From e8691803b2fde62657cb6bed6d69e5b068a4c0d3 Mon Sep 17 00:00:00 2001
From: Michael Quigley <michael@quigley.com>
Date: Mon, 10 Feb 2025 13:11:18 -0500
Subject: [PATCH] make the old GET endpoint return an upgrade message (#859)

---
 CHANGELOG.md                                              | 2 ++
 controller/version.go                                     | 5 +++--
 rest_client_zrok/metadata/version_responses.go            | 2 +-
 rest_server_zrok/embedded_spec.go                         | 4 ++--
 rest_server_zrok/operations/metadata/version_responses.go | 2 +-
 specs/zrok.yml                                            | 2 +-
 6 files changed, 10 insertions(+), 7 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 16b1e2d9..9c2c4b84 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -18,6 +18,8 @@ CHANGE: Refactored API implementation. Cleanup, lint removal, additional data el
 
 CHANGE: Deprecated the `passwords` configuration stanza. The zrok controller and API console now use a hard-coded set of (what we believe to be) reasonable assumptions about password quality (https://github.com/openziti/zrok/issues/834)
 
+CHANGE: The protocol for determining valid client versions has been changed. Previously a zrok client would do a `GET` against the `/api/v1/version` endpoint and do a local version string comparison (as a normal precondition to any API call) to see if the controller version matched. The protocol has been amended so that any out-of-date client using the old protocol will receive a version string indicating that they need to uprade their client. New clients will do a `POST` against the `/api/v1/version` endpoint, posting their client version, and the server will check for compatibility. Does not change the security posture in any significant way, but gives more flexibility on the server side for managing client compatibility (https://github.com/openziti/zrok/issues/859)
+
 ## v0.4.48
 
 FIX: the Python SDK erroneously assumed the enabled zrok environment contained a config.json file, and was changed to only load it if the file was present (https://github.com/openziti/zrok/pull/853/).
diff --git a/controller/version.go b/controller/version.go
index 8a139fb9..463a4d51 100644
--- a/controller/version.go
+++ b/controller/version.go
@@ -2,11 +2,12 @@ package controller
 
 import (
 	"github.com/go-openapi/runtime/middleware"
-	"github.com/openziti/zrok/build"
 	"github.com/openziti/zrok/rest_model_zrok"
 	"github.com/openziti/zrok/rest_server_zrok/operations/metadata"
 )
 
 func versionHandler(_ metadata.VersionParams) middleware.Responder {
-	return metadata.NewVersionOK().WithPayload(rest_model_zrok.Version(build.String()))
+	outOfDate := "your local zrok installation is out of date and needs to be upgraded! " +
+		"please visit 'https://github.com/openziti/zrok/releases' for the latest build!"
+	return metadata.NewVersionOK().WithPayload(rest_model_zrok.Version(outOfDate))
 }
diff --git a/rest_client_zrok/metadata/version_responses.go b/rest_client_zrok/metadata/version_responses.go
index 97a23fb1..de978ab5 100644
--- a/rest_client_zrok/metadata/version_responses.go
+++ b/rest_client_zrok/metadata/version_responses.go
@@ -42,7 +42,7 @@ func NewVersionOK() *VersionOK {
 /*
 VersionOK describes a response with status code 200, with default header values.
 
-current server version
+legacy upgrade required
 */
 type VersionOK struct {
 	Payload rest_model_zrok.Version
diff --git a/rest_server_zrok/embedded_spec.go b/rest_server_zrok/embedded_spec.go
index 6b61e327..c506c06d 100644
--- a/rest_server_zrok/embedded_spec.go
+++ b/rest_server_zrok/embedded_spec.go
@@ -1903,7 +1903,7 @@ func init() {
         "operationId": "version",
         "responses": {
           "200": {
-            "description": "current server version",
+            "description": "legacy upgrade required",
             "schema": {
               "$ref": "#/definitions/version"
             }
@@ -4108,7 +4108,7 @@ func init() {
         "operationId": "version",
         "responses": {
           "200": {
-            "description": "current server version",
+            "description": "legacy upgrade required",
             "schema": {
               "$ref": "#/definitions/version"
             }
diff --git a/rest_server_zrok/operations/metadata/version_responses.go b/rest_server_zrok/operations/metadata/version_responses.go
index a48a43e0..95244c10 100644
--- a/rest_server_zrok/operations/metadata/version_responses.go
+++ b/rest_server_zrok/operations/metadata/version_responses.go
@@ -17,7 +17,7 @@ import (
 const VersionOKCode int = 200
 
 /*
-VersionOK current server version
+VersionOK legacy upgrade required
 
 swagger:response versionOK
 */
diff --git a/specs/zrok.yml b/specs/zrok.yml
index b245d64e..af2dd696 100644
--- a/specs/zrok.yml
+++ b/specs/zrok.yml
@@ -988,7 +988,7 @@ paths:
       operationId: version
       responses:
         200:
-          description: current server version
+          description: legacy upgrade required
           schema:
             $ref: "#/definitions/version"