mirror of
https://github.com/DJSundog/wg-portal.git
synced 2024-11-23 07:03:50 -05:00
wip: create/update/...
This commit is contained in:
parent
a617cb1059
commit
5a933f20c9
@ -18,7 +18,7 @@
|
|||||||
{{template "prt_nav.html" .}}
|
{{template "prt_nav.html" .}}
|
||||||
<div class="container">
|
<div class="container">
|
||||||
<h1>Create new clients</h1>
|
<h1>Create new clients</h1>
|
||||||
|
<h2>Enter valid LDAP user email addresses to quickly create new accounts.</h2>
|
||||||
{{if $.Alerts.HasAlert}}
|
{{if $.Alerts.HasAlert}}
|
||||||
<div class="row">
|
<div class="row">
|
||||||
<div class="form-row">
|
<div class="form-row">
|
||||||
@ -35,13 +35,13 @@
|
|||||||
<div class="form-row">
|
<div class="form-row">
|
||||||
<div class="form-group col-md-12">
|
<div class="form-group col-md-12">
|
||||||
<label for="inputEmail">Email Addresses</label>
|
<label for="inputEmail">Email Addresses</label>
|
||||||
<input type="text" name="email" class="form-control" id="inputEmail">
|
<input type="text" name="email" class="form-control" id="inputEmail" value="{{.FormData.Emails}}">
|
||||||
</div>
|
</div>
|
||||||
</div>
|
</div>
|
||||||
<div class="form-row">
|
<div class="form-row">
|
||||||
<div class="form-group col-md-12">
|
<div class="form-group col-md-12">
|
||||||
<label for="inputIdentifier">Client Friendly Name (will be added as suffix to the name of the user)</label>
|
<label for="inputIdentifier">Client Friendly Name (will be added as suffix to the name of the user)</label>
|
||||||
<input type="text" name="identifier" class="form-control" id="inputIdentifier" value="Default">
|
<input type="text" name="identifier" class="form-control" id="inputIdentifier" value="{{.FormData.Identifier}}">
|
||||||
</div>
|
</div>
|
||||||
</div>
|
</div>
|
||||||
|
|
||||||
|
@ -14,7 +14,7 @@
|
|||||||
<body id="page-top">
|
<body id="page-top">
|
||||||
{{template "prt_nav.html" .}}
|
{{template "prt_nav.html" .}}
|
||||||
<div class="container">
|
<div class="container">
|
||||||
{{if eq .Peer.UID ""}}
|
{{if .Peer.IsNew}}
|
||||||
<h1>Create a new client</h1>
|
<h1>Create a new client</h1>
|
||||||
{{else}}
|
{{else}}
|
||||||
<h1>Edit client <strong>{{.Peer.Identifier}}</strong></h1>
|
<h1>Edit client <strong>{{.Peer.Identifier}}</strong></h1>
|
||||||
|
@ -137,7 +137,7 @@
|
|||||||
<a class="nav-link" data-toggle="tab" href="#t2{{$p.UID}}">Configuration</a>
|
<a class="nav-link" data-toggle="tab" href="#t2{{$p.UID}}">Configuration</a>
|
||||||
</li>
|
</li>
|
||||||
<li class="nav-item">
|
<li class="nav-item">
|
||||||
<a class="nav-link" data-toggle="tab" href="#t3{{$p.UID}}">Other</a>
|
<a class="nav-link" data-toggle="tab" href="#t3{{$p.UID}}">Danger Zone</a>
|
||||||
</li>
|
</li>
|
||||||
</ul>
|
</ul>
|
||||||
<div class="tab-content" id="tabContent{{$p.UID}}">
|
<div class="tab-content" id="tabContent{{$p.UID}}">
|
||||||
@ -158,9 +158,7 @@
|
|||||||
<pre>{{$p.Config}}</pre>
|
<pre>{{$p.Config}}</pre>
|
||||||
</div>
|
</div>
|
||||||
<div id="t3{{$p.UID}}" class="tab-pane fade">
|
<div id="t3{{$p.UID}}" class="tab-pane fade">
|
||||||
<ul>
|
<a href="/admin/peer/delete?pkey={{$p.PublicKey}}" class="btn btn-danger" title="Delete peer">Delete</a>
|
||||||
<li>2</li>
|
|
||||||
</ul>
|
|
||||||
</div>
|
</div>
|
||||||
</div>
|
</div>
|
||||||
</div>
|
</div>
|
||||||
|
@ -5,8 +5,8 @@
|
|||||||
<head>
|
<head>
|
||||||
<meta charset="utf-8">
|
<meta charset="utf-8">
|
||||||
<meta name="viewport" content="width=device-width, initial-scale=1.0, shrink-to-fit=no">
|
<meta name="viewport" content="width=device-width, initial-scale=1.0, shrink-to-fit=no">
|
||||||
<title>{{ .static.WebsiteTitle }}</title>
|
<title>{{ .Static.WebsiteTitle }}</title>
|
||||||
<meta name="description" content="{{ .static.WebsiteTitle }}">
|
<meta name="description" content="{{ .Static.WebsiteTitle }}">
|
||||||
<link rel="stylesheet" href="/css/bootstrap.min.css">
|
<link rel="stylesheet" href="/css/bootstrap.min.css">
|
||||||
<!--link rel="stylesheet" href="https://fonts.googleapis.com/css?family=Nunito:200,200i,300,300i,400,400i,600,600i,700,700i,800,800i,900,900i"-->
|
<!--link rel="stylesheet" href="https://fonts.googleapis.com/css?family=Nunito:200,200i,300,300i,400,400i,600,600i,700,700i,800,800i,900,900i"-->
|
||||||
<link rel="stylesheet" href="/fonts/fontawesome-all.min.css">
|
<link rel="stylesheet" href="/fonts/fontawesome-all.min.css">
|
||||||
|
@ -24,6 +24,9 @@ const CacheRefreshDuration = 5 * time.Minute
|
|||||||
|
|
||||||
func init() {
|
