Home Explore Help
Sign In
golang
/
netmaker
mirror of https://github.com/gravitl/netmaker
2
0
Fork 0
Files Issues 0 Wiki
Branch: net-1950-db-changes
Branches Tags
netmaker
/
controllers
/
user.go

user.go 29 KB
Permalink History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700701702703704705706707708709710711712713714715716717718719720721722723724725726727728729730731732733734735736737738739740741742743744745746747748749750751752753754755756757758759760761762763764765766767768769770771772773774775776777778779780781782783784785786787788789790791792793794795796797798799800801802803804805806807808809810811812813814815816817818819820821822823824825826827828829830831832833834835836837838839840841842843844845846847848849850851852853854855856857858859860 
  1. package controller
    2. 

  2. 

  3. import (
    4. 

  4. 	"encoding/json"
    5. 

  5. 	"errors"
    6. 

  6. 	"fmt"
    7. 

  7. 	"github.com/gravitl/netmaker/schema"
    8. 

  8. 	"net/http"
    9. 

  9. 	"reflect"
    10. 

  10. 	"time"
    11. 

  11. 

  12. 	"github.com/google/uuid"
    13. 

  13. 	"github.com/gorilla/mux"
    14. 

  14. 	"github.com/gorilla/websocket"
    15. 

  15. 	"github.com/gravitl/netmaker/auth"
    16. 

  16. 	"github.com/gravitl/netmaker/logger"
    17. 

  17. 	"github.com/gravitl/netmaker/logic"
    18. 

  18. 	"github.com/gravitl/netmaker/models"
    19. 

  19. 	"github.com/gravitl/netmaker/mq"
    20. 

  20. 	"github.com/gravitl/netmaker/servercfg"
    21. 

  21. 	"golang.org/x/exp/slog"
    22. 

  22. )
    23. 

  23. 

  24. var (
    25. 

  25. 	upgrader = websocket.Upgrader{}
    26. 

  26. )
    27. 

  27. 

  28. var ListRoles = listRoles
    29. 

  29. 

  30. func userHandlers(r *mux.Router) {
    31. 

  31. 	r.HandleFunc("/api/users/adm/hassuperadmin", hasSuperAdmin).Methods(http.MethodGet)
    32. 

  32. 	r.HandleFunc("/api/users/adm/createsuperadmin", createSuperAdmin).Methods(http.MethodPost)
    33. 

  33. 	r.HandleFunc("/api/users/adm/transfersuperadmin/{username}", logic.SecurityCheck(true, http.HandlerFunc(transferSuperAdmin))).
    34. 

  34. 		Methods(http.MethodPost)
    35. 

  35. 	r.HandleFunc("/api/users/adm/authenticate", authenticateUser).Methods(http.MethodPost)
    36. 

  36. 	r.HandleFunc("/api/users/{username}", logic.SecurityCheck(true, http.HandlerFunc(updateUser))).Methods(http.MethodPut)
    37. 

  37. 	r.HandleFunc("/api/users/{username}", logic.SecurityCheck(true, checkFreeTierLimits(limitChoiceUsers, http.HandlerFunc(createUser)))).Methods(http.MethodPost)
    38. 

  38. 	r.HandleFunc("/api/users/{username}", logic.SecurityCheck(true, http.HandlerFunc(deleteUser))).Methods(http.MethodDelete)
    39. 

  39. 	r.HandleFunc("/api/users/{username}", logic.SecurityCheck(false, logic.ContinueIfUserMatch(http.HandlerFunc(getUser)))).Methods(http.MethodGet)
    40. 

  40. 	r.HandleFunc("/api/v1/users", logic.SecurityCheck(false, logic.ContinueIfUserMatch(http.HandlerFunc(getUserV1)))).Methods(http.MethodGet)
    41. 

  41. 	r.HandleFunc("/api/users", logic.SecurityCheck(true, http.HandlerFunc(getUsers))).Methods(http.MethodGet)
    42. 

  42. 	r.HandleFunc("/api/v1/users/roles", logic.SecurityCheck(true, http.HandlerFunc(ListRoles))).Methods(http.MethodGet)
    43. 

  43. 	r.HandleFunc("/api/v1/users/access_token", logic.SecurityCheck(true, http.HandlerFunc(createUserAccessToken))).Methods(http.MethodPost)
    44. 

  44. 	r.HandleFunc("/api/v1/users/access_token", logic.SecurityCheck(true, http.HandlerFunc(getUserAccessTokens))).Methods(http.MethodGet)
    45. 

  45. 	r.HandleFunc("/api/v1/users/access_token", logic.SecurityCheck(true, http.HandlerFunc(deleteUserAccessTokens))).Methods(http.MethodDelete)
    46. 

  46. }
    47. 

  47. 

  48. // @Summary     Authenticate a user to retrieve an authorization token
    49. 

  49. // @Router      /api/v1/users/{username}/access_token [post]
    50. 

  50. // @Tags        Auth
    51. 

  51. // @Accept      json
    52. 

  52. // @Param       body body models.UserAuthParams true "Authentication parameters"
    53. 

  53. // @Success     200 {object} models.SuccessResponse
    54. 

  54. // @Failure     400 {object} models.ErrorResponse
    55. 

  55. // @Failure     401 {object} models.ErrorResponse
    56. 

  56. // @Failure     500 {object} models.ErrorResponse
    57. 

  57. func createUserAccessToken(w http.ResponseWriter, r *http.Request) {
    58. 

  58. 

  59. 	// Auth request consists of Mac Address and Password (from node that is authorizing
    60. 

  60. 	// in case of Master, auth is ignored and mac is set to "mastermac"
    61. 

  61. 	var req schema.UserAccessToken
    62. 

  62. 

  63. 	err := json.NewDecoder(r.Body).Decode(&req)
    64. 

  64. 	if err != nil {
    65. 

  65. 		logger.Log(0, "error decoding request body: ",
    66. 

  66. 			err.Error())
    67. 

  67. 		logic.ReturnErrorResponse(w, r, logic.FormatError(err, "badrequest"))
    68. 

  68. 		return
    69. 

  69. 	}
    70. 

  70. 	if req.Name == "" {
    71. 

  71. 		logic.ReturnErrorResponse(w, r, logic.FormatError(errors.New("name is required"), "badrequest"))
    72. 

  72. 		return
    73. 

  73. 	}
    74. 

  74. 	if req.UserName == "" {
    75. 

  75. 		logic.ReturnErrorResponse(w, r, logic.FormatError(errors.New("username is required"), "badrequest"))
    76. 

  76. 		return
    77. 

