mirror of
https://github.com/netbirdio/netbird.git
synced 2024-12-01 20:43:43 +01:00
fd7282d3cf
* get account id from access token claim * use GetOrCreateAccountByUser and add test * correct account id claim * remove unused account * Idp manager interface * auth0 idp manager * use if instead of switch case * remove unnecessary lock * NewAuth0Manager * move idpmanager to its own package * update metadata when accountId is not supplied * update tests with idpmanager field * format * new idp manager and config support * validate if we fetch the interface before converting to string * split getJWTToken * improve tests * proper json fields and handle defer body close * fix ci lint notes * documentation and proper defer position * UpdateUserAppMetadata tests * update documentation * ManagerCredentials interface * Marshal and Unmarshal functions * fix tests * ManagerHelper and ManagerHTTPClient * further tests with mocking * rename package and custom http client * sync local packages * remove idp suffix
218 lines
5.6 KiB
Go
218 lines
5.6 KiB
Go
package handler
|
|
|
|
import (
|
|
"encoding/json"
|
|
"github.com/gorilla/mux"
|
|
log "github.com/sirupsen/logrus"
|
|
"github.com/wiretrustee/wiretrustee/management/server"
|
|
"github.com/wiretrustee/wiretrustee/util"
|
|
"google.golang.org/grpc/codes"
|
|
"google.golang.org/grpc/status"
|
|
"net/http"
|
|
"time"
|
|
)
|
|
|
|
// SetupKeys is a handler that returns a list of setup keys of the account
|
|
type SetupKeys struct {
|
|
accountManager *server.AccountManager
|
|
authAudience string
|
|
}
|
|
|
|
// SetupKeyResponse is a response sent to the client
|
|
type SetupKeyResponse struct {
|
|
Id string
|
|
Key string
|
|
Name string
|
|
Expires time.Time
|
|
Type server.SetupKeyType
|
|
Valid bool
|
|
Revoked bool
|
|
UsedTimes int
|
|
LastUsed time.Time
|
|
State string
|
|
}
|
|
|
|
// SetupKeyRequest is a request sent by client. This object contains fields that can be modified
|
|
type SetupKeyRequest struct {
|
|
Name string
|
|
Type server.SetupKeyType
|
|
ExpiresIn *util.Duration
|
|
Revoked bool
|
|
}
|
|
|
|
func NewSetupKeysHandler(accountManager *server.AccountManager, authAudience string) *SetupKeys {
|
|
return &SetupKeys{
|
|
accountManager: accountManager,
|
|
authAudience: authAudience,
|
|
}
|
|
}
|
|
|
|
func (h *SetupKeys) updateKey(accountId string, keyId string, w http.ResponseWriter, r *http.Request) {
|
|
req := &SetupKeyRequest{}
|
|
err := json.NewDecoder(r.Body).Decode(&req)
|
|
if err != nil {
|
|
http.Error(w, err.Error(), http.StatusBadRequest)
|
|
return
|
|
}
|
|
|
|
var key *server.SetupKey
|
|
if req.Revoked {
|
|
//handle only if being revoked, don't allow to enable key again for now
|
|
key, err = h.accountManager.RevokeSetupKey(accountId, keyId)
|
|
if err != nil {
|
|
http.Error(w, "failed revoking key", http.StatusInternalServerError)
|
|
return
|
|
}
|
|
}
|
|
if len(req.Name) != 0 {
|
|
key, err = h.accountManager.RenameSetupKey(accountId, keyId, req.Name)
|
|
if err != nil {
|
|
http.Error(w, "failed renaming key", http.StatusInternalServerError)
|
|
return
|
|
}
|
|
}
|
|
|
|
if key != nil {
|
|
writeSuccess(w, key)
|
|
}
|
|
}
|
|
|
|
func (h *SetupKeys) getKey(accountId string, keyId string, w http.ResponseWriter, r *http.Request) {
|
|
account, err := h.accountManager.GetAccount(accountId)
|
|
if err != nil {
|
|
http.Error(w, "account doesn't exist", http.StatusInternalServerError)
|
|
return
|
|
}
|
|
for _, key := range account.SetupKeys {
|
|
if key.Id == keyId {
|
|
writeSuccess(w, key)
|
|
return
|
|
}
|
|
}
|
|
http.Error(w, "setup key not found", http.StatusNotFound)
|
|
}
|
|
