merge from origin/main

This commit is contained in:
dovholuknf 2023-01-30 13:48:02 -05:00
commit aa39fb4498
No known key found for this signature in database
GPG Key ID: 0EE08251136D3480
17 changed files with 192 additions and 67 deletions

View File

@ -47,6 +47,47 @@ jobs:
name: release-builds name: release-builds
path: ./dist/*.gz path: ./dist/*.gz
build-linux-arm:
runs-on: ubuntu-20.04
steps:
- run: sudo apt-get install gcc-arm-linux-gnueabi
- uses: actions/checkout@v3
with:
fetch-depth: 0
- run: git fetch --force --tags
- uses: actions/setup-go@v3
with:
go-version: '>=1.19.3'
cache: true
- uses: actions/setup-node@v3
with:
node-version: 16.x
- run: npm install
working-directory: ui
- run: npm run build
working-directory: ui
env:
CI: ""
- uses: goreleaser/goreleaser-action@v2
with:
distribution: goreleaser
version: latest
args: release --skip-publish --config .goreleaser-linux-arm.yml
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- uses: actions/upload-artifact@v3
with:
name: release-builds
path: ./dist/*.gz
build-darwin: build-darwin:
runs-on: macos-latest runs-on: macos-latest
steps: steps:
@ -140,7 +181,7 @@ jobs:
path: ./dist/*.gz path: ./dist/*.gz
publish-release: publish-release:
needs: [build-linux, build-darwin, build-windows] needs: [build-linux, build-linux-arm, build-darwin, build-windows]
runs-on: ubuntu-latest runs-on: ubuntu-latest
steps: steps:
- uses: actions/checkout@v3 - uses: actions/checkout@v3

15
.goreleaser-linux-arm.yml Normal file
View File

@ -0,0 +1,15 @@
builds:
- id: zrok-armv7
main: ./cmd/zrok
binary: zrok
ldflags: "-s -w -X github.com/openziti/zrok/build.Version={{.Tag}} -X github.com/openziti/zrok/build.Hash={{.ShortCommit}}"
env:
- CC=arm-linux-gnueabi-gcc
- CGO_ENABLED=1
- CC_FOR_TARGET=gcc-arm-linux-gnueabi
goos:
- linux
goarch:
- arm
goarm:
- 7

View File

@ -1,4 +1,14 @@
# v0.3.0-rc3 (WiP) # v0.3.0-rc5
CHANGE: Improvements to controller log messages to assist in operations (https://github.com/openziti/zrok/issues/186)
CHANGE: `armv7` builds for Linux are now shipped with releases; these builds were tested against a Raspberry Pi 4 (https://github.com/openziti/zrok/issues/93)
# v0.3.0-rc4
CHANGE: Enable notarization for macos binaries (https://github.com/openziti/zrok/issues/92)
# v0.3.0-rc3
> This release increments the configuration version from `1` to `2`. See the note below. > This release increments the configuration version from `1` to `2`. See the note below.

View File

@ -2,10 +2,13 @@ source = ["dist/zrok-amd64_darwin_amd64_v1/zrok"]
bundle_id = "io.zrok.zrok" bundle_id = "io.zrok.zrok"
apple_id { apple_id {
username = "@env:AC_USERNAME"
password = "@env:AC_PASSWORD" password = "@env:AC_PASSWORD"
} }
sign { sign {
application_identity = "Apple Distribution: NetFoundry Inc" application_identity = "Developer ID Application: NetFoundry Inc"
}
zip {
output_path = "dist/zrok-amd64_darwin_amd64_v1/zrok.zip"
} }

View File

@ -2,10 +2,13 @@ source = ["dist/zrok-arm64_darwin_arm64/zrok"]
bundle_id = "io.zrok.zrok" bundle_id = "io.zrok.zrok"
apple_id { apple_id {
username = "@env:AC_USERNAME"
password = "@env:AC_PASSWORD" password = "@env:AC_PASSWORD"
} }
sign { sign {
application_identity = "Apple Distribution: NetFoundry Inc" application_identity = "Developer ID Application: NetFoundry Inc"
}
zip {
output_path = "dist/zrok-arm64_darwin_arm64/zrok.zip"
} }

