From 12b2c4c1ae3f2cfce665f41f70b9c32f202ad10f Mon Sep 17 00:00:00 2001 From: Keith Irwin Date: Sat, 30 Dec 2023 19:02:35 -0700 Subject: [PATCH] fix: :ambulance: Fix broken cert/key requests --- USAGE.md | 4 ++-- back/lib/dashboard/ssl | 20 ++++++++++---------- front/dashboard.js | 4 ++-- 3 files changed, 14 insertions(+), 14 deletions(-) diff --git a/USAGE.md b/USAGE.md index 48daaf3..392ae04 100644 --- a/USAGE.md +++ b/USAGE.md @@ -87,9 +87,9 @@ To prevent this, a token is generated on the server and sent to the user when re - **REQUEST:** `GET /ssl` - **FILE:** `back/lib/dashboard/ssl` -- **QUERYSTRING:** `?host=myhostname&ext=crt` +- **QUERYSTRING:** `?host=myhostname&type=cert` - `host`: get file for which host? - - `ext`: `crt` for certs or `key` for keys + - `type`: `cert` for certs or `key` for keys - **RESPONSE:** The requested SSL certificate or key file ## 2. Admin service diff --git a/back/lib/dashboard/ssl b/back/lib/dashboard/ssl index 7d62c7d..3b82028 100755 --- a/back/lib/dashboard/ssl +++ b/back/lib/dashboard/ssl @@ -2,25 +2,25 @@ # FILE: dashboard/ssl # DESCRIPTION: Get a user's SSL certs and keys # USAGE: ssl remote_ip querystring -# QUERYSTRING: ?host=$hostname&ext=crt +# QUERYSTRING: ?host=$hostname&type=cert source /etc/wagon/config ip="${1}"; qs="$(<<<"${2}" tr '&' '\n' | sed 's/?//')" # Parse querystring hostname="$(<<<"${qs}" grep -oP 'host=(.*)' | sed 's/^host=//' | xargs)" -ext="$(<<<"${qs}" grep -oP 'ext=(.*)' | sed 's/^ext=//' | xargs)" +type="$(<<<"${qs}" grep -oP 'type=(.*)' | sed 's/^type=//' | xargs)" -if ! file="${hostname:?}/server.${ext:?}"; then - printf 'ERROR! Hostname "%s" or extension "%s" missing!\n' "${hostname}" "${ext}" >&2 - printf 'Hostname or extension missing!\n' | /usr/lib/wagon/http_res 400; exit -else - printf 'User %s requested SSL file %s\n' "${ip}" "${file}" >&2 +# Make sure type is 'cert' or 'key' +if [ "${type}" != 'cert' ] && [ "${type}" != 'key' ]; then + printf 'Invalid type: %s\n' "${type}" | tee >(cat 1>&2) | /usr/lib/wagon/http_res 400; exit fi -# Make sure extension is 'crt' or 'key' -if [ "${ext}" != 'crt' ] && [ "${ext}" != 'key' ]; then - printf 'Invalid extension: %s\n' "${ext}" | tee >(cat 1>&2) | /usr/lib/wagon/http_res 400; exit +if ! file="${hostname:?}/${type:?}.pem"; then + printf 'ERROR! Hostname "%s" or type "%s" missing!\n' "${hostname}" "${type}" >&2 + printf 'Hostname or type missing!\n' | /usr/lib/wagon/http_res 400; exit +else + printf 'User %s requested SSL file %s\n' "${ip}" "${file}" >&2 fi # Get username diff --git a/front/dashboard.js b/front/dashboard.js index b222c24..f175701 100644 --- a/front/dashboard.js +++ b/front/dashboard.js @@ -9,8 +9,8 @@ function Peer(data) { this.cantDelete = data.cantDelete this.isDeleting = ko.observable(false) this.deleteText = ko.computed(() => this.isDeleting()?'Deleting...':'Delete') - this.crtHref = ko.computed(() => `${API_URL}/ssl?host=${this.name}&ext=crt`) - this.keyHref = ko.computed(() => `${API_URL}/ssl?host=${this.name}&ext=key`) + this.crtHref = ko.computed(() => `${API_URL}/ssl?host=${this.name}&type=cert`) + this.keyHref = ko.computed(() => `${API_URL}/ssl?host=${this.name}&type=key`) } function PeerList() {