wip: create/update/...
This commit is contained in:
parent
a617cb1059
commit
5a933f20c9
|
@ -18,7 +18,7 @@
|
|||
{{template "prt_nav.html" .}}
|
||||
<div class="container">
|
||||
<h1>Create new clients</h1>
|
||||
|
||||
<h2>Enter valid LDAP user email addresses to quickly create new accounts.</h2>
|
||||
{{if $.Alerts.HasAlert}}
|
||||
<div class="row">
|
||||
<div class="form-row">
|
||||
|
@ -35,13 +35,13 @@
|
|||
<div class="form-row">
|
||||
<div class="form-group col-md-12">
|
||||
<label for="inputEmail">Email Addresses</label>
|
||||
<input type="text" name="email" class="form-control" id="inputEmail">
|
||||
<input type="text" name="email" class="form-control" id="inputEmail" value="{{.FormData.Emails}}">
|
||||
</div>
|
||||
</div>
|
||||
<div class="form-row">
|
||||
<div class="form-group col-md-12">
|
||||
<label for="inputIdentifier">Client Friendly Name (will be added as suffix to the name of the user)</label>
|
||||
<input type="text" name="identifier" class="form-control" id="inputIdentifier" value="Default">
|
||||
<input type="text" name="identifier" class="form-control" id="inputIdentifier" value="{{.FormData.Identifier}}">
|
||||
</div>
|
||||
</div>
|
||||
|
||||
|
|
|
@ -14,7 +14,7 @@
|
|||
<body id="page-top">
|
||||
{{template "prt_nav.html" .}}
|
||||
<div class="container">
|
||||
{{if eq .Peer.UID ""}}
|
||||
{{if .Peer.IsNew}}
|
||||
<h1>Create a new client</h1>
|
||||
{{else}}
|
||||
<h1>Edit client <strong>{{.Peer.Identifier}}</strong></h1>
|
||||
|
|
|
@ -137,7 +137,7 @@
|
|||
<a class="nav-link" data-toggle="tab" href="#t2{{$p.UID}}">Configuration</a>
|
||||
</li>
|
||||
<li class="nav-item">
|
||||
<a class="nav-link" data-toggle="tab" href="#t3{{$p.UID}}">Other</a>
|
||||
<a class="nav-link" data-toggle="tab" href="#t3{{$p.UID}}">Danger Zone</a>
|
||||
</li>
|
||||
</ul>
|
||||
<div class="tab-content" id="tabContent{{$p.UID}}">
|
||||
|
@ -158,9 +158,7 @@
|
|||
<pre>{{$p.Config}}</pre>
|
||||
</div>
|
||||
<div id="t3{{$p.UID}}" class="tab-pane fade">
|
||||
<ul>
|
||||
<li>2</li>
|
||||
</ul>
|
||||
<a href="/admin/peer/delete?pkey={{$p.PublicKey}}" class="btn btn-danger" title="Delete peer">Delete</a>
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
||||
|
|
|
@ -5,8 +5,8 @@
|
|||
<head>
|
||||
<meta charset="utf-8">
|
||||
<meta name="viewport" content="width=device-width, initial-scale=1.0, shrink-to-fit=no">
|
||||
<title>{{ .static.WebsiteTitle }}</title>
|
||||
<meta name="description" content="{{ .static.WebsiteTitle }}">
|
||||
<title>{{ .Static.WebsiteTitle }}</title>
|
||||
<meta name="description" content="{{ .Static.WebsiteTitle }}">
|
||||
<link rel="stylesheet" href="/css/bootstrap.min.css">
|
||||
<!--link rel="stylesheet" href="https://fonts.googleapis.com/css?family=Nunito:200,200i,300,300i,400,400i,600,600i,700,700i,800,800i,900,900i"-->
|
||||
<link rel="stylesheet" href="/fonts/fontawesome-all.min.css">
|
||||
|
|
|
@ -24,6 +24,9 @@ const CacheRefreshDuration = 5 * time.Minute
|
|||
|
||||
func init() {
|
||||
gob.Register(SessionData{})
|
||||
gob.Register(User{})
|
||||
gob.Register(Device{})
|
||||
gob.Register(LdapCreateForm{})
|
||||
}
|
||||
|
||||
type SessionData struct {
|
||||
|
|
|
@ -1,8 +1,6 @@
|
|||
package server
|
||||
|
||||
import (
|
||||
"crypto/md5"
|
||||
"fmt"
|
||||
"net/http"
|
||||
"net/url"
|
||||
"strconv"
|
||||
|
@ -15,16 +13,27 @@ import (
|
|||
|
||||
"github.com/h44z/wg-portal/internal/common"
|
||||
|
||||
"golang.zx2c4.com/wireguard/wgctrl/wgtypes"
|
||||
|
||||
