1861958901

Committed 10 Jun 2025 08:53AM UTC coverage: 65.74%. First build

Build # 1861958901

Build Type

push

gitlab-ci

Committed by

web-flow

Commit Message

Merge pull request #711 from mendersoftware/MEN-8235

Merge MEN-8235 into main

Run Details

285 of 347 new or added lines in 13 files covered. (82.13%)

32499 of 49436 relevant lines covered (65.74%)

1.39 hits per line

Source File
Press 'n' to go to next uncovered line, 'b' for previous

97.78

/backend/services/deviceauth/api/http/routing.go

// Copyright 2023 Northern.tech AS
//
//        Licensed under the Apache License, Version 2.0 (the "License");
//        you may not use this file except in compliance with the License.
//        You may obtain a copy of the License at
//
//            http://www.apache.org/licenses/LICENSE-2.0
//
//        Unless required by applicable law or agreed to in writing, software
//        distributed under the License is distributed on an "AS IS" BASIS,
//        WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
//        See the License for the specific language governing permissions and
//        limitations under the License.
package http

import (
        "net/http"
        "os"
        "strings"

        "github.com/gin-gonic/gin"

        "github.com/mendersoftware/mender-server/pkg/accesslog"
        "github.com/mendersoftware/mender-server/pkg/contenttype"
        "github.com/mendersoftware/mender-server/pkg/identity"
        "github.com/mendersoftware/mender-server/pkg/requestid"
        "github.com/mendersoftware/mender-server/services/deviceauth/devauth"
        "github.com/mendersoftware/mender-server/services/deviceauth/store"
        "github.com/mendersoftware/mender-server/services/deviceauth/utils"
)

const (
        apiUrlDevicesV1 = "/api/devices/v1/authentication"
        uriAuthReqs     = "/auth_requests"

        // internal API
        apiUrlInternalV1      = "/api/internal/v1/devauth"
        uriAlive              = "/alive"
        uriHealth             = "/health"
        uriTokenVerify        = "/tokens/verify"
        uriTenantLimit        = "/tenant/:id/limits/:name"
        uriTokens             = "/tokens"
        uriTenants            = "/tenants"
        uriTenantDevice       = "/tenants/:tid/devices/:did"
        uriTenantDeviceStatus = "/tenants/:tid/devices/:did/status"
        uriTenantDevices      = "/tenants/:tid/devices"
        uriTenantDevicesCount = "/tenants/:tid/devices/count"

        // management API v2
        apiUrlManagementV2       = "/api/management/v2/devauth"
        v2uriDevices             = "/devices"
        v2uriDevicesCount        = "/devices/count"
        v2uriDevicesSearch       = "/devices/search"
        v2uriDevice              = "/devices/:id"
        v2uriDeviceAuthSet       = "/devices/:id/auth/:aid"
        v2uriDeviceAuthSetStatus = "/devices/:id/auth/:aid/status"
        v2uriToken               = "/tokens/:id"
        v2uriDevicesLimit        = "/limits/:name"

        HdrAuthReqSign = "X-MEN-Signature"
)

type HttpOptionsGenerator func(methods []string) gin.HandlerFunc

func AllowHeaderOptionsGenerator(methods []string) gin.HandlerFunc {
        // return a dummy handler for now
        return func(c *gin.Context) {
                for _, m := range methods {
                        c.Writer.Header().Add("Allow", m)
                }
        }
}

func supportsMethod(method string, methods []string) bool {
        return utils.ContainsString(method, methods)
}

// Automatically add OPTIONS method support for each defined route,
// only if there's no OPTIONS handler for that route yet
func AutogenOptionsRoutes(router *gin.Engine, gen HttpOptionsGenerator) {

        routes := router.Routes()
        methodGroups := make(map[string][]string, len(routes))

        for _, route := range routes {
                if strings.HasPrefix(route.Path, "/api/internal") {
                        continue
                }
                methods, ok := methodGroups[route.Path]
                if !ok {
                        methods = make([]string, 0)
                }

                methodGroups[route.Path] = append(methods, route.Method)
        }

        for route, methods := range methodGroups {
                // skip if there's a handler for OPTIONS already
                if !supportsMethod(http.MethodOptions, methods) {
                        router.OPTIONS(route, gen(methods))
                }
        }

