feat: Add tunnel users from admin dashboard (#15)

* feat: Add tunnel users from admin dashboard

* chore: Separate tests into unit and tunnel tests

* Create test database using ubuntu image

* Rotate tunnel secret key

Author: amalshaji

.github/workflows/tests.yml .github/workflows/tunnel-tests.yml

@@ -1,7 +1,7 @@
 # This workflow will build a golang project
 # For more information see: https://docs.github.com/en/actions/automating-builds-and-tests/building-and-testing-go
 
-name: Go Test
+name: Tunnel Tests
 
 on:
   push:
@@ -41,6 +41,10 @@ jobs:
           go build -ldflags="-s -w" -o beaver_server ./cmd/beaver_server
           go build -ldflags="-s -w" -o test_server ./tests/server.go
 
+      - name: Prepare test database
+        run: |
+          mv tests/data .
+
       - name: Start test servers
         run: |
           ./test_server &
@@ -50,11 +54,11 @@ jobs:
 
       - name: Start test client
         run: |
-          ./beaver --config docs/beaver_client.yaml http 9999 --subdomain test &
+          ./beaver --config tests/beaver_client.yaml http 9999 --subdomain test &
           sleep 3
 
       - name: Run tests
-        run: go test -v ./...
+        run: go test -v ./tests/...
 
       - name: Kill test servers
         run: |

.github/workflows/unit-tests.yml

@@ -0,0 +1,37 @@
+# This workflow will build a golang project
+# For more information see: https://docs.github.com/en/actions/automating-builds-and-tests/building-and-testing-go
+
+name: Unit Tests
+
+on:
+  push:
+    branches: ["main"]
+  pull_request:
+    branches: ["main"]
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v3
+
+      - name: Set up Go
+        uses: actions/setup-go@v3
+        with:
+          go-version: 1.19
+
+      - name: Setup node
+        uses: actions/setup-node@v3
+        with:
+          node-version: 18.12.1
+
+      - name: Build frontend
+        run: |
+          npm i -g pnpm
+          pnpm install --dir internal/server/web build && pnpm run --dir internal/server/web build
+
+      - name: Download packages
+        run: go mod download
+
+      - name: Run tests
+        run: go test $(go list ./... | grep -v /tests) # Exclude the tests directory

.gitignore

@@ -22,4 +22,5 @@ node_modules
 dist/
 !beaver_server/
 data/
-testdata/
+testdata/
+!tests/data/

internal/server/admin/users.go

@@ -5,13 +5,16 @@ import (
 	"errors"
 	"fmt"
 
+	"github.com/amalshaji/beaver/internal/utils"
 	"github.com/timshannon/badgerhold/v4"
 )
 
-var ErrAdminUserNotFound = errors.New("user does not exist")
+var ErrAdminUserNotFound = errors.New("admin user does not exist")
+var ErrTunnelUserNotFound = errors.New("tunnel user does not exist")
 var ErrInvalidUserSession = errors.New("invalid user session")
 var ErrWrongEmailOrPassword = errors.New("wrong email or password")
-var ErrDuplicateAdminUser = errors.New("user with the same email exists")
+var ErrDuplicateAdminUser = errors.New("admin user with the same email exists")
+var ErrDuplicateTunnelUser = errors.New("tunnel user with the same email exists")
 
 type User struct {
 	Store *badgerhold.Store
@@ -22,6 +25,8 @@ func NewUserService(store *badgerhold.Store) *User {
 }
 
 func (u *User) findUserByEmail(ctx context.Context, email string) (*AdminUser, error) {
+	email = utils.SanitizeString(email)
+
 	var superUser AdminUser
 	if err := u.Store.FindOne(&superUser, badgerhold.Where("Email").Eq(email)); err != nil {
 		if errors.Is(err, badgerhold.ErrNotFound) {
@@ -33,6 +38,9 @@ func (u *User) findUserByEmail(ctx context.Context, email string) (*AdminUser, e
 }
 
 func (u *User) CreateUser(ctx context.Context, email, password string, isSuperUser bool) (*AdminUser, error) {
+	email = utils.SanitizeString(email)
+	password = utils.SanitizeString(password)
+
 	existingAdminUser, err := u.findUserByEmail(ctx, email)
 	if err != nil && !errors.Is(err, ErrAdminUserNotFound) {
 		return nil, err
@@ -49,7 +57,7 @@ func (u *User) CreateUser(ctx context.Context, email, password string, isSuperUs
 	adminUser.IsSuperUser = isSuperUser
 	adminUser.MarkAsNew()
 