func init() {
|
||||||
gob.Register(SessionData{})
|
gob.Register(SessionData{})
|
||||||
|
gob.Register(User{})
|
||||||
|
gob.Register(Device{})
|
||||||
|
gob.Register(LdapCreateForm{})
|
||||||
}
|
}
|
||||||
|
|
||||||
type SessionData struct {
|
type SessionData struct {
|
||||||
|
@ -1,8 +1,6 @@
|
|||||||
package server
|
package server
|
||||||
|
|
||||||
import (
|
import (
|
||||||
"crypto/md5"
|
|
||||||
"fmt"
|
|
||||||
"net/http"
|
"net/http"
|
||||||
"net/url"
|
"net/url"
|
||||||
"strconv"
|
"strconv"
|
||||||
@ -15,16 +13,27 @@ import (
|
|||||||
|
|
||||||
"github.com/h44z/wg-portal/internal/common"
|
"github.com/h44z/wg-portal/internal/common"
|
||||||
|
|
||||||
"golang.zx2c4.com/wireguard/wgctrl/wgtypes"
|
|
||||||
|
|
||||||
"github.com/gin-gonic/gin"
|
"github.com/gin-gonic/gin"
|
||||||
)
|
)
|
||||||
|
|
||||||
|
type LdapCreateForm struct {
|
||||||
|
Emails string `form:"email" binding:"required"`
|
||||||
|
Identifier string `form:"identifier" binding:"required,lte=20"`
|
||||||
|
}
|
||||||
|
|
||||||
func (s *Server) GetIndex(c *gin.Context) {
|
func (s *Server) GetIndex(c *gin.Context) {
|
||||||
c.HTML(http.StatusOK, "index.html", gin.H{
|
c.HTML(http.StatusOK, "index.html", struct {
|
||||||
"route": c.Request.URL.Path,
|
Route string
|
||||||
"session": s.getSessionData(c),
|
Alerts AlertData
|
||||||
"static": s.getStaticData(),
|
Session SessionData
|
||||||
|
Static StaticData
|
||||||
|
Device Device
|
||||||
|
}{
|
||||||
|
Route: c.Request.URL.Path,
|
||||||
|
Alerts: s.getAlertData(c),
|
||||||
|
Session: s.getSessionData(c),
|
||||||
|
Static: s.getStaticData(),
|
||||||
|
Device: s.users.GetDevice(),
|
||||||
})
|
})
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -67,6 +76,12 @@ func (s *Server) GetAdminEditInterface(c *gin.Context) {
|
|||||||
device := s.users.GetDevice()
|
device := s.users.GetDevice()
|
||||||
users := s.users.GetAllUsers()
|
users := s.users.GetAllUsers()
|
||||||
|
|
||||||
|
currentSession, err := s.setFormInSession(c, device)
|
||||||
|
if err != nil {
|
||||||
|
s.HandleError(c, http.StatusInternalServerError, "Session error", err.Error())
|
||||||
|
return
|
||||||
|
}
|
||||||
|
|
||||||
c.HTML(http.StatusOK, "admin_edit_interface.html", struct {
|
c.HTML(http.StatusOK, "admin_edit_interface.html", struct {
|
||||||
Route string
|
Route string
|
||||||
Alerts AlertData
|
Alerts AlertData
|
||||||
@ -77,18 +92,23 @@ func (s *Server) GetAdminEditInterface(c *gin.Context) {
|
|||||||
}{
|
}{
|
||||||
Route: c.Request.URL.Path,
|
Route: c.Request.URL.Path,
|
||||||
Alerts: s.getAlertData(c),
|
Alerts: s.getAlertData(c),
|
||||||
Session: s.getSessionData(c),
|
Session: currentSession,
|
||||||
Static: s.getStaticData(),
|
Static: s.getStaticData(),
|
||||||
Peers: users,
|
Peers: users,
|
||||||
Device: device,
|
Device: currentSession.FormData.(Device),
|
||||||
})
|
})
|
||||||
}
|
}
|
||||||
|
|
||||||
func (s *Server) PostAdminEditInterface(c *gin.Context) {
|
func (s *Server) PostAdminEditInterface(c *gin.Context) {
|
||||||
|
currentSession := s.getSessionData(c)
|
||||||
var formDevice Device
|
var formDevice Device
|
||||||
|
if currentSession.FormData != nil {
|
||||||
|
formDevice = currentSession.FormData.(Device)
|
||||||
|
}
|
||||||
if err := c.ShouldBind(&formDevice); err != nil {
|
if err := c.ShouldBind(&formDevice); err != nil {
|
||||||
|
_ = s.updateFormInSession(c, formDevice)
|
||||||
s.setAlert(c, "failed to bind form data: "+err.Error(), "danger")
|
s.setAlert(c, "failed to bind form data: "+err.Error(), "danger")
|
||||||
c.Redirect(http.StatusSeeOther, "/admin/device/edit")
|
c.Redirect(http.StatusSeeOther, "/admin/device/edit?formerr=bind")
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
// Clean list input
|
// Clean list input
|
||||||
@ -102,16 +122,18 @@ func (s *Server) PostAdminEditInterface(c *gin.Context) {
|
|||||||
// Update WireGuard device
|
// Update WireGuard device
|
||||||
err := s.wg.UpdateDevice(formDevice.DeviceName, formDevice.GetDeviceConfig())
|
err := s.wg.UpdateDevice(formDevice.DeviceName, formDevice.GetDeviceConfig())
|
||||||
if err != nil {
|
if err != nil {
|
||||||
|
_ = s.updateFormInSession(c, formDevice)
|
||||||
s.setAlert(c, "failed to update device in WireGuard: "+err.Error(), "danger")
|
s.setAlert(c, "failed to update device in WireGuard: "+err.Error(), "danger")
|
||||||
c.Redirect(http.StatusSeeOther, "/admin/device/edit")
|
c.Redirect(http.StatusSeeOther, "/admin/device/edit?formerr=wg")
