mirror of
https://github.com/DJSundog/wg-portal.git
synced 2024-11-23 07:03:50 -05:00
add csrf
This commit is contained in:
parent
68507c3bcd
commit
588f8c7c70
@ -20,6 +20,7 @@
|
|||||||
<h2>Enter valid LDAP user email addresses to quickly create new accounts.</h2>
|
<h2>Enter valid LDAP user email addresses to quickly create new accounts.</h2>
|
||||||
{{template "prt_flashes.html" .}}
|
{{template "prt_flashes.html" .}}
|
||||||
<form method="post" enctype="multipart/form-data">
|
<form method="post" enctype="multipart/form-data">
|
||||||
|
<input type="hidden" name="_csrf" value="{{.Csrf}}">
|
||||||
<div class="form-row">
|
<div class="form-row">
|
||||||
<div class="form-group required col-md-12">
|
<div class="form-group required col-md-12">
|
||||||
<label for="inputEmail">Email Addresses</label>
|
<label for="inputEmail">Email Addresses</label>
|
||||||
|
@ -22,6 +22,7 @@
|
|||||||
{{template "prt_flashes.html" .}}
|
{{template "prt_flashes.html" .}}
|
||||||
|
|
||||||
<form method="post" enctype="multipart/form-data">
|
<form method="post" enctype="multipart/form-data">
|
||||||
|
<input type="hidden" name="_csrf" value="{{.Csrf}}">
|
||||||
<input type="hidden" name="uid" value="{{.Peer.UID}}">
|
<input type="hidden" name="uid" value="{{.Peer.UID}}">
|
||||||
{{if .EditableKeys}}
|
{{if .EditableKeys}}
|
||||||
<div class="form-row">
|
<div class="form-row">
|
||||||
|
@ -17,6 +17,7 @@
|
|||||||
{{template "prt_flashes.html" .}}
|
{{template "prt_flashes.html" .}}
|
||||||
|
|
||||||
<form method="post" enctype="multipart/form-data">
|
<form method="post" enctype="multipart/form-data">
|
||||||
|
<input type="hidden" name="_csrf" value="{{.Csrf}}">
|
||||||
<input type="hidden" name="device" value="{{.Device.DeviceName}}">
|
<input type="hidden" name="device" value="{{.Device.DeviceName}}">
|
||||||
<h3>Server's interface configuration</h3>
|
<h3>Server's interface configuration</h3>
|
||||||
{{if .EditableKeys}}
|
{{if .EditableKeys}}
|
||||||
|
@ -14,7 +14,7 @@
|
|||||||
{{template "prt_nav.html" .}}
|
{{template "prt_nav.html" .}}
|
||||||
<div class="container mt-5">
|
<div class="container mt-5">
|
||||||
{{if eq .User.CreatedAt .Epoch}}
|
{{if eq .User.CreatedAt .Epoch}}
|
||||||
<h1>Create a new user</h1><!-- fix me!!! -.>
|
<h1>Create a new user</h1>
|
||||||
{{else}}
|
{{else}}
|
||||||
<h1>Edit user <strong>{{.User.Email}}</strong></h1>
|
<h1>Edit user <strong>{{.User.Email}}</strong></h1>
|
||||||
{{end}}
|
{{end}}
|
||||||
@ -22,6 +22,7 @@
|
|||||||
{{template "prt_flashes.html" .}}
|
{{template "prt_flashes.html" .}}
|
||||||
|
|
||||||
<form method="post" enctype="multipart/form-data">
|
<form method="post" enctype="multipart/form-data">
|
||||||
|
<input type="hidden" name="_csrf" value="{{.Csrf}}">
|
||||||
{{if eq .User.CreatedAt .Epoch}}
|
{{if eq .User.CreatedAt .Epoch}}
|
||||||
<div class="form-row">
|
<div class="form-row">
|
||||||
<div class="form-group required col-md-12">
|
<div class="form-group required col-md-12">
|
||||||
|
@ -19,6 +19,7 @@
|
|||||||