  77. 	}
    78. 

  78. 

  79. 	user, err := logic.GetUser(req.UserName)
    80. 

  80. 	if err != nil {
    81. 

  81. 		logic.ReturnErrorResponse(w, r, logic.FormatError(err, "unauthorized"))
    82. 

  82. 		return
    83. 

  83. 	}
    84. 

  84. 	if logic.IsOauthUser(user) == nil {
    85. 

  85. 		logic.ReturnErrorResponse(w, r, logic.FormatError(errors.New("user is registered via SSO"), "badrequest"))
    86. 

  86. 		return
    87. 

  87. 	}
    88. 

  88. 	req.ID = uuid.New().String()
    89. 

  89. 	req.CreatedBy = r.Header.Get("user")
    90. 

  90. 	req.CreatedAt = time.Now()
    91. 

  91. 	jwt, err := logic.CreateUserAccessJwtToken(user.UserName, user.PlatformRoleID, req.ExpiresAt, req.ID)
    92. 

  92. 	if jwt == "" {
    93. 

  93. 		// very unlikely that err is !nil and no jwt returned, but handle it anyways.
    94. 

  94. 		logic.ReturnErrorResponse(
    95. 

  95. 			w,
    96. 

  96. 			r,
    97. 

  97. 			logic.FormatError(errors.New("error creating access token "+err.Error()), "internal"),
    98. 

  98. 		)
    99. 

  99. 		return
    100. 

  100. 	}
    101. 

  101. 	err = req.Create(r.Context())
    102. 

  102. 	if err != nil {
    103. 

  103. 		logic.ReturnErrorResponse(
    104. 

  104. 			w,
    105. 

  105. 			r,
    106. 

  106. 			logic.FormatError(errors.New("error creating access token "+err.Error()), "internal"),
    107. 

  107. 		)
    108. 

  108. 		return
    109. 

  109. 	}
    110. 

  110. 	logic.ReturnSuccessResponseWithJson(w, r, models.SuccessfulUserLoginResponse{
    111. 

  111. 		AuthToken: jwt,
    112. 

  112. 		UserName:  req.UserName,
    113. 

  113. 	}, "api access token has generated for user "+req.UserName)
    114. 

  114. }
    115. 

  115. 

  116. // @Summary     Authenticate a user to retrieve an authorization token
    117. 

  117. // @Router      /api/v1/users/{username}/access_token [post]
    118. 

  118. // @Tags        Auth
    119. 

  119. // @Accept      json
    120. 

  120. // @Param       body body models.UserAuthParams true "Authentication parameters"
    121. 

  121. // @Success     200 {object} models.SuccessResponse
    122. 

  122. // @Failure     400 {object} models.ErrorResponse
    123. 

  123. // @Failure     401 {object} models.ErrorResponse
    124. 

  124. // @Failure     500 {object} models.ErrorResponse
    125. 

  125. func getUserAccessTokens(w http.ResponseWriter, r *http.Request) {
    126. 

  126. 	username := r.URL.Query().Get("username")
    127. 

  127. 	if username == "" {
    128. 

  128. 		logic.ReturnErrorResponse(w, r, logic.FormatError(errors.New("username is required"), "badrequest"))
    129. 

  129. 		return
    130. 

  130. 	}
    131. 

  131. 	logic.ReturnSuccessResponseWithJson(w, r, (&schema.UserAccessToken{UserName: username}).ListByUser(r.Context()), "fetched api access tokens for user "+username)
    132. 

  132. }
    133. 

  133. 

  134. // @Summary     Authenticate a user to retrieve an authorization token
    135. 

  135. // @Router      /api/v1/users/{username}/access_token [post]
    136. 

  136. // @Tags        Auth
    137. 

  137. // @Accept      json
    138. 

  138. // @Param       body body models.UserAuthParams true "Authentication parameters"
    139. 

  139. // @Success     200 {object} models.SuccessResponse
    140. 

  140. // @Failure     400 {object} models.ErrorResponse
    141. 

  141. // @Failure     401 {object} models.ErrorResponse
    142. 

  142. // @Failure     500 {object} models.ErrorResponse
    143. 

  143. func deleteUserAccessTokens(w http.ResponseWriter, r *http.Request) {
    144. 

  144. 	id := r.URL.Query().Get("id")
    145. 

  145. 	if id == "" {
    146. 

  146. 		logic.ReturnErrorResponse(w, r, logic.FormatError(errors.New("id is required"), "badrequest"))
    147. 

  147. 		return
    148. 

  148. 	}
    149. 

  149. 

  150. 	err := (&schema.UserAccessToken{ID: id}).Delete(r.Context())
    151. 

  151. 	if err != nil {
    152. 

  152. 		logic.ReturnErrorResponse(
    153. 

  153. 			w,
    154. 

  154. 			r,
    155. 

  155. 			logic.FormatError(errors.New("error deleting access token "+err.Error()), "internal"),
    156. 

  156. 		)
    157. 

  157. 		return
    158. 

  158. 	}
    159. 

  159. 	logic.ReturnSuccessResponseWithJson(w, r, nil, "revoked access token")
    160. 

  160. }
    161. 

  161. 

  162. // @Summary     Authenticate a user to retrieve an authorization token
    163. 

  163. // @Router      /api/users/adm/authenticate [post]
    164. 

  164. // @Tags        Auth
    165. 

  165. // @Accept      json
    166. 

  166. // @Param       body body models.UserAuthParams true "Authentication parameters"
    167. 

  167. // @Success     200 {object} models.SuccessResponse
    168. 

  168. // @Failure     400 {object} models.ErrorResponse
    169. 

  169. // @Failure     401 {object} models.ErrorResponse
    170. 

  170. // @Failure     500 {object} models.ErrorResponse
    171. 

  171. func authenticateUser(response http.ResponseWriter, request *http.Request) {
    172. 

  172. 

  173. 	// Auth request consists of Mac Address and Password (from node that is authorizing
    174. 

  174. 	// in case of Master, auth is ignored and mac is set to "mastermac"
    175. 

  175. 	var authRequest models.UserAuthParams
    176. 

  176. 	var errorResponse = models.ErrorResponse{
    177. 

  177. 		Code: http.StatusInternalServerError, Message: "W1R3: It's not you it's me.",
    178. 

  178. 	}
    179. 

  179. 	user, err := logic.GetUser(authRequest.UserName)
    180. 

  180. 	if err != nil {
    181. 

  181. 		logger.Log(0, authRequest.UserName, "user validation failed: ",
    182. 

  182. 			err.Error())
    183. 

