This commit is contained in:
Christoph Haas 2021-03-22 22:51:37 +01:00
parent 68507c3bcd
commit 588f8c7c70
14 changed files with 35 additions and 14 deletions

View File

@ -20,6 +20,7 @@
<h2>Enter valid LDAP user email addresses to quickly create new accounts.</h2>
{{template "prt_flashes.html" .}}
<form method="post" enctype="multipart/form-data">
<input type="hidden" name="_csrf" value="{{.Csrf}}">
<div class="form-row">
<div class="form-group required col-md-12">
<label for="inputEmail">Email Addresses</label>

View File

@ -22,6 +22,7 @@
{{template "prt_flashes.html" .}}
<form method="post" enctype="multipart/form-data">
<input type="hidden" name="_csrf" value="{{.Csrf}}">
<input type="hidden" name="uid" value="{{.Peer.UID}}">
{{if .EditableKeys}}
<div class="form-row">

View File

@ -17,6 +17,7 @@
{{template "prt_flashes.html" .}}
<form method="post" enctype="multipart/form-data">
<input type="hidden" name="_csrf" value="{{.Csrf}}">
<input type="hidden" name="device" value="{{.Device.DeviceName}}">
<h3>Server's interface configuration</h3>
{{if .EditableKeys}}

View File

@ -14,7 +14,7 @@
{{template "prt_nav.html" .}}
<div class="container mt-5">
{{if eq .User.CreatedAt .Epoch}}
<h1>Create a new user</h1><!-- fix me!!! -.>
<h1>Create a new user</h1>
{{else}}
<h1>Edit user <strong>{{.User.Email}}</strong></h1>
{{end}}
@ -22,6 +22,7 @@
{{template "prt_flashes.html" .}}
<form method="post" enctype="multipart/form-data">
<input type="hidden" name="_csrf" value="{{.Csrf}}">
{{if eq .User.CreatedAt .Epoch}}
<div class="form-row">
<div class="form-group required col-md-12">

View File

@ -19,6 +19,7 @@
<div class="card-header">Please sign in</div>
<div class="card-body">
<form class="form-signin" method="post">
<input type="hidden" name="_csrf" value="{{.Csrf}}">
<div class="form-group">
<label for="inputUsername">Email</label>
<input type="text" name="username" class="form-control" id="inputUsername" aria-describedby="usernameHelp" placeholder="Enter email">

3
go.mod
View File

@ -11,13 +11,12 @@ require (
github.com/jordan-wright/email v4.0.1-0.20200917010138-e1c00e156980+incompatible
github.com/kelseyhightower/envconfig v1.4.0
github.com/milosgajdos/tenus v0.0.3
github.com/mitchellh/gox v1.0.1 // indirect
github.com/necrose99/gox v0.4.0 // indirect
github.com/pkg/errors v0.9.1
github.com/sirupsen/logrus v1.7.0
github.com/skip2/go-qrcode v0.0.0-20200617195104-da1b6568686e
github.com/tatsushid/go-fastping v0.0.0-20160109021039-d7bb493dee3e
github.com/toorop/gin-logrus v0.0.0-20200831135515-d2ee50d38dae
github.com/utrack/gin-csrf v0.0.0-20190424104817-40fb8d2c8fca
golang.org/x/crypto v0.0.0-20200604202706-70a84ac30bf9
golang.zx2c4.com/wireguard/wgctrl v0.0.0-20200609130330-bd2cb7843e1b
gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c

View File

@ -65,6 +65,7 @@ type Config struct {
EditableKeys bool `yaml:"editableKeys" envconfig:"EDITABLE_KEYS"`
CreateDefaultPeer bool `yaml:"createDefaultPeer" envconfig:"CREATE_DEFAULT_PEER"`
LdapEnabled bool `yaml:"ldapEnabled" envconfig:"LDAP_ENABLED"`
SessionSecret string `yaml:"sessionSecret" envconfig:"SESSION_SECRET"`
} `yaml:"core"`
Database common.DatabaseConfig `yaml:"database"`
Email common.MailConfig `yaml:"email"`
@ -84,6 +85,7 @@ func NewConfig() *Config {
cfg.Core.AdminUser = "admin@wgportal.local"
cfg.Core.AdminPassword = "wgportal"
cfg.Core.LdapEnabled = false
cfg.Core.SessionSecret = "secret"
cfg.Database.Typ = "sqlite"
cfg.Database.Database = "data/wg_portal.db"

View File

@ -4,6 +4,8 @@ import (
"net/http"
"strings"
csrf "github.com/utrack/gin-csrf"
"github.com/gin-gonic/gin"
"github.com/h44z/wg-portal/internal/authentication"
"github.com/h44z/wg-portal/internal/users"
@ -31,6 +33,7 @@ func (s *Server) GetLogin(c *gin.Context) {
"error": authError != "",
"message": errMsg,
"static": s.getStaticData(),
"Csrf": csrf.GetToken(c),
})
}

View File

@ -4,13 +4,10 @@ import (
"net/http"
"strconv"
"github.com/h44z/wg-portal/internal/users"
"github.com/h44z/wg-portal/internal/common"
"github.com/pkg/errors"
"github.com/gin-gonic/gin"
"github.com/h44z/wg-portal/internal/common"
"github.com/h44z/wg-portal/internal/users"
"github.com/pkg/errors"
)
func (s *Server) GetHandleError(c *gin.Context, code int, message, details string) {

View File

@ -4,10 +4,10 @@ import (
"net/http"
"strings"
"github.com/h44z/wg-portal/internal/wireguard"
"github.com/gin-gonic/gin"
"github.com/h44z/wg-portal/internal/common"
"github.com/h44z/wg-portal/internal/wireguard"
csrf "github.com/utrack/gin-csrf"
)
func (s *Server) GetAdminEditInterface(c *gin.Context) {
@ -27,6 +27,7 @@ func (s *Server) GetAdminEditInterface(c *gin.Context) {
"Device": currentSession.FormData.(wireguard.Device),
"EditableKeys": s.config.Core.EditableKeys,
"DeviceNames": s.wg.Cfg.DeviceNames,
"Csrf": csrf.GetToken(c),
})
}

View File

@ -14,6 +14,7 @@ import (
"github.com/h44z/wg-portal/internal/wireguard"
"github.com/sirupsen/logrus"
"github.com/tatsushid/go-fastping"
csrf "github.com/utrack/gin-csrf"
)
type LdapCreateForm struct {
@ -39,6 +40,7 @@ func (s *Server) GetAdminEditPeer(c *gin.Context) {
"EditableKeys": s.config.Core.EditableKeys,
"Device": s.peers.GetDevice(currentSession.DeviceName),
"DeviceNames": s.wg.Cfg.DeviceNames,
"Csrf": csrf.GetToken(c),
})
}
@ -99,6 +101,7 @@ func (s *Server) GetAdminCreatePeer(c *gin.Context) {
"EditableKeys": s.config.Core.EditableKeys,
"Device": s.peers.GetDevice(currentSession.DeviceName),
"DeviceNames": s.wg.Cfg.DeviceNames,
"Csrf": csrf.GetToken(c),
})
}
@ -154,6 +157,7 @@ func (s *Server) GetAdminCreateLdapPeers(c *gin.Context) {
"FormData": currentSession.FormData.(LdapCreateForm),
"Device": s.peers.GetDevice(currentSession.DeviceName),
"DeviceNames": s.wg.Cfg.DeviceNames,
"Csrf": csrf.GetToken(c),
})
}

View File

@ -7,6 +7,7 @@ import (
"github.com/gin-gonic/gin"
"github.com/h44z/wg-portal/internal/users"
csrf "github.com/utrack/gin-csrf"
"golang.org/x/crypto/bcrypt"
"gorm.io/gorm"
)
@ -79,6 +80,7 @@ func (s *Server) GetAdminUsersEdit(c *gin.Context) {
"Device": s.peers.GetDevice(currentSession.DeviceName),
"DeviceNames": s.wg.Cfg.DeviceNames,
"Epoch": time.Time{},
"Csrf": csrf.GetToken(c),
})
}
@ -156,6 +158,7 @@ func (s *Server) GetAdminUsersCreate(c *gin.Context) {
"Device": s.peers.GetDevice(currentSession.DeviceName),
"DeviceNames": s.wg.Cfg.DeviceNames,
"Epoch": time.Time{},
"Csrf": csrf.GetToken(c),
})
}

View File

@ -26,6 +26,7 @@ import (
"github.com/pkg/errors"
"github.com/sirupsen/logrus"
ginlogrus "github.com/toorop/gin-logrus"
csrf "github.com/utrack/gin-csrf"
"gorm.io/gorm"
)
@ -111,6 +112,14 @@ func (s *Server) Setup(ctx context.Context) error {
s.server.Use(ginlogrus.Logger(logrus.StandardLogger()))
}
s.server.Use(gin.Recovery())
s.server.Use(sessions.Sessions("authsession", memstore.NewStore([]byte(s.config.Core.SessionSecret))))
s.server.Use(csrf.Middleware(csrf.Options{
Secret: s.config.Core.SessionSecret,
ErrorFunc: func(c *gin.Context) {
c.String(400, "CSRF token mismatch")
c.Abort()
},
}))
s.server.SetFuncMap(template.FuncMap{
"formatBytes": common.ByteCountSI,
"urlEncode": url.QueryEscape,
@ -128,7 +137,6 @@ func (s *Server) Setup(ctx context.Context) error {
// Setup templates
templates := template.Must(template.New("").Funcs(s.server.FuncMap).ParseFS(wgportal.Templates, "assets/tpl/*.html"))
s.server.SetHTMLTemplate(templates)
s.server.Use(sessions.Sessions("authsession", memstore.NewStore([]byte("secret")))) // TODO: change key?
// Serve static files
s.server.StaticFS("/css", http.FS(fsMust(fs.Sub(wgportal.Statics, "assets/css"))))

View File

@ -8,10 +8,9 @@ import (
"syscall"
"time"
"github.com/h44z/wg-portal/internal/wireguard"
"github.com/h44z/wg-portal/internal/common"
"github.com/h44z/wg-portal/internal/users"
"github.com/h44z/wg-portal/internal/wireguard"
"github.com/pkg/errors"
"github.com/sirupsen/logrus"
"golang.zx2c4.com/wireguard/wgctrl/wgtypes"