View File

@ -18,7 +18,7 @@ func newAccessHandler() *accessHandler {
func (h *accessHandler) Handle(params share.AccessParams, principal *rest_model_zrok.Principal) middleware.Responder { func (h *accessHandler) Handle(params share.AccessParams, principal *rest_model_zrok.Principal) middleware.Responder {
tx, err := str.Begin() tx, err := str.Begin()
if err != nil { if err != nil {
logrus.Errorf("error starting transaction: %v", err) logrus.Errorf("error starting transaction for user '%v': %v", principal.Email, err)
return share.NewAccessInternalServerError() return share.NewAccessInternalServerError()
} }
defer func() { _ = tx.Rollback() }() defer func() { _ = tx.Rollback() }()
@ -62,7 +62,7 @@ func (h *accessHandler) Handle(params share.AccessParams, principal *rest_model_
} }
if _, err := str.CreateFrontend(envId, &store.Frontend{Token: feToken, ZId: envZId}, tx); err != nil { if _, err := str.CreateFrontend(envId, &store.Frontend{Token: feToken, ZId: envZId}, tx); err != nil {
logrus.Errorf("error creating frontend record: %v", err) logrus.Errorf("error creating frontend record for user '%v': %v", principal.Email, err)
return share.NewAccessInternalServerError() return share.NewAccessInternalServerError()
} }
@ -77,7 +77,7 @@ func (h *accessHandler) Handle(params share.AccessParams, principal *rest_model_
"zrokShareToken": shrToken, "zrokShareToken": shrToken,
} }
if err := zrokEdgeSdk.CreateServicePolicyDial(envZId+"-"+sshr.ZId+"-dial", sshr.ZId, []string{envZId}, addlTags, edge); err != nil { if err := zrokEdgeSdk.CreateServicePolicyDial(envZId+"-"+sshr.ZId+"-dial", sshr.ZId, []string{envZId}, addlTags, edge); err != nil {
logrus.Errorf("unable to create dial policy: %v", err) logrus.Errorf("unable to create dial policy for user '%v': %v", principal.Email, err)
return share.NewAccessInternalServerError() return share.NewAccessInternalServerError()
} }

View File

@ -22,47 +22,47 @@ func newDisableHandler() *disableHandler {
func (h *disableHandler) Handle(params environment.DisableParams, principal *rest_model_zrok.Principal) middleware.Responder { func (h *disableHandler) Handle(params environment.DisableParams, principal *rest_model_zrok.Principal) middleware.Responder {
tx, err := str.Begin() tx, err := str.Begin()
if err != nil { if err != nil {
logrus.Errorf("error starting transaction: %v", err) logrus.Errorf("error starting transaction for user '%v': %v", principal.Email, err)
return environment.NewDisableInternalServerError() return environment.NewDisableInternalServerError()
} }
defer func() { _ = tx.Rollback() }() defer func() { _ = tx.Rollback() }()
envId, err := h.checkZitiIdentity(params.Body.Identity, principal, tx) envId, err := h.checkZitiIdentity(params.Body.Identity, principal, tx)
if err != nil { if err != nil {
logrus.Errorf("identity check failed: %v", err) logrus.Errorf("identity check failed for user '%v': %v", principal.Email, err)
return environment.NewDisableUnauthorized() return environment.NewDisableUnauthorized()
} }
env, err := str.GetEnvironment(envId, tx) env, err := str.GetEnvironment(envId, tx)
if err != nil { if err != nil {
logrus.Errorf("error getting environment: %v", err) logrus.Errorf("error getting environment for user '%v': %v", principal.Email, err)
return environment.NewDisableInternalServerError() return environment.NewDisableInternalServerError()
} }
edge, err := edgeClient() edge, err := edgeClient()
if err != nil { if err != nil {
logrus.Errorf("error getting edge client: %v", err) logrus.Errorf("error getting edge client for user '%v': %v", principal.Email, err)
return environment.NewDisableInternalServerError() return environment.NewDisableInternalServerError()
} }
if err := h.removeSharesForEnvironment(envId, tx, edge); err != nil { if err := h.removeSharesForEnvironment(envId, tx, edge); err != nil {
logrus.Errorf("error removing shares for environment: %v", err) logrus.Errorf("error removing shares for environment for user '%v': %v", principal.Email, err)
return environment.NewDisableInternalServerError() return environment.NewDisableInternalServerError()
} }
if err := h.removeFrontendsForEnvironment(envId, tx, edge); err != nil { if err := h.removeFrontendsForEnvironment(envId, tx, edge); err != nil {
logrus.Errorf("error removing frontends for environment: %v", err) logrus.Errorf("error removing frontends for environment for user '%v': %v", principal.Email, err)
return environment.NewDisableInternalServerError() return environment.NewDisableInternalServerError()
} }
if err := h.removeEnvironment(envId, tx); err != nil { if err := h.removeEnvironment(envId, tx); err != nil {
logrus.Errorf("error removing environment: %v", err) logrus.Errorf("error removing environment for user '%v': %v", principal.Email, err)
return environment.NewDisableInternalServerError() return environment.NewDisableInternalServerError()
} }
if err := zrokEdgeSdk.DeleteEdgeRouterPolicy(env.ZId, edge); err != nil { if err := zrokEdgeSdk.DeleteEdgeRouterPolicy(env.ZId, edge); err != nil {
logrus.Errorf("error deleting edge router policy: %v", err) logrus.Errorf("error deleting edge router policy for user '%v': %v", principal.Email, err)
return environment.NewDisableInternalServerError() return environment.NewDisableInternalServerError()
} }
if err := zrokEdgeSdk.DeleteIdentity(params.Body.Identity, edge); err != nil { if err := zrokEdgeSdk.DeleteIdentity(params.Body.Identity, edge); err != nil {
logrus.Errorf("error deleting identity: %v", err) logrus.Errorf("error deleting identity for user '%v': %v", principal.Email, err)
return environment.NewDisableInternalServerError() return environment.NewDisableInternalServerError()
} }
if err := tx.Commit(); err != nil { if err := tx.Commit(); err != nil {
logrus.Errorf("error committing: %v", err) logrus.Errorf("error committing for user '%v': %v", principal.Email, err)
} }
return environment.NewDisableOK() return environment.NewDisableOK()
} }