  183. 		logic.ReturnErrorResponse(response, request, logic.FormatError(err, "unauthorized"))
    184. 

  184. 		return
    185. 

  185. 	}
    186. 

  186. 	if logic.IsOauthUser(user) == nil {
    187. 

  187. 		logic.ReturnErrorResponse(response, request, logic.FormatError(errors.New("user is registered via SSO"), "badrequest"))
    188. 

  188. 		return
    189. 

  189. 	}
    190. 

  190. 	if !user.IsSuperAdmin && !logic.IsBasicAuthEnabled() {
    191. 

  191. 		logic.ReturnErrorResponse(
    192. 

  192. 			response,
    193. 

  193. 			request,
    194. 

  194. 			logic.FormatError(fmt.Errorf("basic auth is disabled"), "badrequest"),
    195. 

  195. 		)
    196. 

  196. 		return
    197. 

  197. 	}
    198. 

  198. 

  199. 	decoder := json.NewDecoder(request.Body)
    200. 

  200. 	decoderErr := decoder.Decode(&authRequest)
    201. 

  201. 	defer request.Body.Close()
    202. 

  202. 	if decoderErr != nil {
    203. 

  203. 		logger.Log(0, "error decoding request body: ",
    204. 

  204. 			decoderErr.Error())
    205. 

  205. 		logic.ReturnErrorResponse(response, request, errorResponse)
    206. 

  206. 		return
    207. 

  207. 	}
    208. 

  208. 	if val := request.Header.Get("From-Ui"); val == "true" {
    209. 

  209. 		// request came from UI, if normal user block Login
    210. 

  210. 

  211. 		role, err := logic.GetRole(user.PlatformRoleID)
    212. 

  212. 		if err != nil {
    213. 

  213. 			logic.ReturnErrorResponse(response, request, logic.FormatError(errors.New("access denied to dashboard"), "unauthorized"))
    214. 

  214. 			return
    215. 

  215. 		}
    216. 

  216. 		if role.DenyDashboardAccess {
    217. 

  217. 			logic.ReturnErrorResponse(response, request, logic.FormatError(errors.New("access denied to dashboard"), "unauthorized"))
    218. 

  218. 			return
    219. 

  219. 		}
    220. 

  220. 	}
    221. 

  221. 

  222. 	username := authRequest.UserName
    223. 

  223. 	jwt, err := logic.VerifyAuthRequest(authRequest)
    224. 

  224. 	if err != nil {
    225. 

  225. 		logger.Log(0, username, "user validation failed: ",
    226. 

  226. 			err.Error())
    227. 

  227. 		logic.ReturnErrorResponse(response, request, logic.FormatError(err, "badrequest"))
    228. 

  228. 		return
    229. 

  229. 	}
    230. 

  230. 

  231. 	if jwt == "" {
    232. 

  232. 		// very unlikely that err is !nil and no jwt returned, but handle it anyways.
    233. 

  233. 		logger.Log(0, username, "jwt token is empty")
    234. 

  234. 		logic.ReturnErrorResponse(
    235. 

  235. 			response,
    236. 

  236. 			request,
    237. 

  237. 			logic.FormatError(errors.New("no token returned"), "internal"),
    238. 

  238. 		)
    239. 

  239. 		return
    240. 

  240. 	}
    241. 

  241. 

  242. 	var successResponse = models.SuccessResponse{
    243. 

  243. 		Code:    http.StatusOK,
    244. 

  244. 		Message: "W1R3: Device " + username + " Authorized",
    245. 

  245. 		Response: models.SuccessfulUserLoginResponse{
    246. 

  246. 			AuthToken: jwt,
    247. 

  247. 			UserName:  username,
    248. 

  248. 		},
    249. 

  249. 	}
    250. 

  250. 	// Send back the JWT
    251. 

  251. 	successJSONResponse, jsonError := json.Marshal(successResponse)
    252. 

  252. 	if jsonError != nil {
    253. 

  253. 		logger.Log(0, username,
    254. 

  254. 			"error marshalling resp: ", jsonError.Error())
    255. 

  255. 		logic.ReturnErrorResponse(response, request, errorResponse)
    256. 

  256. 		return
    257. 

  257. 	}
    258. 

  258. 	logger.Log(2, username, "was authenticated")
    259. 

  259. 	response.Header().Set("Content-Type", "application/json")
    260. 

  260. 	response.Write(successJSONResponse)
    261. 

  261. 

  262. 	go func() {
    263. 

  263. 		if servercfg.IsPro && logic.GetRacAutoDisable() {
    264. 

  264. 			// enable all associeated clients for the user
    265. 

  265. 			clients, err := logic.GetAllExtClients()
    266. 

  266. 			if err != nil {
    267. 

  267. 				slog.Error("error getting clients: ", "error", err)
    268. 

  268. 				return
    269. 

  269. 			}
    270. 

  270. 			for _, client := range clients {
    271. 

  271. 				if client.OwnerID == username && !client.Enabled {
    272. 

  272. 					slog.Info(
    273. 

  273. 						fmt.Sprintf(
    274. 

  274. 							"enabling ext client %s for user %s due to RAC autodisabling feature",
    275. 

  275. 							client.ClientID,
    276. 

  276. 							client.OwnerID,
    277. 

  277. 						),
    278. 

  278. 					)
    279. 

  279. 					if newClient, err := logic.ToggleExtClientConnectivity(&client, true); err != nil {
    280. 

  280. 						slog.Error(
    281. 

  281. 							"error enabling ext client in RAC autodisable hook",
    282. 

  282. 							"error",
    283. 

  283. 							err,
    284. 

  284. 						)
    285. 

  285. 						continue // dont return but try for other clients
    286. 

  286. 					} else {
    287. 

  287. 						// publish peer update to ingress gateway
    288. 

  288. 						if ingressNode, err := logic.GetNodeByID(newClient.IngressGatewayID); err == nil {
    289. 

  289. 							if err = mq.PublishPeerUpdate(false); err != nil {
    290. 

  290. 								slog.Error("error updating ext clients on", "ingress", ingressNode.ID.String(), "err", err.Error())
    291. 

  291. 							}
    292. 

  292. 						}
    293. 

  293. 					}
    294. 

  294. 				}
    295. 

  295. 			}
    296. 

  296. 		}
    297. 

  297. 	}()
    298. 

  298. }
    299. 

  299. 

  300. // @Summary     Check if the server has a super admin
    301. 

  301. // @Router      /api/users/adm/hassuperadmin [get]
    302. 

  302. // @Tags        Users
    303. 

