wip: cleanup
1
.gitignore
vendored
@ -26,6 +26,7 @@
|
||||
.idea/
|
||||
*.iws
|
||||
out/
|
||||
dist/
|
||||
ssh.key
|
||||
.testCoverage.txt
|
||||
wg_portal.db
|
||||
|
40
Makefile
Normal file
@ -0,0 +1,40 @@
|
||||
# Go parameters
|
||||
GOCMD=go
|
||||
MODULENAME=github.com/h44z/wg-portal
|
||||
GOFILES:=$(shell go list ./... | grep -v /vendor/)
|
||||
BUILDDIR=dist
|
||||
BINARIES=$(subst cmd/,,$(wildcard cmd/*))
|
||||
|
||||
.PHONY: all test clean phony
|
||||
|
||||
all: dep test build
|
||||
|
||||
build: dep $(addprefix $(BUILDDIR)/,$(BINARIES))
|
||||
cp -r assets $(BUILDDIR)
|
||||
|
||||
dep:
|
||||
$(GOCMD) mod download
|
||||
|
||||
validate:
|
||||
$(GOCMD) fmt $(GOFILES)
|
||||
$(GOCMD) vet $(GOFILES)
|
||||
$(GOCMD) test -race $(GOFILES)
|
||||
|
||||
coverage:
|
||||
$(GOCMD) fmt $(GOFILES)
|
||||
$(GOCMD) test $(GOFILES) -v -coverprofile .testCoverage.txt
|
||||
$(GOCMD) tool cover -func=.testCoverage.txt # use total:\s+\(statements\)\s+(\d+.\d+\%) as Gitlab CI regextotal:\s+\(statements\)\s+(\d+.\d+\%)
|
||||
|
||||
coverage-html: coverage
|
||||
$(GOCMD) tool cover -html=.testCoverage.txt
|
||||
|
||||
test:
|
||||
$(GOCMD) test $(MODULENAME)/... -v -count=1
|
||||
|
||||
clean:
|
||||
$(GOCMD) clean $(GOFILES)
|
||||
rm -rf .testCoverage.txt
|
||||
rm -rf $(BUILDDIR)
|
||||
|
||||
$(BUILDDIR)/%: cmd/%/main.go dep phony
|
||||
$(GOCMD) build -o $@ $<
|
Before Width: | Height: | Size: 1.9 KiB |
Before Width: | Height: | Size: 2.1 KiB |
Before Width: | Height: | Size: 20 KiB |
Before Width: | Height: | Size: 220 B |
BIN
assets/img/header-logo.png
Normal file
After Width: | Height: | Size: 10 KiB |
Before Width: | Height: | Size: 8.3 KiB |
Before Width: | Height: | Size: 32 KiB |
Before Width: | Height: | Size: 986 B |
Before Width: | Height: | Size: 1.0 KiB |
Before Width: | Height: | Size: 1.6 KiB |
@ -7,7 +7,6 @@
|
||||
<meta name="description" content="{{ .Static.WebsiteTitle }}">
|
||||
<link rel="stylesheet" href="/css/jquery-ui.min.css">
|
||||
<link rel="stylesheet" href="/css/bootstrap.min.css">
|
||||
<!--link rel="stylesheet" href="https://fonts.googleapis.com/css?family=Nunito:200,200i,300,300i,400,400i,600,600i,700,700i,800,800i,900,900i"-->
|
||||
<link rel="stylesheet" href="/fonts/fontawesome-all.min.css">
|
||||
<link rel="stylesheet" href="/css/bootstrap-tokenfield.min.css">
|
||||
<link rel="stylesheet" href="/css/tokenfield-typeahead.min.css">
|
||||
@ -43,7 +42,7 @@
|
||||
<a href="/admin" class="btn btn-secondary">Cancel</a>
|
||||
</form>
|
||||
</div>
|
||||
{{template "prt_footer.html"}}
|
||||
{{template "prt_footer.html" .}}
|
||||
<script src="/js/jquery.min.js"></script>
|
||||
<script src="/js/bootstrap.bundle.min.js"></script>
|
||||
<script src="/js/jquery.easing.js"></script>
|
||||
|
@ -6,7 +6,6 @@
|
||||
<title>{{ .Static.WebsiteTitle }} - Admin</title>
|
||||
<meta name="description" content="{{ .Static.WebsiteTitle }}">
|
||||
<link rel="stylesheet" href="/css/bootstrap.min.css">
|
||||
<!--link rel="stylesheet" href="https://fonts.googleapis.com/css?family=Nunito:200,200i,300,300i,400,400i,600,600i,700,700i,800,800i,900,900i"-->
|
||||
<link rel="stylesheet" href="/fonts/fontawesome-all.min.css">
|
||||
<link rel="stylesheet" href="/css/custom.css">
|
||||
</head>
|
||||
@ -83,7 +82,7 @@
|
||||
<a href="/admin" class="btn btn-secondary">Cancel</a>
|
||||
</form>
|
||||
</div>
|
||||
{{template "prt_footer.html"}}
|
||||
{{template "prt_footer.html" .}}
|
||||
<script src="/js/jquery.min.js"></script>
|
||||
<script src="/js/bootstrap.bundle.min.js"></script>
|
||||
<script src="/js/jquery.easing.js"></script>
|
||||
|
@ -6,7 +6,6 @@
|
||||
<title>{{ .Static.WebsiteTitle }} - Admin</title>
|
||||
<meta name="description" content="{{ .Static.WebsiteTitle }}">
|
||||
<link rel="stylesheet" href="/css/bootstrap.min.css">
|
||||
<!--link rel="stylesheet" href="https://fonts.googleapis.com/css?family=Nunito:200,200i,300,300i,400,400i,600,600i,700,700i,800,800i,900,900i"-->
|
||||
<link rel="stylesheet" href="/fonts/fontawesome-all.min.css">
|
||||
<link rel="stylesheet" href="/css/custom.css">
|
||||
</head>
|
||||
@ -99,7 +98,7 @@
|
||||
<a href="/admin" class="btn btn-secondary">Cancel</a>
|
||||
</form>
|
||||
</div>
|
||||
{{template "prt_footer.html"}}
|
||||
{{template "prt_footer.html" .}}
|
||||
<script src="/js/jquery.min.js"></script>
|
||||
<script src="/js/bootstrap.bundle.min.js"></script>
|
||||
<script src="/js/jquery.easing.js"></script>
|
||||
|
@ -6,7 +6,6 @@
|
||||
<title>{{ .Static.WebsiteTitle }} - Admin</title>
|
||||
<meta name="description" content="{{ .Static.WebsiteTitle }}">
|
||||
<link rel="stylesheet" href="/css/bootstrap.min.css">
|
||||
<!--link rel="stylesheet" href="https://fonts.googleapis.com/css?family=Nunito:200,200i,300,300i,400,400i,600,600i,700,700i,800,800i,900,900i"-->
|
||||
<link rel="stylesheet" href="/fonts/fontawesome-all.min.css">
|
||||
<link rel="stylesheet" href="/css/custom.css">
|
||||
</head>
|
||||
@ -92,7 +91,9 @@
|
||||
<h2 class="mt-2">Current VPN Users</h2>
|
||||
</div>
|
||||
<div class="col-sm-2 col-12 text-right">
|
||||
{{if not .Static.LdapDisabled}}
|
||||
<a href="/admin/peer/createldap" title="Add a LDAP user" class="btn btn-primary"><i class="fa fa-fw fa-user-plus"></i></a>
|
||||
{{end}}
|
||||
<a href="/admin/peer/create" title="Manual add a user" class="btn btn-primary"><i class="fa fa-fw fa-plus"></i>M</a>
|
||||
</div>
|
||||
</div>
|
||||
@ -191,7 +192,7 @@
|
||||
<p>Currently listed peers: <strong>{{len .Peers}}</strong></p>
|
||||
</div>
|
||||
</div>
|
||||
{{template "prt_footer.html"}}
|
||||
{{template "prt_footer.html" .}}
|
||||
<script src="/js/jquery.min.js"></script>
|
||||
<script src="/js/bootstrap.bundle.min.js"></script>
|
||||
<script src="/js/jquery.easing.js"></script>
|
||||
|
@ -6,7 +6,6 @@
|
||||
<title>{{ .Static.WebsiteTitle }} - Error</title>
|
||||
<meta name="description" content="{{ .Static.WebsiteTitle }}">
|
||||
<link rel="stylesheet" href="/css/bootstrap.min.css">
|
||||
<link rel="stylesheet" href="https://fonts.googleapis.com/css?family=Nunito:200,200i,300,300i,400,400i,600,600i,700,700i,800,800i,900,900i">
|
||||
<link rel="stylesheet" href="/fonts/fontawesome-all.min.css">
|
||||
<link rel="stylesheet" href="/css/custom.css">
|
||||
</head>
|
||||
@ -22,7 +21,7 @@
|
||||
<p class="text-black-50 mb-0">{{.Data.Details}}</p><a href="/">← Back to Dashboard</a>
|
||||
</div>
|
||||
</div>
|
||||
{{template "prt_footer.html"}}
|
||||
{{template "prt_footer.html" .}}
|
||||
<script src="/js/jquery.min.js"></script>
|
||||
<script src="/js/bootstrap.bundle.min.js"></script>
|
||||
<script src="/js/jquery.easing.js"></script>
|
||||
|
@ -1,13 +1,12 @@
|
||||
<!DOCTYPE html>
|
||||
<html lang="en">
|
||||
<!-- https://bootswatch.com/lux/ -->
|
||||
<!-- Theme: https://bootswatch.com/lux/ -->
|
||||
<head>
|
||||
<meta charset="utf-8">
|
||||
<meta name="viewport" content="width=device-width, initial-scale=1.0, shrink-to-fit=no">
|
||||
<title>{{ .Static.WebsiteTitle }}</title>
|
||||
<meta name="description" content="{{ .Static.WebsiteTitle }}">
|
||||
<link rel="stylesheet" href="/css/bootstrap.min.css">
|
||||
<!--link rel="stylesheet" href="https://fonts.googleapis.com/css?family=Nunito:200,200i,300,300i,400,400i,600,600i,700,700i,800,800i,900,900i"-->
|
||||
<link rel="stylesheet" href="/fonts/fontawesome-all.min.css">
|
||||
<link rel="stylesheet" href="/css/custom.css">
|
||||
</head>
|
||||
@ -26,7 +25,7 @@
|
||||
<h3>Client Software</h3>
|
||||
<p>Installation instructions for client software can be found on the official WireGuard website: <a href="https://www.wireguard.com/install/" title="WireGuard" target="_blank">https://www.wireguard.com/</a> </p>
|
||||
</div>
|
||||
{{template "prt_footer.html"}}
|
||||
{{template "prt_footer.html" .}}
|
||||
<script src="/js/jquery.min.js"></script>
|
||||
<script src="/js/bootstrap.bundle.min.js"></script>
|
||||
<script src="/js/jquery.easing.js"></script>
|
||||
|
@ -7,7 +7,6 @@
|
||||
<title>{{ .static.WebsiteTitle }} - Login</title>
|
||||
<meta name="description" content="{{ .static.WebsiteTitle }}">
|
||||
<link rel="stylesheet" href="/css/bootstrap.min.css">
|
||||
<link rel="stylesheet" href="https://fonts.googleapis.com/css?family=Nunito:200,200i,300,300i,400,400i,600,600i,700,700i,800,800i,900,900i">
|
||||
<link rel="stylesheet" href="/fonts/fontawesome-all.min.css">
|
||||
<link rel="stylesheet" href="/fonts/font-awesome.min.css">
|
||||
<link rel="stylesheet" href="/fonts/fontawesome5-overrides.min.css">
|
||||
@ -46,7 +45,7 @@
|
||||
</div>
|
||||
</div>
|
||||
<script src="/js/jquery.min.js"></script>
|
||||
<script src="/js/bootstrap.min.js"></script>
|
||||
<script src="/js/bootstrap.bundle.min.js"></script>
|
||||
<script src="/js/jquery.easing.js"></script>
|
||||
<script src="/js/jquery.fancybox.min.js"></script>
|
||||
<script src="/js/custom.js"></script>
|
||||
|
@ -1,120 +0,0 @@
|
||||
<!DOCTYPE html>
|
||||
<html lang="en">
|
||||
<!-- http://paintstrap.com/preview_by_id/27826?design=large -->
|
||||
