telebit/cmd/mgmt/devices.go

172 lines
4.8 KiB
Go
Raw Normal View History

2020-05-30 23:14:40 +00:00
package main
import (
2020-05-31 12:19:41 +00:00
"crypto/rand"
"encoding/base64"
2020-05-30 23:14:40 +00:00
"encoding/json"
2020-05-31 12:19:41 +00:00
"fmt"
2020-05-30 23:14:40 +00:00
"log"
"net/http"
2020-06-01 08:48:05 +00:00
"strings"
2020-05-30 23:14:40 +00:00
"time"
2020-06-03 07:47:06 +00:00
"git.coolaj86.com/coolaj86/go-telebitd/mgmt/authstore"
2020-05-30 23:14:40 +00:00
"github.com/go-chi/chi"
)
func handleDeviceRoutes(r chi.Router) {
r.Route("/devices", func(r chi.Router) {
2020-05-31 12:19:41 +00:00
// only the admin can get past this point
r.Use(func(next http.Handler) http.Handler {
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
ctx := r.Context()
claims, ok := ctx.Value(MWKey("claims")).(*MgmtClaims)
if !ok || "*" != claims.Slug {
msg := `{"error":"missing or invalid authorization token"}`
http.Error(w, msg+"\n", http.StatusUnprocessableEntity)
return
}
2020-05-30 23:14:40 +00:00
2020-05-31 12:19:41 +00:00
next.ServeHTTP(w, r.WithContext(ctx))
})
})
2020-05-30 23:14:40 +00:00
2020-05-31 12:19:41 +00:00
r.Post("/", func(w http.ResponseWriter, r *http.Request) {
2020-05-30 23:14:40 +00:00
auth := &authstore.Authorization{}
2020-05-31 12:19:41 +00:00
// Slug is mandatory, ID and MachinePPID must NOT be set
2020-05-30 23:14:40 +00:00
decoder := json.NewDecoder(r.Body)
err := decoder.Decode(&auth)
epoch := time.Time{}
2020-05-31 12:19:41 +00:00
if nil != err || "" != auth.ID || "" != auth.MachinePPID || "" == auth.Slug ||
2020-05-30 23:14:40 +00:00
epoch != auth.CreatedAt || epoch != auth.UpdatedAt || epoch != auth.DeletedAt {
result, _ := json.Marshal(&authstore.Authorization{})
msg, _ := json.Marshal(&struct {
Error string `json:"error"`
}{
Error: "expected JSON in the format " + string(result),
})
http.Error(w, string(msg), http.StatusUnprocessableEntity)
return
}
2020-05-31 12:19:41 +00:00
if "" == auth.SharedKey {
rnd := make([]byte, 16)
if _, err := rand.Read(rnd); nil != err {
panic(err)
}
auth.SharedKey = base64.RawURLEncoding.EncodeToString(rnd)
}
if len(auth.SharedKey) < 20 {
msg := `{"error":"shared_key must be >= 16 bytes"}`
http.Error(w, string(msg), http.StatusUnprocessableEntity)
return
}
pub := authstore.ToPublicKeyString(auth.SharedKey)
if "" == auth.PublicKey {
auth.PublicKey = pub
}
if len(auth.PublicKey) > 24 {
auth.PublicKey = auth.PublicKey[:24]
}
if pub != auth.PublicKey {
msg := `{"error":"public_key must be the first 24 bytes of the base64-encoded hash of the shared_key"}`
http.Error(w, msg+"\n", http.StatusUnprocessableEntity)
return
}
2020-05-30 23:14:40 +00:00
err = store.Add(auth)
if nil != err {
msg := `{"error":"not really sure what happened, but it didn't go well (check the logs)"}`
2020-05-31 12:19:41 +00:00
if authstore.ErrExists == err {
msg = fmt.Sprintf(`{ "error": "%s" }`, err.Error())
}
log.Printf("/api/devices/\n")
2020-05-30 23:14:40 +00:00
log.Println(err)
http.Error(w, msg, http.StatusInternalServerError)
return
}
result, _ := json.Marshal(auth)
2020-05-31 12:19:41 +00:00
w.Write([]byte(string(result) + "\n"))
2020-05-30 23:14:40 +00:00
})
r.Get("/", func(w http.ResponseWriter, r *http.Request) {
2020-06-01 08:48:05 +00:00
var things []authstore.Authorization
var err error
if "true" == strings.Join(r.URL.Query()["inactive"], " ") {
things, err = store.Inactive()
} else {
things, err = store.Active()
}
if nil != err {
msg := `{"error":"not really sure what happened, but it didn't go well (check the logs)"}`
log.Printf("/api/devices/\n")
log.Println(err)
http.Error(w, msg, http.StatusInternalServerError)
return
}
2020-06-01 08:48:05 +00:00
for i := range things {
auth := things[i]
// Redact private data
if "" != auth.MachinePPID {
auth.MachinePPID = "[redacted]"
}
if "" != auth.SharedKey {
auth.SharedKey = "[redacted]"
}
things[i] = auth
}
encoder := json.NewEncoder(w)
encoder.SetEscapeHTML(true)
_ = encoder.Encode(things)
})
2020-05-30 23:14:40 +00:00
r.Get("/{slug}", func(w http.ResponseWriter, r *http.Request) {
slug := chi.URLParam(r, "slug")
// TODO store should be concurrency-safe
auth, err := store.Get(slug)
if nil != err {
msg := `{"error":"not really sure what happened, but it didn't go well (check the logs)"}`
log.Printf("/api/devices/%s\n", slug)
log.Println(err)
http.Error(w, msg, http.StatusInternalServerError)
return
}
// Redact private data
if "" != auth.MachinePPID {
auth.MachinePPID = "[redacted]"
}
if "" != auth.SharedKey {
auth.SharedKey = "[redacted]"
}
result, _ := json.Marshal(auth)
2020-05-31 12:19:41 +00:00
w.Write([]byte(string(result) + "\n"))
2020-05-30 23:14:40 +00:00
})
r.Delete("/{slug}", func(w http.ResponseWriter, r *http.Request) {
slug := chi.URLParam(r, "slug")
auth, err := store.Get(slug)
if nil == auth {
msg := `{"error":"not really sure what happened, but it didn't go well (check the logs)"}`
log.Printf("/api/devices/%s\n", slug)
log.Println(err)
http.Error(w, msg, http.StatusInternalServerError)
return
}
2020-06-22 06:34:42 +00:00
if err := store.Delete(auth); nil != err {
msg := `{"error":"not really sure what happened, but it didn't go well (check the logs)"}`
log.Printf("/api/devices/%s\n", slug)
log.Println(err)
http.Error(w, msg, http.StatusInternalServerError)
}
2020-05-31 12:19:41 +00:00
w.Write([]byte(`{"success":true}` + "\n"))
2020-05-30 23:14:40 +00:00
})
})
}