add edit gateway page (#2108)

* copy edge edit page for gateways

* add tests for gateway API

* fix api call

* adjust edit page layout

* copy modifications to Edge edit page

* formatting

Author: wojcik91

crates/defguard_common/src/db/models/gateway.rs

@@ -1,6 +1,6 @@
 use std::fmt;
 
-use chrono::{NaiveDateTime, Utc};
+use chrono::{NaiveDateTime, Timelike, Utc};
 use model_derive::Model;
 use serde::{Deserialize, Serialize};
 use sqlx::{PgExecutor, query, query_as};
@@ -44,6 +44,14 @@ impl Gateway {
         port: i32,
         modified_by: Id,
     ) -> Self {
+        // FIXME: this is a workaround for reducing timestamp precision.
+        // `chrono` has nanosecond precision by default, while Postgres only does microseconds.
+        // It avoids issues when comparing to objects fetched from DB.
+        let modified_at = Utc::now().naive_utc();
+        let modified_at = modified_at
+            .with_nanosecond((modified_at.nanosecond() / 1_000) * 1_000)
+            .expect("failed to truncate timestamp precision");
+
         Self {
             id: NoId,
             location_id: network_id,
@@ -56,7 +64,7 @@ impl Gateway {
             certificate_expiry: None,
             version: None,
             modified_by,
-            modified_at: Utc::now().naive_utc(),
+            modified_at,
         }
     }
 }

crates/defguard_core/src/handlers/gateway.rs

@@ -1,5 +1,6 @@
 use axum::{
     Json,
+    extract::rejection::JsonRejection,
     extract::{Path, State},
 };
 use chrono::NaiveDateTime;
@@ -13,6 +14,7 @@ use utoipa::ToSchema;
 use crate::{
     appstate::AppState,
     auth::{AdminRole, SessionInfo},
+    error::WebError,
     events::{ApiEvent, ApiEventType, ApiRequestContext},
     handlers::{ApiResponse, ApiResult},
 };
@@ -83,6 +85,7 @@ impl GatewayInfo {
 }
 
 #[derive(Serialize, Deserialize, ToSchema)]
+#[serde(deny_unknown_fields)]
 pub struct GatewayUpdateData {
     pub name: String,
 }
@@ -173,17 +176,26 @@ pub(crate) async fn update_gateway(
     State(appstate): State<AppState>,
     session: SessionInfo,
     context: ApiRequestContext,
-    Json(data): Json<GatewayUpdateData>,
+    payload: Result<Json<GatewayUpdateData>, JsonRejection>,
 ) -> ApiResult {
+    let Json(data) = match payload {
+        Ok(payload) => payload,
+        Err(err) => {
+            let msg = format!("Failed to parse request data: {err}");
+            warn!(msg);
+            return Err(WebError::BadRequest(msg));
+        }
+    };
     debug!(
         "User {} updating gateway {gateway_id}",
         session.user.username
     );
     let gateway = Gateway::find_by_id(&appstate.pool, gateway_id).await?;
 
     let Some(mut gateway) = gateway else {
-        warn!("Gateway {gateway_id} not found");
-        return Ok(ApiResponse::json(Value::Null, StatusCode::NOT_FOUND));
+        let msg = format!("Gateway {gateway_id} not found");
+        warn!(msg);
+        return Err(WebError::ObjectNotFound(msg));
     };
     let before = gateway.clone();
 
@@ -235,8 +247,9 @@ pub(crate) async fn delete_gateway(
     let gateway = Gateway::find_by_id(&appstate.pool, gateway_id).await?;
 
     let Some(gateway) = gateway else {
-        warn!("Gateway {gateway_id} not found");
-        return Ok(ApiResponse::json(Value::Null, StatusCode::NOT_FOUND));
+        let msg = format!("Gateway {gateway_id} not found");
+        warn!(msg);
+        return Err(WebError::ObjectNotFound(msg));
     };
 
     gateway.clone().delete(&appstate.pool).await?;

