mirror of
https://github.com/openziti/zrok.git
synced 2024-11-22 08:03:49 +01:00
better finder behavior (#262)
This commit is contained in:
parent
9da1137a78
commit
bf63092cb2
@ -36,6 +36,10 @@ func (h *disableHandler) Handle(params environment.DisableParams, principal *res
|
||||
logrus.Errorf("error getting environment for user '%v': %v", principal.Email, err)
|
||||
return environment.NewDisableInternalServerError()
|
||||
}
|
||||
if env.Deleted {
|
||||
logrus.Errorf("environment '%v' for user '%v' deleted", env.ZId, principal.Email)
|
||||
return environment.NewDisableUnauthorized()
|
||||
}
|
||||
edge, err := zrokEdgeSdk.Client(cfg.Ziti)
|
||||
if err != nil {
|
||||
logrus.Errorf("error getting edge client for user '%v': %v", principal.Email, err)
|
||||
@ -85,29 +89,31 @@ func (h *disableHandler) removeSharesForEnvironment(envId int, tx *sqlx.Tx, edge
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
shrs, err := str.FindSharesForEnvironment(envId, tx)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
for _, shr := range shrs {
|
||||
shrToken := shr.Token
|
||||
logrus.Infof("garbage collecting share '%v' for environment '%v'", shrToken, env.ZId)
|
||||
if err := zrokEdgeSdk.DeleteServiceEdgeRouterPolicy(env.ZId, shrToken, edge); err != nil {
|
||||
logrus.Error(err)
|
||||
if !env.Deleted {
|
||||
shrs, err := str.FindSharesForEnvironment(envId, tx)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
if err := zrokEdgeSdk.DeleteServicePolicyDial(env.ZId, shrToken, edge); err != nil {
|
||||
logrus.Error(err)
|
||||
for _, shr := range shrs {
|
||||
shrToken := shr.Token
|
||||
logrus.Infof("garbage collecting share '%v' for environment '%v'", shrToken, env.ZId)
|
||||
if err := zrokEdgeSdk.DeleteServiceEdgeRouterPolicy(env.ZId, shrToken, edge); err != nil {
|
||||
logrus.Error(err)
|
||||
}
|
||||
if err := zrokEdgeSdk.DeleteServicePolicyDial(env.ZId, shrToken, edge); err != nil {
|
||||
logrus.Error(err)
|
||||
}
|
||||
if err := zrokEdgeSdk.DeleteServicePolicyBind(env.ZId, shrToken, edge); err != nil {
|
||||
logrus.Error(err)
|
||||
}
|
||||
if err := zrokEdgeSdk.DeleteConfig(env.ZId, shrToken, edge); err != nil {
|
||||
logrus.Error(err)
|
||||
}
|
||||
if err := zrokEdgeSdk.DeleteService(env.ZId, shr.ZId, edge); err != nil {
|
||||
logrus.Error(err)
|
||||
}
|
||||
logrus.Infof("removed share '%v' for environment '%v'", shr.Token, env.ZId)
|
||||
}
|
||||
if err := zrokEdgeSdk.DeleteServicePolicyBind(env.ZId, shrToken, edge); err != nil {
|
||||
logrus.Error(err)
|
||||
}
|
||||
if err := zrokEdgeSdk.DeleteConfig(env.ZId, shrToken, edge); err != nil {
|
||||
logrus.Error(err)
|
||||
}
|
||||
if err := zrokEdgeSdk.DeleteService(env.ZId, shr.ZId, edge); err != nil {
|
||||
logrus.Error(err)
|
||||
}
|
||||
logrus.Infof("removed share '%v' for environment '%v'", shr.Token, env.ZId)
|
||||
}
|
||||
return nil
|
||||
}
|
||||
@ -117,13 +123,15 @@ func (h *disableHandler) removeFrontendsForEnvironment(envId int, tx *sqlx.Tx, e
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
fes, err := str.FindFrontendsForEnvironment(envId, tx)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
for _, fe := range fes {
|
||||
if err := zrokEdgeSdk.DeleteServicePolicy(env.ZId, fmt.Sprintf("tags.zrokFrontendToken=\"%v\" and type=1", fe.Token), edge); err != nil {
|
||||
logrus.Errorf("error removing frontend access for '%v': %v", fe.Token, err)
|
||||
if !env.Deleted {
|
||||
