Cleaned up exit codes
parent
475e99c24d
commit
3690136d34
|
@ -1,32 +1,22 @@
|
|||
#!/bin/bash
|
||||
# FILE: wgapi:back/admin_peer.cgi
|
||||
# DESCRIPTION: Recieves incoming admin requests for peer operations
|
||||
# ERRORS:
|
||||
# 3: Bad usage
|
||||
# 4: Missing config file
|
||||
|
||||
CONFIG_FILE='/etc/wgapi/config'
|
||||
if ! [ ${#} -eq 0 ]; then
|
||||
printf 'ERROR! Bad input: %s %s\n' "${0}" "${*}" >>"${LOGFILE}"
|
||||
exit 3
|
||||
fi & if ! [ -f "${CONFIG_FILE}" ]; then
|
||||
if ! [ -f "${CONFIG_FILE}" ]; then
|
||||
printf 'ERROR! %s could not find %s!\n' "${0}" "${CONFIG_FILE}" >>"${LOGFILE}"
|
||||
exit 4
|
||||
"${LIB_DIR}/http_res" 500; exit
|
||||
fi; source "${CONFIG_FILE}"
|
||||
|
||||
case "${REQUEST_METHOD}" in
|
||||
|
||||
# List peers
|
||||
# GET /peer to list all
|
||||
# GET /peer?un=usernumber to list one user
|
||||
'GET') "${LIB_DIR}/admin/peer/list" "${HTTP_X_REAL_IP}" "${QUERY_STRING}";;
|
||||
|
||||
# Add peer
|
||||
# POST /peer?t=mytoken&name=mynewpeername
|
||||
'POST') "${LIB_DIR}/admin/peer/add" "${HTTP_X_REAL_IP}" "${QUERY_STRING}";;
|
||||
|
||||
# Delete peer
|
||||
# DELETE /peer?t=mytoken&pubkey=peerpubkey
|
||||
'DELETE') "${LIB_DIR}/admin/peer/del" "${HTTP_X_REAL_IP}" "${QUERY_STRING}";;
|
||||
|
||||
# Needed for CORS preflight
|
||||
|
@ -34,5 +24,5 @@ case "${REQUEST_METHOD}" in
|
|||
|
||||
# Bad request
|
||||
*) printf 'Invalid HTTP verb' | "${LIB_DIR}/http_res" 405;;
|
||||
|
||||
|
||||
esac
|
||||
|
|
|
@ -1,27 +1,19 @@
|
|||
#!/bin/bash
|
||||
# FILE: wgapi:back/admin_user.cgi
|
||||
# DESCRIPTION: Server for requests to /user/
|
||||
# ERRORS:
|
||||
# 3: Bad usage
|
||||
# 4: Missing config file
|
||||
|
||||
CONFIG_FILE='/etc/wgapi/config'
|
||||
if ! [ ${#} -eq 0 ]; then
|
||||
printf 'ERROR! Bad input: %s %s\n' "${0}" "${*}" >>"${LOGFILE}"
|
||||
exit 3
|
||||
fi & if ! [ -f "${CONFIG_FILE}" ]; then
|
||||
if ! [ -f "${CONFIG_FILE}" ]; then
|
||||
printf 'ERROR! %s could not find %s!\n' "${0}" "${CONFIG_FILE}" >>"${LOGFILE}"
|
||||
exit 4
|
||||
"${LIB_DIR}/http_res" 500; exit
|
||||
fi; source "${CONFIG_FILE}"
|
||||
|
||||
case "${REQUEST_METHOD}" in
|
||||
|
||||
# Add new user
|
||||
# POST /user?t=mytoken&name=newusername
|
||||
'POST') "${LIB_DIR}/admin/user/add" "${HTTP_X_REAL_IP}" "${QUERY_STRING}";;
|
||||
|
||||
# Delete user
|
||||
# DELETE /user?t=mytoken&user=username
|
||||
'DELETE') "${LIB_DIR}/admin/user/del" "${HTTP_X_REAL_IP}" "${QUERY_STRING}";;
|
||||
|
||||
# Needed for CORS preflight
|
||||
|
|
|
@ -8,7 +8,7 @@
|
|||
