diff --git a/assets/tpl/index.html b/assets/tpl/index.html
index 749fbd5..fe13534 100644
--- a/assets/tpl/index.html
+++ b/assets/tpl/index.html
@@ -5,8 +5,8 @@
-
{{ .static.WebsiteTitle }}
-
+
{{ .Static.WebsiteTitle }}
+
diff --git a/internal/server/core.go b/internal/server/core.go
index 063ad53..c55e090 100644
--- a/internal/server/core.go
+++ b/internal/server/core.go
@@ -24,6 +24,9 @@ const CacheRefreshDuration = 5 * time.Minute
func init() {
gob.Register(SessionData{})
+ gob.Register(User{})
+ gob.Register(Device{})
+ gob.Register(LdapCreateForm{})
}
type SessionData struct {
diff --git a/internal/server/handlers.go b/internal/server/handlers.go
index 1a9ad14..3951de1 100644
--- a/internal/server/handlers.go
+++ b/internal/server/handlers.go
@@ -1,8 +1,6 @@
package server
import (
- "crypto/md5"
- "fmt"
"net/http"
"net/url"
"strconv"
@@ -15,16 +13,27 @@ import (
"github.com/h44z/wg-portal/internal/common"
- "golang.zx2c4.com/wireguard/wgctrl/wgtypes"
-
"github.com/gin-gonic/gin"
)
+type LdapCreateForm struct {
+ Emails string `form:"email" binding:"required"`
+ Identifier string `form:"identifier" binding:"required,lte=20"`
+}
+
func (s *Server) GetIndex(c *gin.Context) {
- c.HTML(http.StatusOK, "index.html", gin.H{
- "route": c.Request.URL.Path,
- "session": s.getSessionData(c),
- "static": s.getStaticData(),
+ c.HTML(http.StatusOK, "index.html", struct {
+ Route string
+ Alerts AlertData
+ Session SessionData
+ Static StaticData
+ Device Device
+ }{
+ Route: c.Request.URL.Path,
+ Alerts: s.getAlertData(c),
+ Session: s.getSessionData(c),
+ Static: s.getStaticData(),
+ Device: s.users.GetDevice(),
})
}
@@ -67,6 +76,12 @@ func (s *Server) GetAdminEditInterface(c *gin.Context) {
device := s.users.GetDevice()
users := s.users.GetAllUsers()
+ currentSession, err := s.setFormInSession(c, device)
+ if err != nil {
+ s.HandleError(c, http.StatusInternalServerError, "Session error", err.Error())
+ return
+ }
+
c.HTML(http.StatusOK, "admin_edit_interface.html", struct {
Route string
Alerts AlertData
@@ -77,18 +92,23 @@ func (s *Server) GetAdminEditInterface(c *gin.Context) {
}{
Route: c.Request.URL.Path,
Alerts: s.getAlertData(c),
- Session: s.getSessionData(c),
+ Session: currentSession,
Static: s.getStaticData(),
Peers: users,
- Device: device,
+ Device: currentSession.FormData.(Device),
})
}
func (s *Server) PostAdminEditInterface(c *gin.Context) {
+ currentSession := s.getSessionData(c)
var formDevice Device
+ if currentSession.FormData != nil {
+ formDevice = currentSession.FormData.(Device)
+ }
if err := c.ShouldBind(&formDevice); err != nil {
+ _ = s.updateFormInSession(c, formDevice)
s.setAlert(c, "failed to bind form data: "+err.Error(), "danger")
- c.Redirect(http.StatusSeeOther, "/admin/device/edit")
+ c.Redirect(http.StatusSeeOther, "/admin/device/edit?formerr=bind")
return
}
// Clean list input
@@ -102,16 +122,18 @@ func (s *Server) PostAdminEditInterface(c *gin.Context) {
// Update WireGuard device
err := s.wg.UpdateDevice(formDevice.DeviceName, formDevice.GetDeviceConfig())
if err != nil {
+ _ = s.updateFormInSession(c, formDevice)
s.setAlert(c, "failed to update device in WireGuard: "+err.Error(), "danger")
