From dc84d90be260d0a000fd4575e65e93c98b9279be Mon Sep 17 00:00:00 2001 From: abhishek9686 Date: Thu, 12 Sep 2024 12:13:37 +0400 Subject: [PATCH 1/7] ipv6 fix for mobile apps --- pro/controllers/users.go | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/pro/controllers/users.go b/pro/controllers/users.go index c3bd9df40..3ad82a837 100644 --- a/pro/controllers/users.go +++ b/pro/controllers/users.go @@ -5,6 +5,7 @@ import ( "encoding/json" "errors" "fmt" + "net" "net/http" "net/url" "strings" @@ -878,6 +879,9 @@ func getUserRemoteAccessGwsV1(w http.ResponseWriter, r *http.Request) { } gws := userGws[node.Network] + if net.ParseIP(extClient.IngressGatewayEndpoint).To16() != nil { + extClient.IngressGatewayEndpoint = fmt.Sprintf("[%s]", extClient.IngressGatewayEndpoint) + } extClient.AllowedIPs = logic.GetExtclientAllowedIPs(extClient) gws = append(gws, models.UserRemoteGws{ GwID: node.ID.String(), @@ -991,11 +995,15 @@ func getAllowedRagEndpoints(ragNode *models.Node, ragHost *models.Host) []string endpoints = append(endpoints, ragHost.EndpointIP.String()) } if len(ragHost.EndpointIPv6) > 0 { - endpoints = append(endpoints, ragHost.EndpointIPv6.String()) + endpoints = append(endpoints, fmt.Sprintf("[%s]", ragHost.EndpointIPv6.String())) } if servercfg.IsPro { for _, ip := range ragNode.AdditionalRagIps { - endpoints = append(endpoints, ip.String()) + if ip.To16() != nil { + endpoints = append(endpoints, fmt.Sprintf("[%s]", ip.String())) + } else { + endpoints = append(endpoints, ip.String()) + } } } return endpoints From 420ef8f9c2f4d120f3383ba25513d98e068971dc Mon Sep 17 00:00:00 2001 From: abhishek9686 Date: Sat, 14 Sep 2024 11:00:34 +0400 Subject: [PATCH 2/7] simplified RAC APIs --- models/structs.go | 10 ++ pro/controllers/users.go | 213 +++++++++++++++++++++++++++++++++++++++ pro/logic/user_mgmt.go | 25 +++++ 3 files changed, 248 insertions(+) diff --git a/models/structs.go b/models/structs.go index f8dd753f4..3cc20ca47 100644 --- a/models/structs.go +++ b/models/structs.go @@ -45,6 +45,16 @@ type UserRemoteGws struct { NetworkAddresses []string `json:"network_addresses"` } +// UserRAGs - struct for user access gws +type UserRAGs struct { + GwID string `json:"remote_access_gw_id"` + GWName string `json:"gw_name"` + Network string `json:"network"` + Connected bool `json:"connected"` + IsInternetGateway bool `json:"is_internet_gateway"` + Metadata string `json:"metadata"` +} + // UserRemoteGwsReq - struct to hold user remote acccess gws req type UserRemoteGwsReq struct { RemoteAccessClientID string `json:"remote_access_clientid"` diff --git a/pro/controllers/users.go b/pro/controllers/users.go index c3bd9df40..c60885ee0 100644 --- a/pro/controllers/users.go +++ b/pro/controllers/users.go @@ -58,6 +58,9 @@ func UserHandlers(r *mux.Router) { r.HandleFunc("/api/users/{username}/remote_access_gw/{remote_access_gateway_id}", logic.SecurityCheck(true, http.HandlerFunc(attachUserToRemoteAccessGw))).Methods(http.MethodPost) r.HandleFunc("/api/users/{username}/remote_access_gw/{remote_access_gateway_id}", logic.SecurityCheck(true, http.HandlerFunc(removeUserFromRemoteAccessGW))).Methods(http.MethodDelete) r.HandleFunc("/api/users/{username}/remote_access_gw", logic.SecurityCheck(false, logic.ContinueIfUserMatch(http.HandlerFunc(getUserRemoteAccessGwsV1)))).Methods(http.MethodGet) + r.HandleFunc("/api/v1/users/{username}/remote_access_gw/networks", logic.SecurityCheck(false, logic.ContinueIfUserMatch(http.HandlerFunc(getUserRemoteAccessNetworks)))).Methods(http.MethodGet) + r.HandleFunc("/api/v1/users/{username}/remote_access_gw/network/{network}", logic.SecurityCheck(false, logic.ContinueIfUserMatch(http.HandlerFunc(getUserRemoteAccessNetworkGateways)))).Methods(http.MethodGet) + r.HandleFunc("/api/v1/users/{username}/remote_access_gw/{remote_access_gateway_id}", logic.SecurityCheck(false, logic.ContinueIfUserMatch(http.HandlerFunc(getUserRemoteAccessNetworkGateways)))).Methods(http.MethodGet) r.HandleFunc("/api/users/ingress/{ingress_id}", logic.SecurityCheck(true, http.HandlerFunc(ingressGatewayUsers))).Methods(http.MethodGet) } @@ -815,6 +818,215 @@ func removeUserFromRemoteAccessGW(w http.ResponseWriter, r *http.Request) { json.NewEncoder(w).Encode(logic.ToReturnUser(*user)) } +// @Summary Get Users Remote Access Gw Networks. +// @Router /api/users/{username}/remote_access_gw [get] +// @Tags Users +// @Param username path string true "Username to fetch all the gateways with access" +// @Success 200 {object} map[string][]models.UserRemoteGws +// @Failure 500 {object} models.ErrorResponse +func getUserRemoteAccessNetworks(w http.ResponseWriter, r *http.Request) { + // set header. + w.Header().Set("Content-Type", "application/json") + var params = mux.Vars(r) + username := params["username"] + if username == "" { + logic.ReturnErrorResponse(w, r, logic.FormatError(errors.New("required params username"), "badrequest")) + return + } + + user, err := logic.GetUser(username) + if err != nil { + logger.Log(0, username, "failed to fetch user: ", err.Error()) + logic.ReturnErrorResponse(w, r, logic.FormatError(fmt.Errorf("failed to fetch user %s, error: %v", username, err), "badrequest")) + return + } + userGws := make(map[string][]models.UserRemoteGws) + networks := []models.Network{} + userGwNodes := proLogic.GetUserRAGNodes(*user) + for _, node := range userGwNodes { + network, err := logic.GetNetwork(node.Network) + if err != nil { + slog.Error("failed to get node network", "error", err) + continue + } + networks = append(networks, network) + } + + slog.Debug("returned user gws", "user", username, "gws", userGws) + logic.ReturnSuccessResponseWithJson(w, r, networks, "fetched user accessible networks") +} + +// @Summary Get Users Remote Access Gw Networks. +// @Router /api/users/{username}/remote_access_gw [get] +// @Tags Users +// @Param username path string true "Username to fetch all the gateways with access" +// @Success 200 {object} map[string][]models.UserRemoteGws +// @Failure 500 {object} models.ErrorResponse +func getUserRemoteAccessNetworkGateways(w http.ResponseWriter, r *http.Request) { + // set header. + w.Header().Set("Content-Type", "application/json") + var params = mux.Vars(r) + username := params["username"] + if username == "" { + logic.ReturnErrorResponse(w, r, logic.FormatError(errors.New("required params username"), "badrequest")) + return + } + network := params["network"] + if network == "" { + logic.ReturnErrorResponse(w, r, logic.FormatError(errors.New("required params network"), "badrequest")) + return + } + user, err := logic.GetUser(username) + if err != nil { + logger.Log(0, username, "failed to fetch user: ", err.Error()) + logic.ReturnErrorResponse(w, r, logic.FormatError(fmt.Errorf("failed to fetch user %s, error: %v", username, err), "badrequest")) + return + } + userGws := []models.UserRAGs{} + + userGwNodes := proLogic.GetUserRAGNodes(*user) + for _, node := range userGwNodes { + if node.Network != network { + continue + } + + host, err := logic.GetHost(node.HostID.String()) + if err != nil { + continue + } + + userGws = append(userGws, models.UserRAGs{ + GwID: node.ID.String(), + GWName: host.Name, + Network: node.Network, + IsInternetGateway: node.IsInternetGateway, + Metadata: node.Metadata, + }) + + } + + slog.Debug("returned user gws", "user", username, "gws", userGws) + logic.ReturnSuccessResponseWithJson(w, r, userGws, "fetched user accessible gateways in network "+network) +} + +// @Summary Get Users Remote Access Gw Networks. +// @Router /api/users/{username}/remote_access_gw [get] +// @Tags Users +// @Param username path string true "Username to fetch all the gateways with access" +// @Success 200 {object} map[string][]models.UserRemoteGws +// @Failure 500 {object} models.ErrorResponse +func getRemoteAccessGatewayConf(w http.ResponseWriter, r *http.Request) { + // set header. + w.Header().Set("Content-Type", "application/json") + var params = mux.Vars(r) + username := params["username"] + if username == "" { + logic.ReturnErrorResponse(w, r, logic.FormatError(errors.New("required params username"), "badrequest")) + return + } + remoteGwID := params["remote_access_gateway_id"] + if remoteGwID == "" { + logic.ReturnErrorResponse(w, r, logic.FormatError(errors.New("required params remote_access_gateway_id"), "badrequest")) + return + } + var req models.UserRemoteGwsReq + err := json.NewDecoder(r.Body).Decode(&req) + if err != nil { + slog.Error("error decoding request body: ", "error", err) + logic.ReturnErrorResponse(w, r, logic.FormatError(err, "badrequest")) + return + } + + user, err := logic.GetUser(username) + if err != nil { + logger.Log(0, username, "failed to fetch user: ", err.Error()) + logic.ReturnErrorResponse(w, r, logic.FormatError(fmt.Errorf("failed to fetch user %s, error: %v", username, err), "badrequest")) + return + } + node, err := logic.GetNodeByID(remoteGwID) + if err != nil { + logic.ReturnErrorResponse(w, r, logic.FormatError(fmt.Errorf("failed to fetch gw node %s, error: %v", remoteGwID, err), "badrequest")) + return + } + host, err := logic.GetHost(node.HostID.String()) + if err != nil { + logic.ReturnErrorResponse(w, r, logic.FormatError(fmt.Errorf("failed to fetch gw host %s, error: %v", remoteGwID, err), "badrequest")) + return + } + network, err := logic.GetNetwork(node.Network) + if err != nil { + slog.Error("failed to get node network", "error", err) + } + var userConf models.ExtClient + allextClients, err := logic.GetAllExtClients() + if err != nil { + logic.ReturnErrorResponse(w, r, logic.FormatError(err, "internal")) + return + } + for _, extClient := range allextClients { + if extClient.RemoteAccessClientID == req.RemoteAccessClientID && extClient.OwnerID == username { + userConf = extClient + userConf.AllowedIPs = logic.GetExtclientAllowedIPs(extClient) + } + } + if userConf.ClientID == "" { + // create a new conf + userConf.OwnerID = user.UserName + userConf.RemoteAccessClientID = req.RemoteAccessClientID + userConf.IngressGatewayID = node.ID.String() + + // set extclient dns to ingressdns if extclient dns is not explicitly set + if (userConf.DNS == "") && (node.IngressDNS != "") { + userConf.DNS = node.IngressDNS + } + + userConf.Network = node.Network + host, err := logic.GetHost(node.HostID.String()) + if err != nil { + logger.Log(0, r.Header.Get("user"), + fmt.Sprintf("failed to get ingress gateway host for node [%s] info: %v", node.ID, err)) + logic.ReturnErrorResponse(w, r, logic.FormatError(err, "internal")) + return + } + listenPort := logic.GetPeerListenPort(host) + userConf.IngressGatewayEndpoint = fmt.Sprintf("%s:%d", host.EndpointIP.String(), listenPort) + userConf.Enabled = true + parentNetwork, err := logic.GetNetwork(node.Network) + if err == nil { // check if parent network default ACL is enabled (yes) or not (no) + userConf.Enabled = parentNetwork.DefaultACL == "yes" + } + if err = logic.CreateExtClient(&userConf); err != nil { + slog.Error( + "failed to create extclient", + "user", + r.Header.Get("user"), + "network", + node.Network, + "error", + err, + ) + logic.ReturnErrorResponse(w, r, logic.FormatError(err, "internal")) + return + } + } + userGw := models.UserRemoteGws{ + GwID: node.ID.String(), + GWName: host.Name, + Network: node.Network, + GwClient: userConf, + Connected: true, + IsInternetGateway: node.IsInternetGateway, + GwPeerPublicKey: