Home Explore Help
Sign In
golang
/
netmaker
mirror of https://github.com/gravitl/netmaker
2
0
Fork 0
Files Issues 0 Wiki
Browse Source

added setting node limits

afeiszli 4 years ago
parent
7d2af0cf38
commit
ccce74be97
8 changed files with 94 additions and 35 deletions
Split View Show Diff Stats
  1. 1 0
      config/config.go
  2. 8 8
      controllers/dnsHttpController.go
  3. 7 7
      controllers/extClientHttpController.go
  4. 4 4
      controllers/intClientHttpController.go
  5. 54 14
      controllers/networkHttpController.go
  6. 2 2
      controllers/nodeHttpController.go
  7. 5 0
      models/network.go
  8. 13 0
      servercfg/serverconf.go

+ 1 - 0
config/config.go
View File 

@@ -40,6 +40,7 @@ type ServerConfig struct {
 
   APIPort   string `yaml:"apiport"`
 
   GRPCHost   string `yaml:"grpchost"`
 
   GRPCPort   string `yaml:"grpcport"`
 
+  DefaultNodeLimit   int32 `yaml:"defaultnodelimit"`
 
   MasterKey	string `yaml:"masterkey"`
 
   AllowedOrigin	string `yaml:"allowedorigin"`
 
   RestBackend string `yaml:"restbackend"`

+ 8 - 8
controllers/dnsHttpController.go
View File 

@@ -20,14 +20,14 @@ import (
 
 
 func dnsHandlers(r *mux.Router) {
 
 
-	r.HandleFunc("/api/dns", securityCheck(http.HandlerFunc(getAllDNS))).Methods("GET")
 
-	r.HandleFunc("/api/dns/adm/{network}/nodes", securityCheck(http.HandlerFunc(getNodeDNS))).Methods("GET")
 
-	r.HandleFunc("/api/dns/adm/{network}/custom", securityCheck(http.HandlerFunc(getCustomDNS))).Methods("GET")
 
-	r.HandleFunc("/api/dns/adm/{network}", securityCheck(http.HandlerFunc(getDNS))).Methods("GET")
 
-	r.HandleFunc("/api/dns/{network}", securityCheck(http.HandlerFunc(createDNS))).Methods("POST")
 
-	r.HandleFunc("/api/dns/adm/pushdns", securityCheck(http.HandlerFunc(pushDNS))).Methods("POST")
 
-	r.HandleFunc("/api/dns/{network}/{domain}", securityCheck(http.HandlerFunc(deleteDNS))).Methods("DELETE")
 
-	r.HandleFunc("/api/dns/{network}/{domain}", securityCheck(http.HandlerFunc(updateDNS))).Methods("PUT")
 
+	r.HandleFunc("/api/dns", securityCheck(true, http.HandlerFunc(getAllDNS))).Methods("GET")
 
+	r.HandleFunc("/api/dns/adm/{network}/nodes", securityCheck(false, http.HandlerFunc(getNodeDNS))).Methods("GET")
 
+	r.HandleFunc("/api/dns/adm/{network}/custom", securityCheck(false, http.HandlerFunc(getCustomDNS))).Methods("GET")
 
+	r.HandleFunc("/api/dns/adm/{network}", securityCheck(false, http.HandlerFunc(getDNS))).Methods("GET")
 
+	r.HandleFunc("/api/dns/{network}", securityCheck(false, http.HandlerFunc(createDNS))).Methods("POST")
 
+	r.HandleFunc("/api/dns/adm/pushdns", securityCheck(false, http.HandlerFunc(pushDNS))).Methods("POST")
 
+	r.HandleFunc("/api/dns/{network}/{domain}", securityCheck(false, http.HandlerFunc(deleteDNS))).Methods("DELETE")
 
+	r.HandleFunc("/api/dns/{network}/{domain}", securityCheck(false, http.HandlerFunc(updateDNS))).Methods("PUT")
 
 }
 
 
 //Gets all nodes associated with network, including pending nodes

+ 7 - 7
controllers/extClientHttpController.go
View File 

@@ -24,13 +24,13 @@ import (
 
 
 func extClientHandlers(r *mux.Router) {
 
 
-	r.HandleFunc("/api/extclients", securityCheck(http.HandlerFunc(getAllExtClients))).Methods("GET")
 