<div class="card-header">Please sign in</div>
|
<div class="card-header">Please sign in</div>
|
||||||
<div class="card-body">
|
<div class="card-body">
|
||||||
<form class="form-signin" method="post">
|
<form class="form-signin" method="post">
|
||||||
|
<input type="hidden" name="_csrf" value="{{.Csrf}}">
|
||||||
<div class="form-group">
|
<div class="form-group">
|
||||||
<label for="inputUsername">Email</label>
|
<label for="inputUsername">Email</label>
|
||||||
<input type="text" name="username" class="form-control" id="inputUsername" aria-describedby="usernameHelp" placeholder="Enter email">
|
<input type="text" name="username" class="form-control" id="inputUsername" aria-describedby="usernameHelp" placeholder="Enter email">
|
||||||
|
3
go.mod
3
go.mod
@ -11,13 +11,12 @@ require (
|
|||||||
github.com/jordan-wright/email v4.0.1-0.20200917010138-e1c00e156980+incompatible
|
github.com/jordan-wright/email v4.0.1-0.20200917010138-e1c00e156980+incompatible
|
||||||
github.com/kelseyhightower/envconfig v1.4.0
|
github.com/kelseyhightower/envconfig v1.4.0
|
||||||
github.com/milosgajdos/tenus v0.0.3
|
github.com/milosgajdos/tenus v0.0.3
|
||||||
github.com/mitchellh/gox v1.0.1 // indirect
|
|
||||||
github.com/necrose99/gox v0.4.0 // indirect
|
|
||||||
github.com/pkg/errors v0.9.1
|
github.com/pkg/errors v0.9.1
|
||||||
github.com/sirupsen/logrus v1.7.0
|
github.com/sirupsen/logrus v1.7.0
|
||||||
github.com/skip2/go-qrcode v0.0.0-20200617195104-da1b6568686e
|
github.com/skip2/go-qrcode v0.0.0-20200617195104-da1b6568686e
|
||||||
github.com/tatsushid/go-fastping v0.0.0-20160109021039-d7bb493dee3e
|
github.com/tatsushid/go-fastping v0.0.0-20160109021039-d7bb493dee3e
|
||||||
github.com/toorop/gin-logrus v0.0.0-20200831135515-d2ee50d38dae
|
github.com/toorop/gin-logrus v0.0.0-20200831135515-d2ee50d38dae
|
||||||
|
github.com/utrack/gin-csrf v0.0.0-20190424104817-40fb8d2c8fca
|
||||||
golang.org/x/crypto v0.0.0-20200604202706-70a84ac30bf9
|
golang.org/x/crypto v0.0.0-20200604202706-70a84ac30bf9
|
||||||
golang.zx2c4.com/wireguard/wgctrl v0.0.0-20200609130330-bd2cb7843e1b
|
golang.zx2c4.com/wireguard/wgctrl v0.0.0-20200609130330-bd2cb7843e1b
|
||||||
gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c
|
gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c
|
||||||
|
@ -65,6 +65,7 @@ type Config struct {
|
|||||||
EditableKeys bool `yaml:"editableKeys" envconfig:"EDITABLE_KEYS"`
|
EditableKeys bool `yaml:"editableKeys" envconfig:"EDITABLE_KEYS"`
|
||||||
CreateDefaultPeer bool `yaml:"createDefaultPeer" envconfig:"CREATE_DEFAULT_PEER"`
|
CreateDefaultPeer bool `yaml:"createDefaultPeer" envconfig:"CREATE_DEFAULT_PEER"`
|
||||||
LdapEnabled bool `yaml:"ldapEnabled" envconfig:"LDAP_ENABLED"`
|
LdapEnabled bool `yaml:"ldapEnabled" envconfig:"LDAP_ENABLED"`
|
||||||
|
SessionSecret string `yaml:"sessionSecret" envconfig:"SESSION_SECRET"`
|
||||||
} `yaml:"core"`
|
} `yaml:"core"`
|
||||||
Database common.DatabaseConfig `yaml:"database"`
|
Database common.DatabaseConfig `yaml:"database"`
|
||||||
