fix duplicate hosts entries

pro/controllers/users.go

@@ -445,6 +445,13 @@ func updateUserGroup(w http.ResponseWriter, r *http.Request) {
 //
 //			Responses:
 //				200: userBodyResponse
+//
+// @Summary     Delete user group.
+// @Router      /api/v1/user/group [delete]
+// @Tags        Users
+// @Param       group_id param string true "group id required to delete the role"
+// @Success     200 {string} string
+// @Failure     500 {object} models.ErrorResponse
 func deleteUserGroup(w http.ResponseWriter, r *http.Request) {
 
 	gid, _ := url.QueryUnescape(r.URL.Query().Get("group_id"))
@@ -460,17 +467,12 @@ func deleteUserGroup(w http.ResponseWriter, r *http.Request) {
 	logic.ReturnSuccessResponseWithJson(w, r, nil, "deleted user group")
 }
 
-// swagger:route GET /api/v1/user/roles user listRoles
-//
-// lists all user roles.
-//
-//			Schemes: https
-//
-//			Security:
-//	  		oauth
-//
-//			Responses:
-//				200: userBodyResponse
+// @Summary     lists all user roles.
+// @Router      /api/v1/user/roles [get]
+// @Tags        Users
+// @Param       role_id param string true "roleid required to get the role details"
+// @Success     200 {object}  []models.UserRolePermissionTemplate
+// @Failure     500 {object} models.ErrorResponse
 func listRoles(w http.ResponseWriter, r *http.Request) {
 	platform, _ := url.QueryUnescape(r.URL.Query().Get("platform"))
 	var roles []models.UserRolePermissionTemplate
@@ -491,17 +493,12 @@ func listRoles(w http.ResponseWriter, r *http.Request) {
 	logic.ReturnSuccessResponseWithJson(w, r, roles, "successfully fetched user roles permission templates")
 }
 
-// swagger:route GET /api/v1/user/role user getRole
-//
-// Get user role permission templates.
-//
-//			Schemes: https
-//
-//			Security:
-//	  		oauth
-//
-//			Responses:
-//				200: userBodyResponse
+// @Summary     Get user role permission template.
+// @Router      /api/v1/user/role [get]
+// @Tags        Users
+// @Param       role_id param string true "roleid required to get the role details"
+// @Success     200 {object} models.UserRolePermissionTemplate
+// @Failure     500 {object} models.ErrorResponse
 func getRole(w http.ResponseWriter, r *http.Request) {
 	rid, _ := url.QueryUnescape(r.URL.Query().Get("role_id"))
 	if rid == "" {
@@ -519,17 +516,12 @@ func getRole(w http.ResponseWriter, r *http.Request) {
 	logic.ReturnSuccessResponseWithJson(w, r, role, "successfully fetched user role permission templates")
 }
 
-// swagger:route POST /api/v1/user/role user createRole
-//
-// Create user role permission template.
-//
-//			Schemes: https
-//
-//			Security:
-//	  		oauth
-//
-//			Responses:
-//				200: userBodyResponse
+// @Summary     Create user role permission template.
+// @Router      /api/v1/user/role [post]
+// @Tags        Users
+// @Param       body models.UserRolePermissionTemplate true "user role template"
+// @Success     200 {object}  models.UserRolePermissionTemplate
+// @Failure     500 {object} models.ErrorResponse
 func createRole(w http.ResponseWriter, r *http.Request) {
 	var userRole models.UserRolePermissionTemplate
 	err := json.NewDecoder(r.Body).Decode(&userRole)
@@ -554,17 +546,12 @@ func createRole(w http.ResponseWriter, r *http.Request) {
 	logic.ReturnSuccessResponseWithJson(w, r, userRole, "created user role")
 }
 
