move common func back to auth from pro/auth

auth/auth.go

@@ -0,0 +1,110 @@
+package auth
+
+import (
+	"encoding/base64"
+	"encoding/json"
+	"fmt"
+
+	"github.com/gravitl/netmaker/logger"
+	"github.com/gravitl/netmaker/logic"
+	"github.com/gravitl/netmaker/models"
+	"golang.org/x/crypto/bcrypt"
+	"golang.org/x/exp/slog"
+	"golang.org/x/oauth2"
+)
+
+// == consts ==
+const (
+	node_signin_length = 64
+)
+
+var (
+	auth_provider *oauth2.Config
+)
+
+// IsOauthUser - returns
+func IsOauthUser(user *models.User) error {
+	var currentValue, err = FetchPassValue("")
+	if err != nil {
+		return err
+	}
+	var bCryptErr = bcrypt.CompareHashAndPassword([]byte(user.Password), []byte(currentValue))
+	return bCryptErr
+}
+
+func FetchPassValue(newValue string) (string, error) {
+
+	type valueHolder struct {
+		Value string `json:"value" bson:"value"`
+	}
+	newValueHolder := valueHolder{}
+	var currentValue, err = logic.FetchAuthSecret()
+	if err != nil {
+		return "", err
+	}
+	var unmarshErr = json.Unmarshal([]byte(currentValue), &newValueHolder)
+	if unmarshErr != nil {
+		return "", unmarshErr
+	}
+
+	var b64CurrentValue, b64Err = base64.StdEncoding.DecodeString(newValueHolder.Value)
+	if b64Err != nil {
+		logger.Log(0, "could not decode pass")
+		return "", nil
+	}
+	return string(b64CurrentValue), nil
+}
+
+// == private ==
+
+func addUser(email string) error {
+	var hasSuperAdmin, err = logic.HasSuperAdmin()
+	if err != nil {
+		slog.Error("error checking for existence of admin user during OAuth login for", "email", email, "error", err)
+		return err
+	} // generate random password to adapt to current model
+	var newPass, fetchErr = FetchPassValue("")
+	if fetchErr != nil {
+		slog.Error("failed to get password", "error", fetchErr.Error())
+		return fetchErr
+	}
+	var newUser = models.User{
+		UserName: email,
+		Password: newPass,
+	}
+	if !hasSuperAdmin { // must be first attempt, create a superadmin
+		logger.Log(0, "creating superadmin")
+		if err = logic.CreateSuperAdmin(&newUser); err != nil {
+			slog.Error("error creating super admin from user", "email", email, "error", err)
+		} else {
+			slog.Info("superadmin created from user", "email", email)
+		}
+	} else { // otherwise add to db as admin..?
+		// TODO: add ability to add users with preemptive permissions
+		newUser.IsAdmin = false
+		if err = logic.CreateUser(&newUser); err != nil {
+			logger.Log(0, "error creating user,", email, "; user not added", "error", err.Error())
+		} else {
+			logger.Log(0, "user created from ", email)
+		}
+	}
+	return nil
+}
+
+func isUserIsAllowed(username, network string, shouldAddUser bool) (*models.User, error) {
+
+	user, err := logic.GetUser(username)
+	if err != nil && shouldAddUser { // user must not exist, so try to make one
+		if err = addUser(username); err != nil {
+			logger.Log(0, "failed to add user", username, "during a node SSO network join on network", network)
+			// response := returnErrTemplate(user.UserName, "failed to add user", state, reqKeyIf)
+			// w.WriteHeader(http.StatusInternalServerError)
+			// w.Write(response)
+			return nil, fmt.Errorf("failed to add user to system")
+		}
+		logger.Log(0, "user", username, "was added during a node SSO network join on network", network)
+		user, _ = logic.GetUser(username)
+	}
+
+	return user, nil
+}

