1 жил өмнө · f892cc37c5
--- a/auth/auth.go
+++ b/auth/auth.go
@@ -32,7 +32,6 @@ const (
 
				 	github_provider_name   = "github"
			
 
				 	oidc_provider_name     = "oidc"
			
 
				 	verify_user            = "verifyuser"
			
 
				-	auth_key               = "netmaker_auth"
			
 
				 	user_signin_length     = 16
			
 
				 	node_signin_length     = 64
			
 
				 	headless_signin_length = 32
			
@@ -75,10 +74,10 @@ func InitializeAuthProvider() string {
 
				 	if functions == nil {
			
 
				 		return ""
			
 
				 	}
			
 
				-	var _, err = FetchPassValue(logic.RandomString(64))
			
 
				+	logger.Log(0, "setting oauth secret")
			
 
				+	var err = logic.SetAuthSecret(logic.RandomString(64))
			
 
				 	if err != nil {
			
 
				-		logger.Log(0, err.Error())
			
 
				-		return ""
			
 
				+		logger.FatalLog("failed to set auth_secret", err.Error())
			
 
				 	}
			
 
				 	var authInfo = servercfg.GetAuthProviderInfo()
			
 
				 	var serverConn = servercfg.GetAPIHost()
			
@@ -248,13 +247,16 @@ func addUser(email string) error {
 
				 	} // generate random password to adapt to current model
			
 
				 	var newPass, fetchErr = FetchPassValue("")
			
 
				 	if fetchErr != nil {
			
 
				+		logger.Log(0, "failed to get password: ", err.Error())
			
 
				 		return fetchErr
			
 
				 	}
			
 
				+	logger.Log(0, "fetched new pass: ", newPass, email)
			
 
				 	var newUser = models.User{
			
 
				 		UserName: email,
			
 
				 		Password: newPass,
			
 
				 	}
			
 
				 	if !hasSuperAdmin { // must be first attempt, create a superadmin
			
 
				+		logger.Log(0, "creating superadmin")
			
 
				 		if err = logic.CreateSuperAdmin(&newUser); err != nil {
			
 
				 			slog.Error("error creating super admin from user", "email", email, "error", err)
			
 
				 		} else {
			
@@ -264,7 +266,7 @@ func addUser(email string) error {
 
				 		// TODO: add ability to add users with preemptive permissions
			
 
				 		newUser.IsAdmin = false
			
 
				 		if err = logic.CreateUser(&newUser); err != nil {
			
 
				-			logger.Log(1, "error creating user,", email, "; user not added")
			
 
				+			logger.Log(1, "error creating user,", email, "; user not added", "error", err.Error())
			
 
				 		} else {
			
 
				 			logger.Log(0, "user created from ", email)
			
 
				 		}
			
@@ -277,20 +279,12 @@ func FetchPassValue(newValue string) (string, error) {
 
				 	type valueHolder struct {
			
 
				 		Value string `json:"value" bson:"value"`
			
 
				 	}
			
 
				-	var b64NewValue = base64.StdEncoding.EncodeToString([]byte(newValue))
			
 
				-	var newValueHolder = &valueHolder{
			
 
				-		Value: b64NewValue,
			
 
				-	}
			
 
				-	var data, marshalErr = json.Marshal(newValueHolder)
			
 
				-	if marshalErr != nil {
			
 
				-		return "", marshalErr
			
 
				-	}
			
 
				-
			
 
				-	var currentValue, err = logic.FetchAuthSecret(auth_key, string(data))
			
 
				+	newValueHolder := valueHolder{}
			
 
				+	var currentValue, err = logic.FetchAuthSecret()
			
 
				 	if err != nil {
			
 
				 		return "", err
			
 
				 	}
			
 
				-	var unmarshErr = json.Unmarshal([]byte(currentValue), newValueHolder)
			
 
				+	var unmarshErr = json.Unmarshal([]byte(currentValue), &newValueHolder)
			
 
				 	if unmarshErr != nil {
			
 
				 		return "", unmarshErr
			
 
				 	}
			
--- a/auth/google.go
+++ b/auth/google.go
@@ -91,6 +91,7 @@ func handleGoogleCallback(w http.ResponseWriter, r *http.Request) {
 
				 	}
			
 
				 	user, err := logic.GetUser(content.Email)
			
 
				 	if err != nil {
			
 
				+		logger.Log(0, "error fetching user: ", err.Error())
			
 
				 		handleOauthUserNotFound(w)
			
 
				 		return
			
 
				 	}
			
--- a/controllers/enrollmentkeys.go
+++ b/controllers/enrollmentkeys.go
@@ -308,7 +308,7 @@ func handleHostRegister(w http.ResponseWriter, r *http.Request) {
 
				 	if !hostExists {
			
 
				 		newHost.PersistentKeepalive = models.DefaultPersistentKeepAlive
			
 
				 		// register host
			
 
				-		logic.CheckHostPorts(&newHost)
			
 
				+		//logic.CheckHostPorts(&newHost)
			
 
				 		// create EMQX credentials and ACLs for host
			
 
				 		if servercfg.GetBrokerType() == servercfg.EmqxBrokerType {
			
 
				 			if err := mq.GetEmqxHandler().CreateEmqxUser(newHost.ID.String(), newHost.HostPass); err != nil {
			
--- a/go.mod
+++ b/go.mod
@@ -42,6 +42,7 @@ require (
 
				 	github.com/guumaster/tablewriter v0.0.10
			
 
				 	github.com/matryer/is v1.4.1
			
 
				 	github.com/olekukonko/tablewriter v0.0.5
			
 
				+	github.com/sasha-s/go-deadlock v0.3.1
			
 
				 	github.com/spf13/cobra v1.8.0
			
 
				 )
			
 
				 
			
@@ -49,6 +50,7 @@ require (
 
				 	cloud.google.com/go/compute/metadata v0.2.3 // indirect
			
 
				 	github.com/gabriel-vasile/mimetype v1.4.3 // indirect
			
 
				 	github.com/inconshreveable/mousetrap v1.1.0 // indirect
			
 
				+	github.com/petermattis/goid v0.0.0-20180202154549-b0b1615b78e5 // indirect
			
 
				 	github.com/rivo/uniseg v0.2.0 // indirect
			
 
				 	github.com/spf13/pflag v1.0.5 // indirect
			
 
				 )
			
--- a/go.sum
+++ b/go.sum
@@ -66,6 +66,8 @@ github.com/mattn/go-sqlite3 v1.14.22 h1:2gZY6PC6kBnID23Tichd1K+Z0oS6nE/XwU+Vz/5o
 
				 github.com/mattn/go-sqlite3 v1.14.22/go.mod h1:Uh1q+B4BYcTPb+yiD3kU8Ct7aC0hY9fxUwlHK0RXw+Y=
			
 
				 github.com/olekukonko/tablewriter v0.0.5 h1:P2Ga83D34wi1o9J6Wh1mRuqd4mF/x/lgBS7N7AbDhec=
			
 
				 github.com/olekukonko/tablewriter v0.0.5/go.mod h1:hPp6KlRPjbx+hW8ykQs1w3UBbZlj6HuIJcUGPhkA7kY=
			
 
				+github.com/petermattis/goid v0.0.0-20180202154549-b0b1615b78e5 h1:q2e307iGHPdTGp0hoxKjt1H5pDo6utceo3dQVK3I5XQ=
			
 
				+github.com/petermattis/goid v0.0.0-20180202154549-b0b1615b78e5/go.mod h1:jvVRKCrJTQWu0XVbaOlby/2lO20uSCHEMzzplHXte1o=
			
 
				 github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
			
 
				 github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
			
 
				 github.com/posthog/posthog-go v0.0.0-20211028072449-93c17c49e2b0 h1:Y2hUrkfuM0on62KZOci/VLijlkdF/yeWU262BQgvcjE=
			
@@ -77,6 +79,8 @@ github.com/rqlite/gorqlite v0.0.0-20240122221808-a8a425b1a6aa h1:hxMLFbj+F444JAS
 
				 github.com/rqlite/gorqlite v0.0.0-20240122221808-a8a425b1a6aa/go.mod h1:xF/KoXmrRyahPfo5L7Szb5cAAUl53dMWBh9cMruGEZg=
			
 
				 github.com/russross/blackfriday/v2 v2.0.1/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM=
			
 
				 github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM=
			
 
				+github.com/sasha-s/go-deadlock v0.3.1 h1:sqv7fDNShgjcaxkO0JNcOAlr8B9+cV5Ey/OB71efZx0=
			
 
				+github.com/sasha-s/go-deadlock v0.3.1/go.mod h1:F73l+cr82YSh10GxyRI6qZiCgK64VaZjwesgfQ1/iLM=
			
 
				 github.com/shurcooL/sanitized_anchor_name v1.0.0/go.mod h1:1NzhyTcUVG4SuEtjjoZeVRXNmyL/1OwPU0+IJeTBvfc=
			
 
				 github.com/skip2/go-qrcode v0.0.0-20200617195104-da1b6568686e h1:MRM5ITcdelLK2j1vwZ3Je0FKVCfqOLp5zO6trqMLYs0=
			
 
				 github.com/skip2/go-qrcode v0.0.0-20200617195104-da1b6568686e/go.mod h1:XV66xRDqSt+GTGFMVlhk3ULuV0y9ZmzeVGR4mloJI3M=
			
--- a/logic/acls/common.go
+++ b/logic/acls/common.go
@@ -88,6 +88,8 @@ func (aclContainer ACLContainer) RemoveACL(ID AclID) ACLContainer {
 
				 
			
 
				 // ACLContainer.ChangeAccess - changes the relationship between two nodes in memory
			
 
				 func (networkACL ACLContainer) ChangeAccess(ID1, ID2 AclID, value byte) {
			
 
				+	AclMutex.Lock()
			
 
				+	defer AclMutex.Unlock()
			
 
				 	if _, ok := networkACL[ID1]; !ok {
			
 
				 		slog.Error("ACL missing for ", "id", ID1)
			
 
				 		return
			
--- a/logic/auth.go
+++ b/logic/auth.go
@@ -1,6 +1,7 @@
 
				 package logic
			
 
				 
			
 
				 import (
			
 
				+	"encoding/base64"
			
 
				 	"encoding/json"
			
 
				 	"errors"
			
 
				 	"fmt"
			
@@ -15,6 +16,10 @@ import (
 
				 	"github.com/gravitl/netmaker/models"
			
 
				 )
			
 
				 
			
 
				+const (
			
 
				+	auth_key = "netmaker_auth"
			
 
				+)
			
 
				+
			
 
				 // HasSuperAdmin - checks if server has an superadmin/owner
			
 
				 func HasSuperAdmin() (bool, error) {
			
 
				 
			
@@ -96,12 +101,14 @@ func CreateUser(user *models.User) error {
 
				 	}
			
 
				 	var err = ValidateUser(user)
			
 
				 	if err != nil {
			
 
				+		logger.Log(0, "failed to validate user", err.Error())
			
 
				 		return err
			
 
				 	}
			
 
				 
			
 
				 	// encrypt that password so we never see it again
			
 
				 	hash, err := bcrypt.GenerateFromPassword([]byte(user.Password), 5)
			
 
				 	if err != nil {
			
 
				+		logger.Log(0, "error encrypting pass", err.Error())
			
 
				 		return err
			
 
				 	}
			
 
				 	// set password to encrypted password
			
@@ -109,6 +116,7 @@ func CreateUser(user *models.User) error {
 
				 
			
 
				 	tokenString, _ := CreateUserJWT(user.UserName, user.IsSuperAdmin, user.IsAdmin)
			
 
				 	if tokenString == "" {
			
 
				+		logger.Log(0, "failed to generate token", err.Error())
			
 
				 		return err
			
 
				 	}
			
 
				 
			
@@ -117,10 +125,12 @@ func CreateUser(user *models.User) error {
 
				 	// connect db
			
 
				 	data, err := json.Marshal(user)
			
 
				 	if err != nil {
			
 
				+		logger.Log(0, "failed to marshal", err.Error())
			
 
				 		return err
			
 
				 	}
			
 
				 	err = database.Insert(user.UserName, string(data), database.USERS_TABLE_NAME)
			
 
				 	if err != nil {
			
 
				+		logger.Log(0, "failed to insert user", err.Error())
			
 
				 		return err
			
 
				 	}
			
 
				 
			
@@ -279,15 +289,31 @@ func DeleteUser(user string) (bool, error) {
 
				 	return true, nil
			
 
				 }
			
 
				 
			
 
				+func SetAuthSecret(secret string) error {
			
 
				+	type valueHolder struct {
			
 
				+		Value string `json:"value" bson:"value"`
			
 
				+	}
			
 
				+	record, err := FetchAuthSecret()
			
 
				+	if err == nil {
			
 
				+		v := valueHolder{}
			
 
				+		json.Unmarshal([]byte(record), &v)
			
 
				+		if v.Value != "" {
			
 
				+			return nil
			
 
				+		}
			
 
				+	}
			
 
				+	var b64NewValue = base64.StdEncoding.EncodeToString([]byte(secret))
			