}

func init() {
        if mode := os.Getenv(gin.EnvGinMode); mode != "" {
                gin.SetMode(mode)
        } else {
                gin.SetMode(gin.ReleaseMode)
        }
        gin.DisableConsoleColor()
}

func NewRouter(app devauth.App, db store.DataStore) http.Handler {
        router := gin.New()
        router.Use(accesslog.Middleware())
        router.Use(requestid.Middleware())

        d := NewDevAuthApiHandlers(app, db)

        publicAPIs := router.Group(".")
        publicAPIs.Use(identity.Middleware())

        mgmtAPIV2 := publicAPIs.Group(apiUrlManagementV2)
        devicesAPIs := router.Group(apiUrlDevicesV1)

        // Devices API
        devicesAPIs.Group(".").Use(contenttype.CheckJSON()).
                POST(uriAuthReqs, d.SubmitAuthRequestHandler)

        // API v2
        mgmtAPIV2.GET(v2uriDevicesCount, d.GetDevicesCountHandler)
        mgmtAPIV2.GET(v2uriDevices, d.GetDevicesV2Handler)
        mgmtAPIV2.GET(v2uriDevice, d.GetDeviceV2Handler)
        mgmtAPIV2.GET(v2uriDeviceAuthSetStatus, d.GetAuthSetStatusHandler)
        mgmtAPIV2.GET(v2uriDevicesLimit, d.GetLimitHandler)
        mgmtAPIV2.DELETE(v2uriDevice, d.DecommissionDeviceHandler)
        mgmtAPIV2.DELETE(v2uriDeviceAuthSet, d.DeleteDeviceAuthSetHandler)
        mgmtAPIV2.DELETE(v2uriToken, d.DeleteTokenHandler)
        mgmtAPIV2.Group(".").Use(contenttype.CheckJSON()).
                POST(v2uriDevices, d.PostDevicesV2Handler).
                PUT(v2uriDeviceAuthSetStatus, d.UpdateDeviceStatusHandler).
                POST(v2uriDevicesSearch, d.SearchDevicesV2Handler)

        // automatically add Option routes for public endpoints
        AutogenOptionsRoutes(router, AllowHeaderOptionsGenerator)

        intrnlAPIV1 := router.Group(apiUrlInternalV1)

        intrnlAPIV1.GET(uriAlive, d.AliveHandler)
        intrnlAPIV1.GET(uriHealth, d.HealthCheckHandler)
        intrnlAPIV1.GET(uriTokenVerify,
                identity.Middleware(),
                d.VerifyTokenHandler)
        intrnlAPIV1.POST(uriTokenVerify,
                identity.Middleware(),
                d.VerifyTokenHandler)
        intrnlAPIV1.DELETE(uriTokens, d.DeleteTokensHandler)
        intrnlAPIV1.PUT(uriTenantLimit, d.PutTenantLimitHandler)
        intrnlAPIV1.GET(uriTenantLimit, d.GetTenantLimitHandler)
        intrnlAPIV1.DELETE(uriTenantLimit, d.DeleteTenantLimitHandler)
        intrnlAPIV1.POST(uriTenants, d.ProvisionTenantHandler)
        intrnlAPIV1.GET(uriTenantDeviceStatus, d.GetTenantDeviceStatus)
        intrnlAPIV1.GET(uriTenantDevices, d.GetTenantDevicesHandler)
        intrnlAPIV1.GET(uriTenantDevicesCount, d.GetTenantDevicesCountHandler)
        intrnlAPIV1.DELETE(uriTenantDevice, d.DeleteDeviceHandler)

