0854f94089
- Added a reset of the models.Setting struct before querying for settings in both the Manager and Cerberus components to avoid ID leakage from previous queries. - Introduced new functions in Cerberus for checking admin authentication and admin whitelist status. - Enhanced middleware logic to allow admin users to bypass ACL checks if their IP is whitelisted. - Added tests to verify the behavior of the middleware with respect to ACLs and admin whitelisting. - Created a new utility for checking if an IP is in a CIDR list. - Updated various services to use `Where` clause for fetching records by ID instead of directly passing the ID to `First`, ensuring consistency in query patterns. - Added comprehensive tests for settings queries to demonstrate and verify the fix for ID leakage issues.
156 lines
4.4 KiB
Go
156 lines
4.4 KiB
Go
package services
|
|
|
|
import (
|
|
"encoding/json"
|
|
"errors"
|
|
"fmt"
|
|
"net"
|
|
"strconv"
|
|
"time"
|
|
|
|
"github.com/Wikid82/charon/backend/internal/caddy"
|
|
"github.com/Wikid82/charon/backend/internal/logger"
|
|
|
|
"gorm.io/gorm"
|
|
|
|
"github.com/Wikid82/charon/backend/internal/models"
|
|
)
|
|
|
|
// ProxyHostService encapsulates business logic for proxy host management.
|
|
type ProxyHostService struct {
|
|
db *gorm.DB
|
|
}
|
|
|
|
// NewProxyHostService creates a new proxy host service.
|
|
func NewProxyHostService(db *gorm.DB) *ProxyHostService {
|
|
return &ProxyHostService{db: db}
|
|
}
|
|
|
|
// ValidateUniqueDomain ensures no duplicate domains exist before creation/update.
|
|
func (s *ProxyHostService) ValidateUniqueDomain(domainNames string, excludeID uint) error {
|
|
var count int64
|
|
query := s.db.Model(&models.ProxyHost{}).Where("domain_names = ?", domainNames)
|
|
|
|
if excludeID > 0 {
|
|
query = query.Where("id != ?", excludeID)
|
|
}
|
|
|
|
if err := query.Count(&count).Error; err != nil {
|
|
return fmt.Errorf("checking domain uniqueness: %w", err)
|
|
}
|
|
|
|
if count > 0 {
|
|
return errors.New("domain already exists")
|
|
}
|
|
|
|
return nil
|
|
}
|
|
|
|
// Create validates and creates a new proxy host.
|
|
func (s *ProxyHostService) Create(host *models.ProxyHost) error {
|
|
if err := s.ValidateUniqueDomain(host.DomainNames, 0); err != nil {
|
|
return err
|
|
}
|
|
|
|
// Normalize and validate advanced config (if present)
|
|
if host.AdvancedConfig != "" {
|
|
var parsed any
|
|
if err := json.Unmarshal([]byte(host.AdvancedConfig), &parsed); err != nil {
|
|
return fmt.Errorf("invalid advanced_config JSON: %w", err)
|
|
}
|
|
parsed = caddy.NormalizeAdvancedConfig(parsed)
|
|
if norm, err := json.Marshal(parsed); err != nil {
|
|
return fmt.Errorf("invalid advanced_config after normalization: %w", err)
|
|
} else {
|
|
host.AdvancedConfig = string(norm)
|
|
}
|
|
}
|
|
|
|
return s.db.Create(host).Error
|
|
}
|
|
|
|
// Update validates and updates an existing proxy host.
|
|
func (s *ProxyHostService) Update(host *models.ProxyHost) error {
|
|
if err := s.ValidateUniqueDomain(host.DomainNames, host.ID); err != nil {
|
|
return err
|
|
}
|
|
|
|
// Normalize and validate advanced config (if present)
|
|
if host.AdvancedConfig != "" {
|
|
var parsed any
|
|
if err := json.Unmarshal([]byte(host.AdvancedConfig), &parsed); err != nil {
|
|
return fmt.Errorf("invalid advanced_config JSON: %w", err)
|
|
}
|
|
parsed = caddy.NormalizeAdvancedConfig(parsed)
|
|
if norm, err := json.Marshal(parsed); err != nil {
|
|
return fmt.Errorf("invalid advanced_config after normalization: %w", err)
|
|
} else {
|
|
host.AdvancedConfig = string(norm)
|
|
}
|
|
}
|
|
|
|
// Use Updates to handle nullable foreign keys properly
|
|
// Must use Select to explicitly allow setting nullable fields to nil
|
|
return s.db.Model(&models.ProxyHost{}).
|
|
Where("id = ?", host.ID).
|
|
Select("*").
|
|
Updates(host).Error
|
|
}
|
|
|
|
// Delete removes a proxy host.
|
|
func (s *ProxyHostService) Delete(id uint) error {
|
|
return s.db.Delete(&models.ProxyHost{}, id).Error
|
|
}
|
|
|
|
// GetByID retrieves a proxy host by ID.
|
|
func (s *ProxyHostService) GetByID(id uint) (*models.ProxyHost, error) {
|
|
var host models.ProxyHost
|
|
if err := s.db.Where("id = ?", id).First(&host).Error; err != nil {
|
|
return nil, err
|
|
}
|
|
return &host, nil
|
|
}
|
|
|
|
// GetByUUID finds a proxy host by UUID.
|
|
func (s *ProxyHostService) GetByUUID(uuidStr string) (*models.ProxyHost, error) {
|
|
var host models.ProxyHost
|
|
if err := s.db.Preload("Locations").Preload("Certificate").Preload("SecurityHeaderProfile").Where("uuid = ?", uuidStr).First(&host).Error; err != nil {
|
|
return nil, err
|
|
}
|
|
return &host, nil
|
|
}
|
|
|
|
// List returns all proxy hosts.
|
|
func (s *ProxyHostService) List() ([]models.ProxyHost, error) {
|
|
var hosts []models.ProxyHost
|
|
if err := s.db.Preload("Locations").Preload("Certificate").Preload("SecurityHeaderProfile").Order("updated_at desc").Find(&hosts).Error; err != nil {
|
|
return nil, err
|
|
}
|
|
return hosts, nil
|
|
}
|
|
|
|
// TestConnection attempts to connect to the target host and port.
|
|
func (s *ProxyHostService) TestConnection(host string, port int) error {
|
|
if host == "" || port <= 0 {
|
|
return errors.New("invalid host or port")
|
|
}
|
|
|
|
target := net.JoinHostPort(host, strconv.Itoa(port))
|
|
conn, err := net.DialTimeout("tcp", target, 3*time.Second)
|
|
if err != nil {
|
|
return fmt.Errorf("connection failed: %w", err)
|
|
}
|
|
defer func() {
|
|
if err := conn.Close(); err != nil {
|
|
logger.Log().WithError(err).Warn("failed to close tcp connection")
|
|
}
|
|
}()
|
|
|
|
return nil
|
|
}
|
|
|
|
// DB returns the underlying database instance for advanced operations.
|
|
func (s *ProxyHostService) DB() *gorm.DB {
|
|
return s.db
|
|
}
|