пре 2 година · 7526ee23a8
--- a/controllers/node.go
+++ b/controllers/node.go
@@ -196,23 +196,18 @@ func Authorize(hostAllowed, networkCheck bool, authNetwork string, next http.Han
 
				 
			
 
				 			var isAuthorized = false
			
 
				 			var nodeID = ""
			
 
				-			username, _, isadmin, errN := logic.VerifyUserToken(authToken)
			
 
				+			username, issuperadmin, isadmin, errN := logic.VerifyUserToken(authToken)
			
 
				 			if errN != nil {
			
 
				 				logic.ReturnErrorResponse(w, r, errorResponse)
			
 
				 				return
			
 
				 			}
			
 
				 
			
 
				-			isnetadmin := isadmin
			
 
				-			if errN == nil && isadmin {
			
 
				+			isnetadmin := issuperadmin || isadmin
			
 
				+			if errN == nil && (issuperadmin || isadmin) {
			
 
				 				nodeID = "mastermac"
			
 
				 				isAuthorized = true
			
 
				 				r.Header.Set("ismasterkey", "yes")
			
 
				 			}
			
 
				-			// if !isadmin && params["network"] != "" {
			
 
				-			// 	if logic.StringSliceContains(networks, params["network"]) && pro.IsUserNetAdmin(params["network"], username) {
			
 
				-			// 		isnetadmin = true
			
 
				-			// 	}
			
 
				-			// }
			
 
				 			//The mastermac (login with masterkey from config) can do everything!! May be dangerous.
			
 
				 			if nodeID == "mastermac" {
			
 
				 				isAuthorized = true
			
--- a/controllers/user.go
+++ b/controllers/user.go
@@ -27,8 +27,8 @@ func userHandlers(r *mux.Router) {
 
				 	r.HandleFunc("/api/users/adm/hassuperadmin", hasSuperAdmin).Methods(http.MethodGet)
			
 
				 	r.HandleFunc("/api/users/adm/createsuperadmin", createSuperAdmin).Methods(http.MethodPost)
			
 
				 	r.HandleFunc("/api/users/adm/authenticate", authenticateUser).Methods(http.MethodPost)
			
 
				-	r.HandleFunc("/api/users/{username}/remote_access_gw", attachUserToRemoteAccessGw).Methods(http.MethodPost)
			
 
				-	r.HandleFunc("/api/users/{username}/remote_access_gw", removeUserFromRemoteAccessGW).Methods(http.MethodDelete)
			
 
				+	r.HandleFunc("/api/users/{username}/remote_access_gw", logic.SecurityCheck(true, http.HandlerFunc(attachUserToRemoteAccessGw))).Methods(http.MethodPost)
			
 
				+	r.HandleFunc("/api/users/{username}/remote_access_gw", logic.SecurityCheck(true, http.HandlerFunc(removeUserFromRemoteAccessGW))).Methods(http.MethodDelete)
			
 
				 	r.HandleFunc("/api/users/{username}/remote_access_gw", logic.SecurityCheck(false, http.HandlerFunc(getUserRemoteAccessGws))).Methods(http.MethodGet)
			
 
				 	r.HandleFunc("/api/users/{username}", logic.SecurityCheck(true, http.HandlerFunc(updateUser))).Methods(http.MethodPut)
			
 
				 	r.HandleFunc("/api/users/{username}", logic.SecurityCheck(true, checkFreeTierLimits(limitChoiceUsers, http.HandlerFunc(createUser)))).Methods(http.MethodPost)
			
@@ -209,7 +209,7 @@ func attachUserToRemoteAccessGw(w http.ResponseWriter, r *http.Request) {
 
				 		user.RemoteGwIDs = make(map[string]struct{})
			
 
				 	}
			
 
				 	user.RemoteGwIDs[node.ID.String()] = struct{}{}
			
 
				-	err = logic.UpdateUserV1(*user)
			
 
				+	err = logic.UpsertUser(*user)
			
 
				 	if err != nil {
			
 
				 		slog.Error("failed to update user gateways", "user", username, "error", err)
			
 
				 		logic.ReturnErrorResponse(w, r, logic.FormatError(fmt.Errorf("failed to fetch remote access gaetway node", err), "badrequest"))
			
@@ -248,7 +248,7 @@ func removeUserFromRemoteAccessGW(w http.ResponseWriter, r *http.Request) {
 
				 	}
			
 
				 	delete(user.RemoteGwIDs, remoteGwID)
			
 
				 	//TODO:  remove all related ext client configs of the user
			
 
				-	err = logic.UpdateUserV1(*user)
			
 
				+	err = logic.UpsertUser(*user)
			
 
				 	if err != nil {
			
 
				 		slog.Error("failed to update user gateways", "user", username, "error", err)
			
 
				 		logic.ReturnErrorResponse(w, r, logic.FormatError(errors.New("failed to fetch remote access gaetway node "+err.Error()), "badrequest"))
			
--- a/logic/auth.go
+++ b/logic/auth.go
@@ -145,32 +145,8 @@ func VerifyAuthRequest(authRequest models.UserAuthParams) (string, error) {
 
				 	return tokenString, nil
			
 
				 }
			
 
				 
			
 
				-// UpdateUserNetworks - updates the networks of a given user
			
 
				-func UpdateUserNetworks(newNetworks, newGroups []string, isadmin bool, currentUser *models.ReturnUser) error {
			
 
				-	// check if user exists
			
 
				-	returnedUser, err := GetUser(currentUser.UserName)
			
 
				-	if err != nil {
			
 
				-		return err
			
 
				-	} else if returnedUser.IsAdmin {
			
 
				-		return fmt.Errorf("can not make changes to an admin user, attempted to change %s", returnedUser.UserName)
			
 
				-	}
			
 
				-	if isadmin {
			
 
				-		currentUser.IsAdmin = true
			
 
				-		currentUser.Networks = nil
			
 
				-	}
			
 
				-	userChange := models.User{
			
 
				-		UserName:     currentUser.UserName,
			
 
				-		IsSuperAdmin: currentUser.IsSuperAdmin,
			
 
				-		IsAdmin:      currentUser.IsAdmin,
			
 
				-		Password:     "",
			
 
				-	}
			
 
				-
			
 
				-	_, err = UpdateUser(&userChange, returnedUser)
			
 
				-
			
 
				-	return err
			
 
				-}
			
 
				-
			
 
				-func UpdateUserV1(user models.User) error {
			
 
				+// UpsertUser - updates user in the db
			
 
				+func UpsertUser(user models.User) error {
			
 
				 	data, err := json.Marshal(&user)
			
 
				 	if err != nil {
			
 
				 		return err