delete vpn server dependencies

in4it · Oct 15, 2024 · e0fb024 · e0fb024
1 parent 1949bc7
commit e0fb024
Show file tree

Hide file tree

Showing 26 changed files with 100 additions and 336 deletions.
diff --git a/auth/oidc/store/cleanup.go b/auth/oidc/store/cleanup.go
@@ -4,7 +4,7 @@ import (
 	"slices"
 	"time"
 
-	"github.com/in4it/wireguard-server/pkg/auth/oidc"
+	"github.com/in4it/go-devops-platform/auth/oidc"
 )
 
 func (store *Store) CleanupOAuth2DataForAllEntries() int {

diff --git a/auth/oidc/store/discovery.go b/auth/oidc/store/discovery.go
@@ -6,7 +6,7 @@ import (
 	"net/http"
 	"time"
 
-	"github.com/in4it/wireguard-server/pkg/auth/oidc"
+	"github.com/in4it/go-devops-platform/auth/oidc"
 )
 
 func (store *Store) GetDiscoveryURI(discoveryURI string) (oidc.Discovery, error) {

diff --git a/auth/oidc/store/discovery_test.go b/auth/oidc/store/discovery_test.go
@@ -6,8 +6,8 @@ import (
 	"net/http/httptest"
 	"testing"
 
-	"github.com/in4it/wireguard-server/pkg/auth/oidc"
-	memorystorage "github.com/in4it/wireguard-server/pkg/storage/memory"
+	"github.com/in4it/go-devops-platform/auth/oidc"
+	memorystorage "github.com/in4it/go-devops-platform/storage/memory"
 )
 
 func TestGetDiscovery(t *testing.T) {

diff --git a/auth/oidc/store/jwks.go b/auth/oidc/store/jwks.go
@@ -6,7 +6,7 @@ import (
 	"net/http"
 	"time"
 
-	"github.com/in4it/wireguard-server/pkg/auth/oidc"
+	"github.com/in4it/go-devops-platform/auth/oidc"
 )
 
 func (store *Store) GetJwks(jwksURI string) (oidc.Jwks, error) {

diff --git a/auth/oidc/store/jwks_test.go b/auth/oidc/store/jwks_test.go
@@ -6,8 +6,8 @@ import (
 	"net/http/httptest"
 	"testing"
 
-	"github.com/in4it/wireguard-server/pkg/auth/oidc"
-	memorystorage "github.com/in4it/wireguard-server/pkg/storage/memory"
+	"github.com/in4it/go-devops-platform/auth/oidc"
+	memorystorage "github.com/in4it/go-devops-platform/storage/memory"
 )
 
 func TestGetJwks(t *testing.T) {

diff --git a/auth/oidc/store/renewal/new.go b/auth/oidc/store/renewal/new.go
@@ -3,11 +3,11 @@ package oidcrenewal
 import (
 	"time"
 
+	oidc "github.com/in4it/go-devops-platform/auth/oidc"
+	oidcstore "github.com/in4it/go-devops-platform/auth/oidc/store"
+	"github.com/in4it/go-devops-platform/logging"
 	"github.com/in4it/go-devops-platform/storage"
-	oidc "github.com/in4it/wireguard-server/pkg/auth/oidc"
-	oidcstore "github.com/in4it/wireguard-server/pkg/auth/oidc/store"
-	"github.com/in4it/wireguard-server/pkg/logging"
-	"github.com/in4it/wireguard-server/pkg/users"
+	"github.com/in4it/go-devops-platform/users"
 )
 
 type Renewal struct {

diff --git a/auth/oidc/store/renewal/refreshtoken.go b/auth/oidc/store/renewal/refreshtoken.go
@@ -8,7 +8,7 @@ import (
 	"net/url"
 	"time"
 