View File

@ -25,43 +25,43 @@ func (h *enableHandler) Handle(params environment.EnableParams, principal *rest_
// start transaction early; if it fails, don't bother creating ziti resources // start transaction early; if it fails, don't bother creating ziti resources
tx, err := str.Begin() tx, err := str.Begin()
if err != nil { if err != nil {
logrus.Errorf("error starting transaction: %v", err) logrus.Errorf("error starting transaction for user '%v': %v", principal.Email, err)
return environment.NewEnableInternalServerError() return environment.NewEnableInternalServerError()
} }
defer func() { _ = tx.Rollback() }() defer func() { _ = tx.Rollback() }()
if err := h.checkLimits(principal, tx); err != nil { if err := h.checkLimits(principal, tx); err != nil {
logrus.Errorf("limits error: %v", err) logrus.Errorf("limits error for user '%v': %v", principal.Email, err)
return environment.NewEnableUnauthorized() return environment.NewEnableUnauthorized()
} }
client, err := edgeClient() client, err := edgeClient()
if err != nil { if err != nil {
logrus.Errorf("error getting edge client: %v", err) logrus.Errorf("error getting edge client for user '%v': %v", principal.Email, err)
return environment.NewEnableInternalServerError() return environment.NewEnableInternalServerError()
} }
uniqueToken, err := createShareToken() uniqueToken, err := createShareToken()
if err != nil { if err != nil {
logrus.Errorf("error creating unique identity token: %v", err) logrus.Errorf("error creating unique identity token for user '%v': %v", principal.Email, err)
return environment.NewEnableInternalServerError() return environment.NewEnableInternalServerError()
} }
ident, err := zrokEdgeSdk.CreateEnvironmentIdentity(uniqueToken, principal.Email, params.Body.Description, client) ident, err := zrokEdgeSdk.CreateEnvironmentIdentity(uniqueToken, principal.Email, params.Body.Description, client)
if err != nil { if err != nil {
logrus.Error(err) logrus.Errorf("error creating environment identity for user '%v': %v", principal.Email, err)
return environment.NewEnableInternalServerError() return environment.NewEnableInternalServerError()
} }
envZId := ident.Payload.Data.ID envZId := ident.Payload.Data.ID
cfg, err := zrokEdgeSdk.EnrollIdentity(envZId, client) cfg, err := zrokEdgeSdk.EnrollIdentity(envZId, client)
if err != nil { if err != nil {
logrus.Error(err) logrus.Errorf("error enrolling environment identity for user '%v': %v", principal.Email, err)
return environment.NewEnableInternalServerError() return environment.NewEnableInternalServerError()
} }
if err := zrokEdgeSdk.CreateEdgeRouterPolicy(envZId, envZId, client); err != nil { if err := zrokEdgeSdk.CreateEdgeRouterPolicy(envZId, envZId, client); err != nil {
logrus.Error(err) logrus.Errorf("error creating edge router policy for user '%v': %v", principal.Email, err)
return environment.NewEnableInternalServerError() return environment.NewEnableInternalServerError()
} }
@ -72,13 +72,13 @@ func (h *enableHandler) Handle(params environment.EnableParams, principal *rest_
ZId: envZId, ZId: envZId,
}, tx) }, tx)
if err != nil { if err != nil {
logrus.Errorf("error storing created identity: %v", err) logrus.Errorf("error storing created identity for user '%v': %v", principal.Email, err)
_ = tx.Rollback() _ = tx.Rollback()
return environment.NewEnableInternalServerError() return environment.NewEnableInternalServerError()
} }
if err := tx.Commit(); err != nil { if err := tx.Commit(); err != nil {
logrus.Errorf("error committing: %v", err) logrus.Errorf("error committing for user '%v': %v", principal.Email, err)
return environment.NewEnableInternalServerError() return environment.NewEnableInternalServerError()
} }
logrus.Infof("created environment for '%v', with ziti identity '%v', and database id '%v'", principal.Email, ident.Payload.Data.ID, envId) logrus.Infof("created environment for '%v', with ziti identity '%v', and database id '%v'", principal.Email, ident.Payload.Data.ID, envId)

