peer expiry feature: re-activate expired peers

2025-04-19 00:45:17 +00:00 · 2022-10-29 13:03:05 +02:00 · 2022-10-29 13:03:05 +02:00 · c43e8d7ca2
commit c43e8d7ca2
parent 4a0e773d96
5 changed files with 29 additions and 10 deletions
--- a/internal/server/api.go
+++ b/internal/server/api.go
@ -439,7 +439,7 @@ func (s *ApiServer) PutPeer(c *gin.Context) {
 	now := time.Now()
 	if updatePeer.DeactivatedAt != nil {
 		updatePeer.DeactivatedAt = &now
-		updatePeer.DeactivatedReason = "api update"
+		updatePeer.DeactivatedReason = wireguard.DeactivatedReasonApiEdit
 	}
 	if err := s.s.UpdatePeer(updatePeer, now); err != nil {
 		c.JSON(http.StatusInternalServerError, ApiError{Message: err.Error()})
@ -517,7 +517,7 @@ func (s *ApiServer) PatchPeer(c *gin.Context) {
 	now := time.Now()
 	if mergedPeer.DeactivatedAt != nil {
 		mergedPeer.DeactivatedAt = &now
-		mergedPeer.DeactivatedReason = "api update"
+		mergedPeer.DeactivatedReason = wireguard.DeactivatedReasonApiEdit
 	}
 	if err := s.s.UpdatePeer(mergedPeer, now); err != nil {
 		c.JSON(http.StatusInternalServerError, ApiError{Message: err.Error()})
--- a/internal/server/handlers_peer.go
+++ b/internal/server/handlers_peer.go
@ -71,12 +71,17 @@ func (s *Server) PostAdminEditPeer(c *gin.Context) {
 	now := time.Now()
 	if disabled && currentPeer.DeactivatedAt == nil {
 		formPeer.DeactivatedAt = &now
-		formPeer.DeactivatedReason = "admin update"
+		formPeer.DeactivatedReason = wireguard.DeactivatedReasonAdminEdit
 	} else if !disabled {
 		formPeer.DeactivatedAt = nil
 		formPeer.DeactivatedReason = ""
+		// If a peer was deactivated due to expiry, remove the expires-at date to avoid
+		// unwanted re-expiry.
+		if currentPeer.DeactivatedReason == wireguard.DeactivatedReasonExpired {
+			formPeer.ExpiresAt = nil
+		}
 	}
-	if formPeer.ExpiresAt != nil && formPeer.ExpiresAt.IsZero() {
+	if formPeer.ExpiresAt != nil && formPeer.ExpiresAt.IsZero() { // convert 01-01-0001 to nil
 		formPeer.ExpiresAt = nil
 	}

@ -134,7 +139,7 @@ func (s *Server) PostAdminCreatePeer(c *gin.Context) {
 	now := time.Now()
 	if disabled {
 		formPeer.DeactivatedAt = &now
-		formPeer.DeactivatedReason = "admin create"
+		formPeer.DeactivatedReason = wireguard.DeactivatedReasonAdminCreate
 	}

 	if err := s.CreatePeer(currentSession.DeviceName, formPeer); err != nil {
@ -446,7 +451,7 @@ func (s *Server) PostUserCreatePeer(c *gin.Context) {
 	now := time.Now()
 	if disabled {
 		formPeer.DeactivatedAt = &now
-		formPeer.DeactivatedReason = "user create"
+		formPeer.DeactivatedReason = wireguard.DeactivatedReasonUserCreate
 	}

 	if err := s.CreatePeer(currentSession.DeviceName, formPeer); err != nil {
@ -503,7 +508,7 @@ func (s *Server) PostUserEditPeer(c *gin.Context) {
 	now := time.Now()
 	if disabled && currentPeer.DeactivatedAt == nil {
 		currentPeer.DeactivatedAt = &now
-		currentPeer.DeactivatedReason = "user update"
+		currentPeer.DeactivatedReason = wireguard.DeactivatedReasonUserEdit
 	}

 	// Update in database
--- a/internal/server/ldapsync.go
+++ b/internal/server/ldapsync.go
@ -4,6 +4,8 @@ import (
 	"strings"
 	"time"

+	"github.com/h44z/wg-portal/internal/wireguard"
+
 	"github.com/h44z/wg-portal/internal/ldap"
 	"github.com/h44z/wg-portal/internal/users"
 	"github.com/sirupsen/logrus"
@ -112,7 +114,7 @@ func (s *Server) disableMissingLdapUsers(ldapUsers []ldap.RawLdapData) {
 		for _, peer := range s.peers.GetPeersByMail(activeUsers[i].Email) {
 			now := time.Now()
 			peer.DeactivatedAt = &now
-			peer.DeactivatedReason = "missing ldap user"
+			peer.DeactivatedReason = wireguard.DeactivatedReasonLdapMissing
 			if err := s.UpdatePeer(peer, now); err != nil {
 				logrus.Errorf("failed to update deactivated peer %s: %v", peer.PublicKey, err)
 			}
--- a/internal/server/server_helper.go
+++ b/internal/server/server_helper.go
@ -300,7 +300,7 @@ func (s *Server) DeleteUser(user users.User) error {
 	for _, peer := range s.peers.GetPeersByMail(user.Email) {
 		now := time.Now()
 		peer.DeactivatedAt = &now
-		peer.DeactivatedReason = "user deleted"
+		peer.DeactivatedReason = wireguard.DeactivatedReasonUserMissing
 		if err := s.UpdatePeer(peer, now); err != nil {
 			logrus.Errorf("failed to update deactivated peer %s for %s: %v", peer.PublicKey, user.Email, err)
 		}
@ -408,7 +408,7 @@ func (s *Server) checkExpiredPeers() error {

 				peer.UpdatedAt = now
 				peer.DeactivatedAt = &now
-				peer.DeactivatedReason = "expired"
+				peer.DeactivatedReason = wireguard.DeactivatedReasonExpired

 				res := s.db.Save(&peer)
 				if res.Error != nil {
--- a/internal/wireguard/peermanager.go
+++ b/internal/wireguard/peermanager.go
@ -23,6 +23,18 @@ import (
 	"gorm.io/gorm"
 )

+const (
+	DeactivatedReasonExpired     = "expired"
+	DeactivatedReasonUserEdit    = "user edit action"
+	DeactivatedReasonUserCreate  = "user create action"
+	DeactivatedReasonAdminEdit   = "admin edit action"
+	DeactivatedReasonAdminCreate = "admin create action"
+	DeactivatedReasonApiEdit     = "api edit action"
+	DeactivatedReasonApiCreate   = "api create action"
+	DeactivatedReasonLdapMissing = "missing in ldap"
+	DeactivatedReasonUserMissing = "missing user"
+)
+
 // CUSTOM VALIDATORS ----------------------------------------------------------------------------
 var cidrList validator.Func = func(fl validator.FieldLevel) bool {
 	cidrListStr := fl.Field().String()