Email common.MailConfig `yaml:"email"`
|
Email common.MailConfig `yaml:"email"`
|
||||||
@ -84,6 +85,7 @@ func NewConfig() *Config {
|
|||||||
cfg.Core.AdminUser = "admin@wgportal.local"
|
cfg.Core.AdminUser = "admin@wgportal.local"
|
||||||
cfg.Core.AdminPassword = "wgportal"
|
cfg.Core.AdminPassword = "wgportal"
|
||||||
cfg.Core.LdapEnabled = false
|
cfg.Core.LdapEnabled = false
|
||||||
|
cfg.Core.SessionSecret = "secret"
|
||||||
|
|
||||||
cfg.Database.Typ = "sqlite"
|
cfg.Database.Typ = "sqlite"
|
||||||
cfg.Database.Database = "data/wg_portal.db"
|
cfg.Database.Database = "data/wg_portal.db"
|
||||||
|
@ -4,6 +4,8 @@ import (
|
|||||||
"net/http"
|
"net/http"
|
||||||
"strings"
|
"strings"
|
||||||
|
|
||||||
|
csrf "github.com/utrack/gin-csrf"
|
||||||
|
|
||||||
"github.com/gin-gonic/gin"
|
"github.com/gin-gonic/gin"
|
||||||
"github.com/h44z/wg-portal/internal/authentication"
|
"github.com/h44z/wg-portal/internal/authentication"
|
||||||
"github.com/h44z/wg-portal/internal/users"
|
"github.com/h44z/wg-portal/internal/users"
|
||||||
@ -31,6 +33,7 @@ func (s *Server) GetLogin(c *gin.Context) {
|
|||||||
"error": authError != "",
|
"error": authError != "",
|
||||||
"message": errMsg,
|
"message": errMsg,
|
||||||
"static": s.getStaticData(),
|
"static": s.getStaticData(),
|
||||||
|
"Csrf": csrf.GetToken(c),
|
||||||
})
|
})
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -4,13 +4,10 @@ import (
|
|||||||
"net/http"
|
"net/http"
|
||||||
"strconv"
|
"strconv"
|
||||||
|
|
||||||
"github.com/h44z/wg-portal/internal/users"
|
|
||||||
|
|
||||||
"github.com/h44z/wg-portal/internal/common"
|
|
||||||
|
|
||||||
"github.com/pkg/errors"
|
|
||||||
|
|
||||||
"github.com/gin-gonic/gin"
|
"github.com/gin-gonic/gin"
|
||||||
|
"github.com/h44z/wg-portal/internal/common"
|
||||||
|
"github.com/h44z/wg-portal/internal/users"
|
||||||
|
"github.com/pkg/errors"
|
||||||
)
|
)
|
||||||
|
|
||||||
func (s *Server) GetHandleError(c *gin.Context, code int, message, details string) {
|
func (s *Server) GetHandleError(c *gin.Context, code int, message, details string) {
|
||||||
|
@ -4,10 +4,10 @@ import (
|
|||||||
"net/http"
|
"net/http"
|
||||||
"strings"
|
"strings"
|
||||||
|
|
||||||
"github.com/h44z/wg-portal/internal/wireguard"
|
|
||||||
|
|
||||||
"github.com/gin-gonic/gin"
|
"github.com/gin-gonic/gin"
|
||||||
"github.com/h44z/wg-portal/internal/common"
|
"github.com/h44z/wg-portal/internal/common"
|
||||||
|
"github.com/h44z/wg-portal/internal/wireguard"
|
||||||
|
csrf "github.com/utrack/gin-csrf"
|
||||||
)
|
)
|
||||||
|
|
||||||
func (s *Server) GetAdminEditInterface(c *gin.Context) {
|
func (s *Server) GetAdminEditInterface(c *gin.Context) {
|
||||||
@ -27,6 +27,7 @@ func (s *Server) GetAdminEditInterface(c *gin.Context) {
|
|||||||
"Device": currentSession.FormData.(wireguard.Device),
|
"Device": currentSession.FormData.(wireguard.Device),
|
||||||
"EditableKeys": s.config.Core.EditableKeys,
|
"EditableKeys": s.config.Core.EditableKeys,
|
||||||
"DeviceNames": s.wg.Cfg.DeviceNames,
