sendnrw/netbird
2
0
Fork 0
mirror of https://github.com/netbirdio/netbird.git synced 2026-05-19 23:29:56 +00:00
Code Issues Packages Projects Releases Wiki Activity

[management] base manager

Browse Source
This commit is contained in:
Pedro Costa
2025-02-21 15:36:00 +00:00
parent eee90fbbbf
commit 7b02e9c3a8
4 changed files with 29 additions and 39 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
go.mod
View File

@@ -60,7 +60,8 @@ require (
github.com/miekg/dns v1.1.59 github.com/miekg/dns v1.1.59
github.com/mitchellh/hashstructure/v2 v2.0.2 github.com/mitchellh/hashstructure/v2 v2.0.2
github.com/nadoo/ipset v0.5.0 github.com/nadoo/ipset v0.5.0
github.com/netbirdio/management-integrations/integrations v0.0.0-20250226165736-0ac3dc443266 github.com/netbirdio/management-integrations/core v0.0.0-00010101000000-000000000000
github.com/netbirdio/management-integrations/integrations v0.0.0-20250220173202-e599d83524fc
github.com/netbirdio/signal-dispatcher/dispatcher v0.0.0-20241010133937-e0df50df217d github.com/netbirdio/signal-dispatcher/dispatcher v0.0.0-20241010133937-e0df50df217d
github.com/okta/okta-sdk-golang/v2 v2.18.0 github.com/okta/okta-sdk-golang/v2 v2.18.0
github.com/oschwald/maxminddb-golang v1.12.0 github.com/oschwald/maxminddb-golang v1.12.0
@@ -254,3 +255,5 @@ replace github.com/cloudflare/circl => github.com/cunicu/circl v0.0.0-2023080111
replace github.com/pion/ice/v3 => github.com/netbirdio/ice/v3 v3.0.0-20240315174635-e72a50fcb64e replace github.com/pion/ice/v3 => github.com/netbirdio/ice/v3 v3.0.0-20240315174635-e72a50fcb64e
replace github.com/libp2p/go-netroute => github.com/netbirdio/go-netroute v0.0.0-20240611143515-f59b0e1d3944 replace github.com/libp2p/go-netroute => github.com/netbirdio/go-netroute v0.0.0-20240611143515-f59b0e1d3944
replace github.com/netbirdio/management-integrations/core => ../../management-integrations/core

11
management/server/http/middleware/access_control.go
View File

@@ -34,7 +34,6 @@ var tokenPathRegexp = regexp.MustCompile(`^.*/api/users/.*/tokens.*$`)
// Handler method of the middleware which forbids all modify requests for non admin users // Handler method of the middleware which forbids all modify requests for non admin users
func (a *AccessControl) Handler(h http.Handler) http.Handler { func (a *AccessControl) Handler(h http.Handler) http.Handler {
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
if bypass.ShouldBypass(r.URL.Path, h, w, r) { if bypass.ShouldBypass(r.URL.Path, h, w, r) {
return return
} }
@@ -60,18 +59,16 @@ func (a *AccessControl) Handler(h http.Handler) http.Handler {
if !user.HasAdminPower() { if !user.HasAdminPower() {
switch r.Method { switch r.Method {
case http.MethodDelete, http.MethodPost, http.MethodPatch, http.MethodPut: case http.MethodDelete, http.MethodPost, http.MethodPatch, http.MethodPut:
if !tokenPathRegexp.MatchString(r.URL.Path) {
if tokenPathRegexp.MatchString(r.URL.Path) { util.WriteError(r.Context(), status.Errorf(status.PermissionDenied, "only users with admin power can perform this operation"), w)
log.WithContext(r.Context()).Debugf("valid Path")
h.ServeHTTP(w, r)
return return
} }
util.WriteError(r.Context(), status.Errorf(status.PermissionDenied, "only users with admin power can perform this operation"), w) log.WithContext(r.Context()).Debugf("valid Path")
return
} }
} }
// @todo get account settings and set it and user to context
h.ServeHTTP(w, r) h.ServeHTTP(w, r)
}) })
} }

