diff --git a/backend/api/customers.go b/backend/api/customers.go index b3477e0..dd952cd 100644 --- a/backend/api/customers.go +++ b/backend/api/customers.go @@ -12,15 +12,23 @@ import ( "github.com/cynfo/rmm-backend/db" ) -// generateCustomerAPIKey erstellt automatisch einen Read-only Key fuer einen Kunden -func generateCustomerAPIKey(database *db.Database, customerID int, number, name string) (*db.APIKey, error) { +// generateCustomerKey erstellt automatisch einen API-Key fuer einen Kunden +func generateCustomerKey(database *db.Database, customerID int, number, name, perm string) (*db.APIKey, error) { b := make([]byte, 16) if _, err := rand.Read(b); err != nil { return nil, err } key := hex.EncodeToString(b) - keyName := fmt.Sprintf("Read-only — %s %s", number, name) - return database.CreateAPIKey(keyName, key, "read", &customerID) + var label string + switch perm { + case "agent": + label = fmt.Sprintf("Agent — %s %s", number, name) + case "read": + label = fmt.Sprintf("Read-only — %s %s", number, name) + default: + label = fmt.Sprintf("%s — %s %s", perm, number, name) + } + return database.CreateAPIKey(label, key, perm, &customerID) } // GET /api/v1/customers @@ -49,19 +57,24 @@ func (h *Handler) createCustomer(w http.ResponseWriter, r *http.Request) { return } - // Automatisch einen Read-only API-Key fuer den neuen Kunden erstellen - apiKey, keyErr := generateCustomerAPIKey(h.db, c.ID, req.Number, req.Name) - if keyErr != nil { - log.Printf("Auto-API-Key fuer Kunde %s fehlgeschlagen: %v", req.Number, keyErr) + // Automatisch zwei API-Keys erstellen: + // - agent: fuer die Agents (OPNsense, Linux) auf Kundensystemen + // - read: fuer externe Lesezugriffe / Dashboards + agentKey, err1 := generateCustomerKey(h.db, c.ID, req.Number, req.Name, "agent") + readKey, err2 := generateCustomerKey(h.db, c.ID, req.Number, req.Name, "read") + if err1 != nil { + log.Printf("Auto-Agent-Key fuer Kunde %s fehlgeschlagen: %v", req.Number, err1) + } + if err2 != nil { + log.Printf("Auto-Read-Key fuer Kunde %s fehlgeschlagen: %v", req.Number, err2) } h.auditLog(r, "customer.create", "customer", req.Number, req.Name, "") resp := map[string]interface{}{ - "customer": c, - } - if apiKey != nil { - resp["api_key"] = apiKey + "customer": c, + "agent_key": agentKey, + "read_key": readKey, } writeJSON(w, http.StatusCreated, resp) }