<!-- http://www.colourlovers.com/palette/4657935 -->
|
||||
<head>
|
||||
<meta charset="utf-8">
|
||||
<meta name="viewport" content="width=device-width, initial-scale=1.0, shrink-to-fit=no">
|
||||
<title>{{ .static.WebsiteTitle }} - Profile</title>
|
||||
<meta name="description" content="{{ .static.WebsiteTitle }}">
|
||||
<link rel="stylesheet" href="/css/bootstrap.min.css">
|
||||
<link rel="stylesheet" href="https://fonts.googleapis.com/css?family=Nunito:200,200i,300,300i,400,400i,600,600i,700,700i,800,800i,900,900i">
|
||||
<link rel="stylesheet" href="/fonts/fontawesome-all.min.css">
|
||||
<link rel="stylesheet" href="/css/custom.css">
|
||||
</head>
|
||||
|
||||
<body id="page-top">
|
||||
{{template "prt_nav.html" .}}
|
||||
<div class="container user-edit-container">
|
||||
<div class="jumbotron user-edit-jumbotron">
|
||||
<div class="row">
|
||||
<div class="form-row">
|
||||
<div class="form-group col-md-6 text-center">
|
||||
<img class="list-image-edit" src="/user/{{$.user.Username}}/user.jpg?cc={{len $.user.Image}}" alt="User Image"/>
|
||||
</div>
|
||||
<div class="form-group col-md-6">
|
||||
<label for="inputName">Name</label>
|
||||
<input type="text" name="displayName" class="form-control" id="inputName" placeholder="" value="{{index $.user.Attributes "displayName" }}" readonly>
|
||||
<label for="inputMail">Email</label>
|
||||
<input type="email" name="mail" class="form-control" id="inputMail" placeholder="" value="{{index $.user.Attributes "mail" }}" readonly>
|
||||
<label for="inputUserID">User ID</label>
|
||||
<input type="text" name="sAMAccountName" class="form-control" id="inputUserID" placeholder="" value="{{index $.user.Attributes "sAMAccountName" }}" readonly>
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
||||
<br>
|
||||
<div class="row">
|
||||
<div class="form-row">
|
||||
<div class="form-group col-md-4">
|
||||
<label for="inputPhone">Phone Number</label>
|
||||
<input type="text" name="telephoneNumber" class="form-control" id="inputPhone" value="{{index $.user.Attributes "telephoneNumber" }}" placeholder="" readonly>
|
||||
</div>
|
||||
<div class="form-group col-md-4">
|
||||
<label for="inputMobile">Mobile Number</label>
|
||||
<input type="text" name="mobile" class="form-control" id="inputMobile" value="{{index $.user.Attributes "mobile" }}" placeholder="" readonly>
|
||||
</div>
|
||||
<div class="form-group col-md-4">
|
||||
<label for="inputEmployeeID">Employee ID</label>
|
||||
<input type="text" name="employeeID" class="form-control" id="inputEmployeeID" value="{{index $.user.Attributes "employeeID" }}" placeholder="" readonly>
|
||||
</div>
|
||||
</div>
|
||||
<div class="form-row">
|
||||
<div class="form-group col-md-6">
|
||||
<label for="inputTitle">Title</label>
|
||||
<input type="text" name="title" class="form-control" id="inputTitle" value="{{index $.user.Attributes "title" }}" placeholder="" readonly>
|
||||
</div>
|
||||
<div class="form-group col-md-6">
|
||||
<label for="inputDepartment">Department</label>
|
||||
<input type="text" name="department" class="form-control" id="inputDepartment" value="{{index $.user.Attributes "department" }}" placeholder="" readonly>
|
||||
</div>
|
||||
</div>
|
||||
<div class="form-row">
|
||||
<div class="form-group col-md-6">
|
||||
<label for="inputCompany">Company</label>
|
||||
<input type="text" name="company" class="form-control" id="inputCompany" value="{{index $.user.Attributes "company" }}" placeholder="" readonly>
|
||||
</div>
|
||||
<div class="form-group col-md-6">
|
||||
<label for="inputManager">Teamleader</label>
|
||||
<select name="manager" id="inputManager" class="form-control" readonly>
|
||||
<option value="">No Teamleader</option>
|
||||
{{range $i, $leader := $.teamLeaders}}
|
||||
{{if eq $leader.DN (index $.user.Attributes "manager")}}
|
||||
<option value="{{$leader.DN}}" selected>{{$leader.Firstname}} {{$leader.Lastname}}</option>
|
||||
{{end}}
|
||||
<option value="{{$leader.DN}}">{{$leader.Firstname}} {{$leader.Lastname}}</option>
|
||||
{{end}}
|
||||
</select>
|
||||
</div>
|
||||
</div>
|
||||
<div class="form-row">
|
||||
<div class="form-group col-md-4">
|
||||
<label for="inputStreet">Street</label>
|
||||
<input type="text" name="streetAddress" class="form-control" id="inputStreet" value="{{index $.user.Attributes "streetAddress" }}" placeholder="" readonly>
|
||||
</div>
|
||||
<div class="form-group col-md-4">
|
||||
<label for="inputZip">Street</label>
|
||||
<input type="text" name="postalCode" class="form-control" id="inputZip" value="{{index $.user.Attributes "postalCode" }}" placeholder="" readonly>
|
||||
</div>
|
||||
<div class="form-group col-md-4">
|
||||
<label for="inputCity">City</label>
|
||||
<input type="text" name="l" class="form-control" id="inputCity" value="{{index $.user.Attributes "l" }}" placeholder="" readonly>
|
||||
</div>
|
||||
</div>
|
||||
<div class="form-row">
|
||||
<div class="form-group col-md-6">
|
||||
<label for="inputState">State/Province</label>
|
||||
<input type="text" name="st" class="form-control" id="inputState" value="{{index $.user.Attributes "st" }}" placeholder="" readonly>
|
||||
</div>
|
||||
<div class="form-group col-md-6">
|
||||
<label for="inputCountry">Country</label>
|
||||
<input type="text" name="co" class="form-control" id="inputCountry" value="{{index $.user.Attributes "co" }}" placeholder="" readonly>
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
||||
<div class="row">
|
||||
<div class="form-row">
|
||||
<div class="form-group col-md-12">
|
||||
<a href="/" class="btn btn-primary">Go Back</a>
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
||||
{{template "prt_footer.html"}}
|
||||
<script src="/js/jquery.min.js"></script>
|
||||
<script src="/js/bootstrap.min.js"></script>
|
||||
<script src="/js/jquery.easing.js"></script>
|
||||
<script src="/js/custom.js"></script>
|
||||
</body>
|
||||
|
||||
</html>
|
@ -1,5 +1,5 @@
|
||||
<footer class="page-footer mt-auto">
|
||||
<div class="container mt-3">
|
||||
<p class="text-muted">Copyright © Prolicht GmbH 2020 <a class="scroll-to-top" href="#page-top"><i class="fas fa-angle-up"></i></a></p>
|
||||
<p class="text-muted">Copyright © {{ $.Static.CompanyName }} {{$.Static.Year}} <a class="scroll-to-top" href="#page-top"><i class="fas fa-angle-up"></i></a></p>
|
||||
</div>
|
||||
</footer>
|
@ -3,7 +3,7 @@
|
||||
<span class="navbar-toggler-icon"></span>
|
||||
</button>
|
||||
|
||||
<a class="navbar-brand" href="/"><img src="/img/PROLICHT_FULL.png" alt="PROLICHT"/></a>
|
||||
<a class="navbar-brand" href="/"><img src="{{$.Static.WebsiteLogo}}" alt="{{$.Static.CompanyName}}"/></a>
|
||||
<div id="topNavbar" class="navbar-collapse collapse">
|
||||
<ul class="navbar-nav mr-auto mt-2 mt-lg-0">
|
||||
<li class="nav-spacer"></li>
|
||||
@ -24,11 +24,11 @@
|
||||
{{end}}{{end}}
|
||||
<a class="dropdown-item" href="/user/profile"><i class="fas fa-user"></i> Profile</a>
|
||||
<div class="dropdown-divider"></div>
|
||||
<a class="dropdown-item" href="{{ $.Static.LogoutURL }}"><i class="fas fa-sign-out-alt"></i> Logout</a>
|
||||
<a class="dropdown-item" href="/auth/logout"><i class="fas fa-sign-out-alt"></i> Logout</a>
|
||||
</div>
|
||||
</div>
|
||||
{{else}}
|
||||
<a href="{{ $.Static.LoginURL }}" class="navbar-text"><i class="fas fa-sign-in-alt fa-sm fa-fw mr-2 text-gray-400"></i> Login</a></li>
|
||||
<a href="/auth/login" class="navbar-text"><i class="fas fa-sign-in-alt fa-sm fa-fw mr-2 text-gray-400"></i> Login</a></li>
|
||||
{{end}}
|
||||
</div><!--/.navbar-collapse -->
|
||||
</nav>
|
||||
|
@ -6,7 +6,6 @@
|
||||
<title>{{ .Static.WebsiteTitle }} - Profile</title>
|
||||
<meta name="description" content="{{ .Static.WebsiteTitle }}">
|
||||
<link rel="stylesheet" href="/css/bootstrap.min.css">
|
||||
<!--link rel="stylesheet" href="https://fonts.googleapis.com/css?family=Nunito:200,200i,300,300i,400,400i,600,600i,700,700i,800,800i,900,900i"-->
|
||||
<link rel="stylesheet" href="/fonts/fontawesome-all.min.css">
|
||||
<link rel="stylesheet" href="/css/custom.css">
|
||||
</head>
|
||||
@ -100,7 +99,7 @@
|
||||
<p>Currently listed peers: <strong>{{len .Peers}}</strong></p>
|
||||
</div>
|
||||
</div>
|
||||
{{template "prt_footer.html"}}
|
||||
{{template "prt_footer.html" .}}
|
||||
<script src="/js/jquery.min.js"></script>
|
||||
<script src="/js/bootstrap.bundle.min.js"></script>
|
||||
<script src="/js/jquery.easing.js"></script>
|
||||
|
@ -55,31 +55,39 @@ func loadConfigEnv(cfg interface{}) error {
|
||||
type Config struct {
|
||||
Core struct {
|
||||
ListeningAddress string `yaml:"listeningAddress" envconfig:"LISTENING_ADDRESS"`
|
||||
ExternalUrl string `yaml:"externalUrl" envconfig:"EXTERNAL_URL"`
|
||||
Title string `yaml:"title" envconfig:"WEBSITE_TITLE"`
|
||||
CompanyName string `yaml:"company" envconfig:"COMPANY_NAME"`
|
||||
MailFrom string `yaml:"mailfrom" envconfig:"MAIL_FROM"`
|
||||
AdminUser string `yaml:"adminUser" envconfig:"ADMIN_USER"` // optional, non LDAP admin user
|
||||
AdminPassword string `yaml:"adminPass" envconfig:"ADMIN_PASS"`
|
