Network controller CRUD... :P

4 files changed, 125 insertions, 9 deletions

diff --git a/service/ControlPlane.cpp b/service/ControlPlane.cpp
index 1b5113d0..b075e706 100644
--- a/service/ControlPlane.cpp
+++ b/service/ControlPlane.cpp
@@ -241,9 +241,10 @@ static void _jsonAppend(unsigned int depth,std::string &buf,const ZT1_Peer *peer
 	buf.append(json);
 }
 
-ControlPlane::ControlPlane(OneService *svc,Node *n) :
+ControlPlane::ControlPlane(OneService *svc,Node *n,SqliteNetworkController *nc) :
 	_svc(svc),
-	_node(n)
+	_node(n),
+	_controller(nc)
 {
 }
 
@@ -264,6 +265,7 @@ unsigned int ControlPlane::handleRequest(
 	unsigned int scode = 404;
 	std::vector<std::string> ps(Utils::split(path.c_str(),"/","",""));
 	std::map<std::string,std::string> urlArgs;
+	Mutex::Lock _l(_lock);
 
 	if (!((fromAddress.ipsEqual(InetAddress::LO4))||(fromAddress.ipsEqual(InetAddress::LO6))))
 		return 403; // Forbidden: we only allow access from localhost right now
@@ -291,7 +293,6 @@ unsigned int ControlPlane::handleRequest(
 
 	bool isAuth = false;
 	{
-		Mutex::Lock _l(_authTokens_m);
 		std::map<std::string,std::string>::const_iterator ah(headers.find("x-zt1-auth"));
 		if ((ah != headers.end())&&(_authTokens.count(ah->second) > 0)) {
 			isAuth = true;
@@ -429,12 +430,19 @@ unsigned int ControlPlane::handleRequest(
 					} // else 404
 					_node->freeQueryResult((void *)pl);
 				} else scode = 500;
-			} // else 404
+			} else {
+				std::map<std::string,ControlPlaneSubsystem *>::const_iterator ss(_subsystems.find(ps[0]));
+				if (ss != _subsystems.end())
+					scode = ss->second->handleControlPlaneHttpGET(std::vector<std::string>(ps.begin()+1,ps.end()),urlArgs,headers,body,responseBody,responseContentType);
+				else scode = 404;
+			}
+
 		} else scode = 401; // isAuth == false
 
 	} else if ((httpMethod == HTTP_POST)||(httpMethod == HTTP_PUT)) {
 
 		if (isAuth) {
+
 			if (ps[0] == "config") {
 				// TODO
 			} else if (ps[0] == "network") {
@@ -455,12 +463,19 @@ unsigned int ControlPlane::handleRequest(
 						_node->freeQueryResult((void *)nws);
 					} else scode = 500;
 				}
-			} // else 404
+			} else {
+				std::map<std::string,ControlPlaneSubsystem *>::const_iterator ss(_subsystems.find(ps[0]));
+				if (ss != _subsystems.end())
+					scode = ss->second->handleControlPlaneHttpPOST(std::vector<std::string>(ps.begin()+1,ps.end()),urlArgs,headers,body,responseBody,responseContentType);
+				else scode = 404;
+			}
+
 		} else scode = 401; // isAuth == false
 
 	} else if (httpMethod == HTTP_DELETE) {
 
 		if (isAuth) {
+
 			if (ps[0] == "config") {
 				// TODO
 			} else if (ps[0] == "network") {
@@ -480,7 +495,12 @@ unsigned int ControlPlane::handleRequest(
 					} // else 404
 					_node->freeQueryResult((void *)nws);
 				} else scode = 500;
-			} // else 404
+			} else {
+				std::map<std::string,ControlPlaneSubsystem *>::const_iterator ss(_subsystems.find(ps[0]));
+				if (ss != _subsystems.end())
+					scode = ss->second->handleControlPlaneHttpDELETE(std::vector<std::string>(ps.begin()+1,ps.end()),urlArgs,headers,body,responseBody,responseContentType);
+				else scode = 404;
+			}
 
 		} else {
 			scode = 401; // isAuth = false
@@ -492,7 +512,7 @@ unsigned int ControlPlane::handleRequest(
 	}
 
 	// Wrap result in jsonp function call if the user included a jsonp= url argument.
-	// Also double-check isAuth since it feels like the right thing to do.
+	// Also double-check isAuth since forbidding this without auth feels safer.
 	std::map<std::string,std::string>::const_iterator jsonp(urlArgs.find("jsonp"));
 	if ((isAuth)&&(jsonp != urlArgs.end())&&(responseContentType == "application/json")) {
 		if (responseBody.length() > 0)
diff --git a/service/ControlPlane.hpp b/service/ControlPlane.hpp
index b6f1ca7d..7e0d7dc3 100644
--- a/service/ControlPlane.hpp
+++ b/service/ControlPlane.hpp
@@ -56,11 +56,28 @@ public:
 	 */
 	inline void addAuthToken(const char *tok)
 	{
-		Mutex::Lock _l(_authTokens_m);
+		Mutex::Lock _l(_lock);
 		_authTokens.insert(std::string(tok));
 	}
 