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
// Update in database
|
// Update in database
|
||||||
err = s.users.UpdateDevice(formDevice)
|
err = s.users.UpdateDevice(formDevice)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
|
_ = s.updateFormInSession(c, formDevice)
|
||||||
s.setAlert(c, "failed to update device in database: "+err.Error(), "danger")
|
s.setAlert(c, "failed to update device in database: "+err.Error(), "danger")
|
||||||
c.Redirect(http.StatusSeeOther, "/admin/device/edit")
|
c.Redirect(http.StatusSeeOther, "/admin/device/edit?formerr=update")
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -123,6 +145,12 @@ func (s *Server) GetAdminEditPeer(c *gin.Context) {
|
|||||||
device := s.users.GetDevice()
|
device := s.users.GetDevice()
|
||||||
user := s.users.GetUserByKey(c.Query("pkey"))
|
user := s.users.GetUserByKey(c.Query("pkey"))
|
||||||
|
|
||||||
|
currentSession, err := s.setFormInSession(c, user)
|
||||||
|
if err != nil {
|
||||||
|
s.HandleError(c, http.StatusInternalServerError, "Session error", err.Error())
|
||||||
|
return
|
||||||
|
}
|
||||||
|
|
||||||
c.HTML(http.StatusOK, "admin_edit_client.html", struct {
|
c.HTML(http.StatusOK, "admin_edit_client.html", struct {
|
||||||
Route string
|
Route string
|
||||||
Alerts AlertData
|
Alerts AlertData
|
||||||
@ -133,9 +161,9 @@ func (s *Server) GetAdminEditPeer(c *gin.Context) {
|
|||||||
}{
|
}{
|
||||||
Route: c.Request.URL.Path,
|
Route: c.Request.URL.Path,
|
||||||
Alerts: s.getAlertData(c),
|
Alerts: s.getAlertData(c),
|
||||||
Session: s.getSessionData(c),
|
Session: currentSession,
|
||||||
Static: s.getStaticData(),
|
Static: s.getStaticData(),
|
||||||
Peer: user,
|
Peer: currentSession.FormData.(User),
|
||||||
Device: device,
|
Device: device,
|
||||||
})
|
})
|
||||||
}
|
}
|
||||||
@ -144,10 +172,15 @@ func (s *Server) PostAdminEditPeer(c *gin.Context) {
|
|||||||
currentUser := s.users.GetUserByKey(c.Query("pkey"))
|
currentUser := s.users.GetUserByKey(c.Query("pkey"))
|
||||||
urlEncodedKey := url.QueryEscape(c.Query("pkey"))
|
urlEncodedKey := url.QueryEscape(c.Query("pkey"))
|
||||||
|
|
||||||
|
currentSession := s.getSessionData(c)
|
||||||
var formUser User
|
var formUser User
|
||||||
|
if currentSession.FormData != nil {
|
||||||
|
formUser = currentSession.FormData.(User)
|
||||||
|
}
|
||||||
if err := c.ShouldBind(&formUser); err != nil {
|
if err := c.ShouldBind(&formUser); err != nil {
|
||||||
|
_ = s.updateFormInSession(c, formUser)
|
||||||
s.setAlert(c, "failed to bind form data: "+err.Error(), "danger")
|
s.setAlert(c, "failed to bind form data: "+err.Error(), "danger")
|
||||||
c.Redirect(http.StatusSeeOther, "/admin/peer/edit?pkey="+urlEncodedKey)
|
c.Redirect(http.StatusSeeOther, "/admin/peer/edit?pkey="+urlEncodedKey+"&formerr=bind")
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -165,35 +198,11 @@ func (s *Server) PostAdminEditPeer(c *gin.Context) {
|
|||||||
formUser.DeactivatedAt = nil
|
formUser.DeactivatedAt = nil
|
||||||
}
|
}
|
||||||
|
|
||||||
// Update WireGuard device
|
|
||||||
if formUser.DeactivatedAt == &now {
|
|
||||||
err := s.wg.RemovePeer(formUser.PublicKey)
|
|
||||||
if err != nil {
|
|
||||||
s.setAlert(c, "failed to remove peer in WireGuard: "+err.Error(), "danger")
|
|
||||||
c.Redirect(http.StatusSeeOther, "/admin/peer/edit?pkey="+urlEncodedKey)
|
|
||||||
return
|
|
||||||
}
|
|
||||||
} else if formUser.DeactivatedAt == nil && currentUser.Peer != nil {
|
|
||||||
err := s.wg.UpdatePeer(formUser.GetPeerConfig())
|
|
||||||
if err != nil {
|
|
||||||
s.setAlert(c, "failed to update peer in WireGuard: "+err.Error(), "danger")
|
|
||||||
c.Redirect(http.StatusSeeOther, "/admin/peer/edit?pkey="+urlEncodedKey)
|
|
||||||
return
|
|
||||||
}
|
|
||||||
} else if formUser.DeactivatedAt == nil && currentUser.Peer == nil {
|
|
||||||
err := s.wg.AddPeer(formUser.GetPeerConfig())
|
|
||||||
if err != nil {
|
|
||||||
s.setAlert(c, "failed to add peer in WireGuard: "+err.Error(), "danger")
|
|
||||||
c.Redirect(http.StatusSeeOther, "/admin/peer/edit?pkey="+urlEncodedKey)
|
|
||||||
return
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
// Update in database
|
// Update in database
|
||||||
err := s.users.UpdateUser(formUser)
|
if err := s.UpdateUser(formUser, now); err != nil {
|
||||||
if err != nil {
|
_ = s.updateFormInSession(c, formUser)
|
||||||
s.setAlert(c, "failed to update user in database: "+err.Error(), "danger")
|
s.setAlert(c, "failed to update user: "+err.Error(), "danger")
|
||||||
