fleet/server/service/endpoint_setup.go

88 lines
2.8 KiB
Go
Raw Normal View History

package service
import (
"context"
"github.com/fleetdm/fleet/v4/server/contexts/ctxerr"
2021-06-26 04:46:51 +00:00
"github.com/fleetdm/fleet/v4/server/fleet"
"github.com/fleetdm/fleet/v4/server/ptr"
"github.com/go-kit/kit/endpoint"
kitlog "github.com/go-kit/kit/log"
"github.com/go-kit/kit/log/level"
)
type setupRequest struct {
Admin *fleet.UserPayload `json:"admin"`
OrgInfo *fleet.OrgInfo `json:"org_info"`
ServerURL *string `json:"server_url,omitempty"`
EnrollSecret *string `json:"osquery_enroll_secret,omitempty"`
}
type setupResponse struct {
Admin *fleet.User `json:"admin,omitempty"`
OrgInfo *fleet.OrgInfo `json:"org_info,omitempty"`
ServerURL *string `json:"server_url"`
EnrollSecret *string `json:"osquery_enroll_secret"`
Token *string `json:"token,omitempty"`
Err error `json:"error,omitempty"`
}
func (r setupResponse) error() error { return r.Err }
func makeSetupEndpoint(svc fleet.Service, logger kitlog.Logger) endpoint.Endpoint {
return func(ctx context.Context, request interface{}) (interface{}, error) {
req := request.(setupRequest)
config := &fleet.AppConfig{}
if req.OrgInfo != nil {
config.OrgInfo = *req.OrgInfo
}
if req.ServerURL != nil {
config.ServerSettings.ServerURL = *req.ServerURL
}
config, err := svc.NewAppConfig(ctx, *config)
if err != nil {
return setupResponse{Err: err}, nil
}
if req.Admin == nil {
return setupResponse{Err: ctxerr.New(ctx, "setup request must provide admin")}, nil
}
// creating the user should be the last action. If there's a user
// present and other errors occur, the setup endpoint closes.
adminPayload := *req.Admin
if adminPayload.Email == nil || *adminPayload.Email == "" {
err := ctxerr.New(ctx, "admin email cannot be empty")
return setupResponse{Err: err}, nil
}
if adminPayload.Password == nil || *adminPayload.Password == "" {
err := ctxerr.New(ctx, "admin password cannot be empty")
return setupResponse{Err: err}, nil
}
// Make the user an admin
adminPayload.GlobalRole = ptr.String(fleet.RoleAdmin)
admin, err := svc.CreateInitialUser(ctx, adminPayload)
if err != nil {
return setupResponse{Err: err}, nil
}
// If everything works to this point, log the user in and return token.
// If the login fails for some reason, ignore the error and don't return
// a token, forcing the user to log in manually.
var token *string
_, session, err := svc.Login(ctx, *req.Admin.Email, *req.Admin.Password)
if err != nil {
level.Debug(logger).Log("endpoint", "setup", "op", "login", "err", err)
} else {
token = &session.Key
}
return setupResponse{
Admin: admin,
OrgInfo: &config.OrgInfo,
ServerURL: req.ServerURL,
Token: token,
}, nil
}
}