"github.com/gin-gonic/gin"
|
||||
)
|
||||
|
||||
type LdapCreateForm struct {
|
||||
Emails string `form:"email" binding:"required"`
|
||||
Identifier string `form:"identifier" binding:"required,lte=20"`
|
||||
}
|
||||
|
||||
func (s *Server) GetIndex(c *gin.Context) {
|
||||
c.HTML(http.StatusOK, "index.html", gin.H{
|
||||
"route": c.Request.URL.Path,
|
||||
"session": s.getSessionData(c),
|
||||
"static": s.getStaticData(),
|
||||
c.HTML(http.StatusOK, "index.html", struct {
|
||||
Route string
|
||||
Alerts AlertData
|
||||
Session SessionData
|
||||
Static StaticData
|
||||
Device Device
|
||||
}{
|
||||
Route: c.Request.URL.Path,
|
||||
Alerts: s.getAlertData(c),
|
||||
Session: s.getSessionData(c),
|
||||
Static: s.getStaticData(),
|
||||
Device: s.users.GetDevice(),
|
||||
})
|
||||
}
|
||||
|
||||
|
@ -67,6 +76,12 @@ func (s *Server) GetAdminEditInterface(c *gin.Context) {
|
|||
device := s.users.GetDevice()
|
||||
users := s.users.GetAllUsers()
|
||||
|
||||
currentSession, err := s.setFormInSession(c, device)
|
||||
if err != nil {
|
||||
s.HandleError(c, http.StatusInternalServerError, "Session error", err.Error())
|
||||
return
|
||||
}
|
||||
|
||||
c.HTML(http.StatusOK, "admin_edit_interface.html", struct {
|
||||
Route string
|
||||
Alerts AlertData
|
||||
|
@ -77,18 +92,23 @@ func (s *Server) GetAdminEditInterface(c *gin.Context) {
|
|||
}{
|
||||
Route: c.Request.URL.Path,
|
||||
Alerts: s.getAlertData(c),
|
||||
Session: s.getSessionData(c),
|
||||
Session: currentSession,
|
||||
Static: s.getStaticData(),
|
||||
Peers: users,
|
||||
Device: device,
|
||||
Device: currentSession.FormData.(Device),
|
||||
})
|
||||
}
|
||||
|
||||
func (s *Server) PostAdminEditInterface(c *gin.Context) {
|
||||
currentSession := s.getSessionData(c)
|
||||
var formDevice Device
|
||||
if currentSession.FormData != nil {
|
||||
formDevice = currentSession.FormData.(Device)
|
||||
}
|
||||
if err := c.ShouldBind(&formDevice); err != nil {
|
||||
_ = s.updateFormInSession(c, formDevice)
|
||||
s.setAlert(c, "failed to bind form data: "+err.Error(), "danger")
|
||||
c.Redirect(http.StatusSeeOther, "/admin/device/edit")
|
||||
c.Redirect(http.StatusSeeOther, "/admin/device/edit?formerr=bind")
|
||||
return
|
||||
}
|
||||
// Clean list input
|
||||
|
@ -102,16 +122,18 @@ func (s *Server) PostAdminEditInterface(c *gin.Context) {
|
|||
// Update WireGuard device
|
||||
err := s.wg.UpdateDevice(formDevice.DeviceName, formDevice.GetDeviceConfig())
|
||||
if err != nil {
|
||||
_ = s.updateFormInSession(c, formDevice)
|
||||
s.setAlert(c, "failed to update device in WireGuard: "+err.Error(), "danger")
|
||||
c.Redirect(http.StatusSeeOther, "/admin/device/edit")
|
||||
c.Redirect(http.StatusSeeOther, "/admin/device/edit?formerr=wg")
|
||||
return
|
||||
}
|
||||
|
||||
// Update in database
|
||||
err = s.users.UpdateDevice(formDevice)
|
||||
if err != nil {
|
||||
_ = s.updateFormInSession(c, formDevice)
|
||||
s.setAlert(c, "failed to update device in database: "+err.Error(), "danger")
|
||||
c.Redirect(http.StatusSeeOther, "/admin/device/edit")
|
||||
c.Redirect(http.StatusSeeOther, "/admin/device/edit?formerr=update")
|
||||
return
|
||||
}
|
||||
|
||||
|
@ -123,6 +145,12 @@ func (s *Server) GetAdminEditPeer(c *gin.Context) {
|
|||
device := s.users.GetDevice()
|
||||
user := s.users.GetUserByKey(c.Query("pkey"))
|
||||
|
||||
currentSession, err := s.setFormInSession(c, user)
|
||||
if err != nil {
|
||||
s.HandleError(c, http.StatusInternalServerError, "Session error", err.Error())