  303. // @Success     200 {object} bool
    304. 

  304. // @Failure     500 {object} models.ErrorResponse
    305. 

  305. func hasSuperAdmin(w http.ResponseWriter, r *http.Request) {
    306. 

  306. 

  307. 	w.Header().Set("Content-Type", "application/json")
    308. 

  308. 

  309. 	hasSuperAdmin, err := logic.HasSuperAdmin()
    310. 

  310. 	if err != nil {
    311. 

  311. 		logger.Log(0, "failed to check for admin: ", err.Error())
    312. 

  312. 		logic.ReturnErrorResponse(w, r, logic.FormatError(err, "internal"))
    313. 

  313. 		return
    314. 

  314. 	}
    315. 

  315. 

  316. 	json.NewEncoder(w).Encode(hasSuperAdmin)
    317. 

  317. 

  318. }
    319. 

  319. 

  320. // @Summary     Get an individual user
    321. 

  321. // @Router      /api/users/{username} [get]
    322. 

  322. // @Tags        Users
    323. 

  323. // @Param       username path string true "Username of the user to fetch"
    324. 

  324. // @Success     200 {object} models.User
    325. 

  325. // @Failure     500 {object} models.ErrorResponse
    326. 

  326. func getUser(w http.ResponseWriter, r *http.Request) {
    327. 

  327. 	// set header.
    328. 

  328. 	w.Header().Set("Content-Type", "application/json")
    329. 

  329. 

  330. 	var params = mux.Vars(r)
    331. 

  331. 	usernameFetched := params["username"]
    332. 

  332. 	user, err := logic.GetReturnUser(usernameFetched)
    333. 

  333. 

  334. 	if err != nil {
    335. 

  335. 		logger.Log(0, usernameFetched, "failed to fetch user: ", err.Error())
    336. 

  336. 		logic.ReturnErrorResponse(w, r, logic.FormatError(err, "internal"))
    337. 

  337. 		return
    338. 

  338. 	}
    339. 

  339. 	logger.Log(2, r.Header.Get("user"), "fetched user", usernameFetched)
    340. 

  340. 	json.NewEncoder(w).Encode(user)
    341. 

  341. }
    342. 

  342. 

  343. // swagger:route GET /api/v1/users user getUserV1
    344. 

  344. //
    345. 

  345. // Get an individual user with role info.
    346. 

  346. //
    347. 

  347. //			Schemes: https
    348. 

  348. //
    349. 

  349. //			Security:
    350. 

  350. //	  		oauth
    351. 

  351. //
    352. 

  352. //			Responses:
    353. 

  353. //				200: ReturnUserWithRolesAndGroups
    354. 

  354. func getUserV1(w http.ResponseWriter, r *http.Request) {
    355. 

  355. 	// set header.
    356. 

  356. 	w.Header().Set("Content-Type", "application/json")
    357. 

  357. 	usernameFetched := r.URL.Query().Get("username")
    358. 

  358. 	if usernameFetched == "" {
    359. 

  359. 		logic.ReturnErrorResponse(w, r, logic.FormatError(errors.New("username is required"), "badrequest"))
    360. 

  360. 		return
    361. 

  361. 	}
    362. 

  362. 	user, err := logic.GetReturnUser(usernameFetched)
    363. 

  363. 	if err != nil {
    364. 

  364. 		logger.Log(0, usernameFetched, "failed to fetch user: ", err.Error())
    365. 

  365. 		logic.ReturnErrorResponse(w, r, logic.FormatError(err, "internal"))
    366. 

  366. 		return
    367. 

  367. 	}
    368. 

  368. 	userRoleTemplate, err := logic.GetRole(user.PlatformRoleID)
    369. 

  369. 	if err != nil {
    370. 

  370. 		logic.ReturnErrorResponse(w, r, logic.FormatError(err, "internal"))
    371. 

  371. 		return
    372. 

  372. 	}
    373. 

  373. 	resp := models.ReturnUserWithRolesAndGroups{
    374. 

  374. 		ReturnUser:   user,
    375. 

  375. 		PlatformRole: userRoleTemplate,
    376. 

  376. 		UserGroups:   map[models.UserGroupID]models.UserGroup{},
    377. 

  377. 	}
    378. 

  378. 	for gId := range user.UserGroups {
    379. 

  379. 		grp, err := logic.GetUserGroup(gId)
    380. 

  380. 		if err != nil {
    381. 

  381. 			logic.ReturnErrorResponse(w, r, logic.FormatError(err, "internal"))
    382. 

  382. 			return
    383. 

  383. 		}
    384. 

  384. 		resp.UserGroups[gId] = grp
    385. 

  385. 	}
    386. 

  386. 	logger.Log(2, r.Header.Get("user"), "fetched user", usernameFetched)
    387. 

  387. 	logic.ReturnSuccessResponseWithJson(w, r, resp, "fetched user with role info")
    388. 

  388. }
    389. 

  389. 

  390. // swagger:route GET /api/users user getUsers
    391. 

  391. //
    392. 

  392. // Get all users.
    393. 

  393. //
    394. 

  394. //			Schemes: https
    395. 

  395. //
    396. 

  396. //			Security:
    397. 

  397. //	  		oauth
    398. 

  398. //
    399. 

  399. //			Responses:
    400. 

  400. //				200: userBodyResponse
    401. 

  401. func getUsers(w http.ResponseWriter, r *http.Request) {
    402. 

  402. 	// set header.
    403. 

  403. 	w.Header().Set("Content-Type", "application/json")
    404. 

  404. 

  405. 	users, err := logic.GetUsers()
    406. 

  406. 

  407. 	if err != nil {
    408. 

  408. 		logger.Log(0, "failed to fetch users: ", err.Error())
    409. 

  409. 		logic.ReturnErrorResponse(w, r, logic.FormatError(err, "internal"))
    410. 

  410. 		return
    411. 

  411. 	}
    412. 

  412. 

  413. 	logic.SortUsers(users[:])
    414. 

  414. 	logger.Log(2, r.Header.Get("user"), "fetched users")
    415. 

  415. 	json.NewEncoder(w).Encode(users)
    416. 

  416. }
    417. 

  417. 

  418. // @Summary     Create a super admin
    419. 

  419. // @Router      /api/users/adm/createsuperadmin [post]
    420. 

  420. // @Tags        Users
    421. 

  421. // @Param       body body models.User true "User details"
    422. 

  422. // @Success     200 {object} models.User
    423. 

  423. // @Failure     400 {object} models.ErrorResponse
    424. 

  424. // @Failure     500 {object} models.ErrorResponse
    425. 

  425. func createSuperAdmin(w http.ResponseWriter, r *http.Request) {
    426. 

  426. 	w.Header().Set("Content-Type", "application/json")
    427. 

  427. 

  428. 	var u models.User
    429. 

  429. 

  430. 	err := json.NewDecoder(r.Body).Decode(&u)
    431. 

  431. 	if err != nil {
    432. 

  432. 		slog.Error("error decoding request body", "error", err.Error())
    433. 

  433. 		logic.ReturnErrorResponse(w, r, logic.FormatError(err, "badrequest"))
    434. 

  434. 		return
    435. 

  435. 	}
    436. 

  436. 

  437. 	if !logic.IsBasicAuthEnabled() {
    438. 

  438. 		logic.ReturnErrorResponse(
    439. 

  439. 			w,
    440. 

  440. 			r,
    441. 

  441. 			logic.FormatError(fmt.Errorf("basic auth is disabled"), "badrequest"),
    442. 

  442. 		)
    443. 

  443. 		return
    444. 

  444. 	}
    445. 

  445. 

  446. 	err = logic.CreateSuperAdmin(&u)
    447. 

  447. 	if err != nil {
    448. 

  448. 		slog.Error("failed to create admin", "error", err.Error())
    449. 

  449. 		logic.ReturnErrorResponse(w, r, logic.FormatError(err, "badrequest"))
    450. 

  450. 		return
    451. 

  451. 	}
    452. 

  452. 	logger.Log(1, u.UserName, "was made a super admin")
    453. 

  453. 	json.NewEncoder(w).Encode(logic.ToReturnUser(u))
    454. 

  454. }
    455. 

  455. 

  456. // @Summary     Transfer super admin role to another admin user
    457. 

  457. // @Router      /api/users/adm/transfersuperadmin/{username} [post]
    458. 

  458. // @Tags        Users
    459. 

  459. // @Param       username path string true "Username of the user to transfer super admin role"
    460. 

  460. // @Success     200 {object} models.User
    461. 

  461. // @Failure     403 {object} models.ErrorResponse
    462. 

  462. // @Failure     500 {object} models.ErrorResponse
    463. 

  463. func transferSuperAdmin(w http.ResponseWriter, r *http.Request) {
    464. 

  464. 	w.Header().Set("Content-Type", "application/json")
    465. 

  465. 	caller, err := logic.GetUser(r.Header.Get("user"))
    466. 

  466. 	if err != nil {
    467. 

  467. 		logic.ReturnErrorResponse(w, r, logic.FormatError(err, "internal"))
    468. 

  468. 	}
    469. 

  469. 	if caller.PlatformRoleID != models.SuperAdminRole {
    470. 

  470. 		logic.ReturnErrorResponse(w, r, logic.FormatError(errors.New("only superadmin can assign the superadmin role to another user"), "forbidden"))
    471. 

  471. 		return
    472. 

  472. 	}
    473. 

  473. 	var params = mux.Vars(r)
    474. 

  474. 	username := params["username"]
    475. 

  475. 	u, err := logic.GetUser(username)
    476. 

  476. 	if err != nil {
    477. 

  477. 		slog.Error("error getting user", "user", u.UserName, "error", err.Error())
    478. 

  478. 		logic.ReturnErrorResponse(w, r, logic.FormatError(err, "badrequest"))
    479. 

  479. 		return
    480. 

  480. 	}
    481. 

  481. 	if u.PlatformRoleID != models.AdminRole {
    482. 

  482. 		logic.ReturnErrorResponse(w, r, logic.FormatError(errors.New("only admins can be promoted to superadmin role"), "forbidden"))
    483. 

  483. 		return
    484. 

  484. 	}
    485. 

  485. 	if !logic.IsBasicAuthEnabled() {
    486. 

  486. 		logic.ReturnErrorResponse(
    487. 

  487. 			w,
    488. 

  488. 			r,
    489. 

  489. 			logic.FormatError(fmt.Errorf("basic auth is disabled"), "badrequest"),
    490. 

  490. 		)
    491. 

  491. 		return
    492. 

  492. 	}
    493. 

  493. 

  494. 	u.PlatformRoleID = models.SuperAdminRole
    495. 

  495. 	err = logic.UpsertUser(*u)
    496. 

  496. 	if err != nil {
    497. 

  497. 		slog.Error("error updating user to superadmin: ", "user", u.UserName, "error", err.Error())
    498. 

  498. 		logic.ReturnErrorResponse(w, r, logic.FormatError(err, "internal"))
    499. 

  499. 		return
    500. 

  500. 	}
    501. 

  501. 	caller.PlatformRoleID = models.AdminRole
    502. 

  502. 	err = logic.UpsertUser(*caller)
    503. 

  503. 	if err != nil {
    504. 

  504. 		slog.Error("error demoting user to admin: ", "user", caller.UserName, "error", err.Error())
    505. 

  505. 		logic.ReturnErrorResponse(w, r, logic.FormatError(err, "internal"))
    506. 

  506. 		return
    507. 

  507. 	}
    508. 

  508. 	slog.Info("user was made a super admin", "user", u.UserName)
    509. 

  509. 	json.NewEncoder(w).Encode(logic.ToReturnUser(*u))
    510. 

  510. }
    511. 

  511. 

  512. // @Summary     Create a user
    513. 

  513. // @Router      /api/users/{username} [post]
    514. 

  514. // @Tags        Users
    515. 

  515. // @Param       username path string true "Username of the user to create"
    516. 

  516. // @Param       body body models.User true "User details"
    517. 

  517. // @Success     200 {object} models.User
    518. 

  518. // @Failure     400 {object} models.ErrorResponse
    519. 

  519. // @Failure     403 {object} models.ErrorResponse
    520. 

  520. // @Failure     500 {object} models.ErrorResponse
    521. 

  521. func createUser(w http.ResponseWriter, r *http.Request) {
    522. 

  522. 	w.Header().Set("Content-Type", "application/json")
    523. 

  523. 	caller, err := logic.GetUser(r.Header.Get("user"))
    524. 

  524. 	if err != nil {
    525. 

  525. 		logic.ReturnErrorResponse(w, r, logic.FormatError(err, "badrequest"))
    526. 

  526. 		return
    527. 

  527. 	}
    528. 

  528. 	var user models.User
    529. 

  529. 	err = json.NewDecoder(r.Body).Decode(&user)
    530. 

  530. 	if err != nil {
    531. 

  531. 		logger.Log(0, user.UserName, "error decoding request body: ",
    532. 

  532. 			err.Error())
    533. 

