Merge pull request supabase#148 from dymium-io/fix-delete-ds-connection

Fix delete ds connection
dymium-io · Jan 24, 2023 · d688c6d · d688c6d
2 parents 3d0ccce + 10dcc61
commit d688c6d
Show file tree

Hide file tree

Showing 17 changed files with 254 additions and 159 deletions.
diff --git a/.github/workflows/webserver-unit-test.yaml b/.github/workflows/webserver-unit-test.yaml
@@ -46,7 +46,8 @@ jobs:
         run: apt-get install -y build-essential
       - name: Set up libpq
         run: apt-get install -y libpq5
-
+      - name: Install zstd
+        run: apt install zstd
       - name: Run tests
         working-directory: ./web/go/src
         env:
@@ -78,7 +79,7 @@ jobs:
           AUTH0_PORTAL_RETURN_URL: 'https://portal.dymium.local:3001/app/logout'
           AUTH0_PORTAL_AUDIENCE: 'https://portal.dymium.local/api/handler'
 
-          MESH_PORT_RANGE=30000-30050
+          MESH_PORT_RANGE: '30000-30050'
           SESSION_SECRET: XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX"
           CUSTOMER_HOST: 'portal.dymium.local'
           ADMIN_HOST: 'admin.dymium.local'

diff --git a/.gitignore b/.gitignore
@@ -72,3 +72,6 @@ Tunnels/go/meshconnector/__debug_bin
 Tunnels/go/meshconnector/meshconnector
 Tunnels/go/meshserver/__debug_bin
 web/go/src/server
+Tunnels/go/meshconnector/aws.sh
+Tunnels/go/meshconnector/gcp.sh
+Tunnels/go/meshconnector/runproderr.sh
diff --git a/Tunnels/go/meshconnector/build.sh b/Tunnels/go/meshconnector/build.sh
@@ -0,0 +1,23 @@
+#!/bin/bash
+
+go build -a -tags netgo -ldflags '-X 'main.MajorVersion=0' -X 'main.MinorVersion=1'  -w -extldflags "-static"' -o /tmp/meshconnector
+tar -C /tmp -cvzf  /tmp/meshconnector.tar.gz meshconnector
+cp /tmp/meshconnector.tar.gz ../../../web/go/assets/customer//meshconnector_darwin_amd64.tar.gz
+#aws s3  --profile dymium --region us-west-2 cp /tmp/meshconnector.tar.gz s3://dymium-connectors/macos/
+rm /tmp/meshconnector.tar.gz
+
+
+CGO_ENABLED=0 GOOS=linux GOARCH=amd64 \
+	      go build -a -tags netgo -ldflags '-X 'main.MajorVersion=0' -X 'main.MinorVersion=1'  -w -extldflags "-static"' -o /tmp/meshconnector
+tar -C /tmp -cvzf  /tmp/meshconnector.tar.gz meshconnector
+cp /tmp/meshconnector.tar.gz ../../../web/go/assets/customer/meshconnector_linux_amd64.tar.gz
+#aws s3  --profile dymium --region us-west-2 cp /tmp/meshconnector.tar.gz s3://dymium-connectors/linux/
+rm /tmp/meshconnector.tar.gz
+
+CGO_ENABLED=0 GOOS=windows GOARCH=amd64 \
+	      go build -a -tags netgo -ldflags '-X 'main.MajorVersion=0' -X 'main.MinorVersion=1'  -w -extldflags "-static"' -o /tmp/meshconnector.exe
+zip  /tmp/meshconnector.zip /tmp/meshconnector.exe
+cp /tmp/meshconnector.zip ../../../web/go/assets/customer/meshconnector_windows_amd64.zip
+#aws s3  --profile dymium --region us-west-2 cp /tmp/meshconnector.zip s3://dymium-connectors/windows/
+rm /tmp/meshconnector.zip
+
diff --git a/Tunnels/go/meshconnector/connector.go b/Tunnels/go/meshconnector/connector.go
@@ -439,14 +439,14 @@ func DoConnect() {
 		log.Errorf("Error connecting to %s: %s", portal, err.Error())
 		return
 	}
+	defer resp.Body.Close()
+	body, err := io.ReadAll(resp.Body)
+
 	if resp.StatusCode != 200 {
-		log.Errorf("Invalid response %d from %s", resp.StatusCode, portal)
+		log.Errorf("Invalid response %d from %s: %s", resp.StatusCode, portal, string(body))
 		return
-
 	}
 