c.Redirect(http.StatusSeeOther, "/admin/peer/edit?pkey="+urlEncodedKey)
|
c.Redirect(http.StatusSeeOther, "/admin/peer/edit?pkey="+urlEncodedKey+"&formerr=update")
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -203,24 +212,12 @@ func (s *Server) PostAdminEditPeer(c *gin.Context) {
|
|||||||
|
|
||||||
func (s *Server) GetAdminCreatePeer(c *gin.Context) {
|
func (s *Server) GetAdminCreatePeer(c *gin.Context) {
|
||||||
device := s.users.GetDevice()
|
device := s.users.GetDevice()
|
||||||
user := User{}
|
|
||||||
user.AllowedIPsStr = device.AllowedIPsStr
|
|
||||||
user.IPsStr = "" // TODO: add a valid ip here
|
|
||||||
psk, err := wgtypes.GenerateKey()
|
|
||||||
if err != nil {
|
|
||||||
s.HandleError(c, http.StatusInternalServerError, "Preshared key generation error", err.Error())
|
|
||||||
return
|
|
||||||
}
|
|
||||||
key, err := wgtypes.GeneratePrivateKey()
|
|
||||||
if err != nil {
|
|
||||||
s.HandleError(c, http.StatusInternalServerError, "Private key generation error", err.Error())
|
|
||||||
return
|
|
||||||
}
|
|
||||||
user.PresharedKey = psk.String()
|
|
||||||
user.PrivateKey = key.String()
|
|
||||||
user.PublicKey = key.PublicKey().String()
|
|
||||||
user.UID = fmt.Sprintf("u%x", md5.Sum([]byte(user.PublicKey)))
|
|
||||||
|
|
||||||
|
currentSession, err := s.setNewUserFormInSession(c)
|
||||||
|
if err != nil {
|
||||||
|
s.HandleError(c, http.StatusInternalServerError, "Session error", err.Error())
|
||||||
|
return
|
||||||
|
}
|
||||||
c.HTML(http.StatusOK, "admin_edit_client.html", struct {
|
c.HTML(http.StatusOK, "admin_edit_client.html", struct {
|
||||||
Route string
|
Route string
|
||||||
Alerts AlertData
|
Alerts AlertData
|
||||||
@ -231,18 +228,23 @@ func (s *Server) GetAdminCreatePeer(c *gin.Context) {
|
|||||||
}{
|
}{
|
||||||
Route: c.Request.URL.Path,
|
Route: c.Request.URL.Path,
|
||||||
Alerts: s.getAlertData(c),
|
Alerts: s.getAlertData(c),
|
||||||
Session: s.getSessionData(c),
|
Session: currentSession,
|
||||||
Static: s.getStaticData(),
|
Static: s.getStaticData(),
|
||||||
Peer: user,
|
Peer: currentSession.FormData.(User),
|
||||||
Device: device,
|
Device: device,
|
||||||
})
|
})
|
||||||
}
|
}
|
||||||
|
|
||||||
func (s *Server) PostAdminCreatePeer(c *gin.Context) {
|
func (s *Server) PostAdminCreatePeer(c *gin.Context) {
|
||||||
|
currentSession := s.getSessionData(c)
|
||||||
var formUser User
|
var formUser User
|
||||||
|
if currentSession.FormData != nil {
|
||||||
|
formUser = currentSession.FormData.(User)
|
||||||
|
}
|
||||||
if err := c.ShouldBind(&formUser); err != nil {
|
if err := c.ShouldBind(&formUser); err != nil {
|
||||||
|
_ = s.updateFormInSession(c, formUser)
|
||||||
s.setAlert(c, "failed to bind form data: "+err.Error(), "danger")
|
s.setAlert(c, "failed to bind form data: "+err.Error(), "danger")
|
||||||
c.Redirect(http.StatusSeeOther, "/admin/peer/create")
|
c.Redirect(http.StatusSeeOther, "/admin/peer/create?formerr=bind")
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -258,21 +260,10 @@ func (s *Server) PostAdminCreatePeer(c *gin.Context) {
|
|||||||
formUser.DeactivatedAt = &now
|
formUser.DeactivatedAt = &now
|
||||||
}
|
}
|
||||||
|
|
||||||
// Update WireGuard device
|
if err := s.CreateUser(formUser); err != nil {
|
||||||
if formUser.DeactivatedAt == nil {
|
_ = s.updateFormInSession(c, formUser)
|
||||||
err := s.wg.AddPeer(formUser.GetPeerConfig())
|
s.setAlert(c, "failed to add user: "+err.Error(), "danger")
|
||||||
if err != nil {
|
c.Redirect(http.StatusSeeOther, "/admin/peer/create?formerr=create")
|
||||||
s.setAlert(c, "failed to add peer in WireGuard: "+err.Error(), "danger")
|
|
||||||
c.Redirect(http.StatusSeeOther, "/admin/peer/create")
|
|
||||||
return
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
// Create in database
|
|
||||||
err := s.users.CreateUser(formUser)
|
|
||||||
if err != nil {
|
|
||||||
s.setAlert(c, "failed to add user in database: "+err.Error(), "danger")
|
|
||||||
c.Redirect(http.StatusSeeOther, "/admin/peer/create")
|
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -281,84 +272,62 @@ func (s *Server) PostAdminCreatePeer(c *gin.Context) {
|
|||||||
}
|
}
|
||||||
|
|
||||||
func (s *Server) GetAdminCreateLdapPeers(c *gin.Context) {
|
func (s *Server) GetAdminCreateLdapPeers(c *gin.Context) {
|
||||||
device := s.users.GetDevice()
|
currentSession, err := s.setFormInSession(c, LdapCreateForm{Identifier: "Default"})
|
||||||
|
if err != nil {
|
||||||
|
s.HandleError(c, http.StatusInternalServerError, "Session error", err.Error())