 	/**
+	 * Mount a subsystem under a prefix
+	 *
+	 * Note that the prefix must not contain a dot -- this is reserved for
+	 * static pages -- and must not be a reserved prefix such as /peer
+	 * or /network. Do not include path / characters in the prefix. Example
+	 * would be 'controller' for SqliteNetworkController.
+	 *
+	 * @param prefix First element in URI path
+	 * @param subsys Object to call for results of GET and POST/PUT operations
+	 */
+	inline void mount(const char *prefix,ControlPlaneSubsystem *subsys)
+	{
+		Mutex::Lock _l(_lock);
+		_subsystems[std::string(prefix)] = subsys;
+	}
+
+	/**
 	 * Handle HTTP request
 	 *
 	 * @param fromAddress Originating IP address of request
@@ -85,7 +102,8 @@ private:
 	OneService *const _svc;
 	Node *const _node;
 	std::set<std::string> _authTokens;
-	Mutex _authTokens_m;
+	std::map<std::string,ControlPlaneSubsystem *> _subsystems;
+	Mutex _lock;
 };
 
 } // namespace ZeroTier
diff --git a/service/ControlPlaneSubsystem.hpp b/service/ControlPlaneSubsystem.hpp
new file mode 100644
index 00000000..9de875ca
--- /dev/null
+++ b/service/ControlPlaneSubsystem.hpp
@@ -0,0 +1,76 @@
+/*
+ * ZeroTier One - Network Virtualization Everywhere
+ * Copyright (C) 2011-2015  ZeroTier, Inc.
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ *
+ * --
+ *
+ * ZeroTier may be used and distributed under the terms of the GPLv3, which
+ * are available at: http://www.gnu.org/licenses/gpl-3.0.html
+ *
+ * If you would like to embed ZeroTier into a commercial application or
+ * redistribute it in a modified binary form, please contact ZeroTier Networks
+ * LLC. Start here: http://www.zerotier.com/
+ */
+
+#ifndef ZT_CONTROLPLANESUBSYSTEM_HPP
+#define ZT_CONTROLPLANESUBSYSTEM_HPP
+
+#include <map>
+#include <vector>
+#include <string>
+
+namespace ZeroTier {
+
+/**
+ * Base class for subsystems that can be mounted under the HTTP control plane
+ *
+ * Handlers should fill in responseBody and responseContentType and return
+ * a HTTP status code or 0 on other errors.
+ */
+class ControlPlaneSubsystem
+{
+public:
+	ControlPlaneSubsystem() {}
+	virtual ~ControlPlaneSubsystem() {}
+
+	virtual unsigned int handleControlPlaneHttpGET(
+		const std::vector<std::string> &path,
+		const std::map<std::string,std::string> &urlArgs,
+		const std::map<std::string,std::string> &headers,
+		const std::string &body,
+		std::string &responseBody,
+		std::string &responseContentType) = 0;
+
+	virtual unsigned int handleControlPlaneHttpPOST(
+		const std::vector<std::string> &path,
+		const std::map<std::string,std::string> &urlArgs,
+		const std::map<std::string,std::string> &headers,
+		const std::string &body,
+		std::string &responseBody,
+		std::string &responseContentType) = 0;
+
+	virtual unsigned int handleControlPlaneHttpDELETE(
+		const std::vector<std::string> &path,
+		const std::map<std::string,std::string> &urlArgs,
+		const std::map<std::string,std::string> &headers,
+		const std::string &body,
+		std::string &responseBody,
+		std::string &responseContentType) = 0;
+};
+
+} // namespace ZeroTier
+
+#endif
diff --git a/service/OneService.cpp b/service/OneService.cpp
index 5b0199ac..551dc486 100644
--- a/service/OneService.cpp
+++ b/service/OneService.cpp
@@ -213,6 +213,8 @@ public:
 
 			_controlPlane = new ControlPlane(this,_node);
 			_controlPlane->addAuthToken(authToken.c_str());
+			if (_master)
+				_controlPlane->mount("controller",_master);
 
 			{	// Remember networks from previous session
 				std::vector<std::string> networksDotD(OSUtils::listDirectory((_homePath + ZT_PATH_SEPARATOR_S + "networks.d").c_str()));