2022-11-23 19:00:01 +01:00
package controller
import (
"fmt"
"github.com/go-openapi/runtime/middleware"
2023-01-13 21:01:34 +01:00
"github.com/openziti/zrok/controller/store"
"github.com/openziti/zrok/controller/zrokEdgeSdk"
"github.com/openziti/zrok/rest_model_zrok"
"github.com/openziti/zrok/rest_server_zrok/operations/share"
2022-11-23 19:00:01 +01:00
"github.com/sirupsen/logrus"
)
type unaccessHandler struct { }
func newUnaccessHandler ( ) * unaccessHandler {
return & unaccessHandler { }
}
2023-01-04 19:43:37 +01:00
func ( h * unaccessHandler ) Handle ( params share . UnaccessParams , principal * rest_model_zrok . Principal ) middleware . Responder {
2022-11-30 18:46:19 +01:00
feToken := params . Body . FrontendToken
2023-01-04 19:43:37 +01:00
shrToken := params . Body . ShrToken
2022-11-30 18:46:19 +01:00
envZId := params . Body . EnvZID
2023-01-04 19:43:37 +01:00
logrus . Infof ( "processing unaccess request for frontend '%v' (share '%v', environment '%v')" , feToken , shrToken , envZId )
2022-11-23 19:00:01 +01:00
tx , err := str . Begin ( )
if err != nil {
logrus . Errorf ( "error starting transaction: %v" , err )
2023-01-04 19:43:37 +01:00
return share . NewUnaccessInternalServerError ( )
2022-11-23 19:00:01 +01:00
}
defer func ( ) { _ = tx . Rollback ( ) } ( )
2023-03-07 20:31:39 +01:00
edge , err := zrokEdgeSdk . Client ( cfg . Ziti )
2022-11-23 19:00:01 +01:00
if err != nil {
logrus . Error ( err )
2023-01-04 19:43:37 +01:00
return share . NewUnaccessInternalServerError ( )
2022-11-23 19:00:01 +01:00
}
var senv * store . Environment
if envs , err := str . FindEnvironmentsForAccount ( int ( principal . ID ) , tx ) ; err == nil {
for _ , env := range envs {
2022-11-30 18:46:19 +01:00
if env . ZId == envZId {
2022-11-23 19:00:01 +01:00
senv = env
break
}
}
if senv == nil {
2023-01-30 17:38:55 +01:00
logrus . Errorf ( "environment with id '%v' not found for '%v" , envZId , principal . Email )
2023-01-04 19:43:37 +01:00
return share . NewUnaccessUnauthorized ( )
2022-11-23 19:00:01 +01:00
}
} else {
logrus . Errorf ( "error finding environments for account '%v': %v" , principal . Email , err )
2023-01-04 19:43:37 +01:00
return share . NewUnaccessUnauthorized ( )
2022-11-23 19:00:01 +01:00
}
2022-11-30 20:38:49 +01:00
sfe , err := str . FindFrontendWithToken ( feToken , tx )
2022-11-28 19:55:53 +01:00
if err != nil {
2023-01-30 17:38:55 +01:00
logrus . Errorf ( "error finding frontend for '%v': %v" , principal . Email , err )
2023-01-04 19:43:37 +01:00
return share . NewUnaccessInternalServerError ( )
2022-11-28 19:55:53 +01:00
}
2022-12-01 20:56:55 +01:00
if sfe == nil || ( sfe . EnvironmentId != nil && * sfe . EnvironmentId != senv . Id ) {
2022-11-30 18:10:00 +01:00
logrus . Errorf ( "frontend named '%v' not found" , feToken )
2023-01-04 19:43:37 +01:00
return share . NewUnaccessInternalServerError ( )
2022-11-28 19:55:53 +01:00
}
if err := str . DeleteFrontend ( sfe . Id , tx ) ; err != nil {
2022-11-30 18:10:00 +01:00
logrus . Errorf ( "error deleting frontend named '%v': %v" , feToken , err )
2023-01-04 19:43:37 +01:00
return share . NewUnaccessNotFound ( )
2022-11-28 19:55:53 +01:00
}
2023-01-04 20:21:23 +01:00
if err := zrokEdgeSdk . DeleteServicePolicy ( envZId , fmt . Sprintf ( "tags.zrokShareToken=\"%v\" and tags.zrokFrontendToken=\"%v\" and type=1" , shrToken , feToken ) , edge ) ; err != nil {
2023-01-04 19:43:37 +01:00
logrus . Errorf ( "error removing access to '%v' for '%v': %v" , shrToken , envZId , err )
return share . NewUnaccessInternalServerError ( )
2022-11-23 19:00:01 +01:00
}
2022-11-28 19:55:53 +01:00
if err := tx . Commit ( ) ; err != nil {
2022-11-30 18:10:00 +01:00
logrus . Errorf ( "error committing frontend '%v' delete: %v" , feToken , err )
2023-01-04 19:43:37 +01:00
return share . NewUnaccessInternalServerError ( )
2022-11-28 19:55:53 +01:00
}
2023-01-04 19:43:37 +01:00
return share . NewUnaccessOK ( )
2022-11-23 19:00:01 +01:00
}