|
||||||
|
return
|
||||||
|
}
|
||||||
|
|
||||||
c.HTML(http.StatusOK, "admin_create_clients.html", struct {
|
c.HTML(http.StatusOK, "admin_create_clients.html", struct {
|
||||||
Route string
|
Route string
|
||||||
Alerts AlertData
|
Alerts AlertData
|
||||||
Session SessionData
|
Session SessionData
|
||||||
Static StaticData
|
Static StaticData
|
||||||
Users []*ldap.UserCacheHolderEntry
|
Users []*ldap.UserCacheHolderEntry
|
||||||
Device Device
|
FormData LdapCreateForm
|
||||||
|
Device Device
|
||||||
}{
|
}{
|
||||||
Route: c.Request.URL.Path,
|
Route: c.Request.URL.Path,
|
||||||
Alerts: s.getAlertData(c),
|
Alerts: s.getAlertData(c),
|
||||||
Session: s.getSessionData(c),
|
Session: currentSession,
|
||||||
Static: s.getStaticData(),
|
Static: s.getStaticData(),
|
||||||
Users: s.ldapUsers.GetSortedUsers("sn", "asc"),
|
Users: s.ldapUsers.GetSortedUsers("sn", "asc"),
|
||||||
Device: device,
|
FormData: currentSession.FormData.(LdapCreateForm),
|
||||||
|
Device: s.users.GetDevice(),
|
||||||
})
|
})
|
||||||
}
|
}
|
||||||
|
|
||||||
func (s *Server) PostAdminCreateLdapPeers(c *gin.Context) {
|
func (s *Server) PostAdminCreateLdapPeers(c *gin.Context) {
|
||||||
email := c.PostForm("email")
|
currentSession := s.getSessionData(c)
|
||||||
identifier := c.PostForm("identifier")
|
var formData LdapCreateForm
|
||||||
if identifier == "" {
|
if currentSession.FormData != nil {
|
||||||
identifier = "Default"
|
formData = currentSession.FormData.(LdapCreateForm)
|
||||||
}
|
}
|
||||||
if email == "" {
|
if err := c.ShouldBind(&formData); err != nil {
|
||||||
s.setAlert(c, "missing email address", "danger")
|
_ = s.updateFormInSession(c, formData)
|
||||||
c.Redirect(http.StatusSeeOther, "/admin/peer/createldap")
|
s.setAlert(c, "failed to bind form data: "+err.Error(), "danger")
|
||||||
|
c.Redirect(http.StatusSeeOther, "/admin/peer/createldap?formerr=bind")
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
emails := common.ParseStringList(email)
|
|
||||||
|
emails := common.ParseStringList(formData.Emails)
|
||||||
for i := range emails {
|
for i := range emails {
|
||||||
// TODO: also check email addr for validity?
|
// TODO: also check email addr for validity?
|
||||||
if !strings.ContainsRune(emails[i], '@') || s.ldapUsers.GetUserDNByMail(emails[i]) == "" {
|
if !strings.ContainsRune(emails[i], '@') || s.ldapUsers.GetUserDNByMail(emails[i]) == "" {
|
||||||
|
_ = s.updateFormInSession(c, formData)
|
||||||
s.setAlert(c, "invalid email address: "+emails[i], "danger")
|
s.setAlert(c, "invalid email address: "+emails[i], "danger")
|
||||||
c.Redirect(http.StatusSeeOther, "/admin/peer/createldap")
|
c.Redirect(http.StatusSeeOther, "/admin/peer/createldap?formerr=mail")
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
log.Infof("creating %d ldap peers", len(emails))
|
log.Infof("creating %d ldap peers", len(emails))
|
||||||
device := s.users.GetDevice()
|
|
||||||
|
|
||||||
for i := range emails {
|
for i := range emails {
|
||||||
ldapUser := s.ldapUsers.GetUserData(s.ldapUsers.GetUserDNByMail(emails[i]))
|
if err := s.CreateUserByEmail(emails[i], formData.Identifier, false); err != nil {
|
||||||
user := User{}
|
_ = s.updateFormInSession(c, formData)
|
||||||
user.AllowedIPsStr = device.AllowedIPsStr
|
s.setAlert(c, "failed to add user: "+err.Error(), "danger")
|
||||||
user.IPsStr = "" // TODO: add a valid ip here
|
c.Redirect(http.StatusSeeOther, "/admin/peer/createldap?formerr=create")
|
||||||
psk, err := wgtypes.GenerateKey()
|
|
||||||
if err != nil {
|
|
||||||
s.HandleError(c, http.StatusInternalServerError, "Preshared key generation error", err.Error())
|
|
||||||
return
|
|
||||||
}
|
|
||||||
key, err := wgtypes.GeneratePrivateKey()
|
|
||||||
if err != nil {
|
|
||||||
s.HandleError(c, http.StatusInternalServerError, "Private key generation error", err.Error())
|
|
||||||
return
|
|
||||||
}
|
|
||||||
user.PresharedKey = psk.String()
|
|
||||||
user.PrivateKey = key.String()
|
|
||||||
user.PublicKey = key.PublicKey().String()
|
|
||||||
user.UID = fmt.Sprintf("u%x", md5.Sum([]byte(user.PublicKey)))
|
|
||||||
user.Email = emails[i]
|
|
||||||
user.Identifier = fmt.Sprintf("%s %s (%s)", ldapUser.Firstname, ldapUser.Lastname, identifier)
|
|
||||||
|
|
||||||
// Create wireguard interface
|
|
||||||
err = s.wg.AddPeer(user.GetPeerConfig())
|
|
||||||
if err != nil {
|
|
||||||
s.setAlert(c, "failed to add peer in WireGuard: "+err.Error(), "danger")
|
|
||||||
c.Redirect(http.StatusSeeOther, "/admin/peer/createldap")
