djsundog
/
wg-portal
mirror of https://github.com/DJSundog/wg-portal.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
wg-portal/internal/server/handlers_peer.go

359 lines
11 KiB
Go
Raw Normal View History

wip: cleanup
2020-11-10 03:31:02 -05:00
package server
import (
"bytes"
many small improvements
2020-11-10 16:23:05 -05:00
"net"
wip: cleanup
2020-11-10 03:31:02 -05:00
"net/http"
"net/url"
"strings"
"time"
"github.com/gin-gonic/gin"
"github.com/h44z/wg-portal/internal/common"
fix mail template (#3) and rename some variables, also change default ordering (latest handshake first)
2021-03-22 07:39:50 -04:00
"github.com/h44z/wg-portal/internal/users"
"github.com/h44z/wg-portal/internal/wireguard"
cleanup, typos, ...
2021-02-08 16:56:02 -05:00
"github.com/sirupsen/logrus"
many small improvements
2020-11-10 16:23:05 -05:00
"github.com/tatsushid/go-fastping"
wip: cleanup
2020-11-10 03:31:02 -05:00
)
type LdapCreateForm struct {
Emails string `form:"email" binding:"required"`
Identifier string `form:"identifier" binding:"required,lte=20"`
}
func (s *Server) GetAdminEditPeer(c *gin.Context) {
WIP: new user management and authentication system, use go 1.16 embed
2021-02-24 15:24:45 -05:00
peer := s.peers.GetPeerByKey(c.Query("pkey"))
wip: cleanup
2020-11-10 03:31:02 -05:00
WIP: new user management and authentication system, use go 1.16 embed
2021-02-24 15:24:45 -05:00
currentSession, err := s.setFormInSession(c, peer)
wip: cleanup
2020-11-10 03:31:02 -05:00
if err != nil {
s.GetHandleError(c, http.StatusInternalServerError, "Session error", err.Error())
return
}
WIP: support for multiple WireGuard devices (#2)
2021-03-21 07:36:11 -04:00
c.HTML(http.StatusOK, "admin_edit_client.html", gin.H{
"Route": c.Request.URL.Path,
"Alerts": GetFlashes(c),
"Session": currentSession,
"Static": s.getStaticData(),
"Peer": currentSession.FormData.(wireguard.Peer),
"EditableKeys": s.config.Core.EditableKeys,
"Device": s.peers.GetDevice(currentSession.DeviceName),
"DeviceNames": s.wg.Cfg.DeviceNames,
wip: cleanup
2020-11-10 03:31:02 -05:00
})
}
func (s *Server) PostAdminEditPeer(c *gin.Context) {
WIP: new user management and authentication system, use go 1.16 embed
2021-02-24 15:24:45 -05:00
currentPeer := s.peers.GetPeerByKey(c.Query("pkey"))
wip: cleanup
2020-11-10 03:31:02 -05:00
urlEncodedKey := url.QueryEscape(c.Query("pkey"))
WIP: new user management and authentication system, use go 1.16 embed
2021-02-24 15:24:45 -05:00
currentSession := GetSessionData(c)
WIP: support for multiple WireGuard devices (#2)
2021-03-21 07:36:11 -04:00
var formPeer wireguard.Peer
wip: cleanup
2020-11-10 03:31:02 -05:00
if currentSession.FormData != nil {
WIP: support for multiple WireGuard devices (#2)
2021-03-21 07:36:11 -04:00
formPeer = currentSession.FormData.(wireguard.Peer)
wip: cleanup
2020-11-10 03:31:02 -05:00
}
rename user to peer
2021-02-21 17:23:58 -05:00
if err := c.ShouldBind(&formPeer); err != nil {
_ = s.updateFormInSession(c, formPeer)
WIP: new user management and authentication system, use go 1.16 embed
2021-02-24 15:24:45 -05:00
SetFlashMessage(c, "failed to bind form data: "+err.Error(), "danger")
wip: cleanup
2020-11-10 03:31:02 -05:00