||||
} `yaml:"core"`
|
||||
|
||||
LDAP ldap.Config `yaml:"ldap"`
|
||||
WG wireguard.Config `yaml:"wg"`
|
||||
AdminLdapGroup string `yaml:"adminLdapGroup" envconfig:"ADMIN_LDAP_GROUP"`
|
||||
LogoutRedirectPath string `yaml:"logoutRedirectPath" envconfig:"LOGOUT_REDIRECT_PATH"`
|
||||
AuthRoutePrefix string `yaml:"authRoutePrefix" envconfig:"AUTH_ROUTE_PREFIX"`
|
||||
Email MailConfig `yaml:"email"`
|
||||
LDAP ldap.Config `yaml:"ldap"`
|
||||
WG wireguard.Config `yaml:"wg"`
|
||||
AdminLdapGroup string `yaml:"adminLdapGroup" envconfig:"ADMIN_LDAP_GROUP"`
|
||||
}
|
||||
|
||||
func NewConfig() *Config {
|
||||
cfg := &Config{}
|
||||
|
||||
// Default config
|
||||
cfg.Core.ListeningAddress = ":8080"
|
||||
cfg.Core.ListeningAddress = ":8123"
|
||||
cfg.Core.Title = "WireGuard VPN"
|
||||
cfg.Core.CompanyName = "WireGuard Portal"
|
||||
cfg.Core.ExternalUrl = "http://localhost:8123"
|
||||
cfg.Core.MailFrom = "WireGuard VPN <noreply@company.com>"
|
||||
cfg.Core.AdminUser = "" // non-ldap admin access is disabled by default
|
||||
cfg.Core.AdminPassword = ""
|
||||
cfg.LDAP.URL = "ldap://srv-ad01.company.local:389"
|
||||
cfg.LDAP.BaseDN = "DC=COMPANY,DC=LOCAL"
|
||||
cfg.LDAP.StartTLS = true
|
||||
cfg.LDAP.BindUser = "company\\ldap_wireguard"
|
||||
cfg.LDAP.BindUser = "company\\\\ldap_wireguard"
|
||||
cfg.LDAP.BindPass = "SuperSecret"
|
||||
cfg.WG.DeviceName = "wg0"
|
||||
cfg.AdminLdapGroup = "CN=WireGuardAdmins,OU=_O_IT,DC=COMPANY,DC=LOCAL"
|
||||
cfg.LogoutRedirectPath = "/"
|
||||
cfg.AuthRoutePrefix = "/auth"
|
||||
cfg.Email.Host = "127.0.0.1"
|
||||
cfg.Email.Port = 25
|
||||
|
||||
// Load config from file and environment
|
||||
cfgFile, ok := os.LookupEnv("CONFIG_FILE")
|
||||
|
@ -18,9 +18,6 @@ var Fields = []string{"givenName", "sn", "mail", "department", "memberOf", "sAMA
|
||||
"st", "postalCode", "co", "facsimileTelephoneNumber", "pager", "thumbnailPhoto", "otherMobile",
|
||||
"extensionAttribute2", "distinguishedName", "userAccountControl"}
|
||||
|
||||
var ModifiableFields = []string{"department", "telephoneNumber", "mobile", "displayName", "title", "company",
|
||||
"manager", "streetAddress", "employeeID", "l", "st", "postalCode", "co", "thumbnailPhoto"}
|
||||
|
||||
// --------------------------------------------------------------------------------------------------------------------
|
||||
// Cache Data Store
|
||||
// --------------------------------------------------------------------------------------------------------------------
|
||||
@ -28,7 +25,6 @@ var ModifiableFields = []string{"department", "telephoneNumber", "mobile", "disp
|
||||
type UserCacheHolder interface {
|
||||
Clear()
|
||||
SetAllUsers(users []RawLdapData)
|
||||
SetUser(data RawLdapData)
|
||||
GetUser(dn string) *RawLdapData
|
||||
GetUsers() []*RawLdapData
|
||||
}
|
||||
@ -95,14 +91,6 @@ func (h *SynchronizedUserCacheHolder) SetAllUsers(users []RawLdapData) {
|
||||
}
|
||||
}
|
||||
|
||||
func (h *SynchronizedUserCacheHolder) SetUser(user RawLdapData) {
|
||||
h.mux.Lock()
|
||||
defer h.mux.Unlock()
|
||||
|
||||
h.users[user.DN] = &UserCacheHolderEntry{RawLdapData: user}
|
||||
h.users[user.DN].CalcFieldsFromAttributes()
|
||||
}
|
||||
|
||||
func (h *SynchronizedUserCacheHolder) GetUser(dn string) *RawLdapData {
|
||||
h.mux.RLock()
|
||||
defer h.mux.RUnlock()
|
||||
@ -152,30 +140,6 @@ func (h *SynchronizedUserCacheHolder) GetSortedUsers(sortKey string, sortDirecti
|
||||
|
||||
}
|
||||
|
||||
func (h *SynchronizedUserCacheHolder) GetFilteredUsers(sortKey string, sortDirection string, search, searchDepartment string) []*UserCacheHolderEntry {
|
||||
sortedUsers := h.GetSortedUsers(sortKey, sortDirection)
|
||||
if search == "" && searchDepartment == "" {
|
||||
return sortedUsers // skip filtering
|
||||
}
|
||||
|
||||
filteredUsers := make([]*UserCacheHolderEntry, 0, len(sortedUsers))
|
||||
for _, user := range sortedUsers {
|
||||
if searchDepartment != "" && user.Attributes["department"] != searchDepartment {
|
||||
continue
|
||||
}
|
||||
if strings.Contains(user.Attributes["sn"], search) ||
|
||||
strings.Contains(user.Attributes["givenName"], search) ||
|
||||
strings.Contains(user.Mail, search) ||
|
||||
strings.Contains(user.Attributes["department"], search) ||
|
||||
strings.Contains(user.Attributes["telephoneNumber"], search) ||
|
||||
strings.Contains(user.Attributes["mobile"], search) {
|
||||
filteredUsers = append(filteredUsers, user)
|
||||
}
|
||||
}
|
||||
|
||||
return filteredUsers
|
||||
}
|
||||
|
||||
func (h *SynchronizedUserCacheHolder) IsInGroup(username, gid string) bool {
|
||||
userDN := h.GetUserDN(username)
|
||||
if userDN == "" {
|
||||
@ -231,45 +195,6 @@ func (h *SynchronizedUserCacheHolder) GetUserDNByMail(mail string) string {
|
||||
return userDN
|
||||
}
|
||||
|
||||
func (h *SynchronizedUserCacheHolder) GetTeamLeaders() []*UserCacheHolderEntry {
|
||||
|
||||
sortedUsers := h.GetSortedUsers("sn", "asc")
|
||||
teamLeaders := make([]*UserCacheHolderEntry, 0, len(sortedUsers))
|
||||
for _, user := range sortedUsers {
|
||||
if user.Attributes["extensionAttribute2"] != "Teamleiter" {
|
||||
continue
|
||||
}
|
||||
|
||||
teamLeaders = append(teamLeaders, user)
|
||||
}
|
||||
|
||||
return teamLeaders
|
||||
}
|
||||
|
||||
func (h *SynchronizedUserCacheHolder) GetDepartments() []string {
|
||||
h.mux.RLock()
|
||||
defer h.mux.RUnlock()
|
||||
|
||||
departmentSet := make(map[string]struct{})
|
||||
for _, user := range h.users {
|
||||
if user.Attributes["department"] == "" {
|
||||
continue
|
||||
}
|
||||
departmentSet[user.Attributes["department"]] = struct{}{}
|
||||
}
|
||||
|
||||
departments := make([]string, len(departmentSet))
|
||||
i := 0
|
||||
for department := range departmentSet {
|
||||
departments[i] = department
|
||||
i++
|
||||
}
|
||||
|
||||
sort.Strings(departments)
|
||||
|
||||
return departments
|
||||
}
|
||||
|
||||
// --------------------------------------------------------------------------------------------------------------------
|
||||
// Cache Handler, LDAP interaction
|
||||
// --------------------------------------------------------------------------------------------------------------------
|
||||
@ -398,58 +323,3 @@ func (u *UserCache) Update(filter bool) error {
|
||||
|
||||
return nil
|
||||
}
|
||||
|
||||
func (u *UserCache) ModifyUserData(dn string, newData RawLdapData, fields []string) error {
|
||||
if fields == nil {
|
||||
fields = ModifiableFields // default
|
||||
}
|
||||
|
||||
existingUserData := u.userData.GetUser(dn)
|
||||
if existingUserData == nil {
|
||||
return fmt.Errorf("user with dn %s not found", dn)
|
||||
}
|
||||
|
||||
modify := ldap.NewModifyRequest(dn, nil)
|
||||
|
||||
for _, ldapAttribute := range fields {
|
||||
if existingUserData.Attributes[ldapAttribute] == newData.Attributes[ldapAttribute] {
|
||||
continue // do not update unchanged fields
|
||||
}
|
||||
|
||||
if len(existingUserData.RawAttributes[ldapAttribute]) == 0 && newData.Attributes[ldapAttribute] != "" {
|
||||
modify.Add(ldapAttribute, []string{newData.Attributes[ldapAttribute]})
|
||||
newData.RawAttributes[ldapAttribute] = [][]byte{
|
||||
[]byte(newData.Attributes[ldapAttribute]),
|
||||
}
|
||||
}
|
||||
if len(existingUserData.RawAttributes[ldapAttribute]) != 0 && newData.Attributes[ldapAttribute] != "" {
|
||||
modify.Replace(ldapAttribute, []string{newData.Attributes[ldapAttribute]})
|
||||
newData.RawAttributes[ldapAttribute][0] = []byte(newData.Attributes[ldapAttribute])
|
||||
}
|
||||
if len(existingUserData.RawAttributes[ldapAttribute]) != 0 && newData.Attributes[ldapAttribute] == "" {
|
||||
modify.Delete(ldapAttribute, []string{})
|
||||
newData.RawAttributes[ldapAttribute] = [][]byte{} // clear list
|
||||
}
|
||||
}
|
||||
|
||||
if len(modify.Changes) == 0 {
|
||||
return nil
|
||||
}
|
||||
|
||||
client, err := u.open()
|
||||
if err != nil {
|
||||
u.LastError = err
|
||||
return err
|
||||
}
|
||||
defer u.close(client)
|
||||
|
||||
err = client.Modify(modify)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
// Once written to ldap, update the local cache
|
||||
u.userData.SetUser(newData)
|
||||
|
||||
return nil
|
||||
}
|
||||
|
@ -56,8 +56,9 @@ type AlertData struct {
|
||||
type StaticData struct {
|
||||
WebsiteTitle string
|
||||
WebsiteLogo string
|
||||
LoginURL string
|
||||
LogoutURL string
|
||||
CompanyName string
|
||||
Year int
|
||||
LdapDisabled bool
|
||||
}
|
||||
|
||||
type Server struct {
|
||||
@ -71,6 +72,7 @@ type Server struct {
|
||||
wg *wireguard.Manager
|
||||
|
||||
// LDAP stuff
|
||||
ldapDisabled bool
|
||||
ldapAuth ldap.Authentication
|
||||
ldapUsers *ldap.SynchronizedUserCacheHolder
|
||||
ldapCacheUpdater *ldap.UserCache
|
||||
@ -88,7 +90,9 @@ func (s *Server) Setup() error {
|
||||
s.ldapUsers.Init()
|
||||
s.ldapCacheUpdater = ldap.NewUserCache(s.config.LDAP, s.ldapUsers)
|
||||
if s.ldapCacheUpdater.LastError != nil {
|
||||
return s.ldapCacheUpdater.LastError
|
||||
log.Warnf("LDAP error: %v", s.ldapCacheUpdater.LastError)
|
||||
log.Warnf("LDAP features disabled!")