|
||||
return
|
||||
}
|
||||
|
||||
c.HTML(http.StatusOK, "admin_edit_client.html", struct {
|
||||
Route string
|
||||
Alerts AlertData
|
||||
|
@ -133,9 +161,9 @@ func (s *Server) GetAdminEditPeer(c *gin.Context) {
|
|||
}{
|
||||
Route: c.Request.URL.Path,
|
||||
Alerts: s.getAlertData(c),
|
||||
Session: s.getSessionData(c),
|
||||
Session: currentSession,
|
||||
Static: s.getStaticData(),
|
||||
Peer: user,
|
||||
Peer: currentSession.FormData.(User),
|
||||
Device: device,
|
||||
})
|
||||
}
|
||||
|
@ -144,10 +172,15 @@ func (s *Server) PostAdminEditPeer(c *gin.Context) {
|
|||
currentUser := s.users.GetUserByKey(c.Query("pkey"))
|
||||
urlEncodedKey := url.QueryEscape(c.Query("pkey"))
|
||||
|
||||
currentSession := s.getSessionData(c)
|
||||
var formUser User
|
||||
if currentSession.FormData != nil {
|
||||
formUser = currentSession.FormData.(User)
|
||||
}
|
||||
if err := c.ShouldBind(&formUser); err != nil {
|
||||
_ = s.updateFormInSession(c, formUser)
|
||||
s.setAlert(c, "failed to bind form data: "+err.Error(), "danger")
|
||||
c.Redirect(http.StatusSeeOther, "/admin/peer/edit?pkey="+urlEncodedKey)
|
||||
c.Redirect(http.StatusSeeOther, "/admin/peer/edit?pkey="+urlEncodedKey+"&formerr=bind")
|
||||
return
|
||||
}
|
||||
|
||||
|
@ -165,35 +198,11 @@ func (s *Server) PostAdminEditPeer(c *gin.Context) {
|
|||
formUser.DeactivatedAt = nil
|
||||
}
|
||||
|
||||
// Update WireGuard device
|
||||
if formUser.DeactivatedAt == &now {
|
||||
err := s.wg.RemovePeer(formUser.PublicKey)
|
||||
if err != nil {
|
||||
s.setAlert(c, "failed to remove peer in WireGuard: "+err.Error(), "danger")
|
||||
c.Redirect(http.StatusSeeOther, "/admin/peer/edit?pkey="+urlEncodedKey)
|
||||
return
|
||||
}
|
||||
} else if formUser.DeactivatedAt == nil && currentUser.Peer != nil {
|
||||
err := s.wg.UpdatePeer(formUser.GetPeerConfig())
|
||||
if err != nil {
|
||||
s.setAlert(c, "failed to update peer in WireGuard: "+err.Error(), "danger")
|
||||
c.Redirect(http.StatusSeeOther, "/admin/peer/edit?pkey="+urlEncodedKey)
|
||||
return
|
||||
}
|
||||
} else if formUser.DeactivatedAt == nil && currentUser.Peer == nil {
|
||||
err := s.wg.AddPeer(formUser.GetPeerConfig())
|
||||
if err != nil {
|
||||
s.setAlert(c, "failed to add peer in WireGuard: "+err.Error(), "danger")
|
||||
c.Redirect(http.StatusSeeOther, "/admin/peer/edit?pkey="+urlEncodedKey)
|
||||
return
|
||||
}
|
||||
}
|
||||
|
||||
// Update in database
|
||||
err := s.users.UpdateUser(formUser)
|
||||
if err != nil {
|
||||
s.setAlert(c, "failed to update user in database: "+err.Error(), "danger")
|
||||
c.Redirect(http.StatusSeeOther, "/admin/peer/edit?pkey="+urlEncodedKey)
|
||||
if err := s.UpdateUser(formUser, now); err != nil {
|
||||
_ = s.updateFormInSession(c, formUser)
|
||||
s.setAlert(c, "failed to update user: "+err.Error(), "danger")
|
||||
c.Redirect(http.StatusSeeOther, "/admin/peer/edit?pkey="+urlEncodedKey+"&formerr=update")
|
||||
return
|
||||
}
|
||||
|
||||
|
@ -203,24 +212,12 @@ func (s *Server) PostAdminEditPeer(c *gin.Context) {
|
|||
|
||||
func (s *Server) GetAdminCreatePeer(c *gin.Context) {
|
||||
device := s.users.GetDevice()
|
||||
user := User{}
|
||||
user.AllowedIPsStr = device.AllowedIPsStr
|
||||
user.IPsStr = "" // TODO: add a valid ip here
|
||||
psk, err := wgtypes.GenerateKey()
|
||||
if err != nil {
|
||||
s.HandleError(c, http.StatusInternalServerError, "Preshared key generation error", err.Error())
|
||||
return
|
||||
}
|
||||
key, err := wgtypes.GeneratePrivateKey()
