wagon/back/lib/admin/user/add

#!/bin/bash
# FILE:       	user_add
# DESCRIPTION:	Add a new user
# USAGE:      	add remote_ip querystring
# QUERYSTRING:	?t=$token&host=$hostname&user=$username
# ERRORS:
# 	 3: bad args/usage
# 	 4: vars file not found
# 	 5: Wireguard not installed
# 	 6: Hostname in use
# 	 7: Hostname too short
# 	 8: Invalid token
# 	 9: Token file not found
# 	10: Failed to get peer data from wg
# 	11: Failed to generate new IPs
# 	12: Servers file doesn't exist
# 	13: Hostname or username not provided
# 	14: Failed to parse out user's peers
# 	15: Failed to add user to local wireguard
# 	16: Failed to add user to federated server
# 	17: Admin not found

CONFIG_FILE='/etc/wgapi/config'
SERVERS_FILE='/etc/wgapi/servers'
if ! [ ${#} -eq 2 ]; then
	printf 'ERROR! Bad input: %s %s\n' "${0}" "${*}" >>"${LOGFILE}"
	exit 3
fi & if ! [ -x '/usr/bin/wg' ]; then
	printf 'ERROR! %s could not find /usr/bin/wg\n' "${0}" >>"${LOGFILE}"
	exit 5
fi & if ! [ -f "${CONFIG_FILE}" ]; then
	printf 'ERROR! %s could not find %s!\n' "${0}" "${CONFIG_FILE}" >>"${LOGFILE}"
	exit 4
fi
source "${CONFIG_FILE}"
if ! [ -f "${SERVERS_FILE}" ]; then
	printf 'ERROR! %s could not find %s!\n' "${0}" "${SERVERS_FILE}" >>"${LOGFILE}"
	exit 12
fi & if ! [ -f "${TOKENS_FILE}" ]; then
	printf 'ERROR! %s could not find %s!\n' "${0}" "${TOKENS_FILE}" >>"${LOGFILE}"
	exit 9
fi
ip="${1}"
qs="$(<<<"${2}" tr '&' '\n' | sed 's/?//')"

# Check token
token_fail(){
	printf 'Rejecting admin %s request for new peer due to %s token\n' "${ip}" "${1}" >>"${LOGFILE}"
	printf 'Invalid token\n' | "${LIB_DIR}/http_res" 403
	exit 8
}
saved_token="$(grep "${ip}" "${TOKENS_FILE}" | cut -f2)"
[ "${saved_token}" == "" ] && token_fail 'missing' &
<<<"${qs}" grep -qx "t=${saved_token}" || token_fail 'mismatched'
printf '%s token was valid\n' "${ip}" >>"${LOGFILE}"

# Parse new hostname and new username
hostname="$(<<<"${qs}" grep -oP 'host=(.*)' | sed 's/^host=//' | xargs | tr -dc 'a-z0-9' | head -c10)"
username="$(<<<"${qs}" grep -oP 'user=(.*)' | sed 's/^user=//' | xargs | tr -dc 'a-z0-9' | head -c10)"
if ! domain="${hostname:?}.${username:?}.${TLD:?}"; then
	printf 'ERROR! Hostname "%s" or username "%s" or tld "%s" missing!\n' "${hostname}" "${username}" "${TLD}" >>"${LOGFILE}"
	printf 'Hostname or username missing!\n' | "${LIB_DIR}/http_res" 400
	exit 13
else
	printf 'Admin %s requested new user created with initial peer of %s\n' "${ip}" "${domain}" >>"${LOGFILE}"
fi
if ! [[ ${#hostname} -ge 3 ]]; then
	printf 'Rejecting hostname %s because it is too short.\n' "${hostname}" >>"${LOGFILE}"
	printf 'Hostname too short\n' | "${LIB_DIR}/http_res" 400
	exit 7
elif ! [[ ${#username} -ge 3 ]]; then
	printf 'Rejecting username %s because it is too short.\n' "${username}" >>"${LOGFILE}"
	printf 'Username too short\n' | "${LIB_DIR}/http_res" 400
	exit 7
fi

