mirror of
https://github.com/gravitl/netmaker.git
synced 2026-04-22 16:07:11 +08:00
Abhishek Kondur
edda2868fc
* feat(go): add user schema; * feat(go): migrate to user schema; * feat(go): add audit fields; * feat(go): remove unused fields from the network model; * feat(go): add network schema; * feat(go): migrate to network schema; * refactor(go): add comment to clarify migration logic; * fix(go): test failures; * fix(go): test failures; * feat(go): change membership table to store memberships at all scopes; * feat(go): add schema for access grants; * feat(go): remove nameservers from new networks table; ensure db passed for schema functions; * feat(go): set max conns for sqlite to 1; * fix(go): issues updating user account status; * refactor(go): remove converters and access grants; * refactor(go): add json tags in schema models; * refactor(go): rename file to migrate_v1_6_0.go; * refactor(go): add user groups and user roles tables; use schema tables; * refactor(go): inline get and list from schema package; * refactor(go): inline get network and list users from schema package; * fix(go): staticcheck issues; * fix(go): remove test not in use; fix test case; * fix(go): validate network; * fix(go): resolve static checks; * fix(go): new models errors; * fix(go): test errors; * fix(go): handle no records; * fix(go): add validations for user object; * fix(go): set correct extclient status; * fix(go): test error; * feat(go): make schema the base package; * feat(go): add host schema; * feat(go): use schema host everywhere; * feat(go): inline get host, list hosts and delete host; * feat(go): use non-ptr value; * feat(go): use save to upsert all fields; * feat(go): use save to upsert all fields; * feat(go): save turn endpoint as string; * feat(go): check for gorm error record not found; * fix(go): test failures; * fix(go): update all network fields; * fix(go): update all network fields; * feat(go): add paginated list networks api; * feat(go): add paginated list users api; * feat(go): add paginated list hosts api; * feat(go): add pagination to list groups api; * fix(go): comment; * fix(go): implement marshal and unmarshal text for custom types; * fix(go): implement marshal and unmarshal json for custom types; * fix(go): just use the old model for unmarshalling; * fix(go): implement marshal and unmarshal json for custom types; * feat(go): remove paginated list networks api; * feat(go): use custom paginated response object; * fix(go): ensure default values for page and per_page are used when not passed; * fix(go): rename v1.6.0 to v1.5.1; * fix(go): check for gorm.ErrRecordNotFound instead of database.IsEmptyRecord; * fix(go): use host id, not pending host id; * feat(go): add filters to paginated apis; * feat(go): add filters to paginated apis; * feat(go): remove check for max username length; * feat(go): add filters to count as well; * feat(go): use library to check email address validity; * feat(go): ignore pagination if params not passed; * fix(go): pagination issues; * fix(go): check exists before using; * fix(go): remove debug log; * fix(go): use gorm err record not found; * fix(go): use gorm err record not found; * fix(go): use user principal name when creating pending user; * fix(go): use schema package for consts; * fix(go): prevent disabling superadmin user; Co-authored-by: tenki-reviewer[bot] <262613592+tenki-reviewer[bot]@users.noreply.github.com> * fix(go): swap is admin and is superadmin; Co-authored-by: tenki-reviewer[bot] <262613592+tenki-reviewer[bot]@users.noreply.github.com> * fix(go): remove dead code block; https://github.com/gravitl/netmaker/pull/3910#discussion_r2928837937 * fix(go): incorrect message when trying to disable self; https://github.com/gravitl/netmaker/pull/3910#discussion_r2928837934 * fix(go): use correct header; Co-authored-by: tenki-reviewer[bot] <262613592+tenki-reviewer[bot]@users.noreply.github.com> * fix(go): return after error response; Co-authored-by: tenki-reviewer[bot] <262613592+tenki-reviewer[bot]@users.noreply.github.com> * fix(go): use correct order of params; https://github.com/gravitl/netmaker/pull/3910#discussion_r2929593036 * fix(go): set default values for page and page size; use v2 instead of /list; * Update logic/auth.go Co-authored-by: tenki-reviewer[bot] <262613592+tenki-reviewer[bot]@users.noreply.github.com> * Update schema/user_roles.go Co-authored-by: tenki-reviewer[bot] <262613592+tenki-reviewer[bot]@users.noreply.github.com> * fix(go): syntax error; * fix(go): set default values when page and per_page are not passed