Refactor route, setupkey, nameserver and dns to get record(s) from store

Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com>
2024-12-14 19:00:50 +01:00 · 2024-09-25 12:52:42 +03:00 · 2024-09-25 12:52:42 +03:00 · 16174f0478
commit 16174f0478
parent d14b855670
5 changed files with 42 additions and 115 deletions
--- a/management/server/account.go
+++ b/management/server/account.go
@ -270,6 +270,11 @@ type AccountNetwork struct {
 	Network *Network `gorm:"embedded;embeddedPrefix:network_"`
 }
 // AccountDNSSettings used in gorm to only load dns settings and not whole account
 type AccountDNSSettings struct {
 	DNSSettings DNSSettings `gorm:"embedded;embeddedPrefix:dns_settings_"`
 }
 type UserPermissions struct {
 	DashboardView string `json:"dashboard_view"`
 }
--- a/management/server/dns.go
+++ b/management/server/dns.go
@ -80,24 +80,16 @@ func (d DNSSettings) Copy() DNSSettings {
 // GetDNSSettings validates a user role and returns the DNS settings for the provided account ID
 func (am *DefaultAccountManager) GetDNSSettings(ctx context.Context, accountID string, userID string) (*DNSSettings, error) {
-	unlock := am.Store.AcquireWriteLockByUID(ctx, accountID)
+	user, err := am.Store.GetUserByUserID(ctx, LockingStrengthShare, userID)
 	defer unlock()
 	account, err := am.Store.GetAccount(ctx, accountID)
 	if err != nil {
 		return nil, err
 	}
-	user, err := account.FindUser(userID)
+	if !user.IsAdminOrServiceUser() || user.AccountID != accountID {
 	if err != nil {
 		return nil, err
 	}
 	if !(user.HasAdminPower() || user.IsServiceUser) {
 		return nil, status.Errorf(status.PermissionDenied, "only users with admin power are allowed to view DNS settings")
 	}
-	dnsSettings := account.DNSSettings.Copy()
+
-	return &dnsSettings, nil
+	return am.Store.GetAccountDNSSettings(ctx, LockingStrengthShare, accountID)
 }
 // SaveDNSSettings validates a user role and updates the account's DNS settings
--- a/management/server/nameserver.go
+++ b/management/server/nameserver.go
@ -19,30 +19,16 @@ const domainPattern = `^(?i)[a-z0-9]+([\-\.]{1}[a-z0-9]+)*\.[a-z]{2,}$`
 // GetNameServerGroup gets a nameserver group object from account and nameserver group IDs
 func (am *DefaultAccountManager) GetNameServerGroup(ctx context.Context, accountID, userID, nsGroupID string) (*nbdns.NameServerGroup, error) {
-
+	user, err := am.Store.GetUserByUserID(ctx, LockingStrengthShare, userID)
 	unlock := am.Store.AcquireWriteLockByUID(ctx, accountID)
 	defer unlock()
 	account, err := am.Store.GetAccount(ctx, accountID)
 	if err != nil {
 		return nil, err
 	}
-	user, err := account.FindUser(userID)
+	if !user.IsAdminOrServiceUser() || user.AccountID != accountID {
 	if err != nil {
 		return nil, err
 	}
 	if !(user.HasAdminPower() || user.IsServiceUser) {
 		return nil, status.Errorf(status.PermissionDenied, "only users with admin power can view name server groups")
 	}
-	nsGroup, found := account.NameServerGroups[nsGroupID]
+	return am.Store.GetNameServerGroupByID(ctx, LockingStrengthShare, nsGroupID, accountID)
 	if found {
 		return nsGroup.Copy(), nil
 	}
 	return nil, status.Errorf(status.NotFound, "nameserver group with ID %s not found", nsGroupID)
 }
 // CreateNameServerGroup creates and saves a new nameserver group
@ -159,30 +145,16 @@ func (am *DefaultAccountManager) DeleteNameServerGroup(ctx context.Context, acco