# Check if user already exists
if "${LIB_DIR}/ns_lookup_rxfr" | grep ".${username}.${TLD}" >/dev/null; then
	printf 'User %s already exists!\n' "${username}" | tee -a "${LOGFILE}" | "${LIB_DIR}/http_res" 409
	exit 6
fi

# Get all peer IPs
if ! peers="$(sudo /usr/bin/wg show "${TLD}" allowed-ips)"; then
	printf 'ERROR! Wireguard failed!\n' >>"${LOGFILE}"
	printf 'Wireguard failed!\n' | "${LIB_DIR}/http_res" 500
	exit 5
fi

# Create new IPs
hostnumber='1'
ipv4s="$(<<<"${peers}" | awk '{print $2,$3}' | tr ' ' '\n' | grep '\.' | cut -d'/' -f1)"
ipv6s="$(<<<"${peers}" | awk '{print $2,$3}' | tr ' ' '\n' | grep '\:' | cut -d'/' -f1)"
# Increment hostnumber from 1 until an unused one is found
used_usernumbers="$(<<<"${ipv4s}" cut -d'.' -f3 | sort | uniq)"
usernumber=1; while <<<"${used_usernumbers}" grep -q "${usernumber}"
	do ((usernumber++))
done
ipv4="${IPV4_NET%.*.*}.${usernumber}.${hostnumber}"
ipv6="${IPV6_NET%:*:*}:${usernumber}:${hostnumber}"
if ! printf 'IP addresses for %s created: %s %s\n' "${domain:?}" "${ipv4:?}" "${ipv6:?}" \
	>>"${LOGFILE}"; then
		printf 'ERROR! Failed to create IP addresses for %s!' "${domain}" >>"${LOGFILE}"
		exit 11
fi

# Create wg config
privkey="$(/usr/bin/wg genkey)"
pubkey="$(echo "${privkey}" | /usr/bin/wg pubkey)"
address="${ipv4}/${IPV4_NET##*/},${ipv6}/${IPV6_NET##*/}"

# Update nameserver
if "${LIB_DIR}/ns_update_add" "${domain:?}" "${ipv4:?}" "${ipv6:?}"
	then printf 'Successfully added %s to DNS server.\n' "${domain}" >>"${LOGFILE}"
	else printf 'ERROR! Failed to add %s %s %s to DNS server!\n' "${domain}" "${ipv4}" "${ipv6}" >>"${LOGFILE}"
fi &

# Create SSL cert
if ! sudo mkdir "${SSL_CONFIG_DIR:?}/${username:?}/"; then
	printf 'Failed to create directory %s/%s/:\n' "${SSL_CONFIG_DIR}" "${username}" >>"${LOGFILE}"
	exit 7
fi
if "${LIB_DIR}/ssl_peer_add" "${hostname:?}" "${username:?}" "IP:${ipv4},IP:${ipv6}"
	then printf 'Successfully signed SSL certs for %s\n' "${domain}" >>"${LOGFILE}"
	else printf 'ERROR! Failed to create certs for %s with IPS: %s %s!\n' "${domain}" "${ipv4}" "${ipv6}" >>"${LOGFILE}"
fi

