diff --git a/lib/NGCP/Panel/Controller/API/TrustedSources.pm b/lib/NGCP/Panel/Controller/API/TrustedSources.pm new file mode 100644 index 0000000000..7b56eb6608 --- /dev/null +++ b/lib/NGCP/Panel/Controller/API/TrustedSources.pm @@ -0,0 +1,208 @@ +package NGCP::Panel::Controller::API::TrustedSources; +use Sipwise::Base; +use namespace::sweep; +use boolean qw(true); +use Data::HAL qw(); +use Data::HAL::Link qw(); +use HTTP::Headers qw(); +use HTTP::Status qw(:constants); +use MooseX::ClassAttribute qw(class_has); +use NGCP::Panel::Utils::DateTime; +use Path::Tiny qw(path); +use Safe::Isa qw($_isa); +BEGIN { extends 'Catalyst::Controller::ActionRole'; } +require Catalyst::ActionRole::ACL; +require Catalyst::ActionRole::CheckTrailingSlash; +require Catalyst::ActionRole::HTTPMethods; +require Catalyst::ActionRole::RequireSSL; + +class_has 'api_description' => ( + is => 'ro', + isa => 'Str', + default => + 'Defines trusted sources for subscribers to bypass SIP authentication.', +); + +class_has 'query_params' => ( + is => 'ro', + isa => 'ArrayRef', + default => sub {[ + { + param => 'subscriber_id', + description => 'Filter for trusted sources of a specific subscriber', + query => { + first => sub { + my $q = shift; + return { 'voip_subscriber.id' => $q }; + }, + second => sub { + return { + join => { subscriber => 'voip_subscriber' } + }; + }, + }, + }, + ]}, +); + +with 'NGCP::Panel::Role::API::TrustedSources'; + +class_has('resource_name', is => 'ro', default => 'trustedsources'); +class_has('dispatch_path', is => 'ro', default => '/api/trustedsources/'); +class_has('relation', is => 'ro', default => 'http://purl.org/sipwise/ngcp-api/#rel-trustedsources'); + +__PACKAGE__->config( + action => { + map { $_ => { + ACLDetachTo => '/api/root/invalid_user', + AllowedRole => [qw/admin reseller/], + Args => 0, + Does => [qw(ACL CheckTrailingSlash RequireSSL)], + Method => $_, + Path => __PACKAGE__->dispatch_path, + } } @{ __PACKAGE__->allowed_methods } + }, + action_roles => [qw(HTTPMethods)], +); + +sub auto :Private { + my ($self, $c) = @_; + + $self->set_body($c); + $self->log_request($c); +} + +sub GET :Allow { + my ($self, $c) = @_; + my $page = $c->request->params->{page} // 1; + my $rows = $c->request->params->{rows} // 10; + { + my $items = $self->item_rs($c); + my $total_count = int($items->count); + $items = $items->search(undef, { + page => $page, + rows => $rows, + }); + my (@embedded, @links); + my $form = $self->get_form($c); + for my $item ($items->search({}, {order_by => {-asc => 'me.id'}})->all) { + push @embedded, $self->hal_from_item($c, $item, $form); + push @links, Data::HAL::Link->new( + relation => 'ngcp:'.$self->resource_name, + href => sprintf('/%s%d', $c->request->path, $item->id), + ); + } + push @links, + Data::HAL::Link->new( + relation => 'curies', + href => 'http://purl.org/sipwise/ngcp-api/#rel-{rel}', + name => 'ngcp', + templated => true, + ), + Data::HAL::Link->new(relation => 'profile', href => 'http://purl.org/sipwise/ngcp-api/'), + Data::HAL::Link->new(relation => 'self', href => sprintf('/%s?page=%s&rows=%s', $c->request->path, $page, $rows)); + if(($total_count / $rows) > $page ) { + push @links, Data::HAL::Link->new(relation => 'next', href => sprintf('/%s?page=%d&rows=%d', $c->request->path, $page + 1, $rows)); + } + if($page > 1) { + push @links, Data::HAL::Link->new(relation => 'prev', href => sprintf('/%s?page=%d&rows=%d', $c->request->path, $page - 1, $rows)); + } + + my $hal = Data::HAL->new( + embedded => [@embedded], + links => [@links], + ); + $hal->resource({ + total_count => $total_count, + }); + my $response = HTTP::Response->new(HTTP_OK, undef, + HTTP::Headers->new($hal->http_headers(skip_links => 1)), $hal->as_json); + $c->response->headers($response->headers); + $c->response->body($response->content); + return; + } + return; +} + +sub HEAD :Allow { + my ($self, $c) = @_; + $c->forward(qw(GET)); + $c->response->body(q()); + return; +} + +sub OPTIONS :Allow { + my ($self, $c) = @_; + my $allowed_methods = $self->allowed_methods; + $c->response->headers(HTTP::Headers->new( + Allow => $allowed_methods->join(', '), + Accept_Post => 'application/hal+json; profile=http://purl.org/sipwise/ngcp-api/#rel-'.$self->resource_name, + )); + $c->response->content_type('application/json'); + $c->response->body(JSON::to_json({ methods => $allowed_methods })."\n"); + return; +} + +sub POST :Allow { + my ($self, $c) = @_; + + my $guard = $c->model('DB')->txn_scope_guard; + { + my $resource = $self->get_valid_post_data( + c => $c, + media_type => 'application/json', + ); + last unless $resource; + + my $form = $self->get_form($c); + last unless $self->validate_form( + c => $c, + resource => $resource, + form => $form, + exceptions => [ "subscriber_id" ], + ); + + my $sub_rs = $c->model('DB')->resultset('voip_subscribers')->search({ + id => $resource->{subscriber_id}, + }); + if($c->user->roles eq "reseller") { + $sub_rs = $sub_rs->search({ + 'contact.reseller_id' => $c->user->reseller_id, + },{ + join => { contract => 'contact' }, + }); + } + my $sub = $sub_rs->first; + unless($sub && $sub->provisioning_voip_subscriber) { + $c->log->error("invalid subscriber_id '$$resource{subscriber_id}'"); # TODO: user, message, trace, ... + $self->error($c, HTTP_UNPROCESSABLE_ENTITY, "Subscriber does not exist"); + last; + } + + $resource->{subscriber_id} = $sub->provisioning_voip_subscriber->id; + $resource->{uuid} = $sub->uuid; + my $item; + try { + $item = $c->model('DB')->resultset('voip_trusted_sources')->create($resource); + } catch($e) { + $c->log->error("failed to create trusted source: $e"); # TODO: user, message, trace, ... + $self->error($c, HTTP_INTERNAL_SERVER_ERROR, "Failed to create trusted source."); + last; + } + + $guard->commit; + + $c->response->status(HTTP_CREATED); + $c->response->header(Location => sprintf('/%s%d', $c->request->path, $item->id)); + $c->response->body(q()); + } + return; +} + +sub end : Private { + my ($self, $c) = @_; + + $self->log_response($c); +} + +# vim: set tabstop=4 expandtab: diff --git a/lib/NGCP/Panel/Controller/API/TrustedSourcesItem.pm b/lib/NGCP/Panel/Controller/API/TrustedSourcesItem.pm new file mode 100644 index 0000000000..16b122c961 --- /dev/null +++ b/lib/NGCP/Panel/Controller/API/TrustedSourcesItem.pm @@ -0,0 +1,191 @@ +package NGCP::Panel::Controller::API::TrustedSourcesItem; +use Sipwise::Base; +use namespace::sweep; +use HTTP::Headers qw(); +use HTTP::Status qw(:constants); +use MooseX::ClassAttribute qw(class_has); +use NGCP::Panel::Utils::DateTime; +use NGCP::Panel::Utils::ValidateJSON qw(); +use Path::Tiny qw(path); +use Safe::Isa qw($_isa); +BEGIN { extends 'Catalyst::Controller::ActionRole'; } +require