-// swagger:route PUT /api/v1/user/role user updateRole
-//
-// Update user role permission template.
-//
-//			Schemes: https
-//
-//			Security:
-//	  		oauth
-//
-//			Responses:
-//				200: userBodyResponse
+// @Summary     Update user role permission template.
+// @Router      /api/v1/user/role [put]
+// @Tags        Users
+// @Param       body models.UserRolePermissionTemplate true "user role template"
+// @Success     200 {object} userBodyResponse
+// @Failure     500 {object} models.ErrorResponse
 func updateRole(w http.ResponseWriter, r *http.Request) {
 	var userRole models.UserRolePermissionTemplate
 	err := json.NewDecoder(r.Body).Decode(&userRole)
@@ -588,17 +575,12 @@ func updateRole(w http.ResponseWriter, r *http.Request) {
 	logic.ReturnSuccessResponseWithJson(w, r, userRole, "updated user role")
 }
 
-// swagger:route DELETE /api/v1/user/role user deleteRole
-//
-// Delete user role permission template.
-//
-//			Schemes: https
-//
-//			Security:
-//	  		oauth
-//
-//			Responses:
-//				200: userBodyResponse
+// @Summary     Delete user role permission template.
+// @Router      /api/v1/user/role [delete]
+// @Tags        Users
+// @Param       role_id param string true "roleid required to delete the role"
+// @Success     200 {string} string
+// @Failure     500 {object} models.ErrorResponse
 func deleteRole(w http.ResponseWriter, r *http.Request) {
 
 	rid, _ := url.QueryUnescape(r.URL.Query().Get("role_id"))
@@ -611,7 +593,7 @@ func deleteRole(w http.ResponseWriter, r *http.Request) {
 		logic.ReturnErrorResponse(w, r, logic.FormatError(err, "internal"))
 		return
 	}
-	logic.ReturnSuccessResponseWithJson(w, r, nil, "created user role")
+	logic.ReturnSuccessResponseWithJson(w, r, nil, "deleted user role")
 }
 
 // @Summary     Attach user to a remote access gateway
@@ -783,6 +765,12 @@ func removeUserFromRemoteAccessGW(w http.ResponseWriter, r *http.Request) {
 	json.NewEncoder(w).Encode(logic.ToReturnUser(*user))
 }
 
+// @Summary     Get Users Remote Access Gw.
+// @Router      /api/users/{username}/remote_access_gw [get]
+// @Tags        Users
+// @Param       username path string true "Username to fetch all the gateways with access"
+// @Success     200 {object} map[string][]models.UserRemoteGws
+// @Failure     500 {object} models.ErrorResponse
 func getUserRemoteAccessGwsV1(w http.ResponseWriter, r *http.Request) {
 	// set header.
 	w.Header().Set("Content-Type", "application/json")
@@ -919,222 +907,6 @@ func getUserRemoteAccessGwsV1(w http.ResponseWriter, r *http.Request) {
 	json.NewEncoder(w).Encode(userGws)
 }
 