|
|
||||||
return
|
|
||||||
}
|
|
||||||
|
|
||||||
// Create in database
|
|
||||||
err = s.users.CreateUser(user)
|
|
||||||
if err != nil {
|
|
||||||
s.setAlert(c, "failed to add user in database: "+err.Error(), "danger")
|
|
||||||
c.Redirect(http.StatusSeeOther, "/admin/peer/createldap")
|
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@ -377,3 +346,48 @@ func (s *Server) GetUserQRCode(c *gin.Context) {
|
|||||||
c.Data(http.StatusOK, "image/png", png)
|
c.Data(http.StatusOK, "image/png", png)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func (s *Server) updateFormInSession(c *gin.Context, formData interface{}) error {
|
||||||
|
currentSession := s.getSessionData(c)
|
||||||
|
currentSession.FormData = formData
|
||||||
|
|
||||||
|
if err := s.updateSessionData(c, currentSession); err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
|
||||||
|
return nil
|
||||||
|
}
|
||||||
|
|
||||||
|
func (s *Server) setNewUserFormInSession(c *gin.Context) (SessionData, error) {
|
||||||
|
currentSession := s.getSessionData(c)
|
||||||
|
// If session does not contain a user form ignore update
|
||||||
|
// If url contains a formerr parameter reset the form
|
||||||
|
if currentSession.FormData == nil || c.Query("formerr") == "" {
|
||||||
|
user, err := s.PrepareNewUser()
|
||||||
|
if err != nil {
|
||||||
|
return currentSession, err
|
||||||
|
}
|
||||||
|
currentSession.FormData = user
|
||||||
|
}
|
||||||
|
|
||||||
|
if err := s.updateSessionData(c, currentSession); err != nil {
|
||||||
|
return currentSession, err
|
||||||
|
}
|
||||||
|
|
||||||
|
return currentSession, nil
|
||||||
|
}
|
||||||
|
|
||||||
|
func (s *Server) setFormInSession(c *gin.Context, formData interface{}) (SessionData, error) {
|
||||||
|
currentSession := s.getSessionData(c)
|
||||||
|
// If session does not contain a form ignore update
|
||||||
|
// If url contains a formerr parameter reset the form
|
||||||
|
if currentSession.FormData == nil || c.Query("formerr") == "" {
|
||||||
|
currentSession.FormData = formData
|
||||||
|
}
|
||||||
|
|
||||||
|
if err := s.updateSessionData(c, currentSession); err != nil {
|
||||||
|
return currentSession, err
|
||||||
|
}
|
||||||
|
|
||||||
|
return currentSession, nil
|
||||||
|
}
|
||||||
|
149
internal/server/helper.go
Normal file
149
internal/server/helper.go
Normal file
@ -0,0 +1,149 @@
|
|||||||
|
package server
|
||||||
|
|
||||||
|
import (
|
||||||
|
"crypto/md5"
|
||||||
|
"errors"
|
||||||
|
"fmt"
|
||||||
|
"time"
|
||||||
|
|
||||||
|
"github.com/h44z/wg-portal/internal/common"
|
||||||
|
|
||||||
|
"golang.zx2c4.com/wireguard/wgctrl/wgtypes"
|
||||||
|
)
|
||||||
|
|
||||||
|
func (s *Server) PrepareNewUser() (User, error) {
|
||||||
|
device := s.users.GetDevice()
|
||||||
|
|
||||||
|
user := User{}
|
||||||
|
user.IsNew = true
|
||||||
|
user.AllowedIPsStr = device.AllowedIPsStr
|
||||||
|
user.IPs = make([]string, len(device.IPs))
|
||||||
|
for i := range device.IPs {
|
||||||
|
freeIP, err := s.users.GetAvailableIp(device.IPs[i])
|
||||||
|
if err != nil {
|
||||||
|
return User{}, err
|
||||||
|
}
|
||||||
|
user.IPs[i] = freeIP
|
||||||
|
}
|
||||||
|
user.IPsStr = common.ListToString(user.IPs)
|
||||||
|
psk, err := wgtypes.GenerateKey()
|
||||||
|
if err != nil {
|
||||||
|
return User{}, err
|
||||||
|
}
|
||||||
|
key, err := wgtypes.GeneratePrivateKey()
|
||||||
|
if err != nil {
|
||||||
|
return User{}, err
|
||||||
|
}
|
||||||
|
user.PresharedKey = psk.String()
|
||||||
|
user.PrivateKey = key.String()
|
||||||
|
user.PublicKey = key.PublicKey().String()
|
||||||
|
user.UID = fmt.Sprintf("u%x", md5.Sum([]byte(user.PublicKey)))
|
||||||
|
|
||||||
|
return user, nil
|
||||||
|
}
|
||||||
|
|
||||||
|
func (s *Server) CreateUserByEmail(email, identifierSuffix string, disabled bool) error {
|
||||||
|
ldapUser := s.ldapUsers.GetUserData(s.ldapUsers.GetUserDNByMail(email))
|
||||||
|
if ldapUser.DN == "" {
|
||||||
|
return errors.New("no user with email " + email + " found")
|
||||||
|
}
|
||||||
|
|
||||||
|
device := s.users.GetDevice()
|
||||||
|
user := User{}
|
||||||
|
user.AllowedIPsStr = device.AllowedIPsStr
|
||||||
|
user.IPsStr = "" // TODO: add a valid ip here
|
||||||
|
psk, err := wgtypes.GenerateKey()
|
||||||
|
if err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
key, err := wgtypes.GeneratePrivateKey()
|
||||||
|
if err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
user.PresharedKey = psk.String()
|
||||||
|
