fix: Agent-Key braucht 'agent' Permission, nicht 'read'

- Auto-Erstellung bei neuem Kunden: jetzt agent-Key + read-Key
- agent: fuer OPNsense/Linux Agents (WS + Heartbeat)
- read:  fuer externe Lesezugriffe / Dashboards
- Agent-Keys fuer alle 4 Kunden nachtraglich erstellt
This commit is contained in:
cynfo3000 2026-03-10 00:03:19 +01:00
parent 15ad9be8e7
commit fba824da8b

View File

@ -12,15 +12,23 @@ import (
"github.com/cynfo/rmm-backend/db" "github.com/cynfo/rmm-backend/db"
) )
// generateCustomerAPIKey erstellt automatisch einen Read-only Key fuer einen Kunden // generateCustomerKey erstellt automatisch einen API-Key fuer einen Kunden
func generateCustomerAPIKey(database *db.Database, customerID int, number, name string) (*db.APIKey, error) { func generateCustomerKey(database *db.Database, customerID int, number, name, perm string) (*db.APIKey, error) {
b := make([]byte, 16) b := make([]byte, 16)
if _, err := rand.Read(b); err != nil { if _, err := rand.Read(b); err != nil {
return nil, err return nil, err
} }
key := hex.EncodeToString(b) key := hex.EncodeToString(b)
keyName := fmt.Sprintf("Read-only — %s %s", number, name) var label string
return database.CreateAPIKey(keyName, key, "read", &customerID) switch perm {
case "agent":
label = fmt.Sprintf("Agent — %s %s", number, name)
case "read":
label = fmt.Sprintf("Read-only — %s %s", number, name)
default:
label = fmt.Sprintf("%s — %s %s", perm, number, name)
}
return database.CreateAPIKey(label, key, perm, &customerID)
} }
// GET /api/v1/customers // GET /api/v1/customers
@ -49,19 +57,24 @@ func (h *Handler) createCustomer(w http.ResponseWriter, r *http.Request) {
return return
} }
// Automatisch einen Read-only API-Key fuer den neuen Kunden erstellen // Automatisch zwei API-Keys erstellen:
apiKey, keyErr := generateCustomerAPIKey(h.db, c.ID, req.Number, req.Name) // - agent: fuer die Agents (OPNsense, Linux) auf Kundensystemen
if keyErr != nil { // - read: fuer externe Lesezugriffe / Dashboards
log.Printf("Auto-API-Key fuer Kunde %s fehlgeschlagen: %v", req.Number, keyErr) agentKey, err1 := generateCustomerKey(h.db, c.ID, req.Number, req.Name, "agent")
readKey, err2 := generateCustomerKey(h.db, c.ID, req.Number, req.Name, "read")
if err1 != nil {
log.Printf("Auto-Agent-Key fuer Kunde %s fehlgeschlagen: %v", req.Number, err1)
}
if err2 != nil {
log.Printf("Auto-Read-Key fuer Kunde %s fehlgeschlagen: %v", req.Number, err2)
} }
h.auditLog(r, "customer.create", "customer", req.Number, req.Name, "") h.auditLog(r, "customer.create", "customer", req.Number, req.Name, "")
resp := map[string]interface{}{ resp := map[string]interface{}{
"customer": c, "customer": c,
} "agent_key": agentKey,
if apiKey != nil { "read_key": readKey,
resp["api_key"] = apiKey
} }
writeJSON(w, http.StatusCreated, resp) writeJSON(w, http.StatusCreated, resp)
} }