Add rules for ACL (#306)

Add rules HTTP endpoint for frontend - CRUD operations. Add Default rule - allow all. Send network map to peers based on rules.
2026-04-16 07:16:38 +00:00 · 2022-05-21 17:21:39 +04:00
parent 11a3863c28
commit 3ce3ccc39a
21 changed files with 1197 additions and 190 deletions
--- a/management/client/client_test.go
+++ b/management/client/client_test.go
@@ -28,7 +28,6 @@ import (
 const ValidKey = "A2C8E62B-38F5-4553-B31E-DD66C696CEBB"

 func startManagement(t *testing.T) (*grpc.Server, net.Listener) {
-
 	level, _ := log.ParseLevel("debug")
 	log.SetLevel(level)

@@ -56,7 +55,10 @@ func startManagement(t *testing.T) (*grpc.Server, net.Listener) {
 	}

 	peersUpdateManager := mgmt.NewPeersUpdateManager()
-	accountManager := mgmt.NewManager(store, peersUpdateManager, nil)
+	accountManager, err := mgmt.BuildManager(store, peersUpdateManager, nil)
+	if err != nil {
+		t.Fatal(err)
+	}
 	turnManager := mgmt.NewTimeBasedAuthSecretsManager(peersUpdateManager, config.TURNConfig)
 	mgmtServer, err := mgmt.NewServer(config, accountManager, peersUpdateManager, turnManager)
 	if err != nil {
@@ -256,6 +258,7 @@ func TestClient_Sync(t *testing.T) {
 		}
 		if len(resp.GetRemotePeers()) != 1 {
 			t.Errorf("expecting RemotePeers size %d got %d", 1, len(resp.GetRemotePeers()))
+			return
 		}
 		if resp.GetRemotePeersIsEmpty() == true {
 			t.Error("expecting RemotePeers property to be false, got true")
@@ -295,37 +298,36 @@ func Test_SystemMetaDataFromClient(t *testing.T) {
 	var wg sync.WaitGroup
 	wg.Add(1)

-	mgmtMockServer.LoginFunc =
-		func(ctx context.Context, msg *proto.EncryptedMessage) (*proto.EncryptedMessage, error) {
-			peerKey, err := wgtypes.ParseKey(msg.GetWgPubKey())
-			if err != nil {
-				log.Warnf("error while parsing peer's Wireguard public key %s on Sync request.", msg.WgPubKey)
-				return nil, status.Errorf(codes.InvalidArgument, "provided wgPubKey %s is invalid", msg.WgPubKey)
-			}
-
-			loginReq := &proto.LoginRequest{}
-			err = encryption.DecryptMessage(peerKey, serverKey, msg.Body, loginReq)
-			if err != nil {
-				log.Fatal(err)
-			}
-
-			actualMeta = loginReq.GetMeta()
-			actualValidKey = loginReq.GetSetupKey()
-			wg.Done()
-
-			loginResp := &proto.LoginResponse{}
-			encryptedResp, err := encryption.EncryptMessage(peerKey, serverKey, loginResp)
-			if err != nil {
-				return nil, err
-			}
-
-			return &mgmtProto.EncryptedMessage{
-				WgPubKey: serverKey.PublicKey().String(),
-				Body:     encryptedResp,
-				Version:  0,
-			}, nil
+	mgmtMockServer.LoginFunc = func(ctx context.Context, msg *proto.EncryptedMessage) (*proto.EncryptedMessage, error) {
+		peerKey, err := wgtypes.ParseKey(msg.GetWgPubKey())
+		if err != nil {
+			log.Warnf("error while parsing peer's Wireguard public key %s on Sync request.", msg.WgPubKey)
+			return nil, status.Errorf(codes.InvalidArgument, "provided wgPubKey %s is invalid", msg.WgPubKey)
 		}

+		loginReq := &proto.LoginRequest{}
+		err = encryption.DecryptMessage(peerKey, serverKey, msg.Body, loginReq)
+		if err != nil {
+			log.Fatal(err)
+		}
+
+		actualMeta = loginReq.GetMeta()
+		actualValidKey = loginReq.GetSetupKey()
+		wg.Done()
+
+		loginResp := &proto.LoginResponse{}
+		encryptedResp, err := encryption.EncryptMessage(peerKey, serverKey, loginResp)
+		if err != nil {
+			return nil, err
+		}
+
+		return &mgmtProto.EncryptedMessage{
+			WgPubKey: serverKey.PublicKey().String(),
+			Body:     encryptedResp,
+			Version:  0,
+		}, nil
+	}
+
 	info := system.GetInfo()
 	_, err = testClient.Register(*key, ValidKey, "", info)
 	if err != nil {
@@ -370,21 +372,19 @@ func Test_GetDeviceAuthorizationFlow(t *testing.T) {
 		ProviderConfig: &proto.ProviderConfig{ClientID: "client"},
 	}

-	mgmtMockServer.GetDeviceAuthorizationFlowFunc =
-		func(ctx context.Context, req *mgmtProto.EncryptedMessage) (*proto.EncryptedMessage, error) {
-
-			encryptedResp, err := encryption.EncryptMessage(serverKey, client.key, expectedFlowInfo)
-			if err != nil {
-				return nil, err
-			}
-
-			return &mgmtProto.EncryptedMessage{
-				WgPubKey: serverKey.PublicKey().String(),
-				Body:     encryptedResp,
-				Version:  0,
-			}, nil
+	mgmtMockServer.GetDeviceAuthorizationFlowFunc = func(ctx context.Context, req *mgmtProto.EncryptedMessage) (*proto.EncryptedMessage, error) {
+		encryptedResp, err := encryption.EncryptMessage(serverKey, client.key, expectedFlowInfo)
+		if err != nil {
+			return nil, err
 		}

+		return &mgmtProto.EncryptedMessage{
+			WgPubKey: serverKey.PublicKey().String(),
+			Body:     encryptedResp,
+			Version:  0,
+		}, nil
+	}
+
 	flowInfo, err := client.GetDeviceAuthorizationFlow(serverKey)
 	if err != nil {
 		t.Error("error while retrieving device auth flow information")