2022-11-02 12:13:36 -06:00
|
|
|
#!/bin/bash
|
|
|
|
# FILE: admin/user/del
|
|
|
|
# DESCRIPTION: Delete a user
|
|
|
|
# USAGE: del remote_ip querystring
|
2022-11-02 12:28:36 -06:00
|
|
|
# QUERYSTRING: ?t=$token&user=$username&un=$usernumber
|
2022-11-02 12:13:36 -06:00
|
|
|
# ERRORS:
|
|
|
|
# 3: bad args/usage
|
|
|
|
# 4: Wireguard not installed
|
|
|
|
# 5: vars file not found
|
|
|
|
# 6: Servers file not found
|
|
|
|
# 7: Token file not found
|
|
|
|
# 8: Invalid token
|
|
|
|
# 9: Username not provided
|
|
|
|
|
|
|
|
CONFIG_FILE='/etc/wgapi/config'
|
|
|
|
SERVERS_FILE='/etc/wgapi/servers'
|
|
|
|
if ! [ ${#} -eq 2 ]; then
|
|
|
|
printf 'ERROR! Bad input: %s %s\n' "${0}" "${*}" >>"${LOGFILE}"
|
|
|
|
exit 3
|
|
|
|
fi & if ! [ -x '/usr/bin/wg' ]; then
|
|
|
|
printf 'ERROR! %s could not find /usr/bin/wg\n' "${0}" >>"${LOGFILE}"
|
|
|
|
exit 4
|
|
|
|
fi & if ! [ -f "${CONFIG_FILE}" ]; then
|
|
|
|
printf 'ERROR! %s could not find %s!\n' "${0}" "${CONFIG_FILE}" >>"${LOGFILE}"
|
|
|
|
exit 5
|
|
|
|
fi
|
|
|
|
source "${CONFIG_FILE}"
|
|
|
|
if ! [ -f "${SERVERS_FILE}" ]; then
|
|
|
|
printf 'ERROR! %s could not find %s!\n' "${0}" "${SERVERS_FILE}" >>"${LOGFILE}"
|
|
|
|
exit 6
|
|
|
|
fi & if ! [ -f "${TOKENS_FILE}" ]; then
|
|
|
|
printf 'ERROR! %s could not find %s!\n' "${0}" "${TOKENS_FILE}" >>"${LOGFILE}"
|
|
|
|
exit 7
|
|
|
|
fi
|
|
|
|
ip="${1}"
|
|
|
|
qs="$(<<<"${2}" tr '&' '\n' | sed 's/?//')"
|
|
|
|
|
|
|
|
# Check token
|
|
|
|
token_fail(){
|
|
|
|
printf 'Rejecting admin %s request for new peer due to %s token\n' "${ip}" "${1}" >>"${LOGFILE}"
|
|
|
|
printf 'Invalid token\n' | "${LIB_DIR}/http_res" 403
|
|
|
|
exit 8
|
|
|
|
}
|
|
|
|
saved_token="$(grep "${ip}" "${TOKENS_FILE}" | cut -f2)"
|
|
|
|
[ "${saved_token}" == "" ] && token_fail 'missing' &
|
|
|
|
<<<"${qs}" grep -qx "t=${saved_token}" || token_fail 'mismatched'
|
|
|
|
printf '%s token was valid\n' "${ip}" >>"${LOGFILE}"
|
|
|
|
|
2022-11-02 12:28:36 -06:00
|
|
|
# Check username and usernumber
|
2022-11-02 12:13:36 -06:00
|
|
|
username="$(<<<"${qs}" grep -oP 'user=(.*)' | sed 's/^user=//')"
|
2022-11-02 12:28:36 -06:00
|
|
|
usernumber="$(<<<"${qs}" grep -oP 'un=(.*)' | sed 's/^un=//')"
|
2022-11-02 12:13:36 -06:00
|
|
|
if [[ "${username}" == "" ]]; then
|
2022-11-02 12:28:36 -06:00
|
|
|