 // ListNameServerGroups returns a list of nameserver groups from account
 func (am *DefaultAccountManager) ListNameServerGroups(ctx context.Context, accountID string, userID string) ([]*nbdns.NameServerGroup, error) {
-
+	user, err := am.Store.GetUserByUserID(ctx, LockingStrengthShare, userID)
 	unlock := am.Store.AcquireWriteLockByUID(ctx, accountID)
 	defer unlock()
 	account, err := am.Store.GetAccount(ctx, accountID)
 	if err != nil {
 		return nil, err
 	}
-	user, err := account.FindUser(userID)
+	if !user.IsAdminOrServiceUser() || user.AccountID != accountID {
 	if err != nil {
 		return nil, err
 	}
 	if !(user.HasAdminPower() || user.IsServiceUser) {
 		return nil, status.Errorf(status.PermissionDenied, "only users with admin power can view name server groups")
 	}
-	nsGroups := make([]*nbdns.NameServerGroup, 0, len(account.NameServerGroups))
+	return am.Store.GetAccountNameServerGroups(ctx, accountID)
 	for _, item := range account.NameServerGroups {
 		nsGroups = append(nsGroups, item.Copy())
 	}
 	return nsGroups, nil
 }
 func validateNameServerGroup(existingGroup bool, nameserverGroup *nbdns.NameServerGroup, account *Account) error {
--- a/management/server/route.go
+++ b/management/server/route.go
@ -17,29 +17,16 @@ import (
 // GetRoute gets a route object from account and route IDs
 func (am *DefaultAccountManager) GetRoute(ctx context.Context, accountID string, routeID route.ID, userID string) (*route.Route, error) {
-	unlock := am.Store.AcquireWriteLockByUID(ctx, accountID)
+	user, err := am.Store.GetUserByUserID(ctx, LockingStrengthShare, userID)
 	defer unlock()
 	account, err := am.Store.GetAccount(ctx, accountID)
 	if err != nil {
 		return nil, err
 	}
-	user, err := account.FindUser(userID)
+	if !user.IsAdminOrServiceUser() || user.AccountID != accountID {
 	if err != nil {
 		return nil, err
 	}
 	if !(user.HasAdminPower() || user.IsServiceUser) {
 		return nil, status.Errorf(status.PermissionDenied, "only users with admin power can view Network Routes")
 	}
-	wantedRoute, found := account.Routes[routeID]
+	return am.Store.GetRouteByID(ctx, LockingStrengthShare, string(routeID), accountID)
 	if found {
 		return wantedRoute, nil
 	}
 	return nil, status.Errorf(status.NotFound, "route with ID %s not found", routeID)
 }
 // checkRoutePrefixOrDomainsExistForPeers checks if a route with a given prefix exists for a single peer or multiple peer groups.
@ -325,29 +312,16 @@ func (am *DefaultAccountManager) DeleteRoute(ctx context.Context, accountID stri
 // ListRoutes returns a list of routes from account
 func (am *DefaultAccountManager) ListRoutes(ctx context.Context, accountID, userID string) ([]*route.Route, error) {
-	unlock := am.Store.AcquireWriteLockByUID(ctx, accountID)
+	user, err := am.Store.GetUserByUserID(ctx, LockingStrengthShare, userID)
 	defer unlock()
 	account, err := am.Store.GetAccount(ctx, accountID)
 	if err != nil {
 		return nil, err
 	}
-	user, err := account.FindUser(userID)
+	if !user.IsAdminOrServiceUser() || user.AccountID != accountID {
 	if err != nil {
 		return nil, err
 	}
 	if !(user.HasAdminPower() || user.IsServiceUser) {
 		return nil, status.Errorf(status.PermissionDenied, "only users with admin power can view Network Routes")
 	}
-	routes := make([]*route.Route, 0, len(account.Routes))
+	return am.Store.GetAccountRoutes(ctx, accountID)
 	for _, item := range account.Routes {
 		routes = append(routes, item)