# Do the wireguard and tell the user
server_blocks=''
while IFS=$'\t' read -r server_hostname server_ipv4 server_ipv6 server_pubkey server_endpoint server_admin server_secret; do
	[[ ${server_hostname:0:1} = \# ]] && continue
	server_psk="$(/usr/bin/wg genpsk)"
	server_blocks="${server_blocks}\n[Peer] # ${server_hostname}.${TLD}\nPublicKey=${server_pubkey}\nPresharedKey=${server_psk}\nAllowedIPs=${server_ipv4}/32,${server_ipv6}/128\nEndpoint=${server_endpoint}\n"
	if [ "${server_hostname}" == "${LOCAL_SERVER}" ]; then
		# Add new user to local server
		if "${LIB_DIR}/wg_peer_add" "${pubkey}" "${server_psk}" "${ipv4}/32,${ipv6}/128"; then
			printf 'Added %s to local wireguard server.\n' "${domain}" >>"${LOGFILE}"
		else
			printf 'ERROR! Failed to add %s to local wireguard server!\n' "${domain}" >>"${LOGFILE}"
			# TODO: clear existing progress
			exit 15
		fi
	# TODO: Send new user config to federated server
	#else
	#	if "${LIB_DIR}/fed_peer_add" "${server_admin}" "${pubkey}" "${server_psk}" "${ipv4}/32,${ipv6}/128" "${server_secret}"; then
	#	printf 'Sent %s to remote wireguard server %s.\n' "${domain}" "${server_hostname}" >>"${LOGFILE}"
	#else
	#	printf 'ERROR! Failed to send %s to remote wireguard server %s!\n' "${domain}" "${server_hostname}" >>"${LOGFILE}"
	#	# TODO: clear existing progress
	# exit 16
	#fi
	fi
done <"${SERVERS_FILE}"
wg_config="[Interface] # ${hostname}.${username}.${TLD}\nPrivateKey=${privkey:?}\nAddress=${address:?}\n${WG_DNS}\n${server_blocks:?}"
<<<"${wg_config}" "${LIB_DIR}/http_res" 202
Fixed missing knockout.min.js 2022-11-01 18:58:36 -06:00			`#!/bin/bash`
			`# FILE: user_add`
			`# DESCRIPTION: Add a new user`
			`# USAGE: add remote_ip querystring`
			`# QUERYSTRING: ?t=$token&host=$hostname&user=$username`
			`# ERRORS:`
			`# 3: bad args/usage`
			`# 4: vars file not found`
			`# 5: Wireguard not installed`
			`# 6: Hostname in use`
			`# 7: Hostname too short`
			`# 8: Invalid token`
			`# 9: Token file not found`
			`# 10: Failed to get peer data from wg`
			`# 11: Failed to generate new IPs`
			`# 12: Servers file doesn't exist`
			`# 13: Hostname or username not provided`
			`# 14: Failed to parse out user's peers`
			`# 15: Failed to add user to local wireguard`
			`# 16: Failed to add user to federated server`
			`# 17: Admin not found`

			`CONFIG_FILE='/etc/wgapi/config'`
			`SERVERS_FILE='/etc/wgapi/servers'`
			`if ! [ ${#} -eq 2 ]; then`
			`printf 'ERROR! Bad input: %s %s\n' "${0}" "${*}" >>"${LOGFILE}"`
			`exit 3`
			`fi & if ! [ -x '/usr/bin/wg' ]; then`
			`printf 'ERROR! %s could not find /usr/bin/wg\n' "${0}" >>"${LOGFILE}"`
			`exit 5`
			`fi & if ! [ -f "${CONFIG_FILE}" ]; then`
			`printf 'ERROR! %s could not find %s!\n' "${0}" "${CONFIG_FILE}" >>"${LOGFILE}"`
			`exit 4`
			`fi`
			`source "${CONFIG_FILE}"`
			`if ! [ -f "${SERVERS_FILE}" ]; then`
			`printf 'ERROR! %s could not find %s!\n' "${0}" "${SERVERS_FILE}" >>"${LOGFILE}"`
			`exit 12`
			`fi & if ! [ -f "${TOKENS_FILE}" ]; then`
			`printf 'ERROR! %s could not find %s!\n' "${0}" "${TOKENS_FILE}" >>"${LOGFILE}"`
			`exit 9`
			`fi`
			`ip="${1}"`
			`qs="$(<<<"${2}" tr '&' '\n' \| sed 's/?//')"`

			`# Check token`
			`token_fail(){`
			`printf 'Rejecting admin %s request for new peer due to %s token\n' "${ip}" "${1}" >>"${LOGFILE}"`
			`printf 'Invalid token\n' \| "${LIB_DIR}/http_res" 403`
			`exit 8`
			`}`
			`saved_token="$(grep "${ip}" "${TOKENS_FILE}" \| cut -f2)"`
			`[ "${saved_token}" == "" ] && token_fail 'missing' &`
			`<<<"${qs}" grep -qx "t=${saved_token}" \|\| token_fail 'mismatched'`
			`printf '%s token was valid\n' "${ip}" >>"${LOGFILE}"`

