diff --git a/internal/server/api.go b/internal/server/api.go index 0bfb471..a4fab6f 100644 --- a/internal/server/api.go +++ b/internal/server/api.go @@ -439,7 +439,7 @@ func (s *ApiServer) PutPeer(c *gin.Context) { now := time.Now() if updatePeer.DeactivatedAt != nil { updatePeer.DeactivatedAt = &now - updatePeer.DeactivatedReason = "api update" + updatePeer.DeactivatedReason = wireguard.DeactivatedReasonApiEdit } if err := s.s.UpdatePeer(updatePeer, now); err != nil { c.JSON(http.StatusInternalServerError, ApiError{Message: err.Error()}) @@ -517,7 +517,7 @@ func (s *ApiServer) PatchPeer(c *gin.Context) { now := time.Now() if mergedPeer.DeactivatedAt != nil { mergedPeer.DeactivatedAt = &now - mergedPeer.DeactivatedReason = "api update" + mergedPeer.DeactivatedReason = wireguard.DeactivatedReasonApiEdit } if err := s.s.UpdatePeer(mergedPeer, now); err != nil { c.JSON(http.StatusInternalServerError, ApiError{Message: err.Error()}) diff --git a/internal/server/handlers_peer.go b/internal/server/handlers_peer.go index 9e87e5b..0037429 100644 --- a/internal/server/handlers_peer.go +++ b/internal/server/handlers_peer.go @@ -71,12 +71,17 @@ func (s *Server) PostAdminEditPeer(c *gin.Context) { now := time.Now() if disabled && currentPeer.DeactivatedAt == nil { formPeer.DeactivatedAt = &now - formPeer.DeactivatedReason = "admin update" + formPeer.DeactivatedReason = wireguard.DeactivatedReasonAdminEdit } else if !disabled { formPeer.DeactivatedAt = nil formPeer.DeactivatedReason = "" + // If a peer was deactivated due to expiry, remove the expires-at date to avoid + // unwanted re-expiry. + if currentPeer.DeactivatedReason == wireguard.DeactivatedReasonExpired { + formPeer.ExpiresAt = nil + } } - if formPeer.ExpiresAt != nil && formPeer.ExpiresAt.IsZero() { + if formPeer.ExpiresAt != nil && formPeer.ExpiresAt.IsZero() { // convert 01-01-0001 to nil formPeer.ExpiresAt = nil } @@ -134,7 +139,7 @@ func (s *Server) PostAdminCreatePeer(c *gin.Context) { now := time.Now() if disabled { formPeer.DeactivatedAt = &now - formPeer.DeactivatedReason = "admin create" + formPeer.DeactivatedReason = wireguard.DeactivatedReasonAdminCreate } if err := s.CreatePeer(currentSession.DeviceName, formPeer); err != nil { @@ -446,7 +451,7 @@ func (s *Server) PostUserCreatePeer(c *gin.Context) { now := time.Now() if disabled { formPeer.DeactivatedAt = &now - formPeer.DeactivatedReason = "user create" + formPeer.DeactivatedReason = wireguard.DeactivatedReasonUserCreate } if err := s.CreatePeer(currentSession.DeviceName, formPeer); err != nil { @@ -503,7 +508,7 @@ func (s *Server) PostUserEditPeer(c *gin.Context) { now := time.Now() if disabled && currentPeer.DeactivatedAt == nil { currentPeer.DeactivatedAt = &now - currentPeer.DeactivatedReason = "user update" + currentPeer.DeactivatedReason = wireguard.DeactivatedReasonUserEdit } // Update in database diff --git a/internal/server/ldapsync.go b/internal/server/ldapsync.go index 6cee9c0..bad4cab 100644 --- a/internal/server/ldapsync.go +++ b/internal/server/ldapsync.go @@ -4,6 +4,8 @@ import ( "strings" "time" + "github.com/h44z/wg-portal/internal/wireguard" + "github.com/h44z/wg-portal/internal/ldap" "github.com/h44z/wg-portal/internal/users" "github.com/sirupsen/logrus" @@ -112,7 +114,7 @@ func (s *Server) disableMissingLdapUsers(ldapUsers []ldap.RawLdapData) { for _, peer := range s.peers.GetPeersByMail(activeUsers[i].Email) { now := time.Now() peer.DeactivatedAt = &now - peer.DeactivatedReason = "missing ldap user" + peer.DeactivatedReason = wireguard.DeactivatedReasonLdapMissing if err := s.UpdatePeer(peer, now); err != nil { logrus.Errorf("failed to update deactivated peer %s: %v", peer.PublicKey, err) } diff --git a/internal/server/server_helper.go b/internal/server/server_helper.go index 27914ab..f285847 100644 --- a/internal/server/server_helper.go +++ b/internal/server/server_helper.go @@ -300,7 +300,7 @@ func (s *Server) DeleteUser(user users.User) error { for _, peer := range s.peers.GetPeersByMail(user.Email) { now := time.Now() peer.DeactivatedAt = &now - peer.DeactivatedReason = "user deleted" + peer.DeactivatedReason = wireguard.DeactivatedReasonUserMissing if err := s.UpdatePeer(peer, now); err != nil { logrus.Errorf("failed to update deactivated peer %s for %s: %v", peer.PublicKey, user.Email, err) } @@ -408,7 +408,7 @@ func (s *Server) checkExpiredPeers() error { peer.UpdatedAt = now peer.DeactivatedAt = &now - peer.DeactivatedReason = "expired" + peer.DeactivatedReason = wireguard.DeactivatedReasonExpired res := s.db.Save(&peer) if res.Error != nil { diff --git a/internal/wireguard/peermanager.go b/internal/wireguard/peermanager.go index f2cd108..30f4cf9 100644 --- a/internal/wireguard/peermanager.go +++ b/internal/wireguard/peermanager.go @@ -23,6 +23,18 @@ import ( "gorm.io/gorm" ) +const ( + DeactivatedReasonExpired = "expired" + DeactivatedReasonUserEdit = "user edit action" + DeactivatedReasonUserCreate = "user create action" + DeactivatedReasonAdminEdit = "admin edit action" + DeactivatedReasonAdminCreate = "admin create action" + DeactivatedReasonApiEdit = "api edit action" + DeactivatedReasonApiCreate = "api create action" + DeactivatedReasonLdapMissing = "missing in ldap" + DeactivatedReasonUserMissing = "missing user" +) + // CUSTOM VALIDATORS ---------------------------------------------------------------------------- var cidrList validator.Func = func(fl validator.FieldLevel) bool { cidrListStr := fl.Field().String()