fes, err := str.FindFrontendsForEnvironment(envId, tx)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
for _, fe := range fes {
|
||||
if err := zrokEdgeSdk.DeleteServicePolicy(env.ZId, fmt.Sprintf("tags.zrokFrontendToken=\"%v\" and type=1", fe.Token), edge); err != nil {
|
||||
logrus.Errorf("error removing frontend access for '%v': %v", fe.Token, err)
|
||||
}
|
||||
}
|
||||
}
|
||||
return nil
|
||||
|
@ -62,14 +62,14 @@ func (h *inviteHandler) Handle(params account.InviteParams) middleware.Responder
|
||||
}
|
||||
|
||||
// deleted accounts still exist as far as invites are concerned (ignore deleted flag)
|
||||
if _, err := str.FindAccountWithEmail(params.Body.Email, tx); err == nil {
|
||||
if _, err := str.FindAccountWithEmailAndDeleted(params.Body.Email, tx); err == nil {
|
||||
logrus.Errorf("found account for '%v', cannot process account request", params.Body.Email)
|
||||
return account.NewInviteBadRequest().WithPayload("duplicate email found")
|
||||
} else {
|
||||
logrus.Infof("no account found for '%v': %v", params.Body.Email, err)
|
||||
}
|
||||
|
||||
if oldAr, err := str.FindAccountRequestWithEmail(params.Body.Email, tx); err == nil && !oldAr.Deleted {
|
||||
if oldAr, err := str.FindAccountRequestWithEmail(params.Body.Email, tx); err == nil {
|
||||
logrus.Warnf("found previous account request for '%v', removing", params.Body.Email)
|
||||
if err := str.DeleteAccountRequest(oldAr.Id, tx); err != nil {
|
||||
logrus.Errorf("error deleteing previous account request for '%v': %v", params.Body.Email, err)
|
||||
|
@ -26,10 +26,6 @@ func loginHandler(params account.LoginParams) middleware.Responder {
|
||||
logrus.Errorf("error finding account '%v': %v", params.Body.Email, err)
|
||||
return account.NewLoginUnauthorized()
|
||||
}
|
||||
if a.Deleted {
|
||||
logrus.Errorf("account '%v' deleted", params.Body.Email)
|
||||
return account.NewLoginUnauthorized()
|
||||
}
|
||||
hpwd, err := rehashPassword(params.Body.Password, a.Salt)
|
||||
if err != nil {
|
||||
logrus.Errorf("error hashing password for '%v': %v", params.Body.Email, err)
|
||||
|
@ -21,49 +21,51 @@ func overviewHandler(_ metadata.OverviewParams, principal *rest_model_zrok.Princ
|
||||
}
|
||||
var out rest_model_zrok.EnvironmentSharesList
|
||||
for _, env := range envs {
|
||||
shrs, err := str.FindSharesForEnvironment(env.Id, tx)
|
||||
if err != nil {
|
||||
logrus.Errorf("error finding shares for environment '%v': %v", env.ZId, err)
|
||||
return metadata.NewOverviewInternalServerError()
|
||||
}
|
||||
es := &rest_model_zrok.EnvironmentShares{
|
||||
Environment: &rest_model_zrok.Environment{
|
||||
Address: env.Address,
|
||||
CreatedAt: env.CreatedAt.UnixMilli(),
|
||||
Description: env.Description,
|
||||
Host: env.Host,
|
||||
UpdatedAt: env.UpdatedAt.UnixMilli(),
|
||||
ZID: env.ZId,
|
||||
},
|
||||
}
|
||||
if !env.Deleted {
|
||||
shrs, err := str.FindSharesForEnvironment(env.Id, tx)
|
||||
if err != nil {
|
||||
logrus.Errorf("error finding shares for environment '%v': %v", env.ZId, err)
|
||||
return metadata.NewOverviewInternalServerError()
|
||||
}
|
||||
es := &rest_model_zrok.EnvironmentShares{
|
||||
Environment: &rest_model_zrok.Environment{
|
||||
Address: env.Address,
|
||||
CreatedAt: env.CreatedAt.UnixMilli(),
|
||||
Description: env.Description,
|
||||
Host: env.Host,
|
||||
UpdatedAt: env.UpdatedAt.UnixMilli(),
|
||||
ZID: env.ZId,
|
||||
},
|
||||
}
|
||||
|
||||
