2022-08-29 11:42:13 -06:00
|
|
|
#!/bin/bash
|
|
|
|
|
# FILE: wgapi:back/api/dashboard/del
|
|
|
|
|
# DESCRIPTION: Del a peer
|
2022-09-10 16:12:08 -06:00
|
|
|
# USAGE: del remote_ip querystring
|
2022-09-08 21:15:30 -06:00
|
|
|
# ERRORS:
|
|
|
|
|
# 3: Bad usage
|
|
|
|
|
# 4: Missing config
|
2022-09-10 16:12:08 -06:00
|
|
|
# 5: wg not found
|
|
|
|
|
# 8: Invalid token
|
|
|
|
|
# 6: Pubkey not in user peer list
|
2022-08-29 11:42:13 -06:00
|
|
|
|
2022-09-06 20:57:41 -06:00
|
|
|
CONFIG_FILE='/etc/wgapi/config'
|
2022-09-10 16:12:08 -06:00
|
|
|
SERVERS_FILE='/etc/wgapi/servers'
|
|
|
|
|
if ! [ ${#} -eq 2 ]; then
|
|
|
|
|
printf 'ERROR! Bad input: %s %s\n' "${0}" "${*}" >>"${LOGFILE}"
|
|
|
|
|
exit 3
|
|
|
|
|
fi; if ! [ -x '/usr/bin/wg' ]; then
|
|
|
|
|
printf 'ERROR! %s could not find /usr/bin/wg\n' "${0}" >>"${LOGFILE}"
|
|
|
|
|
exit 5
|
|
|
|
|
fi; if ! [ -f "${CONFIG_FILE}" ]; then
|
|
|
|
|
printf 'ERROR! %s could not find %s!\n' "${0}" "${CONFIG_FILE}" >>"${LOGFILE}"
|
|
|
|
|
exit 4
|
|
|
|
|
fi
|
2022-09-06 20:57:41 -06:00
|
|
|
source "${CONFIG_FILE}"
|
2022-09-10 16:12:08 -06:00
|
|
|
if ! [ -f "${SERVERS_FILE}" ]; then
|
|
|
|
|
printf 'ERROR! %s could not find %s!\n' "${0}" "${SERVERS_FILE}" >>"${LOGFILE}"
|
|
|
|
|
exit 4
|
|
|
|
|
fi; if ! [ -f "${TOKENS_FILE}" ]; then
|
|
|
|
|
printf 'ERROR! %s could not find %s!\n' "${0}" "${TOKENS_FILE}" >>"${LOGFILE}"
|
|
|
|
|
exit 4
|
|
|
|
|
fi
|
2022-09-08 21:15:30 -06:00
|
|
|
ip="${1}"
|
|
|
|
|
qs="$(<<<"${2}" tr '&' '\n' | sed 's/?//')"
|
2022-08-29 11:42:13 -06:00
|
|
|
|
2022-09-10 16:12:08 -06:00
|
|
|
# Parse pubkey
|
|
|
|
|
pubkey="$(<<<"${qs#}" grep 'pubkey=' | sed 's/pubkey=//')"
|
|
|
|
|
printf '%s requested to delete %s\n' "${ip}" "${pubkey}" >>"${LOGFILE}"
|
|
|
|
|
|
2022-08-29 11:42:13 -06:00
|
|
|
# Check token
|
2022-09-08 21:15:30 -06:00
|
|
|
token_fail(){
|
|
|
|
|
printf 'Rejecting %s request for new peer due to %s token\n' "${ip}" "${1}" >>"${LOGFILE}"
|
|
|
|
|
printf 'Invalid token\n' | "${LIB_DIR}/http_res" 403
|
|
|
|
|
exit 8
|
|
|
|
|
}
|
|
|
|
|
saved_token="$(grep "${ip}" "${TOKENS_FILE}" | cut -f2)"
|
|
|
|
|
[ "${saved_token}" == "" ] && token_fail 'missing'
|
2022-09-10 16:12:08 -06:00
|
|
|
<<<"${qs}" grep -qx "t=${saved_token}" || token_fail 'mismatched'
|
|
|
|
|
printf '%s token was valid\n' "${ip}" >>"${LOGFILE}"
|
2022-08-29 11:42:13 -06:00
|
|
|
|
2022-09-10 16:12:08 -06:00
|
|
|
# Get peer
|
|
|
|
|
if ! peer="$("${LIB_DIR}/wg_peer_list" "${ip}" 'tsv' | grep "${pubkey}")"; then
|
|
|
|
|
printf 'ERROR! Peer %s not found for user %s!\n' "${pubkey}" "${ip}" >>"${LOGFILE}"
|
|
|
|
|
printf 'Peer not found\n' | "${LIB_DIR}/http_res" 404
|
|
|
|
|
exit 6
|
|
|
|
|
fi
|
2022-09-10 16:20:42 -06:00
|
|
|
domain="$(<<<"${peer}" cut -f1)"
|
|
|
|
|
ipv4="$(<<<"${peer}" cut -f2)"
|
|
|
|
|
ipv6="$(<<<"${peer}" cut -f3)"
|
2022-09-10 16:12:08 -06:00
|
|
|
if ! printf 'Delete request was for %s %s %s\n' "${domain:?}" "${ipv4:?}" "${ipv6:?}" >>"${LOGFILE}"; then
