untracked

controllers/middleware.go

@@ -0,0 +1,63 @@
+package controller
+
+import (
+	"net/http"
+	"strings"
+
+	"github.com/gorilla/mux"
+	"github.com/gravitl/netmaker/models"
+)
+
+func userMiddleWare(handler http.Handler) http.Handler {
+	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		var params = mux.Vars(r)
+		r.Header.Set("NET_ID", params["network"])
+		if strings.Contains(r.URL.Path, "host") || strings.Contains(r.URL.Path, "node") {
+			r.Header.Set("TARGET_RSRC", models.HostRsrc.String())
+			r.Header.Set("RSRC_TYPE", models.HostRsrc.String())
+		}
+		if strings.Contains(r.URL.Path, "dns") {
+			r.Header.Set("RSRC_TYPE", models.DnsRsrc.String())
+			r.Header.Set("TARGET_RSRC", models.DnsRsrc.String())
+		}
+		if strings.Contains(r.URL.Path, "users") {
+			r.Header.Set("RSRC_TYPE", models.UserRsrc.String())
+			r.Header.Set("TARGET_RSRC", models.UserRsrc.String())
+		}
+		if strings.Contains(r.URL.Path, "ingress") {
+			r.Header.Set("TARGET_RSRC", models.RemoteAccessGwRsrc.String())
+		}
+		if strings.Contains(r.URL.Path, "gateway") {
+			r.Header.Set("TARGET_RSRC", models.EgressGwRsrc.String())
+		}
+		if strings.Contains(r.URL.Path, "networks") {
+			r.Header.Set("TARGET_RSRC", models.NetworkRsrc.String())
+			r.Header.Set("RSRC_TYPE", models.NetworkRsrc.String())
+		}
+		if strings.Contains(r.URL.Path, "extclients") {
+			r.Header.Set("TARGET_RSRC", models.ExtClientsRsrc.String())
+			r.Header.Set("RSRC_TYPE", models.ExtClientsRsrc.String())
+		}
+		if nodeID, ok := params["nodeid"]; ok {
+			r.Header.Set("TARGET_RSRC_ID", nodeID)
+		}
+		if hostID, ok := params["hostid"]; ok {
+			r.Header.Set("TARGET_RSRC_ID", hostID)
+		}
+		if clientID, ok := params["clientid"]; ok {
+			r.Header.Set("TARGET_RSRC_ID", clientID)
+		}
+		if netID, ok := params["networkname"]; ok {
+			r.Header.Set("TARGET_RSRC_ID", netID)
+		}
+		if userID, ok := params["username"]; ok {
+			r.Header.Set("TARGET_RSRC_ID", userID)
+		}
+		if r.Header.Get("TARGET_RSRC_ID") == "" {
+			r.Header.Set("IS_GLOBAL_ACCESS", "yes")
+		}
+		// pro
+
+		handler.ServeHTTP(w, r)
+	})
+}