  533. 		logic.ReturnErrorResponse(w, r, logic.FormatError(err, "badrequest"))
    534. 

  534. 		return
    535. 

  535. 	}
    536. 

  536. 	if !servercfg.IsPro {
    537. 

  537. 		user.PlatformRoleID = models.AdminRole
    538. 

  538. 	}
    539. 

  539. 

  540. 	if user.PlatformRoleID == "" {
    541. 

  541. 		logic.ReturnErrorResponse(w, r, logic.FormatError(errors.New("platform role is missing"), "badrequest"))
    542. 

  542. 		return
    543. 

  543. 	}
    544. 

  544. 	userRole, err := logic.GetRole(user.PlatformRoleID)
    545. 

  545. 	if err != nil {
    546. 

  546. 		err = errors.New("error fetching role " + user.PlatformRoleID.String() + " " + err.Error())
    547. 

  547. 		slog.Error("error creating new user: ", "user", user.UserName, "error", err)
    548. 

  548. 		logic.ReturnErrorResponse(w, r, logic.FormatError(err, "badrequest"))
    549. 

  549. 		return
    550. 

  550. 	}
    551. 

  551. 	if userRole.ID == models.SuperAdminRole {
    552. 

  552. 		err = errors.New("additional superadmins cannot be created")
    553. 

  553. 		slog.Error("error creating new user: ", "user", user.UserName, "error", err)
    554. 

  554. 		logic.ReturnErrorResponse(w, r, logic.FormatError(err, "forbidden"))
    555. 

  555. 		return
    556. 

  556. 	}
    557. 

  557. 

  558. 	if caller.PlatformRoleID != models.SuperAdminRole && user.PlatformRoleID == models.AdminRole {
    559. 

  559. 		err = errors.New("only superadmin can create admin users")
    560. 

  560. 		slog.Error("error creating new user: ", "user", user.UserName, "error", err)
    561. 

  561. 		logic.ReturnErrorResponse(w, r, logic.FormatError(err, "forbidden"))
    562. 

  562. 		return
    563. 

  563. 	}
    564. 

  564. 

  565. 	if !servercfg.IsPro && user.PlatformRoleID != models.AdminRole {
    566. 

  566. 		logic.ReturnErrorResponse(w, r, logic.FormatError(errors.New("non-admins users can only be created on Pro version"), "forbidden"))
    567. 

  567. 		return
    568. 

  568. 	}
    569. 

  569. 

  570. 	err = logic.CreateUser(&user)
    571. 

  571. 	if err != nil {
    572. 

  572. 		slog.Error("error creating new user: ", "user", user.UserName, "error", err.Error())
    573. 

  573. 		logic.ReturnErrorResponse(w, r, logic.FormatError(err, "badrequest"))
    574. 

  574. 		return
    575. 

  575. 	}
    576. 

  576. 	logic.DeleteUserInvite(user.UserName)
    577. 

  577. 	logic.DeletePendingUser(user.UserName)
    578. 

  578. 	go mq.PublishPeerUpdate(false)
    579. 

  579. 	slog.Info("user was created", "username", user.UserName)
    580. 

  580. 	json.NewEncoder(w).Encode(logic.ToReturnUser(user))
    581. 

  581. }
    582. 

  582. 

  583. // @Summary     Update a user
    584. 

  584. // @Router      /api/users/{username} [put]
    585. 

  585. // @Tags        Users
    586. 

  586. // @Param       username path string true "Username of the user to update"
    587. 

  587. // @Param       body body models.User true "User details"
    588. 

  588. // @Success     200 {object} models.User
    589. 

  589. // @Failure     400 {object} models.ErrorResponse
    590. 

  590. // @Failure     403 {object} models.ErrorResponse
    591. 

  591. // @Failure     500 {object} models.ErrorResponse
    592. 

  592. func updateUser(w http.ResponseWriter, r *http.Request) {
    593. 

  593. 	w.Header().Set("Content-Type", "application/json")
    594. 

  594. 	var params = mux.Vars(r)
    595. 

  595. 	// start here
    596. 

  596. 	var caller *models.User
    597. 

  597. 	var err error
    598. 

  598. 	var ismaster bool
    599. 

  599. 	if r.Header.Get("user") == logic.MasterUser {
    600. 

  600. 		ismaster = true
    601. 

  601. 	} else {
    602. 

  602. 		caller, err = logic.GetUser(r.Header.Get("user"))
    603. 

  603. 		if err != nil {
    604. 

  604. 			logic.ReturnErrorResponse(w, r, logic.FormatError(err, "internal"))
    605. 

  605. 		}
    606. 

  606. 	}
    607. 

  607. 

  608. 	username := params["username"]
    609. 

  609. 	user, err := logic.GetUser(username)
    610. 

  610. 	if err != nil {
    611. 

  611. 		logger.Log(0, username,
    612. 

  612. 			"failed to update user info: ", err.Error())
    613. 

  613. 		logic.ReturnErrorResponse(w, r, logic.FormatError(err, "internal"))
    614. 

  614. 		return
    615. 

  615. 	}
    616. 

  616. 	var userchange models.User
    617. 

  617. 	// we decode our body request params
    618. 

  618. 	err = json.NewDecoder(r.Body).Decode(&userchange)
    619. 

  619. 	if err != nil {
    620. 

  620. 		slog.Error("failed to decode body", "error ", err.Error())
    621. 

  621. 		logic.ReturnErrorResponse(w, r, logic.FormatError(err, "badrequest"))
    622. 

  622. 		return
    623. 

  623. 	}
    624. 

  624. 	if user.UserName != userchange.UserName {
    625. 

  625. 		logic.ReturnErrorResponse(
    626. 

  626. 			w,
    627. 

  627. 			r,
    628. 

  628. 			logic.FormatError(
    629. 

  629. 				errors.New("user in param and request body not matching"),
    630. 

  630. 				"badrequest",
    631. 

  631. 			),
    632. 

  632. 		)
    633. 

  633. 		return
    634. 

  634. 	}
    635. 

  635. 	selfUpdate := false
    636. 

  636. 	if !ismaster && caller.UserName == user.UserName {
    637. 

  637. 		selfUpdate = true
    638. 

  638. 	}
    639. 

  639. 

  640. 	if !ismaster && !selfUpdate {
    641. 

  641. 		if caller.PlatformRoleID == models.AdminRole && user.PlatformRoleID == models.SuperAdminRole {
    642. 

  642. 			slog.Error("non-superadmin user", "caller", caller.UserName, "attempted to update superadmin user", username)
    643. 