CONFIG_FILE='/etc/wgapi/config'
|
||||
if ! [ -f "${CONFIG_FILE}" ]; then
|
||||
printf 'ERROR! %s could not find %s!\n' "${0}" "${CONFIG_FILE}" >>"${LOGFILE}"
|
||||
exit 4
|
||||
"${LIB_DIR}/http_res" 500; exit
|
||||
fi; source "${CONFIG_FILE}"
|
||||
|
||||
case "${REQUEST_METHOD}" in
|
||||
|
@ -27,5 +27,5 @@ case "${REQUEST_METHOD}" in
|
|||
|
||||
# Bad request
|
||||
*) printf 'Invalid HTTP verb' | "${LIB_DIR}/http_res" 405;;
|
||||
|
||||
|
||||
esac
|
||||
|
|
|
@ -1,43 +1,28 @@
|
|||
#!/bin/bash
|
||||
# FILE: peer_add
|
||||
# DESCRIPTION: Add a new peer
|
||||
# USAGE: add remote_ip querystring
|
||||
# ERRORS:
|
||||
# 3: bad args/usage
|
||||
# 4: vars file not found
|
||||
# 5: Wireguard not installed
|
||||
# 6: Hostname in use
|
||||
# 7: Hostname too short
|
||||
# 8: Invalid token
|
||||
# 9: Token file not found
|
||||
# 10: Failed to get peer data from wg
|
||||
# 11: Failed to generate new IPs
|
||||
# 12: Servers file doesn't exist
|
||||
# 13: Hostname or username not provided
|
||||
# 14: Failed to parse out user's peers
|
||||
# 15: Failed to add user to local wireguard
|
||||
# 16: Failed to add user to federated server
|
||||
# 17: Admin not found
|
||||
# FILE: admin/peer/add
|
||||
# DESCRIPTION: Add a new peer from the admin UI
|
||||
# USAGE: add $remote_ip $querystring
|
||||
# QUERYSTRING: ?t=$token&host=$newhostname&user=$username&num=$usernumber
|
||||
|
||||
CONFIG_FILE='/etc/wgapi/config'
|
||||
SERVERS_FILE='/etc/wgapi/servers'
|
||||
if ! [ ${#} -eq 2 ]; then
|
||||
printf 'ERROR! Bad input: %s %s\n' "${0}" "${*}" >>"${LOGFILE}"
|
||||
exit 3
|
||||
"${LIB_DIR}/http_res" 500; exit
|
||||
fi & if ! [ -x '/usr/bin/wg' ]; then
|
||||
printf 'ERROR! %s could not find /usr/bin/wg\n' "${0}" >>"${LOGFILE}"
|
||||
exit 5
|
||||
"${LIB_DIR}/http_res" 500; exit
|
||||
fi & if ! [ -f "${CONFIG_FILE}" ]; then
|
||||
printf 'ERROR! %s could not find %s!\n' "${0}" "${CONFIG_FILE}" >>"${LOGFILE}"
|
||||
exit 4
|
||||
"${LIB_DIR}/http_res" 500; exit
|
||||
fi
|
||||
source "${CONFIG_FILE}"
|
||||
if ! [ -f "${SERVERS_FILE}" ]; then
|
||||
printf 'ERROR! %s could not find %s!\n' "${0}" "${SERVERS_FILE}" >>"${LOGFILE}"
|
||||
exit 12
|
||||
"${LIB_DIR}/http_res" 500; exit
|
||||
fi & if ! [ -f "${TOKENS_FILE}" ]; then
|
||||
printf 'ERROR! %s could not find %s!\n' "${0}" "${TOKENS_FILE}" >>"${LOGFILE}"
|
||||
exit 9
|
||||
"${LIB_DIR}/http_res" 500; exit
|
||||
fi
|
||||
ip="${1}"
|
||||
qs="$(<<<"${2}" tr '&' '\n' | sed 's/?//')"
|
||||
|
@ -45,8 +30,7 @@ qs="$(<<<"${2}" tr '&' '\n' | sed 's/?//')"
|
|||