models/user_mgmt.go

@@ -0,0 +1,126 @@
+package models
+
+import (
+	"time"
+
+	jwt "github.com/golang-jwt/jwt/v4"
+)
+
+type NetworkID string
+type RsrcType string
+type RsrcID string
+type UserRole string
+type UserGroupID string
+
+func (r RsrcType) String() string {
+	return string(r)
+}
+
+const (
+	HostRsrc           RsrcType = "hosts"
+	RelayRsrc          RsrcType = "relays"
+	RemoteAccessGwRsrc RsrcType = "remote_access_gw"
+	ExtClientsRsrc     RsrcType = "extclients"
+	InetGwRsrc         RsrcType = "inet_gw"
+	EgressGwRsrc       RsrcType = "egress"
+	NetworkRsrc        RsrcType = "networks"
+	EnrollmentKeysRsrc RsrcType = "enrollment_key"
+	UserRsrc           RsrcType = "users"
+	AclRsrc            RsrcType = "acl"
+	DnsRsrc            RsrcType = "dns"
+	FailOverRsrc       RsrcType = "fail_over"
+)
+
+const (
+	AllHostRsrcID           RsrcID   = "all_host"
+	AllRelayRsrcID          RsrcID   = "all_relay"
+	AllRemoteAccessGwRsrcID RsrcID   = "all_remote_access_gw"
+	AllExtClientsRsrc       RsrcType = "all_extclients"
+	AllInetGwRsrcID         RsrcID   = "all_inet_gw"
+	AllEgressGwRsrcID       RsrcID   = "all_egress"
+	AllNetworkRsrcID        RsrcID   = "all_network"
+	AllEnrollmentKeysRsrcID RsrcID   = "all_enrollment_key"
+	AllUserRsrcID           RsrcID   = "all_user"
+	AllDnsRsrcID            RsrcID   = "all_dns"
+	AllFailOverRsrc         RsrcID   = "all_fail_over"
+)
+
+// Pre-Defined User Roles
+
+const (
+	SuperAdminRole UserRole = "super_admin"
+	AdminRole      UserRole = "admin"
+	NetworkAdmin   UserRole = "network_admin"
+	NetworkUser    UserRole = "network_user"
+)
+
+func (r UserRole) String() string {
+	return string(r)
+}
+
+func (g UserGroupID) String() string {
+	return string(g)
+}
+
+type RsrcPermissionScope struct {
+	Create    bool `json:"create"`
+	Read      bool `json:"read"`
+	Update    bool `json:"update"`
+	Delete    bool `json:"delete"`
+	VPNAccess bool `json:"vpn_access"`
+}
+
+type UserRolePermissionTemplate struct {
+	ID                  UserRole                                    `json:"id"`
+	Default             bool                                        `json:"default"`
+	DenyDashboardAccess bool                                        `json:"deny_dashboard_access"`
+	FullAccess          bool                                        `json:"full_access"`
+	IsNetworkRole       bool                                        `json:"network_role"`
+	NetworkLevelAccess  map[RsrcType]map[RsrcID]RsrcPermissionScope `json:"network_level_access"`
+	GlobalLevelAccess   map[RsrcType]map[RsrcID]RsrcPermissionScope `json:"global_level_access"`
+}
+
+type UserGroup struct {
+	ID           string                 `json:"id"`
+	NetworkRoles map[NetworkID]UserRole `json:"network_roles"`
+	MetaData     string                 `json:"meta_data"`
+}
+
+// User struct - struct for Users
+type User struct {
+	UserName       string                 `json:"username" bson:"username" validate:"min=3,max=40,in_charset|email"`
+	Password       string                 `json:"password" bson:"password" validate:"required,min=5"`
+	IsAdmin        bool                   `json:"isadmin" bson:"isadmin"`
+	IsSuperAdmin   bool                   `json:"issuperadmin"`
+	RemoteGwIDs    map[string]struct{}    `json:"remote_gw_ids"`
+	UserGroup      UserGroupID            `json:"user_groups"`
+	PlatformRoleID UserRole               `json:"platform_role_id"`
+	NetworkRoles   map[NetworkID]UserRole `json:"network_roles"`
+	LastLoginTime  time.Time              `json:"last_login_time"`
+}
+
+// ReturnUser - return user struct
+type ReturnUser struct {
+	UserName       string                   `json:"username"`
+	IsAdmin        bool                     `json:"isadmin"`
+	IsSuperAdmin   bool                     `json:"issuperadmin"`
+	RemoteGwIDs    map[string]struct{}      `json:"remote_gw_ids"`
+	UserGroups     map[UserGroupID]struct{} `json:"user_groups"`
+	PlatformRoleID string                   `json:"platform_role_id"`
+	NetworkRoles   map[NetworkID]UserRole   `json:"network_roles"`
+	LastLoginTime  time.Time                `json:"last_login_time"`
+}
+
+// UserAuthParams - user auth params struct
+type UserAuthParams struct {
+	UserName string `json:"username"`
+	Password string `json:"password"`
+}
+
+// UserClaims - user claims struct
+type UserClaims struct {
+	IsAdmin      bool
+	IsSuperAdmin bool
+	UserName     string
+	jwt.RegisteredClaims
+}