add csrf
This commit is contained in:
parent
68507c3bcd
commit
588f8c7c70
|
@ -20,6 +20,7 @@
|
|||
<h2>Enter valid LDAP user email addresses to quickly create new accounts.</h2>
|
||||
{{template "prt_flashes.html" .}}
|
||||
<form method="post" enctype="multipart/form-data">
|
||||
<input type="hidden" name="_csrf" value="{{.Csrf}}">
|
||||
<div class="form-row">
|
||||
<div class="form-group required col-md-12">
|
||||
<label for="inputEmail">Email Addresses</label>
|
||||
|
|
|
@ -22,6 +22,7 @@
|
|||
{{template "prt_flashes.html" .}}
|
||||
|
||||
<form method="post" enctype="multipart/form-data">
|
||||
<input type="hidden" name="_csrf" value="{{.Csrf}}">
|
||||
<input type="hidden" name="uid" value="{{.Peer.UID}}">
|
||||
{{if .EditableKeys}}
|
||||
<div class="form-row">
|
||||
|
|
|
@ -17,6 +17,7 @@
|
|||
{{template "prt_flashes.html" .}}
|
||||
|
||||
<form method="post" enctype="multipart/form-data">
|
||||
<input type="hidden" name="_csrf" value="{{.Csrf}}">
|
||||
<input type="hidden" name="device" value="{{.Device.DeviceName}}">
|
||||
<h3>Server's interface configuration</h3>
|
||||
{{if .EditableKeys}}
|
||||
|
|
|
@ -14,7 +14,7 @@
|
|||
{{template "prt_nav.html" .}}
|
||||
<div class="container mt-5">
|
||||
{{if eq .User.CreatedAt .Epoch}}
|
||||
<h1>Create a new user</h1><!-- fix me!!! -.>
|
||||
<h1>Create a new user</h1>
|
||||
{{else}}
|
||||
<h1>Edit user <strong>{{.User.Email}}</strong></h1>
|
||||
{{end}}
|
||||
|
@ -22,6 +22,7 @@
|
|||
{{template "prt_flashes.html" .}}
|
||||
|
||||
<form method="post" enctype="multipart/form-data">
|
||||
<input type="hidden" name="_csrf" value="{{.Csrf}}">
|
||||
{{if eq .User.CreatedAt .Epoch}}
|
||||
<div class="form-row">
|
||||
<div class="form-group required col-md-12">
|
||||
|
|
|
@ -19,6 +19,7 @@
|
|||
<div class="card-header">Please sign in</div>
|
||||
<div class="card-body">
|
||||
<form class="form-signin" method="post">
|
||||
<input type="hidden" name="_csrf" value="{{.Csrf}}">
|
||||
<div class="form-group">
|
||||
<label for="inputUsername">Email</label>
|
||||
<input type="text" name="username" class="form-control" id="inputUsername" aria-describedby="usernameHelp" placeholder="Enter email">
|
||||
|
|
3
go.mod
3
go.mod
|
@ -11,13 +11,12 @@ require (
|
|||
github.com/jordan-wright/email v4.0.1-0.20200917010138-e1c00e156980+incompatible
|
||||
github.com/kelseyhightower/envconfig v1.4.0
|
||||
github.com/milosgajdos/tenus v0.0.3
|
||||
github.com/mitchellh/gox v1.0.1 // indirect
|
||||
github.com/necrose99/gox v0.4.0 // indirect
|
||||
github.com/pkg/errors v0.9.1
|
||||
github.com/sirupsen/logrus v1.7.0
|
||||
github.com/skip2/go-qrcode v0.0.0-20200617195104-da1b6568686e
|
||||
github.com/tatsushid/go-fastping v0.0.0-20160109021039-d7bb493dee3e
|
||||
github.com/toorop/gin-logrus v0.0.0-20200831135515-d2ee50d38dae
|
||||
github.com/utrack/gin-csrf v0.0.0-20190424104817-40fb8d2c8fca
|
||||
golang.org/x/crypto v0.0.0-20200604202706-70a84ac30bf9
|
||||
golang.zx2c4.com/wireguard/wgctrl v0.0.0-20200609130330-bd2cb7843e1b
|
||||
gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c
|
||||
|
|
|
