2022-11-23 19:00:01 +01:00
package controller
import (
"fmt"
"github.com/go-openapi/runtime/middleware"
"github.com/openziti-test-kitchen/zrok/controller/store"
"github.com/openziti-test-kitchen/zrok/rest_model_zrok"
"github.com/openziti-test-kitchen/zrok/rest_server_zrok/operations/service"
"github.com/pkg/errors"
"github.com/sirupsen/logrus"
)
type unaccessHandler struct { }
func newUnaccessHandler ( ) * unaccessHandler {
return & unaccessHandler { }
}
func ( h * unaccessHandler ) Handle ( params service . UnaccessParams , principal * rest_model_zrok . Principal ) middleware . Responder {
2022-11-30 18:46:19 +01:00
feToken := params . Body . FrontendToken
svcToken := params . Body . SvcToken
envZId := params . Body . EnvZID
2022-11-30 18:10:00 +01:00
logrus . Infof ( "processing unaccess request for frontend '%v' (service '%v', environment '%v')" , feToken , svcToken , envZId )
2022-11-23 19:00:01 +01:00
tx , err := str . Begin ( )
if err != nil {
logrus . Errorf ( "error starting transaction: %v" , err )
return service . NewUnaccessInternalServerError ( )
}
defer func ( ) { _ = tx . Rollback ( ) } ( )
edge , err := edgeClient ( )
if err != nil {
logrus . Error ( err )
return service . NewUnaccessInternalServerError ( )
}
var senv * store . Environment
if envs , err := str . FindEnvironmentsForAccount ( int ( principal . ID ) , tx ) ; err == nil {
for _ , env := range envs {
2022-11-30 18:46:19 +01:00
if env . ZId == envZId {
2022-11-23 19:00:01 +01:00
senv = env
break
}
}
if senv == nil {
2022-11-30 18:46:19 +01:00
err := errors . Errorf ( "environment with id '%v' not found for '%v" , envZId , principal . Email )
2022-11-23 19:00:01 +01:00
logrus . Error ( err )
return service . NewUnaccessUnauthorized ( )
}
} else {
logrus . Errorf ( "error finding environments for account '%v': %v" , principal . Email , err )
return service . NewUnaccessUnauthorized ( )
}
2022-11-30 20:38:49 +01:00
sfe , err := str . FindFrontendWithToken ( feToken , tx )
2022-11-28 19:55:53 +01:00
if err != nil {
logrus . Error ( err )
return service . NewUnaccessInternalServerError ( )
}
2022-12-01 20:56:55 +01:00
if sfe == nil || ( sfe . EnvironmentId != nil && * sfe . EnvironmentId != senv . Id ) {
2022-11-30 18:10:00 +01:00
logrus . Errorf ( "frontend named '%v' not found" , feToken )
2022-11-28 19:55:53 +01:00
return service . NewUnaccessInternalServerError ( )
}
if err := str . DeleteFrontend ( sfe . Id , tx ) ; err != nil {
2022-11-30 18:10:00 +01:00
logrus . Errorf ( "error deleting frontend named '%v': %v" , feToken , err )
2022-11-28 19:55:53 +01:00
return service . NewUnaccessNotFound ( )
}
2022-11-30 18:10:00 +01:00
if err := deleteServicePolicy ( envZId , fmt . Sprintf ( "tags.zrokServiceToken=\"%v\" and tags.zrokFrontendToken=\"%v\" and type=1" , svcToken , feToken ) , edge ) ; err != nil {
logrus . Errorf ( "error removing access to '%v' for '%v': %v" , svcToken , envZId , err )
2022-11-23 19:00:01 +01:00
return service . NewUnaccessInternalServerError ( )
}
2022-11-28 19:55:53 +01:00
if err := tx . Commit ( ) ; err != nil {
2022-11-30 18:10:00 +01:00
logrus . Errorf ( "error committing frontend '%v' delete: %v" , feToken , err )
2022-11-28 19:55:53 +01:00
return service . NewUnaccessInternalServerError ( )
}
2022-11-23 19:00:01 +01:00
return service . NewUnaccessOK ( )
}