for _, shr := range shrs {
|
||||
feEndpoint := ""
|
||||
if shr.FrontendEndpoint != nil {
|
||||
feEndpoint = *shr.FrontendEndpoint
|
||||
for _, shr := range shrs {
|
||||
feEndpoint := ""
|
||||
if shr.FrontendEndpoint != nil {
|
||||
feEndpoint = *shr.FrontendEndpoint
|
||||
}
|
||||
feSelection := ""
|
||||
if shr.FrontendSelection != nil {
|
||||
feSelection = *shr.FrontendSelection
|
||||
}
|
||||
beProxyEndpoint := ""
|
||||
if shr.BackendProxyEndpoint != nil {
|
||||
beProxyEndpoint = *shr.BackendProxyEndpoint
|
||||
}
|
||||
es.Shares = append(es.Shares, &rest_model_zrok.Share{
|
||||
Token: shr.Token,
|
||||
ZID: shr.ZId,
|
||||
ShareMode: shr.ShareMode,
|
||||
BackendMode: shr.BackendMode,
|
||||
FrontendSelection: feSelection,
|
||||
FrontendEndpoint: feEndpoint,
|
||||
BackendProxyEndpoint: beProxyEndpoint,
|
||||
Reserved: shr.Reserved,
|
||||
CreatedAt: shr.CreatedAt.UnixMilli(),
|
||||
UpdatedAt: shr.UpdatedAt.UnixMilli(),
|
||||
})
|
||||
}
|
||||
feSelection := ""
|
||||
if shr.FrontendSelection != nil {
|
||||
feSelection = *shr.FrontendSelection
|
||||
}
|
||||
beProxyEndpoint := ""
|
||||
if shr.BackendProxyEndpoint != nil {
|
||||
beProxyEndpoint = *shr.BackendProxyEndpoint
|
||||
}
|
||||
es.Shares = append(es.Shares, &rest_model_zrok.Share{
|
||||
Token: shr.Token,
|
||||
ZID: shr.ZId,
|
||||
ShareMode: shr.ShareMode,
|
||||
BackendMode: shr.BackendMode,
|
||||
FrontendSelection: feSelection,
|
||||
FrontendEndpoint: feEndpoint,
|
||||
BackendProxyEndpoint: beProxyEndpoint,
|
||||
Reserved: shr.Reserved,
|
||||
CreatedAt: shr.CreatedAt.UnixMilli(),
|
||||
UpdatedAt: shr.UpdatedAt.UnixMilli(),
|
||||
})
|
||||
out = append(out, es)
|
||||
}
|
||||
out = append(out, es)
|
||||
}
|
||||
return metadata.NewOverviewOK().WithPayload(out)
|
||||
}
|
||||
|
@ -32,10 +32,6 @@ func (h *registerHandler) Handle(params account.RegisterParams) middleware.Respo
|
||||
logrus.Errorf("error finding account request with token '%v': %v", params.Body.Token, err)
|
||||
return account.NewRegisterNotFound()
|
||||
}
|
||||
if ar.Deleted {
|
||||
logrus.Errorf("account request with token '%v' deleted", params.Body.Token)
|
||||
return account.NewRegisterNotFound()
|
||||
}
|
||||
|
||||
token, err := createToken()
|
||||
if err != nil {
|
||||
|
@ -45,10 +45,6 @@ func (handler *resetPasswordRequestHandler) Handle(params account.ResetPasswordR
|
||||
logrus.Errorf("no account found for '%v': %v", params.Body.EmailAddress, err)
|
||||
return account.NewResetPasswordRequestInternalServerError()
|
||||
}
|
||||
if a.Deleted {
|
||||
logrus.Errorf("account '%v' deleted", params.Body.EmailAddress)
|
||||
return account.NewResetPasswordRequestInternalServerError()
|
||||
}
|
||||
|
||||
prr := &store.PasswordResetRequest{
|
||||
Token: token,
|
||||
|
@ -35,7 +35,7 @@ func (h *shareHandler) Handle(params share.ShareParams, principal *rest_model_zr
|
||||
if err == nil {
|
||||
found := false
|
||||
for _, env := range envs {
|
||||
if env.ZId == envZId {
|
||||
if !env.Deleted && env.ZId == envZId {
|
||||
logrus.Debugf("found identity '%v' for user '%v'", envZId, principal.Email)
|
||||
envId = env.Id
|
||||
found = true
|
||||
|
@ -33,7 +33,7 @@ func (h *shareDetailHandler) Handle(params metadata.GetShareDetailParams, princi
|
||||
}
|
||||
found := false
|
||||
for _, env := range envs {
|
||||
if shr.EnvironmentId == env.Id {
|
||||
if !env.Deleted && shr.EnvironmentId == env.Id {
|
||||
