wagon/back/lib/admin/user/del

#!/bin/bash
# FILE:       	admin/user/del
# DESCRIPTION:	Delete a user
# USAGE:      	del remote_ip querystring
# QUERYSTRING:	?t=$token&user=$username&un=$usernumber
# ERRORS:
# 	 3: bad args/usage
# 	 4: Wireguard not installed
# 	 5: vars file not found
# 	 6: Servers file not found
# 	 7: Token file not found
# 	 8: Invalid token
# 	 9: Username not provided

CONFIG_FILE='/etc/wgapi/config'
SERVERS_FILE='/etc/wgapi/servers'
if ! [ ${#} -eq 2 ]; then
	printf 'ERROR! Bad input: %s %s\n' "${0}" "${*}" >>"${LOGFILE}"
	exit 3
fi & if ! [ -x '/usr/bin/wg' ]; then
	printf 'ERROR! %s could not find /usr/bin/wg\n' "${0}" >>"${LOGFILE}"
	exit 4
fi & if ! [ -f "${CONFIG_FILE}" ]; then
	printf 'ERROR! %s could not find %s!\n' "${0}" "${CONFIG_FILE}" >>"${LOGFILE}"
	exit 5
fi
source "${CONFIG_FILE}"
if ! [ -f "${SERVERS_FILE}" ]; then
	printf 'ERROR! %s could not find %s!\n' "${0}" "${SERVERS_FILE}" >>"${LOGFILE}"
	exit 6
fi & if ! [ -f "${TOKENS_FILE}" ]; then
	printf 'ERROR! %s could not find %s!\n' "${0}" "${TOKENS_FILE}" >>"${LOGFILE}"
	exit 7
fi
ip="${1}"
qs="$(<<<"${2}" tr '&' '\n' | sed 's/?//')"

# Check token
token_fail(){
	printf 'Rejecting admin %s request for new peer due to %s token\n' "${ip}" "${1}" >>"${LOGFILE}"
	printf 'Invalid token\n' | "${LIB_DIR}/http_res" 403
	exit 8
}
saved_token="$(grep "${ip}" "${TOKENS_FILE}" | cut -f2)"
[ "${saved_token}" == "" ] && token_fail 'missing' &
<<<"${qs}" grep -qx "t=${saved_token}" || token_fail 'mismatched'
printf '%s token was valid\n' "${ip}" >>"${LOGFILE}"

# Check username and usernumber
username="$(<<<"${qs}" grep -oP 'user=(.*)' | sed 's/^user=//')"
usernumber="$(<<<"${qs}" grep -oP 'un=(.*)' | sed 's/^un=//')"
if [[ "${username}" == "" ]]; then
	printf 'ERROR! Username missing!\n' | tee -a "${LOGFILE}" | "${LIB_DIR}/http_res" 400
	exit 9
elif [[ "${usernumber}" == "" ]]; then
	printf 'ERROR! Usernumber missing!\n' | tee -a "${LOGFILE}" |"${LIB_DIR}/http_res" 400
	exit 9
else
	printf 'Admin %s requested deletion of user "%s" with usernumber "%s"\n' "${ip}" "${username}" "${usernumber}" >>"${LOGFILE}"
fi

# Get all peer IPs
if ! wg_output="$(sudo /usr/bin/wg show "${TLD}" allowed-ips)"; then
	printf 'ERROR! Wireguard failed!\n' >>"${LOGFILE}"
	printf 'Wireguard failed!\n' | "${LIB_DIR}/http_res" 500
	exit 5
fi

# Filter out the user's
user_peers="$(grep "${IPV4_NET%.*.*}.${usernumber}." <<<"${wg_output}" 2>/dev/null)"
if [ "${user_peers}" == "" ]; then
	printf "ERROR! Couldn't find any peers for %s!\n" "${IPV4_NET%.*.*}.${usernumber}." >>"${LOGFILE}"
	printf 'No user peers found for %s!\n' "${IPV4_NET%.*.*}.${usernumber}" | "${LIB_DIR}/http_res" 404
	exit 14
fi