-	defer resp.Body.Close()
-	body, err := io.ReadAll(resp.Body)
 	if err != nil {
 		log.Errorf("Error reading from %s: %s", portal, err.Error())
 		return
@@ -474,6 +474,16 @@ func DoConnect() {
 		log.Errorf("Error in X509KeyPair: %s", err)
 		os.Exit(1)
 	}
+
+	c, e := x509.ParseCertificate([]byte(back.Certificate))
+	if e == nil{
+		log.Info("cert parsed")
+		for nm, _ := range c.DNSNames {
+			log.Infof("Tunnel: %s", nm)
+		}
+	} else {
+		log.Infof("error parsing %s\n%s", e.Error(), back.Certificate)
+	}
 
 	tunnelserver := os.Getenv("TUNNELSERVER")
 

diff --git a/web/go/src/authentication/authentication.go b/web/go/src/authentication/authentication.go
@@ -836,42 +836,44 @@ return "", err
 }
 func GetRoles(schema string, groups []string) []string {
 	var roles []string
-	roles = append(roles, gotypes.RoleUser)
-	var count int	
 	log.Infof("GetRoles: groups: %v\n", groups)
 	if(len(groups) == 0) {
-
-		// let's see if mapping is present at all
-		sql := `select count(*) from ` + schema + `.groupmapping;`;
-		row := db.QueryRow(sql)
-		err := row.Scan(&count)
-		if(err != nil) {
-			log.Errorf("GetRoles error quering mapping: %s", err.Error())
-			return roles;
-		} else {
-			if(count > 0) {
-				return roles
-			}
-			roles = append(roles, gotypes.RoleAdmin)
-			return roles
-		}
+		return roles;
 	}
-	sql := `select count(*) from ` + schema + `.groupmapping where outergroup = any ($1) and adminaccess=true;`;
+	sql := `select outergroup,adminaccess from ` + schema + `.groupmapping where outergroup = any ($1);`;
+
 
 	log.Infof("GetRoles: sql: %s\n", sql)
-	row := db.QueryRow(sql, pq.Array(groups))
-	err := row.Scan(&count)
+	rows, err := db.Query(sql, pq.Array(groups))
 	if(err != nil) {
 		log.Errorf("GetRoles error quering mapping: %s", err.Error())
 		return roles;
 	} else {
-		log.Infof("groups: %v, count: %d\n", groups, count)
-		if(count > 0) {
-			roles = append(roles, gotypes.RoleAdmin)
+		defer rows.Close()
+		var hasadmin, hasuser bool
+
+		var group string
+		var admin bool
+		for rows.Next() {
+			err = rows.Scan(&group, &admin)
+			if(err != nil) {
+				log.Errorf("GetRoles error quering mapping: %s", err.Error())
+				return roles;
+			}
+			if admin {
+				hasadmin = true
+			}
+			hasuser = true
+		}
+		if hasadmin {
+			roles = append(roles, gotypes.RoleAdmin)	
+		}
+		if hasuser {
+			roles = append(roles, gotypes.RoleUser)	
 		}
 	}
+	return roles
 
-	return roles;
 }
 func GeneratePortalJWT(picture string, schema string, name string, email string, groups []string, roles []string, org_id  string) (string, error) {
 	// generate JWT right header
@@ -1661,6 +1663,22 @@ func GetFakeAuthentication () []byte{
 	</html>`)
 
 }
+
+func CheckConnectorAuth(schema, key, secret string) error {
+	sql := `select accesssecret from ` + schema + `.connectorauth where accesskey=$1;`
+
+	row  := db.QueryRow(sql, key)
+	var realsecret string
+	err := row.Scan(&realsecret)
+	if err != nil {
+		return err
+	}
+	if  secret != realsecret {
+		return errors.New("Invalid secret")
+	}
+	return nil
+}
+
 func GetTargets(schema, key, secret string, ) ([]string, error) {
 	var targets []string 	
 	sql := `select a.targetaddress, a.targetport, a.localport, b.id, a.id from ` + schema + `.connectors as a 
@@ -2046,17 +2064,16 @@ func GetConnectors(schema string) ( []types.Connector, error) {
     defer cancelfunc()
 
 	tx, err := db.BeginTx(ctx, nil)
-	sql := `select a.id, a.name, a.accesskey, a.accesssecret, EXTRACT(epoch from (now() - a.createdat)), COALESCE(b.use_connector, false) from `+schema+`.connectorauth as a left join `+schema+`.connections as b on a.id=b.connector_id`
-
+	sql := ` select a.id, a.name, a.accesskey, a.accesssecret, EXTRACT(epoch from (now() - a.createdat)), (select count(*) from `+schema+`.connections where connector_id=a.id) from `+schema+`.connectorauth as a;`
 	rows, err  := tx.QueryContext(ctx, sql)
 	if nil == err {
 		defer rows.Close()
 		for rows.Next() {
 			var id, name, accesskey, accesssecret string 
-			var status bool
+			var nstatus int
 			var age float64
 