|
"DeviceNames": s.wg.Cfg.DeviceNames,
|
||||||
|
"Csrf": csrf.GetToken(c),
|
||||||
})
|
})
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -14,6 +14,7 @@ import (
|
|||||||
"github.com/h44z/wg-portal/internal/wireguard"
|
"github.com/h44z/wg-portal/internal/wireguard"
|
||||||
"github.com/sirupsen/logrus"
|
"github.com/sirupsen/logrus"
|
||||||
"github.com/tatsushid/go-fastping"
|
"github.com/tatsushid/go-fastping"
|
||||||
|
csrf "github.com/utrack/gin-csrf"
|
||||||
)
|
)
|
||||||
|
|
||||||
type LdapCreateForm struct {
|
type LdapCreateForm struct {
|
||||||
@ -39,6 +40,7 @@ func (s *Server) GetAdminEditPeer(c *gin.Context) {
|
|||||||
"EditableKeys": s.config.Core.EditableKeys,
|
"EditableKeys": s.config.Core.EditableKeys,
|
||||||
"Device": s.peers.GetDevice(currentSession.DeviceName),
|
"Device": s.peers.GetDevice(currentSession.DeviceName),
|
||||||
"DeviceNames": s.wg.Cfg.DeviceNames,
|
"DeviceNames": s.wg.Cfg.DeviceNames,
|
||||||
|
"Csrf": csrf.GetToken(c),
|
||||||
})
|
})
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -99,6 +101,7 @@ func (s *Server) GetAdminCreatePeer(c *gin.Context) {
|
|||||||
"EditableKeys": s.config.Core.EditableKeys,
|
"EditableKeys": s.config.Core.EditableKeys,
|
||||||
"Device": s.peers.GetDevice(currentSession.DeviceName),
|
"Device": s.peers.GetDevice(currentSession.DeviceName),
|
||||||
"DeviceNames": s.wg.Cfg.DeviceNames,
|
"DeviceNames": s.wg.Cfg.DeviceNames,
|
||||||
|
"Csrf": csrf.GetToken(c),
|
||||||
})
|
})
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -154,6 +157,7 @@ func (s *Server) GetAdminCreateLdapPeers(c *gin.Context) {
|
|||||||
"FormData": currentSession.FormData.(LdapCreateForm),
|
"FormData": currentSession.FormData.(LdapCreateForm),
|
||||||
"Device": s.peers.GetDevice(currentSession.DeviceName),
|
"Device": s.peers.GetDevice(currentSession.DeviceName),
|
||||||
"DeviceNames": s.wg.Cfg.DeviceNames,
|
"DeviceNames": s.wg.Cfg.DeviceNames,
|
||||||
|
"Csrf": csrf.GetToken(c),
|
||||||
})
|
})
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -7,6 +7,7 @@ import (
|
|||||||
|
|
||||||
"github.com/gin-gonic/gin"
|
"github.com/gin-gonic/gin"
|
||||||
"github.com/h44z/wg-portal/internal/users"
|
"github.com/h44z/wg-portal/internal/users"
|
||||||
|
csrf "github.com/utrack/gin-csrf"
|
||||||
"golang.org/x/crypto/bcrypt"
|
"golang.org/x/crypto/bcrypt"
|
||||||
"gorm.io/gorm"
|
"gorm.io/gorm"
|
||||||
)
|
)
|
||||||
@ -79,6 +80,7 @@ func (s *Server) GetAdminUsersEdit(c *gin.Context) {
|
|||||||
"Device": s.peers.GetDevice(currentSession.DeviceName),
|
"Device": s.peers.GetDevice(currentSession.DeviceName),
|
||||||
"DeviceNames": s.wg.Cfg.DeviceNames,
|
"DeviceNames": s.wg.Cfg.DeviceNames,
|
||||||
"Epoch": time.Time{},
|
"Epoch": time.Time{},
|
||||||
|
"Csrf": csrf.GetToken(c),
|
||||||
})
|
})
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -156,6 +158,7 @@ func (s *Server) GetAdminUsersCreate(c *gin.Context) {
|
|||||||
"Device": s.peers.GetDevice(currentSession.DeviceName),
|
"Device": s.peers.GetDevice(currentSession.DeviceName),