- c.Redirect(http.StatusSeeOther, "/admin/device/edit")
+ c.Redirect(http.StatusSeeOther, "/admin/device/edit?formerr=wg")
return
}
// Update in database
err = s.users.UpdateDevice(formDevice)
if err != nil {
+ _ = s.updateFormInSession(c, formDevice)
s.setAlert(c, "failed to update device in database: "+err.Error(), "danger")
- c.Redirect(http.StatusSeeOther, "/admin/device/edit")
+ c.Redirect(http.StatusSeeOther, "/admin/device/edit?formerr=update")
return
}
@@ -123,6 +145,12 @@ func (s *Server) GetAdminEditPeer(c *gin.Context) {
device := s.users.GetDevice()
user := s.users.GetUserByKey(c.Query("pkey"))
+ currentSession, err := s.setFormInSession(c, user)
+ if err != nil {
+ s.HandleError(c, http.StatusInternalServerError, "Session error", err.Error())
+ return
+ }
+
c.HTML(http.StatusOK, "admin_edit_client.html", struct {
Route string
Alerts AlertData
@@ -133,9 +161,9 @@ func (s *Server) GetAdminEditPeer(c *gin.Context) {
}{
Route: c.Request.URL.Path,
Alerts: s.getAlertData(c),
- Session: s.getSessionData(c),
+ Session: currentSession,
Static: s.getStaticData(),
- Peer: user,
+ Peer: currentSession.FormData.(User),
Device: device,
})
}
@@ -144,10 +172,15 @@ func (s *Server) PostAdminEditPeer(c *gin.Context) {
currentUser := s.users.GetUserByKey(c.Query("pkey"))
urlEncodedKey := url.QueryEscape(c.Query("pkey"))
+ currentSession := s.getSessionData(c)
var formUser User
+ if currentSession.FormData != nil {
+ formUser = currentSession.FormData.(User)
+ }
if err := c.ShouldBind(&formUser); err != nil {
+ _ = s.updateFormInSession(c, formUser)
s.setAlert(c, "failed to bind form data: "+err.Error(), "danger")
- c.Redirect(http.StatusSeeOther, "/admin/peer/edit?pkey="+urlEncodedKey)
+ c.Redirect(http.StatusSeeOther, "/admin/peer/edit?pkey="+urlEncodedKey+"&formerr=bind")
return
}
@@ -165,35 +198,11 @@ func (s *Server) PostAdminEditPeer(c *gin.Context) {
formUser.DeactivatedAt = nil
}
- // Update WireGuard device
- if formUser.DeactivatedAt == &now {
- err := s.wg.RemovePeer(formUser.PublicKey)
- if err != nil {
- s.setAlert(c, "failed to remove peer in WireGuard: "+err.Error(), "danger")
- c.Redirect(http.StatusSeeOther, "/admin/peer/edit?pkey="+urlEncodedKey)
- return
- }
- } else if formUser.DeactivatedAt == nil && currentUser.Peer != nil {
- err := s.wg.UpdatePeer(formUser.GetPeerConfig())
- if err != nil {
- s.setAlert(c, "failed to update peer in WireGuard: "+err.Error(), "danger")
- c.Redirect(http.StatusSeeOther, "/admin/peer/edit?pkey="+urlEncodedKey)
- return
- }
- } else if formUser.DeactivatedAt == nil && currentUser.Peer == nil {
- err := s.wg.AddPeer(formUser.GetPeerConfig())
- if err != nil {
- s.setAlert(c, "failed to add peer in WireGuard: "+err.Error(), "danger")
- c.Redirect(http.StatusSeeOther, "/admin/peer/edit?pkey="+urlEncodedKey)
- return
- }
- }
-
// Update in database
- err := s.users.UpdateUser(formUser)
- if err != nil {
- s.setAlert(c, "failed to update user in database: "+err.Error(), "danger")
- c.Redirect(http.StatusSeeOther, "/admin/peer/edit?pkey="+urlEncodedKey)
+ if err := s.UpdateUser(formUser, now); err != nil {
+ _ = s.updateFormInSession(c, formUser)
