Files
netbird/management/refactor/mesh/controller.go
2024-03-14 11:42:25 +01:00

158 lines
4.6 KiB
Go

package mesh
import (
"github.com/netbirdio/management-integrations/integrations"
nbdns "github.com/netbirdio/netbird/dns"
"github.com/netbirdio/netbird/management/refactor/peers"
"github.com/netbirdio/netbird/management/refactor/policies"
"github.com/netbirdio/netbird/management/refactor/settings"
"github.com/netbirdio/netbird/management/refactor/store"
"github.com/netbirdio/netbird/management/refactor/users"
"github.com/netbirdio/netbird/management/server/activity"
"github.com/netbirdio/netbird/management/server/status"
)
type Controller interface {
LoginPeer()
SyncPeer()
}
type DefaultController struct {
store store.Store
peersManager peers.Manager
userManager users.Manager
policiesManager policies.Manager
settingsManager settings.Manager
}
func NewDefaultController() *DefaultController {
storeStore, _ := store.NewDefaultStore(store.SqliteStoreEngine, "", nil)
settingsManager := settings.NewDefaultManager(storeStore)
peersManager := peers.NewDefaultManager(storeStore, settingsManager)
usersManager := users.NewDefaultManager(storeStore, peersManager)
policiesManager := policies.NewDefaultManager(storeStore, peersManager)
peersManager, settingsManager, usersManager, policiesManager, storeStore = integrations.InjectCloud(peersManager, policiesManager, settingsManager, usersManager, storeStore)
return &DefaultController{
store: storeStore,
peersManager: peersManager,
userManager: usersManager,
policiesManager: policiesManager,
settingsManager: settingsManager,
}
}
func (c *DefaultController) LoginPeer(login peers.PeerLogin) {
peer, err := c.peersManager.GetPeerByPubKey(login.WireGuardPubKey)
if err != nil {
return nil, nil, status.Errorf(status.Unauthenticated, "peer is not registered")
}
if peer.AddedWithSSOLogin() {
user, err := c.userManager.GetUser(peer.GetUserID())
if err != nil {
return nil, nil, err
}
if user.IsBlocked() {
return nil, nil, status.Errorf(status.PermissionDenied, "user is blocked")
}
}
account, err := pm.accountManager.GetAccount(peer.GetAccountID())
if err != nil {
return nil, nil, err
}
// this flag prevents unnecessary calls to the persistent store.
shouldStorePeer := false
updateRemotePeers := false
if peerLoginExpired(peer, account) {
err = checkAuth(login.UserID, peer)
if err != nil {
return nil, nil, err
}
// If peer was expired before and if it reached this point, it is re-authenticated.
// UserID is present, meaning that JWT validation passed successfully in the API layer.
peer.UpdateLastLogin()
updateRemotePeers = true
shouldStorePeer = true
pm.eventsManager.StoreEvent(login.UserID, peer.ID, account.Id, activity.UserLoggedInPeer, peer.EventMeta(pm.accountManager.GetDNSDomain()))
}
if peer.UpdateMetaIfNew(login.Meta) {
shouldStorePeer = true
}
if peer.CheckAndUpdatePeerSSHKey(login.SSHKey) {
shouldStorePeer = true
}
if shouldStorePeer {
err := pm.repository.updatePeer(peer)
if err != nil {
return nil, nil, err
}
}
if updateRemotePeers {
am.updateAccountPeers(account)
}
return peer, account.GetPeerNetworkMap(peer.ID, pm.accountManager.GetDNSDomain()), nil
}
func (c *DefaultController) SyncPeer() {
}
func (c *DefaultController) GetPeerNetworkMap(peerID, dnsDomain string) *NetworkMap {
peer, err := c.peersManager.GetNetworkPeerByID(peerID)
if err != nil {
return &NetworkMap{
Network: a.Network.Copy(),
}
}
aclPeers, firewallRules := c.policiesManager.GetAccessiblePeersAndFirewallRules(peerID)
// exclude expired peers
var peersToConnect []peers.Peer
var expiredPeers []peers.Peer
accSettings, _ := c.settingsManager.GetSettings(peer.GetAccountID())
for _, p := range aclPeers {
expired, _ := p.LoginExpired(accSettings.GetPeerLoginExpiration())
if accSettings.GetPeerLoginExpirationEnabled() && expired {
expiredPeers = append(expiredPeers, p)
continue
}
peersToConnect = append(peersToConnect, p)
}
routesUpdate := a.getRoutesToSync(peerID, peersToConnect)
dnsManagementStatus := a.getPeerDNSManagementStatus(peerID)
dnsUpdate := nbdns.Config{
ServiceEnable: dnsManagementStatus,
}
if dnsManagementStatus {
var zones []nbdns.CustomZone
peersCustomZone := getPeersCustomZone(a, dnsDomain)
if peersCustomZone.Domain != "" {
zones = append(zones, peersCustomZone)
}
dnsUpdate.CustomZones = zones
dnsUpdate.NameServerGroups = getPeerNSGroups(a, peerID)
}
return &NetworkMap{
Peers: peersToConnect,
Network: a.Network.Copy(),
Routes: routesUpdate,
DNSConfig: dnsUpdate,
OfflinePeers: expiredPeers,
FirewallRules: firewallRules,
}
}