# Check token
|
||||
token_fail(){
|
||||
printf 'Rejecting admin %s request for new peer due to %s token\n' "${ip}" "${1}" >>"${LOGFILE}"
|
||||
printf 'Invalid token\n' | "${LIB_DIR}/http_res" 403
|
||||
exit 8
|
||||
printf 'Invalid token\n' | "${LIB_DIR}/http_res" 403; exit
|
||||
}
|
||||
saved_token="$(grep "${ip}" "${TOKENS_FILE}" | cut -f2)"
|
||||
[ "${saved_token}" == "" ] && token_fail 'missing' &
|
||||
|
@ -59,12 +43,9 @@ username="$(<<<"${qs}" grep -oP 'user=(.*)' | sed 's/^user=//')"
|
|||
usernumber="$(<<<"${qs}" grep -oP 'num=(.*)' | sed 's/^num=//')"
|
||||
if ! domain="${hostname:?}.${username:?}.${TLD:?}"; then
|
||||
printf 'ERROR! Hostname "%s" or username "%s" or tld "%s" missing!\n' "${hostname}" "${username}" "${TLD}" >>"${LOGFILE}"
|
||||
printf 'Hostname or username missing!\n' | "${LIB_DIR}/http_res" 400
|
||||
exit 13
|
||||
printf 'Hostname or username missing!\n' | "${LIB_DIR}/http_res" 400; exit
|
||||
elif [[ "${usernumber}" == "" ]]; then
|
||||
printf 'ERROR! Usernumber missing!\n' >>"${LOGFILE}"
|
||||
printf 'Usernumber missing!\n' | "${LIB_DIR}/http_res" 400
|
||||
exit 13
|
||||
printf 'Usernumber missing!\n' | tee -a "${LOGFILE}" | "${LIB_DIR}/http_res" 400; exit
|
||||
else
|
||||
printf 'Admin %s requested new peer %s for user number %s\n' "${ip}" "${domain}" "${usernumber}" >>"${LOGFILE}"
|
||||
fi
|
||||
|
@ -72,44 +53,31 @@ fi
|
|||
# Check hostname length
|
||||
if ! [[ ${#hostname} -ge 3 ]]; then
|
||||
printf 'Rejecting hostname %s because it is too short.\n' "${hostname}" >>"${LOGFILE}"
|
||||
printf 'Hostname too short\n' | "${LIB_DIR}/http_res" 400
|
||||
exit 7
|
||||
printf 'Hostname too short\n' | "${LIB_DIR}/http_res" 400; exit
|
||||
fi
|
||||
|
||||
# Check if new peer already exists
|
||||
if "${LIB_DIR}/ns_lookup_send" "${domain}" >/dev/null; then
|
||||
printf '%s already exists!\n' "${domain}" >>"${LOGFILE}"
|
||||
printf 'Host %s already exists!\n' "${domain}" | "${LIB_DIR}/http_res" 409
|
||||
exit 6
|
||||
printf 'Host %s already exists!\n' "${domain}" | tee -a "${LOGFILE}" | "${LIB_DIR}/http_res" 409; exit
|
||||
fi
|
||||
|
||||
# Get all peer IPs
|
||||
if ! wg_output="$(sudo /usr/bin/wg show "${TLD}" allowed-ips)"; then
|
||||
printf 'ERROR! Wireguard failed!\n' >>"${LOGFILE}"
|
||||
printf 'Wireguard failed!\n' | "${LIB_DIR}/http_res" 500
|
||||
exit 5
|
||||
"${LIB_DIR}/http_res" 500; exit
|
||||
fi
|
||||
|
||||
# Filter out the user's
|
||||
user_peers="$(grep "${IPV4_NET%.*.*}.${usernumber}." <<<"${wg_output}" 2>/dev/null)"
|
||||
if [ "${user_peers}" == "" ]; then