+ s.setAlert(c, "failed to update user: "+err.Error(), "danger")
+ c.Redirect(http.StatusSeeOther, "/admin/peer/edit?pkey="+urlEncodedKey+"&formerr=update")
return
}
@@ -203,24 +212,12 @@ func (s *Server) PostAdminEditPeer(c *gin.Context) {
func (s *Server) GetAdminCreatePeer(c *gin.Context) {
device := s.users.GetDevice()
- user := User{}
- user.AllowedIPsStr = device.AllowedIPsStr
- user.IPsStr = "" // TODO: add a valid ip here
- psk, err := wgtypes.GenerateKey()
- if err != nil {
- s.HandleError(c, http.StatusInternalServerError, "Preshared key generation error", err.Error())
- return
- }
- key, err := wgtypes.GeneratePrivateKey()
- if err != nil {
- s.HandleError(c, http.StatusInternalServerError, "Private key generation error", err.Error())
- return
- }
- user.PresharedKey = psk.String()
- user.PrivateKey = key.String()
- user.PublicKey = key.PublicKey().String()
- user.UID = fmt.Sprintf("u%x", md5.Sum([]byte(user.PublicKey)))
+ currentSession, err := s.setNewUserFormInSession(c)
+ if err != nil {
+ s.HandleError(c, http.StatusInternalServerError, "Session error", err.Error())
+ return
+ }
c.HTML(http.StatusOK, "admin_edit_client.html", struct {
Route string
Alerts AlertData
@@ -231,18 +228,23 @@ func (s *Server) GetAdminCreatePeer(c *gin.Context) {
}{
Route: c.Request.URL.Path,
Alerts: s.getAlertData(c),
- Session: s.getSessionData(c),
+ Session: currentSession,
Static: s.getStaticData(),
- Peer: user,
+ Peer: currentSession.FormData.(User),
Device: device,
})
}
func (s *Server) PostAdminCreatePeer(c *gin.Context) {
+ currentSession := s.getSessionData(c)
var formUser User
+ if currentSession.FormData != nil {
+ formUser = currentSession.FormData.(User)
+ }
if err := c.ShouldBind(&formUser); err != nil {
+ _ = s.updateFormInSession(c, formUser)
s.setAlert(c, "failed to bind form data: "+err.Error(), "danger")
- c.Redirect(http.StatusSeeOther, "/admin/peer/create")
+ c.Redirect(http.StatusSeeOther, "/admin/peer/create?formerr=bind")
return
}
@@ -258,21 +260,10 @@ func (s *Server) PostAdminCreatePeer(c *gin.Context) {
formUser.DeactivatedAt = &now
}
- // Update WireGuard device
- if formUser.DeactivatedAt == nil {
- err := s.wg.AddPeer(formUser.GetPeerConfig())
- if err != nil {
- s.setAlert(c, "failed to add peer in WireGuard: "+err.Error(), "danger")
- c.Redirect(http.StatusSeeOther, "/admin/peer/create")
- return
- }
- }
-
- // Create in database
- err := s.users.CreateUser(formUser)
- if err != nil {
- s.setAlert(c, "failed to add user in database: "+err.Error(), "danger")
- c.Redirect(http.StatusSeeOther, "/admin/peer/create")
+ if err := s.CreateUser(formUser); err != nil {
+ _ = s.updateFormInSession(c, formUser)
+ s.setAlert(c, "failed to add user: "+err.Error(), "danger")
+ c.Redirect(http.StatusSeeOther, "/admin/peer/create?formerr=create")
return
}
@@ -281,84 +272,62 @@ func (s *Server) PostAdminCreatePeer(c *gin.Context) {
}
func (s *Server) GetAdminCreateLdapPeers(c *gin.Context) {
- device := s.users.GetDevice()
+ currentSession, err := s.setFormInSession(c, LdapCreateForm{Identifier: "Default"})
+ if err != nil {
+ s.HandleError(c, http.StatusInternalServerError, "Session error", err.Error())
+ return
+ }
c.HTML(http.StatusOK, "admin_create_clients.html", struct {
- Route string
- Alerts AlertData
- Session SessionData
- Static StaticData
- Users []*ldap.UserCacheHolderEntry
- Device Device
+ Route string
+ Alerts AlertData
+ Session SessionData
+ Static StaticData
+ Users []*ldap.UserCacheHolderEntry
+ FormData LdapCreateForm
+ Device Device
}{
- Route: c.Request.URL.Path,
- Alerts: s.getAlertData(c),
- Session: s.getSessionData(c),
- Static: s.getStaticData(),
- Users: s.ldapUsers.GetSortedUsers("sn", "asc"),
- Device: device,
+ Route: c.Request.URL.Path,
+ Alerts: s.getAlertData(c),
+ Session: currentSession,
+ Static: s.getStaticData(),
+ Users: s.ldapUsers.GetSortedUsers("sn", "asc"),
+ FormData: currentSession.FormData.(LdapCreateForm),
+ Device: s.users.GetDevice(),
})
}
func (s *Server) PostAdminCreateLdapPeers(c *gin.Context) {
- email := c.PostForm("email")
- identifier := c.PostForm("identifier")
- if identifier == "" {
- identifier = "Default"
+ currentSession := s.getSessionData(c)
+ var formData LdapCreateForm
+ if currentSession.FormData != nil {
+ formData = currentSession.FormData.(LdapCreateForm)
}
- if email == "" {
- s.setAlert(c, "missing email address", "danger")
- c.Redirect(http.StatusSeeOther, "/admin/peer/createldap")
+ if err := c.ShouldBind(&formData); err != nil {
+ _ = s.updateFormInSession(c, formData)
+ s.setAlert(c, "failed to bind form data: "+err.Error(), "danger")
+ c.Redirect(http.StatusSeeOther, "/admin/peer/createldap?formerr=bind")
return
}
- emails := common.ParseStringList(email)
+
+ emails := common.ParseStringList(formData.Emails)
for i := range emails {
// TODO: also check email addr for validity?
if !strings.ContainsRune(emails[i], '@') || s.ldapUsers.GetUserDNByMail(emails[i]) == "" {
+ _ = s.updateFormInSession(c, formData)
s.setAlert(c, "invalid email address: "+emails[i], "danger")
- c.Redirect(http.StatusSeeOther, "/admin/peer/createldap")
+ c.Redirect(http.StatusSeeOther, "/admin/peer/createldap?formerr=mail")
return
}
}
log.Infof("creating %d ldap peers", len(emails))
- device := s.users.GetDevice()
for i := range emails {
- ldapUser := s.ldapUsers.GetUserData(s.ldapUsers.GetUserDNByMail(emails[i]))
- user := User{}
- user.AllowedIPsStr = device.AllowedIPsStr
- user.IPsStr = "" // TODO: add a valid ip here
- psk, err := wgtypes.GenerateKey()
- if err != nil {
- s.HandleError(c, http.StatusInternalServerError, "Preshared key generation error", err.Error())
- return
- }
- key, err := wgtypes.GeneratePrivateKey()
- if err != nil {
- s.HandleError(c, http.StatusInternalServerError, "Private key generation error", err.Error())
- return
- }
- user.PresharedKey = psk.String()
- user.PrivateKey = key.String()
- user.PublicKey = key.PublicKey().String()
- user.UID = fmt.Sprintf("u%x", md5.Sum([]byte(user.PublicKey)))
- user.Email = emails[i]
- user.Identifier = fmt.Sprintf("%s %s (%s)", ldapUser.Firstname, ldapUser.Lastname, identifier)
-
- // Create wireguard interface
- err = s.wg.AddPeer(user.GetPeerConfig())
- if err != nil {
- s.setAlert(c, "failed to add peer in WireGuard: "+err.Error(), "danger")
- c.Redirect(http.StatusSeeOther, "/admin/peer/createldap")
- return
- }
-
