wip: create/update/...

This commit is contained in:
Christoph Haas 2020-11-08 10:26:18 +01:00
parent 3e92cc8551
commit a617cb1059
6 changed files with 103 additions and 27 deletions

View File

@ -41,7 +41,7 @@
<div class="form-row"> <div class="form-row">
<div class="form-group col-md-12"> <div class="form-group col-md-12">
<label for="inputIdentifier">Client Friendly Name (will be added as suffix to the name of the user)</label> <label for="inputIdentifier">Client Friendly Name (will be added as suffix to the name of the user)</label>
<input type="text" name="identifier" class="form-control" id="inputIdentifier" value="Primary"> <input type="text" name="identifier" class="form-control" id="inputIdentifier" value="Default">
</div> </div>
</div> </div>

View File

@ -111,8 +111,13 @@
<td>{{$p.PublicKey}}</td> <td>{{$p.PublicKey}}</td>
<td>{{$p.Email}}</td> <td>{{$p.Email}}</td>
<td>{{$p.IPsStr}}</td> <td>{{$p.IPsStr}}</td>
{{if not $p.Peer}}
<td>? / ?</td>
<td>?</td>
{{else}}
<td>{{if $p.DeactivatedAt}}-{{else}}{{$p.Peer.ReceiveBytes}} / {{$p.Peer.TransmitBytes}}{{end}}</td> <td>{{if $p.DeactivatedAt}}-{{else}}{{$p.Peer.ReceiveBytes}} / {{$p.Peer.TransmitBytes}}{{end}}</td>
<td>{{if $p.DeactivatedAt}}-{{else}}{{$p.Peer.LastHandshakeTime}}{{end}}</td> <td>{{if $p.DeactivatedAt}}-{{else}}{{$p.Peer.LastHandshakeTime}}{{end}}</td>
{{end}}
<td> <td>
{{if eq $.Session.IsAdmin true}} {{if eq $.Session.IsAdmin true}}
<a href="/admin/peer/edit?pkey={{$p.PublicKey}}"><i class="fas fa-cog"></i></a> <a href="/admin/peer/edit?pkey={{$p.PublicKey}}"><i class="fas fa-cog"></i></a>

View File

@ -39,19 +39,19 @@ func IsIPv6(address string) bool {
return ip.To4() == nil return ip.To4() == nil
} }
func ParseIPList(lst string) []string { func ParseStringList(lst string) []string {
ips := strings.Split(lst, ",") tokens := strings.Split(lst, ",")
validatedIPs := make([]string, 0, len(ips)) validatedTokens := make([]string, 0, len(tokens))
for i := range ips { for i := range tokens {
ips[i] = strings.TrimSpace(ips[i]) tokens[i] = strings.TrimSpace(tokens[i])
if ips[i] != "" { if tokens[i] != "" {
validatedIPs = append(validatedIPs, ips[i]) validatedTokens = append(validatedTokens, tokens[i])
} }
} }
return validatedIPs return validatedTokens
} }
func IPListToString(lst []string) string { func ListToString(lst []string) string {
return strings.Join(lst, ", ") return strings.Join(lst, ", ")
} }