-// swagger:route GET "/api/users/{username}/remote_access_gw" nodes getUserRemoteAccessGws
-//
-// Get an individual node.
-//
-//			Schemes: https
-//
-//			Security:
-//	  		oauth
-//
-//			Responses:
-//				200: nodeResponse
-func getUserRemoteAccessGws(w http.ResponseWriter, r *http.Request) {
-	// set header.
-	w.Header().Set("Content-Type", "application/json")
-
-	var params = mux.Vars(r)
-	username := params["username"]
-	if username == "" {
-		logic.ReturnErrorResponse(
-			w,
-			r,
-			logic.FormatError(errors.New("required params username"), "badrequest"),
-		)
-		return
-	}
-	remoteAccessClientID := r.URL.Query().Get("remote_access_clientid")
-	var req models.UserRemoteGwsReq
-	if remoteAccessClientID == "" {
-		err := json.NewDecoder(r.Body).Decode(&req)
-		if err != nil {
-			slog.Error("error decoding request body: ", "error", err)
-			logic.ReturnErrorResponse(w, r, logic.FormatError(err, "badrequest"))
-			return
-		}
-	}
-	reqFromMobile := r.URL.Query().Get("from_mobile") == "true"
-	if req.RemoteAccessClientID == "" && remoteAccessClientID == "" {
-		logic.ReturnErrorResponse(
-			w,
-			r,
-			logic.FormatError(errors.New("remote access client id cannot be empty"), "badrequest"),
-		)
-		return
-	}
-	if req.RemoteAccessClientID == "" {
-		req.RemoteAccessClientID = remoteAccessClientID
-	}
-	userGws := make(map[string][]models.UserRemoteGws)
-	user, err := logic.GetUser(username)
-	if err != nil {
-		logger.Log(0, username, "failed to fetch user: ", err.Error())
-		logic.ReturnErrorResponse(
-			w,
-			r,
-			logic.FormatError(
-				fmt.Errorf("failed to fetch user %s, error: %v", username, err),
-				"badrequest",
-			),
-		)
-		return
-	}
-	allextClients, err := logic.GetAllExtClients()
-	if err != nil {
-		logic.ReturnErrorResponse(w, r, logic.FormatError(err, "internal"))
-		return
-	}
-
-	processedAdminNodeIds := make(map[string]struct{})
-	for _, extClient := range allextClients {
-		if extClient.RemoteAccessClientID == req.RemoteAccessClientID &&
-			extClient.OwnerID == username {
-			node, err := logic.GetNodeByID(extClient.IngressGatewayID)
-			if err != nil {
-				continue
-			}
-			if node.PendingDelete {
-				continue
-			}
-			if !node.IsIngressGateway {
-				continue
-			}
-			host, err := logic.GetHost(node.HostID.String())
-			if err != nil {
-				continue
-			}
-			network, err := logic.GetNetwork(node.Network)
-			if err != nil {
-				slog.Error("failed to get node network", "error", err)
-			}
-
-			if _, ok := user.RemoteGwIDs[node.ID.String()]; (user.PlatformRoleID != models.AdminRole && user.PlatformRoleID != models.SuperAdminRole) && ok {
-				gws := userGws[node.Network]
-				extClient.AllowedIPs = logic.GetExtclientAllowedIPs(extClient)
-				gws = append(gws, models.UserRemoteGws{
-					GwID:              node.ID.String(),
-					GWName:            host.Name,
-					Network:           node.Network,
-					GwClient:          extClient,
-					Connected:         true,
-					IsInternetGateway: node.IsInternetGateway,
-					GwPeerPublicKey:   host.PublicKey.String(),
-					GwListenPort:      logic.GetPeerListenPort(host),
-					Metadata:          node.Metadata,
-					AllowedEndpoints:  getAllowedRagEndpoints(&node, host),
-					NetworkAddresses:  []string{network.AddressRange, network.AddressRange6},
-				})
-				userGws[node.Network] = gws
-				delete(user.RemoteGwIDs, node.ID.String())
-			} else {
-				gws := userGws[node.Network]
-				extClient.AllowedIPs = logic.GetExtclientAllowedIPs(extClient)
-				gws = append(gws, models.UserRemoteGws{
-					GwID:              node.ID.String(),