Catalyst::ActionRole::ACL; +require Catalyst::ActionRole::HTTPMethods; +require Catalyst::ActionRole::RequireSSL; + +with 'NGCP::Panel::Role::API::TrustedSources'; + +class_has('resource_name', is => 'ro', default => 'trustedsources'); +class_has('dispatch_path', is => 'ro', default => '/api/trustedsources/'); +class_has('relation', is => 'ro', default => 'http://purl.org/sipwise/ngcp-api/#rel-trustedsources'); + +__PACKAGE__->config( + action => { + map { $_ => { + ACLDetachTo => '/api/root/invalid_user', + AllowedRole => [qw/admin reseller/], + Args => 1, + Does => [qw(ACL RequireSSL)], + Method => $_, + Path => __PACKAGE__->dispatch_path, + } } @{ __PACKAGE__->allowed_methods } + }, + action_roles => [qw(HTTPMethods)], +); + +sub auto :Private { + my ($self, $c) = @_; + + $self->set_body($c); + $self->log_request($c); +} + +sub GET :Allow { + my ($self, $c, $id) = @_; + { + last unless $self->valid_id($c, $id); + my $item = $self->item_by_id($c, $id); + last unless $self->resource_exists($c, trustedsource => $item); + + my $hal = $self->hal_from_item($c, $item); + + my $response = HTTP::Response->new(HTTP_OK, undef, HTTP::Headers->new( + (map { # XXX Data::HAL must be able to generate links with multiple relations + s|rel="(http://purl.org/sipwise/ngcp-api/#rel-resellers)"|rel="item $1"|; + s/rel=self/rel="item self"/; + $_ + } $hal->http_headers), + ), $hal->as_json); + $c->response->headers($response->headers); + $c->response->body($response->content); + return; + } + return; +} + +sub HEAD :Allow { + my ($self, $c, $id) = @_; + $c->forward(qw(GET)); + $c->response->body(q()); + return; +} + +sub OPTIONS :Allow { + my ($self, $c, $id) = @_; + my $allowed_methods = $self->allowed_methods; + $c->response->headers(HTTP::Headers->new( + Allow => $allowed_methods->join(', '), + Accept_Patch => 'application/json-patch+json', + )); + $c->response->content_type('application/json'); + $c->response->body(JSON::to_json({ methods => $allowed_methods })."\n"); + return; +} + +sub PATCH :Allow { + my ($self, $c, $id) = @_; + my $guard = $c->model('DB')->txn_scope_guard; + { + my $preference = $self->require_preference($c); + last unless $preference; + + my $json = $self->get_valid_patch_data( + c => $c, + id => $id, + media_type => 'application/json-patch+json', + ); + last unless $json; + + my $item = $self->item_by_id($c, $id); + last unless $self->resource_exists($c, trustedsource => $item); + my $form = $self->get_form($c); + my $old_resource = $self->resource_from_item($c, $item, $form); + my $resource = $self->apply_patch($c, $old_resource, $json); + last unless $resource; + + $item = $self->update_item($c, $item, $old_resource, $resource, $form); + last unless $item; + + $guard->commit; + + if ('minimal' eq $preference) { + $c->response->status(HTTP_NO_CONTENT); + $c->response->header(Preference_Applied => 'return=minimal'); + $c->response->body(q()); + } else { + my $hal = $self->hal_from_item($c, $item, $form); + my $response = HTTP::Response->new(HTTP_OK, undef, HTTP::Headers->new( + $hal->http_headers, + ), $hal->as_json); + $c->response->headers($response->headers); + $c->response->header(Preference_Applied => 'return=representation'); + $c->response->body($response->content); + } + } + return; +} + +sub PUT :Allow { + my ($self, $c, $id) = @_; + my $guard = $c->model('DB')->txn_scope_guard; + { + my $preference = $self->require_preference($c); + last unless $preference; + + my $item = $self->item_by_id($c, $id); + last unless $self->resource_exists($c, trustedsource => $item); + my $resource = $self->get_valid_put_data( + c => $c, + id => $id, + media_type => 'application/json', + ); + last unless $resource; + my $form = $self->get_form($c); + my $old_resource = $self->resource_from_item($c, $item, $form); + + $item = $self->update_item($c, $item, $old_resource, $resource, $form); + last unless $item; + + $guard->commit; + + if ('minimal' eq $preference) { + $c->response->status(HTTP_NO_CONTENT); + $c->response->header(Preference_Applied => 'return=minimal'); + $c->response->body(q()); + } else { + my $hal = $self->hal_from_item($c, $item, $form); + my $response = HTTP::Response->new(HTTP_OK, undef, HTTP::Headers->new( + $hal->http_headers, + ), $hal->as_json); + $c->response->headers($response->headers); + $c->response->header(Preference_Applied => 'return=representation'); + $c->response->body($response->content); + } + } + return; +} + +sub DELETE :Allow { + my ($self, $c, $id) = @_; + + my $guard = $c->model('DB')->txn_scope_guard; + { + my $item = $self->item_by_id($c, $id); + last unless $self->resource_exists($c, trustedsource => $item); + $item->delete; + + $guard->commit; + + $c->response->status(HTTP_NO_CONTENT); + $c->response->body(q()); + } + return; +} + +sub end : Private { + my ($self, $c) = @_; + + $self->log_response($c); +} + +# vim: set tabstop=4 expandtab: diff --git a/lib/NGCP/Panel/Form/Subscriber/TrustedSource.pm b/lib/NGCP/Panel/Form/Subscriber/TrustedSource.pm index 35ea7b5154..786cc8b905 100644 --- a/lib/NGCP/Panel/Form/Subscriber/TrustedSource.pm +++ b/lib/NGCP/Panel/Form/Subscriber/TrustedSource.pm @@ -17,6 +17,10 @@ has_field 'src_ip' => ( type => 'Text', label => 'Source IP', required => 1, + element_attr => { + rel => ['tooltip'], + title => ['The source IP address.'] + }, ); has_field 'protocol' => ( @@ -29,12 +33,20 @@ has_field 'protocol' => ( { label => 'TLS', value => 'TLS' }, { label => 'ANY', value => 'ANY' }, ], + element_attr => { + rel => ['tooltip'], + title => ['The transport protocol (one of UDP, TCP, TLS, ANY).'] + }, ); has_field 'from_pattern' => ( type => 'Text', label => 'From Pattern', required => 0, + element_attr => { + rel => ['tooltip'], + title => ['A regular expression matching the From URI.'] + }, ); has_field 'save' => ( diff --git a/lib/NGCP/Panel/Form/Subscriber/TrustedSourceAPI.pm b/lib/NGCP/Panel/Form/Subscriber/TrustedSourceAPI.pm new file mode 100644 index 0000000000..68c5749db2 --- /dev/null +++ b/lib/NGCP/Panel/Form/Subscriber/TrustedSourceAPI.pm @@ -0,0 +1,23 @@ +package NGCP::Panel::Form::Subscriber::TrustedSourceAPI; + +use HTML::FormHandler::Moose; +extends 'NGCP::Panel::Form::Subscriber::TrustedSource'; +use Moose::Util::TypeConstraints; + +has_field 'subscriber_id' => ( + type => 'PosInteger', + required => 1, + element_attr => { + rel => ['tooltip'], + title => ['The subscriber this trusted source belongs to.'] + }, +); + +has_block 'fields' => ( + tag => 'div', + class => [qw/modal-body/], + render_list => [qw/src_ip protocol from_pattern subscriber_id/], +); + +1; +# vim: set tabstop=4 expandtab: diff --git a/lib/NGCP/Panel/Role/API/TrustedSources.pm b/lib/NGCP/Panel/Role/API/TrustedSources.pm new file mode 100644 index 