support multiple network: stage 1 (#30)

Author: timzaak

backend/src/main/resources/db/migration/V3__support_multiple_network.sql

@@ -0,0 +1,24 @@
+alter table network
+    add column token text not null default 'network_token';
+comment on column network.token is 'special token to protect from brute force';
+
+alter table node
+    add column device_id integer not null default 0;
+
+create index if not exists node_device_id_index on node (device_id);
+
+drop index node_public_key_index;
+
+alter table node
+    drop column public_key;
+
+create table device
+(
+    id              serial primary key,
+    token           text        not null,
+    public_key      text        not null,
+    mqtt_last_leave timestamptz, -- would use in future version.
+    created_at      timestamptz not null default now()
+);
+
+create  unique index if not exists  device_public_key_index on device(public_key);

backend/src/main/scala/com/timzaak/fornet/controller/AuthController.scala

@@ -9,11 +9,11 @@ import com.typesafe.config.Config
 import org.hashids.Hashids
 import org.scalatra.BadRequest.apply
 import org.scalatra.json.JsonResult.apply
-import org.scalatra.{ BadRequest, Ok }
+import org.scalatra.{BadRequest, Ok}
 import very.util.config.get
+import very.util.security.ID.toIntID
 import very.util.web.Controller
-import very.util.security.IntID.toIntID
-import zio.json.{ DeriveJsonDecoder, JsonDecoder }
+import zio.json.{DeriveJsonDecoder, JsonDecoder}
 
 import java.net.URLEncoder
 import java.nio.charset.Charset
@@ -49,12 +49,10 @@ trait AuthController(networkDao: NetworkDao, appConfig: AppConfig)(using config:
       networkDao
         .findById(networkId)
         .filter(n => n.status == NetworkStatus.Normal && n.groupId == groupId)
-        .map { _ =>
-          val nId =
-            URLEncoder.encode(networkId.secretId, Charsets.UTF_8)
+        .map { network =>
           String(
             Base64.getEncoder.encode(
-              s"2|${config.getString("server.grpc.endpoint")}|${nId}"
+              s"2|${config.getString("server.grpc.endpoint")}|${network.tokenId.secretId}"
                 .getBytes()
             )
           )

backend/src/main/scala/com/timzaak/fornet/controller/NetworkController.scala

@@ -7,18 +7,18 @@ import com.timzaak.fornet.dao.*
 import com.timzaak.fornet.pubsub.NodeChangeNotifyService
 import com.typesafe.config.Config
 import org.hashids.Hashids
-import very.util.security.IntID
+import very.util.security.{IntID, TokenID}
 
 import java.util.Base64
 import com.timzaak.fornet.dao.NetworkStatus
 import io.getquill.*
 import org.scalatra.*
 import org.scalatra.i18n.I18nSupport
 import org.scalatra.json.*
-import very.util.security.IntID.toIntID
+import very.util.security.ID.toIntID
 import very.util.web.Controller
 import very.util.web.validate.ValidationExtra
-import zio.json.{ DeriveJsonDecoder, JsonDecoder }
+import zio.json.{DeriveJsonDecoder, JsonDecoder}
 
 import java.time.OffsetDateTime
 
@@ -81,6 +81,7 @@ trait NetworkController(
                 _.addressRange -> lift(req.addressRange),
                 _.setting -> lift(NetworkSetting(protocol = req.protocol)),
                 _.groupId -> lift(groupId),
+                _.token -> lift(TokenID.randomToken()),
               )
               .returning(_.id)
           }
@@ -101,10 +102,10 @@ trait NetworkController(
     networkDao
       .findById(networkId)
       .filter(n => n.status == NetworkStatus.Normal && n.groupId == groupId)
-      .map { _ =>
+      .map { network =>
         String(
           Base64.getEncoder.encode(
-            s"1|${config.getString("server.grpc.endpoint")}|${networkId.secretId}"
+            s"1|${config.getString("server.grpc.endpoint")}|${network.tokenId.secretId}"
               .getBytes()
           )
         )

backend/src/main/scala/com/timzaak/fornet/controller/NodeController.scala

@@ -12,10 +12,10 @@ import inet.ipaddr.ipv4.IPv4Address
 import io.getquill.*
 import org.hashids.Hashids
 import org.scalatra.Accepted
+import very.util.security.ID.toIntID
+import very.util.security.IntID
 import very.util.web.Controller
 import very.util.web.json.JsonResponse
-import very.util.security.IntID
-import very.util.security.IntID.toIntID
 import zio.json.*
 import zio.prelude.Validation
 