user.PrivateKey = key.String()
|
||||||
|
user.PublicKey = key.PublicKey().String()
|
||||||
|
user.UID = fmt.Sprintf("u%x", md5.Sum([]byte(user.PublicKey)))
|
||||||
|
user.Email = email
|
||||||
|
user.Identifier = fmt.Sprintf("%s %s (%s)", ldapUser.Firstname, ldapUser.Lastname, identifierSuffix)
|
||||||
|
now := time.Now()
|
||||||
|
if disabled {
|
||||||
|
user.DeactivatedAt = &now
|
||||||
|
}
|
||||||
|
|
||||||
|
return s.CreateUser(user)
|
||||||
|
}
|
||||||
|
|
||||||
|
func (s *Server) CreateUser(user User) error {
|
||||||
|
|
||||||
|
device := s.users.GetDevice()
|
||||||
|
user.AllowedIPsStr = device.AllowedIPsStr
|
||||||
|
user.IPsStr = "" // TODO: add a valid ip here
|
||||||
|
if user.PrivateKey == "" { // if private key is empty create a new one
|
||||||
|
psk, err := wgtypes.GenerateKey()
|
||||||
|
if err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
key, err := wgtypes.GeneratePrivateKey()
|
||||||
|
if err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
user.PresharedKey = psk.String()
|
||||||
|
user.PrivateKey = key.String()
|
||||||
|
user.PublicKey = key.PublicKey().String()
|
||||||
|
}
|
||||||
|
user.UID = fmt.Sprintf("u%x", md5.Sum([]byte(user.PublicKey)))
|
||||||
|
|
||||||
|
// Create wireguard interface
|
||||||
|
if user.DeactivatedAt == nil {
|
||||||
|
if err := s.wg.AddPeer(user.GetPeerConfig()); err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
// Create in database
|
||||||
|
if err := s.users.CreateUser(user); err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
|
||||||
|
return nil
|
||||||
|
}
|
||||||
|
|
||||||
|
func (s *Server) UpdateUser(user User, updateTime time.Time) error {
|
||||||
|
currentUser := s.users.GetUserByKey(user.PublicKey)
|
||||||
|
|
||||||
|
// Update WireGuard device
|
||||||
|
var err error
|
||||||
|
switch {
|
||||||
|
case user.DeactivatedAt == &updateTime:
|
||||||
|
err = s.wg.RemovePeer(user.PublicKey)
|
||||||
|
case user.DeactivatedAt == nil && currentUser.Peer != nil:
|
||||||
|
err = s.wg.UpdatePeer(user.GetPeerConfig())
|
||||||
|
case user.DeactivatedAt == nil && currentUser.Peer == nil:
|
||||||
|
err = s.wg.AddPeer(user.GetPeerConfig())
|
||||||
|
}
|
||||||
|
if err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
|
||||||
|
// Update in database
|
||||||
|
if err := s.users.UpdateUser(user); err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
|
||||||
|
return nil
|
||||||
|
}
|
||||||
|
|
||||||
|
func (s *Server) DeleteUser(user User) error {
|
||||||
|
// Delete WireGuard peer
|
||||||
|
if err := s.wg.RemovePeer(user.PublicKey); err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
|
||||||
|
// Delete in database
|
||||||
|
if err := s.users.DeleteUser(user); err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
|
||||||
|
return nil
|
||||||
|
}
|
@ -6,6 +6,7 @@ import (
|
|||||||
"errors"
|
"errors"
|
||||||
"fmt"
|
"fmt"
|
||||||
"net"
|
"net"
|
||||||
|
"reflect"
|
||||||
"strings"
|
"strings"
|
||||||
"text/template"
|
"text/template"
|
||||||
"time"
|
"time"
|
||||||
@ -73,6 +74,7 @@ type User struct {
|
|||||||
|
|
||||||
UID string `form:"uid" binding:"alphanum"` // uid for html identification
|
UID string `form:"uid" binding:"alphanum"` // uid for html identification
|
||||||
IsOnline bool `gorm:"-"`
|
IsOnline bool `gorm:"-"`
|
||||||
|
IsNew bool `gorm:"-"`
|
||||||
Identifier string `form:"identifier" binding:"required,lt=64"` // Identifier AND Email make a WireGuard peer unique
|
Identifier string `form:"identifier" binding:"required,lt=64"` // Identifier AND Email make a WireGuard peer unique
|
||||||
Email string `gorm:"index" form:"mail" binding:"required,email"`
|
Email string `gorm:"index" form:"mail" binding:"required,email"`
|
||||||
|
|
||||||
@ -161,6 +163,26 @@ func (u User) IsValid() bool {
|
|||||||
return true
|
return true
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func (u User) ToMap() map[string]string {
|
||||||
|
out := make(map[string]string)
|
||||||
|
|
||||||
|
v := reflect.ValueOf(u)
|
||||||
|
if v.Kind() == reflect.Ptr {
|
||||||
|
v = v.Elem()
|
||||||
|
}
|
||||||
|
|
||||||
|
typ := v.Type()
|
||||||
|
for i := 0; i < v.NumField(); i++ {
|
||||||
|
// gets us a StructField
|
||||||
|
fi := typ.Field(i)
|
||||||
|
if tagv := fi.Tag.Get("form"); tagv != "" {
|
||||||
|
// set key of map to value in struct field
|
||||||
|
out[tagv] = v.Field(i).String()
|
||||||
|
}
|
||||||
|
}
|
||||||
|
return out
|
||||||
|
}
|
||||||
|
|
||||||
//
|
//
|
||||||
