mirror of
https://github.com/openziti/zrok.git
synced 2025-06-09 19:36:48 +02:00
126 lines
4.4 KiB
Go
126 lines
4.4 KiB
Go
package controller
|
|
|
|
import (
|
|
"context"
|
|
"github.com/go-openapi/runtime/middleware"
|
|
"github.com/openziti/zrok/agent/agentGrpc"
|
|
"github.com/openziti/zrok/controller/agentController"
|
|
"github.com/openziti/zrok/rest_model_zrok"
|
|
"github.com/openziti/zrok/rest_server_zrok/operations/agent"
|
|
"github.com/sirupsen/logrus"
|
|
)
|
|
|
|
type agentRemoteShareHandler struct{}
|
|
|
|
func newAgentRemoteShareHandler() *agentRemoteShareHandler {
|
|
return &agentRemoteShareHandler{}
|
|
}
|
|
|
|
func (h *agentRemoteShareHandler) Handle(params agent.RemoteShareParams, principal *rest_model_zrok.Principal) middleware.Responder {
|
|
trx, err := str.Begin()
|
|
if err != nil {
|
|
logrus.Errorf("error starting transaction for '%v': %v", principal.Email, err)
|
|
return agent.NewRemoteShareInternalServerError()
|
|
}
|
|
defer trx.Rollback()
|
|
|
|
env, err := str.FindEnvironmentForAccount(params.Body.EnvZID, int(principal.ID), trx)
|
|
if err != nil {
|
|
logrus.Errorf("error finding environment '%v' for '%v': %v", params.Body.EnvZID, principal.Email, err)
|
|
return agent.NewRemoteShareUnauthorized()
|
|
}
|
|
|
|
ae, err := str.FindAgentEnrollmentForEnvironment(env.Id, trx)
|
|
if err != nil {
|
|
logrus.Errorf("error finding agent enrollment for environment '%v' (%v): %v", params.Body.EnvZID, principal.Email, err)
|
|
return agent.NewRemoteShareBadGateway()
|
|
}
|
|
_ = trx.Rollback() // ...or will block share trx on sqlite
|
|
|
|
acli, aconn, err := agentController.NewAgentClient(ae.Token, cfg.AgentController)
|
|
if err != nil {
|
|
logrus.Errorf("error creating agent client for '%v' (%v): %v", params.Body.EnvZID, principal.Email, err)
|
|
return agent.NewRemoteShareInternalServerError()
|
|
}
|
|
defer aconn.Close()
|
|
|
|
out := &agent.RemoteShareOKBody{}
|
|
switch params.Body.ShareMode {
|
|
case "public":
|
|
token, frontendEndpoints, err := h.publicShare(params, acli)
|
|
if err != nil {
|
|
logrus.Errorf("error creating public remote agent share for '%v' (%v): %v", params.Body.EnvZID, principal.Email, err)
|
|
return agent.NewRemoteShareBadGateway()
|
|
}
|
|
out.Token = token
|
|
out.FrontendEndpoints = frontendEndpoints
|
|
|
|
case "private":
|
|
token, err := h.privateShare(params, acli)
|
|
if err != nil {
|
|
logrus.Errorf("error creating private remote agent share for '%v' (%v): %v", params.Body.EnvZID, principal.Email, err)
|
|
return agent.NewRemoteShareBadGateway()
|
|
}
|
|
out.Token = token
|
|
|
|
case "reserved":
|
|
token, err := h.reservedShare(params, acli)
|
|
if err != nil {
|
|
logrus.Errorf("error creating reserved remote agent share for '%v' (%v): %v", params.Body.EnvZID, principal.Email, err)
|
|
return agent.NewRemoteShareBadGateway()
|
|
}
|
|
out.Token = token
|
|
}
|
|
|
|
return agent.NewRemoteShareOK().WithPayload(out)
|
|
}
|
|
|
|
func (h *agentRemoteShareHandler) publicShare(params agent.RemoteShareParams, client agentGrpc.AgentClient) (token string, frontendEndpoints []string, err error) {
|
|
req := &agentGrpc.SharePublicRequest{
|
|
Target: params.Body.Target,
|
|
BasicAuth: params.Body.BasicAuth,
|
|
FrontendSelection: params.Body.FrontendSelection,
|
|
BackendMode: params.Body.BackendMode,
|
|
Insecure: params.Body.Insecure,
|
|
OauthProvider: params.Body.OauthProvider,
|
|
OauthEmailAddressPatterns: params.Body.OauthEmailAddressPatterns,
|
|
OauthCheckInterval: params.Body.OauthCheckInterval,
|
|
Closed: !params.Body.Open,
|
|
AccessGrants: params.Body.AccessGrants,
|
|
}
|
|
resp, err := client.SharePublic(context.Background(), req)
|
|
if err != nil {
|
|
return "", nil, err
|
|
}
|
|
logrus.Infof("got token '%v'", resp.Token)
|
|
return resp.Token, resp.FrontendEndpoints, nil
|
|
}
|
|
|
|
func (h *agentRemoteShareHandler) privateShare(params agent.RemoteShareParams, client agentGrpc.AgentClient) (token string, err error) {
|
|
req := &agentGrpc.SharePrivateRequest{
|
|
Target: params.Body.Target,
|
|
BackendMode: params.Body.BackendMode,
|
|
Insecure: params.Body.Insecure,
|
|
Closed: !params.Body.Open,
|
|
AccessGrants: params.Body.AccessGrants,
|
|
}
|
|
resp, err := client.SharePrivate(context.Background(), req)
|
|
if err != nil {
|
|
return "", err
|
|
}
|
|
return resp.Token, nil
|
|
}
|
|
|
|
func (h *agentRemoteShareHandler) reservedShare(params agent.RemoteShareParams, client agentGrpc.AgentClient) (token string, err error) {
|
|
req := &agentGrpc.ShareReservedRequest{
|
|
Token: params.Body.Token,
|
|
OverrideEndpoint: params.Body.Target,
|
|
Insecure: params.Body.Insecure,
|
|
}
|
|
resp, err := client.ShareReserved(context.Background(), req)
|
|
if err != nil {
|
|
return "", err
|
|
}
|
|
return resp.Token, nil
|
|
}
|