or 0; * fix(go): use uuid.parse instead of uuid.must parse; * fix(go): review errors; * fix(go): review errors; * Update controllers/user.go Co-authored-by: tenki-reviewer[bot] <262613592+tenki-reviewer[bot]@users.noreply.github.com> * Update controllers/user.go Co-authored-by: tenki-reviewer[bot] <262613592+tenki-reviewer[bot]@users.noreply.github.com> * NM-163: fix errors: * Update db/types/options.go Co-authored-by: tenki-reviewer[bot] <262613592+tenki-reviewer[bot]@users.noreply.github.com> * fix(go): persist return user in event; * Update db/types/options.go Co-authored-by: tenki-reviewer[bot] <262613592+tenki-reviewer[bot]@users.noreply.github.com> * NM-163: duplicate lines of code * NM-163: fix(go): fix missing return and filter parsing in user controller - Add missing return after error response in updateUserAccountStatus to prevent double-response and spurious ext-client side-effects - Use switch statements in listUsers to skip unrecognized account_status and mfa_status filter values * fix(go): check for both min and max page size; * fix(go): enclose transfer superadmin in transaction; * fix(go): review errors; * fix(go): remove free tier checks; * fix(go): review fixes; --------- Co-authored-by: VishalDalwadi <dalwadivishal26@gmail.com> Co-authored-by: Vishal Dalwadi <51291657+VishalDalwadi@users.noreply.github.com> Co-authored-by: tenki-reviewer[bot] <262613592+tenki-reviewer[bot]@users.noreply.github.com>
103 lines
2.8 KiB
Go
103 lines
2.8 KiB
Go
//go:build ee
|
|
// +build ee
|
|
|
|
package pro
|
|
|
|
import (
|
|
"context"
|
|
"fmt"
|
|
"time"
|
|
|
|
"github.com/gravitl/netmaker/db"
|
|
"github.com/gravitl/netmaker/logic"
|
|
"github.com/gravitl/netmaker/models"
|
|
"github.com/gravitl/netmaker/mq"
|
|
"github.com/gravitl/netmaker/schema"
|
|
"golang.org/x/exp/slog"
|
|
)
|
|
|
|
const unauthorisedUserNodeCheckInterval = 3 * time.Minute
|
|
|
|
// AddUnauthorisedUserNodeHooks - adds hook to prevent access from unauthorised (expired) user nodes
|
|
func AddUnauthorisedUserNodeHooks() {
|
|
slog.Debug("adding unauthorisedUserNode hook")
|
|
logic.HookManagerCh <- models.HookDetails{
|
|
ID: "unauthorised-users-hook",
|
|
Hook: logic.WrapHook(unauthorisedUserNodeHook),
|
|
Interval: unauthorisedUserNodeCheckInterval,
|
|
}
|
|
}
|
|
|
|
// unauthorisedUserNodeHook - checks if a user node should be disabled, using the user's last login time
|
|
func unauthorisedUserNodeHook() error {
|
|
slog.Debug("running unauthorisedUserNode hook")
|
|
|
|
users, err := logic.GetUsers()
|
|
if err != nil {
|
|
slog.Error("error getting users: ", "error", err)
|
|
return err
|
|
}
|
|
clients, err := logic.GetAllExtClients()
|
|
if err != nil {
|
|
slog.Error("error getting clients: ", "error", err)
|
|
return err
|
|
}
|
|
|
|
currentTime := time.Now()
|
|
validityDuration := logic.GetJwtValidityDuration()
|
|
for _, user := range users {
|
|
if user.PlatformRoleID == schema.AdminRole ||
|
|
user.PlatformRoleID == schema.SuperAdminRole {
|
|
continue
|
|
}
|
|
if !currentTime.After(user.LastLoginTime.Add(validityDuration)) {
|
|
continue
|
|
}
|
|
for _, client := range clients {
|
|
if client.RemoteAccessClientID == "" {
|
|
continue
|
|
}
|
|
if (client.OwnerID == user.UserName) &&
|
|
client.Enabled {
|
|
slog.Info(fmt.Sprintf("disabling user node %s for user %s: auth token expired", client.ClientID, client.OwnerID))
|
|
if err := disableExtClient(&client); err != nil {
|
|
slog.Error("error disabling user node", "error", err)
|
|
continue // dont return but try for other clients
|
|
}
|
|
}
|
|
}
|
|
}
|
|
|
|
slog.Debug("finished running unauthorisedUserNode hook")
|
|
return nil
|
|
}
|
|
|
|
func disableExtClient(client *models.ExtClient) error {
|
|
if newClient, err := logic.ToggleExtClientConnectivity(client, false); err != nil {
|
|
return err
|
|
} else {
|
|
// publish peer update to ingress gateway
|
|
if ingressNode, err := logic.GetNodeByID(newClient.IngressGatewayID); err == nil {
|
|
if err = mq.PublishPeerUpdate(false); err != nil {
|
|
slog.Error("error updating ext clients on", "ingress", ingressNode.ID.String(), "err", err.Error())
|
|
}
|
|
ingressHost := &schema.Host{
|
|
ID: ingressNode.HostID,
|
|
}
|
|
err := ingressHost.Get(db.WithContext(context.TODO()))
|
|
if err != nil {
|
|
return err
|
|
}
|
|
nodes, err := logic.GetAllNodes()
|
|
if err != nil {
|
|
return err
|
|
}
|
|
go mq.PublishSingleHostPeerUpdate(ingressHost, nodes, nil, []models.ExtClient{*client}, false, nil)
|
|
} else {
|
|
return err
|
|
}
|
|
}
|
|
|
|
return nil
|
|
}
|