package controller import ( "fmt" "github.com/go-openapi/runtime/middleware" "github.com/openziti/zrok/controller/store" "github.com/openziti/zrok/controller/zrokEdgeSdk" "github.com/openziti/zrok/rest_model_zrok" "github.com/openziti/zrok/rest_server_zrok/operations/share" "github.com/sirupsen/logrus" ) type unaccessHandler struct{} func newUnaccessHandler() *unaccessHandler { return &unaccessHandler{} } func (h *unaccessHandler) Handle(params share.UnaccessParams, principal *rest_model_zrok.Principal) middleware.Responder { feToken := params.Body.FrontendToken shrToken := params.Body.ShrToken envZId := params.Body.EnvZID logrus.Infof("processing unaccess request for frontend '%v' (share '%v', environment '%v')", feToken, shrToken, envZId) tx, err := str.Begin() if err != nil { logrus.Errorf("error starting transaction: %v", err) return share.NewUnaccessInternalServerError() } defer func() { _ = tx.Rollback() }() edge, err := zrokEdgeSdk.Client(cfg.Ziti) if err != nil { logrus.Error(err) return share.NewUnaccessInternalServerError() } var senv *store.Environment if envs, err := str.FindEnvironmentsForAccount(int(principal.ID), tx); err == nil { for _, env := range envs { if env.ZId == envZId { senv = env break } } if senv == nil { logrus.Errorf("environment with id '%v' not found for '%v", envZId, principal.Email) return share.NewUnaccessUnauthorized() } } else { logrus.Errorf("error finding environments for account '%v': %v", principal.Email, err) return share.NewUnaccessUnauthorized() } sfe, err := str.FindFrontendWithToken(feToken, tx) if err != nil { logrus.Errorf("error finding frontend for '%v': %v", principal.Email, err) return share.NewUnaccessInternalServerError() } if sfe == nil || (sfe.EnvironmentId != nil && *sfe.EnvironmentId != senv.Id) { logrus.Errorf("frontend named '%v' not found", feToken) return share.NewUnaccessInternalServerError() } if err := str.DeleteFrontend(sfe.Id, tx); err != nil { logrus.Errorf("error deleting frontend named '%v': %v", feToken, err) return share.NewUnaccessNotFound() } if err := zrokEdgeSdk.DeleteServicePolicy(envZId, fmt.Sprintf("tags.zrokShareToken=\"%v\" and tags.zrokFrontendToken=\"%v\" and type=1", shrToken, feToken), edge); err != nil { logrus.Errorf("error removing access to '%v' for '%v': %v", shrToken, envZId, err) return share.NewUnaccessInternalServerError() } if err := tx.Commit(); err != nil { logrus.Errorf("error committing frontend '%v' delete: %v", feToken, err) return share.NewUnaccessInternalServerError() } return share.NewUnaccessOK() }