View File

@ -6,8 +6,11 @@ import (
"net/http" "net/http"
"net/url" "net/url"
"strconv" "strconv"
"strings"
"time" "time"
log "github.com/sirupsen/logrus"
"github.com/h44z/wg-portal/internal/ldap" "github.com/h44z/wg-portal/internal/ldap"
"github.com/h44z/wg-portal/internal/common" "github.com/h44z/wg-portal/internal/common"
@ -89,12 +92,12 @@ func (s *Server) PostAdminEditInterface(c *gin.Context) {
return return
} }
// Clean list input // Clean list input
formDevice.IPs = common.ParseIPList(formDevice.IPsStr) formDevice.IPs = common.ParseStringList(formDevice.IPsStr)
formDevice.AllowedIPs = common.ParseIPList(formDevice.AllowedIPsStr) formDevice.AllowedIPs = common.ParseStringList(formDevice.AllowedIPsStr)
formDevice.DNS = common.ParseIPList(formDevice.DNSStr) formDevice.DNS = common.ParseStringList(formDevice.DNSStr)
formDevice.IPsStr = common.IPListToString(formDevice.IPs) formDevice.IPsStr = common.ListToString(formDevice.IPs)
formDevice.AllowedIPsStr = common.IPListToString(formDevice.AllowedIPs) formDevice.AllowedIPsStr = common.ListToString(formDevice.AllowedIPs)
formDevice.DNSStr = common.IPListToString(formDevice.DNS) formDevice.DNSStr = common.ListToString(formDevice.DNS)
// Update WireGuard device // Update WireGuard device
err := s.wg.UpdateDevice(formDevice.DeviceName, formDevice.GetDeviceConfig()) err := s.wg.UpdateDevice(formDevice.DeviceName, formDevice.GetDeviceConfig())
@ -149,10 +152,10 @@ func (s *Server) PostAdminEditPeer(c *gin.Context) {
} }
// Clean list input // Clean list input
formUser.IPs = common.ParseIPList(formUser.IPsStr) formUser.IPs = common.ParseStringList(formUser.IPsStr)
formUser.AllowedIPs = common.ParseIPList(formUser.AllowedIPsStr) formUser.AllowedIPs = common.ParseStringList(formUser.AllowedIPsStr)
formUser.IPsStr = common.IPListToString(formUser.IPs) formUser.IPsStr = common.ListToString(formUser.IPs)
formUser.AllowedIPsStr = common.IPListToString(formUser.AllowedIPs) formUser.AllowedIPsStr = common.ListToString(formUser.AllowedIPs)
disabled := c.PostForm("isdisabled") != "" disabled := c.PostForm("isdisabled") != ""
now := time.Now() now := time.Now()
@ -244,10 +247,10 @@ func (s *Server) PostAdminCreatePeer(c *gin.Context) {
} }
// Clean list input // Clean list input
formUser.IPs = common.ParseIPList(formUser.IPsStr) formUser.IPs = common.ParseStringList(formUser.IPsStr)
formUser.AllowedIPs = common.ParseIPList(formUser.AllowedIPsStr) formUser.AllowedIPs = common.ParseStringList(formUser.AllowedIPsStr)
formUser.IPsStr = common.IPListToString(formUser.IPs) formUser.IPsStr = common.ListToString(formUser.IPs)
formUser.AllowedIPsStr = common.IPListToString(formUser.AllowedIPs) formUser.AllowedIPsStr = common.ListToString(formUser.AllowedIPs)
disabled := c.PostForm("isdisabled") != "" disabled := c.PostForm("isdisabled") != ""
now := time.Now() now := time.Now()
@ -265,7 +268,7 @@ func (s *Server) PostAdminCreatePeer(c *gin.Context) {
} }
} }
// Update in database // Create in database
err := s.users.CreateUser(formUser) err := s.users.CreateUser(formUser)
if err != nil { if err != nil {
s.setAlert(c, "failed to add user in database: "+err.Error(), "danger") s.setAlert(c, "failed to add user in database: "+err.Error(), "danger")
@ -297,6 +300,73 @@ func (s *Server) GetAdminCreateLdapPeers(c *gin.Context) {
}) })
} }
func (s *Server) PostAdminCreateLdapPeers(c *gin.Context) {
email := c.PostForm("email")
identifier := c.PostForm("identifier")
if identifier == "" {
identifier = "Default"
}
if email == "" {
s.setAlert(c, "missing email address", "danger")
c.Redirect(http.StatusSeeOther, "/admin/peer/createldap")
return
}
emails := common.ParseStringList(email)
for i := range emails {
// TODO: also check email addr for validity?
if !strings.ContainsRune(emails[i], '@') || s.ldapUsers.GetUserDNByMail(emails[i]) == "" {
s.setAlert(c, "invalid email address: "+emails[i], "danger")
c.Redirect(http.StatusSeeOther, "/admin/peer/createldap")
return
}
}
log.Infof("creating %d ldap peers", len(emails))
device := s.users.GetDevice()
for i := range emails {
ldapUser := s.ldapUsers.GetUserData(s.ldapUsers.GetUserDNByMail(emails[i]))
user := User{}
user.AllowedIPsStr = device.AllowedIPsStr
user.IPsStr = "" // TODO: add a valid ip here
psk, err := wgtypes.GenerateKey()
if err != nil {
s.HandleError(c, http.StatusInternalServerError, "Preshared key generation error", err.Error())
return
}
key, err := wgtypes.GeneratePrivateKey()
if err != nil {
s.HandleError(c, http.StatusInternalServerError, "Private key generation error", err.Error())
return
}
user.PresharedKey = psk.String()
user.PrivateKey = key.String()
user.PublicKey = key.PublicKey().String()
user.UID = fmt.Sprintf("u%x", md5.Sum([]byte(user.PublicKey)))
user.Email = emails[i]
user.Identifier = fmt.Sprintf("%s %s (%s)", ldapUser.Firstname, ldapUser.Lastname, identifier)
// Create wireguard interface
err = s.wg.AddPeer(user.GetPeerConfig())
if err != nil {
s.setAlert(c, "failed to add peer in WireGuard: "+err.Error(), "danger")
c.Redirect(http.StatusSeeOther, "/admin/peer/createldap")
return
}
// Create in database
err = s.users.CreateUser(user)
if err != nil {
s.setAlert(c, "failed to add user in database: "+err.Error(), "danger")
c.Redirect(http.StatusSeeOther, "/admin/peer/createldap")
return
}
}
s.setAlert(c, "client(s) created successfully", "success")
c.Redirect(http.StatusSeeOther, "/admin/peer/createldap")
}
func (s *Server) GetUserQRCode(c *gin.Context) { func (s *Server) GetUserQRCode(c *gin.Context) {
user := s.users.GetUserByKey(c.Query("pkey")) user := s.users.GetUserByKey(c.Query("pkey"))
png, err := user.GetQRCode() png, err := user.GetQRCode()