# Get user peer domains
if ! peers="$("${LIB_DIR}/ips_to_peers_rdns" tsv <<<"${user_peers}")"; then
	printf 'ERROR! Failed to retrieve peers for %s!\n' "${${IPV4_NET%.*.*}.${usernumber}}" >>"${LOGFILE}"
	printf 'Failed to retrieve peers for %s!\n' "${IPV4_NET%.*.*}.${usernumber}" | "${LIB_DIR}/http_res" 500
	exit 10
fi

# Delete user peers (in parallel)
delete_peer() {
	domain="${1}"; ipv4="${2}"; ipv6="${3}"; pubkey="${4}"
	printf 'Deleting peer with domain %s and ipv4 %s and ipv6 %s and pubkey %s\n' "${domain}" "${ipv4}" "${ipv6}" "${pubkey}"  >> "${LOGFILE}"
}
printf '%s\n' "${peers}" | while IFS=$'\t' read -r domain ipv4 ipv6 pubkey
	do delete_peer "${domain}" "${ipv4}" "${ipv6}" "${pubkey}" &
	[ $( jobs | wc -l ) -ge $( nproc ) ] && wait
done

# Delete SSL cert directory
#if ! sudo rm -rf "${SSL_CONFIG_DIR:?}/${username:?}/"; then
#	printf 'Failed to delete user SSL directory %s/%s/:\n' "${SSL_CONFIG_DIR}" "${username}" >>"${LOGFILE}"
#fi
Initial deletion code 2022-11-02 12:13:36 -06:00			`#!/bin/bash`
			`# FILE: admin/user/del`
			`# DESCRIPTION: Delete a user`
			`# USAGE: del remote_ip querystring`
Send usernumber too 2022-11-02 12:28:36 -06:00			`# QUERYSTRING: ?t=$token&user=$username&un=$usernumber`
Initial deletion code 2022-11-02 12:13:36 -06:00			`# ERRORS:`
			`# 3: bad args/usage`
			`# 4: Wireguard not installed`
			`# 5: vars file not found`
			`# 6: Servers file not found`
			`# 7: Token file not found`
			`# 8: Invalid token`
			`# 9: Username not provided`

			`CONFIG_FILE='/etc/wgapi/config'`
			`SERVERS_FILE='/etc/wgapi/servers'`
			`if ! [ ${#} -eq 2 ]; then`
			`printf 'ERROR! Bad input: %s %s\n' "${0}" "${*}" >>"${LOGFILE}"`
			`exit 3`
			`fi & if ! [ -x '/usr/bin/wg' ]; then`
			`printf 'ERROR! %s could not find /usr/bin/wg\n' "${0}" >>"${LOGFILE}"`
			`exit 4`
			`fi & if ! [ -f "${CONFIG_FILE}" ]; then`
			`printf 'ERROR! %s could not find %s!\n' "${0}" "${CONFIG_FILE}" >>"${LOGFILE}"`
			`exit 5`
			`fi`
			`source "${CONFIG_FILE}"`
			`if ! [ -f "${SERVERS_FILE}" ]; then`
			`printf 'ERROR! %s could not find %s!\n' "${0}" "${SERVERS_FILE}" >>"${LOGFILE}"`
			`exit 6`
			`fi & if ! [ -f "${TOKENS_FILE}" ]; then`
			`printf 'ERROR! %s could not find %s!\n' "${0}" "${TOKENS_FILE}" >>"${LOGFILE}"`
			`exit 7`
			`fi`
			`ip="${1}"`
			`qs="$(<<<"${2}" tr '&' '\n' \| sed 's/?//')"`

			`# Check token`
			`token_fail(){`
			`printf 'Rejecting admin %s request for new peer due to %s token\n' "${ip}" "${1}" >>"${LOGFILE}"`
			`printf 'Invalid token\n' \| "${LIB_DIR}/http_res" 403`
			`exit 8`
			`}`
			`saved_token="$(grep "${ip}" "${TOKENS_FILE}" \| cut -f2)"`
			`[ "${saved_token}" == "" ] && token_fail 'missing' &`
			`<<<"${qs}" grep -qx "t=${saved_token}" \|\| token_fail 'mismatched'`
			`printf '%s token was valid\n' "${ip}" >>"${LOGFILE}"`