  643. 			logic.ReturnErrorResponse(w, r, logic.FormatError(errors.New("cannot update superadmin user"), "forbidden"))
    644. 

  644. 			return
    645. 

  645. 		}
    646. 

  646. 		if caller.PlatformRoleID != models.AdminRole && caller.PlatformRoleID != models.SuperAdminRole {
    647. 

  647. 			slog.Error("operation not allowed", "caller", caller.UserName, "attempted to update user", username)
    648. 

  648. 			logic.ReturnErrorResponse(w, r, logic.FormatError(errors.New("cannot update superadmin user"), "forbidden"))
    649. 

  649. 			return
    650. 

  650. 		}
    651. 

  651. 		if caller.PlatformRoleID == models.AdminRole && user.PlatformRoleID == models.AdminRole {
    652. 

  652. 			slog.Error("admin user cannot update another admin", "caller", caller.UserName, "attempted to update admin user", username)
    653. 

  653. 			logic.ReturnErrorResponse(w, r, logic.FormatError(errors.New("admin user cannot update another admin"), "forbidden"))
    654. 

  654. 			return
    655. 

  655. 		}
    656. 

  656. 		if caller.PlatformRoleID == models.AdminRole && userchange.PlatformRoleID == models.AdminRole {
    657. 

  657. 			err = errors.New("admin user cannot update role of an another user to admin")
    658. 

  658. 			slog.Error(
    659. 

  659. 				"failed to update user",
    660. 

  660. 				"caller",
    661. 

  661. 				caller.UserName,
    662. 

  662. 				"attempted to update user",
    663. 

  663. 				username,
    664. 

  664. 				"error",
    665. 

  665. 				err,
    666. 

  666. 			)
    667. 

  667. 			logic.ReturnErrorResponse(w, r, logic.FormatError(err, "forbidden"))
    668. 

  668. 			return
    669. 

  669. 		}
    670. 

  670. 

  671. 	}
    672. 

  672. 	if !ismaster && selfUpdate {
    673. 

  673. 		if user.PlatformRoleID != userchange.PlatformRoleID {
    674. 

  674. 			slog.Error("user cannot change his own role", "caller", caller.UserName, "attempted to update user role", username)
    675. 

  675. 			logic.ReturnErrorResponse(w, r, logic.FormatError(errors.New("user not allowed to self assign role"), "forbidden"))
    676. 

  676. 			return
    677. 

  677. 

  678. 		}
    679. 

  679. 		if servercfg.IsPro {
    680. 

  680. 			// user cannot update his own roles and groups
    681. 

  681. 			if len(user.NetworkRoles) != len(userchange.NetworkRoles) || !reflect.DeepEqual(user.NetworkRoles, userchange.NetworkRoles) {
    682. 

  682. 				err = errors.New("user cannot update self update their network roles")
    683. 

  683. 				slog.Error("failed to update user", "caller", caller.UserName, "attempted to update user", username, "error", err)
    684. 

  684. 				logic.ReturnErrorResponse(w, r, logic.FormatError(err, "forbidden"))
    685. 

  685. 				return
    686. 

  686. 			}
    687. 

  687. 			// user cannot update his own roles and groups
    688. 

  688. 			if len(user.UserGroups) != len(userchange.UserGroups) || !reflect.DeepEqual(user.UserGroups, userchange.UserGroups) {
    689. 

  689. 				err = errors.New("user cannot update self update their groups")
    690. 

  690. 				slog.Error("failed to update user", "caller", caller.UserName, "attempted to update user", username, "error", err)
    691. 

  691. 				logic.ReturnErrorResponse(w, r, logic.FormatError(err, "forbidden"))
    692. 

  692. 				return
    693. 

  693. 			}
    694. 

  694. 		}
    695. 

  695. 

  696. 	}
    697. 

  697. 	if ismaster {
    698. 

  698. 		if user.PlatformRoleID != models.SuperAdminRole && userchange.PlatformRoleID == models.SuperAdminRole {
    699. 

  699. 			slog.Error("operation not allowed", "caller", logic.MasterUser, "attempted to update user role to superadmin", username)
    700. 

  700. 			logic.ReturnErrorResponse(w, r, logic.FormatError(errors.New("attempted to update user role to superadmin"), "forbidden"))
    701. 

  701. 			return
    702. 

  702. 		}
    703. 

  703. 	}
    704. 

  704. 

  705. 	if logic.IsOauthUser(user) == nil && userchange.Password != "" {
    706. 

  706. 		err := fmt.Errorf("cannot update user's password for an oauth user %s", username)
    707. 

  707. 		logic.ReturnErrorResponse(w, r, logic.FormatError(err, "forbidden"))
    708. 

  708. 		return
    709. 

  709. 	}
    710. 

  710. 

  711. 	user, err = logic.UpdateUser(&userchange, user)
    712. 

  712. 	if err != nil {
    713. 

  713. 		logger.Log(0, username,
    714. 

  714. 			"failed to update user info: ", err.Error())
    715. 

  715. 		logic.ReturnErrorResponse(w, r, logic.FormatError(err, "badrequest"))
    716. 

  716. 		return
    717. 

  717. 	}
    718. 

  718. 	go mq.PublishPeerUpdate(false)
    719. 

  719. 	logger.Log(1, username, "was updated")
    720. 

  720. 	json.NewEncoder(w).Encode(logic.ToReturnUser(*user))
    721. 

  721. }
    722. 

  722. 

  723. // @Summary     Delete a user
    724. 

  724. // @Router      /api/users/{username} [delete]
    725. 

  725. // @Tags        Users
    726. 

  726. // @Param       username path string true "Username of the user to delete"
    727. 

  727. // @Success     200 {string} string
    728. 

  728. // @Failure     500 {object} models.ErrorResponse
    729. 

  729. func deleteUser(w http.ResponseWriter, r *http.Request) {
    730. 

  730. 	// Set header
    731. 

  731. 	w.Header().Set("Content-Type", "application/json")
    732. 

  732. 

  733. 	// get params
    734. 

  734. 	var params = mux.Vars(r)
    735. 

  735. 	caller, err := logic.GetUser(r.Header.Get("user"))
    736. 

  736. 	if err != nil {
    737. 

  737. 		logic.ReturnErrorResponse(w, r, logic.FormatError(err, "internal"))
    738. 

  738. 	}
    739. 

  739. 	callerUserRole, err := logic.GetRole(caller.PlatformRoleID)
    740. 

  740. 	if err != nil {
    741. 

  741. 		slog.Error("failed to get role ", "role", callerUserRole.ID, "error", err)
    742. 