|
||||
s.ldapDisabled = true
|
||||
}
|
||||
|
||||
// Setup WireGuard stuff
|
||||
@ -141,15 +145,17 @@ func (s *Server) Setup() error {
|
||||
|
||||
func (s *Server) Run() {
|
||||
// Start ldap group watcher
|
||||
go func(s *Server) {
|
||||
for {
|
||||
time.Sleep(CacheRefreshDuration)
|
||||
if err := s.ldapCacheUpdater.Update(true); err != nil {
|
||||
log.Warnf("Failed to update ldap group cache: %v", err)
|
||||
if !s.ldapDisabled {
|
||||
go func(s *Server) {
|
||||
for {
|
||||
time.Sleep(CacheRefreshDuration)
|
||||
if err := s.ldapCacheUpdater.Update(true); err != nil {
|
||||
log.Warnf("Failed to update ldap group cache: %v", err)
|
||||
}
|
||||
log.Debugf("Refreshed LDAP permissions!")
|
||||
}
|
||||
log.Debugf("Refreshed LDAP permissions!")
|
||||
}
|
||||
}(s)
|
||||
}(s)
|
||||
}
|
||||
|
||||
// Run web service
|
||||
err := s.server.Run(s.config.Core.ListeningAddress)
|
||||
@ -233,8 +239,10 @@ func (s *Server) destroySessionData(c *gin.Context) error {
|
||||
func (s *Server) getStaticData() StaticData {
|
||||
return StaticData{
|
||||
WebsiteTitle: s.config.Core.Title,
|
||||
LoginURL: s.config.AuthRoutePrefix + "/login",
|
||||
LogoutURL: s.config.AuthRoutePrefix + "/logout",
|
||||
WebsiteLogo: "/img/header-logo.png",
|
||||
CompanyName: s.config.Core.CompanyName,
|
||||
LdapDisabled: s.ldapDisabled,
|
||||
Year: time.Now().Year(),
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -1,588 +0,0 @@
|
||||
package server
|
||||
|
||||
import (
|
||||
"bytes"
|
||||
"net/http"
|
||||
"net/url"
|
||||
"strconv"
|
||||
"strings"
|
||||
"time"
|
||||
|
||||
log "github.com/sirupsen/logrus"
|
||||
|
||||
"github.com/h44z/wg-portal/internal/ldap"
|
||||
|
||||
"github.com/h44z/wg-portal/internal/common"
|
||||
|
||||
"github.com/gin-gonic/gin"
|
||||
)
|
||||
|
||||
type LdapCreateForm struct {
|
||||
Emails string `form:"email" binding:"required"`
|
||||
Identifier string `form:"identifier" binding:"required,lte=20"`
|
||||
}
|
||||
|
||||
func (s *Server) GetIndex(c *gin.Context) {
|
||||
c.HTML(http.StatusOK, "index.html", struct {
|
||||
Route string
|
||||
Alerts AlertData
|
||||
Session SessionData
|
||||
Static StaticData
|
||||
Device Device
|
||||
}{
|
||||
Route: c.Request.URL.Path,
|
||||
Alerts: s.getAlertData(c),
|
||||
Session: s.getSessionData(c),
|
||||
Static: s.getStaticData(),
|
||||
Device: s.users.GetDevice(),
|
||||
})
|
||||
}
|
||||
|
||||
func (s *Server) HandleError(c *gin.Context, code int, message, details string) {
|
||||
// TODO: if json
|
||||
//c.JSON(code, gin.H{"error": message, "details": details})
|
||||
|
||||
c.HTML(code, "error.html", gin.H{
|
||||
"Data": gin.H{
|
||||
"Code": strconv.Itoa(code),
|
||||
"Message": message,
|
||||
"Details": details,
|
||||
},
|
||||
"Route": c.Request.URL.Path,
|
||||
"Session": s.getSessionData(c),
|
||||
"Static": s.getStaticData(),
|
||||
})
|
||||
}
|
||||
|
||||
func (s *Server) GetAdminIndex(c *gin.Context) {
|
||||
currentSession := s.getSessionData(c)
|
||||
|
||||
sort := c.Query("sort")
|
||||
if sort != "" {
|
||||
if currentSession.SortedBy != sort {
|
||||
currentSession.SortedBy = sort
|
||||
currentSession.SortDirection = "asc"
|
||||
} else {
|
||||
if currentSession.SortDirection == "asc" {
|
||||
currentSession.SortDirection = "desc"
|
||||
} else {
|
||||
currentSession.SortDirection = "asc"
|
||||
}
|
||||
}
|
||||
|
||||
if err := s.updateSessionData(c, currentSession); err != nil {
|
||||
s.HandleError(c, http.StatusInternalServerError, "sort error", "failed to save session")
|
||||
return
|
||||
}
|
||||
c.Redirect(http.StatusSeeOther, "/admin")
|
||||
return
|
||||
}
|
||||
|
||||
search, searching := c.GetQuery("search")
|
||||
if searching {
|
||||
currentSession.Search = search
|
||||
|
||||
if err := s.updateSessionData(c, currentSession); err != nil {
|
||||
s.HandleError(c, http.StatusInternalServerError, "search error", "failed to save session")
|
||||
return
|
||||
}
|
||||
c.Redirect(http.StatusSeeOther, "/admin")
|
||||
return
|
||||
}
|
||||
|
||||
device := s.users.GetDevice()
|
||||
users := s.users.GetFilteredAndSortedUsers(currentSession.SortedBy, currentSession.SortDirection, currentSession.Search)
|
||||
|
||||
c.HTML(http.StatusOK, "admin_index.html", struct {
|
||||
Route string
|
||||
Alerts AlertData
|
||||
Session SessionData
|
||||
Static StaticData
|
||||
Peers []User
|
||||
TotalPeers int
|
||||
Device Device
|
||||
}{
|
||||
Route: c.Request.URL.Path,
|
||||
Alerts: s.getAlertData(c),
|
||||
Session: currentSession,
|
||||
Static: s.getStaticData(),
|
||||
Peers: users,
|
||||
TotalPeers: len(s.users.GetAllUsers()),
|
||||
Device: device,
|
||||
})
|
||||
}
|
||||
|
||||
func (s *Server) GetUserIndex(c *gin.Context) {
|
||||
currentSession := s.getSessionData(c)
|
||||
|
||||
sort := c.Query("sort")
|
||||
if sort != "" {
|
||||
if currentSession.SortedBy != sort {
|
||||
currentSession.SortedBy = sort
|
||||
currentSession.SortDirection = "asc"
|
||||
} else {
|
||||
if currentSession.SortDirection == "asc" {
|
||||
currentSession.SortDirection = "desc"
|
||||
} else {
|
||||
currentSession.SortDirection = "asc"
|
||||
}
|
||||
}
|
||||
|
||||
if err := s.updateSessionData(c, currentSession); err != nil {
|
||||
s.HandleError(c, http.StatusInternalServerError, "sort error", "failed to save session")
|
||||
return
|
||||
}
|
||||
c.Redirect(http.StatusSeeOther, "/admin")
|
||||
return
|
||||
}
|
||||
|
||||
device := s.users.GetDevice()
|
||||
users := s.users.GetSortedUsersForEmail(currentSession.SortedBy, currentSession.SortDirection, currentSession.Email)
|
||||
|
||||
c.HTML(http.StatusOK, "user_index.html", struct {
|
||||
Route string
|
||||
Alerts AlertData
|
||||
Session SessionData
|
||||
Static StaticData
|
||||
Peers []User
|
||||
TotalPeers int
|
||||
Device Device
|
||||
}{
|
||||
Route: c.Request.URL.Path,
|
||||
Alerts: s.getAlertData(c),
|
||||
Session: currentSession,
|
||||
Static: s.getStaticData(),
|
||||
Peers: users,
|
||||
TotalPeers: len(users),
|
||||
Device: device,
|
||||
})
|
||||
}
|
||||
|
||||
func (s *Server) GetAdminEditInterface(c *gin.Context) {
|
||||
device := s.users.GetDevice()
|
||||
users := s.users.GetAllUsers()
|
||||
|
||||
currentSession, err := s.setFormInSession(c, device)
|
||||
if err != nil {
|
||||
s.HandleError(c, http.StatusInternalServerError, "Session error", err.Error())
|
||||
return
|
||||
}
|
||||
|
||||
c.HTML(http.StatusOK, "admin_edit_interface.html", struct {
|
||||
Route string
|
||||
Alerts AlertData
|
||||
Session SessionData
|
||||
Static StaticData
|
||||
Peers []User
|
||||
Device Device
|
||||
}{
|
||||
Route: c.Request.URL.Path,
|
||||
Alerts: s.getAlertData(c),
|
||||
Session: currentSession,
|
||||
Static: s.getStaticData(),
|
||||
Peers: users,
|
||||
Device: currentSession.FormData.(Device),
|
||||
})
|
||||
}
|
||||
|
||||
func (s *Server) PostAdminEditInterface(c *gin.Context) {
|
||||
currentSession := s.getSessionData(c)
|
||||
var formDevice Device
|
||||
if currentSession.FormData != nil {
|
||||
formDevice = currentSession.FormData.(Device)
|
||||
}
|
||||
if err := c.ShouldBind(&formDevice); err != nil {
|
||||
_ = s.updateFormInSession(c, formDevice)
|
||||
s.setAlert(c, "failed to bind form data: "+err.Error(), "danger")
|
||||
c.Redirect(http.StatusSeeOther, "/admin/device/edit?formerr=bind")
|
||||
return
|
||||
}
|
||||
// Clean list input
|
||||
formDevice.IPs = common.ParseStringList(formDevice.IPsStr)
|
||||
formDevice.AllowedIPs = common.ParseStringList(formDevice.AllowedIPsStr)
|
||||
formDevice.DNS = common.ParseStringList(formDevice.DNSStr)
|
||||
formDevice.IPsStr = common.ListToString(formDevice.IPs)
|
||||
formDevice.AllowedIPsStr = common.ListToString(formDevice.AllowedIPs)
|
||||
formDevice.DNSStr = common.ListToString(formDevice.DNS)
|
||||
|
||||
// Update WireGuard device
|
||||
err := s.wg.UpdateDevice(formDevice.DeviceName, formDevice.GetDeviceConfig())
|
||||
if err != nil {
|
||||
_ = s.updateFormInSession(c, formDevice)
|
||||
s.setAlert(c, "failed to update device in WireGuard: "+err.Error(), "danger")
|
||||
c.Redirect(http.StatusSeeOther, "/admin/device/edit?formerr=wg")
|
||||
return
|
||||
}
|
||||
|
||||
// Update in database
|
||||
err = s.users.UpdateDevice(formDevice)
|
||||
if err != nil {
|
||||
_ = s.updateFormInSession(c, formDevice)
|
||||
s.setAlert(c, "failed to update device in database: "+err.Error(), "danger")
|
||||
c.Redirect(http.StatusSeeOther, "/admin/device/edit?formerr=update")
|
||||
return
|
||||
}
|
||||
|
||||
s.setAlert(c, "changes applied successfully", "success")
|
||||
c.Redirect(http.StatusSeeOther, "/admin/device/edit")
|
||||
}
|
||||
|
||||
func (s *Server) GetAdminEditPeer(c *gin.Context) {
|
||||
device := s.users.GetDevice()
|
||||
user := s.users.GetUserByKey(c.Query("pkey"))
|
||||
|
||||
currentSession, err := s.setFormInSession(c, user)
|
||||
if err != nil {
|
||||