// DEVICE --------------------------------------------------------------------------------------
|
// DEVICE --------------------------------------------------------------------------------------
|
||||||
//
|
//
|
||||||
@ -417,6 +439,16 @@ func (u *UserManager) UpdateUser(user User) error {
|
|||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func (u *UserManager) DeleteUser(user User) error {
|
||||||
|
res := u.db.Delete(&user)
|
||||||
|
if res.Error != nil {
|
||||||
|
log.Errorf("failed to delete user: %v", res.Error)
|
||||||
|
return res.Error
|
||||||
|
}
|
||||||
|
|
||||||
|
return nil
|
||||||
|
}
|
||||||
|
|
||||||
func (u *UserManager) UpdateDevice(device Device) error {
|
func (u *UserManager) UpdateDevice(device Device) error {
|
||||||
device.UpdatedAt = time.Now()
|
device.UpdatedAt = time.Now()
|
||||||
device.AllowedIPsStr = strings.Join(device.AllowedIPs, ", ")
|
device.AllowedIPsStr = strings.Join(device.AllowedIPs, ", ")
|
||||||
@ -437,36 +469,67 @@ func (u *UserManager) GetAllReservedIps() ([]string, error) {
|
|||||||
users := u.GetAllUsers()
|
users := u.GetAllUsers()
|
||||||
for _, user := range users {
|
for _, user := range users {
|
||||||
for _, cidr := range user.IPs {
|
for _, cidr := range user.IPs {
|
||||||
|
if cidr == "" {
|
||||||
|
continue
|
||||||
|
}
|
||||||
ip, _, err := net.ParseCIDR(cidr)
|
ip, _, err := net.ParseCIDR(cidr)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
log.WithFields(log.Fields{
|
return nil, err
|
||||||
"err": err,
|
|
||||||
"cidr": cidr,
|
|
||||||
}).Error("failed to ip from cidr")
|
|
||||||
} else {
|
|
||||||
reservedIps = append(reservedIps, ip.String())
|
|
||||||
}
|
}
|
||||||
|
reservedIps = append(reservedIps, ip.String())
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
device := u.GetDevice()
|
device := u.GetDevice()
|
||||||
for _, cidr := range device.IPs {
|
for _, cidr := range device.IPs {
|
||||||
|
if cidr == "" {
|
||||||
|
continue
|
||||||
|
}
|
||||||
ip, _, err := net.ParseCIDR(cidr)
|
ip, _, err := net.ParseCIDR(cidr)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
log.WithFields(log.Fields{
|
return nil, err
|
||||||
"err": err,
|
|
||||||
"cidr": cidr,
|
|
||||||
}).Error("failed to ip from cidr")
|
|
||||||
} else {
|
|
||||||
reservedIps = append(reservedIps, ip.String())
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
reservedIps = append(reservedIps, ip.String())
|
||||||
}
|
}
|
||||||
|
|
||||||
return reservedIps, nil
|
return reservedIps, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func (u *UserManager) IsIPReserved(cidr string) bool {
|
||||||
|
reserved, err := u.GetAllReservedIps()
|
||||||
|
if err != nil {
|
||||||
|
return true // in case something failed, assume the ip is reserved
|
||||||
|
}
|
||||||
|
ip, ipnet, err := net.ParseCIDR(cidr)
|
||||||
|
if err != nil {
|
||||||
|
return true
|
||||||
|
}
|
||||||
|
|
||||||
|
// this two addresses are not usable
|
||||||
|
broadcastAddr := common.BroadcastAddr(ipnet).String()
|
||||||
|
networkAddr := ipnet.IP.String()
|
||||||
|
address := ip.String()
|
||||||
|
|
||||||
|
if address == broadcastAddr || address == networkAddr {
|
||||||
|
return true
|
||||||
|
}
|
||||||
|
|
||||||
|
for _, r := range reserved {
|
||||||
|
if address == r {
|
||||||
|
return true
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
return false
|
||||||
|
}
|
||||||
|
|
||||||
// GetAvailableIp search for an available ip in cidr against a list of reserved ips
|
// GetAvailableIp search for an available ip in cidr against a list of reserved ips
|
||||||
func (u *UserManager) GetAvailableIp(cidr string, reserved []string) (string, error) {
|
func (u *UserManager) GetAvailableIp(cidr string) (string, error) {
|
||||||
|
reserved, err := u.GetAllReservedIps()
|
||||||
|
if err != nil {
|
||||||
|
return "", err
|
||||||
|
}
|
||||||
ip, ipnet, err := net.ParseCIDR(cidr)
|
ip, ipnet, err := net.ParseCIDR(cidr)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return "", err
|
return "", err
|
||||||
@ -486,7 +549,11 @@ func (u *UserManager) GetAvailableIp(cidr string, reserved []string) (string, er
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
if ok && address != networkAddr && address != broadcastAddr {
|
if ok && address != networkAddr && address != broadcastAddr {
|
||||||
return address, nil
|
netMask := "/32"
|
||||||
|
if common.IsIPv6(address) {
|
||||||
|
netMask = "/128"
|
||||||
|
}
|
||||||
|
return address + netMask, nil
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user