-			err = rows.Scan(&id, &name, &accesskey, &accesssecret, &age, &status)
+			err = rows.Scan(&id, &name, &accesskey, &accesssecret, &age, &nstatus)
 			if err != nil {
 				tx.Rollback()
 				log.Errorf("GetConnectors error 0: %s", err.Error())
@@ -2072,7 +2089,7 @@ func GetConnectors(schema string) ( []types.Connector, error) {
 				o.Secret = &accesssecret
 			}
 			var st string
-			if status {
+			if nstatus > 0 {
 				st = "provisioned"
 			} else {
 				st = "configured"

diff --git a/web/go/src/dhandlers/customerhandlers.go b/web/go/src/dhandlers/customerhandlers.go
@@ -1370,11 +1370,17 @@ func GetConnectorCertificate(w http.ResponseWriter, r *http.Request) {
 	key := t.Key
 	secret := t.Secret
 
+	aerr := authentication.CheckConnectorAuth(schema, key, secret)
+	if aerr != nil {
+		http.Error(w, aerr.Error(), http.StatusInternalServerError)
+		return
+	}
 	//fmt.Printf("schema: %s, key: %s, secret %s\n", schema, key, secret)
 
 	if err != nil {
 		log.ErrorTenantf(schema, "Api GetConnectorCertificate, error unmarshaling cert: %s", err.Error())
 		http.Error(w, err.Error(), http.StatusInternalServerError)
+		return
 	}
 
 	pemBlock, _ := pem.Decode( []byte(t.Csr) )
@@ -1418,6 +1424,7 @@ func GetConnectorCertificate(w http.ResponseWriter, r *http.Request) {
     if err != nil {
 		log.ErrorTenantf(schema, "Api GetConnectorCertificate, error: %s", err.Error())
 		http.Error(w, err.Error(), http.StatusInternalServerError)
+		return
     }
 
     out := pem.EncodeToMemory(&pem.Block{Type: "CERTIFICATE", Bytes: clientCRTRaw})

diff --git a/web/js/packages/admin/src/Error404.tsx b/web/js/packages/admin/src/Error404.tsx
@@ -19,8 +19,8 @@ export default function Error404() {
                <Link className="linklink" to="/" > Dymium </Link></h1>
             </div>
             <div className="col-sm mt-5  text-center">
-              <h1 className="mt-5 logoheader">Error 404.</h1>
-              <h1 className="logoheader">Page Not Found.</h1>
+              <h1 className="mt-5 logoheader">Error 404</h1>
+              <h1 className="logoheader">Page Not Found</h1>
               <div className="pt-2 logofooter">
                 The application is still under construction. Please be patient!
               </div>

diff --git a/web/js/packages/common/App.scss b/web/js/packages/common/App.scss
@@ -36,6 +36,12 @@ body, #root  {
     color: white !important;
     text-shadow: 1px 1px 0 rgb(58 58 58 / 67%);
 }
+.unauthorized {
+  font-family: "Roboto";
+  text-transform: uppercase;
+  color: $main-yellow;
+  text-shadow: 1px 1px 0 rgb(58 58 58 / 67%);
+}
 .logofooter {
   font-family: "Roboto";
   color: white !important;

diff --git a/web/js/packages/portal/src/App/AuthenticatedApp.tsx b/web/js/packages/portal/src/App/AuthenticatedApp.tsx
@@ -2,12 +2,45 @@ import React, { useEffect } from 'react';
 import { Outlet } from "react-router-dom";
 import Row from 'react-bootstrap/Row'
 import Col from 'react-bootstrap/Col'
-
+import Backdrop from "../Backdrop"
 import Menu from './Menu'
 import Auth from '../Auth'
+import { Link } from "react-router-dom";
 import Sidebar from './Sidebar'
+import * as com from '../Common'
 
 const AuthenticatedApp = () => {
+    let roles = com.getTokenProperty("roles")
+    if (roles === null) {
+      return     <div className="py-0 my-0">
+      <Backdrop />
+      <div className="text-center" style={{
+        position: 'absolute', top: '0px', left: '0px',
+        width: '100%', height: '100vh'
+      }}>
+        <div id="loginbox" >
+          <div className="row">
+            <div className="col-sm ml-5  text-center">
+              <h1 style={{ marginTop: '1.3em',fontSize: '5em', fontWeight: '300' }} className="logoheader ">
+               <Link className="linklink" to="/" > Dymium </Link></h1>
+            </div>
+            <div className="col-sm mt-5  text-center">
+              <h1 className="mt-5 logoheader">Error</h1>
+              <h1 className="unauthorized" >Not authorized!</h1>
+              <div className="pt-2 logofooter">
+                You are succesfully authenticated but not authorized to use Dymium. Please contact your administrator.
+              </div>
+
+            </div>
+          </div>
+
+        </div>
+      </div>
+
+
+
+    </div>
+    }
     return (
         <>
             <Auth />