			`# Parse new hostname and new username`
			`hostname="$(<<<"${qs}" grep -oP 'host=(.*)' \| sed 's/^host=//' \| xargs \| tr -dc 'a-z0-9' \| head -c10)"`
Added admin adding new user backend code 2022-11-02 11:33:54 -06:00			`username="$(<<<"${qs}" grep -oP 'user=(.*)' \| sed 's/^user=//' \| xargs \| tr -dc 'a-z0-9' \| head -c10)"`
Fixed missing knockout.min.js 2022-11-01 18:58:36 -06:00			`if ! domain="${hostname:?}.${username:?}.${TLD:?}"; then`
			`printf 'ERROR! Hostname "%s" or username "%s" or tld "%s" missing!\n' "${hostname}" "${username}" "${TLD}" >>"${LOGFILE}"`
			`printf 'Hostname or username missing!\n' \| "${LIB_DIR}/http_res" 400`
			`exit 13`
			`else`
			`printf 'Admin %s requested new user created with initial peer of %s\n' "${ip}" "${domain}" >>"${LOGFILE}"`
			`fi`
			`if ! [[ ${#hostname} -ge 3 ]]; then`
			`printf 'Rejecting hostname %s because it is too short.\n' "${hostname}" >>"${LOGFILE}"`
			`printf 'Hostname too short\n' \| "${LIB_DIR}/http_res" 400`
			`exit 7`
			`elif ! [[ ${#username} -ge 3 ]]; then`
			`printf 'Rejecting username %s because it is too short.\n' "${username}" >>"${LOGFILE}"`
			`printf 'Username too short\n' \| "${LIB_DIR}/http_res" 400`
			`exit 7`
			`fi`

Added admin adding new user backend code 2022-11-02 11:33:54 -06:00			`# Check if user already exists`
			`if "${LIB_DIR}/ns_lookup_rxfr" \| grep ".${username}.${TLD}" >/dev/null; then`
			`printf 'User %s already exists!\n' "${username}" \| tee -a "${LOGFILE}" \| "${LIB_DIR}/http_res" 409`
Fixed missing knockout.min.js 2022-11-01 18:58:36 -06:00			`exit 6`
			`fi`

			`# Get all peer IPs`
Added admin adding new user backend code 2022-11-02 11:33:54 -06:00			`if ! peers="$(sudo /usr/bin/wg show "${TLD}" allowed-ips)"; then`
Fixed missing knockout.min.js 2022-11-01 18:58:36 -06:00			`printf 'ERROR! Wireguard failed!\n' >>"${LOGFILE}"`
			`printf 'Wireguard failed!\n' \| "${LIB_DIR}/http_res" 500`
			`exit 5`
			`fi`

			`# Create new IPs`
Added admin adding new user backend code 2022-11-02 11:33:54 -06:00			`hostnumber='1'`
			`ipv4s="$(<<<"${peers}" \| awk '{print $2,$3}' \| tr ' ' '\n' \| grep '\.' \| cut -d'/' -f1)"`
			`ipv6s="$(<<<"${peers}" \| awk '{print $2,$3}' \| tr ' ' '\n' \| grep '\:' \| cut -d'/' -f1)"`
Fixed missing knockout.min.js 2022-11-01 18:58:36 -06:00			`# Increment hostnumber from 1 until an unused one is found`
Added admin adding new user backend code 2022-11-02 11:33:54 -06:00			`used_usernumbers="$(<<<"${ipv4s}" cut -d'.' -f3 \| sort \| uniq)"`
			`usernumber=1; while <<<"${used_usernumbers}" grep -q "${usernumber}"`
			`do ((usernumber++))`
Fixed missing knockout.min.js 2022-11-01 18:58:36 -06:00			`done`
			`ipv4="${IPV4_NET%..}.${usernumber}.${hostnumber}"`
			`ipv6="${IPV6_NET%::}:${usernumber}:${hostnumber}"`
			`if ! printf 'IP addresses for %s created: %s %s\n' "${domain:?}" "${ipv4:?}" "${ipv6:?}" \`
			`>>"${LOGFILE}"; then`
			`printf 'ERROR! Failed to create IP addresses for %s!' "${domain}" >>"${LOGFILE}"`
			`exit 11`
			`fi`