crates/defguard_core/tests/integration/api/gateway.rs

@@ -0,0 +1,154 @@
+use defguard_common::db::{
+    Id,
+    models::{WireguardNetwork, gateway::Gateway},
+};
+use defguard_core::handlers::Auth;
+use reqwest::StatusCode;
+use serde_json::json;
+use sqlx::postgres::{PgConnectOptions, PgPoolOptions};
+
+use super::common::{make_network, make_test_client, setup_pool};
+
+#[sqlx::test]
+async fn test_gateway_crud(_: PgPoolOptions, options: PgConnectOptions) {
+    let pool = setup_pool(options).await;
+
+    let (mut client, client_state) = make_test_client(pool).await;
+
+    client.login_user("admin", "pass123").await;
+
+    let response = make_network(&client, "network").await;
+    let network: WireguardNetwork<Id> = response.json().await;
+    client.drain_all_events();
+    client.drain_all_events();
+
+    let gateway_1 = Gateway::new(network.id, "gateway1", "127.0.0.1", 50051, 1)
+        .save(&client_state.pool)
+        .await
+        .unwrap();
+    let gateway_2 = Gateway::new(network.id, "gateway2", "1.2.3.1", 55555, 1)
+        .save(&client_state.pool)
+        .await
+        .unwrap();
+
+    let response = client.get("/api/v1/gateway").send().await;
+    assert_eq!(response.status(), StatusCode::OK);
+    let gateways: Vec<Gateway<Id>> = response.json().await;
+    assert_eq!(gateways.len(), 2);
+    let gateway_from_list = &gateways[0];
+    assert_eq!(gateway_from_list, &gateway_1);
+    let gateway_from_list = &gateways[1];
+    assert_eq!(gateway_from_list, &gateway_2);
+
+    let response = client
+        .get(format!("/api/v1/gateway/{}", gateway_1.id))
+        .send()
+        .await;
+    assert_eq!(response.status(), StatusCode::OK);
+    let gateway_details: Gateway<Id> = response.json().await;
+    assert_eq!(gateway_details, gateway_1);
+
+    let response = client
+        .put(format!("/api/v1/gateway/{}", gateway_1.id))
+        .json(&json!({
+            "name": "gateway-updated",
+        }))
+        .send()
+        .await;
+    assert_eq!(response.status(), StatusCode::OK);
+    let updated_gateway: Gateway<Id> = response.json().await;
+    assert_eq!(updated_gateway.name, "gateway-updated");
+    assert_eq!(updated_gateway.address, gateway_1.address);
+    assert_eq!(updated_gateway.port, gateway_1.port);
+
+    let response = client
+        .delete(format!("/api/v1/gateway/{}", gateway_1.id))
+        .send()
+        .await;
+    assert_eq!(response.status(), StatusCode::OK);
+
+    let response = client
+        .get(format!("/api/v1/gateway/{}", gateway_1.id))
+        .send()
+        .await;
+    assert_eq!(response.status(), StatusCode::NOT_FOUND);
+
+    let response = client.get("/api/v1/gateway").send().await;
+    assert_eq!(response.status(), StatusCode::OK);
+    let gateways: Vec<Gateway<Id>> = response.json().await;
+    assert_eq!(gateways.len(), 1);
+}
+
+#[sqlx::test]
+async fn test_gateway_endpoints_require_admin(_: PgPoolOptions, options: PgConnectOptions) {
+    let pool = setup_pool(options).await;
+
+    let (mut client, client_state) = make_test_client(pool).await;
+
+    client.login_user("admin", "pass123").await;
+
+    let response = make_network(&client, "network").await;
+    let network: WireguardNetwork<Id> = response.json().await;
+
+    let gateway = Gateway::new(network.id, "gateway", "127.0.0.1", 50051, 1)
+        .save(&client_state.pool)
+        .await
+        .unwrap();
+
+    let auth = Auth::new("hpotter", "pass123");
+    let response = client.post("/api/v1/auth").json(&auth).send().await;
+    assert_eq!(response.status(), StatusCode::OK);
+
+    let response = client.get("/api/v1/gateway").send().await;
+    assert_eq!(response.status(), StatusCode::FORBIDDEN);
+
+    let response = client
+        .get(format!("/api/v1/gateway/{}", gateway.id))
+        .send()
+        .await;
+    assert_eq!(response.status(), StatusCode::FORBIDDEN);
+
+    let response = client
+        .put(format!("/api/v1/gateway/{}", gateway.id))
+        .json(&json!({
+            "name": "gateway-updated",
+        }))
+        .send()
+        .await;
+    assert_eq!(response.status(), StatusCode::FORBIDDEN);
+
+    let response = client
+        .delete(format!("/api/v1/gateway/{}", gateway.id))
+        .send()
+        .await;
+    assert_eq!(response.status(), StatusCode::FORBIDDEN);
+}
+
+#[sqlx::test]
+async fn test_gateway_update_rejects_unknown_fields(_: PgPoolOptions, options: PgConnectOptions) {
+    let pool = setup_pool(options).await;
+
+    let (mut client, client_state) = make_test_client(pool).await;
+
+    client.login_user("admin", "pass123").await;
+
+    let response = make_network(&client, "network").await;
+    let network: WireguardNetwork<Id> = response.json().await;
+
+    let gateway = Gateway::new(network.id, "gateway", "127.0.0.1", 50051, 1)
+        .save(&client_state.pool)
+        .await
+        .unwrap();
+
+    let response = client
+        .put(format!("/api/v1/gateway/{}", gateway.id))
+        .json(&json!({
+            "name": "gateway-updated",
+            "address": "127.0.0.2",
+            "port": 50052,
+            "location_id": 999,
+        }))
+        .send()
+        .await;
+    assert_eq!(response.status(), StatusCode::BAD_REQUEST);
+}

crates/defguard_core/tests/integration/api/mod.rs

@@ -5,6 +5,7 @@ mod common;
 mod enrollment;
 mod enterprise_settings;
 mod forward_auth;
+mod gateway;
 mod group;
 mod location_stats;
 mod oauth;

web/messages/en/gateway.json

@@ -1,5 +1,14 @@
 {
   "$schema": "https://inlang.com/schema/inlang-message-format",
+  "gateway_title": "Gateways",
+  "gateway_edit_title": "Edit gateway",
+  "gateway_edit_general_info": "General information",
+  "gateway_edit_name": "Name",
+  "gateway_edit_address": "IP or Domain",
+  "gateway_edit_port": "gRPC port",
+  "gateway_edit_delete": "Delete",
+  "gateway_edit_success": "Gateway updated",
+  "gateway_edit_failed": "Failed to update gateway",
   "gateway_delete_success": "Gateway deleted",
   "gateway_delete_failed": "Failed to delete gateway"
 }

web/src/pages/EditEdgePage/EditEdgePage.tsx

@@ -99,6 +99,7 @@ const EditEdgeForm = ({ edge }: { edge: Edge }) => {
         ...value,
         id: edge.id,
       });
+      form.reset(value);
     },
   });
 
@@ -141,11 +142,6 @@ const EditEdgeForm = ({ edge }: { edge: Edge }) => {
                 loading: deletePending,
                 disabled: isSubmitting,
               }}
-              cancelProps={{
-                onClick: () => {
-                  window.history.back();
-                },
-              }}
               submitProps={{
                 loading: isSubmitting,
                 disabled: isDefault,