        return router
}

1	// Copyright 2023 Northern.tech AS
2	//
3	// Licensed under the Apache License, Version 2.0 (the "License");
4	// you may not use this file except in compliance with the License.
5	// You may obtain a copy of the License at
6	//
7	// http://www.apache.org/licenses/LICENSE-2.0
8	//
9	// Unless required by applicable law or agreed to in writing, software
10	// distributed under the License is distributed on an "AS IS" BASIS,
11	// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12	// See the License for the specific language governing permissions and
13	// limitations under the License.
14	package http
15
16	import (
17	"net/http"
18	"os"
19	"strings"
20
21	"github.com/gin-gonic/gin"
22
23	"github.com/mendersoftware/mender-server/pkg/accesslog"
24	"github.com/mendersoftware/mender-server/pkg/contenttype"
25	"github.com/mendersoftware/mender-server/pkg/identity"
26	"github.com/mendersoftware/mender-server/pkg/requestid"
27	"github.com/mendersoftware/mender-server/services/deviceauth/devauth"
28	"github.com/mendersoftware/mender-server/services/deviceauth/store"
29	"github.com/mendersoftware/mender-server/services/deviceauth/utils"
30	)
31
32	const (
33	apiUrlDevicesV1 = "/api/devices/v1/authentication"
34	uriAuthReqs = "/auth_requests"
35
36	// internal API
37	apiUrlInternalV1 = "/api/internal/v1/devauth"
38	uriAlive = "/alive"
39	uriHealth = "/health"
40	uriTokenVerify = "/tokens/verify"
41	uriTenantLimit = "/tenant/:id/limits/:name"
42	uriTokens = "/tokens"
43	uriTenants = "/tenants"
44	uriTenantDevice = "/tenants/:tid/devices/:did"
45	uriTenantDeviceStatus = "/tenants/:tid/devices/:did/status"
46	uriTenantDevices = "/tenants/:tid/devices"
47	uriTenantDevicesCount = "/tenants/:tid/devices/count"
48
49	// management API v2
50	apiUrlManagementV2 = "/api/management/v2/devauth"
51	v2uriDevices = "/devices"
52	v2uriDevicesCount = "/devices/count"
53	v2uriDevicesSearch = "/devices/search"
54	v2uriDevice = "/devices/:id"
55	v2uriDeviceAuthSet = "/devices/:id/auth/:aid"
56	v2uriDeviceAuthSetStatus = "/devices/:id/auth/:aid/status"
57	v2uriToken = "/tokens/:id"
58	v2uriDevicesLimit = "/limits/:name"
59
60	HdrAuthReqSign = "X-MEN-Signature"
61	)
62
63	type HttpOptionsGenerator func(methods []string) gin.HandlerFunc
64
65	func AllowHeaderOptionsGenerator(methods []string) gin.HandlerFunc {	3✔
66	// return a dummy handler for now	3✔
67	return func(c *gin.Context) {	4✔
68	for _, m := range methods {	2✔
69	c.Writer.Header().Add("Allow", m)	1✔
70	}	1✔
71	}
72	}
73
74	func supportsMethod(method string, methods []string) bool {	3✔
75	return utils.ContainsString(method, methods)	3✔
76	}	3✔
77
78	// Automatically add OPTIONS method support for each defined route,
79	// only if there's no OPTIONS handler for that route yet
80	func AutogenOptionsRoutes(router *gin.Engine, gen HttpOptionsGenerator) {	3✔
81		3✔
82	routes := router.Routes()	3✔
83	methodGroups := make(map[string][]string, len(routes))	3✔
84		3✔
85	for _, route := range routes {	6✔
86	if strings.HasPrefix(route.Path, "/api/internal") {	3✔
NEW 87	continue	×
88	}
89	methods, ok := methodGroups[route.Path]	3✔
90	if !ok {	6✔
91	methods = make([]string, 0)	3✔
92	}	3✔
93