found = true
|
||||
break
|
||||
}
|
||||
|
@ -37,15 +37,23 @@ func (self *Store) GetAccount(id int, tx *sqlx.Tx) (*Account, error) {
|
||||
|
||||
func (self *Store) FindAccountWithEmail(email string, tx *sqlx.Tx) (*Account, error) {
|
||||
a := &Account{}
|
||||
if err := tx.QueryRowx("select * from accounts where email = $1", email).StructScan(a); err != nil {
|
||||
if err := tx.QueryRowx("select * from accounts where email = $1 and not deleted", email).StructScan(a); err != nil {
|
||||
return nil, errors.Wrap(err, "error selecting account by email")
|
||||
}
|
||||
return a, nil
|
||||
}
|
||||
|
||||
func (self *Store) FindAccountWithEmailAndDeleted(email string, tx *sqlx.Tx) (*Account, error) {
|
||||
a := &Account{}
|
||||
if err := tx.QueryRowx("select * from accounts where email = $1", email).StructScan(a); err != nil {
|
||||
return nil, errors.Wrap(err, "error selecting acount by email")
|
||||
}
|
||||
return a, nil
|
||||
}
|
||||
|
||||
func (self *Store) FindAccountWithToken(token string, tx *sqlx.Tx) (*Account, error) {
|
||||
a := &Account{}
|
||||
if err := tx.QueryRowx("select * from accounts where token = $1", token).StructScan(a); err != nil {
|
||||
if err := tx.QueryRowx("select * from accounts where token = $1 and not deleted", token).StructScan(a); err != nil {
|
||||
return nil, errors.Wrap(err, "error selecting account by token")
|
||||
}
|
||||
return a, nil
|
||||
|
@ -39,7 +39,7 @@ func (self *Store) GetAccountRequest(id int, tx *sqlx.Tx) (*AccountRequest, erro
|
||||
|
||||
func (self *Store) FindAccountRequestWithToken(token string, tx *sqlx.Tx) (*AccountRequest, error) {
|
||||
ar := &AccountRequest{}
|
||||
if err := tx.QueryRowx("select * from account_requests where token = $1", token).StructScan(ar); err != nil {
|
||||
if err := tx.QueryRowx("select * from account_requests where token = $1 and not deleted", token).StructScan(ar); err != nil {
|
||||
return nil, errors.Wrap(err, "error selecting account_request by token")
|
||||
}
|
||||
return ar, nil
|
||||
@ -75,7 +75,7 @@ func (self *Store) FindExpiredAccountRequests(before time.Time, limit int, tx *s
|
||||
|
||||
func (self *Store) FindAccountRequestWithEmail(email string, tx *sqlx.Tx) (*AccountRequest, error) {
|
||||
ar := &AccountRequest{}
|
||||
if err := tx.QueryRowx("select * from account_requests where email = $1", email).StructScan(ar); err != nil {
|
||||
if err := tx.QueryRowx("select * from account_requests where email = $1 and not deleted", email).StructScan(ar); err != nil {
|
||||
return nil, errors.Wrap(err, "error selecting account_request by email")
|
||||
}
|
||||
return ar, nil
|
||||
|
@ -48,7 +48,7 @@ func (self *Store) GetEnvironment(id int, tx *sqlx.Tx) (*Environment, error) {
|
||||
}
|
||||
|
||||
func (self *Store) FindEnvironmentsForAccount(accountId int, tx *sqlx.Tx) ([]*Environment, error) {
|
||||
rows, err := tx.Queryx("select environments.* from environments where account_id = $1", accountId)
|
||||
rows, err := tx.Queryx("select environments.* from environments where account_id = $1 and not deleted", accountId)
|
||||
if err != nil {
|
||||
return nil, errors.Wrap(err, "error selecting environments by account id")
|
||||
}
|
||||
@ -65,14 +65,14 @@ func (self *Store) FindEnvironmentsForAccount(accountId int, tx *sqlx.Tx) ([]*En
|
||||
|
||||
func (self *Store) FindEnvironmentForAccount(envZId string, accountId int, tx *sqlx.Tx) (*Environment, error) {
|
||||