pro/auth/host_session.go → auth/host_session.go

@@ -118,7 +118,7 @@ func SessionHandler(conn *websocket.Conn) {
 			return
 		}
 		logger.Log(0, "user registration attempted with host:", registerMessage.RegisterHost.Name, "via SSO")
-		redirectUrl = fmt.Sprintf("https://%s/api/oauth/register/%s", servercfg.GetAPIConnString(), stateStr)
+		redirectUrl := fmt.Sprintf("https://%s/api/oauth/register/%s", servercfg.GetAPIConnString(), stateStr)
 		err = conn.WriteMessage(messageType, []byte(redirectUrl))
 		if err != nil {
 			logger.Log(0, "error during message writing:", err.Error())

controllers/enrollmentkeys.go

@@ -10,11 +10,11 @@ import (
 	"github.com/google/uuid"
 	"github.com/gorilla/mux"
 
+	"github.com/gravitl/netmaker/auth"
 	"github.com/gravitl/netmaker/logger"
 	"github.com/gravitl/netmaker/logic"
 	"github.com/gravitl/netmaker/models"
 	"github.com/gravitl/netmaker/mq"
-	"github.com/gravitl/netmaker/pro/auth"
 	"github.com/gravitl/netmaker/servercfg"
 	"golang.org/x/exp/slog"
 )

controllers/node.go

@@ -202,7 +202,7 @@ func Authorize(hostAllowed, networkCheck bool, authNetwork string, next http.Han
 			}
 
 			isnetadmin := issuperadmin || isadmin
-			if errN == nil && (issuperadmin || isadmin) {
+			if issuperadmin || isadmin {
 				nodeID = "mastermac"
 				isAuthorized = true
 				r.Header.Set("ismasterkey", "yes")

controllers/user.go

@@ -8,12 +8,12 @@ import (
 
 	"github.com/gorilla/mux"
 	"github.com/gorilla/websocket"
+	"github.com/gravitl/netmaker/auth"
 	"github.com/gravitl/netmaker/database"
 	"github.com/gravitl/netmaker/logger"
 	"github.com/gravitl/netmaker/logic"
 	"github.com/gravitl/netmaker/models"
 	"github.com/gravitl/netmaker/mq"
-	"github.com/gravitl/netmaker/pro/auth"
 	"github.com/gravitl/netmaker/servercfg"
 	"golang.org/x/exp/slog"
 )
@@ -115,7 +115,7 @@ func authenticateUser(response http.ResponseWriter, request *http.Request) {
 	successJSONResponse, jsonError := json.Marshal(successResponse)
 	if jsonError != nil {
 		logger.Log(0, username,
-			"error marshalling resp: ", err.Error())
+			"error marshalling resp: ", jsonError.Error())
 		logic.ReturnErrorResponse(response, request, errorResponse)
 		return
 	}

pro/auth/auth.go

@@ -1,24 +1,18 @@
 package auth
 
 import (
-	"encoding/base64"
-	"encoding/json"
 	"errors"
 	"fmt"
 	"net/http"
 	"strings"
 	"time"
 
-	"golang.org/x/crypto/bcrypt"
-	"golang.org/x/exp/slog"
-	"golang.org/x/oauth2"
-
 	"github.com/gorilla/websocket"
 	"github.com/gravitl/netmaker/logger"
 	"github.com/gravitl/netmaker/logic"
 	"github.com/gravitl/netmaker/logic/pro/netcache"
-	"github.com/gravitl/netmaker/models"
 	"github.com/gravitl/netmaker/servercfg"
+	"golang.org/x/oauth2"
 )
 
 // == consts ==
@@ -153,16 +147,6 @@ func HandleAuthLogin(w http.ResponseWriter, r *http.Request) {
 	functions[handle_login].(func(http.ResponseWriter, *http.Request))(w, r)
 }
 
