server.go 6.1 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202
  1. package controller
  2. import (
  3. "crypto/ed25519"
  4. "crypto/x509"
  5. "crypto/x509/pkix"
  6. "encoding/json"
  7. "fmt"
  8. "net/http"
  9. "strings"
  10. "github.com/gorilla/mux"
  11. "github.com/gravitl/netmaker/logger"
  12. "github.com/gravitl/netmaker/logic"
  13. "github.com/gravitl/netmaker/models"
  14. "github.com/gravitl/netmaker/netclient/config"
  15. "github.com/gravitl/netmaker/servercfg"
  16. "github.com/gravitl/netmaker/serverctl"
  17. "github.com/gravitl/netmaker/tls"
  18. )
  19. func serverHandlers(r *mux.Router) {
  20. // r.HandleFunc("/api/server/addnetwork/{network}", securityCheckServer(true, http.HandlerFunc(addNetwork))).Methods("POST")
  21. r.HandleFunc("/api/server/getconfig", allowUsers(http.HandlerFunc(getConfig))).Methods("GET")
  22. r.HandleFunc("/api/server/register", authorize(true, false, "node", http.HandlerFunc(register))).Methods("POST")
  23. r.HandleFunc("/api/server/getserverinfo", authorize(true, false, "node", http.HandlerFunc(getServerInfo))).Methods("GET")
  24. }
  25. // allowUsers - allow all authenticated (valid) users - only used by getConfig, may be able to remove during refactor
  26. func allowUsers(next http.Handler) http.HandlerFunc {
  27. return func(w http.ResponseWriter, r *http.Request) {
  28. var errorResponse = models.ErrorResponse{
  29. Code: http.StatusInternalServerError, Message: logic.Unauthorized_Msg,
  30. }
  31. bearerToken := r.Header.Get("Authorization")
  32. var tokenSplit = strings.Split(bearerToken, " ")
  33. var authToken = ""
  34. if len(tokenSplit) < 2 {
  35. logic.ReturnErrorResponse(w, r, errorResponse)
  36. return
  37. } else {
  38. authToken = tokenSplit[1]
  39. }
  40. user, _, _, err := logic.VerifyUserToken(authToken)
  41. if err != nil || user == "" {
  42. logic.ReturnErrorResponse(w, r, errorResponse)
  43. return
  44. }
  45. next.ServeHTTP(w, r)
  46. }
  47. }
  48. // swagger:route DELETE /api/server/removenetwork/{network} server removeNetwork
  49. //
  50. // Remove a network from the server.
  51. //
  52. // Schemes: https
  53. //
  54. // Security:
  55. // oauth
  56. //
  57. // Responses:
  58. // 200: stringJSONResponse
  59. func removeNetwork(w http.ResponseWriter, r *http.Request) {
  60. // Set header
  61. w.Header().Set("Content-Type", "application/json")
  62. // get params
  63. var params = mux.Vars(r)
  64. network := params["network"]
  65. err := logic.DeleteNetwork(network)
  66. if err != nil {
  67. logger.Log(0, r.Header.Get("user"),
  68. fmt.Sprintf("failed to delete network [%s]: %v", network, err))
  69. json.NewEncoder(w).Encode(fmt.Sprintf("could not remove network %s from server", network))
  70. return
  71. }
  72. logger.Log(1, r.Header.Get("user"),
  73. fmt.Sprintf("deleted network [%s]: %v", network, err))
  74. json.NewEncoder(w).Encode(fmt.Sprintf("network %s removed from server", network))
  75. }
  76. // swagger:route GET /api/server/getserverinfo server getServerInfo
  77. //
  78. // Get the server configuration.
  79. //
  80. // Schemes: https
  81. //
  82. // Security:
  83. // oauth
  84. //
  85. // Responses:
  86. // 200: serverConfigResponse
  87. func getServerInfo(w http.ResponseWriter, r *http.Request) {
  88. // Set header
  89. w.Header().Set("Content-Type", "application/json")
  90. // get params
  91. json.NewEncoder(w).Encode(servercfg.GetServerInfo())
  92. //w.WriteHeader(http.StatusOK)
  93. }
  94. // swagger:route GET /api/server/getconfig server getConfig
  95. //
  96. // Get the server configuration.