  742. 		logic.ReturnErrorResponse(w, r, logic.FormatError(err, "internal"))
    743. 

  743. 		return
    744. 

  744. 	}
    745. 

  745. 	username := params["username"]
    746. 

  746. 	user, err := logic.GetUser(username)
    747. 

  747. 	if err != nil {
    748. 

  748. 		logger.Log(0, username,
    749. 

  749. 			"failed to update user info: ", err.Error())
    750. 

  750. 		logic.ReturnErrorResponse(w, r, logic.FormatError(err, "internal"))
    751. 

  751. 		return
    752. 

  752. 	}
    753. 

  753. 	userRole, err := logic.GetRole(user.PlatformRoleID)
    754. 

  754. 	if err != nil {
    755. 

  755. 		slog.Error("failed to get role ", "role", userRole.ID, "error", err)
    756. 

  756. 		logic.ReturnErrorResponse(w, r, logic.FormatError(err, "internal"))
    757. 

  757. 		return
    758. 

  758. 	}
    759. 

  759. 	if userRole.ID == models.SuperAdminRole {
    760. 

  760. 		slog.Error(
    761. 

  761. 			"failed to delete user: ", "user", username, "error", "superadmin cannot be deleted")
    762. 

  762. 		logic.ReturnErrorResponse(
    763. 

  763. 			w,
    764. 

  764. 			r,
    765. 

  765. 			logic.FormatError(fmt.Errorf("superadmin cannot be deleted"), "internal"),
    766. 

  766. 		)
    767. 

  767. 		return
    768. 

  768. 	}
    769. 

  769. 	if callerUserRole.ID != models.SuperAdminRole {
    770. 

  770. 		if callerUserRole.ID == models.AdminRole && userRole.ID == models.AdminRole {
    771. 

  771. 			slog.Error(
    772. 

  772. 				"failed to delete user: ",
    773. 

  773. 				"user",
    774. 

  774. 				username,
    775. 

  775. 				"error",
    776. 

  776. 				"admin cannot delete another admin user, including oneself",
    777. 

  777. 			)
    778. 

  778. 			logic.ReturnErrorResponse(
    779. 

  779. 				w,
    780. 

  780. 				r,
    781. 

  781. 				logic.FormatError(
    782. 

  782. 					fmt.Errorf("admin cannot delete another admin user, including oneself"),
    783. 

  783. 					"internal",
    784. 

  784. 				),
    785. 

  785. 			)
    786. 

  786. 			return
    787. 

  787. 		}
    788. 

  788. 	}
    789. 

  789. 	err = logic.DeleteUser(username)
    790. 

  790. 	if err != nil {
    791. 

  791. 		logger.Log(0, username,
    792. 

  792. 			"failed to delete user: ", err.Error())
    793. 

  793. 		logic.ReturnErrorResponse(w, r, logic.FormatError(err, "internal"))
    794. 

  794. 		return
    795. 

  795. 	}
    796. 

  796. 	// check and delete extclient with this ownerID
    797. 

  797. 	go func() {
    798. 

  798. 		extclients, err := logic.GetAllExtClients()
    799. 

  799. 		if err != nil {
    800. 

  800. 			slog.Error("failed to get extclients", "error", err)
    801. 

  801. 			return
    802. 

  802. 		}
    803. 

  803. 		for _, extclient := range extclients {
    804. 

  804. 			if extclient.OwnerID == user.UserName {
    805. 

  805. 				err = logic.DeleteExtClientAndCleanup(extclient)
    806. 

  806. 				if err != nil {
    807. 

  807. 					slog.Error("failed to delete extclient",
    808. 

  808. 						"id", extclient.ClientID, "owner", username, "error", err)
    809. 

  809. 				} else {
    810. 

  810. 					if err := mq.PublishDeletedClientPeerUpdate(&extclient); err != nil {
    811. 

  811. 						slog.Error("error setting ext peers: " + err.Error())
    812. 

  812. 					}
    813. 

  813. 				}
    814. 

  814. 			}
    815. 

  815. 		}
    816. 

  816. 		mq.PublishPeerUpdate(false)
    817. 

  817. 		if servercfg.IsDNSMode() {
    818. 

  818. 			logic.SetDNS()
    819. 

  819. 		}
    820. 

  820. 	}()
    821. 

  821. 	logger.Log(1, username, "was deleted")
    822. 

  822. 	json.NewEncoder(w).Encode(params["username"] + " deleted.")
    823. 

  823. }
    824. 

  824. 

  825. // Called when vpn client dials in to start the auth flow and first stage is to get register URL itself
    826. 

  826. func socketHandler(w http.ResponseWriter, r *http.Request) {
    827. 

  827. 	// Upgrade our raw HTTP connection to a websocket based one
    828. 

  828. 	conn, err := upgrader.Upgrade(w, r, nil)
    829. 

  829. 	if err != nil {
    830. 

  830. 		logger.Log(0, "error during connection upgrade for node sign-in:", err.Error())
    831. 

  831. 		return
    832. 

  832. 	}
    833. 

  833. 	if conn == nil {
    834. 

  834. 		logger.Log(0, "failed to establish web-socket connection during node sign-in")
    835. 

  835. 		return
    836. 

  836. 	}
    837. 

  837. 	// Start handling the session
    838. 

  838. 	go auth.SessionHandler(conn)
    839. 

  839. }
    840. 

  840. 

  841. // @Summary     lists all user roles.
    842. 

  842. // @Router      /api/v1/user/roles [get]
    843. 

  843. // @Tags        Users
    844. 

  844. // @Param       role_id query string true "roleid required to get the role details"
    845. 

  845. // @Success     200 {object}  []models.UserRolePermissionTemplate
    846. 

  846. // @Failure     500 {object} models.ErrorResponse
    847. 

  847. func listRoles(w http.ResponseWriter, r *http.Request) {
    848. 

  848. 	var roles []models.UserRolePermissionTemplate
    849. 

  849. 	var err error
    850. 

  850. 	roles, err = logic.ListPlatformRoles()
    851. 

  851. 	if err != nil {
    852. 

  852. 		logic.ReturnErrorResponse(w, r, models.ErrorResponse{
    853. 

  853. 			Code:    http.StatusInternalServerError,
    854. 

  854. 			Message: err.Error(),
    855. 

  855. 		})
    856. 

  856. 		return
    857. 

  857. 	}
    858. 

  858. 

  859. 	logic.ReturnSuccessResponseWithJson(w, r, roles, "successfully fetched user roles permission templates")
    860. 

  860. }
    861.