-// IsOauthUser - returns
-func IsOauthUser(user *models.User) error {
-	var currentValue, err = FetchPassValue("")
-	if err != nil {
-		return err
-	}
-	var bCryptErr = bcrypt.CompareHashAndPassword([]byte(user.Password), []byte(currentValue))
-	return bCryptErr
-}
-
 // HandleHeadlessSSO - handles the OAuth login flow for headless interfaces such as Netmaker CLI via websocket
 func HandleHeadlessSSO(w http.ResponseWriter, r *http.Request) {
 	conn, err := upgrader.Upgrade(w, r, nil)
@@ -239,63 +223,6 @@ func HandleHeadlessSSO(w http.ResponseWriter, r *http.Request) {
 
 // == private methods ==
 
-func addUser(email string) error {
-	var hasSuperAdmin, err = logic.HasSuperAdmin()
-	if err != nil {
-		slog.Error("error checking for existence of admin user during OAuth login for", "email", email, "error", err)
-		return err
-	} // generate random password to adapt to current model
-	var newPass, fetchErr = FetchPassValue("")
-	if fetchErr != nil {
-		slog.Error("failed to get password", "error", err.Error())
-		return fetchErr
-	}
-	var newUser = models.User{
-		UserName: email,
-		Password: newPass,
-	}
-	if !hasSuperAdmin { // must be first attempt, create a superadmin
-		logger.Log(0, "creating superadmin")
-		if err = logic.CreateSuperAdmin(&newUser); err != nil {
-			slog.Error("error creating super admin from user", "email", email, "error", err)
-		} else {
-			slog.Info("superadmin created from user", "email", email)
-		}
-	} else { // otherwise add to db as admin..?
-		// TODO: add ability to add users with preemptive permissions
-		newUser.IsAdmin = false
-		if err = logic.CreateUser(&newUser); err != nil {
-			logger.Log(0, "error creating user,", email, "; user not added", "error", err.Error())
-		} else {
-			logger.Log(0, "user created from ", email)
-		}
-	}
-	return nil
-}
-
-func FetchPassValue(newValue string) (string, error) {
-
-	type valueHolder struct {
-		Value string `json:"value" bson:"value"`
-	}
-	newValueHolder := valueHolder{}
-	var currentValue, err = logic.FetchAuthSecret()
-	if err != nil {
-		return "", err
-	}
-	var unmarshErr = json.Unmarshal([]byte(currentValue), &newValueHolder)
-	if unmarshErr != nil {
-		return "", unmarshErr
-	}
-
-	var b64CurrentValue, b64Err = base64.StdEncoding.DecodeString(newValueHolder.Value)
-	if b64Err != nil {
-		logger.Log(0, "could not decode pass")
-		return "", nil
-	}
-	return string(b64CurrentValue), nil
-}
-
 func getStateAndCode(r *http.Request) (string, string) {
 	var state, code string
 	if r.FormValue("state") != "" && r.FormValue("code") != "" {

pro/auth/azure-ad.go

@@ -7,6 +7,7 @@ import (
 	"io"
 	"net/http"
 
+	"github.com/gravitl/netmaker/auth"
 	"github.com/gravitl/netmaker/database"
 	"github.com/gravitl/netmaker/logger"
 	"github.com/gravitl/netmaker/logic"
@@ -96,7 +97,7 @@ func handleAzureCallback(w http.ResponseWriter, r *http.Request) {
 		handleOauthUserNotAllowed(w)
 		return
 	}
-	var newPass, fetchErr = FetchPassValue("")
+	var newPass, fetchErr = auth.FetchPassValue("")
 	if fetchErr != nil {
 		return
 	}

pro/auth/github.go

@@ -7,6 +7,7 @@ import (
 	"io"
 	"net/http"
 