 	}
 	return routes, nil
 }
 func toProtocolRoute(route *route.Route) *proto.Route {
--- a/management/server/setupkey.go
+++ b/management/server/setupkey.go
@ -330,26 +330,24 @@ func (am *DefaultAccountManager) SaveSetupKey(ctx context.Context, accountID str
 // ListSetupKeys returns a list of all setup keys of the account
 func (am *DefaultAccountManager) ListSetupKeys(ctx context.Context, accountID, userID string) ([]*SetupKey, error) {
-	unlock := am.Store.AcquireWriteLockByUID(ctx, accountID)
+	user, err := am.Store.GetUserByUserID(ctx, LockingStrengthShare, userID)
 	defer unlock()
 	account, err := am.Store.GetAccount(ctx, accountID)
 	if err != nil {
 		return nil, err
 	}
-	user, err := account.FindUser(userID)
+	if !user.IsAdminOrServiceUser() || user.AccountID != accountID {
 		return nil, status.Errorf(status.Unauthorized, "only users with admin power can view setup keys")
 	}
 	setupKeys, err := am.Store.GetAccountSetupKeys(ctx, accountID)
 	if err != nil {
 		return nil, err
 	}
-	if !user.HasAdminPower() && !user.IsServiceUser {
+	keys := make([]*SetupKey, 0, len(setupKeys))
-		return nil, status.Errorf(status.Unauthorized, "only users with admin power can view policies")
+	for _, key := range setupKeys {
 	}
 	keys := make([]*SetupKey, 0, len(account.SetupKeys))
 	for _, key := range account.SetupKeys {
 		var k *SetupKey
-		if !(user.HasAdminPower() || user.IsServiceUser) {
+		if !user.IsAdminOrServiceUser() {
 			k = key.HiddenCopy(999)
 		} else {
 			k = key.Copy()
@ -362,44 +360,30 @@ func (am *DefaultAccountManager) ListSetupKeys(ctx context.Context, accountID, u
 // GetSetupKey looks up a SetupKey by KeyID, returns NotFound error if not found.
 func (am *DefaultAccountManager) GetSetupKey(ctx context.Context, accountID, userID, keyID string) (*SetupKey, error) {
-	unlock := am.Store.AcquireWriteLockByUID(ctx, accountID)
+	user, err := am.Store.GetUserByUserID(ctx, LockingStrengthShare, userID)
 	defer unlock()
 	account, err := am.Store.GetAccount(ctx, accountID)
 	if err != nil {
 		return nil, err
 	}
-	user, err := account.FindUser(userID)
+	if !user.IsAdminOrServiceUser() || user.AccountID != accountID {
 		return nil, status.Errorf(status.Unauthorized, "only users with admin power can view setup keys")
 	}
 	setupKey, err := am.Store.GetSetupKeyByID(ctx, LockingStrengthShare, keyID, accountID)
 	if err != nil {
 		return nil, err
 	}
 	if !user.HasAdminPower() && !user.IsServiceUser {
 		return nil, status.Errorf(status.Unauthorized, "only users with admin power can view policies")
 	}
 	var foundKey *SetupKey
 	for _, key := range account.SetupKeys {
 		if key.Id == keyID {
 			foundKey = key.Copy()
 			break
 		}
 	}
 	if foundKey == nil {
 		return nil, status.Errorf(status.NotFound, "setup key not found")
 	}
 	// the UpdatedAt field was introduced later, so there might be that some keys have a Zero value (e.g, null in the store file)
-	if foundKey.UpdatedAt.IsZero() {
+	if setupKey.UpdatedAt.IsZero() {
-		foundKey.UpdatedAt = foundKey.CreatedAt
+		setupKey.UpdatedAt = setupKey.CreatedAt
 	}
-	if !(user.HasAdminPower() || user.IsServiceUser) {
+	if !user.IsAdminOrServiceUser() {
-		foundKey = foundKey.HiddenCopy(999)
+		setupKey = setupKey.HiddenCopy(999)
 	}
-	return foundKey, nil
+	return setupKey, nil
 }
 func validateSetupKeyAutoGroups(account *Account, autoGroups []string) error {