0000000000..bdb083144e --- /dev/null +++ b/lib/NGCP/Panel/Role/API/TrustedSources.pm @@ -0,0 +1,123 @@ +package NGCP::Panel::Role::API::TrustedSources; +use Moose::Role; +use Sipwise::Base; +with 'NGCP::Panel::Role::API' => { + -alias =>{ item_rs => '_item_rs', }, + -excludes => [ 'item_rs' ], +}; + +use boolean qw(true); +use TryCatch; +use Data::HAL qw(); +use Data::HAL::Link qw(); +use HTTP::Status qw(:constants); +use NGCP::Panel::Form::Subscriber::TrustedSourceAPI; + +sub item_rs { + my ($self, $c) = @_; + + my $item_rs = $c->model('DB')->resultset('voip_trusted_sources'); + if($c->user->roles eq "admin") { + } elsif($c->user->roles eq "reseller") { + $item_rs = $item_rs->search({ + 'contact.reseller_id' => $c->user->reseller_id + },{ + join => { subscriber => { voip_subscriber => { contract => 'contact' } } }, + }); + } + return $item_rs; +} + +sub get_form { + my ($self, $c) = @_; + return NGCP::Panel::Form::Subscriber::TrustedSourceAPI->new; +} + +sub hal_from_item { + my ($self, $c, $item, $form) = @_; + + $form //= $self->get_form($c); + my $resource = $self->resource_from_item($c, $item, $form); + + my $hal = Data::HAL->new( + links => [ + Data::HAL::Link->new( + relation => 'curies', + href => 'http://purl.org/sipwise/ngcp-api/#rel-{rel}', + name => 'ngcp', + templated => true, + ), + Data::HAL::Link->new(relation => 'collection', href => sprintf("/api/%s/", $self->resource_name)), + Data::HAL::Link->new(relation => 'profile', href => 'http://purl.org/sipwise/ngcp-api/'), + Data::HAL::Link->new(relation => 'self', href => sprintf("%s%d", $self->dispatch_path, $item->id)), + Data::HAL::Link->new(relation => 'ngcp:subscribers', href => sprintf("/api/subscribers/%d", $item->subscriber->voip_subscriber->id)), + ], + relation => 'ngcp:'.$self->resource_name, + ); + + + $self->validate_form( + c => $c, + resource => $resource, + form => $form, + run => 0, + exceptions => [ "subscriber_id" ], + ); + + $resource->{id} = int($item->id); + $hal->resource($resource); + return $hal; +} + +sub resource_from_item { + my ($self, $c, $item, $form) = @_; + + my $resource = { $item->get_inflated_columns }; + $resource->{subscriber_id} = int($item->subscriber->voip_subscriber->id); + + return $resource; +} + +sub item_by_id { + my ($self, $c, $id) = @_; + my $item_rs = $self->item_rs($c); + return $item_rs->find($id); +} + +sub update_item { + my ($self, $c, $item, $old_resource, $resource, $form) = @_; + + $form //= $self->get_form($c); + return unless $self->validate_form( + c => $c, + form => $form, + resource => $resource, + exceptions => [ "subscriber_id" ], + ); + + my $sub_rs = $c->model('DB')->resultset('voip_subscribers')->search({ + id => $resource->{subscriber_id}, + }); + if($c->user->roles eq "reseller") { + $sub_rs = $sub_rs->search({ + 'contact.reseller_id' => $c->user->reseller_id, + },{ + join => { contract => 'contact' }, + }); + } + my $sub = $sub_rs->first; + unless($sub && $sub->provisioning_voip_subscriber) { + $c->log->error("invalid subscriber_id '$$resource{subscriber_id}'"); # TODO: user, message, trace, ... + $self->error($c, HTTP_UNPROCESSABLE_ENTITY, "Subscriber does not exist"); + return; + } + $resource->{subscriber_id} = $sub->provisioning_voip_subscriber->id; + $resource->{uuid} = $sub->uuid; + + $item->update($resource); + + return $item; +} + +1; +# vim: set tabstop=4 expandtab: