golang
/
netmaker
mirror of https://github.com/gravitl/netmaker


			
				
					
						
						
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421
							package controller

import (
	"context"
	"encoding/json"
	"errors"
	"net/http"
	"time"

	"github.com/google/uuid"
	"github.com/gorilla/mux"
	"github.com/gravitl/netmaker/db"
	"github.com/gravitl/netmaker/logger"
	"github.com/gravitl/netmaker/logic"
	"github.com/gravitl/netmaker/models"
	"github.com/gravitl/netmaker/mq"
	"github.com/gravitl/netmaker/schema"
	"gorm.io/datatypes"
)

func egressHandlers(r *mux.Router) {
	r.HandleFunc("/api/v1/egress", logic.SecurityCheck(true, http.HandlerFunc(createEgress))).Methods(http.MethodPost)
	r.HandleFunc("/api/v1/egress", logic.SecurityCheck(true, http.HandlerFunc(listEgress))).Methods(http.MethodGet)
	r.HandleFunc("/api/v1/egress", logic.SecurityCheck(true, http.HandlerFunc(updateEgress))).Methods(http.MethodPut)
	r.HandleFunc("/api/v1/egress", logic.SecurityCheck(true, http.HandlerFunc(deleteEgress))).Methods(http.MethodDelete)
}

// @Summary     Create Egress Resource
// @Router      /api/v1/egress [post]
// @Tags        Auth
// @Accept      json
// @Param       body body models.Egress
// @Success     200 {object} models.SuccessResponse
// @Failure     400 {object} models.ErrorResponse
// @Failure     401 {object} models.ErrorResponse
// @Failure     500 {object} models.ErrorResponse
func createEgress(w http.ResponseWriter, r *http.Request) {

	var req models.EgressReq
	err := json.NewDecoder(r.Body).Decode(&req)
	if err != nil {
		logger.Log(0, "error decoding request body: ",
			err.Error())
		logic.ReturnErrorResponse(w, r, logic.FormatError(err, "badrequest"))
		return
	}
	var egressRange string
	if !req.IsInetGw {
		if req.Range != "" {
			var err error
			egressRange, err = logic.NormalizeCIDR(req.Range)
			if err != nil {
				logic.ReturnErrorResponse(w, r, logic.FormatError(err, "badrequest"))
				return
			}
		}

		if req.Domain != "" {
			isDomain := logic.IsFQDN(req.Domain)
			if !isDomain {
				logic.ReturnErrorResponse(w, r, logic.FormatError(errors.New("bad domain name"), "badrequest"))
				return
			}

			egressRange = ""
		}
	} else {
		egressRange = "*"
		req.Domain = ""
	}

	e := schema.Egress{
		ID:          uuid.New().String(),
		Name:        req.Name,
		Network:     req.Network,
		Description: req.Description,
		Range:       egressRange,
		Domain:      req.Domain,
		DomainAns:   []string{},
		Nat:         req.Nat,
		Nodes:       make(datatypes.JSONMap),
		Tags:        make(datatypes.JSONMap),
		Status:      true,
		CreatedBy:   r.Header.Get("user"),
		CreatedAt:   time.Now().UTC(),
	}
	if len(req.Tags) > 0 {
		for tagID, metric := range req.Tags {
			e.Tags[tagID] = metric
		}
		e.Nodes = make(datatypes.JSONMap)
	} else {
		for nodeID, metric := range req.Nodes {
			e.Nodes[nodeID] = metric
		}
	}
	if err := logic.ValidateEgressReq(&e); err != nil {
		logic.ReturnErrorResponse(w, r, logic.FormatError(err, "badrequest"))
		return
	}
	err = e.Create(db.WithContext(r.Context()))
	if err != nil {
		logic.ReturnErrorResponse(
			w,
			r,
			logic.FormatError(errors.New("error creating egress resource"+err.Error()), "internal"),
		)
		return
	}
	logic.LogEvent(&models.Event{
		Action: models.Create,
		Source: models.Subject{
			ID:   r.Header.Get("user"),
			Name: r.Header.Get("user"),
			Type: models.UserSub,
		},
		TriggeredBy: r.Header.Get("user"),
		Target: models.Subject{
			ID:   e.ID,
			Name: e.Name,
			Type: models.EgressSub,
		},
		NetworkID: models.NetworkID(e.Network),
		Origin:    models.Dashboard,
	})
	// for nodeID := range e.Nodes {
	// 	node, err := logic.GetNodeByID(nodeID)
	// 	if err != nil {
	// 		logic.AddEgressInfoToNode(&node, e)
	// 		logic.UpsertNode(&node)
	// 	}