printf 'ERROR! Username missing!\n' | tee -a "${LOGFILE}" | "${LIB_DIR}/http_res" 400
|
|
|
|
exit 9
|
|
|
|
elif [[ "${usernumber}" == "" ]]; then
|
|
|
|
printf 'ERROR! Usernumber missing!\n' | tee -a "${LOGFILE}" |"${LIB_DIR}/http_res" 400
|
2022-11-02 12:13:36 -06:00
|
|
|
exit 9
|
|
|
|
else
|
2022-11-02 12:28:36 -06:00
|
|
|
printf 'Admin %s requested deletion of user "%s" with usernumber "%s"\n' "${ip}" "${username}" "${usernumber}" >>"${LOGFILE}"
|
2022-11-02 12:13:36 -06:00
|
|
|
fi
|
|
|
|
|
2022-11-02 12:19:06 -06:00
|
|
|
# Get all peer IPs
|
|
|
|
if ! wg_output="$(sudo /usr/bin/wg show "${TLD}" allowed-ips)"; then
|
|
|
|
printf 'ERROR! Wireguard failed!\n' >>"${LOGFILE}"
|
|
|
|
printf 'Wireguard failed!\n' | "${LIB_DIR}/http_res" 500
|
|
|
|
exit 5
|
|
|
|
fi
|
|
|
|
|
|
|
|
# Filter out the user's
|
|
|
|
user_peers="$(grep "${IPV4_NET%.*.*}.${usernumber}." <<<"${wg_output}" 2>/dev/null)"
|
|
|
|
if [ "${user_peers}" == "" ]; then
|
|
|
|
printf "ERROR! Couldn't find any peers for %s!\n" "${IPV4_NET%.*.*}.${usernumber}." >>"${LOGFILE}"
|
|
|
|
printf 'No user peers found for %s!\n' "${IPV4_NET%.*.*}.${usernumber}" | "${LIB_DIR}/http_res" 404
|
|
|
|
exit 14
|
|
|
|
fi
|
|
|
|
|
|
|
|
# Get user peer domains
|
|
|
|
if ! peers="$("${LIB_DIR}/ips_to_peers_rdns" tsv <<<"${user_peers}")"; then
|
|
|
|
printf 'ERROR! Failed to retrieve peers for %s!\n' "${${IPV4_NET%.*.*}.${usernumber}}" >>"${LOGFILE}"
|
|
|
|
printf 'Failed to retrieve peers for %s!\n' "${IPV4_NET%.*.*}.${usernumber}" | "${LIB_DIR}/http_res" 500
|
|
|
|
exit 10
|
|
|
|
fi
|
|
|
|
|
2022-11-02 13:02:23 -06:00
|
|
|
# Delete user peers (in parallel)
|
|
|
|
delete_peer() {
|
|
|
|
domain="${1}"; ipv4="${2}"; ipv6="${3}"; pubkey="${4}"
|
|
|
|
printf 'Deleting peer with domain %s and ipv4 %s and ipv6 %s and pubkey %s\n' "${domain}" "${ipv4}" "${ipv6}" "${pubkey}" >> "${LOGFILE}"
|
|
|
|
}
|
|
|
|
printf '%s\n' "${peers}" | while IFS=$'\t' read -r domain ipv4 ipv6 pubkey
|
|
|
|
do delete_peer "${domain}" "${ipv4}" "${ipv6}" "${pubkey}" &
|
|
|
|
[ $( jobs | wc -l ) -ge $( nproc ) ] && wait
|
|
|
|
done
|
2022-11-02 12:19:06 -06:00
|
|
|
|
|
|
|
# Delete SSL cert directory
|
|
|
|
#if ! sudo rm -rf "${SSL_CONFIG_DIR:?}/${username:?}/"; then
|
|
|
|
# printf 'Failed to delete user SSL directory %s/%s/:\n' "${SSL_CONFIG_DIR}" "${username}" >>"${LOGFILE}"
|
|
|
|
#fi
|