-	"github.com/in4it/wireguard-server/pkg/auth/oidc"
+	"github.com/in4it/go-devops-platform/auth/oidc"
 )
 
 func refreshToken(discovery oidc.Discovery, refreshToken, clientID, clientSecret string) (oidc.Token, time.Time, error) {

diff --git a/auth/oidc/store/renewal/renew.go b/auth/oidc/store/renewal/renew.go
@@ -7,15 +7,14 @@ import (
 	"strings"
 	"time"
 
-	"github.com/in4it/go-devops-platform/storage"
-	"github.com/in4it/wireguard-server/pkg/auth/oidc"
-	oidcstore "github.com/in4it/wireguard-server/pkg/auth/oidc/store"
-	"github.com/in4it/wireguard-server/pkg/logging"
-	"github.com/in4it/wireguard-server/pkg/users"
-	"github.com/in4it/wireguard-server/pkg/wireguard"
+	"github.com/in4it/go-devops-platform/auth/oidc"
+	oidcstore "github.com/in4it/go-devops-platform/auth/oidc/store"
+	"github.com/in4it/go-devops-platform/logging"
+	"github.com/in4it/go-devops-platform/users"
 )
 
-func (r *Renewal) RenewAllOIDCConnections() {
+func (r *Renewal) RenewAllOIDCConnections() []users.User {
+	disabledUsers := []users.User{}
 	// force renewal of all tokens, even if they're not expired (unless they're empty)
 	for key, oauth2Data := range r.oidcStore.OAuth2Data {
 		if oidcProvider, err := getOIDCProvider(oauth2Data.OIDCProviderID, r.oidcProviders); err == nil {
@@ -24,7 +23,15 @@ func (r *Renewal) RenewAllOIDCConnections() {
 					logging.DebugLog(fmt.Errorf("skipping %s (renewal already failed or access token is empty. RenewalFailed: %v, AccessToken is empty: %v)", oauth2Data.ID, oauth2Data.RenewalFailed, oauth2Data.Token.AccessToken == ""))
 				} else {
 					logging.DebugLog(fmt.Errorf("trying to renew %s", oauth2Data.ID))
-					r.renew(discovery, key, oauth2Data, oidcProvider)
+					userDisabled := r.renew(discovery, key, oauth2Data, oidcProvider)
+					if userDisabled {
+						user, err := r.userStore.GetUserByOIDCIDs([]string{oauth2Data.ID})
+						if err != nil {
+							logging.ErrorLog(fmt.Errorf("no user found with oidc id %s", oauth2Data.ID))
+						} else {
+							disabledUsers = append(disabledUsers, user)
+						}
+					}
 				}
 			} else {
 				logging.DebugLog(fmt.Errorf("could not get discovery url for %s: %s", oauth2Data.ID, err))
@@ -33,8 +40,9 @@ func (r *Renewal) RenewAllOIDCConnections() {
 			logging.DebugLog(fmt.Errorf("could not get oidcprovider for %s: %s", oauth2Data.ID, err))
 		}
 	}
+	return disabledUsers
 }
-func (r *Renewal) renew(discovery oidc.Discovery, key string, oauth2Data oidc.OAuthData, oidcProvider oidc.OIDCProvider) {
+func (r *Renewal) renew(discovery oidc.Discovery, key string, oauth2Data oidc.OAuthData, oidcProvider oidc.OIDCProvider) bool {
 	newToken, newTokenTimestamp, err := refreshToken(discovery, oauth2Data.Token.RefreshToken, oidcProvider.ClientID, oidcProvider.ClientSecret)
 	if err != nil {
 		oauth2Data.RenewalRetries++
@@ -52,12 +60,9 @@ func (r *Renewal) renew(discovery oidc.Discovery, key string, oauth2Data oidc.OA
 		}
 		// suspend connections
 		if oauth2Data.RenewalFailed {
-			err = disableUser(r.storage, oauth2Data, r.userStore)
-			if err != nil {
-				logging.ErrorLog(fmt.Errorf("renewal Worker: [error] disableUser: %s", err))
-			}
+			return true
 		}
-		return
+		return false
 	}
 	logging.DebugLog(fmt.Errorf("new token issued at %v: %+v", newToken, newTokenTimestamp))
 	oauth2Data.LastTokenRenewal = newTokenTimestamp
@@ -75,24 +80,7 @@ func (r *Renewal) renew(discovery oidc.Discovery, key string, oauth2Data oidc.OA
 	if err != nil {
 		logging.ErrorLog(fmt.Errorf("renewal Worker: [error] SaveOIDCStore: %s", err))
 	}
-}
-
-func disableUser(storage storage.Iface, oauth2Data oidc.OAuthData, userStore *users.UserStore) error {
-	logging.DebugLog(fmt.Errorf("disable user with oidc id %s", oauth2Data.ID))
-	user, err := userStore.GetUserByOIDCIDs([]string{oauth2Data.ID})
-	if err != nil {
-		return fmt.Errorf("no user found with oidc id %s", oauth2Data.ID)
-	}
-	err = wireguard.DisableAllClientConfigs(storage, user.ID)
-	if err != nil {
-		return fmt.Errorf("DisableAllClientConfigs error for userID %s: %s", user.ID, err)
-	}
-	user.ConnectionsDisabledOnAuthFailure = true
-	err = userStore.UpdateUser(user)
-	if err != nil {
-		return fmt.Errorf("could not update connectionsDisabledOnAuthFailure user with userID %s: %s", user.ID, err)
-	}
-	return nil
+	return false
 }
 