s.HandleError(c, http.StatusInternalServerError, "Session error", err.Error())
|
||||
return
|
||||
}
|
||||
|
||||
c.HTML(http.StatusOK, "admin_edit_client.html", struct {
|
||||
Route string
|
||||
Alerts AlertData
|
||||
Session SessionData
|
||||
Static StaticData
|
||||
Peer User
|
||||
Device Device
|
||||
}{
|
||||
Route: c.Request.URL.Path,
|
||||
Alerts: s.getAlertData(c),
|
||||
Session: currentSession,
|
||||
Static: s.getStaticData(),
|
||||
Peer: currentSession.FormData.(User),
|
||||
Device: device,
|
||||
})
|
||||
}
|
||||
|
||||
func (s *Server) PostAdminEditPeer(c *gin.Context) {
|
||||
currentUser := s.users.GetUserByKey(c.Query("pkey"))
|
||||
urlEncodedKey := url.QueryEscape(c.Query("pkey"))
|
||||
|
||||
currentSession := s.getSessionData(c)
|
||||
var formUser User
|
||||
if currentSession.FormData != nil {
|
||||
formUser = currentSession.FormData.(User)
|
||||
}
|
||||
if err := c.ShouldBind(&formUser); err != nil {
|
||||
_ = s.updateFormInSession(c, formUser)
|
||||
s.setAlert(c, "failed to bind form data: "+err.Error(), "danger")
|
||||
c.Redirect(http.StatusSeeOther, "/admin/peer/edit?pkey="+urlEncodedKey+"&formerr=bind")
|
||||
return
|
||||
}
|
||||
|
||||
// Clean list input
|
||||
formUser.IPs = common.ParseStringList(formUser.IPsStr)
|
||||
formUser.AllowedIPs = common.ParseStringList(formUser.AllowedIPsStr)
|
||||
formUser.IPsStr = common.ListToString(formUser.IPs)
|
||||
formUser.AllowedIPsStr = common.ListToString(formUser.AllowedIPs)
|
||||
|
||||
disabled := c.PostForm("isdisabled") != ""
|
||||
now := time.Now()
|
||||
if disabled && currentUser.DeactivatedAt == nil {
|
||||
formUser.DeactivatedAt = &now
|
||||
} else if !disabled {
|
||||
formUser.DeactivatedAt = nil
|
||||
}
|
||||
|
||||
// Update in database
|
||||
if err := s.UpdateUser(formUser, now); err != nil {
|
||||
_ = s.updateFormInSession(c, formUser)
|
||||
s.setAlert(c, "failed to update user: "+err.Error(), "danger")
|
||||
c.Redirect(http.StatusSeeOther, "/admin/peer/edit?pkey="+urlEncodedKey+"&formerr=update")
|
||||
return
|
||||
}
|
||||
|
||||
s.setAlert(c, "changes applied successfully", "success")
|
||||
c.Redirect(http.StatusSeeOther, "/admin/peer/edit?pkey="+urlEncodedKey)
|
||||
}
|
||||
|
||||
func (s *Server) GetAdminCreatePeer(c *gin.Context) {
|
||||
device := s.users.GetDevice()
|
||||
|
||||
currentSession, err := s.setNewUserFormInSession(c)
|
||||
if err != nil {
|
||||
s.HandleError(c, http.StatusInternalServerError, "Session error", err.Error())
|
||||
return
|
||||
}
|
||||
c.HTML(http.StatusOK, "admin_edit_client.html", struct {
|
||||
Route string
|
||||
Alerts AlertData
|
||||
Session SessionData
|
||||
Static StaticData
|
||||
Peer User
|
||||
Device Device
|
||||
}{
|
||||
Route: c.Request.URL.Path,
|
||||
Alerts: s.getAlertData(c),
|
||||
Session: currentSession,
|
||||
Static: s.getStaticData(),
|
||||
Peer: currentSession.FormData.(User),
|
||||
Device: device,
|
||||
})
|
||||
}
|
||||
|
||||
func (s *Server) PostAdminCreatePeer(c *gin.Context) {
|
||||
currentSession := s.getSessionData(c)
|
||||
var formUser User
|
||||
if currentSession.FormData != nil {
|
||||
formUser = currentSession.FormData.(User)
|
||||
}
|
||||
if err := c.ShouldBind(&formUser); err != nil {
|
||||
_ = s.updateFormInSession(c, formUser)
|
||||
s.setAlert(c, "failed to bind form data: "+err.Error(), "danger")
|
||||
c.Redirect(http.StatusSeeOther, "/admin/peer/create?formerr=bind")
|
||||
return
|
||||
}
|
||||
|
||||
// Clean list input
|
||||
formUser.IPs = common.ParseStringList(formUser.IPsStr)
|
||||
formUser.AllowedIPs = common.ParseStringList(formUser.AllowedIPsStr)
|
||||
formUser.IPsStr = common.ListToString(formUser.IPs)
|
||||
formUser.AllowedIPsStr = common.ListToString(formUser.AllowedIPs)
|
||||
|
||||
disabled := c.PostForm("isdisabled") != ""
|
||||
now := time.Now()
|
||||
if disabled {
|
||||
formUser.DeactivatedAt = &now
|
||||
}
|
||||
|
||||
if err := s.CreateUser(formUser); err != nil {
|
||||
_ = s.updateFormInSession(c, formUser)
|
||||
s.setAlert(c, "failed to add user: "+err.Error(), "danger")
|
||||
c.Redirect(http.StatusSeeOther, "/admin/peer/create?formerr=create")
|
||||
return
|
||||
}
|
||||
|
||||
s.setAlert(c, "client created successfully", "success")
|
||||
c.Redirect(http.StatusSeeOther, "/admin")
|
||||
}
|
||||
|
||||
func (s *Server) GetAdminCreateLdapPeers(c *gin.Context) {
|
||||
currentSession, err := s.setFormInSession(c, LdapCreateForm{Identifier: "Default"})
|
||||
if err != nil {
|
||||
s.HandleError(c, http.StatusInternalServerError, "Session error", err.Error())
|
||||
return
|
||||
}
|
||||
|
||||
c.HTML(http.StatusOK, "admin_create_clients.html", struct {
|
||||
Route string
|
||||
Alerts AlertData
|
||||
Session SessionData
|
||||
Static StaticData
|
||||
Users []*ldap.UserCacheHolderEntry
|
||||
FormData LdapCreateForm
|
||||
Device Device
|
||||
}{
|
||||
Route: c.Request.URL.Path,
|
||||
Alerts: s.getAlertData(c),
|
||||
Session: currentSession,
|
||||
Static: s.getStaticData(),
|
||||
Users: s.ldapUsers.GetSortedUsers("sn", "asc"),
|
||||
FormData: currentSession.FormData.(LdapCreateForm),
|
||||
Device: s.users.GetDevice(),
|
||||
})
|
||||
}
|
||||
|
||||
func (s *Server) PostAdminCreateLdapPeers(c *gin.Context) {
|
||||
currentSession := s.getSessionData(c)
|
||||
var formData LdapCreateForm
|
||||
if currentSession.FormData != nil {
|
||||
formData = currentSession.FormData.(LdapCreateForm)
|
||||
}
|
||||
if err := c.ShouldBind(&formData); err != nil {
|
||||
_ = s.updateFormInSession(c, formData)
|
||||
s.setAlert(c, "failed to bind form data: "+err.Error(), "danger")
|
||||
c.Redirect(http.StatusSeeOther, "/admin/peer/createldap?formerr=bind")
|
||||
return
|
||||
}
|
||||
|
||||
emails := common.ParseStringList(formData.Emails)
|
||||
for i := range emails {
|
||||
// TODO: also check email addr for validity?
|
||||
if !strings.ContainsRune(emails[i], '@') || s.ldapUsers.GetUserDNByMail(emails[i]) == "" {
|
||||
_ = s.updateFormInSession(c, formData)
|
||||
s.setAlert(c, "invalid email address: "+emails[i], "danger")
|
||||
c.Redirect(http.StatusSeeOther, "/admin/peer/createldap?formerr=mail")
|
||||
return
|
||||
}
|
||||
}
|
||||
|
||||
log.Infof("creating %d ldap peers", len(emails))
|
||||
|
||||
for i := range emails {
|
||||
if err := s.CreateUserByEmail(emails[i], formData.Identifier, false); err != nil {
|
||||
_ = s.updateFormInSession(c, formData)
|
||||
s.setAlert(c, "failed to add user: "+err.Error(), "danger")
|
||||
c.Redirect(http.StatusSeeOther, "/admin/peer/createldap?formerr=create")
|
||||
return
|
||||
}
|
||||
}
|
||||
|
||||
s.setAlert(c, "client(s) created successfully", "success")
|
||||
c.Redirect(http.StatusSeeOther, "/admin/peer/createldap")
|
||||
}
|
||||
|
||||
func (s *Server) GetAdminDeletePeer(c *gin.Context) {
|
||||
currentUser := s.users.GetUserByKey(c.Query("pkey"))
|
||||
if err := s.DeleteUser(currentUser); err != nil {
|
||||
s.HandleError(c, http.StatusInternalServerError, "Deletion error", err.Error())
|
||||
return
|
||||
}
|
||||
s.setAlert(c, "user deleted successfully", "success")
|
||||
c.Redirect(http.StatusSeeOther, "/admin")
|
||||
}
|
||||
|
||||
func (s *Server) GetUserQRCode(c *gin.Context) {
|
||||
user := s.users.GetUserByKey(c.Query("pkey"))
|
||||
currentSession := s.getSessionData(c)
|
||||
if !currentSession.IsAdmin && user.Email != currentSession.Email {
|
||||
s.HandleError(c, http.StatusUnauthorized, "No permissions", "You don't have permissions to view this resource!")
|
||||
return
|
||||
}
|
||||
|
||||
png, err := user.GetQRCode()
|
||||
if err != nil {
|
||||
s.HandleError(c, http.StatusInternalServerError, "QRCode error", err.Error())
|
||||
return
|
||||
}
|
||||
c.Data(http.StatusOK, "image/png", png)
|
||||
return
|
||||
}
|
||||
|
||||
func (s *Server) GetUserConfig(c *gin.Context) {
|
||||
user := s.users.GetUserByKey(c.Query("pkey"))
|
||||
currentSession := s.getSessionData(c)
|
||||
if !currentSession.IsAdmin && user.Email != currentSession.Email {
|
||||
s.HandleError(c, http.StatusUnauthorized, "No permissions", "You don't have permissions to view this resource!")
|
||||
return
|
||||
}
|
||||
|
||||
cfg, err := user.GetClientConfigFile(s.users.GetDevice())
|
||||
if err != nil {
|
||||
s.HandleError(c, http.StatusInternalServerError, "ConfigFile error", err.Error())
|
||||
return
|
||||
}
|
||||
|
||||
c.Header("Content-Disposition", "attachment; filename="+user.GetConfigFileName())
|
||||
c.Data(http.StatusOK, "application/config", cfg)
|
||||
return
|
||||
}
|
||||
|
||||
func (s *Server) GetUserConfigMail(c *gin.Context) {
|
||||
user := s.users.GetUserByKey(c.Query("pkey"))
|
||||
currentSession := s.getSessionData(c)
|
||||
if !currentSession.IsAdmin && user.Email != currentSession.Email {
|
||||
s.HandleError(c, http.StatusUnauthorized, "No permissions", "You don't have permissions to view this resource!")