49
management/server/networks/manager.go
View File

@@ -6,13 +6,13 @@ import (
"github.com/rs/xid" "github.com/rs/xid"
"github.com/netbirdio/management-integrations/core"
"github.com/netbirdio/netbird/management/server/account" "github.com/netbirdio/netbird/management/server/account"
"github.com/netbirdio/netbird/management/server/activity" "github.com/netbirdio/netbird/management/server/activity"
"github.com/netbirdio/netbird/management/server/networks/resources" "github.com/netbirdio/netbird/management/server/networks/resources"
"github.com/netbirdio/netbird/management/server/networks/routers" "github.com/netbirdio/netbird/management/server/networks/routers"
"github.com/netbirdio/netbird/management/server/networks/types" "github.com/netbirdio/netbird/management/server/networks/types"
"github.com/netbirdio/netbird/management/server/permissions" "github.com/netbirdio/netbird/management/server/permissions"
"github.com/netbirdio/netbird/management/server/status"
"github.com/netbirdio/netbird/management/server/store" "github.com/netbirdio/netbird/management/server/store"
) )
@@ -25,6 +25,7 @@ type Manager interface {
} }
type managerImpl struct { type managerImpl struct {
core.BaseManager
store store.Store store store.Store
accountManager account.AccountManager accountManager account.AccountManager
permissionsManager permissions.Manager permissionsManager permissions.Manager
@@ -37,33 +38,28 @@ type mockManager struct {
func NewManager(store store.Store, permissionsManager permissions.Manager, resourceManager resources.Manager, routersManager routers.Manager, accountManager account.AccountManager) Manager { func NewManager(store store.Store, permissionsManager permissions.Manager, resourceManager resources.Manager, routersManager routers.Manager, accountManager account.AccountManager) Manager {
return &managerImpl{ return &managerImpl{
store: store, BaseManager: core.NewBaseManager(core.Networks),
permissionsManager: permissionsManager, store: store,
resourcesManager: resourceManager, // permissionsManager: permissionsManager,
routersManager: routersManager, resourcesManager: resourceManager,
accountManager: accountManager, routersManager: routersManager,
accountManager: accountManager,
} }
} }
func (m *managerImpl) GetAllNetworks(ctx context.Context, accountID, userID string) ([]*types.Network, error) { func (m *managerImpl) GetAllNetworks(ctx context.Context, accountID, userID string) ([]*types.Network, error) {
ok, err := m.permissionsManager.ValidateUserPermissions(ctx, accountID, userID, permissions.Networks, permissions.Read) err := m.ValidatePermissions(ctx, core.Read)
if err != nil { if err != nil {
return nil, status.NewPermissionValidationError(err) return nil, err
}
if !ok {
return nil, status.NewPermissionDeniedError()
} }
return m.store.GetAccountNetworks(ctx, store.LockingStrengthShare, accountID) return m.store.GetAccountNetworks(ctx, store.LockingStrengthShare, accountID)
} }
func (m *managerImpl) CreateNetwork(ctx context.Context, userID string, network *types.Network) (*types.Network, error) { func (m *managerImpl) CreateNetwork(ctx context.Context, userID string, network *types.Network) (*types.Network, error) {
ok, err := m.permissionsManager.ValidateUserPermissions(ctx, network.AccountID, userID, permissions.Networks, permissions.Write) err := m.ValidatePermissions(ctx, core.Write)
if err != nil { if err != nil {
return nil, status.NewPermissionValidationError(err) return nil, err
}
if !ok {
return nil, status.NewPermissionDeniedError()
} }
network.ID = xid.New().String() network.ID = xid.New().String()
@@ -82,24 +78,18 @@ func (m *managerImpl) CreateNetwork(ctx context.Context, userID string, network
} }
func (m *managerImpl) GetNetwork(ctx context.Context, accountID, userID, networkID string) (*types.Network, error) { func (m *managerImpl) GetNetwork(ctx context.Context, accountID, userID, networkID string) (*types.Network, error) {
ok, err := m.permissionsManager.ValidateUserPermissions(ctx, accountID, userID, permissions.Networks, permissions.Read) err := m.ValidatePermissions(ctx, core.Read)
if err != nil { if err != nil {
return nil, status.NewPermissionValidationError(err) return nil, err
}
if !ok {
return nil, status.NewPermissionDeniedError()
} }
return m.store.GetNetworkByID(ctx, store.LockingStrengthShare, accountID, networkID) return m.store.GetNetworkByID(ctx, store.LockingStrengthShare, accountID, networkID)
} }
func (m *managerImpl) UpdateNetwork(ctx context.Context, userID string, network *types.Network) (*types.Network, error) { func (m *managerImpl) UpdateNetwork(ctx context.Context, userID string, network *types.Network) (*types.Network, error) {
ok, err := m.permissionsManager.ValidateUserPermissions(ctx, network.AccountID, userID, permissions.Networks, permissions.Write) err := m.ValidatePermissions(ctx, core.Write)
if err != nil { if err != nil {
return nil, status.NewPermissionValidationError(err) return nil, err
}
if !ok {
return nil, status.NewPermissionDeniedError()
} }
unlock := m.store.AcquireWriteLockByUID(ctx, network.AccountID) unlock := m.store.AcquireWriteLockByUID(ctx, network.AccountID)
@@ -116,12 +106,9 @@ func (m *managerImpl) UpdateNetwork(ctx context.Context, userID string, network
} }
func (m *managerImpl) DeleteNetwork(ctx context.Context, accountID, userID, networkID string) error { func (m *managerImpl) DeleteNetwork(ctx context.Context, accountID, userID, networkID string) error {
ok, err := m.permissionsManager.ValidateUserPermissions(ctx, accountID, userID, permissions.Networks, permissions.Write) err := m.ValidatePermissions(ctx, core.Write)
if err != nil { if err != nil {
return status.NewPermissionValidationError(err) return err
}
if !ok {
return status.NewPermissionDeniedError()
} }
network, err := m.store.GetNetworkByID(ctx, store.LockingStrengthUpdate, accountID, networkID) network, err := m.store.GetNetworkByID(ctx, store.LockingStrengthUpdate, accountID, networkID)

