emissary/internal/server/api/register_agent.go

package api

import (
	"encoding/json"
	"net/http"

	"forge.cadoles.com/Cadoles/emissary/internal/agent/metadata"
	"forge.cadoles.com/Cadoles/emissary/internal/datastore"
	"forge.cadoles.com/Cadoles/emissary/internal/jwk"
	"github.com/pkg/errors"
	"gitlab.com/wpetit/goweb/api"
	"gitlab.com/wpetit/goweb/logger"
)

type registerAgentRequest struct {
	KeySet     json.RawMessage  `json:"keySet" validate:"required"`
	Metadata   []metadata.Tuple `json:"metadata" validate:"required"`
	Thumbprint string           `json:"thumbprint" validate:"required"`
	Signature  string           `json:"signature" validate:"required"`
}

func (m *Mount) registerAgent(w http.ResponseWriter, r *http.Request) {
	registerAgentReq := &registerAgentRequest{}
	if ok := api.Bind(w, r, registerAgentReq); !ok {
		return
	}

	ctx := r.Context()

	keySet, err := jwk.Parse(registerAgentReq.KeySet)
	if err != nil {
		err = errors.WithStack(err)
		logger.Error(ctx, "could not parse key set", logger.CapturedE(err))
		api.ErrorResponse(w, http.StatusInternalServerError, ErrCodeUnknownError, nil)

		return
	}

	ctx = logger.With(ctx, logger.F("agentThumbprint", registerAgentReq.Thumbprint))

	// Validate that the existing signature validates the request

	validSignature, err := jwk.Verify(keySet, registerAgentReq.Signature, registerAgentReq.Thumbprint, registerAgentReq.Metadata)
	if err != nil {
		err = errors.WithStack(err)
		logger.Error(ctx, "could not validate signature", logger.CapturedE(err))
		api.ErrorResponse(w, http.StatusInternalServerError, ErrCodeUnknownError, nil)

		return
	}

	if !validSignature {
		logger.Warn(ctx, "conflicting signature", logger.F("signature", registerAgentReq.Signature))
		api.ErrorResponse(w, http.StatusConflict, ErrCodeConflict, nil)

		return
	}

	metadata := metadata.FromSorted(registerAgentReq.Metadata)

	agent, err := m.agentRepo.Create(
		ctx,
		registerAgentReq.Thumbprint,
		keySet,
		metadata,
	)
	if err != nil {
		if !errors.Is(err, datastore.ErrAlreadyExist) {
			err = errors.WithStack(err)
			logger.Error(ctx, "could not create agent", logger.CapturedE(err))
			api.ErrorResponse(w, http.StatusInternalServerError, ErrCodeUnknownError, nil)

			return
		}

		agents, _, err := m.agentRepo.Query(
			ctx,
			datastore.WithAgentQueryThumbprints(registerAgentReq.Thumbprint),
			datastore.WithAgentQueryLimit(1),
		)
		if err != nil {
			err = errors.WithStack(err)
			logger.Error(ctx, "could not retrieve agents", logger.CapturedE(err))
			api.ErrorResponse(w, http.StatusInternalServerError, ErrCodeUnknownError, nil)

			return
		}

		if len(agents) == 0 {
			err = errors.WithStack(err)
			logger.Error(ctx, "could not retrieve matching agent", logger.CapturedE(err))
			api.ErrorResponse(w, http.StatusInternalServerError, ErrCodeNotFound, nil)

			return
		}

		agentID := agents[0].ID

		agent, err = m.agentRepo.Get(ctx, agentID)
		if err != nil {
			err = errors.WithStack(err)
			logger.Error(
				ctx, "could not retrieve agent",
				logger.CapturedE(err), logger.F("agentID", agentID),
			)

			api.ErrorResponse(w, http.StatusInternalServerError, ErrCodeUnknownError, nil)

			return
		}

		validSignature, err = jwk.Verify(agent.KeySet.Set, registerAgentReq.Signature, registerAgentReq.Thumbprint, registerAgentReq.Metadata)
		if err != nil {
			err = errors.WithStack(err)
			logger.Error(ctx, "could not validate signature using previous keyset", logger.CapturedE(err))

			api.ErrorResponse(w, http.StatusConflict, ErrCodeConflict, nil)

			return
		}

		if !validSignature {
			logger.Error(ctx, "invalid signature")
			api.ErrorResponse(w, http.StatusBadRequest, api.ErrCodeInvalidRequest, nil)

			return
		}

		agent, err = m.agentRepo.Update(
			ctx,
			agents[0].ID,
			datastore.WithAgentUpdateKeySet(keySet),
			datastore.WithAgentUpdateMetadata(metadata),
			datastore.WithAgentUpdateThumbprint(registerAgentReq.Thumbprint),
		)
		if err != nil {
			err = errors.WithStack(err)
			logger.Error(ctx, "could not update agent", logger.CapturedE(err))

			api.ErrorResponse(w, http.StatusInternalServerError, ErrCodeUnknownError, nil)

			return
		}
	}

	api.DataResponse(w, http.StatusCreated, struct {
		Agent *datastore.Agent `json:"agent"`
	}{
		Agent: agent,
	})
}
feat: refactor api mount 2024-02-27 09:56:15 +01:00			`package api`