+	"github.com/gravitl/netmaker/auth"
 	"github.com/gravitl/netmaker/database"
 	"github.com/gravitl/netmaker/logger"
 	"github.com/gravitl/netmaker/logic"
@@ -96,7 +97,7 @@ func handleGithubCallback(w http.ResponseWriter, r *http.Request) {
 		handleOauthUserNotAllowed(w)
 		return
 	}
-	var newPass, fetchErr = FetchPassValue("")
+	var newPass, fetchErr = auth.FetchPassValue("")
 	if fetchErr != nil {
 		return
 	}

pro/auth/google.go

@@ -8,6 +8,7 @@ import (
 	"net/http"
 	"time"
 
+	"github.com/gravitl/netmaker/auth"
 	"github.com/gravitl/netmaker/database"
 	"github.com/gravitl/netmaker/logger"
 	"github.com/gravitl/netmaker/logic"
@@ -99,7 +100,7 @@ func handleGoogleCallback(w http.ResponseWriter, r *http.Request) {
 		handleOauthUserNotAllowed(w)
 		return
 	}
-	var newPass, fetchErr = FetchPassValue("")
+	var newPass, fetchErr = auth.FetchPassValue("")
 	if fetchErr != nil {
 		return
 	}

pro/auth/headless_callback.go

@@ -5,6 +5,7 @@ import (
 	"fmt"
 	"net/http"
 
+	"github.com/gravitl/netmaker/auth"
 	"github.com/gravitl/netmaker/logger"
 	"github.com/gravitl/netmaker/logic"
 	"github.com/gravitl/netmaker/logic/pro/netcache"
@@ -62,7 +63,7 @@ func HandleHeadlessSSOCallback(w http.ResponseWriter, r *http.Request) {
 		w.Write(response)
 		return
 	}
-	newPass, fetchErr := FetchPassValue("")
+	newPass, fetchErr := auth.FetchPassValue("")
 	if fetchErr != nil {
 		return
 	}

pro/auth/oidc.go

@@ -7,6 +7,7 @@ import (
 	"time"
 
 	"github.com/coreos/go-oidc/v3/oidc"
+	"github.com/gravitl/netmaker/auth"
 	"github.com/gravitl/netmaker/database"
 	"github.com/gravitl/netmaker/logger"
 	"github.com/gravitl/netmaker/logic"
@@ -109,7 +110,7 @@ func handleOIDCCallback(w http.ResponseWriter, r *http.Request) {
 		handleOauthUserNotAllowed(w)
 		return
 	}
-	var newPass, fetchErr = FetchPassValue("")
+	var newPass, fetchErr = auth.FetchPassValue("")
 	if fetchErr != nil {
 		return
 	}

pro/auth/register_callback.go

@@ -8,9 +8,7 @@ import (
 
 	"github.com/gorilla/mux"
 	"github.com/gravitl/netmaker/logger"
-	"github.com/gravitl/netmaker/logic"
 	"github.com/gravitl/netmaker/logic/pro/netcache"
-	"github.com/gravitl/netmaker/models"
 )
 
 var (
@@ -145,23 +143,3 @@ func RegisterHostSSO(w http.ResponseWriter, r *http.Request) {
 
 	http.Redirect(w, r, auth_provider.AuthCodeURL(machineKeyStr), http.StatusSeeOther)
 }
-
-// == private ==
-
-func isUserIsAllowed(username, network string, shouldAddUser bool) (*models.User, error) {
-
-	user, err := logic.GetUser(username)
-	if err != nil && shouldAddUser { // user must not exist, so try to make one
-		if err = addUser(username); err != nil {
-			logger.Log(0, "failed to add user", username, "during a node SSO network join on network", network)
-			// response := returnErrTemplate(user.UserName, "failed to add user", state, reqKeyIf)
-			// w.WriteHeader(http.StatusInternalServerError)
-			// w.Write(response)
-			return nil, fmt.Errorf("failed to add user to system")
-		}
-		logger.Log(0, "user", username, "was added during a node SSO network join on network", network)
-		user, _ = logic.GetUser(username)
-	}
-
-	return user, nil
-}