@@ -48,12 +48,13 @@ given JsonDecoder[UpdateNodeStatusReq] = DeriveJsonDecoder.gen
 trait NodeController(
   nodeDao: NodeDao,
   networkDao: NetworkDao,
+  deviceDao: DeviceDao,
   nodeChangeNotifyService: NodeChangeNotifyService,
   appConfig: AppConfig,
 )(using quill: DB, hashId: Hashids, config: Config)
   extends Controller
   with AppAuthSupport {
-  import quill.{ *, given }
+  import quill.{*, given}
 
   private def _networkId: IntID = params("networkId").toIntID
   private def _nodeId: IntID = params("nodeId").toIntID
@@ -144,6 +145,7 @@ trait NodeController(
         if (network.status == NetworkStatus.Normal) {
           nodeChangeNotifyService.nodeStatusChangeNotify(
             oldNode,
+            deviceDao.findById(oldNode.deviceId).get,
             oldNode.status,
             req.status
           )

backend/src/main/scala/com/timzaak/fornet/dao/Device.scala

@@ -0,0 +1,34 @@
+package com.timzaak.fornet.dao
+
+import org.hashids.Hashids
+import very.util.security.{IntID, TokenID}
+
+import java.time.OffsetDateTime
+
+case class Device(id: IntID, token: String, publicKey: String, createdAt: OffsetDateTime) {
+  def tokenID: TokenID = TokenID(id, token)
+}
+
+import io.getquill.*
+class DeviceDao(using quill: DB, hashids: Hashids) {
+  import quill.{*, given}
+
+  def findByTokenID(tokenId: TokenID): Option[Device] = {
+    quill
+      .run(quote(query[Device]).filter(v => v.id == lift(tokenId.intId) && v.token == lift(tokenId.token)).single)
+      .headOption
+  }
+  def findById(id:IntID): Option[Device] = {
+    quill
+      .run(quote(query[Device]).filter(v => v.id == lift(id)).single)
+      .headOption
+  }
+  
+  def getAllDevices(ids:List[IntID]):Map[Int, Device]= {
+    if(ids.isEmpty) {
+      Map.empty
+    } else {
+      quill.run(quote(query[Device])).filter(v => liftQuery(ids).contains(v.id)).map(v => v.id.id -> v).toMap
+    }
+  }
+}

backend/src/main/scala/com/timzaak/fornet/dao/Network.scala

@@ -5,11 +5,11 @@ package com.timzaak.fornet.dao
 import com.timzaak.fornet.dao.NetworkProtocol.TCP
 import org.hashids.Hashids
 import very.util.persistence.quill.DBSerializer
-import very.util.security.IntID
+import very.util.security.{IntID, TokenID}
 import zio.json.*
 
 import java.time.OffsetDateTime
-import scala.util.{ Failure, Success, Try }
+import scala.util.{Failure, Success, Try}
 
 enum NetworkStatus {
   case Normal, Delete
@@ -29,7 +29,7 @@ enum NetworkProtocol {
   case TCP, UDP
 
   import com.timzaak.fornet.protobuf.config.Protocol as PProtocol
-  def gRPCProtocol:PProtocol = {
+  def gRPCProtocol: PProtocol = {
     this match {
       case TCP => PProtocol.Protocol_TCP
       case UDP => PProtocol.Protocol_UDP
@@ -59,37 +59,39 @@ object NetworkProtocol {
 case class Network(
   id: IntID,
   name: String,
+  token: String,
   groupId: String,
   addressRange: String,
   setting: NetworkSetting,
   status: NetworkStatus,
   createdAt: OffsetDateTime,
   updatedAt: OffsetDateTime,
-)
+) {
+  def tokenId:TokenID = TokenID(id, token)
+}
 //object Network {
 //  given networkUpdateMeta:UpdateMeta[Network] = updateMeta[Network](_.id)
 //}
 case class NetworkSetting(
   port: Int = 51820,
   keepAlive: Int = 30,
   mtu: Int = 1420,
-  protocol:NetworkProtocol = NetworkProtocol.UDP,
+  protocol: NetworkProtocol = NetworkProtocol.UDP,
   dns: Option[Seq[String]] = None,
 ) extends DBSerializer
 