-	r.HandleFunc("/api/extclients/{network}", securityCheck(http.HandlerFunc(getNetworkExtClients))).Methods("GET")
 
-	r.HandleFunc("/api/extclients/{network}/{clientid}", securityCheck(http.HandlerFunc(getExtClient))).Methods("GET")
 
-	r.HandleFunc("/api/extclients/{network}/{clientid}/{type}", securityCheck(http.HandlerFunc(getExtClientConf))).Methods("GET")
 
-	r.HandleFunc("/api/extclients/{network}/{clientid}", securityCheck(http.HandlerFunc(updateExtClient))).Methods("PUT")
 
-	r.HandleFunc("/api/extclients/{network}/{clientid}", securityCheck(http.HandlerFunc(deleteExtClient))).Methods("DELETE")
 
-	r.HandleFunc("/api/extclients/{network}/{macaddress}", securityCheck(http.HandlerFunc(createExtClient))).Methods("POST")
 
+	r.HandleFunc("/api/extclients", securityCheck(true, http.HandlerFunc(getAllExtClients))).Methods("GET")
 
+	r.HandleFunc("/api/extclients/{network}", securityCheck(false, http.HandlerFunc(getNetworkExtClients))).Methods("GET")
 
+	r.HandleFunc("/api/extclients/{network}/{clientid}", securityCheck(false, http.HandlerFunc(getExtClient))).Methods("GET")
 
+	r.HandleFunc("/api/extclients/{network}/{clientid}/{type}", securityCheck(false, http.HandlerFunc(getExtClientConf))).Methods("GET")
 
+	r.HandleFunc("/api/extclients/{network}/{clientid}", securityCheck(false, http.HandlerFunc(updateExtClient))).Methods("PUT")
 
+	r.HandleFunc("/api/extclients/{network}/{clientid}", securityCheck(false, http.HandlerFunc(deleteExtClient))).Methods("DELETE")
 
+	r.HandleFunc("/api/extclients/{network}/{macaddress}", securityCheck(false, http.HandlerFunc(createExtClient))).Methods("POST")
 
 }
 
 
 // TODO: Implement Validation

+ 4 - 4
controllers/intClientHttpController.go
View File 

@@ -19,10 +19,10 @@ import (
 
 
 func intClientHandlers(r *mux.Router) {
 
 
-	r.HandleFunc("/api/intclient/{clientid}", securityCheck(http.HandlerFunc(getIntClient))).Methods("GET")
 
-	r.HandleFunc("/api/intclients", securityCheck(http.HandlerFunc(getAllIntClients))).Methods("GET")
 
-        r.HandleFunc("/api/intclients/deleteall", securityCheck(http.HandlerFunc(deleteAllIntClients))).Methods("DELETE")
 
-        r.HandleFunc("/api/intclient/{clientid}", securityCheck(http.HandlerFunc(updateIntClient))).Methods("PUT")
 
+	r.HandleFunc("/api/intclient/{clientid}", securityCheck(false, http.HandlerFunc(getIntClient))).Methods("GET")
 
+	r.HandleFunc("/api/intclients", securityCheck(false, http.HandlerFunc(getAllIntClients))).Methods("GET")
 
+        r.HandleFunc("/api/intclients/deleteall", securityCheck(false, http.HandlerFunc(deleteAllIntClients))).Methods("DELETE")
 
+        r.HandleFunc("/api/intclient/{clientid}", securityCheck(false, http.HandlerFunc(updateIntClient))).Methods("PUT")
 
 	r.HandleFunc("/api/intclient/register", http.HandlerFunc(registerIntClient)).Methods("POST")
 
 	r.HandleFunc("/api/intclient/{clientid}", http.HandlerFunc(deleteIntClient)).Methods("DELETE")
 
 }

+ 54 - 14
controllers/networkHttpController.go
View File 

@@ -23,22 +23,23 @@ import (
 
 )
 
 
 func networkHandlers(r *mux.Router) {
 
-	r.HandleFunc("/api/networks", securityCheck(http.HandlerFunc(getNetworks))).Methods("GET")
 