View File

@ -16,7 +16,7 @@ func newEnvironmentDetailHandler() *environmentDetailHandler {
func (h *environmentDetailHandler) Handle(params metadata.GetEnvironmentDetailParams, principal *rest_model_zrok.Principal) middleware.Responder { func (h *environmentDetailHandler) Handle(params metadata.GetEnvironmentDetailParams, principal *rest_model_zrok.Principal) middleware.Responder {
tx, err := str.Begin() tx, err := str.Begin()
if err != nil { if err != nil {
logrus.Errorf("error starting transaction: %v", err) logrus.Errorf("error starting transaction for user '%v': %v", principal.Email, err)
return metadata.NewGetEnvironmentDetailInternalServerError() return metadata.NewGetEnvironmentDetailInternalServerError()
} }
defer func() { _ = tx.Rollback() }() defer func() { _ = tx.Rollback() }()
@ -37,14 +37,14 @@ func (h *environmentDetailHandler) Handle(params metadata.GetEnvironmentDetailPa
} }
shrs, err := str.FindSharesForEnvironment(senv.Id, tx) shrs, err := str.FindSharesForEnvironment(senv.Id, tx)
if err != nil { if err != nil {
logrus.Errorf("error finding shares for environment '%v': %v", senv.ZId, err) logrus.Errorf("error finding shares for environment '%v' for user '%v': %v", senv.ZId, principal.Email, err)
return metadata.NewGetEnvironmentDetailInternalServerError() return metadata.NewGetEnvironmentDetailInternalServerError()
} }
var sparkData map[string][]int64 var sparkData map[string][]int64
if cfg.Influx != nil { if cfg.Influx != nil {
sparkData, err = sparkDataForShares(shrs) sparkData, err = sparkDataForShares(shrs)
if err != nil { if err != nil {
logrus.Errorf("error querying spark data for shares: %v", err) logrus.Errorf("error querying spark data for shares for user '%v': %v", principal.Email, err)
} }
} }
for _, shr := range shrs { for _, shr := range shrs {

View File

@ -13,7 +13,7 @@ type registerHandler struct{}
func newRegisterHandler() *registerHandler { func newRegisterHandler() *registerHandler {
return &registerHandler{} return &registerHandler{}
} }
func (self *registerHandler) Handle(params account.RegisterParams) middleware.Responder { func (h *registerHandler) Handle(params account.RegisterParams) middleware.Responder {
if params.Body == nil || params.Body.Token == "" || params.Body.Password == "" { if params.Body == nil || params.Body.Token == "" || params.Body.Password == "" {
logrus.Error("missing token or password") logrus.Error("missing token or password")
return account.NewRegisterNotFound() return account.NewRegisterNotFound()
@ -22,25 +22,25 @@ func (self *registerHandler) Handle(params account.RegisterParams) middleware.Re
tx, err := str.Begin() tx, err := str.Begin()
if err != nil { if err != nil {
logrus.Error(err) logrus.Errorf("error starting transaction for token '%v': %v", params.Body.Token, err)
return account.NewRegisterInternalServerError() return account.NewRegisterInternalServerError()
} }
defer func() { _ = tx.Rollback() }() defer func() { _ = tx.Rollback() }()
ar, err := str.FindAccountRequestWithToken(params.Body.Token, tx) ar, err := str.FindAccountRequestWithToken(params.Body.Token, tx)
if err != nil { if err != nil {
logrus.Error(err) logrus.Errorf("error finding account request with token '%v': %v", params.Body.Token, err)
return account.NewRegisterNotFound() return account.NewRegisterNotFound()
} }
token, err := createToken() token, err := createToken()
if err != nil { if err != nil {
logrus.Error(err) logrus.Errorf("error creating token for request '%v' (%v): %v", params.Body.Token, ar.Email, err)
return account.NewRegisterInternalServerError() return account.NewRegisterInternalServerError()
} }
hpwd, err := hashPassword(params.Body.Password) hpwd, err := hashPassword(params.Body.Password)
if err != nil { if err != nil {
logrus.Error(err) logrus.Errorf("error hashing password for request '%v' (%v): %v", params.Body.Token, ar.Email, err)
return account.NewRegisterInternalServerError() return account.NewRegisterInternalServerError()
} }
a := &store.Account{ a := &store.Account{
@ -50,17 +50,17 @@ func (self *registerHandler) Handle(params account.RegisterParams) middleware.Re
Token: token, Token: token,
} }
if _, err := str.CreateAccount(a, tx); err != nil { if _, err := str.CreateAccount(a, tx); err != nil {
logrus.Error(err) logrus.Errorf("error creating account for request '%v' (%v): %v", params.Body.Token, ar.Email, err)
return account.NewRegisterInternalServerError() return account.NewRegisterInternalServerError()
} }
if err := str.DeleteAccountRequest(ar.Id, tx); err != nil { if err := str.DeleteAccountRequest(ar.Id, tx); err != nil {
logrus.Error(err) logrus.Errorf("error deleteing account request '%v' (%v): %v", params.Body.Token, ar.Email, err)
return account.NewRegisterInternalServerError() return account.NewRegisterInternalServerError()
} }
if err := tx.Commit(); err != nil { if err := tx.Commit(); err != nil {
logrus.Error(err) logrus.Errorf("error committing '%v' (%v): %v", params.Body.Token, ar.Email, err)
return account.NewRegisterInternalServerError() return account.NewRegisterInternalServerError()
} }