			`import (`
			`"encoding/json"`
			`"net/http"`

			`"forge.cadoles.com/Cadoles/emissary/internal/agent/metadata"`
			`"forge.cadoles.com/Cadoles/emissary/internal/datastore"`
			`"forge.cadoles.com/Cadoles/emissary/internal/jwk"`
			`"github.com/pkg/errors"`
			`"gitlab.com/wpetit/goweb/api"`
			`"gitlab.com/wpetit/goweb/logger"`
			`)`

			`type registerAgentRequest struct {`
			KeySet json.RawMessage `json:"keySet" validate:"required"`
			Metadata []metadata.Tuple `json:"metadata" validate:"required"`
			Thumbprint string `json:"thumbprint" validate:"required"`
			Signature string `json:"signature" validate:"required"`
			`}`

			`func (m Mount) registerAgent(w http.ResponseWriter, r http.Request) {`
			`registerAgentReq := &registerAgentRequest{}`
			`if ok := api.Bind(w, r, registerAgentReq); !ok {`
			`return`
			`}`

			`ctx := r.Context()`

			`keySet, err := jwk.Parse(registerAgentReq.KeySet)`
			`if err != nil {`
			`err = errors.WithStack(err)`
			`logger.Error(ctx, "could not parse key set", logger.CapturedE(err))`
			`api.ErrorResponse(w, http.StatusInternalServerError, ErrCodeUnknownError, nil)`

			`return`
			`}`

			`ctx = logger.With(ctx, logger.F("agentThumbprint", registerAgentReq.Thumbprint))`

			`// Validate that the existing signature validates the request`

			`validSignature, err := jwk.Verify(keySet, registerAgentReq.Signature, registerAgentReq.Thumbprint, registerAgentReq.Metadata)`
			`if err != nil {`
			`err = errors.WithStack(err)`
			`logger.Error(ctx, "could not validate signature", logger.CapturedE(err))`
			`api.ErrorResponse(w, http.StatusInternalServerError, ErrCodeUnknownError, nil)`

			`return`
			`}`

			`if !validSignature {`
			`logger.Warn(ctx, "conflicting signature", logger.F("signature", registerAgentReq.Signature))`
			`api.ErrorResponse(w, http.StatusConflict, ErrCodeConflict, nil)`

			`return`
			`}`

			`metadata := metadata.FromSorted(registerAgentReq.Metadata)`

			`agent, err := m.agentRepo.Create(`
			`ctx,`
			`registerAgentReq.Thumbprint,`
			`keySet,`
			`metadata,`
			`)`
			`if err != nil {`
			`if !errors.Is(err, datastore.ErrAlreadyExist) {`
			`err = errors.WithStack(err)`
			`logger.Error(ctx, "could not create agent", logger.CapturedE(err))`
			`api.ErrorResponse(w, http.StatusInternalServerError, ErrCodeUnknownError, nil)`

			`return`
			`}`

			`agents, _, err := m.agentRepo.Query(`
			`ctx,`
			`datastore.WithAgentQueryThumbprints(registerAgentReq.Thumbprint),`
			`datastore.WithAgentQueryLimit(1),`
			`)`
			`if err != nil {`
			`err = errors.WithStack(err)`
			`logger.Error(ctx, "could not retrieve agents", logger.CapturedE(err))`
			`api.ErrorResponse(w, http.StatusInternalServerError, ErrCodeUnknownError, nil)`

			`return`
			`}`

			`if len(agents) == 0 {`
			`err = errors.WithStack(err)`
			`logger.Error(ctx, "could not retrieve matching agent", logger.CapturedE(err))`
			`api.ErrorResponse(w, http.StatusInternalServerError, ErrCodeNotFound, nil)`

			`return`
			`}`

			`agentID := agents[0].ID`

			`agent, err = m.agentRepo.Get(ctx, agentID)`
			`if err != nil {`
			`err = errors.WithStack(err)`
			`logger.Error(`
			`ctx, "could not retrieve agent",`
			`logger.CapturedE(err), logger.F("agentID", agentID),`
			`)`

			`api.ErrorResponse(w, http.StatusInternalServerError, ErrCodeUnknownError, nil)`

			`return`
			`}`

			`validSignature, err = jwk.Verify(agent.KeySet.Set, registerAgentReq.Signature, registerAgentReq.Thumbprint, registerAgentReq.Metadata)`
			`if err != nil {`
			`err = errors.WithStack(err)`
			`logger.Error(ctx, "could not validate signature using previous keyset", logger.CapturedE(err))`

			`api.ErrorResponse(w, http.StatusConflict, ErrCodeConflict, nil)`

			`return`
			`}`

			`if !validSignature {`
			`logger.Error(ctx, "invalid signature")`
			`api.ErrorResponse(w, http.StatusBadRequest, api.ErrCodeInvalidRequest, nil)`

			`return`
			`}`

			`agent, err = m.agentRepo.Update(`
			`ctx,`
			`agents[0].ID,`
			`datastore.WithAgentUpdateKeySet(keySet),`
			`datastore.WithAgentUpdateMetadata(metadata),`
			`datastore.WithAgentUpdateThumbprint(registerAgentReq.Thumbprint),`
			`)`
			`if err != nil {`
			`err = errors.WithStack(err)`
			`logger.Error(ctx, "could not update agent", logger.CapturedE(err))`

			`api.ErrorResponse(w, http.StatusInternalServerError, ErrCodeUnknownError, nil)`

			`return`
			`}`
			`}`

			`api.DataResponse(w, http.StatusCreated, struct {`
			Agent *datastore.Agent `json:"agent"`
			`}{`
			`Agent: agent,`
			`})`
			`}`