diff --git a/example-docker-compose.yml b/example-docker-compose.yml index 6e9e06a1..4dcb4fbd 100644 --- a/example-docker-compose.yml +++ b/example-docker-compose.yml @@ -7,9 +7,6 @@ services: - .env build: context: . - args: - WEB_USER: ${WEB_USER} - WEB_PWD: ${WEB_PWD} ports: - '4433:4433/tcp' - '7080:7080/tcp' diff --git a/internal/router/bpf.go b/internal/router/bpf.go index 44b3240b..1e20fae5 100644 --- a/internal/router/bpf.go +++ b/internal/router/bpf.go @@ -6,6 +6,7 @@ import ( "encoding/hex" "errors" "fmt" + "log" "math" "net" "strings" @@ -607,13 +608,18 @@ func GetRules() (map[string]FirewallRules, error) { return nil, err } - res := hashToUsername[hex.EncodeToString(deviceStruct.user_id[:])] + res, ok := hashToUsername[hex.EncodeToString(deviceStruct.user_id[:])] + if !ok { + log.Println("[ERROR] Device links to unknown user UI (not found in db): ", hex.EncodeToString(deviceStruct.user_id[:])) + continue + } fwRule := result[res] fwRule.Devices = append(fwRule.Devices, fwDevice{IP: net.IP(ipBytes).String(), Authorized: isAuthed(net.IP(ipBytes).String()), Expiry: deviceStruct.sessionExpiry, LastPacketTimestamp: deviceStruct.lastPacketTime}) if err := xdpObjects.AccountLocked.Lookup(deviceStruct.user_id, &fwRule.AccountLocked); err != nil { - return nil, err + log.Println("[ERROR] User ID was not properly in firewall map: ", hex.EncodeToString(deviceStruct.user_id[:]), " err: ", err) + continue } var innerMapID ebpf.MapID @@ -622,7 +628,8 @@ func GetRules() (map[string]FirewallRules, error) { if err == nil { fwRule.Policies, err = iterateSubmap(innerMapID) if err != nil { - return nil, err + log.Println("[ERROR] User had no policies: ", hex.EncodeToString(deviceStruct.user_id[:]), " err: ", err) + continue } } diff --git a/ui/ui_webserver.go b/ui/ui_webserver.go index 2851c10a..e088e670 100644 --- a/ui/ui_webserver.go +++ b/ui/ui_webserver.go @@ -1117,7 +1117,10 @@ func registrationTokens(w http.ResponseWriter, r *http.Request) { } for _, token := range tokens { - ctrl.DeleteRegistration(token) + err := ctrl.DeleteRegistration(token) + if err != nil { + log.Println("Error deleting registration token: ", token, "err:", err) + } } w.Write([]byte("OK")) @@ -1257,7 +1260,10 @@ func manageUsers(w http.ResponseWriter, r *http.Request) { } for _, user := range usernames { - ctrl.DeleteUser(user) + err := ctrl.DeleteUser(user) + if err != nil { + log.Println("Error deleting user: ", user, "err: ", err) + } } w.Write([]byte("OK")) @@ -1319,9 +1325,15 @@ func devicesMgmt(w http.ResponseWriter, r *http.Request) { for _, address := range action.Addresses { switch action.Action { case "lock": - ctrl.LockDevice(address) + err := ctrl.LockDevice(address) + if err != nil { + log.Println("Error locking device: ", address, " err:", err) + } case "unlock": - ctrl.UnlockDevice(address) + err := ctrl.UnlockDevice(address) + if err != nil { + log.Println("Error unlocking device: ", address, " err:", err) + } default: http.Error(w, "invalid action", 400) return @@ -1340,7 +1352,10 @@ func devicesMgmt(w http.ResponseWriter, r *http.Request) { } for _, address := range addresses { - ctrl.DeleteDevice(address) + err := ctrl.DeleteDevice(address) + if err != nil { + log.Println("Error Deleting device: ", address, "err:", err) + } } w.Write([]byte("OK"))