View File

@ -21,42 +21,42 @@ func (handler *resetPasswordHandler) Handle(params account.ResetPasswordParams)
tx, err := str.Begin() tx, err := str.Begin()
if err != nil { if err != nil {
logrus.Error(err) logrus.Errorf("error starting transaction for '%v': %v", params.Body.Token, err)
return account.NewResetPasswordInternalServerError() return account.NewResetPasswordInternalServerError()
} }
defer func() { _ = tx.Rollback() }() defer func() { _ = tx.Rollback() }()
prr, err := str.FindPasswordResetRequestWithToken(params.Body.Token, tx) prr, err := str.FindPasswordResetRequestWithToken(params.Body.Token, tx)
if err != nil { if err != nil {
logrus.Error(err) logrus.Errorf("error finding reset request for '%v': %v", params.Body.Token, err)
return account.NewResetPasswordNotFound() return account.NewResetPasswordNotFound()
} }
a, err := str.GetAccount(prr.AccountId, tx) a, err := str.GetAccount(prr.AccountId, tx)
if err != nil { if err != nil {
logrus.Error(err) logrus.Errorf("error finding account for '%v': %v", params.Body.Token, err)
return account.NewResetPasswordNotFound() return account.NewResetPasswordNotFound()
} }
hpwd, err := hashPassword(params.Body.Password) hpwd, err := hashPassword(params.Body.Password)
if err != nil { if err != nil {
logrus.Error(err) logrus.Errorf("error hashing password for '%v' (%v): %v", params.Body.Token, a.Email, err)
return account.NewResetPasswordRequestInternalServerError() return account.NewResetPasswordRequestInternalServerError()
} }
a.Salt = hpwd.Salt a.Salt = hpwd.Salt
a.Password = hpwd.Password a.Password = hpwd.Password
if _, err := str.UpdateAccount(a, tx); err != nil { if _, err := str.UpdateAccount(a, tx); err != nil {
logrus.Error(err) logrus.Errorf("error updating for '%v' (%v): %v", params.Body.Token, a.Email, err)
return account.NewResetPasswordInternalServerError() return account.NewResetPasswordInternalServerError()
} }
if err := str.DeletePasswordResetRequest(prr.Id, tx); err != nil { if err := str.DeletePasswordResetRequest(prr.Id, tx); err != nil {
logrus.Error(err) logrus.Errorf("error deleting reset request '%v' (%v): %v", params.Body.Token, a.Email, err)
return account.NewResetPasswordInternalServerError() return account.NewResetPasswordInternalServerError()
} }
if err := tx.Commit(); err != nil { if err := tx.Commit(); err != nil {
logrus.Error(err) logrus.Errorf("error committing '%v' (%v): %v", params.Body.Token, a.Email, err)
return account.NewResetPasswordInternalServerError() return account.NewResetPasswordInternalServerError()
} }

