From a617cb10591c8ee8cb795fda25574f5892b1857d Mon Sep 17 00:00:00 2001 From: Christoph Haas Date: Sun, 8 Nov 2020 10:26:18 +0100 Subject: [PATCH] wip: create/update/... --- assets/tpl/admin_create_clients.html | 2 +- assets/tpl/admin_index.html | 5 ++ internal/common/iputil.go | 18 ++--- internal/server/handlers.go | 100 +++++++++++++++++++++++---- internal/server/routes.go | 1 + internal/server/usermanager.go | 4 +- 6 files changed, 103 insertions(+), 27 deletions(-) diff --git a/assets/tpl/admin_create_clients.html b/assets/tpl/admin_create_clients.html index 9d11549..12dd8a9 100644 --- a/assets/tpl/admin_create_clients.html +++ b/assets/tpl/admin_create_clients.html @@ -41,7 +41,7 @@
- +
diff --git a/assets/tpl/admin_index.html b/assets/tpl/admin_index.html index ec944c8..b76694d 100644 --- a/assets/tpl/admin_index.html +++ b/assets/tpl/admin_index.html @@ -111,8 +111,13 @@ {{$p.PublicKey}} {{$p.Email}} {{$p.IPsStr}} + {{if not $p.Peer}} + ? / ? + ? + {{else}} {{if $p.DeactivatedAt}}-{{else}}{{$p.Peer.ReceiveBytes}} / {{$p.Peer.TransmitBytes}}{{end}} {{if $p.DeactivatedAt}}-{{else}}{{$p.Peer.LastHandshakeTime}}{{end}} + {{end}} {{if eq $.Session.IsAdmin true}} diff --git a/internal/common/iputil.go b/internal/common/iputil.go index 0241b02..240c620 100644 --- a/internal/common/iputil.go +++ b/internal/common/iputil.go @@ -39,19 +39,19 @@ func IsIPv6(address string) bool { return ip.To4() == nil } -func ParseIPList(lst string) []string { - ips := strings.Split(lst, ",") - validatedIPs := make([]string, 0, len(ips)) - for i := range ips { - ips[i] = strings.TrimSpace(ips[i]) - if ips[i] != "" { - validatedIPs = append(validatedIPs, ips[i]) +func ParseStringList(lst string) []string { + tokens := strings.Split(lst, ",") + validatedTokens := make([]string, 0, len(tokens)) + for i := range tokens { + tokens[i] = strings.TrimSpace(tokens[i]) + if tokens[i] != "" { + validatedTokens = append(validatedTokens, tokens[i]) } } - return validatedIPs + return validatedTokens } -func IPListToString(lst []string) string { +func ListToString(lst []string) string { return strings.Join(lst, ", ") } diff --git a/internal/server/handlers.go b/internal/server/handlers.go index 8def6a9..1a9ad14 100644 --- a/internal/server/handlers.go +++ b/internal/server/handlers.go @@ -6,8 +6,11 @@ import ( "net/http" "net/url" "strconv" + "strings" "time" + log "github.com/sirupsen/logrus" + "github.com/h44z/wg-portal/internal/ldap" "github.com/h44z/wg-portal/internal/common" @@ -89,12 +92,12 @@ func (s *Server) PostAdminEditInterface(c *gin.Context) { return } // Clean list input - formDevice.IPs = common.ParseIPList(formDevice.IPsStr) - formDevice.AllowedIPs = common.ParseIPList(formDevice.AllowedIPsStr) - formDevice.DNS = common.ParseIPList(formDevice.DNSStr) - formDevice.IPsStr = common.IPListToString(formDevice.IPs) - formDevice.AllowedIPsStr = common.IPListToString(formDevice.AllowedIPs) - formDevice.DNSStr = common.IPListToString(formDevice.DNS) + formDevice.IPs = common.ParseStringList(formDevice.IPsStr) + formDevice.AllowedIPs = common.ParseStringList(formDevice.AllowedIPsStr) + formDevice.DNS = common.ParseStringList(formDevice.DNSStr) + formDevice.IPsStr = common.ListToString(formDevice.IPs) + formDevice.AllowedIPsStr = common.ListToString(formDevice.AllowedIPs) + formDevice.DNSStr = common.ListToString(formDevice.DNS) // Update WireGuard device err := s.wg.UpdateDevice(formDevice.DeviceName, formDevice.GetDeviceConfig()) @@ -149,10 +152,10 @@ func (s *Server) PostAdminEditPeer(c *gin.Context) { } // Clean list input - formUser.IPs = common.ParseIPList(formUser.IPsStr) - formUser.AllowedIPs = common.ParseIPList(formUser.AllowedIPsStr) - formUser.IPsStr = common.IPListToString(formUser.IPs) - formUser.AllowedIPsStr = common.IPListToString(formUser.AllowedIPs) + formUser.IPs = common.ParseStringList(formUser.IPsStr) + formUser.AllowedIPs = common.ParseStringList(formUser.AllowedIPsStr) + formUser.IPsStr = common.ListToString(formUser.IPs) + formUser.AllowedIPsStr = common.ListToString(formUser.AllowedIPs) disabled := c.PostForm("isdisabled") != "" now := time.Now() @@ -244,10 +247,10 @@ func (s *Server) PostAdminCreatePeer(c *gin.Context) { } // Clean list input - formUser.IPs = common.ParseIPList(formUser.IPsStr) - formUser.AllowedIPs = common.ParseIPList(formUser.AllowedIPsStr) - formUser.IPsStr = common.IPListToString(formUser.IPs) - formUser.AllowedIPsStr = common.IPListToString(formUser.AllowedIPs) + formUser.IPs = common.ParseStringList(formUser.IPsStr) + formUser.AllowedIPs = common.ParseStringList(formUser.AllowedIPsStr) + formUser.IPsStr = common.ListToString(formUser.IPs) + formUser.AllowedIPsStr = common.ListToString(formUser.AllowedIPs) disabled := c.PostForm("isdisabled") != "" now := time.Now() @@ -265,7 +268,7 @@ func (s *Server) PostAdminCreatePeer(c *gin.Context) { } } - // Update in database + // Create in database err := s.users.CreateUser(formUser) if err != nil { s.setAlert(c, "failed to add user in database: "+err.Error(), "danger") @@ -297,6 +300,73 @@ func (s *Server) GetAdminCreateLdapPeers(c *gin.Context) { }) } +func (s *Server) PostAdminCreateLdapPeers(c *gin.Context) { + email := c.PostForm("email") + identifier := c.PostForm("identifier") + if identifier == "" { + identifier = "Default" + } + if email == "" { + s.setAlert(c, "missing email address", "danger") + c.Redirect(http.StatusSeeOther, "/admin/peer/createldap") + return + } + emails := common.ParseStringList(email) + for i := range emails { + // TODO: also check email addr for validity? + if !strings.ContainsRune(emails[i], '@') || s.ldapUsers.GetUserDNByMail(emails[i]) == "" { + s.setAlert(c, "invalid email address: "+emails[i], "danger") + c.Redirect(http.StatusSeeOther, "/admin/peer/createldap") + return + } + } + + log.Infof("creating %d ldap peers", len(emails)) + device := s.users.GetDevice() + + for i := range emails { + ldapUser := s.ldapUsers.GetUserData(s.ldapUsers.GetUserDNByMail(emails[i])) + user := User{} + user.AllowedIPsStr = device.AllowedIPsStr + user.IPsStr = "" // TODO: add a valid ip here + psk, err := wgtypes.GenerateKey() + if err != nil { + s.HandleError(c, http.StatusInternalServerError, "Preshared key generation error", err.Error()) + return + } + key, err := wgtypes.GeneratePrivateKey() + if err != nil { + s.HandleError(c, http.StatusInternalServerError, "Private key generation error", err.Error()) + return + } + user.PresharedKey = psk.String() + user.PrivateKey = key.String() + user.PublicKey = key.PublicKey().String() + user.UID = fmt.Sprintf("u%x", md5.Sum([]byte(user.PublicKey))) + user.Email = emails[i] + user.Identifier = fmt.Sprintf("%s %s (%s)", ldapUser.Firstname, ldapUser.Lastname, identifier) + + // Create wireguard interface + err = s.wg.AddPeer(user.GetPeerConfig()) + if err != nil { + s.setAlert(c, "failed to add peer in WireGuard: "+err.Error(), "danger") + c.Redirect(http.StatusSeeOther, "/admin/peer/createldap") + return + } + + // Create in database + err = s.users.CreateUser(user) + if err != nil { + s.setAlert(c, "failed to add user in database: "+err.Error(), "danger") + c.Redirect(http.StatusSeeOther, "/admin/peer/createldap") + return + } + } + + s.setAlert(c, "client(s) created successfully", "success") + c.Redirect(http.StatusSeeOther, "/admin/peer/createldap") +} + func (s *Server) GetUserQRCode(c *gin.Context) { user := s.users.GetUserByKey(c.Query("pkey")) png, err := user.GetQRCode() diff --git a/internal/server/routes.go b/internal/server/routes.go index 9d2d99e..8c66fdf 100644 --- a/internal/server/routes.go +++ b/internal/server/routes.go @@ -27,6 +27,7 @@ func SetupRoutes(s *Server) { admin.GET("/peer/create", s.GetAdminCreatePeer) admin.POST("/peer/create", s.PostAdminCreatePeer) admin.GET("/peer/createldap", s.GetAdminCreateLdapPeers) + admin.POST("/peer/createldap", s.PostAdminCreateLdapPeers) // User routes user := s.server.Group("/user") diff --git a/internal/server/usermanager.go b/internal/server/usermanager.go index cef6878..a9316e9 100644 --- a/internal/server/usermanager.go +++ b/internal/server/usermanager.go @@ -32,7 +32,7 @@ import ( var cidrList validator.Func = func(fl validator.FieldLevel) bool { cidrListStr := fl.Field().String() - cidrList := common.ParseIPList(cidrListStr) + cidrList := common.ParseStringList(cidrListStr) for i := range cidrList { _, _, err := net.ParseCIDR(cidrList[i]) if err != nil { @@ -45,7 +45,7 @@ var cidrList validator.Func = func(fl validator.FieldLevel) bool { var ipList validator.Func = func(fl validator.FieldLevel) bool { ipListStr := fl.Field().String() - ipList := common.ParseIPList(ipListStr) + ipList := common.ParseStringList(ipListStr) for i := range ipList { ip := net.ParseIP(ipList[i]) if ip == nil {