-	if err := u.Store.Insert(badgerhold.NextSequence(), adminUser); err != nil {
+	if err := u.Store.Insert(badgerhold.NextSequence(), &adminUser); err != nil {
 		if errors.Is(err, badgerhold.ErrUniqueExists) {
 			return nil, ErrDuplicateAdminUser
 		}
@@ -68,6 +76,9 @@ func (u *User) CreateSuperUser(ctx context.Context, email, password string) (*Ad
 }
 
 func (u *User) Login(ctx context.Context, email, password string) (string, error) {
+	email = utils.SanitizeString(email)
+	password = utils.SanitizeString(password)
+
 	var adminUser *AdminUser
 
 	adminUser, err := u.findUserByEmail(ctx, email)
@@ -124,3 +135,96 @@ func (u *User) ValidateSession(ctx context.Context, sessionToken string) (*Admin
 	}
 	return &adminUser, nil
 }
+
+func (u *User) findTunnelUserByEmail(ctx context.Context, email string) (*TunnelUser, error) {
+	email = utils.SanitizeString(email)
+
+	var tunnelUser TunnelUser
+
+	if err := u.Store.FindOne(&tunnelUser, badgerhold.Where("Email").Eq(email)); err != nil {
+		if errors.Is(err, badgerhold.ErrNotFound) {
+			return nil, ErrTunnelUserNotFound
+		}
+		return nil, err
+	}
+	return &tunnelUser, nil
+}
+
+func (u *User) CreateTunnelUser(ctx context.Context, email string) (*TunnelUser, error) {
+	email = utils.SanitizeString(email)
+
+	existingTunnelUser, err := u.findTunnelUserByEmail(ctx, email)
+	if err != nil && !errors.Is(err, ErrTunnelUserNotFound) {
+		return nil, err
+	}
+
+	if existingTunnelUser != nil {
+		return nil, ErrDuplicateTunnelUser
+	}
+
+	if err := utils.ValidateEmail(email); err != nil {
+		return nil, fmt.Errorf("enter a valid email address")
+	}
+
+	var tunnelUser TunnelUser
+
+	tunnelUser.Email = email
+	tunnelUser.RotateSecretKey()
+	tunnelUser.MarkAsNew()
+
+	if err := u.Store.Insert(badgerhold.NextSequence(), &tunnelUser); err != nil {
+		if errors.Is(err, badgerhold.ErrUniqueExists) {
+			return nil, ErrDuplicateTunnelUser
+		}
+		return nil, err
+	}
+
+	return &tunnelUser, nil
+}
+
+func (u *User) GetTunnelUserBySecret(ctx context.Context, secretKey string) (*TunnelUser, error) {
+	secretKey = utils.SanitizeString(secretKey)
+
+	var tunnelUser TunnelUser
+
+	if err := u.Store.FindOne(&tunnelUser, badgerhold.Where("SecretKey").Eq(secretKey)); err != nil {
+		if errors.Is(err, badgerhold.ErrNotFound) {
+			return nil, ErrTunnelUserNotFound
+		}
+		return nil, err
+	}
+	return &tunnelUser, nil
+}
+
+func (u *User) ListTunnelUsers(ctx context.Context) ([]TunnelUser, error) {
+	var tunnelUsers []TunnelUser
+
+	if err := u.Store.Find(&tunnelUsers, nil); err != nil {
+		return nil, err
+	}
+	if tunnelUsers == nil {
+		return []TunnelUser{}, nil
+	}
+	return tunnelUsers, nil
+}
+
+func (u *User) RotateTunnelUserSecretKey(ctx context.Context, email string) (*TunnelUser, error) {
+	tunnelUser, err := u.findTunnelUserByEmail(ctx, email)
+
+	if err != nil {
+		return nil, err
+	}
+
+	tunnelUser.RotateSecretKey()
+
+	u.Store.UpdateMatching(&TunnelUser{}, badgerhold.Where("Email").Eq(email), func(record interface{}) error {
+		update, ok := record.(*TunnelUser)
+		if !ok {
+			return fmt.Errorf("error while updating superuser")
+		}
+		update.SecretKey = tunnelUser.SecretKey
+		return nil
+	})
+
+	return tunnelUser, nil
+}