|
||||||
"DeviceNames": s.wg.Cfg.DeviceNames,
|
"DeviceNames": s.wg.Cfg.DeviceNames,
|
||||||
"Epoch": time.Time{},
|
"Epoch": time.Time{},
|
||||||
|
"Csrf": csrf.GetToken(c),
|
||||||
})
|
})
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -26,6 +26,7 @@ import (
|
|||||||
"github.com/pkg/errors"
|
"github.com/pkg/errors"
|
||||||
"github.com/sirupsen/logrus"
|
"github.com/sirupsen/logrus"
|
||||||
ginlogrus "github.com/toorop/gin-logrus"
|
ginlogrus "github.com/toorop/gin-logrus"
|
||||||
|
csrf "github.com/utrack/gin-csrf"
|
||||||
"gorm.io/gorm"
|
"gorm.io/gorm"
|
||||||
)
|
)
|
||||||
|
|
||||||
@ -111,6 +112,14 @@ func (s *Server) Setup(ctx context.Context) error {
|
|||||||
s.server.Use(ginlogrus.Logger(logrus.StandardLogger()))
|
s.server.Use(ginlogrus.Logger(logrus.StandardLogger()))
|
||||||
}
|
}
|
||||||
s.server.Use(gin.Recovery())
|
s.server.Use(gin.Recovery())
|
||||||
|
s.server.Use(sessions.Sessions("authsession", memstore.NewStore([]byte(s.config.Core.SessionSecret))))
|
||||||
|
s.server.Use(csrf.Middleware(csrf.Options{
|
||||||
|
Secret: s.config.Core.SessionSecret,
|
||||||
|
ErrorFunc: func(c *gin.Context) {
|
||||||
|
c.String(400, "CSRF token mismatch")
|
||||||
|
c.Abort()
|
||||||
|
},
|
||||||
|
}))
|
||||||
s.server.SetFuncMap(template.FuncMap{
|
s.server.SetFuncMap(template.FuncMap{
|
||||||
"formatBytes": common.ByteCountSI,
|
"formatBytes": common.ByteCountSI,
|
||||||
"urlEncode": url.QueryEscape,
|
"urlEncode": url.QueryEscape,
|
||||||
@ -128,7 +137,6 @@ func (s *Server) Setup(ctx context.Context) error {
|
|||||||
// Setup templates
|
// Setup templates
|
||||||
templates := template.Must(template.New("").Funcs(s.server.FuncMap).ParseFS(wgportal.Templates, "assets/tpl/*.html"))
|
templates := template.Must(template.New("").Funcs(s.server.FuncMap).ParseFS(wgportal.Templates, "assets/tpl/*.html"))
|
||||||
s.server.SetHTMLTemplate(templates)
|
s.server.SetHTMLTemplate(templates)
|
||||||
s.server.Use(sessions.Sessions("authsession", memstore.NewStore([]byte("secret")))) // TODO: change key?
|
|
||||||
|
|
||||||
// Serve static files
|
// Serve static files
|
||||||
s.server.StaticFS("/css", http.FS(fsMust(fs.Sub(wgportal.Statics, "assets/css"))))
|
s.server.StaticFS("/css", http.FS(fsMust(fs.Sub(wgportal.Statics, "assets/css"))))
|
||||||
|
@ -8,10 +8,9 @@ import (
|
|||||||
"syscall"
|
"syscall"
|
||||||
"time"
|
"time"
|
||||||
|
|
||||||
"github.com/h44z/wg-portal/internal/wireguard"
|
|
||||||
|
|
||||||
"github.com/h44z/wg-portal/internal/common"
|
"github.com/h44z/wg-portal/internal/common"
|
||||||
"github.com/h44z/wg-portal/internal/users"
|
"github.com/h44z/wg-portal/internal/users"
|
||||||
|
"github.com/h44z/wg-portal/internal/wireguard"
|
||||||
"github.com/pkg/errors"
|
"github.com/pkg/errors"
|
||||||
"github.com/sirupsen/logrus"
|
"github.com/sirupsen/logrus"
|
||||||
"golang.zx2c4.com/wireguard/wgctrl/wgtypes"
|
"golang.zx2c4.com/wireguard/wgctrl/wgtypes"
|
||||||
|
Loading…
Reference in New Issue
Block a user