fix user registration via netclient

auth/host_session.go

@@ -85,24 +85,29 @@ func SessionHandler(conn *websocket.Conn) {
 			return
 		}
 		req.Pass = req.Host.ID.String()
-		// user, err := logic.GetUser(req.User)
-		// if err != nil {
-		// 	logger.Log(0, "failed to get user", req.User, "from database")
-		// 	err = conn.WriteMessage(websocket.CloseMessage, websocket.FormatCloseMessage(websocket.CloseNormalClosure, ""))
-		// 	if err != nil {
-		// 		logger.Log(0, "error during message writing:", err.Error())
-		// 	}
-		// 	return
-		// }
-		// if !user.IsAdmin && !user.IsSuperAdmin {
-		// 	logger.Log(0, "user", req.User, "is neither an admin or superadmin. denying registeration")
-		// 	conn.WriteMessage(messageType, []byte("cannot register with a non-admin or non-superadmin"))
-		// 	err = conn.WriteMessage(websocket.CloseMessage, websocket.FormatCloseMessage(websocket.CloseNormalClosure, ""))
-		// 	if err != nil {
-		// 		logger.Log(0, "error during message writing:", err.Error())
-		// 	}
-		// 	return
-		// }
+		user, err := logic.GetUser(req.User)
+		if err != nil {
+			logger.Log(0, "failed to get user", req.User, "from database")
+			logic.InsertPendingUser(&models.User{
+				UserName: req.User,
+			})
+			conn.WriteMessage(messageType, []byte("waiting for admin approval"))
+			err = conn.WriteMessage(websocket.CloseMessage, websocket.FormatCloseMessage(websocket.CloseNormalClosure, ""))
+			if err != nil {
+				logger.Log(0, "error during message writing:", err.Error())
+			}
+			return
+		}
+		if user.PlatformRoleID != models.AdminRole && user.PlatformRoleID != models.SuperAdminRole {
+			// check if user has access to network
+			if !logic.IsUserAllowedAccessToNetwork(*user, models.NetworkID(registerMessage.Network)) {
+				err = conn.WriteMessage(websocket.CloseMessage, websocket.FormatCloseMessage(websocket.CloseNormalClosure, ""))
+				if err != nil {
+					logger.Log(0, "error during message writing:", err.Error())
+				}
+				return
+			}
+		}
 
 		if err = netcache.Set(stateStr, req); err != nil { // give the user's host access in the DB
 			logger.Log(0, "machine failed to complete join on network,", registerMessage.Network, "-", err.Error())

logic/user_mgmt.go

@@ -24,6 +24,10 @@ var GetFilteredNodesByUserAccess = func(user models.User, nodes []models.Node) (
 	return
 }
 
+var IsUserAllowedAccessToNetwork = func(user models.User, networkID models.NetworkID) bool {
+	return false
+}
+
 var CreateRole = func(r models.UserRolePermissionTemplate) error {
 	return nil
 }

models/host.go

@@ -72,6 +72,7 @@ type Host struct {
 	NatType             string           `json:"nat_type,omitempty"      yaml:"nat_type,omitempty"`
 	TurnEndpoint        *netip.AddrPort  `json:"turn_endpoint,omitempty" yaml:"turn_endpoint,omitempty"`
 	PersistentKeepalive time.Duration    `json:"persistentkeepalive"     yaml:"persistentkeepalive"`
+	OwnerID             string           `json:"owner_id" yaml:"owner_id"`
 }
 
 // FormatBool converts a boolean to a [yes|no] string

pro/initialize.go

@@ -133,6 +133,7 @@ func InitPro() {
 	logic.IsNetworkRolesValid = proLogic.IsNetworkRolesValid
 	logic.InitialiseRoles = proLogic.UserRolesInit
 	logic.UpdateUserGwAccess = proLogic.UpdateUserGwAccess
+	logic.IsUserAllowedAccessToNetwork = proLogic.IsUserAllowedAccessToNetwork
 }
 
 func retrieveProLogo() string {

pro/logic/user_mgmt.go

@@ -1034,3 +1034,18 @@ func UpdateUserGwAccess(currentUser, changeUser models.User) {
 	}
 
 }
+
+func IsUserAllowedAccessToNetwork(user models.User, networkID models.NetworkID) bool {
+	for userGID := range user.UserGroups {
+		userG, err := GetUserGroup(userGID)
+		if err == nil {
+			if _, ok := userG.NetworkRoles[networkID]; ok {
+				return true
+			}
+		}
+	}
+	if _, ok := user.NetworkRoles[networkID]; ok {
+		return true
+	}
+	return false
+}