 
				+	newValueHolder := valueHolder{
			
 
				+		Value: b64NewValue,
			
 
				+	}
			
 
				+	d, _ := json.Marshal(newValueHolder)
			
 
				+	return database.Insert(auth_key, string(d), database.GENERATED_TABLE_NAME)
			
 
				+}
			
 
				+
			
 
				 // FetchAuthSecret - manages secrets for oauth
			
 
				-func FetchAuthSecret(key string, secret string) (string, error) {
			
 
				-	var record, err = database.FetchRecord(database.GENERATED_TABLE_NAME, key)
			
 
				+func FetchAuthSecret() (string, error) {
			
 
				+	var record, err = database.FetchRecord(database.GENERATED_TABLE_NAME, auth_key)
			
 
				 	if err != nil {
			
 
				-		if err = database.Insert(key, secret, database.GENERATED_TABLE_NAME); err != nil {
			
 
				-			return "", err
			
 
				-		} else {
			
 
				-			return secret, nil
			
 
				-		}
			
 
				+		return "", err
			
 
				 	}
			
 
				 	return record, nil
			
 
				 }
			
--- a/main.go
+++ b/main.go
@@ -155,7 +155,7 @@ func runMessageQueue(wg *sync.WaitGroup, ctx context.Context) {
 
				 	defer wg.Done()
			
 
				 	brokerHost, _ := servercfg.GetMessageQueueEndpoint()
			
 
				 	logger.Log(0, "connecting to mq broker at", brokerHost)
			
 
				-	mq.SetupMQTT()
			
 
				+	mq.SetupMQTT(true)
			
 
				 	if mq.IsConnected() {
			
 
				 		logger.Log(0, "connected to MQ Broker")
			
 
				 	} else {
			
--- a/mq/mq.go
+++ b/mq/mq.go
@@ -32,6 +32,7 @@ func setMqOptions(user, password string, opts *mqtt.ClientOptions) {
 
				 	opts.SetPassword(password)
			
 
				 	opts.SetAutoReconnect(true)
			
 
				 	opts.SetConnectRetry(true)
			
 
				+	opts.SetCleanSession(true)
			
 
				 	opts.SetConnectRetryInterval(time.Second * 4)
			
 
				 	opts.SetKeepAlive(time.Minute)
			
 
				 	opts.SetCleanSession(true)
			
@@ -39,7 +40,7 @@ func setMqOptions(user, password string, opts *mqtt.ClientOptions) {
 
				 }
			
 
				 
			
 
				 // SetupMQTT creates a connection to broker and return client
			
 
				-func SetupMQTT() {
			
 
				+func SetupMQTT(fatal bool) {
			
 
				 	if servercfg.GetBrokerType() == servercfg.EmqxBrokerType {
			
 
				 		if emqx.GetType() == servercfg.EmqxOnPremDeploy {
			
 
				 			time.Sleep(10 * time.Second) // wait for the REST endpoint to be ready
			
@@ -96,7 +97,7 @@ func SetupMQTT() {
 
				 		slog.Warn("detected broker connection lost", "err", e.Error())
			
 
				 		c.Disconnect(250)
			
 
				 		slog.Info("re-initiating MQ connection")
			
 
				-		SetupMQTT()
			
 
				+		SetupMQTT(false)
			
 
				 
			
 
				 	})
			
 
				 	mqclient = mqtt.NewClient(opts)
			
@@ -106,9 +107,16 @@ func SetupMQTT() {
 
				 			logger.Log(2, "unable to connect to broker, retrying ...")
			
 
				 			if time.Now().After(tperiod) {
			
 
				 				if token.Error() == nil {
			
 
				-					logger.FatalLog("could not connect to broker, token timeout, exiting ...")
			
 
				+					if fatal {
			
 
				+						logger.FatalLog("could not connect to broker, token timeout, exiting ...")
			
 
				+					}
			
 
				+					logger.Log(0, "could not connect to broker, token timeout, exiting ...")
			
 
				+
			
 
				 				} else {
			
 
				-					logger.FatalLog("could not connect to broker, exiting ...", token.Error().Error())
			
 
				+					if fatal {
			
 
				+						logger.FatalLog("could not connect to broker, exiting ...", token.Error().Error())
			
 
				+					}
			
 
				+					logger.Log(0, "could not connect to broker, exiting ...", token.Error().Error())
			
 
				 				}
			
 
				 			}
			
 
				 		} else {