feat: refactor api mount

2024-02-27 09:56:15 +01:00
parent ca4211daef
commit 15a0bf6ecc
16 changed files with 916 additions and 711 deletions
--- a/internal/server/api/register_agent.go
+++ b/internal/server/api/register_agent.go
@ -0,0 +1,151 @@
+package api
+
+import (
+	"encoding/json"
+	"net/http"
+
+	"forge.cadoles.com/Cadoles/emissary/internal/agent/metadata"
+	"forge.cadoles.com/Cadoles/emissary/internal/datastore"
+	"forge.cadoles.com/Cadoles/emissary/internal/jwk"
+	"github.com/pkg/errors"
+	"gitlab.com/wpetit/goweb/api"
+	"gitlab.com/wpetit/goweb/logger"
+)
+
+type registerAgentRequest struct {
+	KeySet     json.RawMessage  `json:"keySet" validate:"required"`
+	Metadata   []metadata.Tuple `json:"metadata" validate:"required"`
+	Thumbprint string           `json:"thumbprint" validate:"required"`
+	Signature  string           `json:"signature" validate:"required"`
+}
+
+func (m *Mount) registerAgent(w http.ResponseWriter, r *http.Request) {
+	registerAgentReq := &registerAgentRequest{}
+	if ok := api.Bind(w, r, registerAgentReq); !ok {
+		return
+	}
+
+	ctx := r.Context()
+
+	keySet, err := jwk.Parse(registerAgentReq.KeySet)
+	if err != nil {
+		err = errors.WithStack(err)
+		logger.Error(ctx, "could not parse key set", logger.CapturedE(err))
+		api.ErrorResponse(w, http.StatusInternalServerError, ErrCodeUnknownError, nil)
+
+		return
+	}
+
+	ctx = logger.With(ctx, logger.F("agentThumbprint", registerAgentReq.Thumbprint))
+
+	// Validate that the existing signature validates the request
+
+	validSignature, err := jwk.Verify(keySet, registerAgentReq.Signature, registerAgentReq.Thumbprint, registerAgentReq.Metadata)
+	if err != nil {
+		err = errors.WithStack(err)
+		logger.Error(ctx, "could not validate signature", logger.CapturedE(err))
+		api.ErrorResponse(w, http.StatusInternalServerError, ErrCodeUnknownError, nil)
+
+		return
+	}
+
+	if !validSignature {
+		logger.Warn(ctx, "conflicting signature", logger.F("signature", registerAgentReq.Signature))
+		api.ErrorResponse(w, http.StatusConflict, ErrCodeConflict, nil)
+
+		return
+	}
+
+	metadata := metadata.FromSorted(registerAgentReq.Metadata)
+
+	agent, err := m.agentRepo.Create(
+		ctx,
+		registerAgentReq.Thumbprint,
+		keySet,
+		metadata,
+	)
+	if err != nil {
+		if !errors.Is(err, datastore.ErrAlreadyExist) {
+			err = errors.WithStack(err)
+			logger.Error(ctx, "could not create agent", logger.CapturedE(err))
+			api.ErrorResponse(w, http.StatusInternalServerError, ErrCodeUnknownError, nil)
+
+			return
+		}
+
+		agents, _, err := m.agentRepo.Query(
+			ctx,
+			datastore.WithAgentQueryThumbprints(registerAgentReq.Thumbprint),
+			datastore.WithAgentQueryLimit(1),
+		)
+		if err != nil {
+			err = errors.WithStack(err)
+			logger.Error(ctx, "could not retrieve agents", logger.CapturedE(err))
+			api.ErrorResponse(w, http.StatusInternalServerError, ErrCodeUnknownError, nil)
+
+			return
+		}
+
+		if len(agents) == 0 {
+			err = errors.WithStack(err)
+			logger.Error(ctx, "could not retrieve matching agent", logger.CapturedE(err))
+			api.ErrorResponse(w, http.StatusInternalServerError, ErrCodeNotFound, nil)
+
+			return
+		}
+
+		agentID := agents[0].ID
+
+		agent, err = m.agentRepo.Get(ctx, agentID)
+		if err != nil {
+			err = errors.WithStack(err)
+			logger.Error(
+				ctx, "could not retrieve agent",
+				logger.CapturedE(err), logger.F("agentID", agentID),
+			)
+
+			api.ErrorResponse(w, http.StatusInternalServerError, ErrCodeUnknownError, nil)
+
+			return
+		}
+
+		validSignature, err = jwk.Verify(agent.KeySet.Set, registerAgentReq.Signature, registerAgentReq.Thumbprint, registerAgentReq.Metadata)
+		if err != nil {
+			err = errors.WithStack(err)
+			logger.Error(ctx, "could not validate signature using previous keyset", logger.CapturedE(err))
+
+			api.ErrorResponse(w, http.StatusConflict, ErrCodeConflict, nil)
+
+			return
+		}
+
+		if !validSignature {
+			logger.Error(ctx, "invalid signature")
+			api.ErrorResponse(w, http.StatusBadRequest, api.ErrCodeInvalidRequest, nil)
+
+			return
+		}
+
+		agent, err = m.agentRepo.Update(
+			ctx,
+			agents[0].ID,
+			datastore.WithAgentUpdateKeySet(keySet),
+			datastore.WithAgentUpdateMetadata(metadata),
+			datastore.WithAgentUpdateThumbprint(registerAgentReq.Thumbprint),
+		)
+		if err != nil {
+			err = errors.WithStack(err)
+			logger.Error(ctx, "could not update agent", logger.CapturedE(err))
+
+			api.ErrorResponse(w, http.StatusInternalServerError, ErrCodeUnknownError, nil)
+
+			return
+		}
+	}
+
+	api.DataResponse(w, http.StatusCreated, struct {
+		Agent *datastore.Agent `json:"agent"`
+	}{
+		Agent: agent,
+	})
+}