- // Create in database
- err = s.users.CreateUser(user)
- if err != nil {
- s.setAlert(c, "failed to add user in database: "+err.Error(), "danger")
- c.Redirect(http.StatusSeeOther, "/admin/peer/createldap")
+ if err := s.CreateUserByEmail(emails[i], formData.Identifier, false); err != nil {
+ _ = s.updateFormInSession(c, formData)
+ s.setAlert(c, "failed to add user: "+err.Error(), "danger")
+ c.Redirect(http.StatusSeeOther, "/admin/peer/createldap?formerr=create")
return
}
}
@@ -377,3 +346,48 @@ func (s *Server) GetUserQRCode(c *gin.Context) {
c.Data(http.StatusOK, "image/png", png)
return
}
+
+func (s *Server) updateFormInSession(c *gin.Context, formData interface{}) error {
+ currentSession := s.getSessionData(c)
+ currentSession.FormData = formData
+
+ if err := s.updateSessionData(c, currentSession); err != nil {
+ return err
+ }
+
+ return nil
+}
+
+func (s *Server) setNewUserFormInSession(c *gin.Context) (SessionData, error) {
+ currentSession := s.getSessionData(c)
+ // If session does not contain a user form ignore update
+ // If url contains a formerr parameter reset the form
+ if currentSession.FormData == nil || c.Query("formerr") == "" {
+ user, err := s.PrepareNewUser()
+ if err != nil {
+ return currentSession, err
+ }
+ currentSession.FormData = user
+ }
+
+ if err := s.updateSessionData(c, currentSession); err != nil {
+ return currentSession, err
+ }
+
+ return currentSession, nil
+}
+
+func (s *Server) setFormInSession(c *gin.Context, formData interface{}) (SessionData, error) {
+ currentSession := s.getSessionData(c)
+ // If session does not contain a form ignore update
+ // If url contains a formerr parameter reset the form
+ if currentSession.FormData == nil || c.Query("formerr") == "" {
+ currentSession.FormData = formData
+ }
+
+ if err := s.updateSessionData(c, currentSession); err != nil {
+ return currentSession, err
+ }
+
+ return currentSession, nil
+}
diff --git a/internal/server/helper.go b/internal/server/helper.go
new file mode 100644
index 0000000..ac45e62
--- /dev/null
+++ b/internal/server/helper.go
@@ -0,0 +1,149 @@
+package server
+
+import (
+ "crypto/md5"
+ "errors"
+ "fmt"
+ "time"
+
+ "github.com/h44z/wg-portal/internal/common"
+
+ "golang.zx2c4.com/wireguard/wgctrl/wgtypes"
+)
+
+func (s *Server) PrepareNewUser() (User, error) {
+ device := s.users.GetDevice()
+
+ user := User{}
+ user.IsNew = true
+ user.AllowedIPsStr = device.AllowedIPsStr
+ user.IPs = make([]string, len(device.IPs))
+ for i := range device.IPs {
+ freeIP, err := s.users.GetAvailableIp(device.IPs[i])
+ if err != nil {
+ return User{}, err
+ }
+ user.IPs[i] = freeIP
+ }
+ user.IPsStr = common.ListToString(user.IPs)
+ psk, err := wgtypes.GenerateKey()
+ if err != nil {
+ return User{}, err
+ }
+ key, err := wgtypes.GeneratePrivateKey()
+ if err != nil {
+ return User{}, err
+ }
+ user.PresharedKey = psk.String()
+ user.PrivateKey = key.String()
+ user.PublicKey = key.PublicKey().String()
+ user.UID = fmt.Sprintf("u%x", md5.Sum([]byte(user.PublicKey)))
+
+ return user, nil
+}
+
+func (s *Server) CreateUserByEmail(email, identifierSuffix string, disabled bool) error {
+ ldapUser := s.ldapUsers.GetUserData(s.ldapUsers.GetUserDNByMail(email))