-					GWName:            host.Name,
-					Network:           node.Network,
-					GwClient:          extClient,
-					Connected:         true,
-					IsInternetGateway: node.IsInternetGateway,
-					GwPeerPublicKey:   host.PublicKey.String(),
-					GwListenPort:      logic.GetPeerListenPort(host),
-					Metadata:          node.Metadata,
-					AllowedEndpoints:  getAllowedRagEndpoints(&node, host),
-					NetworkAddresses:  []string{network.AddressRange, network.AddressRange6},
-				})
-				userGws[node.Network] = gws
-				processedAdminNodeIds[node.ID.String()] = struct{}{}
-			}
-		}
-	}
-
-	// add remaining gw nodes to resp
-	if user.PlatformRoleID != models.AdminRole && user.PlatformRoleID != models.SuperAdminRole {
-		for gwID := range user.RemoteGwIDs {
-			node, err := logic.GetNodeByID(gwID)
-			if err != nil {
-				continue
-			}
-			if !node.IsIngressGateway {
-				continue
-			}
-			if node.PendingDelete {
-				continue
-			}
-			host, err := logic.GetHost(node.HostID.String())
-			if err != nil {
-				continue
-			}
-			network, err := logic.GetNetwork(node.Network)
-			if err != nil {
-				slog.Error("failed to get node network", "error", err)
-			}
-			gws := userGws[node.Network]
-
-			gws = append(gws, models.UserRemoteGws{
-				GwID:              node.ID.String(),
-				GWName:            host.Name,
-				Network:           node.Network,
-				IsInternetGateway: node.IsInternetGateway,
-				GwPeerPublicKey:   host.PublicKey.String(),
-				GwListenPort:      logic.GetPeerListenPort(host),
-				Metadata:          node.Metadata,
-				AllowedEndpoints:  getAllowedRagEndpoints(&node, host),
-				NetworkAddresses:  []string{network.AddressRange, network.AddressRange6},
-			})
-			userGws[node.Network] = gws
-		}
-	} else {
-		allNodes, err := logic.GetAllNodes()
-		if err != nil {
-			slog.Error("failed to fetch all nodes", "error", err)
-			logic.ReturnErrorResponse(w, r, logic.FormatError(err, "internal"))
-			return
-		}
-		for _, node := range allNodes {
-			_, ok := processedAdminNodeIds[node.ID.String()]
-			if node.IsIngressGateway && !node.PendingDelete && !ok {
-				host, err := logic.GetHost(node.HostID.String())
-				if err != nil {
-					slog.Error("failed to fetch host", "error", err)
-					continue
-				}
-				network, err := logic.GetNetwork(node.Network)
-				if err != nil {
-					slog.Error("failed to get node network", "error", err)
-				}
-				gws := userGws[node.Network]
-
-				gws = append(gws, models.UserRemoteGws{
-					GwID:              node.ID.String(),
-					GWName:            host.Name,
-					Network:           node.Network,
-					IsInternetGateway: node.IsInternetGateway,
-					GwPeerPublicKey:   host.PublicKey.String(),
-					GwListenPort:      logic.GetPeerListenPort(host),
-					Metadata:          node.Metadata,
-					AllowedEndpoints:  getAllowedRagEndpoints(&node, host),
-					NetworkAddresses:  []string{network.AddressRange, network.AddressRange6},
-				})
-				userGws[node.Network] = gws
-			}
-		}
-	}
-	if reqFromMobile {
-		// send resp in array format
-		userGwsArr := []models.UserRemoteGws{}
-		for _, userGwI := range userGws {
-			userGwsArr = append(userGwsArr, userGwI...)
-		}
-		logic.ReturnSuccessResponseWithJson(w, r, userGwsArr, "fetched gateways for user"+username)
-		return
-	}
-	slog.Debug("returned user gws", "user", username, "gws", userGws)
-	w.WriteHeader(http.StatusOK)
-	json.NewEncoder(w).Encode(userGws)
-}
-
 // @Summary     List users attached to an remote access gateway
 // @Router      /api/nodes/{network}/{nodeid}/ingress/users [get]
 // @Tags        PRO

pro/logic/user_mgmt.go

@@ -516,7 +516,6 @@ func HasNetworkRsrcScope(permissionTemplate models.UserRolePermissionTemplate, n
 	return ok
 }
 func GetUserRAGNodes(user models.User) (gws map[string]models.Node) {
-	logger.Log(0, "------------> 7. getUserRemoteAccessGwsV1")
 	gws = make(map[string]models.Node)
 	userGwAccessScope := GetUserNetworkRolesWithRemoteVPNAccess(user)
 	logger.Log(0, fmt.Sprintf("User Gw Access Scope: %+v", userGwAccessScope))
@@ -525,7 +524,6 @@ func GetUserRAGNodes(user models.User) (gws map[string]models.Node) {
 	if err != nil {
 		return
 	}
-	logger.Log(0, fmt.Sprintf("------------> 8. getUserRemoteAccessGwsV1 %+v", allNetAccess))
 	for _, node := range nodes {
 		if node.IsIngressGateway && !node.PendingDelete {
 			if allNetAccess {
@@ -545,14 +543,12 @@ func GetUserRAGNodes(user models.User) (gws map[string]models.Node) {
 			}
 		}
 	}
-	logger.Log(0, "------------> 9. getUserRemoteAccessGwsV1")
 	return
 }
 
 // GetUserNetworkRoles - get user network roles
 func GetUserNetworkRolesWithRemoteVPNAccess(user models.User) (gwAccess map[models.NetworkID]map[models.RsrcID]models.RsrcPermissionScope) {
 	gwAccess = make(map[models.NetworkID]map[models.RsrcID]models.RsrcPermissionScope)
-	logger.Log(0, "------------> 7.1 getUserRemoteAccessGwsV1")
 	platformRole, err := logic.GetRole(user.PlatformRoleID)
 	if err != nil {
 		return
@@ -564,7 +560,6 @@ func GetUserNetworkRolesWithRemoteVPNAccess(user models.User) (gwAccess map[mode
 	if _, ok := user.NetworkRoles[models.AllNetworks]; ok {
 		gwAccess[models.NetworkID("*")] = make(map[models.RsrcID]models.RsrcPermissionScope)
 	}
-	logger.Log(0, "------------> 7.2 getUserRemoteAccessGwsV1")
 	if len(user.UserGroups) > 0 {
 		for gID := range user.UserGroups {
 			userG, err := GetUserGroup(gID)
@@ -664,18 +659,18 @@ func GetUserNetworkRolesWithRemoteVPNAccess(user models.User) (gwAccess map[mode
 		}
 	}
 
-	logger.Log(0, "------------> 7.3 getUserRemoteAccessGwsV1")
 	return
 }
 
 func GetFilteredNodesByUserAccess(user models.User, nodes []models.Node) (filteredNodes []models.Node) {
 
 	nodesMap := make(map[string]struct{})
-	allNetworkRoles := []models.UserRoleID{}
+	allNetworkRoles := make(map[models.UserRoleID]struct{})
+
 	if len(user.NetworkRoles) > 0 {
 		for _, netRoles := range user.NetworkRoles {
 			for netRoleI := range netRoles {
-				allNetworkRoles = append(allNetworkRoles, netRoleI)
+				allNetworkRoles[netRoleI] = struct{}{}
 			}
 		}
 	}
@@ -692,14 +687,14 @@ func GetFilteredNodesByUserAccess(user models.User, nodes []models.Node) (filter
 					}
 					for _, netRoles := range userG.NetworkRoles {
 						for netRoleI := range netRoles {
-							allNetworkRoles = append(allNetworkRoles, netRoleI)
+							allNetworkRoles[netRoleI] = struct{}{}
 						}
 					}
 				}
 			}
 		}
 	}
-	for _, networkRoleID := range allNetworkRoles {
+	for networkRoleID := range allNetworkRoles {
 		userPermTemplate, err := logic.GetRole(networkRoleID)
 		if err != nil {
 			continue
@@ -735,6 +730,7 @@ func GetFilteredNodesByUserAccess(user models.User, nodes []models.Node) (filter
 					if scope.Read {
 						gwNode, err := logic.GetNodeByID(gwID.String())
 						if err == nil && gwNode.IsIngressGateway {
+							nodesMap[gwNode.ID.String()] = struct{}{}
 							filteredNodes = append(filteredNodes, gwNode)
 						}
 					}