@ -65,6 +65,7 @@ type Config struct {
|
|||
EditableKeys bool `yaml:"editableKeys" envconfig:"EDITABLE_KEYS"`
|
||||
CreateDefaultPeer bool `yaml:"createDefaultPeer" envconfig:"CREATE_DEFAULT_PEER"`
|
||||
LdapEnabled bool `yaml:"ldapEnabled" envconfig:"LDAP_ENABLED"`
|
||||
SessionSecret string `yaml:"sessionSecret" envconfig:"SESSION_SECRET"`
|
||||
} `yaml:"core"`
|
||||
Database common.DatabaseConfig `yaml:"database"`
|
||||
Email common.MailConfig `yaml:"email"`
|
||||
|
@ -84,6 +85,7 @@ func NewConfig() *Config {
|
|||
cfg.Core.AdminUser = "admin@wgportal.local"
|
||||
cfg.Core.AdminPassword = "wgportal"
|
||||
cfg.Core.LdapEnabled = false
|
||||
cfg.Core.SessionSecret = "secret"
|
||||
|
||||
cfg.Database.Typ = "sqlite"
|
||||
cfg.Database.Database = "data/wg_portal.db"
|
||||
|
|
|
@ -4,6 +4,8 @@ import (
|
|||
"net/http"
|
||||
"strings"
|
||||
|
||||
csrf "github.com/utrack/gin-csrf"
|
||||
|
||||
"github.com/gin-gonic/gin"
|
||||
"github.com/h44z/wg-portal/internal/authentication"
|
||||
"github.com/h44z/wg-portal/internal/users"
|
||||
|
@ -31,6 +33,7 @@ func (s *Server) GetLogin(c *gin.Context) {
|
|||
"error": authError != "",
|
||||
"message": errMsg,
|
||||
"static": s.getStaticData(),
|
||||
"Csrf": csrf.GetToken(c),
|
||||
})
|
||||
}
|
||||
|
||||
|
|
|
@ -4,13 +4,10 @@ import (
|
|||
"net/http"
|
||||
"strconv"
|
||||
|
||||
"github.com/h44z/wg-portal/internal/users"
|
||||
|
||||
"github.com/h44z/wg-portal/internal/common"
|
||||
|
||||
"github.com/pkg/errors"
|
||||
|
||||
"github.com/gin-gonic/gin"
|
||||
"github.com/h44z/wg-portal/internal/common"
|
||||
"github.com/h44z/wg-portal/internal/users"
|
||||
"github.com/pkg/errors"
|
||||
)
|
||||
|
||||
func (s *Server) GetHandleError(c *gin.Context, code int, message, details string) {
|
||||
|
|
|
@ -4,10 +4,10 @@ import (
|
|||
"net/http"
|
||||
"strings"
|
||||
|
||||
"github.com/h44z/wg-portal/internal/wireguard"
|
||||
|
||||
"github.com/gin-gonic/gin"
|
||||
"github.com/h44z/wg-portal/internal/common"
|
||||
"github.com/h44z/wg-portal/internal/wireguard"
|
||||
csrf "github.com/utrack/gin-csrf"
|
||||
)
|
||||
|
||||
func (s *Server) GetAdminEditInterface(c *gin.Context) {
|
||||
|
@ -27,6 +27,7 @@ func (s *Server) GetAdminEditInterface(c *gin.Context) {
|
|||
"Device": currentSession.FormData.(wireguard.Device),
|
||||
"EditableKeys": s.config.Core.EditableKeys,
|
||||
"DeviceNames": s.wg.Cfg.DeviceNames,
|
||||
"Csrf": csrf.GetToken(c),
|
||||
})
|
||||
}
|
||||
|
||||
|
|
|
@ -14,6 +14,7 @@ import (
|
|||
"github.com/h44z/wg-portal/internal/wireguard"
|
||||
"github.com/sirupsen/logrus"
|
||||
"github.com/tatsushid/go-fastping"
|
||||
csrf "github.com/utrack/gin-csrf"
|
||||
)
|
||||
|
||||
type LdapCreateForm struct {
|
||||
|
@ -39,6 +40,7 @@ func (s *Server) GetAdminEditPeer(c *gin.Context) {
|
|||
"EditableKeys": s.config.Core.EditableKeys,
|
||||
"Device": s.peers.GetDevice(currentSession.DeviceName),
|
||||
"DeviceNames": s.wg.Cfg.DeviceNames,
|
||||
"Csrf": csrf.GetToken(c),
|
||||
})
|
||||
}
|
||||
|
||||
|
@ -99,6 +101,7 @@ func (s *Server) GetAdminCreatePeer(c *gin.Context) {
|
|||