|
||||
if err != nil {
|
||||
s.HandleError(c, http.StatusInternalServerError, "Private key generation error", err.Error())
|
||||
return
|
||||
}
|
||||
user.PresharedKey = psk.String()
|
||||
user.PrivateKey = key.String()
|
||||
user.PublicKey = key.PublicKey().String()
|
||||
user.UID = fmt.Sprintf("u%x", md5.Sum([]byte(user.PublicKey)))
|
||||
|
||||
currentSession, err := s.setNewUserFormInSession(c)
|
||||
if err != nil {
|
||||
s.HandleError(c, http.StatusInternalServerError, "Session error", err.Error())
|
||||
return
|
||||
}
|
||||
c.HTML(http.StatusOK, "admin_edit_client.html", struct {
|
||||
Route string
|
||||
Alerts AlertData
|
||||
|
@ -231,18 +228,23 @@ func (s *Server) GetAdminCreatePeer(c *gin.Context) {
|
|||
}{
|
||||
Route: c.Request.URL.Path,
|
||||
Alerts: s.getAlertData(c),
|
||||
Session: s.getSessionData(c),
|
||||
Session: currentSession,
|
||||
Static: s.getStaticData(),
|
||||
Peer: user,
|
||||
Peer: currentSession.FormData.(User),
|
||||
Device: device,
|
||||
})
|
||||
}
|
||||
|
||||
func (s *Server) PostAdminCreatePeer(c *gin.Context) {
|
||||
currentSession := s.getSessionData(c)
|
||||
var formUser User
|
||||
if currentSession.FormData != nil {
|
||||
formUser = currentSession.FormData.(User)
|
||||
}
|
||||
if err := c.ShouldBind(&formUser); err != nil {
|
||||
_ = s.updateFormInSession(c, formUser)
|
||||
s.setAlert(c, "failed to bind form data: "+err.Error(), "danger")
|
||||
c.Redirect(http.StatusSeeOther, "/admin/peer/create")
|
||||
c.Redirect(http.StatusSeeOther, "/admin/peer/create?formerr=bind")
|
||||
return
|
||||
}
|
||||
|
||||
|
@ -258,21 +260,10 @@ func (s *Server) PostAdminCreatePeer(c *gin.Context) {
|
|||
formUser.DeactivatedAt = &now
|
||||
}
|
||||
|
||||
// Update WireGuard device
|
||||
if formUser.DeactivatedAt == nil {
|
||||
err := s.wg.AddPeer(formUser.GetPeerConfig())
|
||||
if err != nil {
|
||||
s.setAlert(c, "failed to add peer in WireGuard: "+err.Error(), "danger")
|
||||
c.Redirect(http.StatusSeeOther, "/admin/peer/create")
|
||||
return
|
||||
}
|
||||
}
|
||||
|
||||
// Create in database
|
||||
err := s.users.CreateUser(formUser)
|
||||
if err != nil {
|
||||
s.setAlert(c, "failed to add user in database: "+err.Error(), "danger")
|
||||
c.Redirect(http.StatusSeeOther, "/admin/peer/create")
|
||||
if err := s.CreateUser(formUser); err != nil {
|
||||
_ = s.updateFormInSession(c, formUser)
|
||||
s.setAlert(c, "failed to add user: "+err.Error(), "danger")
|
||||
c.Redirect(http.StatusSeeOther, "/admin/peer/create?formerr=create")
|
||||
return
|
||||
}
|
||||
|
||||
|
@ -281,7 +272,11 @@ func (s *Server) PostAdminCreatePeer(c *gin.Context) {
|
|||
}
|
||||
|
||||
func (s *Server) GetAdminCreateLdapPeers(c *gin.Context) {
|
||||
device := s.users.GetDevice()
|
||||
currentSession, err := s.setFormInSession(c, LdapCreateForm{Identifier: "Default"})
|
||||
if err != nil {
|
||||
s.HandleError(c, http.StatusInternalServerError, "Session error", err.Error())
|
||||
return
|
||||
}
|
||||
|
||||
c.HTML(http.StatusOK, "admin_create_clients.html", struct {
|
||||
Route string
|
||||
|
@ -289,76 +284,50 @@ func (s *Server) GetAdminCreateLdapPeers(c *gin.Context) {
|
|||
Session SessionData
|
||||
Static StaticData
|
||||
Users []*ldap.UserCacheHolderEntry
|
||||
FormData LdapCreateForm
|
||||
Device Device
|
||||
}{
|
||||
Route: c.Request.URL.Path,
|
||||
Alerts: s.getAlertData(c),
|
||||
Session: s.getSessionData(c),
|
||||
Session: currentSession,
|
||||
Static: s.getStaticData(),
|
||||
