From f340f462cd1a838d8160fd6a20ce8d9bc06f074f Mon Sep 17 00:00:00 2001 From: CrazyBolillo Date: Mon, 29 Jul 2024 23:47:33 -0600 Subject: [PATCH] feat: implement bouncer This service authorizes calls and converts extensions to users. This information can be used in Asterisk to take action. --- Makefile | 2 +- cmd/main.go | 5 +++ docs/swagger.yaml | 39 +++++++++++++++++++ internal/bouncer/bouncer.go | 43 +++++++++++++++++++++ internal/handler/authorization.go | 63 +++++++++++++++++++++++++++++++ internal/sqlc/queries.sql.go | 29 ++++++++++++-- queries.sql | 17 ++++++++- 7 files changed, 191 insertions(+), 7 deletions(-) create mode 100644 internal/bouncer/bouncer.go create mode 100644 internal/handler/authorization.go diff --git a/Makefile b/Makefile index 73772d8..a43b797 100644 --- a/Makefile +++ b/Makefile @@ -4,4 +4,4 @@ docs: swag init --generalInfo cmd/main.go --outputTypes=yaml swagger: - docker run --detach -p 4000:8080 -e API_URL=/doc/swagger.yaml --mount 'type=bind,src=$(shell pwd)/docs,dst=/usr/share/nginx/html/doc' swaggerapi/swagger-ui + docker run --detach --name eryth-swagger -p 4000:8080 -e API_URL=/doc/swagger.yaml --mount 'type=bind,src=$(shell pwd)/docs,dst=/usr/share/nginx/html/doc' swaggerapi/swagger-ui diff --git a/cmd/main.go b/cmd/main.go index da70f64..5124677 100644 --- a/cmd/main.go +++ b/cmd/main.go @@ -3,6 +3,7 @@ package main import ( "context" "fmt" + "github.com/crazybolillo/eryth/internal/bouncer" "github.com/crazybolillo/eryth/internal/handler" "github.com/go-chi/chi/v5" "github.com/go-chi/chi/v5/middleware" @@ -75,6 +76,10 @@ func serve(ctx context.Context) error { endpoint := handler.Endpoint{Conn: conn} r.Mount("/endpoint", endpoint.Router()) + checker := &bouncer.Bouncer{Conn: conn} + authorization := handler.Authorization{Bouncer: checker} + r.Mount("/bouncer", authorization.Router()) + slog.Info("Listening on :8080") return http.ListenAndServe(":8080", r) } diff --git a/docs/swagger.yaml b/docs/swagger.yaml index 2134417..1f76aeb 100644 --- a/docs/swagger.yaml +++ b/docs/swagger.yaml @@ -1,4 +1,18 @@ definitions: + bouncer.Response: + properties: + allow: + type: boolean + destination: + type: string + type: object + handler.AuthorizationRequest: + properties: + endpoint: + type: string + extension: + type: string + type: object handler.createEndpointRequest: properties: codecs: @@ -43,6 +57,31 @@ info: title: Asterisk Administration API version: "1.0" paths: + /bouncer: + post: + consumes: + - application/json + parameters: + - description: Action to be reviewed + in: body + name: payload + required: true + schema: + $ref: '#/definitions/handler.AuthorizationRequest' + produces: + - application/json + responses: + "200": + description: OK + schema: + $ref: '#/definitions/bouncer.Response' + "400": + description: Bad Request + "500": + description: Internal Server Error + summary: Determine whether the specified action (call) is allowed or not. + tags: + - bouncer /endpoint: post: consumes: diff --git a/internal/bouncer/bouncer.go b/internal/bouncer/bouncer.go new file mode 100644 index 0000000..7928f54 --- /dev/null +++ b/internal/bouncer/bouncer.go @@ -0,0 +1,43 @@ +package bouncer + +import ( + "context" + "github.com/crazybolillo/eryth/internal/db" + "github.com/crazybolillo/eryth/internal/sqlc" + "github.com/jackc/pgx/v5" + "log/slog" +) + +type Response struct { + Allow bool `json:"allow"` + Destination string `json:"destination"` +} + +type Bouncer struct { + *pgx.Conn +} + +func (b *Bouncer) Check(ctx context.Context, endpoint, dialed string) Response { + result := Response{ + Allow: false, + Destination: "", + } + + tx, err := b.Begin(ctx) + if err != nil { + slog.Error("Unable to start transaction", slog.String("reason", err.Error())) + return result + } + + queries := sqlc.New(tx) + destination, err := queries.GetEndpointByExtension(ctx, db.Text(dialed)) + if err != nil { + slog.Error("Failed to retrieve endpoint", slog.String("dialed", dialed), slog.String("reason", err.Error())) + return result + } + + return Response{ + Allow: true, + Destination: destination, + } +} diff --git a/internal/handler/authorization.go b/internal/handler/authorization.go new file mode 100644 index 0000000..f01a8e9 --- /dev/null +++ b/internal/handler/authorization.go @@ -0,0 +1,63 @@ +package handler + +import ( + "context" + "encoding/json" + "github.com/crazybolillo/eryth/internal/bouncer" + "github.com/go-chi/chi/v5" + "log/slog" + "net/http" +) + +type CallBouncer interface { + Check(ctx context.Context, endpoint, dialed string) bouncer.Response +} + +type Authorization struct { + Bouncer CallBouncer +} + +type AuthorizationRequest struct { + From string `json:"endpoint"` + Extension string `json:"extension"` +} + +func (e *Authorization) Router() chi.Router { + r := chi.NewRouter() + r.Post("/", e.post) + + return r +} + +// @Summary Determine whether the specified action (call) is allowed or not. +// @Accept json +// @Produce json +// @Param payload body AuthorizationRequest true "Action to be reviewed" +// @Success 200 {object} bouncer.Response +// @Failure 400 +// @Failure 500 +// @Tags bouncer +// @Router /bouncer [post] +func (e *Authorization) post(w http.ResponseWriter, r *http.Request) { + var payload AuthorizationRequest + decoder := json.NewDecoder(r.Body) + err := decoder.Decode(&payload) + if err != nil { + w.WriteHeader(http.StatusBadRequest) + return + } + + response := e.Bouncer.Check(r.Context(), payload.From, payload.Extension) + content, err := json.Marshal(response) + if err != nil { + w.WriteHeader(http.StatusInternalServerError) + return + } + + w.Header().Set("Content-Type", "application/json") + _, err = w.Write(content) + if err != nil { + slog.Error("Failed to write response", slog.String("path", r.URL.Path), slog.String("reason", err.Error())) + } + w.WriteHeader(http.StatusOK) +} diff --git a/internal/sqlc/queries.sql.go b/internal/sqlc/queries.sql.go index a767e92..5c8c1a9 100644 --- a/internal/sqlc/queries.sql.go +++ b/internal/sqlc/queries.sql.go @@ -38,18 +38,39 @@ func (q *Queries) DeleteEndpoint(ctx context.Context, id string) error { return err } -const listEndpoints = `-- name: ListEndpoints :many +const getEndpointByExtension = `-- name: GetEndpointByExtension :one SELECT - id, context, transport + ps_endpoints.id FROM ps_endpoints +INNER JOIN + ery_extension ee on ps_endpoints.sid = ee.endpoint_id +WHERE + ee.extension = $1 +` + +func (q *Queries) GetEndpointByExtension(ctx context.Context, extension pgtype.Text) (string, error) { + row := q.db.QueryRow(ctx, getEndpointByExtension, extension) + var id string + err := row.Scan(&id) + return id, err +} + +const listEndpoints = `-- name: ListEndpoints :many +SELECT + pe.id, pe.context, ee.extension +FROM + ps_endpoints pe +LEFT JOIN + ery_extension ee +ON ee.endpoint_id = pe.sid LIMIT $1 ` type ListEndpointsRow struct { ID string `json:"id"` Context pgtype.Text `json:"context"` - Transport pgtype.Text `json:"transport"` + Extension pgtype.Text `json:"extension"` } func (q *Queries) ListEndpoints(ctx context.Context, limit int32) ([]ListEndpointsRow, error) { @@ -61,7 +82,7 @@ func (q *Queries) ListEndpoints(ctx context.Context, limit int32) ([]ListEndpoin var items []ListEndpointsRow for rows.Next() { var i ListEndpointsRow - if err := rows.Scan(&i.ID, &i.Context, &i.Transport); err != nil { + if err := rows.Scan(&i.ID, &i.Context, &i.Extension); err != nil { return nil, err } items = append(items, i) diff --git a/queries.sql b/queries.sql index 8825860..128ebc1 100644 --- a/queries.sql +++ b/queries.sql @@ -28,9 +28,12 @@ DELETE FROM ps_auths WHERE id = $1; -- name: ListEndpoints :many SELECT - id, context, transport + pe.id, pe.context, ee.extension FROM - ps_endpoints + ps_endpoints pe +LEFT JOIN + ery_extension ee +ON ee.endpoint_id = pe.sid LIMIT $1; -- name: NewExtension :exec @@ -38,3 +41,13 @@ INSERT INTO ery_extension (endpoint_id, extension) VALUES ($1, $2); + +-- name: GetEndpointByExtension :one +SELECT + ps_endpoints.id +FROM + ps_endpoints +INNER JOIN + ery_extension ee on ps_endpoints.sid = ee.endpoint_id +WHERE + ee.extension = $1;