View File

@ -27,6 +27,7 @@ func SetupRoutes(s *Server) {
admin.GET("/peer/create", s.GetAdminCreatePeer) admin.GET("/peer/create", s.GetAdminCreatePeer)
admin.POST("/peer/create", s.PostAdminCreatePeer) admin.POST("/peer/create", s.PostAdminCreatePeer)
admin.GET("/peer/createldap", s.GetAdminCreateLdapPeers) admin.GET("/peer/createldap", s.GetAdminCreateLdapPeers)
admin.POST("/peer/createldap", s.PostAdminCreateLdapPeers)
// User routes // User routes
user := s.server.Group("/user") user := s.server.Group("/user")

View File

@ -32,7 +32,7 @@ import (
var cidrList validator.Func = func(fl validator.FieldLevel) bool { var cidrList validator.Func = func(fl validator.FieldLevel) bool {
cidrListStr := fl.Field().String() cidrListStr := fl.Field().String()
cidrList := common.ParseIPList(cidrListStr) cidrList := common.ParseStringList(cidrListStr)
for i := range cidrList { for i := range cidrList {
_, _, err := net.ParseCIDR(cidrList[i]) _, _, err := net.ParseCIDR(cidrList[i])
if err != nil { if err != nil {
@ -45,7 +45,7 @@ var cidrList validator.Func = func(fl validator.FieldLevel) bool {
var ipList validator.Func = func(fl validator.FieldLevel) bool { var ipList validator.Func = func(fl validator.FieldLevel) bool {
ipListStr := fl.Field().String() ipListStr := fl.Field().String()
ipList := common.ParseIPList(ipListStr) ipList := common.ParseStringList(ipListStr)
for i := range ipList { for i := range ipList {
ip := net.ParseIP(ipList[i]) ip := net.ParseIP(ipList[i])
if ip == nil { if ip == nil {