c.Redirect(http.StatusSeeOther, "/admin/peer/edit?pkey="+urlEncodedKey+"&formerr=bind")
return
}
// Clean list input
rename user to peer
2021-02-21 17:23:58 -05:00
formPeer.IPs = common.ParseStringList(formPeer.IPsStr)
formPeer.AllowedIPs = common.ParseStringList(formPeer.AllowedIPsStr)
formPeer.IPsStr = common.ListToString(formPeer.IPs)
formPeer.AllowedIPsStr = common.ListToString(formPeer.AllowedIPs)
wip: cleanup
2020-11-10 03:31:02 -05:00
disabled := c.PostForm("isdisabled") != ""
now := time.Now()
WIP: new user management and authentication system, use go 1.16 embed
2021-02-24 15:24:45 -05:00
if disabled && currentPeer.DeactivatedAt == nil {
rename user to peer
2021-02-21 17:23:58 -05:00
formPeer.DeactivatedAt = &now
wip: cleanup
2020-11-10 03:31:02 -05:00
} else if !disabled {
rename user to peer
2021-02-21 17:23:58 -05:00
formPeer.DeactivatedAt = nil
wip: cleanup
2020-11-10 03:31:02 -05:00
}
// Update in database
WIP: new user management and authentication system, use go 1.16 embed
2021-02-24 15:24:45 -05:00
if err := s.UpdatePeer(formPeer, now); err != nil {
rename user to peer
2021-02-21 17:23:58 -05:00
_ = s.updateFormInSession(c, formPeer)
WIP: new user management and authentication system, use go 1.16 embed
2021-02-24 15:24:45 -05:00
SetFlashMessage(c, "failed to update user: "+err.Error(), "danger")
wip: cleanup
2020-11-10 03:31:02 -05:00
c.Redirect(http.StatusSeeOther, "/admin/peer/edit?pkey="+urlEncodedKey+"&formerr=update")
return
}
WIP: new user management and authentication system, use go 1.16 embed
2021-02-24 15:24:45 -05:00
SetFlashMessage(c, "changes applied successfully", "success")
wip: cleanup
2020-11-10 03:31:02 -05:00
c.Redirect(http.StatusSeeOther, "/admin/peer/edit?pkey="+urlEncodedKey)
}
func (s *Server) GetAdminCreatePeer(c *gin.Context) {
WIP: new user management and authentication system, use go 1.16 embed
2021-02-24 15:24:45 -05:00
currentSession, err := s.setNewPeerFormInSession(c)
wip: cleanup
2020-11-10 03:31:02 -05:00
if err != nil {
s.GetHandleError(c, http.StatusInternalServerError, "Session error", err.Error())
return
}
WIP: support for multiple WireGuard devices (#2)
2021-03-21 07:36:11 -04:00
c.HTML(http.StatusOK, "admin_edit_client.html", gin.H{
"Route": c.Request.URL.Path,
"Alerts": GetFlashes(c),
"Session": currentSession,
"Static": s.getStaticData(),
"Peer": currentSession.FormData.(wireguard.Peer),
"EditableKeys": s.config.Core.EditableKeys,
"Device": s.peers.GetDevice(currentSession.DeviceName),
"DeviceNames": s.wg.Cfg.DeviceNames,
wip: cleanup
2020-11-10 03:31:02 -05:00
})
}
func (s *Server) PostAdminCreatePeer(c *gin.Context) {
WIP: new user management and authentication system, use go 1.16 embed
2021-02-24 15:24:45 -05:00
currentSession := GetSessionData(c)
WIP: support for multiple WireGuard devices (#2)
2021-03-21 07:36:11 -04:00
var formPeer wireguard.Peer
wip: cleanup
2020-11-10 03:31:02 -05:00
if currentSession.FormData != nil {
WIP: support for multiple WireGuard devices (#2)
2021-03-21 07:36:11 -04:00
formPeer = currentSession.FormData.(wireguard.Peer)
wip: cleanup
2020-11-10 03:31:02 -05:00
}
rename user to peer
2021-02-21 17:23:58 -05:00
if err := c.ShouldBind(&formPeer); err != nil {
_ = s.updateFormInSession(c, formPeer)