|
||||
return
|
||||
}
|
||||
|
||||
cfg, err := user.GetClientConfigFile(s.users.GetDevice())
|
||||
if err != nil {
|
||||
s.HandleError(c, http.StatusInternalServerError, "ConfigFile error", err.Error())
|
||||
return
|
||||
}
|
||||
png, err := user.GetQRCode()
|
||||
if err != nil {
|
||||
s.HandleError(c, http.StatusInternalServerError, "QRCode error", err.Error())
|
||||
return
|
||||
}
|
||||
// Apply mail template
|
||||
var tplBuff bytes.Buffer
|
||||
if err := s.mailTpl.Execute(&tplBuff, struct {
|
||||
Client User
|
||||
QrcodePngName string
|
||||
PortalUrl string
|
||||
}{
|
||||
Client: user,
|
||||
QrcodePngName: "wireguard-config.png",
|
||||
PortalUrl: s.config.Core.ExternalUrl,
|
||||
}); err != nil {
|
||||
s.HandleError(c, http.StatusInternalServerError, "Template error", err.Error())
|
||||
return
|
||||
}
|
||||
|
||||
// Send mail
|
||||
attachments := []common.MailAttachment{
|
||||
{
|
||||
Name: user.GetConfigFileName(),
|
||||
ContentType: "application/config",
|
||||
Data: bytes.NewReader(cfg),
|
||||
},
|
||||
{
|
||||
Name: "wireguard-config.png",
|
||||
ContentType: "image/png",
|
||||
Data: bytes.NewReader(png),
|
||||
},
|
||||
}
|
||||
|
||||
if err := common.SendEmailWithAttachments(s.config.Email, s.config.Core.MailFrom, "", "WireGuard VPN Configuration",
|
||||
"Your mail client does not support HTML. Please find the configuration attached to this mail.", tplBuff.String(),
|
||||
[]string{user.Email}, attachments); err != nil {
|
||||
s.HandleError(c, http.StatusInternalServerError, "Email error", err.Error())
|
||||
return
|
||||
}
|
||||
|
||||
s.setAlert(c, "mail sent successfully", "success")
|
||||
c.Redirect(http.StatusSeeOther, "/admin")
|
||||
}
|
||||
|
||||
func (s *Server) GetDeviceConfig(c *gin.Context) {
|
||||
device := s.users.GetDevice()
|
||||
users := s.users.GetActiveUsers()
|
||||
cfg, err := device.GetDeviceConfigFile(users)
|
||||
if err != nil {
|
||||
s.HandleError(c, http.StatusInternalServerError, "ConfigFile error", err.Error())
|
||||
return
|
||||
}
|
||||
|
||||
filename := strings.ToLower(device.DeviceName) + ".conf"
|
||||
|
||||
c.Header("Content-Disposition", "attachment; filename="+filename)
|
||||
c.Data(http.StatusOK, "application/config", cfg)
|
||||
return
|
||||
}
|
||||
|
||||
func (s *Server) updateFormInSession(c *gin.Context, formData interface{}) error {
|
||||
currentSession := s.getSessionData(c)
|
||||
currentSession.FormData = formData
|
||||
|
||||
if err := s.updateSessionData(c, currentSession); err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
return nil
|
||||
}
|
||||
|
||||
func (s *Server) setNewUserFormInSession(c *gin.Context) (SessionData, error) {
|
||||
currentSession := s.getSessionData(c)
|
||||
// If session does not contain a user form ignore update
|
||||
// If url contains a formerr parameter reset the form
|
||||
if currentSession.FormData == nil || c.Query("formerr") == "" {
|
||||
user, err := s.PrepareNewUser()
|
||||
if err != nil {
|
||||
return currentSession, err
|
||||
}
|
||||
currentSession.FormData = user
|
||||
}
|
||||
|
||||
if err := s.updateSessionData(c, currentSession); err != nil {
|
||||
return currentSession, err
|
||||
}
|
||||
|
||||
return currentSession, nil
|
||||
}
|
||||
|
||||
func (s *Server) setFormInSession(c *gin.Context, formData interface{}) (SessionData, error) {
|
||||
currentSession := s.getSessionData(c)
|
||||
// If session does not contain a form ignore update
|
||||
// If url contains a formerr parameter reset the form
|
||||
if currentSession.FormData == nil || c.Query("formerr") == "" {
|
||||
currentSession.FormData = formData
|
||||
}
|
||||
|
||||
if err := s.updateSessionData(c, currentSession); err != nil {
|
||||
return currentSession, err
|
||||
}
|
||||
|
||||
return currentSession, nil
|
||||
}
|
@ -44,7 +44,7 @@ func (s *Server) PostLogin(c *gin.Context) {
|
||||
|
||||
// Validate form input
|
||||
if strings.Trim(username, " ") == "" || strings.Trim(password, " ") == "" {
|
||||
c.Redirect(http.StatusSeeOther, s.config.AuthRoutePrefix+"/login?err=missingdata")
|
||||
c.Redirect(http.StatusSeeOther, "/auth/login?err=missingdata")
|
||||
return
|
||||
}
|
||||
|
||||
@ -55,12 +55,12 @@ func (s *Server) PostLogin(c *gin.Context) {
|
||||
|
||||
// Check if user is in cache, avoid unnecessary ldap requests
|
||||
if !adminAuthenticated && !s.ldapUsers.UserExists(username) {
|
||||
c.Redirect(http.StatusSeeOther, s.config.AuthRoutePrefix+"/login?err=authfail")
|
||||
c.Redirect(http.StatusSeeOther, "/auth/login?err=authfail")
|
||||
}
|
||||
|
||||
// Check if username and password match
|
||||
if !adminAuthenticated && !s.ldapAuth.CheckLogin(username, password) {
|
||||
c.Redirect(http.StatusSeeOther, s.config.AuthRoutePrefix+"/login?err=authfail")
|
||||
c.Redirect(http.StatusSeeOther, "/auth/login?err=authfail")
|
||||
return
|
||||
}
|
||||
|
||||
@ -96,7 +96,7 @@ func (s *Server) PostLogin(c *gin.Context) {
|
||||
}
|
||||
|
||||
if err := s.updateSessionData(c, sessionData); err != nil {
|
||||
s.HandleError(c, http.StatusInternalServerError, "login error", "failed to save session")
|
||||
s.GetHandleError(c, http.StatusInternalServerError, "login error", "failed to save session")
|
||||
return
|
||||
}
|
||||
c.Redirect(http.StatusSeeOther, "/")
|
||||
@ -106,13 +106,13 @@ func (s *Server) GetLogout(c *gin.Context) {
|
||||
currentSession := s.getSessionData(c)
|
||||
|
||||
if !currentSession.LoggedIn { // Not logged in
|
||||
c.Redirect(http.StatusSeeOther, s.config.LogoutRedirectPath)
|
||||
c.Redirect(http.StatusSeeOther, "/")
|
||||
return
|
||||
}
|
||||
|
||||
if err := s.destroySessionData(c); err != nil {
|
||||
s.HandleError(c, http.StatusInternalServerError, "logout error", "failed to destroy session")
|
||||
s.GetHandleError(c, http.StatusInternalServerError, "logout error", "failed to destroy session")
|
||||
return
|
||||
}
|
||||
c.Redirect(http.StatusSeeOther, s.config.LogoutRedirectPath)
|
||||
c.Redirect(http.StatusSeeOther, "/")
|
||||
}
|
||||
|
188
internal/server/handlers_common.go
Normal file
@ -0,0 +1,188 @@
|
||||
package server
|
||||
|
||||
import (
|
||||
"net/http"
|
||||
"strconv"
|
||||
|
||||
"github.com/gin-gonic/gin"
|
||||
)
|
||||
|
||||
func (s *Server) GetHandleError(c *gin.Context, code int, message, details string) {
|
||||
c.HTML(code, "error.html", gin.H{
|
||||
"Data": gin.H{
|
||||
"Code": strconv.Itoa(code),
|
||||
"Message": message,
|
||||
"Details": details,
|
||||
},
|
||||
"Route": c.Request.URL.Path,
|
||||
"Session": s.getSessionData(c),
|
||||
"Static": s.getStaticData(),
|
||||
})
|
||||
}
|
||||
|
||||
func (s *Server) GetIndex(c *gin.Context) {
|
||||
c.HTML(http.StatusOK, "index.html", struct {
|
||||
Route string
|
||||
Alerts AlertData
|
||||
Session SessionData
|
||||
Static StaticData
|
||||
Device Device
|
||||
}{
|
||||
Route: c.Request.URL.Path,
|
||||
Alerts: s.getAlertData(c),
|
||||
Session: s.getSessionData(c),
|
||||
Static: s.getStaticData(),
|
||||
Device: s.users.GetDevice(),
|
||||
})
|
||||
}
|
||||
|
||||
func (s *Server) GetAdminIndex(c *gin.Context) {
|
||||
currentSession := s.getSessionData(c)
|
||||
|
||||
sort := c.Query("sort")
|
||||
if sort != "" {
|
||||
if currentSession.SortedBy != sort {
|
||||
currentSession.SortedBy = sort
|
||||
currentSession.SortDirection = "asc"
|
||||
} else {
|
||||
if currentSession.SortDirection == "asc" {
|
||||
currentSession.SortDirection = "desc"
|
||||
} else {
|
||||
currentSession.SortDirection = "asc"
|
||||
}
|
||||
}
|
||||
|
||||
if err := s.updateSessionData(c, currentSession); err != nil {
|
||||
s.GetHandleError(c, http.StatusInternalServerError, "sort error", "failed to save session")
|
||||
return
|
||||
}
|
||||
c.Redirect(http.StatusSeeOther, "/admin")
|
||||
return
|
||||
}
|
||||
|
||||
search, searching := c.GetQuery("search")
|
||||
if searching {
|
||||
currentSession.Search = search
|
||||
|
||||
if err := s.updateSessionData(c, currentSession); err != nil {
|
||||
s.GetHandleError(c, http.StatusInternalServerError, "search error", "failed to save session")
|
||||
return
|
||||
}
|
||||
c.Redirect(http.StatusSeeOther, "/admin")
|
||||
return
|
||||
}
|
||||
|
||||
device := s.users.GetDevice()
|
||||
users := s.users.GetFilteredAndSortedUsers(currentSession.SortedBy, currentSession.SortDirection, currentSession.Search)
|
||||
|
||||
c.HTML(http.StatusOK, "admin_index.html", struct {
|
||||
Route string
|
||||
Alerts AlertData
|
||||
Session SessionData
|
||||
Static StaticData
|
||||
Peers []User
|
||||
TotalPeers int
|
||||
Device Device
|
||||
LdapDisabled bool
|
||||
}{
|
||||
Route: c.Request.URL.Path,
|
||||
Alerts: s.getAlertData(c),
|
||||
Session: currentSession,
|
||||
Static: s.getStaticData(),
|
||||
Peers: users,
|
||||
TotalPeers: len(s.users.GetAllUsers()),
|
||||
Device: device,
|
||||
LdapDisabled: s.ldapDisabled,
|
||||
})
|
||||
}
|
||||
|
||||
func (s *Server) GetUserIndex(c *gin.Context) {
|
||||
currentSession := s.getSessionData(c)
|
||||
|
||||
sort := c.Query("sort")
|
||||
if sort != "" {
|
||||
if currentSession.SortedBy != sort {
|
||||
currentSession.SortedBy = sort
|
||||
currentSession.SortDirection = "asc"
|
||||
} else {
|
||||
if currentSession.SortDirection == "asc" {
|
||||
currentSession.SortDirection = "desc"
|
||||
} else {
|
||||
currentSession.SortDirection = "asc"
|
||||
}
|
||||
}
|
||||
|
||||
if err := s.updateSessionData(c, currentSession); err != nil {
|
||||
s.GetHandleError(c, http.StatusInternalServerError, "sort error", "failed to save session")
|
||||
return
|
||||
}
|
||||
c.Redirect(http.StatusSeeOther, "/admin")
|
||||
return
|
||||
}
|
||||
|
||||
device := s.users.GetDevice()
|
||||
users := s.users.GetSortedUsersForEmail(currentSession.SortedBy, currentSession.SortDirection, currentSession.Email)
|
||||
|
||||
c.HTML(http.StatusOK, "user_index.html", struct {
|
||||
Route string
|
||||
Alerts AlertData
|
||||
Session SessionData
|
||||
Static StaticData
|
||||
Peers []User
|
||||
TotalPeers int
|
||||
Device Device
|
||||
}{
|
||||
Route: c.Request.URL.Path,
|
||||
Alerts: s.getAlertData(c),
|
||||
Session: currentSession,
|
||||
Static: s.getStaticData(),
|
||||
Peers: users,
|
||||
TotalPeers: len(users),
|
||||
Device: device,
|
||||
})
|
||||
}
|
||||
|
||||
func (s *Server) updateFormInSession(c *gin.Context, formData interface{}) error {
|
||||
currentSession := s.getSessionData(c)
|
||||
currentSession.FormData = formData
|
||||
|
||||
if err := s.updateSessionData(c, currentSession); err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
return nil
|
||||
}
|
||||
|
||||
func (s *Server) setNewUserFormInSession(c *gin.Context) (SessionData, error) {
|
||||
currentSession := s.getSessionData(c)
|
||||
// If session does not contain a user form ignore update
|
||||
// If url contains a formerr parameter reset the form
|
||||
if currentSession.FormData == nil || c.Query("formerr") == "" {
|
||||
user, err := s.PrepareNewUser()