host.PublicKey.String(), + GwListenPort: logic.GetPeerListenPort(host), + Metadata: node.Metadata, + AllowedEndpoints: getAllowedRagEndpoints(&node, host), + NetworkAddresses: []string{network.AddressRange, network.AddressRange6}, + } + + slog.Debug("returned user gw config", "user", user.UserName, "gws", userGw) + logic.ReturnSuccessResponseWithJson(w, r, userGw, "fetched user config to gw "+remoteGwID) +} + // @Summary Get Users Remote Access Gw. // @Router /api/users/{username}/remote_access_gw [get] // @Tags Users @@ -875,6 +1087,7 @@ func getUserRemoteAccessGwsV1(w http.ResponseWriter, r *http.Request) { network, err := logic.GetNetwork(node.Network) if err != nil { slog.Error("failed to get node network", "error", err) + continue } gws := userGws[node.Network] diff --git a/pro/logic/user_mgmt.go b/pro/logic/user_mgmt.go index 84c5987bb..745b2dcb8 100644 --- a/pro/logic/user_mgmt.go +++ b/pro/logic/user_mgmt.go @@ -508,6 +508,31 @@ func HasNetworkRsrcScope(permissionTemplate models.UserRolePermissionTemplate, n _, ok = rsrcScope[rsrcID] return ok } + +func DoesUserHaveAccessToRAGNode(user models.User, node models.Node) bool { + userGwAccessScope := GetUserNetworkRolesWithRemoteVPNAccess(user) + logger.Log(3, fmt.Sprintf("User Gw Access Scope: %+v", userGwAccessScope)) + _, allNetAccess := userGwAccessScope["*"] + if node.IsIngressGateway && !node.PendingDelete { + if allNetAccess { + return true + } else { + gwRsrcMap := userGwAccessScope[models.NetworkID(node.Network)] + scope, ok := gwRsrcMap[models.AllRemoteAccessGwRsrcID] + if !ok { + if scope, ok = gwRsrcMap[models.RsrcID(node.ID.String())]; !ok { + return false + } + } + if scope.VPNaccess { + return true + } + + } + } + return false +} + func GetUserRAGNodes(user models.User) (gws map[string]models.Node) { gws = make(map[string]models.Node) userGwAccessScope := GetUserNetworkRolesWithRemoteVPNAccess(user) From b456788d6def130827031ffb2cfb98104053b5c8 Mon Sep 17 00:00:00 2001 From: abhishek9686 Date: Sat, 14 Sep 2024 11:44:31 +0400 Subject: [PATCH 3/7] add response to invite api --- pro/controllers/users.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pro/controllers/users.go b/pro/controllers/users.go index c60885ee0..3788094f7 100644 --- a/pro/controllers/users.go +++ b/pro/controllers/users.go @@ -265,7 +265,7 @@ func inviteUsers(w http.ResponseWriter, r *http.Request) { } }(invite) } - + logic.ReturnSuccessResponse(w, r, "triggered user invites") } // swagger:route GET /api/v1/users/invites user listUserInvites From 7b0bfb0fb32bbba9328378706975ab3b6c64dcec Mon Sep 17 00:00:00 2001 From: abhishek9686 Date: Tue, 17 Sep 2024 11:18:58 +0400 Subject: [PATCH 4/7] fix get config api --- pro/controllers/users.go | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/pro/controllers/users.go b/pro/controllers/users.go index 3788094f7..9fa9dda0c 100644 --- a/pro/controllers/users.go +++ b/pro/controllers/users.go @@ -60,7 +60,7 @@ func UserHandlers(r *mux.Router) { r.HandleFunc("/api/users/{username}/remote_access_gw", logic.SecurityCheck(false, logic.ContinueIfUserMatch(http.HandlerFunc(getUserRemoteAccessGwsV1)))).Methods(http.MethodGet) r.HandleFunc("/api/v1/users/{username}/remote_access_gw/networks", logic.SecurityCheck(false, logic.ContinueIfUserMatch(http.HandlerFunc(getUserRemoteAccessNetworks)))).Methods(http.MethodGet) r.HandleFunc("/api/v1/users/{username}/remote_access_gw/network/{network}", logic.SecurityCheck(false, logic.ContinueIfUserMatch(http.HandlerFunc(getUserRemoteAccessNetworkGateways)))).Methods(http.MethodGet) - r.HandleFunc("/api/v1/users/{username}/remote_access_gw/{remote_access_gateway_id}", logic.SecurityCheck(false, logic.ContinueIfUserMatch(http.HandlerFunc(getUserRemoteAccessNetworkGateways)))).Methods(http.MethodGet) + r.HandleFunc("/api/v1/users/{username}/remote_access_gw/{remote_access_gateway_id}", logic.SecurityCheck(false, logic.ContinueIfUserMatch(http.HandlerFunc(getRemoteAccessGatewayConf)))).Methods(http.MethodGet) r.HandleFunc("/api/users/ingress/{ingress_id}", logic.SecurityCheck(true, http.HandlerFunc(ingressGatewayUsers))).Methods(http.MethodGet) } @@ -842,6 +842,7 @@ func getUserRemoteAccessNetworks(w http.ResponseWriter, r *http.Request) { } userGws := make(map[string][]models.UserRemoteGws) networks := []models.Network{} + networkMap := make(map[string]struct{}) userGwNodes := proLogic.GetUserRAGNodes(*user) for _, node := range userGwNodes { network, err := logic.GetNetwork(node.Network) @@ -849,6 +850,10 @@ func getUserRemoteAccessNetworks(w http.ResponseWriter, r *http.Request) { slog.Error("failed to get node network", "error", err) continue } + if _, ok := networkMap[network.NetID]; ok { + continue + } + networkMap[network.NetID] = struct{}{} networks = append(networks, network) } @@ -964,6 +969,9 @@ func getRemoteAccessGatewayConf(w http.ResponseWriter, r *http.Request) { return } for _, extClient := range allextClients { + if extClient.Network != network.NetID || extClient.IngressGatewayID != node.ID.String() { + continue + } if extClient.RemoteAccessClientID == req.RemoteAccessClientID && extClient.OwnerID == username { userConf = extClient userConf.AllowedIPs = logic.GetExtclientAllowedIPs(extClient) From cd56333f044731da2a3b85a03c3aee41e845b57a Mon Sep 17 00:00:00 2001 From: abhishek9686 Date: Tue, 17 Sep 2024 13:36:25 +0400 Subject: [PATCH 5/7] fix middleware for auth --- controllers/middleware.go | 4 ++++ pro/controllers/users.go | 13 +++++++++++-- pro/logic/security.go | 3 +++ 3 files changed, 18 insertions(+), 2 deletions(-) diff --git a/controllers/middleware.go b/controllers/middleware.go index bfc88aa46..f0d7395e7 100644 --- a/controllers/middleware.go +++ b/controllers/middleware.go @@ -28,6 +28,7 @@ func userMiddleWare(handler http.Handler) http.Handler { r.Header.Set("TARGET_RSRC", "") r.Header.Set("RSRC_TYPE", "") r.Header.Set("TARGET_RSRC_ID", "") + r.Header.Set("RAC", "") r.Header.Set("NET_ID", params["network"]) if strings.Contains(route, "hosts") || strings.Contains(route, "nodes") { r.Header.Set("TARGET_RSRC", models.HostRsrc.String()) @@ -36,6 +37,9 @@ func userMiddleWare(handler http.Handler) http.Handler { r.Header.Set("TARGET_RSRC", models.DnsRsrc.String()) } if strings.Contains(route, "users") { + if strings.Contains(route, "remote_access_gw") { + r.Header.Set("RAC", "true") + } r.Header.Set("TARGET_RSRC", models.UserRsrc.String()) } if strings.Contains(route, "ingress") { diff --git a/pro/controllers/users.go b/pro/controllers/users.go index 6307f0a29..e4a45d4fb 100644 --- a/pro/controllers/users.go +++ b/pro/controllers/users.go @@ -59,7 +59,7 @@ func UserHandlers(r *mux.Router) { r.HandleFunc("/api/users/{username}/remote_access_gw/{remote_access_gateway_id}", logic.SecurityCheck(true, http.HandlerFunc(attachUserToRemoteAccessGw))).Methods(http.MethodPost) r.HandleFunc("/api/users/{username}/remote_access_gw/{remote_access_gateway_id}", logic.SecurityCheck(true, http.HandlerFunc(removeUserFromRemoteAccessGW))).Methods(http.MethodDelete) r.HandleFunc("/api/users/{username}/remote_access_gw", logic.SecurityCheck(false, logic.ContinueIfUserMatch(http.HandlerFunc(getUserRemoteAccessGwsV1)))).Methods(http.MethodGet) - r.HandleFunc("/api/v1/users/{username}/remote_access_gw/networks", logic.SecurityCheck(false, logic.ContinueIfUserMatch(http.HandlerFunc(getUserRemoteAccessNetworks)))).Methods(http.MethodGet) + r.HandleFunc("/api/v1/users/{username}/remote_access_gw_network", logic.SecurityCheck(false, logic.ContinueIfUserMatch(http.HandlerFunc(getUserRemoteAccessNetworks)))).Methods(http.MethodGet) r.HandleFunc("/api/v1/users/{username}/remote_access_gw/network/{network}", logic.SecurityCheck(false, logic.ContinueIfUserMatch(http.HandlerFunc(getUserRemoteAccessNetworkGateways)))).Methods(http.MethodGet) r.HandleFunc("/api/v1/users/{username}/remote_access_gw/{remote_access_gateway_id}", logic.SecurityCheck(false, logic.ContinueIfUserMatch(http.HandlerFunc(getRemoteAccessGatewayConf)))).Methods(http.MethodGet) r.HandleFunc("/api/users/ingress/{ingress_id}", logic.SecurityCheck(true, http.HandlerFunc(ingressGatewayUsers))).Methods(http.MethodGet) @@ -949,6 +949,11 @@ func getRemoteAccessGatewayConf(w http.ResponseWriter, r *http.Request) { logic.ReturnErrorResponse(w, r, logic.FormatError(fmt.Errorf("failed to fetch user %s, error: %v", username, err), "badrequest")) return } + userGwNodes := proLogic.GetUserRAGNodes(*user) + if _, ok := userGwNodes[remoteGwID]; !ok { + logic.ReturnErrorResponse(w, r, logic.FormatError(errors.New("access denied"), "forbidden")) + return + } node, err := logic.GetNodeByID(remoteGwID) if err != nil { logic.ReturnErrorResponse(w, r, logic.FormatError(fmt.Errorf("failed to fetch gw node %s, error: %v", remoteGwID, err), "badrequest")) @@ -998,7 +1003,11 @@ func getRemoteAccessGatewayConf(w http.ResponseWriter, r *http.Request) { return } listenPort := logic.GetPeerListenPort(host) - userConf.IngressGatewayEndpoint = fmt.Sprintf("%s:%d", host.EndpointIP.String(), listenPort) + if host.EndpointIP.To4() == nil { + userConf.IngressGatewayEndpoint = fmt.Sprintf("[%s]:%d", host.EndpointIPv6.String(), listenPort) + } else { + userConf.IngressGatewayEndpoint = fmt.Sprintf("%s:%d", host.EndpointIP.String(), listenPort) + } userConf.Enabled = true parentNetwork, err := logic.GetNetwork(node.Network) if err == nil { // check if parent network default ACL is enabled (yes) or not (no) diff --git a/pro/logic/security.go b/pro/logic/security.go index fcc6d73cd..0bda7e026 100644 --- a/pro/logic/security.go +++ b/pro/logic/security.go @@ -50,6 +50,9 @@ func NetworkPermissionsCheck(username string, r *http.Request) error { if targetRsrc == "" { return errors.New("target rsrc is missing") } + if r.Header.Get("RAC") == "true" && r.Method == http.MethodGet { + return nil + } if netID == "" { return errors.New("network id is missing") } From e29fe235eaad81c1f357d5965db0927e8dd92d4c Mon Sep 17 00:00:00 2001 From: abhishek9686 Date: Fri, 20 Sep 2024 15:59:10 +0400 Subject: [PATCH 6/7] add separate controller for rac apis --- controllers/middleware.go | 6 +++--- pro/controllers/rac.go | 14 ++++++++++++ pro/controllers/users.go | 45 ++++++++++++--------------------------- pro/initialize.go | 1 + 4 files changed, 32 insertions(+), 34 deletions(-) create mode 100644 pro/controllers/rac.go diff --git a/controllers/middleware.go b/controllers/middleware.go index f0d7395e7..cf417c568 100644 --- a/controllers/middleware.go +++ b/controllers/middleware.go @@ -36,10 +36,10 @@ func userMiddleWare(handler http.Handler) http.Handler { if strings.Contains(route, "dns") { r.Header.Set("TARGET_RSRC", models.DnsRsrc.String()) } + if strings.Contains(route, "rac") { + r.Header.Set("RAC", "true") + } if strings.Contains(route, "users") { - if strings.Contains(route, "remote_access_gw") { - r.Header.Set("RAC", "true") - } r.Header.Set("TARGET_RSRC", models.UserRsrc.String()) } if strings.Contains(route, "ingress") { diff --git a/pro/controllers/rac.go b/pro/controllers/rac.go new file mode 100644 index 000000000..0d1b127fd --- /dev/null +++ b/pro/controllers/rac.go @@ -0,0 +1,14 @@ +package controllers + +import ( + "net/http" + + "github.com/gorilla/mux" + "github.com/gravitl/netmaker/logic" +) + +func RacHandlers(r *mux.Router) { + r.HandleFunc("/api/v1/rac/networks", logic.SecurityCheck(false, http.HandlerFunc(getUserRemoteAccessNetworks))).Methods(http.MethodGet) + r.HandleFunc("/api/v1/rac/network/{network}/access_points", logic.SecurityCheck(false, http.HandlerFunc(getUserRemoteAccessNetworkGateways))).Methods(http.MethodGet) + r.HandleFunc("/api/v1/rac/access_point/{access_point_id}/config", logic.SecurityCheck(false, http.HandlerFunc(getRemoteAccessGatewayConf))).Methods(http.MethodGet) +} diff --git a/pro/controllers/users.go b/pro/controllers/users.go index e4a45d4fb..ae0a42ca2 100644 --- a/pro/controllers/users.go +++ b/pro/controllers/users.go @@ -59,9 +59,6 @@ func UserHandlers(r *mux.Router) { r.HandleFunc("/api/users/{username}/remote_access_gw/{remote_access_gateway_id}", logic.SecurityCheck(true, http.HandlerFunc(attachUserToRemoteAccessGw))).Methods(http.MethodPost) r.HandleFunc("/api/users/{username}/remote_access_gw/{remote_access_gateway_id}", logic.SecurityCheck(true, http.HandlerFunc(removeUserFromRemoteAccessGW))).Methods(http.MethodDelete) r.HandleFunc("/api/users/{username}/remote_access_gw", logic.SecurityCheck(false, logic.ContinueIfUserMatch(http.HandlerFunc(getUserRemoteAccessGwsV1)))).Methods(http.MethodGet) - r.HandleFunc("/api/v1/users/{username}/remote_access_gw_network", logic.SecurityCheck(false, logic.ContinueIfUserMatch(http.HandlerFunc(getUserRemoteAccessNetworks)))).Methods(http.MethodGet) - r.HandleFunc("/api/v1/users/{username}/remote_access_gw/network/{network}", logic.SecurityCheck(false, logic.ContinueIfUserMatch(http.HandlerFunc(getUserRemoteAccessNetworkGateways)))).Methods(http.MethodGet) - r.HandleFunc("/api/v1/users/{username}/remote_access_gw/{remote_access_gateway_id}", logic.SecurityCheck(false, logic.ContinueIfUserMatch(http.HandlerFunc(getRemoteAccessGatewayConf)))).Methods(http.MethodGet) r.HandleFunc("/api/users/ingress/{ingress_id}", logic.SecurityCheck(true, http.HandlerFunc(ingressGatewayUsers))).Methods(http.MethodGet) } @@ -828,13 +825,7 @@ func removeUserFromRemoteAccessGW(w http.ResponseWriter, r *http.Request) { func getUserRemoteAccessNetworks(w http.ResponseWriter, r *http.Request) { // set header. w.Header().Set("Content-Type", "application/json") - var params = mux.Vars(r) - username := params["username"] - if username == "" { - logic.ReturnErrorResponse(w, r, logic.FormatError(errors.New("required params username"), "badrequest")) - return - } - + username := r.Header.Get("user") user, err := logic.GetUser(username) if err != nil { logger.Log(0, username, "failed to fetch user: ", err.Error()) @@ -872,9 +863,11 @@ func getUserRemoteAccessNetworkGateways(w http.ResponseWriter, r *http.Request) // set header. w.Header().Set("Content-Type", "application/json") var params = mux.Vars(r) - username := params["username"] - if username == "" { - logic.ReturnErrorResponse(w, r, logic.FormatError(errors.New("required params username"), "badrequest")) + username := r.Header.Get("user") + user, err := logic.GetUser(username) + if err != nil { + logger.Log(0, username, "failed to fetch user: ", err.Error()) + logic.ReturnErrorResponse(w, r, logic.FormatError(fmt.Errorf("failed to fetch user %s, error: %v", username, err), "badrequest")) return } network := params["network"] @@ -882,12 +875,6 @@ func getUserRemoteAccessNetworkGateways(w http.ResponseWriter, r *http.Request) logic.ReturnErrorResponse(w, r, logic.FormatError(errors.New("required params network"), "badrequest")) return } - user, err := logic.GetUser(username) - if err != nil { - logger.Log(0, username, "failed to fetch user: ", err.Error()) - logic.ReturnErrorResponse(w, r, logic.FormatError(fmt.Errorf("failed to fetch user %s, error: %v", username, err), "badrequest")) - return - } userGws := []models.UserRAGs{} userGwNodes := proLogic.GetUserRAGNodes(*user) @@ -925,30 +912,26 @@ func getRemoteAccessGatewayConf(w http.ResponseWriter, r *http.Request) { // set header. w.Header().Set("Content-Type", "application/json") var params = mux.Vars(r) - username := params["username"] - if username == "" { - logic.ReturnErrorResponse(w, r, logic.FormatError(errors.New("required params username"), "badrequest")) + username := r.Header.Get("user") + user, err := logic.GetUser(username) + if err != nil { + logger.Log(0, username, "failed to fetch user: ", err.Error()) + logic.ReturnErrorResponse(w, r, logic.FormatError(fmt.Errorf("failed to fetch user %s, error: %v", username, err), "badrequest")) return } - remoteGwID := params["remote_access_gateway_id"] + remoteGwID := params["access_point_id"] if remoteGwID == "" { - logic.ReturnErrorResponse(w, r, logic.FormatError(errors.New("required params remote_access_gateway_id"), "badrequest")) + logic.ReturnErrorResponse(w, r, logic.FormatError(errors.New("required params access_point_id"), "badrequest")) return } var req models.UserRemoteGwsReq - err := json.NewDecoder(r.Body).Decode(&req) + err = json.NewDecoder(r.Body).Decode(&req) if err != nil { slog.Error("error decoding request body: ", "error", err) logic.ReturnErrorResponse(w, r, logic.FormatError(err, "badrequest")) return } - user, err := logic.GetUser(username) - if err != nil { - logger.Log(0, username, "failed to fetch user: ", err.Error()) - logic.ReturnErrorResponse(w, r, logic.FormatError(fmt.Errorf("failed to fetch user %s, error: %v", username, err), "badrequest")) - return - } userGwNodes := proLogic.GetUserRAGNodes(*user) if _, ok := userGwNodes[remoteGwID]; !ok { logic.ReturnErrorResponse(w, r, logic.FormatError(errors.New("access denied"), "forbidden")) diff --git a/pro/initialize.go b/pro/initialize.go index 1c6ba8a1c..3a41b1e38 100644 --- a/pro/initialize.go +++ b/pro/initialize.go @@ -33,6 +33,7 @@ func InitPro() { proControllers.UserHandlers, proControllers.FailOverHandlers, proControllers.InetHandlers, + proControllers.RacHandlers, ) controller.ListRoles = proControllers.ListRoles logic.EnterpriseCheckFuncs = append(logic.EnterpriseCheckFuncs, func() { From 2bd0c92428d5fe90e2fb27b67bab4f11a4e91926 Mon Sep 17 00:00:00 2001 From: abhishek9686 Date: Tue, 1 Oct 2024 17:46:18 +0400 Subject: [PATCH 7/7] Revert "ipv6 fix for mobile apps" This reverts commit dc84d90be260d0a000fd4575e65e93c98b9279be. --- pro/controllers/users.go | 12 ++---------- 1 file changed, 2 insertions(+), 10 deletions(-) diff --git a/pro/controllers/users.go b/pro/controllers/users.go index bff52acfa..d5ea4ddb0 100644 --- a/pro/controllers/users.go +++ b/pro/controllers/users.go @@ -5,7 +5,6 @@ import ( "encoding/json" "errors" "fmt" - "net" "net/http" "net/url" "strings" @@ -1092,9 +1091,6 @@ func getUserRemoteAccessGwsV1(w http.ResponseWriter, r *http.Request) { } gws := userGws[node.Network] - if net.ParseIP(extClient.IngressGatewayEndpoint).To16() != nil { - extClient.IngressGatewayEndpoint = fmt.Sprintf("[%s]", extClient.IngressGatewayEndpoint) - } extClient.AllowedIPs = logic.GetExtclientAllowedIPs(extClient) gws = append(gws, models.UserRemoteGws{ GwID: node.ID.String(), @@ -1208,15 +1204,11 @@ func getAllowedRagEndpoints(ragNode *models.Node, ragHost *models.Host) []string endpoints = append(endpoints, ragHost.EndpointIP.String()) } if len(ragHost.EndpointIPv6) > 0 { - endpoints = append(endpoints, fmt.Sprintf("[%s]", ragHost.EndpointIPv6.String())) + endpoints = append(endpoints, ragHost.EndpointIPv6.String()) } if servercfg.IsPro { for _, ip := range ragNode.AdditionalRagIps { - if ip.To16() != nil { - endpoints = append(endpoints, fmt.Sprintf("[%s]", ip.String())) - } else { - endpoints = append(endpoints, ip.String()) - } + endpoints = append(endpoints, ip.String()) } } return endpoints