			`# Create wg config`
			`privkey="$(/usr/bin/wg genkey)"`
			`pubkey="$(echo "${privkey}" \| /usr/bin/wg pubkey)"`
			`address="${ipv4}/${IPV4_NET##/},${ipv6}/${IPV6_NET##/}"`

			`# Update nameserver`
			`if "${LIB_DIR}/ns_update_add" "${domain:?}" "${ipv4:?}" "${ipv6:?}"`
			`then printf 'Successfully added %s to DNS server.\n' "${domain}" >>"${LOGFILE}"`
			`else printf 'ERROR! Failed to add %s %s %s to DNS server!\n' "${domain}" "${ipv4}" "${ipv6}" >>"${LOGFILE}"`
			`fi &`

			`# Create SSL cert`
Added admin adding new user backend code 2022-11-02 11:33:54 -06:00			`if ! sudo mkdir "${SSL_CONFIG_DIR:?}/${username:?}/"; then`
			`printf 'Failed to create directory %s/%s/:\n' "${SSL_CONFIG_DIR}" "${username}" >>"${LOGFILE}"`
			`exit 7`
			`fi`
Fixed missing knockout.min.js 2022-11-01 18:58:36 -06:00			`if "${LIB_DIR}/ssl_peer_add" "${hostname:?}" "${username:?}" "IP:${ipv4},IP:${ipv6}"`
			`then printf 'Successfully signed SSL certs for %s\n' "${domain}" >>"${LOGFILE}"`
			`else printf 'ERROR! Failed to create certs for %s with IPS: %s %s!\n' "${domain}" "${ipv4}" "${ipv6}" >>"${LOGFILE}"`
			`fi`

			`# Do the wireguard and tell the user`
			`server_blocks=''`
			`while IFS=$'\t' read -r server_hostname server_ipv4 server_ipv6 server_pubkey server_endpoint server_admin server_secret; do`
			`[[ ${server_hostname:0:1} = \# ]] && continue`
			`server_psk="$(/usr/bin/wg genpsk)"`
			`server_blocks="${server_blocks}\n[Peer] # ${server_hostname}.${TLD}\nPublicKey=${server_pubkey}\nPresharedKey=${server_psk}\nAllowedIPs=${server_ipv4}/32,${server_ipv6}/128\nEndpoint=${server_endpoint}\n"`
			`if [ "${server_hostname}" == "${LOCAL_SERVER}" ]; then`
			`# Add new user to local server`
			`if "${LIB_DIR}/wg_peer_add" "${pubkey}" "${server_psk}" "${ipv4}/32,${ipv6}/128"; then`
			`printf 'Added %s to local wireguard server.\n' "${domain}" >>"${LOGFILE}"`
			`else`
			`printf 'ERROR! Failed to add %s to local wireguard server!\n' "${domain}" >>"${LOGFILE}"`
			`# TODO: clear existing progress`
			`exit 15`
			`fi`
			`# TODO: Send new user config to federated server`
			`#else`
			`# if "${LIB_DIR}/fed_peer_add" "${server_admin}" "${pubkey}" "${server_psk}" "${ipv4}/32,${ipv6}/128" "${server_secret}"; then`
			`# printf 'Sent %s to remote wireguard server %s.\n' "${domain}" "${server_hostname}" >>"${LOGFILE}"`
			`#else`
			`# printf 'ERROR! Failed to send %s to remote wireguard server %s!\n' "${domain}" "${server_hostname}" >>"${LOGFILE}"`
			`# # TODO: clear existing progress`
			`# exit 16`
			`#fi`
			`fi`
			`done <"${SERVERS_FILE}"`
			`wg_config="[Interface] # ${hostname}.${username}.${TLD}\nPrivateKey=${privkey:?}\nAddress=${address:?}\n${WG_DNS}\n${server_blocks:?}"`
			`<<<"${wg_config}" "${LIB_DIR}/http_res" 202`