Send usernumber too 2022-11-02 12:28:36 -06:00			`# Check username and usernumber`
Initial deletion code 2022-11-02 12:13:36 -06:00			`username="$(<<<"${qs}" grep -oP 'user=(.*)' \| sed 's/^user=//')"`
Send usernumber too 2022-11-02 12:28:36 -06:00			`usernumber="$(<<<"${qs}" grep -oP 'un=(.*)' \| sed 's/^un=//')"`
Initial deletion code 2022-11-02 12:13:36 -06:00			`if [[ "${username}" == "" ]]; then`
Send usernumber too 2022-11-02 12:28:36 -06:00			`printf 'ERROR! Username missing!\n' \| tee -a "${LOGFILE}" \| "${LIB_DIR}/http_res" 400`
			`exit 9`
			`elif [[ "${usernumber}" == "" ]]; then`
			`printf 'ERROR! Usernumber missing!\n' \| tee -a "${LOGFILE}" \|"${LIB_DIR}/http_res" 400`
Initial deletion code 2022-11-02 12:13:36 -06:00			`exit 9`
			`else`
Send usernumber too 2022-11-02 12:28:36 -06:00			`printf 'Admin %s requested deletion of user "%s" with usernumber "%s"\n' "${ip}" "${username}" "${usernumber}" >>"${LOGFILE}"`
Initial deletion code 2022-11-02 12:13:36 -06:00			`fi`

Added more admin deleting user code 2022-11-02 12:19:06 -06:00			`# Get all peer IPs`
			`if ! wg_output="$(sudo /usr/bin/wg show "${TLD}" allowed-ips)"; then`
			`printf 'ERROR! Wireguard failed!\n' >>"${LOGFILE}"`
			`printf 'Wireguard failed!\n' \| "${LIB_DIR}/http_res" 500`
			`exit 5`
			`fi`

			`# Filter out the user's`
			`user_peers="$(grep "${IPV4_NET%..}.${usernumber}." <<<"${wg_output}" 2>/dev/null)"`
			`if [ "${user_peers}" == "" ]; then`
			`printf "ERROR! Couldn't find any peers for %s!\n" "${IPV4_NET%..}.${usernumber}." >>"${LOGFILE}"`
			`printf 'No user peers found for %s!\n' "${IPV4_NET%..}.${usernumber}" \| "${LIB_DIR}/http_res" 404`
			`exit 14`
			`fi`

			`# Get user peer domains`
			`if ! peers="$("${LIB_DIR}/ips_to_peers_rdns" tsv <<<"${user_peers}")"; then`
			`printf 'ERROR! Failed to retrieve peers for %s!\n' "${${IPV4_NET%..}.${usernumber}}" >>"${LOGFILE}"`
			`printf 'Failed to retrieve peers for %s!\n' "${IPV4_NET%..}.${usernumber}" \| "${LIB_DIR}/http_res" 500`
			`exit 10`
			`fi`

Added more peer deletion logic 2022-11-02 13:02:23 -06:00			`# Delete user peers (in parallel)`
			`delete_peer() {`
			`domain="${1}"; ipv4="${2}"; ipv6="${3}"; pubkey="${4}"`
			`printf 'Deleting peer with domain %s and ipv4 %s and ipv6 %s and pubkey %s\n' "${domain}" "${ipv4}" "${ipv6}" "${pubkey}" >> "${LOGFILE}"`
			`}`
			`printf '%s\n' "${peers}" \| while IFS=$'\t' read -r domain ipv4 ipv6 pubkey`
			`do delete_peer "${domain}" "${ipv4}" "${ipv6}" "${pubkey}" &`
			`[ $( jobs \| wc -l ) -ge $( nproc ) ] && wait`
			`done`
Added more admin deleting user code 2022-11-02 12:19:06 -06:00
			`# Delete SSL cert directory`
			`#if ! sudo rm -rf "${SSL_CONFIG_DIR:?}/${username:?}/"; then`
			`# printf 'Failed to delete user SSL directory %s/%s/:\n' "${SSL_CONFIG_DIR}" "${username}" >>"${LOGFILE}"`
			`#fi`