add superadmin to authorize func

controllers/node.go

@@ -196,23 +196,18 @@ func Authorize(hostAllowed, networkCheck bool, authNetwork string, next http.Han
 
 			var isAuthorized = false
 			var nodeID = ""
-			username, _, isadmin, errN := logic.VerifyUserToken(authToken)
+			username, issuperadmin, isadmin, errN := logic.VerifyUserToken(authToken)
 			if errN != nil {
 				logic.ReturnErrorResponse(w, r, errorResponse)
 				return
 			}
 
-			isnetadmin := isadmin
-			if errN == nil && isadmin {
+			isnetadmin := issuperadmin || isadmin
+			if errN == nil && (issuperadmin || isadmin) {
 				nodeID = "mastermac"
 				isAuthorized = true
 				r.Header.Set("ismasterkey", "yes")
 			}
-			// if !isadmin && params["network"] != "" {
-			// 	if logic.StringSliceContains(networks, params["network"]) && pro.IsUserNetAdmin(params["network"], username) {
-			// 		isnetadmin = true
-			// 	}
-			// }
 			//The mastermac (login with masterkey from config) can do everything!! May be dangerous.
 			if nodeID == "mastermac" {
 				isAuthorized = true

controllers/user.go

@@ -27,8 +27,8 @@ func userHandlers(r *mux.Router) {
 	r.HandleFunc("/api/users/adm/hassuperadmin", hasSuperAdmin).Methods(http.MethodGet)
 	r.HandleFunc("/api/users/adm/createsuperadmin", createSuperAdmin).Methods(http.MethodPost)
 	r.HandleFunc("/api/users/adm/authenticate", authenticateUser).Methods(http.MethodPost)
-	r.HandleFunc("/api/users/{username}/remote_access_gw", attachUserToRemoteAccessGw).Methods(http.MethodPost)
-	r.HandleFunc("/api/users/{username}/remote_access_gw", removeUserFromRemoteAccessGW).Methods(http.MethodDelete)
+	r.HandleFunc("/api/users/{username}/remote_access_gw", logic.SecurityCheck(true, http.HandlerFunc(attachUserToRemoteAccessGw))).Methods(http.MethodPost)
+	r.HandleFunc("/api/users/{username}/remote_access_gw", logic.SecurityCheck(true, http.HandlerFunc(removeUserFromRemoteAccessGW))).Methods(http.MethodDelete)
 	r.HandleFunc("/api/users/{username}/remote_access_gw", logic.SecurityCheck(false, http.HandlerFunc(getUserRemoteAccessGws))).Methods(http.MethodGet)
 	r.HandleFunc("/api/users/{username}", logic.SecurityCheck(true, http.HandlerFunc(updateUser))).Methods(http.MethodPut)
 	r.HandleFunc("/api/users/{username}", logic.SecurityCheck(true, checkFreeTierLimits(limitChoiceUsers, http.HandlerFunc(createUser)))).Methods(http.MethodPost)
@@ -209,7 +209,7 @@ func attachUserToRemoteAccessGw(w http.ResponseWriter, r *http.Request) {
 		user.RemoteGwIDs = make(map[string]struct{})
 	}
 	user.RemoteGwIDs[node.ID.String()] = struct{}{}
-	err = logic.UpdateUserV1(*user)
+	err = logic.UpsertUser(*user)
 	if err != nil {
 		slog.Error("failed to update user gateways", "user", username, "error", err)
 		logic.ReturnErrorResponse(w, r, logic.FormatError(fmt.Errorf("failed to fetch remote access gaetway node", err), "badrequest"))
@@ -248,7 +248,7 @@ func removeUserFromRemoteAccessGW(w http.ResponseWriter, r *http.Request) {
 	}
 	delete(user.RemoteGwIDs, remoteGwID)
 	//TODO:  remove all related ext client configs of the user
-	err = logic.UpdateUserV1(*user)
+	err = logic.UpsertUser(*user)
 	if err != nil {
 		slog.Error("failed to update user gateways", "user", username, "error", err)
 		logic.ReturnErrorResponse(w, r, logic.FormatError(errors.New("failed to fetch remote access gaetway node "+err.Error()), "badrequest"))

logic/auth.go

@@ -145,32 +145,8 @@ func VerifyAuthRequest(authRequest models.UserAuthParams) (string, error) {
 	return tokenString, nil
 }
 
-// UpdateUserNetworks - updates the networks of a given user
-func UpdateUserNetworks(newNetworks, newGroups []string, isadmin bool, currentUser *models.ReturnUser) error {
-	// check if user exists
-	returnedUser, err := GetUser(currentUser.UserName)
-	if err != nil {
-		return err
-	} else if returnedUser.IsAdmin {
-		return fmt.Errorf("can not make changes to an admin user, attempted to change %s", returnedUser.UserName)
-	}
-	if isadmin {
-		currentUser.IsAdmin = true
-		currentUser.Networks = nil
-	}
-	userChange := models.User{
-		UserName:     currentUser.UserName,
-		IsSuperAdmin: currentUser.IsSuperAdmin,
-		IsAdmin:      currentUser.IsAdmin,
-		Password:     "",
-	}
-
-	_, err = UpdateUser(&userChange, returnedUser)
-
-	return err
-}
-
-func UpdateUserV1(user models.User) error {
+// UpsertUser - updates user in the db
+func UpsertUser(user models.User) error {
 	data, err := json.Marshal(&user)
 	if err != nil {
 		return err