|
|
|
|
|
printf 'ERROR! Failed to collect peer data: %s %s %s\n' "${domain}" "${ipv4}" "${ipv6}" >>"${LOGFILE}"
|
|
|
|
|
printf 'Failed to collect peer data\n' | "${LIB_DIR}/http_res" 500
|
|
|
|
|
exit 6
|
|
|
|
|
fi
|
|
|
|
|
hostname="$(<<<"${domain}" cut -d'.' -f1)"
|
|
|
|
|
username="$(<<<"${domain}" cut -d'.' -f2)"
|
2022-08-29 11:42:13 -06:00
|
|
|
|
2022-09-10 16:12:08 -06:00
|
|
|
# Wireguard
|
|
|
|
|
# TODO: Do this loop in parallel
|
2022-09-08 21:44:46 -06:00
|
|
|
while IFS=$'\t' read -r server_hostname server_ipv4 server_ipv6 server_pubkey server_endpoint server_admin server_secret; do
|
2022-09-10 16:26:06 -06:00
|
|
|
[[ ${server_hostname:0:1} = \# ]] && continue # Ignore comments
|
2022-08-29 11:42:13 -06:00
|
|
|
if [ "${server_hostname}" == "${LOCAL_SERVER}" ]
|
2022-09-10 16:12:08 -06:00
|
|
|
then printf 'Deleting %s from local wireguard server... ' "${domain}" >>"${LOGFILE}"
|
|
|
|
|
if "${LIB_DIR}/wg_peer_del" "${pubkey}"; then
|
|
|
|
|
printf 'success.\n' >>"${LOGFILE}"
|
|
|
|
|
else
|
|
|
|
|
printf 'failed!\n' >>"${LOGFILE}"
|
|
|
|
|
# TODO: clear existing progress
|
|
|
|
|
exit 15
|
|
|
|
|
fi
|
|
|
|
|
else printf 'Deleting %s from remote wireguard server %s... ' "${domain}" "${server_hostname}" >>"${LOGFILE}"
|
|
|
|
|
# TODO Add federated peer
|
|
|
|
|
#if "${LIB_DIR}/fed_peer_add" "${server_admin}" "${pubkey}" "${server_psk}" "${ipv4}/32,${ipv6}/128" "${server_secret}"; then
|
|
|
|
|
printf 'success.\n' >>"${LOGFILE}"
|
|
|
|
|
#else
|
|
|
|
|
# printf 'failed!\n' >>"${LOGFILE}"
|
|
|
|
|
# # TODO: clear existing progress
|
|
|
|
|
# exit 16
|
|
|
|
|
#fi"${LIB_DIR}/fed_peer_del" "${server_admin}" "${pubkey}" "${server_secret}"
|
2022-08-29 11:42:13 -06:00
|
|
|
fi
|
2022-09-08 21:15:30 -06:00
|
|
|
done <"${SERVERS_FILE}"
|
|
|
|
|
|
|
|
|
|
# Respond to user
|
2022-09-10 16:32:15 -06:00
|
|
|
# Do it before updating nameserver and certs because
|
|
|
|
|
# if wireguard worked, there's no going back. The admin
|
|
|
|
|
# can clean up missing records and certs after checking the logs
|
2022-09-10 16:30:13 -06:00
|
|
|
printf 'Deleted %s.%s.%s' "${hostname}" "${username}" "${TLD}" | "${LIB_DIR}/http_res" 202
|
2022-08-29 11:42:13 -06:00
|
|
|
|
|
|
|
|
# Update nameserver
|
2022-09-10 16:32:15 -06:00
|
|
|
if "${LIB_DIR}/ns_update_del" "${domain}" "${ipv4}" "${ipv6}"
|
|
|
|
|
then printf 'Successfully deleted %s from DNS server.\n' "${domain}" >>"${LOGFILE}"
|
|
|
|
|
else printf 'ERROR! Failed to delete %s %s %s from DNS server!\n' "${domain}" "${ipv4}" "${ipv6}" >>"${LOGFILE}"
|
|
|
|
|
fi
|
2022-08-29 11:42:13 -06:00
|
|
|
|
2022-09-10 16:32:15 -06:00
|
|
|
# Create SSL cert
|
|
|
|
|
if "${LIB_DIR}/ssl_peer_del" "${hostname}" "${username}"
|
|
|
|
|
then printf 'Successfully deleted SSL certs for %s\n' "${domain}" >>"${LOGFILE}"
|
|
|
|
|
else printf 'ERROR! Failed to delete certs for %s!\n' "${domain}" >>"${LOGFILE}"
|
|
|
|
|
fi
|
