mirror of
https://github.com/netbirdio/netbird.git
synced 2025-01-05 21:49:03 +01:00
acb73bd64a
* refactor access control middleware and user access by JWT groups Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * refactor jwt groups extractor Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * refactor handlers to get account when necessary Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * refactor getAccountFromToken Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * refactor getAccountWithAuthorizationClaims Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * fix merge Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * revert handles change Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * remove GetUserByID from account manager Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * fix tests Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * refactor getAccountWithAuthorizationClaims to return account id Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * refactor handlers to use GetAccountIDFromToken Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * fix tests Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * remove locks Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * refactor Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * add GetGroupByName from store Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * add GetGroupByID from store and refactor Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * Refactor retrieval of policy and posture checks Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * Refactor user permissions and retrieves PAT Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * Refactor route, setupkey, nameserver and dns to get record(s) from store Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * Refactor store Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * fix lint Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * fix tests Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * fix add missing policy source posture checks Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * add store lock Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * fix tests Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * add get account Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> --------- Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com>
129 lines
3.4 KiB
Go
129 lines
3.4 KiB
Go
package http
|
|
|
|
import (
|
|
"context"
|
|
"fmt"
|
|
"net/http"
|
|
|
|
log "github.com/sirupsen/logrus"
|
|
|
|
"github.com/netbirdio/netbird/management/server"
|
|
"github.com/netbirdio/netbird/management/server/activity"
|
|
"github.com/netbirdio/netbird/management/server/http/api"
|
|
"github.com/netbirdio/netbird/management/server/http/util"
|
|
"github.com/netbirdio/netbird/management/server/jwtclaims"
|
|
)
|
|
|
|
// EventsHandler HTTP handler
|
|
type EventsHandler struct {
|
|
accountManager server.AccountManager
|
|
claimsExtractor *jwtclaims.ClaimsExtractor
|
|
}
|
|
|
|
// NewEventsHandler creates a new EventsHandler HTTP handler
|
|
func NewEventsHandler(accountManager server.AccountManager, authCfg AuthCfg) *EventsHandler {
|
|
return &EventsHandler{
|
|
accountManager: accountManager,
|
|
claimsExtractor: jwtclaims.NewClaimsExtractor(
|
|
jwtclaims.WithAudience(authCfg.Audience),
|
|
jwtclaims.WithUserIDClaim(authCfg.UserIDClaim),
|
|
),
|
|
}
|
|
}
|
|
|
|
// GetAllEvents list of the given account
|
|
func (h *EventsHandler) GetAllEvents(w http.ResponseWriter, r *http.Request) {
|
|
claims := h.claimsExtractor.FromRequestContext(r)
|
|
accountID, userID, err := h.accountManager.GetAccountIDFromToken(r.Context(), claims)
|
|
if err != nil {
|
|
log.WithContext(r.Context()).Error(err)
|
|
http.Redirect(w, r, "/", http.StatusInternalServerError)
|
|
return
|
|
}
|
|
|
|
accountEvents, err := h.accountManager.GetEvents(r.Context(), accountID, userID)
|
|
if err != nil {
|
|
util.WriteError(r.Context(), err, w)
|
|
return
|
|
}
|
|
events := make([]*api.Event, len(accountEvents))
|
|
for i, e := range accountEvents {
|
|
events[i] = toEventResponse(e)
|
|
}
|
|
|
|
err = h.fillEventsWithUserInfo(r.Context(), events, accountID, userID)
|
|
if err != nil {
|
|
util.WriteError(r.Context(), err, w)
|
|
return
|
|
}
|
|
|
|
util.WriteJSONObject(r.Context(), w, events)
|
|
}
|
|
|
|
func (h *EventsHandler) fillEventsWithUserInfo(ctx context.Context, events []*api.Event, accountId, userId string) error {
|
|
// build email, name maps based on users
|
|
userInfos, err := h.accountManager.GetUsersFromAccount(ctx, accountId, userId)
|
|
if err != nil {
|
|
log.WithContext(ctx).Errorf("failed to get users from account: %s", err)
|
|
return err
|
|
}
|
|
|
|
emails := make(map[string]string)
|
|
names := make(map[string]string)
|
|
for _, ui := range userInfos {
|
|
emails[ui.ID] = ui.Email
|
|
names[ui.ID] = ui.Name
|
|
}
|
|
|
|
var ok bool
|
|
for _, event := range events {
|
|
// fill initiator
|
|
if event.InitiatorEmail == "" {
|
|
event.InitiatorEmail, ok = emails[event.InitiatorId]
|
|
if !ok {
|
|
log.WithContext(ctx).Warnf("failed to resolve email for initiator: %s", event.InitiatorId)
|
|
}
|
|
}
|
|
|
|
if event.InitiatorName == "" {
|
|
// here to allowed to be empty because in the first release we did not store the name
|
|
event.InitiatorName = names[event.InitiatorId]
|
|
}
|
|
|
|
// fill target meta
|
|
email, ok := emails[event.TargetId]
|
|
if !ok {
|
|
continue
|
|
}
|
|
event.Meta["email"] = email
|
|
|
|
username, ok := names[event.TargetId]
|
|
if !ok {
|
|
continue
|
|
}
|
|
event.Meta["username"] = username
|
|
}
|
|
return nil
|
|
}
|
|
|
|
func toEventResponse(event *activity.Event) *api.Event {
|
|
meta := make(map[string]string)
|
|
if event.Meta != nil {
|
|
for s, a := range event.Meta {
|
|
meta[s] = fmt.Sprintf("%v", a)
|
|
}
|
|
}
|
|
e := &api.Event{
|
|
Id: fmt.Sprint(event.ID),
|
|
InitiatorId: event.InitiatorID,
|
|
InitiatorName: event.InitiatorName,
|
|
InitiatorEmail: event.InitiatorEmail,
|
|
Activity: event.Activity.Message(),
|
|
ActivityCode: api.EventActivityCode(event.Activity.StringCode()),
|
|
TargetId: event.TargetID,
|
|
Timestamp: event.Timestamp,
|
|
Meta: meta,
|
|
}
|
|
return e
|
|
}
|