Elgato_dark/fleet
1
0
Fork 0
mirror of https://github.com/fleetdm/fleet synced 2026-04-27 00:17:21 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 47
fleet/website/api/controllers/android-proxy/create-android-signup-url.js
Eric 274abc6cb0
Website: update android proxy error handling (#40140) 
Related to: https://github.com/fleetdm/fleet/issues/40127

Changes:
- Updated errors logged by Android proxy endpoints to include more
information about the error.
- Added a `deviceNoLongerManaged` exit to the `delete-android-device`
endpoint that is used when the Google API returns a "Device is no longer
being managed" error.
- Added a `policyNotFound` exit to the `modify-android-policies` and
`modify-enterprise-app-policy` endpoints that is used when the Google
API returns a 404 response
- Added a `invalidPolicyName` exit to the `modify-android-device`
endpoint that is used when the Google API returns an error related to
the policy name sent in the request body.
2026-02-19 17:46:41 -06:00

97 lines
4.4 KiB
JavaScript
Vendored
Raw Blame History

module.exports = {
friendlyName: 'Create android signup url',
description: 'Creates and returns a signup URL for an android enterprise.',
inputs: {
callbackUrl: {
type: 'string',
required: true,
}
},
exits: {
success: { description: 'A signup URL has been sent to the requesting Fleet server.'},
missingOriginHeader: { description: 'The request was missing an Origin header', responseType: 'badRequest'},
enterpriseAlreadyExists: { description: 'An Android enterprise already exists for this Fleet instance.', statusCode: 409 },
invalidCallbackUrl: { description: 'The provided callbackUrl could not be used to create an Android enterprise signup URL.', responseType: 'badRequest'}
},
fn: async function ({ callbackUrl }) {
// Parse the Fleet server url from the origin header.
let fleetServerUrl = this.req.get('Origin');
if(!fleetServerUrl){
throw 'missingOriginHeader';
}
// Check the database for an existing record for this Fleet server.
let connectionforThisInstanceExists = await AndroidEnterprise.findOne({fleetServerUrl: fleetServerUrl});
if(connectionforThisInstanceExists) {
// Before throwing conflict, verify the enterprise still exists in Google
// If it doesn't exist, clean up the stale proxy record and continue with signup
let isEnterpriseManagedByFleet = await sails.helpers.androidProxy.getIsEnterpriseManagedByFleet(connectionforThisInstanceExists.androidEnterpriseId);
if(isEnterpriseManagedByFleet) {
// Enterprise still exists in Google - throw conflict
throw 'enterpriseAlreadyExists';
} else {
// Enterprise not found in LIST - clean up stale proxy record
await AndroidEnterprise.destroyOne({ id: connectionforThisInstanceExists.id });
// Continue with signup process (don't throw conflict)
}
}
// Get a signup url for this Android enterprise.
// Note: We're using sails.helpers.flow.build here to handle any errors that occurr using google's node library.
let signupUrl = await sails.helpers.flow.build(async ()=>{
let { google } = require('googleapis');
let androidmanagement = google.androidmanagement('v1');
let googleAuth = new google.auth.GoogleAuth({
scopes: ['https://www.googleapis.com/auth/androidmanagement'],
credentials: {
client_email: sails.config.custom.androidEnterpriseServiceAccountEmailAddress,// eslint-disable-line camelcase
private_key: sails.config.custom.androidEnterpriseServiceAccountPrivateKey,// eslint-disable-line camelcase
},
});
// Acquire the google auth client, and bind it to all future calls
let authClient = await googleAuth.getClient();
google.options({auth: authClient});
// [?] https://googleapis.dev/nodejs/googleapis/latest/androidmanagement/classes/Resource$Signupurls.html#create
let createSignupUrlResponse = await androidmanagement.signupUrls.create({
// The callback URL that the admin will be redirected to after successfully creating an enterprise. Before redirecting there the system will add a query parameter to this URL named enterpriseToken which will contain an opaque token to be used for the create enterprise request. The URL will be parsed then reformatted in order to add the enterpriseToken parameter, so there may be some minor formatting changes.
callbackUrl: callbackUrl,
// The ID of the Google Cloud Platform project which will own the enterprise.
projectId: sails.config.custom.androidEnterpriseProjectId,
});
return createSignupUrlResponse.data;
}).intercept({status: 400}, (unusedErr)=>{
return {'invalidCallbackUrl': 'The provided Callback Url could not be used to create an Android enterprise signup URL.'};
}).intercept({status: 429}, (err)=>{
// If the Android management API returns a 429 response, log an additional warning that will trigger a help-p1 alert.
sails.log.warn(`p1: Android management API rate limit exceeded!`);
return new Error(`When attempting to create a singup url for a new Android enterprise, an error occurred. Error: ${err}`);
}).intercept((err)=>{
return new Error(`When attempting to create a singup url for a new Android enterprise, an error occurred. Error: ${require('util').inspect(err)}`);
});
return {
url: signupUrl.url,
name: signupUrl.name,
};
}
};
Reference in a new issue View git blame Copy permalink