Users: s.ldapUsers.GetSortedUsers("sn", "asc"),
|
||||
Device: device,
|
||||
FormData: currentSession.FormData.(LdapCreateForm),
|
||||
Device: s.users.GetDevice(),
|
||||
})
|
||||
}
|
||||
|
||||
func (s *Server) PostAdminCreateLdapPeers(c *gin.Context) {
|
||||
email := c.PostForm("email")
|
||||
identifier := c.PostForm("identifier")
|
||||
if identifier == "" {
|
||||
identifier = "Default"
|
||||
currentSession := s.getSessionData(c)
|
||||
var formData LdapCreateForm
|
||||
if currentSession.FormData != nil {
|
||||
formData = currentSession.FormData.(LdapCreateForm)
|
||||
}
|
||||
if email == "" {
|
||||
s.setAlert(c, "missing email address", "danger")
|
||||
c.Redirect(http.StatusSeeOther, "/admin/peer/createldap")
|
||||
if err := c.ShouldBind(&formData); err != nil {
|
||||
_ = s.updateFormInSession(c, formData)
|
||||
s.setAlert(c, "failed to bind form data: "+err.Error(), "danger")
|
||||
c.Redirect(http.StatusSeeOther, "/admin/peer/createldap?formerr=bind")
|
||||
return
|
||||
}
|
||||
emails := common.ParseStringList(email)
|
||||
|
||||
emails := common.ParseStringList(formData.Emails)
|
||||
for i := range emails {
|
||||
// TODO: also check email addr for validity?
|
||||
if !strings.ContainsRune(emails[i], '@') || s.ldapUsers.GetUserDNByMail(emails[i]) == "" {
|
||||
_ = s.updateFormInSession(c, formData)
|
||||
s.setAlert(c, "invalid email address: "+emails[i], "danger")
|
||||
c.Redirect(http.StatusSeeOther, "/admin/peer/createldap")
|
||||
c.Redirect(http.StatusSeeOther, "/admin/peer/createldap?formerr=mail")
|
||||
return
|
||||
}
|
||||
}
|
||||
|
||||
log.Infof("creating %d ldap peers", len(emails))
|
||||
device := s.users.GetDevice()
|
||||
|
||||
for i := range emails {
|
||||
ldapUser := s.ldapUsers.GetUserData(s.ldapUsers.GetUserDNByMail(emails[i]))
|
||||
user := User{}
|
||||
user.AllowedIPsStr = device.AllowedIPsStr
|
||||
user.IPsStr = "" // TODO: add a valid ip here
|
||||
psk, err := wgtypes.GenerateKey()
|
||||
if err != nil {
|
||||
s.HandleError(c, http.StatusInternalServerError, "Preshared key generation error", err.Error())
|
||||
return
|
||||
}
|
||||
key, err := wgtypes.GeneratePrivateKey()
|
||||
if err != nil {
|
||||
s.HandleError(c, http.StatusInternalServerError, "Private key generation error", err.Error())
|
||||
return
|
||||
}
|
||||
user.PresharedKey = psk.String()
|
||||
user.PrivateKey = key.String()
|
||||
user.PublicKey = key.PublicKey().String()
|
||||
user.UID = fmt.Sprintf("u%x", md5.Sum([]byte(user.PublicKey)))
|
||||
user.Email = emails[i]
|
||||
user.Identifier = fmt.Sprintf("%s %s (%s)", ldapUser.Firstname, ldapUser.Lastname, identifier)
|
||||
|
||||
// Create wireguard interface
|
||||
err = s.wg.AddPeer(user.GetPeerConfig())
|
||||
if err != nil {
|
||||
s.setAlert(c, "failed to add peer in WireGuard: "+err.Error(), "danger")
|
||||
c.Redirect(http.StatusSeeOther, "/admin/peer/createldap")
|
||||
return
|
||||
}
|
||||
|
||||
// Create in database
|
||||
err = s.users.CreateUser(user)
|
||||
if err != nil {
|
||||
s.setAlert(c, "failed to add user in database: "+err.Error(), "danger")
|
||||
c.Redirect(http.StatusSeeOther, "/admin/peer/createldap")
|
||||
if err := s.CreateUserByEmail(emails[i], formData.Identifier, false); err != nil {
|
||||
_ = s.updateFormInSession(c, formData)
|
||||
s.setAlert(c, "failed to add user: "+err.Error(), "danger")
|
||||
c.Redirect(http.StatusSeeOther, "/admin/peer/createldap?formerr=create")
|
||||
return
|
||||
}
|
||||
}
|
||||
|
@ -377,3 +346,48 @@ func (s *Server) GetUserQRCode(c *gin.Context) {