View File

@ -24,22 +24,23 @@ func (handler *resetPasswordRequestHandler) Handle(params account.ResetPasswordR
return account.NewResetPasswordRequestBadRequest() return account.NewResetPasswordRequestBadRequest()
} }
logrus.Infof("received reset password request for email '%v'", params.Body.EmailAddress) logrus.Infof("received reset password request for email '%v'", params.Body.EmailAddress)
var token string var token string
tx, err := str.Begin() tx, err := str.Begin()
if err != nil { if err != nil {
logrus.Error(err) logrus.Errorf("error starting transaction for request '%v': %v", params.Body.EmailAddress, err)
return account.NewResetPasswordRequestInternalServerError() return account.NewResetPasswordRequestInternalServerError()
} }
defer func() { _ = tx.Rollback() }() defer func() { _ = tx.Rollback() }()
token, err = createToken() token, err = createToken()
if err != nil { if err != nil {
logrus.Error(err) logrus.Errorf("error creating token for '%v': %v", params.Body.EmailAddress, err)
return account.NewResetPasswordRequestInternalServerError() return account.NewResetPasswordRequestInternalServerError()
} }
acct, err := str.FindAccountWithEmail(params.Body.EmailAddress, tx) a, err := str.FindAccountWithEmail(params.Body.EmailAddress, tx)
if err != nil { if err != nil {
logrus.Infof("no account found for '%v': %v", params.Body.EmailAddress, err) logrus.Infof("no account found for '%v': %v", params.Body.EmailAddress, err)
return account.NewResetPasswordRequestInternalServerError() return account.NewResetPasswordRequestInternalServerError()
@ -47,29 +48,29 @@ func (handler *resetPasswordRequestHandler) Handle(params account.ResetPasswordR
prr := &store.PasswordResetRequest{ prr := &store.PasswordResetRequest{
Token: token, Token: token,
AccountId: acct.Id, AccountId: a.Id,
} }
if _, err := str.CreatePasswordResetRequest(prr, tx); err != nil { if _, err := str.CreatePasswordResetRequest(prr, tx); err != nil {
logrus.Errorf("error creating reset password request for '%v': %v", params.Body.EmailAddress, err) logrus.Errorf("error creating reset password request for '%v': %v", a.Email, err)
return account.NewResetPasswordRequestInternalServerError() return account.NewResetPasswordRequestInternalServerError()
} }
if err := tx.Commit(); err != nil { if err := tx.Commit(); err != nil {
logrus.Errorf("error committing reset password request for '%v': %v", params.Body.EmailAddress, err) logrus.Errorf("error committing reset password request for '%v': %v", a.Email, err)
return account.NewResetPasswordRequestInternalServerError() return account.NewResetPasswordRequestInternalServerError()
} }
if cfg.Email != nil && cfg.Registration != nil && cfg.ResetPassword != nil { if cfg.Email != nil && cfg.Registration != nil && cfg.ResetPassword != nil {
if err := sendResetPasswordEmail(acct.Email, token); err != nil { if err := sendResetPasswordEmail(a.Email, token); err != nil {
logrus.Errorf("error sending reset password email for '%v': %v", acct.Email, err) logrus.Errorf("error sending reset password email for '%v': %v", a.Email, err)
return account.NewResetPasswordRequestInternalServerError() return account.NewResetPasswordRequestInternalServerError()
} }
} else { } else {
logrus.Errorf("'email', 'registration', and 'reset_password' configuration missing; skipping reset password email") logrus.Errorf("'email', 'registration', and 'reset_password' configuration missing; skipping reset password email")
} }
logrus.Infof("reset password request for '%v' has token '%v'", params.Body.EmailAddress, prr.Token) logrus.Infof("reset password request for '%v' has token '%v'", a.Email, prr.Token)
return account.NewResetPasswordRequestCreated() return account.NewResetPasswordRequestCreated()
} }

View File

@ -7,7 +7,6 @@ import (
"github.com/openziti/zrok/controller/zrokEdgeSdk" "github.com/openziti/zrok/controller/zrokEdgeSdk"
"github.com/openziti/zrok/rest_model_zrok" "github.com/openziti/zrok/rest_model_zrok"
"github.com/openziti/zrok/rest_server_zrok/operations/share" "github.com/openziti/zrok/rest_server_zrok/operations/share"
"github.com/pkg/errors"
"github.com/sirupsen/logrus" "github.com/sirupsen/logrus"
) )
@ -45,8 +44,7 @@ func (h *unaccessHandler) Handle(params share.UnaccessParams, principal *rest_mo
} }
} }
if senv == nil { if senv == nil {
err := errors.Errorf("environment with id '%v' not found for '%v", envZId, principal.Email) logrus.Errorf("environment with id '%v' not found for '%v", envZId, principal.Email)
logrus.Error(err)
return share.NewUnaccessUnauthorized() return share.NewUnaccessUnauthorized()
} }
} else { } else {
@ -56,7 +54,7 @@ func (h *unaccessHandler) Handle(params share.UnaccessParams, principal *rest_mo
sfe, err := str.FindFrontendWithToken(feToken, tx) sfe, err := str.FindFrontendWithToken(feToken, tx)
if err != nil { if err != nil {
logrus.Error(err) logrus.Errorf("error finding frontend for '%v': %v", principal.Email, err)
return share.NewUnaccessInternalServerError() return share.NewUnaccessInternalServerError()
} }