internal/server/admin/users_test.go

@@ -139,3 +139,78 @@ func TestLogoutAdminUser(t *testing.T) {
 	assert.Error(t, err)
 	assert.Equal(t, ErrInvalidUserSession, err)
 }
+
+func TestCreateTunnelUser(t *testing.T) {
+	defer func() {
+		store.Badger().DropAll()
+	}()
+
+	ctx := context.Background()
+	user := NewUserService(store)
+
+	tu, err := user.CreateTunnelUser(ctx, "test@beaver.com")
+	assert.NoError(t, err)
+	assert.Equal(t, "test@beaver.com", tu.Email)
+	assert.NotEqual(t, "", tu.SecretKey)
+}
+
+func TestGetTunnelUserBySecretKey(t *testing.T) {
+	defer func() {
+		store.Badger().DropAll()
+	}()
+
+	ctx := context.Background()
+	user := NewUserService(store)
+
+	tu, _ := user.CreateTunnelUser(ctx, "test@beaver.com")
+
+	ntu, err := user.GetTunnelUserBySecret(ctx, tu.SecretKey)
+	assert.NoError(t, err)
+	assert.Equal(t, tu.Email, ntu.Email)
+}
+
+func TestRotateTunnelUserSecretKey(t *testing.T) {
+	defer func() {
+		store.Badger().DropAll()
+	}()
+
+	ctx := context.Background()
+	user := NewUserService(store)
+
+	tu, _ := user.CreateTunnelUser(ctx, "test@beaver.com")
+
+	_, err := user.RotateTunnelUserSecretKey(ctx, tu.Email)
+	assert.NoError(t, err)
+
+	ntu, _ := user.findTunnelUserByEmail(ctx, "test@beaver.com")
+	assert.NotEqual(t, tu.SecretKey, ntu.SecretKey)
+
+	nontu, err := user.RotateTunnelUserSecretKey(ctx, "test2@beaver.com")
+	assert.Error(t, err)
+	assert.Equal(t, ErrTunnelUserNotFound, err)
+	assert.Nil(t, nontu)
+}
+
+func TestListTunnelUsers(t *testing.T) {
+	defer func() {
+		store.Badger().DropAll()
+	}()
+
+	ctx := context.Background()
+	user := NewUserService(store)
+
+	tunnelUsers, err := user.ListTunnelUsers(ctx)
+	assert.NoError(t, err)
+	assert.Equal(t, 0, len(tunnelUsers))
+
+	_, _ = user.CreateTunnelUser(ctx, "test@beaver.com")
+	_, _ = user.CreateTunnelUser(ctx, "test2@beaver.com")
+	_, _ = user.CreateTunnelUser(ctx, "test3@beaver.com")
+
+	tunnelUsers, err = user.ListTunnelUsers(ctx)
+	assert.NoError(t, err)
+	assert.Equal(t, 3, len(tunnelUsers))
+	assert.Equal(t, "test@beaver.com", tunnelUsers[0].Email)
+	assert.Equal(t, "test2@beaver.com", tunnelUsers[1].Email)
+	assert.Equal(t, "test3@beaver.com", tunnelUsers[2].Email)
+}