  97. //
  98. // Schemes: https
  99. //
  100. // Security:
  101. // oauth
  102. //
  103. // Responses:
  104. // 200: serverConfigResponse
  105. func getConfig(w http.ResponseWriter, r *http.Request) {
  106. // Set header
  107. w.Header().Set("Content-Type", "application/json")
  108. // get params
  109. scfg := servercfg.GetServerConfig()
  110. scfg.IsEE = "no"
  111. if logic.Is_EE {
  112. scfg.IsEE = "yes"
  113. }
  114. json.NewEncoder(w).Encode(scfg)
  115. //w.WriteHeader(http.StatusOK)
  116. }
  117. // swagger:route POST /api/server/register server register
  118. //
  119. // Registers a client with the server and return the Certificate Authority and certificate.
  120. //
  121. // Schemes: https
  122. //
  123. // Security:
  124. // oauth
  125. //
  126. // Responses:
  127. // 200: registerResponse
  128. func register(w http.ResponseWriter, r *http.Request) {
  129. logger.Log(2, "processing registration request")
  130. w.Header().Set("Content-Type", "application/json")
  131. //decode body
  132. var request config.RegisterRequest
  133. if err := json.NewDecoder(r.Body).Decode(&request); err != nil {
  134. logger.Log(0, "error decoding request", err.Error())
  135. errorResponse := models.ErrorResponse{
  136. Code: http.StatusBadRequest, Message: err.Error(),
  137. }
  138. logic.ReturnErrorResponse(w, r, errorResponse)
  139. return
  140. }
  141. cert, ca, err := genCerts(&request.Key, &request.CommonName)
  142. if err != nil {
  143. logger.Log(0, "failed to generater certs ", err.Error())
  144. errorResponse := models.ErrorResponse{
  145. Code: http.StatusNotFound, Message: err.Error(),
  146. }
  147. logic.ReturnErrorResponse(w, r, errorResponse)
  148. return
  149. }
  150. //x509.Certificate.PublicKey is an interface therefore json encoding/decoding result in a string value rather than a []byte
  151. //include the actual public key so the certificate can be properly reassembled on the other end.
  152. response := config.RegisterResponse{
  153. CA: *ca,
  154. CAPubKey: (ca.PublicKey).(ed25519.PublicKey),
  155. Cert: *cert,
  156. CertPubKey: (cert.PublicKey).(ed25519.PublicKey),
  157. Broker: servercfg.GetServer(),
  158. Port: servercfg.GetMQPort(),
  159. }
  160. logger.Log(2, r.Header.Get("user"),
  161. fmt.Sprintf("registered client [%+v] with server", request))
  162. w.WriteHeader(http.StatusOK)
  163. json.NewEncoder(w).Encode(response)
  164. }
  165. // genCerts generates a client certificate and returns the certificate and root CA
  166. func genCerts(clientKey *ed25519.PrivateKey, name *pkix.Name) (*x509.Certificate, *x509.Certificate, error) {
  167. ca, err := serverctl.ReadCertFromDB(tls.ROOT_PEM_NAME)
  168. if err != nil {
  169. logger.Log(2, "root ca not found ", err.Error())
  170. return nil, nil, fmt.Errorf("root ca not found %w", err)
  171. }
  172. key, err := serverctl.ReadKeyFromDB(tls.ROOT_KEY_NAME)
  173. if err != nil {
  174. logger.Log(2, "root key not found ", err.Error())
  175. return nil, nil, fmt.Errorf("root key not found %w", err)
  176. }
  177. csr, err := tls.NewCSR(*clientKey, *name)
  178. if err != nil {
  179. logger.Log(2, "failed to generate client certificate requests", err.Error())
  180. return nil, nil, fmt.Errorf("client certification request generation failed %w", err)
  181. }
  182. cert, err := tls.NewEndEntityCert(*key, csr, ca, tls.CERTIFICATE_VALIDITY)
  183. if err != nil {
  184. logger.Log(2, "unable to generate client certificate", err.Error())
  185. return nil, nil, fmt.Errorf("client certification generation failed %w", err)
  186. }
  187. return cert, ca, nil
  188. }