|
|||
c.Data(http.StatusOK, "image/png", png)
|
||||
return
|
||||
}
|
||||
|
||||
func (s *Server) updateFormInSession(c *gin.Context, formData interface{}) error {
|
||||
currentSession := s.getSessionData(c)
|
||||
currentSession.FormData = formData
|
||||
|
||||
if err := s.updateSessionData(c, currentSession); err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
return nil
|
||||
}
|
||||
|
||||
func (s *Server) setNewUserFormInSession(c *gin.Context) (SessionData, error) {
|
||||
currentSession := s.getSessionData(c)
|
||||
// If session does not contain a user form ignore update
|
||||
// If url contains a formerr parameter reset the form
|
||||
if currentSession.FormData == nil || c.Query("formerr") == "" {
|
||||
user, err := s.PrepareNewUser()
|
||||
if err != nil {
|
||||
return currentSession, err
|
||||
}
|
||||
currentSession.FormData = user
|
||||
}
|
||||
|
||||
if err := s.updateSessionData(c, currentSession); err != nil {
|
||||
return currentSession, err
|
||||
}
|
||||
|
||||
return currentSession, nil
|
||||
}
|
||||
|
||||
func (s *Server) setFormInSession(c *gin.Context, formData interface{}) (SessionData, error) {
|
||||
currentSession := s.getSessionData(c)
|
||||
// If session does not contain a form ignore update
|
||||
// If url contains a formerr parameter reset the form
|
||||
if currentSession.FormData == nil || c.Query("formerr") == "" {
|
||||
currentSession.FormData = formData
|
||||
}
|
||||
|
||||
if err := s.updateSessionData(c, currentSession); err != nil {
|
||||
return currentSession, err
|
||||
}
|
||||
|
||||
return currentSession, nil
|
||||
}
|
||||
|
|
|
@ -0,0 +1,149 @@
|
|||
package server
|
||||
|
||||
import (
|
||||
"crypto/md5"
|
||||
"errors"
|
||||
"fmt"
|
||||
"time"
|
||||
|
||||
"github.com/h44z/wg-portal/internal/common"
|
||||
|
||||
"golang.zx2c4.com/wireguard/wgctrl/wgtypes"
|
||||
)
|
||||
|
||||
func (s *Server) PrepareNewUser() (User, error) {
|
||||
device := s.users.GetDevice()
|
||||
|
||||
user := User{}
|
||||
user.IsNew = true
|
||||
user.AllowedIPsStr = device.AllowedIPsStr
|
||||
user.IPs = make([]string, len(device.IPs))
|
||||
for i := range device.IPs {
|
||||
freeIP, err := s.users.GetAvailableIp(device.IPs[i])
|
||||
if err != nil {
|
||||
return User{}, err
|
||||
}
|
||||
user.IPs[i] = freeIP
|
||||
}
|
||||
user.IPsStr = common.ListToString(user.IPs)
|
||||
psk, err := wgtypes.GenerateKey()
|
||||
if err != nil {
|
||||
return User{}, err
|
||||
}
|
||||
key, err := wgtypes.GeneratePrivateKey()
|
||||
if err != nil {
|
||||
return User{}, err
|
||||
}
|
||||
user.PresharedKey = psk.String()
|
||||
user.PrivateKey = key.String()
|
||||
user.PublicKey = key.PublicKey().String()
|
||||
user.UID = fmt.Sprintf("u%x", md5.Sum([]byte(user.PublicKey)))
|
||||
|
||||
return user, nil
|
||||
}
|
||||
|
||||
func (s *Server) CreateUserByEmail(email, identifierSuffix string, disabled bool) error {
|
||||
ldapUser := s.ldapUsers.GetUserData(s.ldapUsers.GetUserDNByMail(email))
|
||||
if ldapUser.DN == "" {
|
||||
return errors.New("no user with email " + email + " found")
|
||||
}
|
||||
|
||||
device := s.users.GetDevice()
|
||||
user := User{}
|
||||
user.AllowedIPsStr = device.AllowedIPsStr
|
||||
user.IPsStr = "" // TODO: add a valid ip here
|
||||
psk, err := wgtypes.GenerateKey()
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
key, err := wgtypes.GeneratePrivateKey()
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
user.PresharedKey = psk.String()
|
||||