|
||||
printf "ERROR! Couldn't find any peers for %s!\n" "${IPV4_NET%.*.*}.${usernumber}." >>"${LOGFILE}"
|
||||
printf 'No user peers found for %s!\n' "${IPV4_NET%.*.*}.${usernumber}" | "${LIB_DIR}/http_res" 404
|
||||
exit 14
|
||||
"${LIB_DIR}/http_res" 500; exit
|
||||
fi
|
||||
|
||||
# Get user peer domains
|
||||
if ! peers="$("${LIB_DIR}/ips_to_peers" tsv <<<"${user_peers}")"; then
|
||||
printf 'ERROR! Failed to retrieve peers for %s!\n' "${IPV4_NET%.*.*}.${usernumber}" >>"${LOGFILE}"
|
||||
printf 'Failed to retrieve peers for %s!\n' "${IPV4_NET%.*.*}.${usernumber}" | "${LIB_DIR}/http_res" 500
|
||||
exit 10
|
||||
fi
|
||||
|
||||
# Make sure hostname isn't taken
|
||||
hostnames="$(<<<"${peers}" awk '{print $1}' | cut -d'.' -f1)"
|
||||
if <<<"${hostnames}" grep -x "${hostname}"; then
|
||||
printf 'User %s already has a host named %s!\n' "${username}" "${hostname}" >>"${LOGFILE}"
|
||||
exit 11
|
||||
"${LIB_DIR}/http_res" 500; exit
|
||||
fi
|
||||
|
||||
# Create new IPs
|
||||
|
@ -125,7 +93,7 @@ ipv6="${IPV6_NET%:*:*}:${usernumber}:${hostnumber}"
|
|||
if ! printf 'IP addresses for %s created: %s %s\n' "${domain:?}" "${ipv4:?}" "${ipv6:?}" \
|
||||
>>"${LOGFILE}"; then
|
||||
printf 'ERROR! Failed to create IP addresses for %s!' "${domain}" >>"${LOGFILE}"
|
||||
exit 11
|
||||
"${LIB_DIR}/http_res" 500; exit
|
||||
fi
|
||||
|
||||
# Create wg config
|
||||
|
@ -159,7 +127,7 @@ while IFS=$'\t' read -r server_hostname server_ipv4 server_ipv6 server_pubkey se
|
|||
else
|
||||
printf 'ERROR! Failed to add %s to local wireguard server!\n' "${domain}" >>"${LOGFILE}"
|
||||
# TODO: clear existing progress
|
||||
exit 15
|
||||
"${LIB_DIR}/http_res" 500; exit
|
||||
fi
|
||||
# Remote server
|
||||
else
|
||||
|
|
|
@ -1,32 +1,27 @@
|
|||
#!/bin/bash
|
||||
# FILE: peer_del
|
||||
# DESCRIPTION: Del a peer
|
||||
# USAGE: del remote_ip querystring
|
||||
# ERRORS:
|
||||
# 3: Bad usage
|
||||
# 4: Missing config
|
||||
# 5: wg not found
|
||||
# 8: Invalid token
|
||||
# 6: Pubkey not in user peer list
|
||||
# FILE: admin/peer/del
|
||||
# DESCRIPTION: Delete a peer from the admin ui
|
||||
# USAGE: del $remote_ip $querystring
|
||||
# QUERYSTRING: ?t=$token&pubkey=$pubkey
|
||||
|
||||
CONFIG_FILE='/etc/wgapi/config'
|
||||
SERVERS_FILE='/etc/wgapi/servers'
|
||||
if ! [ ${#} -eq 2 ]; then
|
||||
printf 'ERROR! Bad input: %s %s\n' "${0}" "${*}" >>"${LOGFILE}"
|
||||
exit 3
|
||||
"${LIB_DIR}/http_res" 500; exit
|
||||
fi & if ! [ -x '/usr/bin/wg' ]; then
|
||||