 object Network {
-  import very.util.web.json.{ intIDDecoder, intIDEncoder }
+  import very.util.web.json.{intIDDecoder, intIDEncoder}
   given networkDerive(using hashId: Hashids): JsonCodec[Network] = DeriveJsonCodec.gen
 }
 object NetworkSetting {
   given JsonCodec[NetworkSetting] = DeriveJsonCodec.gen
 }
 
-
 import io.getquill.*
 import org.hashids.Hashids
 
-class NetworkDao(using quill: DB, hashIds:Hashids) {
+class NetworkDao(using quill: DB, hashIds: Hashids) {
   import quill.{*, given}
 
   def findById(id: IntID): Option[Network] = {
@@ -105,6 +107,8 @@ class NetworkDao(using quill: DB, hashIds:Hashids) {
 
   def existGroupNetwork(networkId: IntID, groupId: String): Boolean = {
     quill.run(quote(query[Network]).filter(n => n.id == lift(networkId) && n.groupId == lift(groupId)).nonEmpty)
-
   }
+
+  def findByTokenId(tokenId:TokenID): Option[Network] = 
+    quill.run(quote(query[Network]).filter(n => n.id == lift(tokenId.intId) && n.name == lift(tokenId.token)).single).headOption
 }

backend/src/main/scala/com/timzaak/fornet/dao/Node.scala

@@ -3,11 +3,11 @@ package com.timzaak.fornet.dao
 import io.getquill.MappedEncoding
 import org.hashids.Hashids
 import very.util.persistence.quill.DBSerializer
-import very.util.security.IntID
+import very.util.security.{IntID, TokenID}
 import zio.json.*
 
 import java.time.OffsetDateTime
-import scala.util.{ Failure, Success, Try }
+import scala.util.{Failure, Success, Try}
 
 enum NodeType {
   // Normal: Fornet Client
@@ -70,8 +70,9 @@ case class Node(
   id: IntID,
   name: String,
   networkId: IntID,
+  deviceId: IntID,
   ip: String,
-  publicKey: String,
+  publicKey: String, // TODO: rm it
   setting: NodeSetting,
   nodeType: NodeType,
   status: NodeStatus,
@@ -135,16 +136,7 @@ import io.getquill.*
 class NodeDao(using quill: DB, hashids: Hashids) {
 
   import quill.{ *, given }
-
-  def findIdByPublicKey(publicKey: String, networkId: IntID): Option[IntID] =
-    quill.run {
-      quote {
-        query[Node]
-          .filter(n => n.publicKey == lift(publicKey) && n.networkId == lift(networkId))
-          .map(_.id)
-          .single
-      }
-    }.headOption
+  
 
   def findById(networkId: IntID, nodeId: IntID): Option[Node] = quill.run {
     quote {
@@ -154,13 +146,6 @@ class NodeDao(using quill: DB, hashids: Hashids) {
     }
   }.headOption
 