	// }
	if req.Domain != "" {
		if req.Nodes != nil {
			for nodeID := range req.Nodes {
				node, err := logic.GetNodeByID(nodeID)
				if err != nil {
					continue
				}
				host, _ := logic.GetHost(node.HostID.String())
				if host == nil {
					continue
				}
				mq.HostUpdate(&models.HostUpdate{
					Action: models.EgressUpdate,
					Host:   *host,
					EgressDomain: models.EgressDomain{
						ID:     e.ID,
						Host:   *host,
						Node:   node,
						Domain: e.Domain,
					},
					Node: node,
				})
			}
		}

	} else {
		go mq.PublishPeerUpdate(false)
	}

	logic.ReturnSuccessResponseWithJson(w, r, e, "created egress resource")
}

// @Summary     List Egress Resource
// @Router      /api/v1/egress [get]
// @Tags        Auth
// @Accept      json
// @Param       query network string
// @Success     200 {object} models.SuccessResponse
// @Failure     400 {object} models.ErrorResponse
// @Failure     401 {object} models.ErrorResponse
// @Failure     500 {object} models.ErrorResponse
func listEgress(w http.ResponseWriter, r *http.Request) {

	network := r.URL.Query().Get("network")
	if network == "" {
		logic.ReturnErrorResponse(w, r, logic.FormatError(errors.New("network is required"), "badrequest"))
		return
	}
	e := schema.Egress{Network: network}
	list, err := e.ListByNetwork(db.WithContext(r.Context()))
	if err != nil {
		logic.ReturnErrorResponse(
			w,
			r,
			logic.FormatError(errors.New("error listing egress resource"+err.Error()), "internal"),
		)
		return
	}
	logic.ReturnSuccessResponseWithJson(w, r, list, "fetched egress resource list")
}

// @Summary     Update Egress Resource
// @Router      /api/v1/egress [put]
// @Tags        Auth
// @Accept      json
// @Param       body body models.Egress
// @Success     200 {object} models.SuccessResponse
// @Failure     400 {object} models.ErrorResponse
// @Failure     401 {object} models.ErrorResponse
// @Failure     500 {object} models.ErrorResponse
func updateEgress(w http.ResponseWriter, r *http.Request) {

	var req models.EgressReq
	err := json.NewDecoder(r.Body).Decode(&req)
	if err != nil {
		logger.Log(0, "error decoding request body: ",
			err.Error())
		logic.ReturnErrorResponse(w, r, logic.FormatError(err, "badrequest"))
		return
	}
	var egressRange string
	if !req.IsInetGw {
		if req.Range != "" {
			var err error
			egressRange, err = logic.NormalizeCIDR(req.Range)
			if err != nil {
				logic.ReturnErrorResponse(w, r, logic.FormatError(err, "badrequest"))
				return
			}
		}

		if req.Domain != "" {
			isDomain := logic.IsFQDN(req.Domain)
			if !isDomain {
				logic.ReturnErrorResponse(w, r, logic.FormatError(errors.New("bad domain name"), "badrequest"))
				return
			}

