SetupKey
-	for _, key := range account.SetupKeys {
-		if key.Type == SetupKeyReusable {
-			setupKey = key
-		}
-	}
+	setupKey := getSetupKey(account, SetupKeyReusable)

 	peerKey1, err := wgtypes.GeneratePrivateKey()
 	if err != nil {
@ -319,3 +315,119 @@ func TestAccountManager_GetPeerNetwork(t *testing.T) {
 	}

 }
+
+func TestDefaultAccountManager_GetPeer(t *testing.T) {
+	manager, err := createManager(t)
+	if err != nil {
+		t.Fatal(err)
+		return
+	}
+
+	// account with an admin and a regular user
+	accountID := "test_account"
+	adminUser := "account_creator"
+	someUser := "some_user"
+	account := newAccountWithId(accountID, adminUser, "")
+	account.Users[someUser] = &User{
+		Id:   someUser,
+		Role: UserRoleUser,
+	}
+	err = manager.Store.SaveAccount(account)
+	if err != nil {
+		t.Fatal(err)
+		return
+	}
+
+	// two peers one added by a regular user and one with a setup key
+	setupKey := getSetupKey(account, SetupKeyReusable)
+	peerKey1, err := wgtypes.GeneratePrivateKey()
+	if err != nil {
+		t.Fatal(err)
+		return
+	}
+
+	peer1, err := manager.AddPeer("", someUser, &Peer{
+		Key:  peerKey1.PublicKey().String(),
+		Meta: PeerSystemMeta{},
+		Name: "test-peer-2",
+	})
+
+	if err != nil {
+		t.Errorf("expecting peer to be added, got failure %v", err)
+		return
+	}
+
+	peerKey2, err := wgtypes.GeneratePrivateKey()
+	if err != nil {
+		t.Fatal(err)
+		return
+	}
+
+	// the second peer added with a setup key
+	peer2, err := manager.AddPeer(setupKey.Key, "", &Peer{
+		Key:  peerKey2.PublicKey().String(),
+		Meta: PeerSystemMeta{},
+		Name: "test-peer-2",
+	})
+
+	if err != nil {
+		t.Fatal(err)
+		return
+	}
+
+	// the user can see its own peer
+	peer, err := manager.GetPeer(accountID, peer1.ID, someUser)
+	if err != nil {
+		t.Fatal(err)
+		return
+	}
+	assert.NotNil(t, peer)
+
+	// the user can see peer2 because peer1 of the user has access to peer2 due to the All group and the default rule 0 all-to-all access
+	peer, err = manager.GetPeer(accountID, peer2.ID, someUser)
+	if err != nil {
+		t.Fatal(err)
+		return
+	}
+	assert.NotNil(t, peer)
+
+	// delete the all-to-all rule so that user's peer1 has no access to peer2
+	for _, rule := range account.Rules {
+		err = manager.DeleteRule(accountID, rule.ID, adminUser)
+		if err != nil {
+			t.Fatal(err)
+			return
+		}
+	}
+
+	// at this point the user can't see the details of peer2
+	peer, err = manager.GetPeer(accountID, peer2.ID, someUser) //nolint
+	assert.Error(t, err)
+
+	// admin users can always access all the peers
+	peer, err = manager.GetPeer(accountID, peer1.ID, adminUser)
+	if err != nil {
+		t.Fatal(err)
+		return
+	}
+	assert.NotNil(t, peer)
+
+	peer, err = manager.GetPeer(accountID, peer2.ID, adminUser)
+	if err != nil {
+		t.Fatal(err)
+		return
+	}
+	assert.NotNil(t, peer)
+
+}
+
+func getSetupKey(account *Account, keyType SetupKeyType) *SetupKey {
+
+	var setupKey *SetupKey
+	for _, key := range account.SetupKeys {
+		if key.Type == keyType {
+			setupKey = key
+		}
+	}
+	return setupKey
+}