package controller
import (
"github.com/go-openapi/runtime/middleware"
"github.com/jmoiron/sqlx"
"github.com/openziti/zrok/controller/store"
"github.com/openziti/zrok/rest_model_zrok"
"github.com/openziti/zrok/rest_server_zrok/operations/metadata"
"github.com/sirupsen/logrus"
)
type orgAccountOverviewHandler struct{}
func newOrgAccountOverviewHandler() *orgAccountOverviewHandler {
return &orgAccountOverviewHandler{}
}
func (h *orgAccountOverviewHandler) Handle(params metadata.OrgAccountOverviewParams, principal *rest_model_zrok.Principal) middleware.Responder {
trx, err := str.Begin()
if err != nil {
logrus.Errorf("error starting transaction: %v", err)
return metadata.NewOrgAccountOverviewInternalServerError()
}
defer func() { _ = trx.Rollback() }()
org, err := str.FindOrganizationByToken(params.OrganizationToken, trx)
if err != nil {
logrus.Errorf("error finding organization by token: %v", err)
return metadata.NewOrgAccountOverviewNotFound()
}
admin, err := str.IsAccountAdminOfOrganization(int(principal.ID), org.Id, trx)
if err != nil {
logrus.Errorf("error checking account '%v' admin: %v", principal.Email, err)
return metadata.NewOrgAccountOverviewNotFound()
}
if !admin {
logrus.Errorf("requesting account '%v' is not admin of organization '%v'", principal.Email, org.Token)
return metadata.NewOrgAccountOverviewNotFound()
}
acct, err := str.FindAccountWithEmail(params.AccountEmail, trx)
if err != nil {
logrus.Errorf("error finding account by email: %v", err)
return metadata.NewOrgAccountOverviewNotFound()
}
inOrg, err := str.IsAccountInOrganization(acct.Id, org.Id, trx)
if err != nil {
logrus.Errorf("error checking account '%v' organization membership: %v", acct.Email, err)
return metadata.NewOrgAccountOverviewNotFound()
}
if !inOrg {
logrus.Errorf("account '%v' is not a member of organization '%v'", acct.Email, org.Token)
return metadata.NewOrgAccountOverviewNotFound()
}
envs, err := str.FindEnvironmentsForAccount(acct.Id, trx)
if err != nil {
logrus.Errorf("error finding environments for '%v': %v", acct.Email, err)
return metadata.NewOrgAccountOverviewNotFound()
}
accountLimited, err := h.isAccountLimited(acct.Id, trx)
if err != nil {
logrus.Errorf("error checking account '%v' limited: %v", acct.Email, err)
}
ovr := &rest_model_zrok.Overview{AccountLimited: accountLimited}
for _, env := range envs {
ear := &rest_model_zrok.EnvironmentAndResources{
Environment: &rest_model_zrok.Environment{
Address: env.Address,
Description: env.Description,
Host: env.Host,
ZID: env.ZId,
CreatedAt: env.CreatedAt.UnixMilli(),
UpdatedAt: env.UpdatedAt.UnixMilli(),
},
}
shrs, err := str.FindSharesForEnvironment(env.Id, trx)
if err != nil {
logrus.Errorf("error finding shares for environment '%v': %v", env.ZId, err)
return metadata.NewOverviewInternalServerError()
}
for _, shr := range shrs {
feEndpoint := ""
if shr.FrontendEndpoint != nil {
feEndpoint = *shr.FrontendEndpoint
}
feSelection := ""
if shr.FrontendSelection != nil {
feSelection = *shr.FrontendSelection
}
beProxyEndpoint := ""
if shr.BackendProxyEndpoint != nil {
beProxyEndpoint = *shr.BackendProxyEndpoint
}
envShr := &rest_model_zrok.Share{
Token: shr.Token,
ZID: shr.ZId,
ShareMode: shr.ShareMode,
BackendMode: shr.BackendMode,
FrontendSelection: feSelection,
FrontendEndpoint: feEndpoint,
BackendProxyEndpoint: beProxyEndpoint,
Reserved: shr.Reserved,
CreatedAt: shr.CreatedAt.UnixMilli(),
UpdatedAt: shr.UpdatedAt.UnixMilli(),
}
ear.Shares = append(ear.Shares, envShr)
}
fes, err := str.FindFrontendsForEnvironment(env.Id, trx)
if err != nil {
logrus.Errorf("error finding frontends for environment '%v': %v", env.ZId, err)
return metadata.NewOverviewInternalServerError()
}
for _, fe := range fes {
envFe := &rest_model_zrok.Frontend{
ID: int64(fe.Id),
Token: fe.Token,
ZID: fe.ZId,
CreatedAt: fe.CreatedAt.UnixMilli(),
UpdatedAt: fe.UpdatedAt.UnixMilli(),
}
if fe.PrivateShareId != nil {
feShr, err := str.GetShare(*fe.PrivateShareId, trx)
if err != nil {
logrus.Errorf("error getting share for frontend '%v': %v", fe.ZId, err)
return metadata.NewOverviewInternalServerError()
}
envFe.ShrToken = feShr.Token
}
ear.Frontends = append(ear.Frontends, envFe)
}
ovr.Environments = append(ovr.Environments, ear)
}
return metadata.NewOrgAccountOverviewOK().WithPayload(ovr)
}
func (h *orgAccountOverviewHandler) isAccountLimited(acctId int, trx *sqlx.Tx) (bool, error) {
var je *store.BandwidthLimitJournalEntry
jEmpty, err := str.IsBandwidthLimitJournalEmpty(acctId, trx)
if err != nil {
return false, err
}
if !jEmpty {
je, err = str.FindLatestBandwidthLimitJournal(acctId, trx)
if err != nil {
return false, err
}
}
return je != nil && je.Action == store.LimitLimitAction, nil
}