-	r.HandleFunc("/api/networks", securityCheck(http.HandlerFunc(createNetwork))).Methods("POST")
 
-	r.HandleFunc("/api/networks/{networkname}", securityCheck(http.HandlerFunc(getNetwork))).Methods("GET")
 
-	r.HandleFunc("/api/networks/{networkname}", securityCheck(http.HandlerFunc(updateNetwork))).Methods("PUT")
 
-	r.HandleFunc("/api/networks/{networkname}", securityCheck(http.HandlerFunc(deleteNetwork))).Methods("DELETE")
 
-	r.HandleFunc("/api/networks/{networkname}/keyupdate", securityCheck(http.HandlerFunc(keyUpdate))).Methods("POST")
 
-	r.HandleFunc("/api/networks/{networkname}/keys", securityCheck(http.HandlerFunc(createAccessKey))).Methods("POST")
 
-	r.HandleFunc("/api/networks/{networkname}/keys", securityCheck(http.HandlerFunc(getAccessKeys))).Methods("GET")
 
-        r.HandleFunc("/api/networks/{networkname}/signuptoken", securityCheck(http.HandlerFunc(getSignupToken))).Methods("GET")
 
-	r.HandleFunc("/api/networks/{networkname}/keys/{name}", securityCheck(http.HandlerFunc(deleteAccessKey))).Methods("DELETE")
 
+	r.HandleFunc("/api/networks", securityCheck(true, http.HandlerFunc(getNetworks))).Methods("GET")
 
+	r.HandleFunc("/api/networks", securityCheck(true, http.HandlerFunc(createNetwork))).Methods("POST")
 
+	r.HandleFunc("/api/networks/{networkname}", securityCheck(false, http.HandlerFunc(getNetwork))).Methods("GET")
 
+	r.HandleFunc("/api/networks/{networkname}", securityCheck(false, http.HandlerFunc(updateNetwork))).Methods("PUT")
 
+	r.HandleFunc("/api/networks/{networkname}/nodelimit", securityCheck(true, http.HandlerFunc(updateNetworkNodeLimit))).Methods("PUT")
 
+	r.HandleFunc("/api/networks/{networkname}", securityCheck(true, http.HandlerFunc(deleteNetwork))).Methods("DELETE")
 
+	r.HandleFunc("/api/networks/{networkname}/keyupdate", securityCheck(false, http.HandlerFunc(keyUpdate))).Methods("POST")
 
+	r.HandleFunc("/api/networks/{networkname}/keys", securityCheck(false, http.HandlerFunc(createAccessKey))).Methods("POST")
 
+	r.HandleFunc("/api/networks/{networkname}/keys", securityCheck(false, http.HandlerFunc(getAccessKeys))).Methods("GET")
 
+        r.HandleFunc("/api/networks/{networkname}/signuptoken", securityCheck(false, http.HandlerFunc(getSignupToken))).Methods("GET")
 
+	r.HandleFunc("/api/networks/{networkname}/keys/{name}", securityCheck(false, http.HandlerFunc(deleteAccessKey))).Methods("DELETE")
 
 }
 
 
 //Security check is middleware for every function and just checks to make sure that its the master calling
 
 //Only admin should have access to all these network-level actions
 
 //or maybe some Users once implemented
 
-func securityCheck(next http.Handler) http.HandlerFunc {
 
+func securityCheck(reqAdmin bool, next http.Handler) http.HandlerFunc {
 
 	return func(w http.ResponseWriter, r *http.Request) {
 
 		var errorResponse = models.ErrorResponse{
 
 			Code: http.StatusUnauthorized, Message: "W1R3: It's not you it's me.",
 
@@ -46,7 +47,7 @@ func securityCheck(next http.Handler) http.HandlerFunc {
 
 
 		var params = mux.Vars(r)
 
 		bearerToken := r.Header.Get("Authorization")
 
-		err := SecurityCheck(params["networkname"], bearerToken)
 