WIP: new user management and authentication system, use go 1.16 embed
2021-02-24 15:24:45 -05:00
SetFlashMessage(c, "failed to bind form data: "+err.Error(), "danger")
wip: cleanup
2020-11-10 03:31:02 -05:00
c.Redirect(http.StatusSeeOther, "/admin/peer/create?formerr=bind")
return
}
// Clean list input
rename user to peer
2021-02-21 17:23:58 -05:00
formPeer.IPs = common.ParseStringList(formPeer.IPsStr)
formPeer.AllowedIPs = common.ParseStringList(formPeer.AllowedIPsStr)
formPeer.IPsStr = common.ListToString(formPeer.IPs)
formPeer.AllowedIPsStr = common.ListToString(formPeer.AllowedIPs)
wip: cleanup
2020-11-10 03:31:02 -05:00
disabled := c.PostForm("isdisabled") != ""
now := time.Now()
if disabled {
rename user to peer
2021-02-21 17:23:58 -05:00
formPeer.DeactivatedAt = &now
wip: cleanup
2020-11-10 03:31:02 -05:00
}
WIP: support for multiple WireGuard devices (#2)
2021-03-21 07:36:11 -04:00
if err := s.CreatePeer(currentSession.DeviceName, formPeer); err != nil {
rename user to peer
2021-02-21 17:23:58 -05:00
_ = s.updateFormInSession(c, formPeer)
WIP: new user management and authentication system, use go 1.16 embed
2021-02-24 15:24:45 -05:00
SetFlashMessage(c, "failed to add user: "+err.Error(), "danger")
wip: cleanup
2020-11-10 03:31:02 -05:00
c.Redirect(http.StatusSeeOther, "/admin/peer/create?formerr=create")
return
}
WIP: new user management and authentication system, use go 1.16 embed
2021-02-24 15:24:45 -05:00
SetFlashMessage(c, "client created successfully", "success")
wip: cleanup
2020-11-10 03:31:02 -05:00
c.Redirect(http.StatusSeeOther, "/admin")
}
func (s *Server) GetAdminCreateLdapPeers(c *gin.Context) {
currentSession, err := s.setFormInSession(c, LdapCreateForm{Identifier: "Default"})
if err != nil {
s.GetHandleError(c, http.StatusInternalServerError, "Session error", err.Error())
return
}
WIP: support for multiple WireGuard devices (#2)
2021-03-21 07:36:11 -04:00
c.HTML(http.StatusOK, "admin_create_clients.html", gin.H{
"Route": c.Request.URL.Path,
"Alerts": GetFlashes(c),
"Session": currentSession,
"Static": s.getStaticData(),
"Users": s.users.GetFilteredAndSortedUsers("lastname", "asc", ""),
"FormData": currentSession.FormData.(LdapCreateForm),
"Device": s.peers.GetDevice(currentSession.DeviceName),
"DeviceNames": s.wg.Cfg.DeviceNames,
wip: cleanup
2020-11-10 03:31:02 -05:00
})
}
func (s *Server) PostAdminCreateLdapPeers(c *gin.Context) {
WIP: new user management and authentication system, use go 1.16 embed
2021-02-24 15:24:45 -05:00
currentSession := GetSessionData(c)
wip: cleanup
2020-11-10 03:31:02 -05:00
var formData LdapCreateForm
if currentSession.FormData != nil {
formData = currentSession.FormData.(LdapCreateForm)
}
if err := c.ShouldBind(&formData); err != nil {
_ = s.updateFormInSession(c, formData)
WIP: new user management and authentication system, use go 1.16 embed
2021-02-24 15:24:45 -05:00
SetFlashMessage(c, "failed to bind form data: "+err.Error(), "danger")
wip: cleanup
2020-11-10 03:31:02 -05:00
c.Redirect(http.StatusSeeOther, "/admin/peer/createldap?formerr=bind")
return
}
emails := common.ParseStringList(formData.Emails)
for i := range emails {
// TODO: also check email addr for validity?