View File

@ -24,20 +24,20 @@ func newUnshareHandler() *unshareHandler {
func (h *unshareHandler) Handle(params share.UnshareParams, principal *rest_model_zrok.Principal) middleware.Responder { func (h *unshareHandler) Handle(params share.UnshareParams, principal *rest_model_zrok.Principal) middleware.Responder {
tx, err := str.Begin() tx, err := str.Begin()
if err != nil { if err != nil {
logrus.Errorf("error starting transaction: %v", err) logrus.Errorf("error starting transaction for '%v': %v", principal.Email, err)
return share.NewUnshareInternalServerError() return share.NewUnshareInternalServerError()
} }
defer func() { _ = tx.Rollback() }() defer func() { _ = tx.Rollback() }()
edge, err := edgeClient() edge, err := edgeClient()
if err != nil { if err != nil {
logrus.Error(err) logrus.Errorf("error getting edge client for '%v': %v", principal.Email, err)
return share.NewUnshareInternalServerError() return share.NewUnshareInternalServerError()
} }
shrToken := params.Body.ShrToken shrToken := params.Body.ShrToken
shrZId, err := h.findShareZId(shrToken, edge) shrZId, err := h.findShareZId(shrToken, edge)
if err != nil { if err != nil {
logrus.Error(err) logrus.Errorf("error finding share identity for '%v' (%v): %v", shrToken, principal.Email, err)
return share.NewUnshareNotFound() return share.NewUnshareNotFound()
} }
var senv *store.Environment var senv *store.Environment
@ -49,8 +49,7 @@ func (h *unshareHandler) Handle(params share.UnshareParams, principal *rest_mode
} }
} }
if senv == nil { if senv == nil {
err := errors.Errorf("environment with id '%v' not found for '%v", params.Body.EnvZID, principal.Email) logrus.Errorf("environment with id '%v' not found for '%v", params.Body.EnvZID, principal.Email)
logrus.Error(err)
return share.NewUnshareNotFound() return share.NewUnshareNotFound()
} }
} else { } else {
@ -67,8 +66,7 @@ func (h *unshareHandler) Handle(params share.UnshareParams, principal *rest_mode
} }
} }
if sshr == nil { if sshr == nil {
err := errors.Errorf("share with id '%v' not found for '%v'", shrZId, principal.Email) logrus.Errorf("share with id '%v' not found for '%v'", shrZId, principal.Email)
logrus.Error(err)
return share.NewUnshareNotFound() return share.NewUnshareNotFound()
} }
} else { } else {

View File

@ -7,6 +7,7 @@ import (
"github.com/openziti/edge/rest_management_api_client" "github.com/openziti/edge/rest_management_api_client"
"github.com/openziti/edge/rest_util" "github.com/openziti/edge/rest_util"
"github.com/openziti/zrok/rest_model_zrok" "github.com/openziti/zrok/rest_model_zrok"
"github.com/sirupsen/logrus"
"net/http" "net/http"
"strings" "strings"
) )
@ -22,6 +23,7 @@ func newZrokAuthenticator(cfg *Config) *zrokAuthenticator {
func (za *zrokAuthenticator) authenticate(token string) (*rest_model_zrok.Principal, error) { func (za *zrokAuthenticator) authenticate(token string) (*rest_model_zrok.Principal, error) {
tx, err := str.Begin() tx, err := str.Begin()
if err != nil { if err != nil {
logrus.Errorf("error starting transaction for '%v': %v", token, err)
return nil, err return nil, err
} }
defer func() { _ = tx.Rollback() }() defer func() { _ = tx.Rollback() }()
@ -49,6 +51,7 @@ func (za *zrokAuthenticator) authenticate(token string) (*rest_model_zrok.Princi
} }
// no match // no match
logrus.Warnf("invalid api key '%v'", token)
return nil, errors2.New(401, "invalid api key") return nil, errors2.New(401, "invalid api key")
} }
} }

View File

@ -1,6 +1,6 @@
# Nginx Reverse Proxy for zrok # Nginx Reverse Proxy for zrok
I'll assume you have a running zrok controller and public frontend and wish to front both with Nginx providing server TLS. Go back to [the hosting quickstart](../getting-started/getting_started.md) if you still need to spin those up. I'll assume you have a running zrok controller and public frontend and wish to front both with Nginx providing server TLS. Go back to [Self-Hosting Guide](./v0.3_self_hosting_guide.md) if you still need to spin those up.
## Choose a Reverse Proxy Address ## Choose a Reverse Proxy Address