+ if ldapUser.DN == "" {
+ return errors.New("no user with email " + email + " found")
+ }
+
+ device := s.users.GetDevice()
+ user := User{}
+ user.AllowedIPsStr = device.AllowedIPsStr
+ user.IPsStr = "" // TODO: add a valid ip here
+ psk, err := wgtypes.GenerateKey()
+ if err != nil {
+ return err
+ }
+ key, err := wgtypes.GeneratePrivateKey()
+ if err != nil {
+ return err
+ }
+ user.PresharedKey = psk.String()
+ user.PrivateKey = key.String()
+ user.PublicKey = key.PublicKey().String()
+ user.UID = fmt.Sprintf("u%x", md5.Sum([]byte(user.PublicKey)))
+ user.Email = email
+ user.Identifier = fmt.Sprintf("%s %s (%s)", ldapUser.Firstname, ldapUser.Lastname, identifierSuffix)
+ now := time.Now()
+ if disabled {
+ user.DeactivatedAt = &now
+ }
+
+ return s.CreateUser(user)
+}
+
+func (s *Server) CreateUser(user User) error {
+
+ device := s.users.GetDevice()
+ user.AllowedIPsStr = device.AllowedIPsStr
+ user.IPsStr = "" // TODO: add a valid ip here
+ if user.PrivateKey == "" { // if private key is empty create a new one
+ psk, err := wgtypes.GenerateKey()
+ if err != nil {
+ return err
+ }
+ key, err := wgtypes.GeneratePrivateKey()
+ if err != nil {
+ return err
+ }
+ user.PresharedKey = psk.String()
+ user.PrivateKey = key.String()
+ user.PublicKey = key.PublicKey().String()
+ }
+ user.UID = fmt.Sprintf("u%x", md5.Sum([]byte(user.PublicKey)))
+
+ // Create wireguard interface
+ if user.DeactivatedAt == nil {
+ if err := s.wg.AddPeer(user.GetPeerConfig()); err != nil {
+ return err
+ }
+ }
+
+ // Create in database
+ if err := s.users.CreateUser(user); err != nil {
+ return err
+ }
+
+ return nil
+}
+
+func (s *Server) UpdateUser(user User, updateTime time.Time) error {
+ currentUser := s.users.GetUserByKey(user.PublicKey)
+
+ // Update WireGuard device
+ var err error
+ switch {
+ case user.DeactivatedAt == &updateTime:
+ err = s.wg.RemovePeer(user.PublicKey)
+ case user.DeactivatedAt == nil && currentUser.Peer != nil:
+ err = s.wg.UpdatePeer(user.GetPeerConfig())
+ case user.DeactivatedAt == nil && currentUser.Peer == nil:
+ err = s.wg.AddPeer(user.GetPeerConfig())
+ }
+ if err != nil {
+ return err
+ }
+
+ // Update in database
+ if err := s.users.UpdateUser(user); err != nil {
+ return err
+ }
+
+ return nil
+}
+
+func (s *Server) DeleteUser(user User) error {
+ // Delete WireGuard peer
+ if err := s.wg.RemovePeer(user.PublicKey); err != nil {
+ return err
+ }
+
+ // Delete in database
+ if err := s.users.DeleteUser(user); err != nil {
+ return err
+ }
+
+ return nil
+}
diff --git a/internal/server/usermanager.go b/internal/server/usermanager.go
index a9316e9..1af6f0f 100644
--- a/internal/server/usermanager.go
+++ b/internal/server/usermanager.go
@@ -6,6 +6,7 @@ import (
"errors"
"fmt"
"net"
+ "reflect"
"strings"
"text/template"
"time"
@@ -73,6 +74,7 @@ type User struct {
UID string `form:"uid" binding:"alphanum"` // uid for html identification
IsOnline bool `gorm:"-"`
+ IsNew bool `gorm:"-"`
Identifier string `form:"identifier" binding:"required,lt=64"` // Identifier AND Email make a WireGuard peer unique
Email string `gorm:"index" form:"mail" binding:"required,email"`