3
management/server/networks/manager_test.go
View File

@@ -6,6 +6,7 @@ import (
"github.com/stretchr/testify/require" "github.com/stretchr/testify/require"
nbcontext "github.com/netbirdio/netbird/management/server/context"
"github.com/netbirdio/netbird/management/server/groups" "github.com/netbirdio/netbird/management/server/groups"
"github.com/netbirdio/netbird/management/server/mock_server" "github.com/netbirdio/netbird/management/server/mock_server"
"github.com/netbirdio/netbird/management/server/networks/resources" "github.com/netbirdio/netbird/management/server/networks/resources"
@@ -25,6 +26,7 @@ func Test_GetAllNetworksReturnsNetworks(t *testing.T) {
t.Fatal(err) t.Fatal(err)
} }
t.Cleanup(cleanUp) t.Cleanup(cleanUp)
am := mock_server.MockAccountManager{} am := mock_server.MockAccountManager{}
permissionsManager := permissions.NewManagerMock() permissionsManager := permissions.NewManagerMock()
groupsManager := groups.NewManagerMock() groupsManager := groups.NewManagerMock()
@@ -32,6 +34,7 @@ func Test_GetAllNetworksReturnsNetworks(t *testing.T) {
resourcesManager := resources.NewManager(s, permissionsManager, groupsManager, &am) resourcesManager := resources.NewManager(s, permissionsManager, groupsManager, &am)
manager := NewManager(s, permissionsManager, resourcesManager, routerManager, &am) manager := NewManager(s, permissionsManager, resourcesManager, routerManager, &am)
ctx = nbcontext.SetUserAuthInContext(ctx, nbcontext.UserAuth{AccountId: accountID, UserId: userID})
networks, err := manager.GetAllNetworks(ctx, accountID, userID) networks, err := manager.GetAllNetworks(ctx, accountID, userID)
require.NoError(t, err) require.NoError(t, err)
require.Len(t, networks, 1) require.Len(t, networks, 1)