"EditableKeys": s.config.Core.EditableKeys,
|
||||
"Device": s.peers.GetDevice(currentSession.DeviceName),
|
||||
"DeviceNames": s.wg.Cfg.DeviceNames,
|
||||
"Csrf": csrf.GetToken(c),
|
||||
})
|
||||
}
|
||||
|
||||
|
@ -154,6 +157,7 @@ func (s *Server) GetAdminCreateLdapPeers(c *gin.Context) {
|
|||
"FormData": currentSession.FormData.(LdapCreateForm),
|
||||
"Device": s.peers.GetDevice(currentSession.DeviceName),
|
||||
"DeviceNames": s.wg.Cfg.DeviceNames,
|
||||
"Csrf": csrf.GetToken(c),
|
||||
})
|
||||
}
|
||||
|
||||
|
|
|
@ -7,6 +7,7 @@ import (
|
|||
|
||||
"github.com/gin-gonic/gin"
|
||||
"github.com/h44z/wg-portal/internal/users"
|
||||
csrf "github.com/utrack/gin-csrf"
|
||||
"golang.org/x/crypto/bcrypt"
|
||||
"gorm.io/gorm"
|
||||
)
|
||||
|
@ -79,6 +80,7 @@ func (s *Server) GetAdminUsersEdit(c *gin.Context) {
|
|||
"Device": s.peers.GetDevice(currentSession.DeviceName),
|
||||
"DeviceNames": s.wg.Cfg.DeviceNames,
|
||||
"Epoch": time.Time{},
|
||||
"Csrf": csrf.GetToken(c),
|
||||
})
|
||||
}
|
||||
|
||||
|
@ -156,6 +158,7 @@ func (s *Server) GetAdminUsersCreate(c *gin.Context) {
|
|||
"Device": s.peers.GetDevice(currentSession.DeviceName),
|
||||
"DeviceNames": s.wg.Cfg.DeviceNames,
|
||||
"Epoch": time.Time{},
|
||||
"Csrf": csrf.GetToken(c),
|
||||
})
|
||||
}
|
||||
|
||||
|
|
|
@ -26,6 +26,7 @@ import (
|
|||
"github.com/pkg/errors"
|
||||
"github.com/sirupsen/logrus"
|
||||
ginlogrus "github.com/toorop/gin-logrus"
|
||||
csrf "github.com/utrack/gin-csrf"
|
||||
"gorm.io/gorm"
|
||||
)
|
||||
|
||||
|
@ -111,6 +112,14 @@ func (s *Server) Setup(ctx context.Context) error {
|
|||
s.server.Use(ginlogrus.Logger(logrus.StandardLogger()))
|
||||
}
|
||||
s.server.Use(gin.Recovery())
|
||||
s.server.Use(sessions.Sessions("authsession", memstore.NewStore([]byte(s.config.Core.SessionSecret))))
|
||||
s.server.Use(csrf.Middleware(csrf.Options{
|
||||
Secret: s.config.Core.SessionSecret,
|
||||
ErrorFunc: func(c *gin.Context) {
|
||||
c.String(400, "CSRF token mismatch")
|
||||
c.Abort()
|
||||
},
|
||||
}))
|
||||
s.server.SetFuncMap(template.FuncMap{
|
||||
"formatBytes": common.ByteCountSI,
|
||||
"urlEncode": url.QueryEscape,
|
||||
|
@ -128,7 +137,6 @@ func (s *Server) Setup(ctx context.Context) error {
|
|||
// Setup templates
|
||||
templates := template.Must(template.New("").Funcs(s.server.FuncMap).ParseFS(wgportal.Templates, "assets/tpl/*.html"))
|
||||
s.server.SetHTMLTemplate(templates)
|
||||
s.server.Use(sessions.Sessions("authsession", memstore.NewStore([]byte("secret")))) // TODO: change key?
|
||||
|
||||
// Serve static files
|
||||
s.server.StaticFS("/css", http.FS(fsMust(fs.Sub(wgportal.Statics, "assets/css"))))
|
||||
|
|
|
@ -8,10 +8,9 @@ import (
|
|||
"syscall"
|
||||
"time"
|
||||
|
||||
"github.com/h44z/wg-portal/internal/wireguard"
|
||||
|
||||
"github.com/h44z/wg-portal/internal/common"
|
||||
"github.com/h44z/wg-portal/internal/users"
|
||||
"github.com/h44z/wg-portal/internal/wireguard"
|
||||
"github.com/pkg/errors"
|
||||
"github.com/sirupsen/logrus"
|
||||
"golang.zx2c4.com/wireguard/wgctrl/wgtypes"
|
||||
|
|
Loading…
Reference in New Issue