env := &Environment{}
|
||||
if err := tx.QueryRowx("select environments.* from environments where z_id = $1 and account_id = $2", envZId, accountId).StructScan(env); err != nil {
|
||||
if err := tx.QueryRowx("select environments.* from environments where z_id = $1 and account_id = $2 and not deleted", envZId, accountId).StructScan(env); err != nil {
|
||||
return nil, errors.Wrap(err, "error finding environment by z_id and account_id")
|
||||
}
|
||||
return env, nil
|
||||
}
|
||||
|
||||
func (self *Store) DeleteEnvironment(id int, tx *sqlx.Tx) error {
|
||||
stmt, err := tx.Prepare("delete from environments where id = $1")
|
||||
stmt, err := tx.Prepare("update environments set updated_at = current_timestamp, deleted = true where id = $1")
|
||||
if err != nil {
|
||||
return errors.Wrap(err, "error preparing environments delete statement")
|
||||
}
|
||||
|
@ -26,6 +26,7 @@ func TestEphemeralEnvironment(t *testing.T) {
|
||||
assert.Nil(t, err)
|
||||
assert.NotNil(t, env)
|
||||
assert.Nil(t, env.AccountId)
|
||||
assert.False(t, env.Deleted)
|
||||
}
|
||||
|
||||
func TestEnvironment(t *testing.T) {
|
||||
@ -57,4 +58,5 @@ func TestEnvironment(t *testing.T) {
|
||||
assert.NotNil(t, env)
|
||||
assert.NotNil(t, env.AccountId)
|
||||
assert.Equal(t, acctId, *env.AccountId)
|
||||
assert.False(t, env.Deleted)
|
||||
}
|
||||
|
@ -38,7 +38,7 @@ func (h *unaccessHandler) Handle(params share.UnaccessParams, principal *rest_mo
|
||||
var senv *store.Environment
|
||||
if envs, err := str.FindEnvironmentsForAccount(int(principal.ID), tx); err == nil {
|
||||
for _, env := range envs {
|
||||
if env.ZId == envZId {
|
||||
if !env.Deleted && env.ZId == envZId {
|
||||
senv = env
|
||||
break
|
||||
}
|
||||
|
@ -43,7 +43,7 @@ func (h *unshareHandler) Handle(params share.UnshareParams, principal *rest_mode
|
||||
var senv *store.Environment
|
||||
if envs, err := str.FindEnvironmentsForAccount(int(principal.ID), tx); err == nil {
|
||||
for _, env := range envs {
|
||||
if env.ZId == params.Body.EnvZID {
|
||||
if !env.Deleted && env.ZId == params.Body.EnvZID {
|
||||
senv = env
|
||||
break
|
||||
}
|
||||
|
@ -38,7 +38,7 @@ func (h *updateShareHandler) Handle(params share.UpdateShareParams, principal *r
|
||||
|
||||
envFound := false
|
||||
for _, senv := range senvs {
|
||||
if senv.Id == sshr.Id {
|
||||
if !senv.Deleted && senv.Id == sshr.Id {
|
||||
envFound = true
|
||||
break
|
||||
}
|
||||
|
@ -25,7 +25,7 @@ func (za *zrokAuthenticator) authenticate(token string) (*rest_model_zrok.Princi
|
||||
}
|
||||
defer func() { _ = tx.Rollback() }()
|
||||
|
||||
if a, err := str.FindAccountWithToken(token, tx); err == nil && !a.Deleted {
|
||||
if a, err := str.FindAccountWithToken(token, tx); err == nil {
|
||||
principal := &rest_model_zrok.Principal{
|
||||
ID: int64(a.Id),
|
||||
Token: a.Token,
|
||||
|
@ -29,10 +29,6 @@ func (self *verifyHandler) Handle(params account.VerifyParams) middleware.Respon
|
||||
logrus.Errorf("error finding account request with token '%v': %v", params.Body.Token, err)
|
||||
return account.NewVerifyNotFound()
|
||||
}
|
||||
if ar.Deleted {
|
||||
logrus.Errorf("account request for '%v' with token '%v' deleted", ar.Email, params.Body.Token)
|
||||
return account.NewVerifyNotFound()
|
||||
}
|
||||
|
||||
return account.NewVerifyOK().WithPayload(&rest_model_zrok.VerifyResponse{Email: ar.Email})
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user