|
|
func (h *SetupKeys) createKey(accountId string, w http.ResponseWriter, r *http.Request) {
|
|
req := &SetupKeyRequest{}
|
|
err := json.NewDecoder(r.Body).Decode(&req)
|
|
if err != nil {
|
|
http.Error(w, err.Error(), http.StatusBadRequest)
|
|
return
|
|
}
|
|
|
|
if !(req.Type == server.SetupKeyReusable || req.Type == server.SetupKeyOneOff) {
|
|
http.Error(w, "unknown setup key type "+string(req.Type), http.StatusBadRequest)
|
|
return
|
|
}
|
|
|
|
setupKey, err := h.accountManager.AddSetupKey(accountId, req.Name, req.Type, req.ExpiresIn)
|
|
if err != nil {
|
|
errStatus, ok := status.FromError(err)
|
|
if ok && errStatus.Code() == codes.NotFound {
|
|
http.Error(w, "account not found", http.StatusNotFound)
|
|
return
|
|
}
|
|
http.Error(w, "failed adding setup key", http.StatusInternalServerError)
|
|
return
|
|
}
|
|
|
|
writeSuccess(w, setupKey)
|
|
}
|
|
|
|
func (h *SetupKeys) HandleKey(w http.ResponseWriter, r *http.Request) {
|
|
userId, accountId := extractUserAndAccountIdFromRequestContext(r, h.authAudience)
|
|
account, err := h.accountManager.GetAccountByUserOrAccountId(userId, accountId)
|
|
if err != nil {
|
|
log.Errorf("failed getting account of a user %s: %v", userId, err)
|
|
http.Redirect(w, r, "/", http.StatusInternalServerError)
|
|
return
|
|
}
|
|
|
|
vars := mux.Vars(r)
|
|
keyId := vars["id"]
|
|
if len(keyId) == 0 {
|
|
http.Error(w, "invalid key Id", http.StatusBadRequest)
|
|
return
|
|
}
|
|
|
|
switch r.Method {
|
|
case http.MethodPut:
|
|
h.updateKey(account.Id, keyId, w, r)
|
|
return
|
|
case http.MethodGet:
|
|
h.getKey(account.Id, keyId, w, r)
|
|
return
|
|
default:
|
|
http.Error(w, "", http.StatusNotFound)
|
|
}
|
|
}
|
|
|
|
func (h *SetupKeys) GetKeys(w http.ResponseWriter, r *http.Request) {
|
|
|
|
userId, accountId := extractUserAndAccountIdFromRequestContext(r, h.authAudience)
|
|
account, err := h.accountManager.GetAccountByUserOrAccountId(userId, accountId)
|
|
if err != nil {
|
|
log.Errorf("failed getting account of a user %s: %v", userId, err)
|
|
http.Redirect(w, r, "/", http.StatusInternalServerError)
|
|
return
|
|
}
|
|
|
|
switch r.Method {
|
|
case http.MethodPost:
|
|
h.createKey(account.Id, w, r)
|
|
return
|
|
case http.MethodGet:
|
|
w.WriteHeader(200)
|
|
w.Header().Set("Content-Type", "application/json")
|
|
|
|
respBody := []*SetupKeyResponse{}
|
|
for _, key := range account.SetupKeys {
|
|
respBody = append(respBody, toResponseBody(key))
|
|
}
|
|
|
|
err = json.NewEncoder(w).Encode(respBody)
|
|
if err != nil {
|
|
log.Errorf("failed encoding account peers %s: %v", account.Id, err)
|
|
http.Redirect(w, r, "/", http.StatusInternalServerError)
|
|
return
|
|
}
|
|
default:
|
|
http.Error(w, "", http.StatusNotFound)
|
|
}
|
|
}
|
|
|
|
func writeSuccess(w http.ResponseWriter, key *server.SetupKey) {
|
|
w.WriteHeader(200)
|
|
w.Header().Set("Content-Type", "application/json")
|
|
err := json.NewEncoder(w).Encode(toResponseBody(key))
|
|
if err != nil {
|
|
http.Error(w, "failed handling request", http.StatusInternalServerError)
|
|
return
|
|
}
|
|
}
|
|
|
|
func toResponseBody(key *server.SetupKey) *SetupKeyResponse {
|
|
var state string
|
|
if key.IsExpired() {
|
|
state = "expired"
|
|
} else if key.IsRevoked() {
|
|
state = "revoked"
|
|
} else if key.IsOverUsed() {
|
|
state = "overused"
|
|
} else {
|
|
state = "valid"
|
|
}
|
|
return &SetupKeyResponse{
|
|
Id: key.Id,
|
|
Key: key.Key,
|
|
Name: key.Name,
|
|
Expires: key.ExpiresAt,
|
|
Type: key.Type,
|
|
Valid: key.IsValid(),
|
|
Revoked: key.Revoked,
|
|
UsedTimes: key.UsedTimes,
|
|
LastUsed: key.LastUsed,
|
|
State: state,
|
|
}
|
|
}
|