|
||||
if err != nil {
|
||||
return currentSession, err
|
||||
}
|
||||
currentSession.FormData = user
|
||||
}
|
||||
|
||||
if err := s.updateSessionData(c, currentSession); err != nil {
|
||||
return currentSession, err
|
||||
}
|
||||
|
||||
return currentSession, nil
|
||||
}
|
||||
|
||||
func (s *Server) setFormInSession(c *gin.Context, formData interface{}) (SessionData, error) {
|
||||
currentSession := s.getSessionData(c)
|
||||
// If session does not contain a form ignore update
|
||||
// If url contains a formerr parameter reset the form
|
||||
if currentSession.FormData == nil || c.Query("formerr") == "" {
|
||||
currentSession.FormData = formData
|
||||
}
|
||||
|
||||
if err := s.updateSessionData(c, currentSession); err != nil {
|
||||
return currentSession, err
|
||||
}
|
||||
|
||||
return currentSession, nil
|
||||
}
|
94
internal/server/handlers_interface.go
Normal file
@ -0,0 +1,94 @@
|
||||
package server
|
||||
|
||||
import (
|
||||
"net/http"
|
||||
"strings"
|
||||
|
||||
"github.com/gin-gonic/gin"
|
||||
"github.com/h44z/wg-portal/internal/common"
|
||||
)
|
||||
|
||||
func (s *Server) GetAdminEditInterface(c *gin.Context) {
|
||||
device := s.users.GetDevice()
|
||||
users := s.users.GetAllUsers()
|
||||
|
||||
currentSession, err := s.setFormInSession(c, device)
|
||||
if err != nil {
|
||||
s.GetHandleError(c, http.StatusInternalServerError, "Session error", err.Error())
|
||||
return
|
||||
}
|
||||
|
||||
c.HTML(http.StatusOK, "admin_edit_interface.html", struct {
|
||||
Route string
|
||||
Alerts AlertData
|
||||
Session SessionData
|
||||
Static StaticData
|
||||
Peers []User
|
||||
Device Device
|
||||
}{
|
||||
Route: c.Request.URL.Path,
|
||||
Alerts: s.getAlertData(c),
|
||||
Session: currentSession,
|
||||
Static: s.getStaticData(),
|
||||
Peers: users,
|
||||
Device: currentSession.FormData.(Device),
|
||||
})
|
||||
}
|
||||
|
||||
func (s *Server) PostAdminEditInterface(c *gin.Context) {
|
||||
currentSession := s.getSessionData(c)
|
||||
var formDevice Device
|
||||
if currentSession.FormData != nil {
|
||||
formDevice = currentSession.FormData.(Device)
|
||||
}
|
||||
if err := c.ShouldBind(&formDevice); err != nil {
|
||||
_ = s.updateFormInSession(c, formDevice)
|
||||
s.setAlert(c, "failed to bind form data: "+err.Error(), "danger")
|
||||
c.Redirect(http.StatusSeeOther, "/admin/device/edit?formerr=bind")
|
||||
return
|
||||
}
|
||||
// Clean list input
|
||||
formDevice.IPs = common.ParseStringList(formDevice.IPsStr)
|
||||
formDevice.AllowedIPs = common.ParseStringList(formDevice.AllowedIPsStr)
|
||||
formDevice.DNS = common.ParseStringList(formDevice.DNSStr)
|
||||
formDevice.IPsStr = common.ListToString(formDevice.IPs)
|
||||
formDevice.AllowedIPsStr = common.ListToString(formDevice.AllowedIPs)
|
||||
formDevice.DNSStr = common.ListToString(formDevice.DNS)
|
||||
|
||||
// Update WireGuard device
|
||||
err := s.wg.UpdateDevice(formDevice.DeviceName, formDevice.GetDeviceConfig())
|
||||
if err != nil {
|
||||
_ = s.updateFormInSession(c, formDevice)
|
||||
s.setAlert(c, "failed to update device in WireGuard: "+err.Error(), "danger")
|
||||
c.Redirect(http.StatusSeeOther, "/admin/device/edit?formerr=wg")
|
||||
return
|
||||
}
|
||||
|
||||
// Update in database
|
||||
err = s.users.UpdateDevice(formDevice)
|
||||
if err != nil {
|
||||
_ = s.updateFormInSession(c, formDevice)
|
||||
s.setAlert(c, "failed to update device in database: "+err.Error(), "danger")
|
||||
c.Redirect(http.StatusSeeOther, "/admin/device/edit?formerr=update")
|
||||
return
|
||||
}
|
||||
|
||||
s.setAlert(c, "changes applied successfully", "success")
|
||||
c.Redirect(http.StatusSeeOther, "/admin/device/edit")
|
||||
}
|
||||
|
||||
func (s *Server) GetInterfaceConfig(c *gin.Context) {
|
||||
device := s.users.GetDevice()
|
||||
users := s.users.GetActiveUsers()
|
||||
cfg, err := device.GetDeviceConfigFile(users)
|
||||
if err != nil {
|
||||
s.GetHandleError(c, http.StatusInternalServerError, "ConfigFile error", err.Error())
|
||||
return
|
||||
}
|
||||
|
||||
filename := strings.ToLower(device.DeviceName) + ".conf"
|
||||
|
||||
c.Header("Content-Disposition", "attachment; filename="+filename)
|
||||
c.Data(http.StatusOK, "application/config", cfg)
|
||||
return
|
||||
}
|
318
internal/server/handlers_peer.go
Normal file
@ -0,0 +1,318 @@
|
||||
package server
|
||||
|
||||
import (
|
||||
"bytes"
|
||||
"net/http"
|
||||
"net/url"
|
||||
"strings"
|
||||
"time"
|
||||
|
||||
"github.com/gin-gonic/gin"
|
||||
"github.com/h44z/wg-portal/internal/common"
|
||||
"github.com/h44z/wg-portal/internal/ldap"
|
||||
log "github.com/sirupsen/logrus"
|
||||
)
|
||||
|
||||
type LdapCreateForm struct {
|
||||
Emails string `form:"email" binding:"required"`
|
||||
Identifier string `form:"identifier" binding:"required,lte=20"`
|
||||
}
|
||||
|
||||
func (s *Server) GetAdminEditPeer(c *gin.Context) {
|
||||
device := s.users.GetDevice()
|
||||
user := s.users.GetUserByKey(c.Query("pkey"))
|
||||
|
||||
currentSession, err := s.setFormInSession(c, user)
|
||||
if err != nil {
|
||||
s.GetHandleError(c, http.StatusInternalServerError, "Session error", err.Error())
|
||||
return
|
||||
}
|
||||
|
||||
c.HTML(http.StatusOK, "admin_edit_client.html", struct {
|
||||
Route string
|
||||
Alerts AlertData
|
||||
Session SessionData
|
||||
Static StaticData
|
||||
Peer User
|
||||
Device Device
|
||||
}{
|
||||
Route: c.Request.URL.Path,
|
||||
Alerts: s.getAlertData(c),
|
||||
Session: currentSession,
|
||||
Static: s.getStaticData(),
|
||||
Peer: currentSession.FormData.(User),
|
||||
Device: device,
|
||||
})
|
||||
}
|
||||
|
||||
func (s *Server) PostAdminEditPeer(c *gin.Context) {
|
||||
currentUser := s.users.GetUserByKey(c.Query("pkey"))
|
||||
urlEncodedKey := url.QueryEscape(c.Query("pkey"))
|
||||
|
||||
currentSession := s.getSessionData(c)
|
||||
var formUser User
|
||||
if currentSession.FormData != nil {
|
||||
formUser = currentSession.FormData.(User)
|
||||
}
|
||||
if err := c.ShouldBind(&formUser); err != nil {
|
||||
_ = s.updateFormInSession(c, formUser)
|
||||
s.setAlert(c, "failed to bind form data: "+err.Error(), "danger")
|
||||
c.Redirect(http.StatusSeeOther, "/admin/peer/edit?pkey="+urlEncodedKey+"&formerr=bind")
|
||||
return
|
||||
}
|
||||
|
||||
// Clean list input
|
||||
formUser.IPs = common.ParseStringList(formUser.IPsStr)
|
||||
formUser.AllowedIPs = common.ParseStringList(formUser.AllowedIPsStr)
|
||||
formUser.IPsStr = common.ListToString(formUser.IPs)
|
||||
formUser.AllowedIPsStr = common.ListToString(formUser.AllowedIPs)
|
||||
|
||||
disabled := c.PostForm("isdisabled") != ""
|
||||
now := time.Now()
|
||||
if disabled && currentUser.DeactivatedAt == nil {
|
||||
formUser.DeactivatedAt = &now
|
||||
} else if !disabled {
|
||||
formUser.DeactivatedAt = nil
|
||||
}
|
||||
|
||||
// Update in database
|
||||
if err := s.UpdateUser(formUser, now); err != nil {
|
||||
_ = s.updateFormInSession(c, formUser)
|
||||
s.setAlert(c, "failed to update user: "+err.Error(), "danger")
|
||||
c.Redirect(http.StatusSeeOther, "/admin/peer/edit?pkey="+urlEncodedKey+"&formerr=update")
|
||||
return
|
||||
}
|
||||
|
||||
s.setAlert(c, "changes applied successfully", "success")
|
||||
c.Redirect(http.StatusSeeOther, "/admin/peer/edit?pkey="+urlEncodedKey)
|
||||
}
|
||||
|
||||
func (s *Server) GetAdminCreatePeer(c *gin.Context) {
|
||||
device := s.users.GetDevice()
|
||||
|
||||
currentSession, err := s.setNewUserFormInSession(c)
|
||||
if err != nil {
|
||||
s.GetHandleError(c, http.StatusInternalServerError, "Session error", err.Error())
|
||||
return
|
||||
}
|
||||
c.HTML(http.StatusOK, "admin_edit_client.html", struct {
|
||||
Route string
|
||||
Alerts AlertData
|
||||
Session SessionData
|
||||
Static StaticData
|
||||
Peer User
|
||||
Device Device
|
||||
}{
|
||||
Route: c.Request.URL.Path,
|
||||
Alerts: s.getAlertData(c),
|
||||
Session: currentSession,
|
||||
Static: s.getStaticData(),
|
||||
Peer: currentSession.FormData.(User),
|
||||
Device: device,
|
||||
})
|
||||
}
|
||||
|
||||
func (s *Server) PostAdminCreatePeer(c *gin.Context) {
|
||||
currentSession := s.getSessionData(c)
|
||||
var formUser User
|
||||
if currentSession.FormData != nil {
|
||||
formUser = currentSession.FormData.(User)
|
||||
}
|
||||
if err := c.ShouldBind(&formUser); err != nil {
|
||||
_ = s.updateFormInSession(c, formUser)
|
||||
s.setAlert(c, "failed to bind form data: "+err.Error(), "danger")
|
||||
c.Redirect(http.StatusSeeOther, "/admin/peer/create?formerr=bind")
|
||||
return
|
||||
}
|
||||
|
||||
// Clean list input
|
||||
formUser.IPs = common.ParseStringList(formUser.IPsStr)
|
||||
formUser.AllowedIPs = common.ParseStringList(formUser.AllowedIPsStr)
|
||||
formUser.IPsStr = common.ListToString(formUser.IPs)
|
||||
formUser.AllowedIPsStr = common.ListToString(formUser.AllowedIPs)
|
||||
|
||||
disabled := c.PostForm("isdisabled") != ""
|
||||
now := time.Now()
|
||||
if disabled {
|
||||
formUser.DeactivatedAt = &now
|
||||
}
|
||||
|
||||
if err := s.CreateUser(formUser); err != nil {
|
||||
_ = s.updateFormInSession(c, formUser)
|
||||
s.setAlert(c, "failed to add user: "+err.Error(), "danger")
|
||||
c.Redirect(http.StatusSeeOther, "/admin/peer/create?formerr=create")
|
||||
return
|
||||
}
|
||||
|
||||
s.setAlert(c, "client created successfully", "success")
|
||||
c.Redirect(http.StatusSeeOther, "/admin")
|
||||
}
|
||||
|
||||
func (s *Server) GetAdminCreateLdapPeers(c *gin.Context) {
|
||||
currentSession, err := s.setFormInSession(c, LdapCreateForm{Identifier: "Default"})
|
||||
if err != nil {
|
||||
s.GetHandleError(c, http.StatusInternalServerError, "Session error", err.Error())
|
||||
return
|
||||
}
|
||||
|
||||
c.HTML(http.StatusOK, "admin_create_clients.html", struct {
|
||||
Route string
|
||||
Alerts AlertData
|
||||
Session SessionData
|
||||
Static StaticData
|
||||
Users []*ldap.UserCacheHolderEntry
|
||||
FormData LdapCreateForm
|
||||
Device Device
|
||||
}{
|
||||
Route: c.Request.URL.Path,
|
||||
Alerts: s.getAlertData(c),
|
||||
Session: currentSession,
|
||||
Static: s.getStaticData(),
|
||||
Users: s.ldapUsers.GetSortedUsers("sn", "asc"),
|
||||
FormData: currentSession.FormData.(LdapCreateForm),
|
||||
Device: s.users.GetDevice(),
|
||||
})
|
||||
}
|
||||
|
||||
func (s *Server) PostAdminCreateLdapPeers(c *gin.Context) {
|
||||
currentSession := s.getSessionData(c)
|
||||
var formData LdapCreateForm
|
||||
if currentSession.FormData != nil {
|
||||
formData = currentSession.FormData.(LdapCreateForm)
|
||||
}
|
||||
if err := c.ShouldBind(&formData); err != nil {
|
||||
_ = s.updateFormInSession(c, formData)
|
||||
s.setAlert(c, "failed to bind form data: "+err.Error(), "danger")
|
||||
c.Redirect(http.StatusSeeOther, "/admin/peer/createldap?formerr=bind")
|
||||
return
|
||||
}
|
||||
|
||||
emails := common.ParseStringList(formData.Emails)
|
||||
for i := range emails {
|
||||
// TODO: also check email addr for validity?