@@ -161,6 +163,26 @@ func (u User) IsValid() bool {
return true
}
+func (u User) ToMap() map[string]string {
+ out := make(map[string]string)
+
+ v := reflect.ValueOf(u)
+ if v.Kind() == reflect.Ptr {
+ v = v.Elem()
+ }
+
+ typ := v.Type()
+ for i := 0; i < v.NumField(); i++ {
+ // gets us a StructField
+ fi := typ.Field(i)
+ if tagv := fi.Tag.Get("form"); tagv != "" {
+ // set key of map to value in struct field
+ out[tagv] = v.Field(i).String()
+ }
+ }
+ return out
+}
+
//
// DEVICE --------------------------------------------------------------------------------------
//
@@ -417,6 +439,16 @@ func (u *UserManager) UpdateUser(user User) error {
return nil
}
+func (u *UserManager) DeleteUser(user User) error {
+ res := u.db.Delete(&user)
+ if res.Error != nil {
+ log.Errorf("failed to delete user: %v", res.Error)
+ return res.Error
+ }
+
+ return nil
+}
+
func (u *UserManager) UpdateDevice(device Device) error {
device.UpdatedAt = time.Now()
device.AllowedIPsStr = strings.Join(device.AllowedIPs, ", ")
@@ -437,36 +469,67 @@ func (u *UserManager) GetAllReservedIps() ([]string, error) {
users := u.GetAllUsers()
for _, user := range users {
for _, cidr := range user.IPs {
+ if cidr == "" {
+ continue
+ }
ip, _, err := net.ParseCIDR(cidr)
if err != nil {
- log.WithFields(log.Fields{
- "err": err,
- "cidr": cidr,
- }).Error("failed to ip from cidr")
- } else {
- reservedIps = append(reservedIps, ip.String())
+ return nil, err
}
+ reservedIps = append(reservedIps, ip.String())
}
}
device := u.GetDevice()
for _, cidr := range device.IPs {
+ if cidr == "" {
+ continue
+ }
ip, _, err := net.ParseCIDR(cidr)
if err != nil {
- log.WithFields(log.Fields{
- "err": err,
- "cidr": cidr,
- }).Error("failed to ip from cidr")
- } else {
- reservedIps = append(reservedIps, ip.String())
+ return nil, err
}
+
+ reservedIps = append(reservedIps, ip.String())
}
return reservedIps, nil
}
+func (u *UserManager) IsIPReserved(cidr string) bool {
+ reserved, err := u.GetAllReservedIps()
+ if err != nil {
+ return true // in case something failed, assume the ip is reserved
+ }
+ ip, ipnet, err := net.ParseCIDR(cidr)
+ if err != nil {
+ return true
+ }
+
+ // this two addresses are not usable
+ broadcastAddr := common.BroadcastAddr(ipnet).String()
+ networkAddr := ipnet.IP.String()
+ address := ip.String()
+
+ if address == broadcastAddr || address == networkAddr {
+ return true
+ }
+
+ for _, r := range reserved {
+ if address == r {
+ return true
+ }
+ }
+
+ return false
+}
+
// GetAvailableIp search for an available ip in cidr against a list of reserved ips
-func (u *UserManager) GetAvailableIp(cidr string, reserved []string) (string, error) {
+func (u *UserManager) GetAvailableIp(cidr string) (string, error) {
+ reserved, err := u.GetAllReservedIps()
+ if err != nil {
+ return "", err
+ }
ip, ipnet, err := net.ParseCIDR(cidr)
if err != nil {
return "", err
@@ -486,7 +549,11 @@ func (u *UserManager) GetAvailableIp(cidr string, reserved []string) (string, er
}
}
if ok && address != networkAddr && address != broadcastAddr {
- return address, nil
+ netMask := "/32"
+ if common.IsIPv6(address) {
+ netMask = "/128"
+ }
+ return address + netMask, nil
}
}