WIP: new user management and authentication system, use go 1.16 embed
2021-02-24 15:24:45 -05:00
if !strings.ContainsRune(emails[i], '@') || s.users.GetUser(emails[i]) == nil {
wip: cleanup
2020-11-10 03:31:02 -05:00
_ = s.updateFormInSession(c, formData)
WIP: new user management and authentication system, use go 1.16 embed
2021-02-24 15:24:45 -05:00
SetFlashMessage(c, "invalid email address: "+emails[i], "danger")
wip: cleanup
2020-11-10 03:31:02 -05:00
c.Redirect(http.StatusSeeOther, "/admin/peer/createldap?formerr=mail")
return
}
}
cleanup, typos, ...
2021-02-08 16:56:02 -05:00
logrus.Infof("creating %d ldap peers", len(emails))
wip: cleanup
2020-11-10 03:31:02 -05:00
for i := range emails {
WIP: support for multiple WireGuard devices (#2)
2021-03-21 07:36:11 -04:00
if err := s.CreatePeerByEmail(currentSession.DeviceName, emails[i], formData.Identifier, false); err != nil {
wip: cleanup
2020-11-10 03:31:02 -05:00
_ = s.updateFormInSession(c, formData)
WIP: new user management and authentication system, use go 1.16 embed
2021-02-24 15:24:45 -05:00
SetFlashMessage(c, "failed to add user: "+err.Error(), "danger")
wip: cleanup
2020-11-10 03:31:02 -05:00
c.Redirect(http.StatusSeeOther, "/admin/peer/createldap?formerr=create")
return
}
}
WIP: new user management and authentication system, use go 1.16 embed
2021-02-24 15:24:45 -05:00
SetFlashMessage(c, "client(s) created successfully", "success")
wip: cleanup
2020-11-10 03:31:02 -05:00
c.Redirect(http.StatusSeeOther, "/admin/peer/createldap")
}
func (s *Server) GetAdminDeletePeer(c *gin.Context) {
fix mail template (#3) and rename some variables, also change default ordering (latest handshake first)
2021-03-22 07:39:50 -04:00
currentPeer := s.peers.GetPeerByKey(c.Query("pkey"))
if err := s.DeletePeer(currentPeer); err != nil {
wip: cleanup
2020-11-10 03:31:02 -05:00
s.GetHandleError(c, http.StatusInternalServerError, "Deletion error", err.Error())
return
}
WIP: support for multiple WireGuard devices (#2)
2021-03-21 07:36:11 -04:00
SetFlashMessage(c, "peer deleted successfully", "success")
wip: cleanup
2020-11-10 03:31:02 -05:00
c.Redirect(http.StatusSeeOther, "/admin")
}
func (s *Server) GetPeerQRCode(c *gin.Context) {
fix mail template (#3) and rename some variables, also change default ordering (latest handshake first)
2021-03-22 07:39:50 -04:00
peer := s.peers.GetPeerByKey(c.Query("pkey"))
WIP: new user management and authentication system, use go 1.16 embed
2021-02-24 15:24:45 -05:00
currentSession := GetSessionData(c)
fix mail template (#3) and rename some variables, also change default ordering (latest handshake first)
2021-03-22 07:39:50 -04:00
if !currentSession.IsAdmin && peer.Email != currentSession.Email {
wip: cleanup
2020-11-10 03:31:02 -05:00
s.GetHandleError(c, http.StatusUnauthorized, "No permissions", "You don't have permissions to view this resource!")