|
||||
if !strings.ContainsRune(emails[i], '@') || s.ldapUsers.GetUserDNByMail(emails[i]) == "" {
|
||||
_ = s.updateFormInSession(c, formData)
|
||||
s.setAlert(c, "invalid email address: "+emails[i], "danger")
|
||||
c.Redirect(http.StatusSeeOther, "/admin/peer/createldap?formerr=mail")
|
||||
return
|
||||
}
|
||||
}
|
||||
|
||||
log.Infof("creating %d ldap peers", len(emails))
|
||||
|
||||
for i := range emails {
|
||||
if err := s.CreateUserByEmail(emails[i], formData.Identifier, false); err != nil {
|
||||
_ = s.updateFormInSession(c, formData)
|
||||
s.setAlert(c, "failed to add user: "+err.Error(), "danger")
|
||||
c.Redirect(http.StatusSeeOther, "/admin/peer/createldap?formerr=create")
|
||||
return
|
||||
}
|
||||
}
|
||||
|
||||
s.setAlert(c, "client(s) created successfully", "success")
|
||||
c.Redirect(http.StatusSeeOther, "/admin/peer/createldap")
|
||||
}
|
||||
|
||||
func (s *Server) GetAdminDeletePeer(c *gin.Context) {
|
||||
currentUser := s.users.GetUserByKey(c.Query("pkey"))
|
||||
if err := s.DeleteUser(currentUser); err != nil {
|
||||
s.GetHandleError(c, http.StatusInternalServerError, "Deletion error", err.Error())
|
||||
return
|
||||
}
|
||||
s.setAlert(c, "user deleted successfully", "success")
|
||||
c.Redirect(http.StatusSeeOther, "/admin")
|
||||
}
|
||||
|
||||
func (s *Server) GetPeerQRCode(c *gin.Context) {
|
||||
user := s.users.GetUserByKey(c.Query("pkey"))
|
||||
currentSession := s.getSessionData(c)
|
||||
if !currentSession.IsAdmin && user.Email != currentSession.Email {
|
||||
s.GetHandleError(c, http.StatusUnauthorized, "No permissions", "You don't have permissions to view this resource!")
|
||||
return
|
||||
}
|
||||
|
||||
png, err := user.GetQRCode()
|
||||
if err != nil {
|
||||
s.GetHandleError(c, http.StatusInternalServerError, "QRCode error", err.Error())
|
||||
return
|
||||
}
|
||||
c.Data(http.StatusOK, "image/png", png)
|
||||
return
|
||||
}
|
||||
|
||||
func (s *Server) GetPeerConfig(c *gin.Context) {
|
||||
user := s.users.GetUserByKey(c.Query("pkey"))
|
||||
currentSession := s.getSessionData(c)
|
||||
if !currentSession.IsAdmin && user.Email != currentSession.Email {
|
||||
s.GetHandleError(c, http.StatusUnauthorized, "No permissions", "You don't have permissions to view this resource!")
|
||||
return
|
||||
}
|
||||
|
||||
cfg, err := user.GetClientConfigFile(s.users.GetDevice())
|
||||
if err != nil {
|
||||
s.GetHandleError(c, http.StatusInternalServerError, "ConfigFile error", err.Error())
|
||||
return
|
||||
}
|
||||
|
||||
c.Header("Content-Disposition", "attachment; filename="+user.GetConfigFileName())
|
||||
c.Data(http.StatusOK, "application/config", cfg)
|
||||
return
|
||||
}
|
||||
|
||||
func (s *Server) GetPeerConfigMail(c *gin.Context) {
|
||||
user := s.users.GetUserByKey(c.Query("pkey"))
|
||||
currentSession := s.getSessionData(c)
|
||||
if !currentSession.IsAdmin && user.Email != currentSession.Email {
|
||||
s.GetHandleError(c, http.StatusUnauthorized, "No permissions", "You don't have permissions to view this resource!")
|
||||
return
|
||||
}
|
||||
|
||||
cfg, err := user.GetClientConfigFile(s.users.GetDevice())
|
||||
if err != nil {
|
||||
s.GetHandleError(c, http.StatusInternalServerError, "ConfigFile error", err.Error())
|
||||
return
|
||||
}
|
||||
png, err := user.GetQRCode()
|
||||
if err != nil {
|
||||
s.GetHandleError(c, http.StatusInternalServerError, "QRCode error", err.Error())
|
||||
return
|
||||
}
|
||||
// Apply mail template
|
||||
var tplBuff bytes.Buffer
|
||||
if err := s.mailTpl.Execute(&tplBuff, struct {
|
||||
Client User
|
||||
QrcodePngName string
|
||||
PortalUrl string
|
||||
}{
|
||||
Client: user,
|
||||
QrcodePngName: "wireguard-config.png",
|
||||
PortalUrl: s.config.Core.ExternalUrl,
|
||||
}); err != nil {
|
||||
s.GetHandleError(c, http.StatusInternalServerError, "Template error", err.Error())
|
||||
return
|
||||
}
|
||||
|
||||
// Send mail
|
||||
attachments := []common.MailAttachment{
|
||||
{
|
||||
Name: user.GetConfigFileName(),
|
||||
ContentType: "application/config",
|
||||
Data: bytes.NewReader(cfg),
|
||||
},
|
||||
{
|
||||
Name: "wireguard-config.png",
|
||||
ContentType: "image/png",
|
||||
Data: bytes.NewReader(png),
|
||||
},
|
||||
}
|
||||
|
||||
if err := common.SendEmailWithAttachments(s.config.Email, s.config.Core.MailFrom, "", "WireGuard VPN Configuration",
|
||||
"Your mail client does not support HTML. Please find the configuration attached to this mail.", tplBuff.String(),
|
||||
[]string{user.Email}, attachments); err != nil {
|
||||
s.GetHandleError(c, http.StatusInternalServerError, "Email error", err.Error())
|
||||
return
|
||||
}
|
||||
|
||||
s.setAlert(c, "mail sent successfully", "success")
|
||||
c.Redirect(http.StatusSeeOther, "/admin")
|
||||
}
|
@ -22,7 +22,7 @@ func SetupRoutes(s *Server) {
|
||||
admin.GET("/", s.GetAdminIndex)
|
||||
admin.GET("/device/edit", s.GetAdminEditInterface)
|
||||
admin.POST("/device/edit", s.PostAdminEditInterface)
|
||||
admin.GET("/device/download", s.GetDeviceConfig)
|
||||
admin.GET("/device/download", s.GetInterfaceConfig)
|
||||
admin.GET("/peer/edit", s.GetAdminEditPeer)
|
||||
admin.POST("/peer/edit", s.PostAdminEditPeer)
|
||||
admin.GET("/peer/create", s.GetAdminCreatePeer)
|
||||
@ -30,16 +30,16 @@ func SetupRoutes(s *Server) {
|
||||
admin.GET("/peer/createldap", s.GetAdminCreateLdapPeers)
|
||||
admin.POST("/peer/createldap", s.PostAdminCreateLdapPeers)
|
||||
admin.GET("/peer/delete", s.GetAdminDeletePeer)
|
||||
admin.GET("/peer/download", s.GetUserConfig)
|
||||
admin.GET("/peer/email", s.GetUserConfigMail)
|
||||
admin.GET("/peer/download", s.GetPeerConfig)
|
||||
admin.GET("/peer/email", s.GetPeerConfigMail)
|
||||
|
||||
// User routes
|
||||
user := s.server.Group("/user")
|
||||
user.Use(s.RequireAuthentication("")) // empty scope = all logged in users
|
||||
user.GET("/qrcode", s.GetUserQRCode)
|
||||
user.GET("/qrcode", s.GetPeerQRCode)
|
||||
user.GET("/profile", s.GetUserIndex)
|
||||
user.GET("/download", s.GetUserConfig)
|
||||
user.GET("/email", s.GetUserConfigMail)
|
||||
user.GET("/download", s.GetPeerConfig)
|
||||
user.GET("/email", s.GetPeerConfigMail)
|
||||
}
|
||||
|
||||
func (s *Server) RequireAuthentication(scope string) gin.HandlerFunc {
|
||||
@ -49,7 +49,7 @@ func (s *Server) RequireAuthentication(scope string) gin.HandlerFunc {
|
||||
if !session.LoggedIn {
|
||||
// Abort the request with the appropriate error code
|
||||
c.Abort()
|
||||
c.Redirect(http.StatusSeeOther, s.config.AuthRoutePrefix+"/login?err=loginreq")
|
||||
c.Redirect(http.StatusSeeOther, "/auth/login?err=loginreq")
|
||||
return
|
||||
}
|
||||
|
||||
@ -57,7 +57,7 @@ func (s *Server) RequireAuthentication(scope string) gin.HandlerFunc {
|
||||
!s.ldapUsers.IsInGroup(session.UserName, scope) {
|
||||
// Abort the request with the appropriate error code
|
||||
c.Abort()
|
||||
s.HandleError(c, http.StatusUnauthorized, "unauthorized", "not enough permissions")
|
||||
s.GetHandleError(c, http.StatusUnauthorized, "unauthorized", "not enough permissions")
|
||||
return
|
||||
}
|
||||
|
||||
|