user.PrivateKey = key.String()
|
||||
user.PublicKey = key.PublicKey().String()
|
||||
user.UID = fmt.Sprintf("u%x", md5.Sum([]byte(user.PublicKey)))
|
||||
user.Email = email
|
||||
user.Identifier = fmt.Sprintf("%s %s (%s)", ldapUser.Firstname, ldapUser.Lastname, identifierSuffix)
|
||||
now := time.Now()
|
||||
if disabled {
|
||||
user.DeactivatedAt = &now
|
||||
}
|
||||
|
||||
return s.CreateUser(user)
|
||||
}
|
||||
|
||||
func (s *Server) CreateUser(user User) error {
|
||||
|
||||
device := s.users.GetDevice()
|
||||
user.AllowedIPsStr = device.AllowedIPsStr
|
||||
user.IPsStr = "" // TODO: add a valid ip here
|
||||
if user.PrivateKey == "" { // if private key is empty create a new one
|
||||
psk, err := wgtypes.GenerateKey()
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
key, err := wgtypes.GeneratePrivateKey()
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
user.PresharedKey = psk.String()
|
||||
user.PrivateKey = key.String()
|
||||
user.PublicKey = key.PublicKey().String()
|
||||
}
|
||||
user.UID = fmt.Sprintf("u%x", md5.Sum([]byte(user.PublicKey)))
|
||||
|
||||
// Create wireguard interface
|
||||
if user.DeactivatedAt == nil {
|
||||
if err := s.wg.AddPeer(user.GetPeerConfig()); err != nil {
|
||||
return err
|
||||
}
|
||||
}
|
||||
|
||||
// Create in database
|
||||
if err := s.users.CreateUser(user); err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
return nil
|
||||
}
|
||||
|
||||
func (s *Server) UpdateUser(user User, updateTime time.Time) error {
|
||||
currentUser := s.users.GetUserByKey(user.PublicKey)
|
||||
|
||||
// Update WireGuard device
|
||||
var err error
|
||||
switch {
|
||||
case user.DeactivatedAt == &updateTime:
|
||||
err = s.wg.RemovePeer(user.PublicKey)
|
||||
case user.DeactivatedAt == nil && currentUser.Peer != nil:
|
||||
err = s.wg.UpdatePeer(user.GetPeerConfig())
|
||||
case user.DeactivatedAt == nil && currentUser.Peer == nil:
|
||||
err = s.wg.AddPeer(user.GetPeerConfig())
|
||||
}
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
// Update in database
|
||||
if err := s.users.UpdateUser(user); err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
return nil
|
||||
}
|
||||
|
||||
func (s *Server) DeleteUser(user User) error {
|
||||
// Delete WireGuard peer
|
||||
if err := s.wg.RemovePeer(user.PublicKey); err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
// Delete in database
|
||||
if err := s.users.DeleteUser(user); err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
return nil
|
||||
}
|
|
@ -6,6 +6,7 @@ import (
|
|||
"errors"
|
||||
"fmt"
|
||||
"net"
|
||||
"reflect"
|
||||
"strings"
|
||||
"text/template"
|
||||
"time"
|
||||
|
@ -73,6 +74,7 @@ type User struct {
|
|||
|
||||
UID string `form:"uid" binding:"alphanum"` // uid for html identification
|
||||
IsOnline bool `gorm:"-"`
|
||||
IsNew bool `gorm:"-"`
|
||||
Identifier string `form:"identifier" binding:"required,lt=64"` // Identifier AND Email make a WireGuard peer unique
|
||||
Email string `gorm:"index" form:"mail" binding:"required,email"`
|
||||
|
||||
|
@ -161,6 +163,26 @@ func (u User) IsValid() bool {
|
|||
return true
|
||||
}
|
||||
|
||||
func (u User) ToMap() map[string]string {
|
||||
out := make(map[string]string)
|
||||
|
||||
v := reflect.ValueOf(u)
|
||||
if v.Kind() == reflect.Ptr {
|
||||
v = v.Elem()
|
||||
}
|
||||
|
||||
typ := v.Type()
|
||||
for i := 0; i < v.NumField(); i++ {
|
||||
// gets us a StructField
|
||||
fi := typ.Field(i)
|
||||
if tagv := fi.Tag.Get("form"); tagv != "" {
|
||||