return
}
fix mail template (#3) and rename some variables, also change default ordering (latest handshake first)
2021-03-22 07:39:50 -04:00
png, err := peer.GetQRCode()
wip: cleanup
2020-11-10 03:31:02 -05:00
if err != nil {
s.GetHandleError(c, http.StatusInternalServerError, "QRCode error", err.Error())
return
}
c.Data(http.StatusOK, "image/png", png)
return
}
func (s *Server) GetPeerConfig(c *gin.Context) {
fix mail template (#3) and rename some variables, also change default ordering (latest handshake first)
2021-03-22 07:39:50 -04:00
peer := s.peers.GetPeerByKey(c.Query("pkey"))
WIP: new user management and authentication system, use go 1.16 embed
2021-02-24 15:24:45 -05:00
currentSession := GetSessionData(c)
fix mail template (#3) and rename some variables, also change default ordering (latest handshake first)
2021-03-22 07:39:50 -04:00
if !currentSession.IsAdmin && peer.Email != currentSession.Email {
wip: cleanup
2020-11-10 03:31:02 -05:00
s.GetHandleError(c, http.StatusUnauthorized, "No permissions", "You don't have permissions to view this resource!")
return
}
fix mail template (#3) and rename some variables, also change default ordering (latest handshake first)
2021-03-22 07:39:50 -04:00
cfg, err := peer.GetConfigFile(s.peers.GetDevice(currentSession.DeviceName))
wip: cleanup
2020-11-10 03:31:02 -05:00
if err != nil {
s.GetHandleError(c, http.StatusInternalServerError, "ConfigFile error", err.Error())
return
}
fix mail template (#3) and rename some variables, also change default ordering (latest handshake first)
2021-03-22 07:39:50 -04:00
c.Header("Content-Disposition", "attachment; filename="+peer.GetConfigFileName())
wip: cleanup
2020-11-10 03:31:02 -05:00
c.Data(http.StatusOK, "application/config", cfg)
return
}
func (s *Server) GetPeerConfigMail(c *gin.Context) {
fix mail template (#3) and rename some variables, also change default ordering (latest handshake first)
2021-03-22 07:39:50 -04:00
peer := s.peers.GetPeerByKey(c.Query("pkey"))
WIP: new user management and authentication system, use go 1.16 embed
2021-02-24 15:24:45 -05:00
currentSession := GetSessionData(c)
fix mail template (#3) and rename some variables, also change default ordering (latest handshake first)
2021-03-22 07:39:50 -04:00
if !currentSession.IsAdmin && peer.Email != currentSession.Email {
wip: cleanup
2020-11-10 03:31:02 -05:00
s.GetHandleError(c, http.StatusUnauthorized, "No permissions", "You don't have permissions to view this resource!")
return
}
fix mail template (#3) and rename some variables, also change default ordering (latest handshake first)
2021-03-22 07:39:50 -04:00
user := s.users.GetUser(peer.Email)
cfg, err := peer.GetConfigFile(s.peers.GetDevice(currentSession.DeviceName))
wip: cleanup
2020-11-10 03:31:02 -05:00
if err != nil {
s.GetHandleError(c, http.StatusInternalServerError, "ConfigFile error", err.Error())
return
}
fix mail template (#3) and rename some variables, also change default ordering (latest handshake first)
2021-03-22 07:39:50 -04:00
png, err := peer.GetQRCode()
wip: cleanup
2020-11-10 03:31:02 -05:00
if err != nil {
s.GetHandleError(c, http.StatusInternalServerError, "QRCode error", err.Error())
return
}
// Apply mail template
var tplBuff bytes.Buffer
if err := s.mailTpl.Execute(&tplBuff, struct {
fix mail template (#3) and rename some variables, also change default ordering (latest handshake first)
2021-03-22 07:39:50 -04:00
Peer wireguard.Peer
User *users.User
wip: cleanup
2020-11-10 03:31:02 -05:00
QrcodePngName string
PortalUrl string
}{