View File

@ -0,0 +1,53 @@
# Introducing zrok
I'm fortunate that I've had the opportunity to work on many interesting projects throughout my career. I was one of the original developers who broke ground on the [OpenZiti](https://github.com/openziti/ziti) project back in 2017. Most of my work on OpenZiti centered on the [fabric](https://github.com/openziti/fabric), data and control plane design, and designing abstractions that would support a lot of what became the "edge" layers. It's been quite exciting to watch OpenZiti blossom and grow over the years.
For the last six months, I've had the opportunity to re-approach the world of zero-trust and next-generation networking from the other side of the stack. Instead of working in the lowest layers of protocols and abstractions, I'm working from the perspective of usability and enabling an amazing end-user experience. I'm excited to introduce you to a new set of tools designed to empower users at the network edge to seamlessly and transparently share resources. Imagine network sharing that is equally secure and transparent.
This new project is called... `zrok`.
`zrok` focuses on streamlining sharing for both developers and end users alike. `zrok` takes inspiration from several other offerings that streamline developer endpoint sharing. Starting from that recipe, `zrok` adds powerful capabilities that are made possible by building on the foundation provided by OpenZiti.
Here are some of the things that make `zrok` different...
## Private Sharing
Most of the offerings in this space allow you to easily create "tunnels" that allow outbound-only access to local HTTP resources without punching any holes in a firewall. These tools make these kinds of tunnels effortless to create; with a single command, you've got a public URL that you can share to allow access to your endpoint.
`zrok` expands on this model by supporting something that we're calling "private sharing". Private sharing allows you to share securely on the zero-trust overlay network, without exposing anything to the public internet. You're still sharing with a single command, but your resources are only available to other `zrok` users through the zero-trust overlay network.
In this model, no user ever has to enable any inbound access. All network access is handled through the secure, zero-trust overlay network. `zrok` handles all of the control plane management of the overlay network, deeply simplifying the experience. This secure sharing model remains the single-command affair that users have come to expect.
And if you want public sharing, `zrok` has that also. Our private sharing modes are an additional capability that `zrok` adds to the recipe. `zrok` supports fleets of "public frontends" that can be geographically deployed wherever your internet users need them.
## Files; Repositories; Video... Decentralized
Most of the other offerings in this space are focused on sharing low-level network resources. These tools are often used by developers or operations staff to allow access to a private HTTP endpoint or to facilitate a callback to a private endpoint through a webhook. It's considered table stakes for these tools to do this in a _frictionless_ way.
`zrok` also provides a frictionless experience for sharing these kinds of network resources. However, we're taking it a step further... `zrok` will also make this kind of frictionless, decentralized sharing possible for files, software repositories, video streams, and other kinds of resources we haven't even thought of yet.
Combine this kind of resource sharing with our private peer-to-peer capabilities, and you've got the recipe for very powerful decentralized services. Imagine using `zrok` as a decentralized, distributed replacement for large centralized file-sharing platforms. Or use it as a replacement for large, centralized video streaming platforms.
We're still just getting started on building out these aspects of `zrok`. `zrok` already provides built-in single-command file sharing. You can [get started](https://github.com/openziti/zrok/blob/main/docs/v0.3_getting_started/getting_started.md) using these powerful tools today!
## Production zrok
[NetFoundry](https://netfoundry.io) is offering [zrok.io](https://zrok.io), a managed `zrok` service instance you can use to try out `zrok` and run small production workloads. This service is currently in limited beta and is available through an invitation process. Visit [zrok.io](https://zrok.io) for details about requesting an invite.
Once `zrok` and `zrok.io` are out of beta, we'll be opening this service up to the public.
`zrok.io` runs on top of the open-source version of `zrok`. We're building on top of the same open-source codebase that's [available](https://github.com/openziti/zrok) today.
## Open-Source; Self-Host
`zrok` is committed to being open-source. You've got everything you need to host your own `zrok` instance on top of your own private OpenZiti network. We've even streamlined this process, and we're including a simple [guide](https://github.com/openziti/zrok/blob/main/docs/v0.3_self_hosting_guide.md) to getting this running in minutes, including the OpenZiti portions.
You can [access](https://github.com/openziti/zrok) the open-source version of `zrok` today.
## A Start
I'm really excited about sharing `zrok` with you. As of this writing, we're at `v0.3.0`, and there is still a ton of work to do to get `zrok` to where I know it can go. `zrok` is open-source, and we're going to be developing it in public, just like the rest of the OpenZiti products (check out the [OpenZiti GitHub](https://github.com/openziti)).
Starting with `v0.4`, I'm planning on producing a set of regularly-released "development notebooks", documenting the development process and giving you a look at the work we're doing with `zrok`. I'm also planning on producing a set of videos that work through some of what's involved in building your own tiny version of `zrok` on top of OpenZiti; these will be a great introduction to building a _Ziti Native Application_ from the ground up. These videos will also be a comprehensive look at how `zrok` works.
We'd love your participation in the `zrok` project! You can find us on GitHub at [https://github.com/openziti/zrok](https://github.com/openziti/zrok).