 func getOIDCProvider(id string, oidcProviders []oidc.OIDCProvider) (oidc.OIDCProvider, error) {

diff --git a/auth/oidc/store/renewal/worker.go b/auth/oidc/store/renewal/worker.go
@@ -5,7 +5,7 @@ import (
 	"log"
 	"time"
 
-	"github.com/in4it/wireguard-server/pkg/logging"
+	"github.com/in4it/go-devops-platform/logging"
 )
 
 const WAKEUP_TIME_SECONDS = 300         // every 5 minutes we check

diff --git a/auth/oidc/store/save.go b/auth/oidc/store/save.go
@@ -4,7 +4,7 @@ import (
 	"encoding/json"
 	"fmt"
 
-	"github.com/in4it/wireguard-server/pkg/auth/oidc"
+	"github.com/in4it/go-devops-platform/auth/oidc"
 )
 
 func (store *Store) SaveOIDCStore() error {

diff --git a/auth/oidc/store/save_test.go b/auth/oidc/store/save_test.go
@@ -3,8 +3,8 @@ package oidcstore
 import (
 	"testing"
 
-	"github.com/in4it/wireguard-server/pkg/auth/oidc"
-	memorystorage "github.com/in4it/wireguard-server/pkg/storage/memory"
+	"github.com/in4it/go-devops-platform/auth/oidc"
+	memorystorage "github.com/in4it/go-devops-platform/storage/memory"
 )
 
 func TestSave(t *testing.T) {

diff --git a/auth/oidc/store/store.go b/auth/oidc/store/store.go
@@ -6,8 +6,8 @@ import (
 	"fmt"
 	"sync"
 
+	"github.com/in4it/go-devops-platform/auth/oidc"
 	"github.com/in4it/go-devops-platform/storage"
-	"github.com/in4it/wireguard-server/pkg/auth/oidc"
 )
 
 const DEFAULT_PATH = "oidcstore.json"

diff --git a/auth/oidc/store/types.go b/auth/oidc/store/types.go
@@ -3,8 +3,8 @@ package oidcstore
 import (
 	"sync"
 
+	"github.com/in4it/go-devops-platform/auth/oidc"
 	"github.com/in4it/go-devops-platform/storage"
-	"github.com/in4it/wireguard-server/pkg/auth/oidc"
 )
 
 type Store struct {

diff --git a/auth/oidc/token.go b/auth/oidc/token.go
@@ -11,7 +11,7 @@ import (
 
 	"github.com/go-jose/go-jose/v4"
 	"github.com/golang-jwt/jwt/v5"
-	"github.com/in4it/wireguard-server/pkg/logging"
+	"github.com/in4it/go-devops-platform/logging"
 )
 
 func RetrieveOAUth2DataUsingState(allOAuth2data map[string]OAuthData, state string) (OAuthData, error) {

diff --git a/auth/provisioning/scim/new.go b/auth/provisioning/scim/new.go
@@ -2,7 +2,7 @@ package scim
 
 import (
 	"github.com/in4it/go-devops-platform/storage"
-	"github.com/in4it/wireguard-server/pkg/users"
+	"github.com/in4it/go-devops-platform/users"
 )
 
 func New(storage storage.Iface, userStore *users.UserStore, token string) *scim {

diff --git a/auth/provisioning/scim/response.go b/auth/provisioning/scim/response.go
@@ -4,7 +4,7 @@ import (
 	"encoding/json"
 	"fmt"
 
-	"github.com/in4it/wireguard-server/pkg/users"
+	"github.com/in4it/go-devops-platform/users"
 )
 
 func listUserResponse(users []users.User, attributes string, count, start int) ([]byte, error) {

diff --git a/auth/provisioning/scim/types.go b/auth/provisioning/scim/types.go
@@ -4,13 +4,15 @@ import (
 	"net/http"
 
 	"github.com/in4it/go-devops-platform/storage"
-	"github.com/in4it/wireguard-server/pkg/users"
+	"github.com/in4it/go-devops-platform/users"
 )
 
 type scim struct {
-	Token     string           `json:"token"`
-	UserStore *users.UserStore `json:"userStore"`
-	storage   storage.Iface
+	Token          string           `json:"token"`
+	UserStore      *users.UserStore `json:"userStore"`
+	storage        storage.Iface
+	DisableFunc    func(storage.Iface, users.User) error
+	ReactivateFunc func(storage.Iface, users.User) error
 }
 
 type Iface interface {

diff --git a/auth/provisioning/scim/users.go b/auth/provisioning/scim/users.go
@@ -7,8 +7,7 @@ import (
 	"strconv"
 	"strings"
 
-	"github.com/in4it/wireguard-server/pkg/users"
-	"github.com/in4it/wireguard-server/pkg/wireguard"
+	"github.com/in4it/go-devops-platform/users"
 )
 
 // handler for multiple users
@@ -101,14 +100,14 @@ func (s *scim) putUserHandler(w http.ResponseWriter, r *http.Request) {
 	}
 
 	if !putUserRequest.Active && !user.Suspended { // user is suspended
-		err = wireguard.DisableAllClientConfigs(s.storage, user.ID)
+		err = s.DisableFunc(s.storage, user)
 		if err != nil {
 			returnError(w, fmt.Errorf("could not delete all clients for user %s: %s", user.ID, err), http.StatusBadRequest)
 			return
 		}
 	}
 	if putUserRequest.Active && user.Suspended { // user is unsuspended
-		err := wireguard.ReactivateAllClientConfigs(s.storage, user.ID)
+		err := s.ReactivateFunc(s.storage, user)
 		if err != nil {
 			returnError(w, fmt.Errorf("could not reactivate all clients for user %s: %s", user.ID, err), http.StatusBadRequest)
 			return
@@ -145,7 +144,7 @@ func (s *scim) deleteUserHandler(w http.ResponseWriter, r *http.Request) {
 		return
 	}
 
-	err = wireguard.DeleteAllClientConfigs(s.storage, user.ID)
+	err = s.DisableFunc(s.storage, user)
 	if err != nil {
 		returnError(w, fmt.Errorf("could not delete all clients for user %s: %s", user.ID, err), http.StatusBadRequest)
 		return
-Original file line number
+Diff line change
@@ Expand Up / @@ -5,7 +5,7 @@ import ( @@
     	"log"
     	"time"
-    	"github.com/in4it/wireguard-server/pkg/logging"
+    	"github.com/in4it/go-devops-platform/logging"
     )
     const WAKEUP_TIME_SECONDS = 300         // every 5 minutes we check
@@ Expand Down @@