+		err := SecurityCheck(reqAdmin, params["networkname"], bearerToken)
 
 		if err != nil {
 
 			if strings.Contains(err.Error(), "does not exist") {
 
 				errorResponse.Code = http.StatusNotFound
 
@@ -58,7 +59,8 @@ func securityCheck(next http.Handler) http.HandlerFunc {
 
 		next.ServeHTTP(w, r)
 
 	}
 
 }
 
-func SecurityCheck(netname, token string) error {
 
+
 
+func SecurityCheck(reqAdmin bool, netname, token string) error {
 
 	hasnetwork := netname != ""
 
 	networkexists, err := functions.NetworkExists(netname)
 
 	if err != nil {
 
@@ -83,7 +85,9 @@ func SecurityCheck(netname, token string) error {
 
 		if err != nil {
 
                         return errors.New("Error verifying user token")
 
 		}
 
-		if !isadmin && netname != ""{
 
+		if !isadmin && reqAdmin {
 
+                                return errors.New("You are unauthorized to access this endpoint")
 
+		} else if !isadmin && netname != ""{
 
 			if !functions.SliceContains(networks, netname){
 
 				return errors.New("You are unauthorized to access this endpoint")
 
 			}
 
@@ -352,6 +356,42 @@ func updateNetwork(w http.ResponseWriter, r *http.Request) {
 
 	json.NewEncoder(w).Encode(returnednetwork)
 
 }
 
 
+func updateNetworkNodeLimit(w http.ResponseWriter, r *http.Request) {
 
+        w.Header().Set("Content-Type", "application/json")
 
+        var params = mux.Vars(r)
 
+        var network models.Network
 
+        network, err := functions.GetParentNetwork(params["networkname"])
 
+        if err != nil {
 
+                returnErrorResponse(w, r, formatError(err, "internal"))
 
+                return
 
+        }
 
+
 
+        var networkChange models.NetworkUpdate
 
+
 
+        _ = json.NewDecoder(r.Body).Decode(&networkChange)
 
+
 
+        collection := mongoconn.Client.Database("netmaker").Collection("networks")
 
+        ctx, cancel := context.WithTimeout(context.Background(), 10*time.Second)
 
+        filter := bson.M{"netid": network.NetID}
 
+
 
+	if networkChange.NodeLimit !=0 {
 
+	        update := bson.D{
 
+	                {"$set", bson.D{
 
+	                        {"nodelimit", networkChange.NodeLimit},
 
+	                }},
 
+	        }
 
+	        err := collection.FindOneAndUpdate(ctx, filter, update).Decode(&network)
 
+	        defer cancel()
 
+	        if err != nil {
 
+	                returnErrorResponse(w, r, formatError(err, "badrequest"))
 
+	                return
 
+	        }
 
+	}
 
+        w.WriteHeader(http.StatusOK)
 
+        json.NewEncoder(w).Encode(network)
 
+}
 
+
 
+
 
 func UpdateNetwork(networkChange models.NetworkUpdate, network models.Network) (models.Network, error) {
 
 	//NOTE: Network.NetID is intentionally NOT editable. It acts as a static ID for the network.
 
 	//DisplayName can be changed instead, which is what shows on the front end

+ 2 - 2
controllers/nodeHttpController.go
View File 

@@ -28,8 +28,8 @@ func nodeHandlers(r *mux.Router) {
 
 	r.HandleFunc("/api/nodes/{network}/{macaddress}/checkin", authorize(true, "node", http.HandlerFunc(checkIn))).Methods("POST")
 
 	r.HandleFunc("/api/nodes/{network}/{macaddress}/creategateway", authorize(true, "master", http.HandlerFunc(createEgressGateway))).Methods("POST")
 
 	r.HandleFunc("/api/nodes/{network}/{macaddress}/deletegateway", authorize(true, "master", http.HandlerFunc(deleteEgressGateway))).Methods("DELETE")
 
-	r.HandleFunc("/api/nodes/{network}/{macaddress}/createingress", securityCheck(http.HandlerFunc(createIngressGateway))).Methods("POST")
 