fix mail template (#3) and rename some variables, also change default ordering (latest handshake first)
2021-03-22 07:39:50 -04:00
Peer: peer,
User: user,
wip: cleanup
2020-11-10 03:31:02 -05:00
QrcodePngName: "wireguard-config.png",
PortalUrl: s.config.Core.ExternalUrl,
}); err != nil {
s.GetHandleError(c, http.StatusInternalServerError, "Template error", err.Error())
return
}
// Send mail
attachments := []common.MailAttachment{
{
fix mail template (#3) and rename some variables, also change default ordering (latest handshake first)
2021-03-22 07:39:50 -04:00
Name: peer.GetConfigFileName(),
wip: cleanup
2020-11-10 03:31:02 -05:00
ContentType: "application/config",
Data: bytes.NewReader(cfg),
},
{
Name: "wireguard-config.png",
ContentType: "image/png",
Data: bytes.NewReader(png),
},
}
if err := common.SendEmailWithAttachments(s.config.Email, s.config.Core.MailFrom, "", "WireGuard VPN Configuration",
"Your mail client does not support HTML. Please find the configuration attached to this mail.", tplBuff.String(),
fix mail template (#3) and rename some variables, also change default ordering (latest handshake first)
2021-03-22 07:39:50 -04:00
[]string{peer.Email}, attachments); err != nil {
wip: cleanup
2020-11-10 03:31:02 -05:00
s.GetHandleError(c, http.StatusInternalServerError, "Email error", err.Error())
return
}
WIP: new user management and authentication system, use go 1.16 embed
2021-02-24 15:24:45 -05:00
SetFlashMessage(c, "mail sent successfully", "success")
fix redirect after sending the peer email
2021-03-22 08:45:35 -04:00
if strings.HasPrefix(c.Request.URL.Path, "/user") {
c.Redirect(http.StatusSeeOther, "/user/profile")
} else {
c.Redirect(http.StatusSeeOther, "/admin")
}
wip: cleanup
2020-11-10 03:31:02 -05:00
}
many small improvements
2020-11-10 16:23:05 -05:00
func (s *Server) GetPeerStatus(c *gin.Context) {
fix mail template (#3) and rename some variables, also change default ordering (latest handshake first)
2021-03-22 07:39:50 -04:00
peer := s.peers.GetPeerByKey(c.Query("pkey"))
WIP: new user management and authentication system, use go 1.16 embed
2021-02-24 15:24:45 -05:00
currentSession := GetSessionData(c)
fix mail template (#3) and rename some variables, also change default ordering (latest handshake first)
2021-03-22 07:39:50 -04:00
if !currentSession.IsAdmin && peer.Email != currentSession.Email {
many small improvements
2020-11-10 16:23:05 -05:00
s.GetHandleError(c, http.StatusUnauthorized, "No permissions", "You don't have permissions to view this resource!")
return
}
fix mail template (#3) and rename some variables, also change default ordering (latest handshake first)
2021-03-22 07:39:50 -04:00
if peer.Peer == nil { // no peer means disabled
many small improvements
2020-11-10 16:23:05 -05:00
c.JSON(http.StatusOK, false)
return
}
isOnline := false
ping := make(chan bool)
defer close(ping)
fix mail template (#3) and rename some variables, also change default ordering (latest handshake first)
2021-03-22 07:39:50 -04:00
for _, cidr := range peer.IPs {
many small improvements
2020-11-10 16:23:05 -05:00
ip, _, _ := net.ParseCIDR(cidr)
var ra *net.IPAddr
if common.IsIPv6(ip.String()) {
ra, _ = net.ResolveIPAddr("ip6:ipv6-icmp", ip.String())
} else {
ra, _ = net.ResolveIPAddr("ip4:icmp", ip.String())
}
p := fastping.NewPinger()
p.AddIPAddr(ra)
p.OnRecv = func(addr *net.IPAddr, rtt time.Duration) {
ping <- true
p.Stop()
}
p.OnIdle = func() {
ping <- false
p.Stop()
}
p.MaxRTT = 500 * time.Millisecond
p.RunLoop()
if <-ping {
isOnline = true
break
}
}
c.JSON(http.StatusOK, isOnline)
return
}