// set key of map to value in struct field
|
||||
out[tagv] = v.Field(i).String()
|
||||
}
|
||||
}
|
||||
return out
|
||||
}
|
||||
|
||||
//
|
||||
// DEVICE --------------------------------------------------------------------------------------
|
||||
//
|
||||
|
@ -417,6 +439,16 @@ func (u *UserManager) UpdateUser(user User) error {
|
|||
return nil
|
||||
}
|
||||
|
||||
func (u *UserManager) DeleteUser(user User) error {
|
||||
res := u.db.Delete(&user)
|
||||
if res.Error != nil {
|
||||
log.Errorf("failed to delete user: %v", res.Error)
|
||||
return res.Error
|
||||
}
|
||||
|
||||
return nil
|
||||
}
|
||||
|
||||
func (u *UserManager) UpdateDevice(device Device) error {
|
||||
device.UpdatedAt = time.Now()
|
||||
device.AllowedIPsStr = strings.Join(device.AllowedIPs, ", ")
|
||||
|
@ -437,36 +469,67 @@ func (u *UserManager) GetAllReservedIps() ([]string, error) {
|
|||
users := u.GetAllUsers()
|
||||
for _, user := range users {
|
||||
for _, cidr := range user.IPs {
|
||||
if cidr == "" {
|
||||
continue
|
||||
}
|
||||
ip, _, err := net.ParseCIDR(cidr)
|
||||
if err != nil {
|
||||
log.WithFields(log.Fields{
|
||||
"err": err,
|
||||
"cidr": cidr,
|
||||
}).Error("failed to ip from cidr")
|
||||
} else {
|
||||
reservedIps = append(reservedIps, ip.String())
|
||||
return nil, err
|
||||
}
|
||||
reservedIps = append(reservedIps, ip.String())
|
||||
}
|
||||
}
|
||||
|
||||
device := u.GetDevice()
|
||||
for _, cidr := range device.IPs {
|
||||
if cidr == "" {
|
||||
continue
|
||||
}
|
||||
ip, _, err := net.ParseCIDR(cidr)
|
||||
if err != nil {
|
||||
log.WithFields(log.Fields{
|
||||
"err": err,
|
||||
"cidr": cidr,
|
||||
}).Error("failed to ip from cidr")
|
||||
} else {
|
||||
reservedIps = append(reservedIps, ip.String())
|
||||
return nil, err
|
||||
}
|
||||
|
||||
reservedIps = append(reservedIps, ip.String())
|
||||
}
|
||||
|
||||
return reservedIps, nil
|
||||
}
|
||||
|
||||
func (u *UserManager) IsIPReserved(cidr string) bool {
|
||||
reserved, err := u.GetAllReservedIps()
|
||||
if err != nil {
|
||||
return true // in case something failed, assume the ip is reserved
|
||||
}
|
||||
ip, ipnet, err := net.ParseCIDR(cidr)
|
||||
if err != nil {
|
||||
return true
|
||||
}
|
||||
|
||||
// this two addresses are not usable
|
||||
broadcastAddr := common.BroadcastAddr(ipnet).String()
|
||||
networkAddr := ipnet.IP.String()
|
||||
address := ip.String()
|
||||
|
||||
if address == broadcastAddr || address == networkAddr {
|
||||
return true
|
||||
}
|
||||
|
||||
for _, r := range reserved {
|
||||
if address == r {
|
||||
return true
|
||||
}
|
||||
}
|
||||
|
||||
return false
|
||||
}
|
||||
|
||||
// GetAvailableIp search for an available ip in cidr against a list of reserved ips
|
||||
func (u *UserManager) GetAvailableIp(cidr string, reserved []string) (string, error) {
|
||||
func (u *UserManager) GetAvailableIp(cidr string) (string, error) {
|
||||
reserved, err := u.GetAllReservedIps()
|
||||
if err != nil {
|
||||
return "", err
|
||||
}
|
||||
ip, ipnet, err := net.ParseCIDR(cidr)
|
||||
if err != nil {
|
||||
return "", err
|
||||
|
@ -486,7 +549,11 @@ func (u *UserManager) GetAvailableIp(cidr string, reserved []string) (string, er
|
|||
}
|
||||
}
|
||||
if ok && address != networkAddr && address != broadcastAddr {
|
||||
return address, nil
|
||||
netMask := "/32"
|
||||
if common.IsIPv6(address) {
|
||||
netMask = "/128"
|
||||
}
|
||||
return address + netMask, nil
|
||||
}
|
||||
}
|
||||
|
||||
|
|
Loading…
Reference in New Issue