-  def findByPublicKey(publicKey: String): List[Node] = quill.run {
-    quote {
-      query[Node]
-        .filter(_.publicKey == lift(publicKey))
-    }
-  }
-
   def getUsedIps(networkId: IntID): Seq[String] = quill.run {
     quote {
       query[Node]
@@ -204,4 +189,13 @@ class NodeDao(using quill: DB, hashids: Hashids) {
   def countByNetwork(networkId: IntID): Long = quill.run {
     query[Node].filter(n => n.networkId == lift(networkId) && n.status == lift(NodeStatus.Normal)).size
   }
+
+  def findByDeviceWithNetwork(networkId:IntID, deviceTokenId:TokenID):List[Node] = quill.run {
+    query[Node].filter(n => n.deviceId == lift(deviceTokenId.intId) && n.networkId == lift(networkId))
+  }
+
+  def findByDeviceId(deviceTokenId: TokenID): List[Node] = quill.run {
+    query[Node].filter(n => n.deviceId == lift(deviceTokenId.intId))
+  }
+
 }

backend/src/main/scala/com/timzaak/fornet/di/DI.scala

@@ -1,15 +1,15 @@
 package com.timzaak.fornet.di
 
-import com.timzaak.fornet.config.{ AppConfig, AppConfigImpl }
+import com.timzaak.fornet.config.{AppConfig, AppConfigImpl}
 import com.timzaak.fornet.controller.*
 import com.timzaak.fornet.grpc.AuthGRPCController
-import com.timzaak.fornet.keycloak.{ KeycloakJWTSaaSAuthStrategy, KeycloakJWTSaaSCompatAuthStrategy }
+import com.timzaak.fornet.keycloak.{KeycloakJWTSaaSAuthStrategy, KeycloakJWTSaaSCompatAuthStrategy}
 import com.timzaak.fornet.mqtt.MqttCallbackController
 import com.timzaak.fornet.mqtt.api.RMqttApiClient
-import com.timzaak.fornet.pubsub.{ MqttConnectionManager, NodeChangeNotifyService }
+import com.timzaak.fornet.pubsub.{MqttConnectionManager, NodeChangeNotifyService}
 import com.timzaak.fornet.service.*
-import very.util.keycloak.{ JWKPublicKeyLocator, JWKTokenVerifier }
-import very.util.web.auth.{ AuthStrategy, AuthStrategyProvider, SingleUserAuthStrategy }
+import very.util.keycloak.{JWKPublicKeyLocator, JWKTokenVerifier}
+import very.util.web.auth.{AuthStrategy, AuthStrategyProvider, SingleUserAuthStrategy}
 object DI extends DaoDI { di =>
 
   object appConfig extends AppConfigImpl(config)
@@ -30,6 +30,7 @@ object DI extends DaoDI { di =>
     extends NodeChangeNotifyService(
       nodeDao = di.nodeDao,
       networkDao = di.networkDao,
+      deviceDao = di.deviceDao,
       connectionManager = di.connectionManager,
       nodeService = di.nodeService,
     )
@@ -84,6 +85,7 @@ object DI extends DaoDI { di =>
     extends NodeController(
       nodeDao = di.nodeDao,
       networkDao = di.networkDao,
+      deviceDao = di.deviceDao,
       nodeChangeNotifyService = di.nodeChangeNotifyService,
       appConfig = di.appConfig,
     )
@@ -100,6 +102,7 @@ object DI extends DaoDI { di =>
     extends AuthGRPCController(
       nodeDao = di.nodeDao,
       networkDao = di.networkDao,
+      deviceDao = di.deviceDao,
       nodeChangeNotifyService = di.nodeChangeNotifyService,
       config = di.config,
       appConfig = di.appConfig,
@@ -112,6 +115,7 @@ object DI extends DaoDI { di =>
     extends MqttCallbackController(
       nodeDao = di.nodeDao,
       networkDao = di.networkDao,
+      deviceDao = di.deviceDao,
       nodeService = di.nodeService,
       mqttConnectionManager = di.connectionManager
     )

backend/src/main/scala/com/timzaak/fornet/di/DaoDI.scala

@@ -1,6 +1,6 @@
 package com.timzaak.fornet.di
 
-import com.timzaak.fornet.dao.{DB, NetworkDao, NodeDao}
+import com.timzaak.fornet.dao.{DB, DeviceDao, NetworkDao, NodeDao}
 import com.typesafe.config.{Config, ConfigFactory}
 import org.hashids.Hashids
 
@@ -23,4 +23,6 @@ trait DaoDI {
   object networkDao extends NetworkDao
 
   object nodeDao extends NodeDao
+  
+  object deviceDao extends DeviceDao
 }