94	methodGroups[route.Path] = append(methods, route.Method)	3✔
95	}
96
97	for route, methods := range methodGroups {	6✔
98	// skip if there's a handler for OPTIONS already	3✔
99	if !supportsMethod(http.MethodOptions, methods) {	6✔
100	router.OPTIONS(route, gen(methods))	3✔
101	}	3✔
102	}
103
104	}
105
106	func init() {	3✔
107	if mode := os.Getenv(gin.EnvGinMode); mode != "" {	3✔
NEW 108	gin.SetMode(mode)	×
109	} else {	3✔
110	gin.SetMode(gin.ReleaseMode)	3✔
111	}	3✔
112	gin.DisableConsoleColor()	3✔
113	}
114
115	func NewRouter(app devauth.App, db store.DataStore) http.Handler {	3✔
116	router := gin.New()	3✔
117	router.Use(accesslog.Middleware())	3✔
118	router.Use(requestid.Middleware())	3✔
119		3✔
120	d := NewDevAuthApiHandlers(app, db)	3✔
121		3✔
122	publicAPIs := router.Group(".")	3✔
123	publicAPIs.Use(identity.Middleware())	3✔
124		3✔
125	mgmtAPIV2 := publicAPIs.Group(apiUrlManagementV2)	3✔
126	devicesAPIs := router.Group(apiUrlDevicesV1)	3✔
127		3✔
128	// Devices API	3✔
129	devicesAPIs.Group(".").Use(contenttype.CheckJSON()).	3✔
130	POST(uriAuthReqs, d.SubmitAuthRequestHandler)	3✔
131		3✔
132	// API v2	3✔
133	mgmtAPIV2.GET(v2uriDevicesCount, d.GetDevicesCountHandler)	3✔
134	mgmtAPIV2.GET(v2uriDevices, d.GetDevicesV2Handler)	3✔
135	mgmtAPIV2.GET(v2uriDevice, d.GetDeviceV2Handler)	3✔
136	mgmtAPIV2.GET(v2uriDeviceAuthSetStatus, d.GetAuthSetStatusHandler)	3✔
137	mgmtAPIV2.GET(v2uriDevicesLimit, d.GetLimitHandler)	3✔
138	mgmtAPIV2.DELETE(v2uriDevice, d.DecommissionDeviceHandler)	3✔
139	mgmtAPIV2.DELETE(v2uriDeviceAuthSet, d.DeleteDeviceAuthSetHandler)	3✔
140	mgmtAPIV2.DELETE(v2uriToken, d.DeleteTokenHandler)	3✔
141	mgmtAPIV2.Group(".").Use(contenttype.CheckJSON()).	3✔
142	POST(v2uriDevices, d.PostDevicesV2Handler).	3✔
143	PUT(v2uriDeviceAuthSetStatus, d.UpdateDeviceStatusHandler).	3✔
144	POST(v2uriDevicesSearch, d.SearchDevicesV2Handler)	3✔
145		3✔
146	// automatically add Option routes for public endpoints	3✔
147	AutogenOptionsRoutes(router, AllowHeaderOptionsGenerator)	3✔
148		3✔
149	intrnlAPIV1 := router.Group(apiUrlInternalV1)	3✔
150		3✔
151	intrnlAPIV1.GET(uriAlive, d.AliveHandler)	3✔
152	intrnlAPIV1.GET(uriHealth, d.HealthCheckHandler)	3✔
153	intrnlAPIV1.GET(uriTokenVerify,	3✔
154	identity.Middleware(),	3✔
155	d.VerifyTokenHandler)	3✔
156	intrnlAPIV1.POST(uriTokenVerify,	3✔
157	identity.Middleware(),	3✔
158	d.VerifyTokenHandler)	3✔
159	intrnlAPIV1.DELETE(uriTokens, d.DeleteTokensHandler)	3✔
160	intrnlAPIV1.PUT(uriTenantLimit, d.PutTenantLimitHandler)	3✔
161	intrnlAPIV1.GET(uriTenantLimit, d.GetTenantLimitHandler)	3✔
162	intrnlAPIV1.DELETE(uriTenantLimit, d.DeleteTenantLimitHandler)	3✔
163	intrnlAPIV1.POST(uriTenants, d.ProvisionTenantHandler)	3✔
164	intrnlAPIV1.GET(uriTenantDeviceStatus, d.GetTenantDeviceStatus)	3✔
165	intrnlAPIV1.GET(uriTenantDevices, d.GetTenantDevicesHandler)	3✔
166	intrnlAPIV1.GET(uriTenantDevicesCount, d.GetTenantDevicesCountHandler)	3✔
167	intrnlAPIV1.DELETE(uriTenantDevice, d.DeleteDeviceHandler)	3✔
168		3✔
169	return router	3✔
170	}	3✔

mendersoftware / mender-server / 1861958901

Source File Press 'n' to go to next uncovered line, 'b' for previous

Source File
Press 'n' to go to next uncovered line, 'b' for previous