-	r.HandleFunc("/api/nodes/{network}/{macaddress}/deleteingress", securityCheck(http.HandlerFunc(deleteIngressGateway))).Methods("DELETE")
 
+	r.HandleFunc("/api/nodes/{network}/{macaddress}/createingress", securityCheck(false, http.HandlerFunc(createIngressGateway))).Methods("POST")
 
+	r.HandleFunc("/api/nodes/{network}/{macaddress}/deleteingress", securityCheck(false, http.HandlerFunc(deleteIngressGateway))).Methods("DELETE")
 
 	r.HandleFunc("/api/nodes/{network}/{macaddress}/approve", authorize(true, "master", http.HandlerFunc(uncordonNode))).Methods("POST")
 
 	r.HandleFunc("/api/nodes/{network}", createNode).Methods("POST")
 
 	r.HandleFunc("/api/nodes/adm/{network}/lastmodified", authorize(true, "network", http.HandlerFunc(getLastModified))).Methods("GET")

+ 5 - 0
models/network.go
View File 

@@ -22,6 +22,7 @@ type Network struct {
 
 	NetworkLastModified int64       `json:"networklastmodified" bson:"networklastmodified"`
 
 	DefaultInterface    string      `json:"defaultinterface" bson:"defaultinterface"`
 
 	DefaultListenPort   int32       `json:"defaultlistenport,omitempty" bson:"defaultlistenport,omitempty" validate:"omitempty,min=1024,max=65535"`
 
+	NodeLimit	    int32       `json:"nodelimit" bson:"nodelimit"`
 
 	DefaultPostUp       string      `json:"defaultpostup" bson:"defaultpostup"`
 
 	DefaultPostDown     string      `json:"defaultpostdown" bson:"defaultpostdown"`
 
 	KeyUpdateTimeStamp  int64       `json:"keyupdatetimestamp" bson:"keyupdatetimestamp"`
 
@@ -52,6 +53,7 @@ type NetworkUpdate struct {
 
 	NetworkLastModified int64       `json:"networklastmodified" bson:"networklastmodified"`
 
 	DefaultInterface    string      `json:"defaultinterface" bson:"defaultinterface"`
 
 	DefaultListenPort   int32       `json:"defaultlistenport,omitempty" bson:"defaultlistenport,omitempty" validate:"omitempty,min=1024,max=65535"`
 
+	NodeLimit	    int32       `json:"nodelimit" bson:"nodelimit"`
 
 	DefaultPostUp       string      `json:"defaultpostup" bson:"defaultpostup"`
 
 	DefaultPostDown     string      `json:"defaultpostdown" bson:"defaultpostdown"`
 
 	KeyUpdateTimeStamp  int64       `json:"keyupdatetimestamp" bson:"keyupdatetimestamp"`
 
@@ -89,6 +91,9 @@ func (network *Network) SetDefaults() {
 
 	if network.DefaultListenPort == 0 {
 
 		network.DefaultListenPort = 51821
 
 	}
 
+        if network.NodeLimit == 0 {
 
+                network.NodeLimit = 999999999
 
+        }
 
 	if network.DefaultPostDown == "" {
 
 
 	}

+ 13 - 0
servercfg/serverconf.go
View File 

@@ -6,6 +6,7 @@ import (
 
 	"io/ioutil"
 
 	"os"
 
 	"errors"
 
+	"strconv"
 
 )
 
 
 func SetHost() error {
 
@@ -89,6 +90,18 @@ func GetAPIPort() string {
 
 	return apiport
 
 }
 
 
+func GetDefaultNodeLimit() int32 {
 
+        var limit int32
 
+	limit = 999999999
 
+	envlimit, err := strconv.Atoi(os.Getenv("DEFAULT_NODE_LIMIT"))
 
+	if err == nil && envlimit != 0 {
 
+                limit = int32(envlimit)
 
+        } else if  config.Config.Server.DefaultNodeLimit != 0 {
 
+                limit = config.Config.Server.DefaultNodeLimit
 
+        }
 
+        return limit
 
+}
 
+
 
 func GetGRPCHost() string {
 
 	serverhost := "127.0.0.1"
 
 	if IsGRPCWireGuard() {