			egressRange = ""
		}
	} else {
		egressRange = "*"
		req.Domain = ""
	}

	e := schema.Egress{ID: req.ID}
	err = e.Get(db.WithContext(r.Context()))
	if err != nil {
		logic.ReturnErrorResponse(w, r, logic.FormatError(err, "badrequest"))
		return
	}
	var updateNat bool
	var updateStatus bool
	var resetDomain bool
	var resetRange bool
	if req.Nat != e.Nat {
		updateNat = true
	}
	if req.Status != e.Status {
		updateStatus = true
	}
	if req.Domain == "" {
		resetDomain = true
	}
	if req.Range == "" || egressRange == "" {
		resetRange = true
	}
	event := &models.Event{
		Action: models.Update,
		Source: models.Subject{
			ID:   r.Header.Get("user"),
			Name: r.Header.Get("user"),
			Type: models.UserSub,
		},
		TriggeredBy: r.Header.Get("user"),
		Target: models.Subject{
			ID:   e.ID,
			Name: e.Name,
			Type: models.EgressSub,
		},
		Diff: models.Diff{
			Old: e,
		},
		NetworkID: models.NetworkID(e.Network),
		Origin:    models.Dashboard,
	}
	e.Nodes = make(datatypes.JSONMap)
	e.Tags = make(datatypes.JSONMap)
	if len(req.Tags) > 0 {
		for tagID, metric := range req.Tags {
			e.Tags[tagID] = metric
		}
		e.Nodes = make(datatypes.JSONMap)
	} else {
		for nodeID, metric := range req.Nodes {
			e.Nodes[nodeID] = metric
		}
	}
	if e.Domain != req.Domain {
		e.DomainAns = datatypes.JSONSlice[string]{}
	}
	e.Range = egressRange
	e.Description = req.Description
	e.Name = req.Name
	e.Nat = req.Nat
	e.Domain = req.Domain
	e.Status = req.Status
	e.UpdatedAt = time.Now().UTC()
	if err := logic.ValidateEgressReq(&e); err != nil {
		logic.ReturnErrorResponse(w, r, logic.FormatError(err, "badrequest"))
		return
	}
	err = e.Update(db.WithContext(context.TODO()))
	if err != nil {
		logic.ReturnErrorResponse(
			w,
			r,
			logic.FormatError(errors.New("error creating egress resource"+err.Error()), "internal"),
		)
		return
	}
	if updateNat {
		e.Nat = req.Nat
		e.UpdateNatStatus(db.WithContext(context.TODO()))
	}
	if updateStatus {
		e.Status = req.Status
		e.UpdateEgressStatus(db.WithContext(context.TODO()))
	}
	if resetDomain {
		_ = e.ResetDomain(db.WithContext(context.TODO()))
	}
	if resetRange {
		_ = e.ResetRange(db.WithContext(context.TODO()))
	}
	event.Diff.New = e
	logic.LogEvent(event)
	if req.Domain != "" {
		if req.Nodes != nil {
			for nodeID := range req.Nodes {
				node, err := logic.GetNodeByID(nodeID)
				if err != nil {
					continue
				}
				host, _ := logic.GetHost(node.HostID.String())
				if host == nil {
					continue
				}
				mq.HostUpdate(&models.HostUpdate{
					Action: models.EgressUpdate,
					Host:   *host,
					EgressDomain: models.EgressDomain{
						ID:     e.ID,
						Host:   *host,
						Node:   node,
						Domain: e.Domain,
					},
					Node: node,
				})
			}
		}

	}
	go mq.PublishPeerUpdate(false)
	logic.ReturnSuccessResponseWithJson(w, r, e, "updated egress resource")
}

// @Summary     Delete Egress Resource
// @Router      /api/v1/egress [delete]
// @Tags        Auth
// @Accept      json
// @Param       body body models.Egress
// @Success     200 {object} models.SuccessResponse
// @Failure     400 {object} models.ErrorResponse
// @Failure     401 {object} models.ErrorResponse
// @Failure     500 {object} models.ErrorResponse
func deleteEgress(w http.ResponseWriter, r *http.Request) {

	id := r.URL.Query().Get("id")
	if id == "" {
		logic.ReturnErrorResponse(w, r, logic.FormatError(errors.New("id is required"), "badrequest"))
		return
	}
	e := schema.Egress{ID: id}
	err := e.Get(db.WithContext(r.Context()))
	if err != nil {
		logic.ReturnErrorResponse(w, r, logic.FormatError(err, logic.BadReq))
		return
	}
	err = e.Delete(db.WithContext(r.Context()))
	if err != nil {
		logic.ReturnErrorResponse(w, r, logic.FormatError(err, logic.Internal))
		return
	}
	logic.LogEvent(&models.Event{
		Action: models.Delete,
		Source: models.Subject{
			ID:   r.Header.Get("user"),
			Name: r.Header.Get("user"),
			Type: models.UserSub,
		},
		TriggeredBy: r.Header.Get("user"),
		Target: models.Subject{
			ID:   e.ID,
			Name: e.Name,
			Type: models.EgressSub,
		},
		NetworkID: models.NetworkID(e.Network),
		Origin:    models.Dashboard,
	})
	// delete related acl policies
	acls := logic.ListAcls()
	for _, acl := range acls {

		for i := len(acl.Dst) - 1; i >= 0; i-- {
			if acl.Dst[i].ID == models.EgressID && acl.Dst[i].Value == id {
				acl.Dst = append(acl.Dst[:i], acl.Dst[i+1:]...)
			}
		}
		if len(acl.Dst) == 0 {
			logic.DeleteAcl(acl)
		} else {
			logic.UpsertAcl(acl)
		}
	}
	go mq.PublishPeerUpdate(false)
	logic.ReturnSuccessResponseWithJson(w, r, nil, "deleted egress resource")
}