printf 'ERROR! %s could not find /usr/bin/wg\n' "${0}" >>"${LOGFILE}"
|
||||
exit 5
|
||||
"${LIB_DIR}/http_res" 500; exit
|
||||
fi & if ! [ -f "${CONFIG_FILE}" ]; then
|
||||
printf 'ERROR! %s could not find %s!\n' "${0}" "${CONFIG_FILE}" >>"${LOGFILE}"
|
||||
exit 4
|
||||
"${LIB_DIR}/http_res" 500; exit
|
||||
fi; source "${CONFIG_FILE}"
|
||||
if ! [ -f "${SERVERS_FILE}" ]; then
|
||||
printf 'ERROR! %s could not find %s!\n' "${0}" "${SERVERS_FILE}" >>"${LOGFILE}"
|
||||
exit 4
|
||||
"${LIB_DIR}/http_res" 500; exit
|
||||
fi & if ! [ -f "${TOKENS_FILE}" ]; then
|
||||
printf 'ERROR! %s could not find %s!\n' "${0}" "${TOKENS_FILE}" >>"${LOGFILE}"
|
||||
exit 4
|
||||
"${LIB_DIR}/http_res" 500; exit
|
||||
fi
|
||||
ip="${1}"
|
||||
qs="$(<<<"${2}" tr '&' '\n' | sed 's/?//')"
|
||||
|
@ -38,8 +33,7 @@ printf '%s requested to delete %s\n' "${ip}" "${pubkey}" >>"${LOGFILE}"
|
|||
# Check token
|
||||
token_fail(){
|
||||
printf 'Rejecting admin %s request to delete peer due to %s token\n' "${ip}" "${1}" >>"${LOGFILE}"
|
||||
printf 'Invalid token\n' | "${LIB_DIR}/http_res" 403
|
||||
exit 8
|
||||
printf 'Invalid token\n' | "${LIB_DIR}/http_res" 403; exit
|
||||
}
|
||||
saved_token="$(grep "${ip}" "${TOKENS_FILE}" | cut -f2)"
|
||||
[ "${saved_token}" == "" ] && token_fail 'missing' &
|
||||
|
@ -49,36 +43,33 @@ printf '%s token was valid\n' "${ip}" >>"${LOGFILE}"
|
|||
# Get peer IP list
|
||||
if ! wg_output="$(sudo /usr/bin/wg show "${TLD}" allowed-ips)"; then
|
||||
printf 'ERROR! Wireguard failed!\n' >>"${LOGFILE}"
|
||||
exit 5
|
||||
"${LIB_DIR}/http_res" 500; exit
|
||||
fi
|
||||
|
||||
# Filter out this user's
|
||||
user_peer="$(grep "${pubkey}" <<<"${wg_output}" 2>/dev/null)"
|
||||
if [ "${user_peer}" == "" ]; then
|
||||
printf "ERROR! Could not find user for pubkey %s!\n" "${pubkey}" >>"${LOGFILE}"
|
||||
exit 8
|
||||
printf 'ERROR! Could not find user for pubkey %s!\n' "${pubkey}" >>"${LOGFILE}"
|
||||
printf 'Peer not found' | "${LIB_DIR}/http_res" 404; exit
|
||||
fi
|
||||
|
||||
# Get peer domains
|
||||
if ! peer="$("${LIB_DIR}/ips_to_peers" tsv <<<"${user_peer}" | grep "${pubkey}")"; then
|
||||
printf 'ERROR! Failed to lookup domain for pubkey %s!\n' "${pubkey}" >>"${LOGFILE}" &
|
||||
printf 'Peer not found\n' | "${LIB_DIR}/http_res" 404
|
||||
exit 6
|
||||
printf 'ERROR! Failed to lookup domain for pubkey %s!\n' "${pubkey}" >>"${LOGFILE}"
|
||||
"${LIB_DIR}/http_res" 500; exit
|
||||
fi
|
||||
domain="$(<<<"${peer}" cut -f1)"
|
||||
ipv4="$(<<<"${peer}" cut -f2)"
|
||||
ipv6="$(<<<"${peer}" cut -f3)"
|
||||
if ! printf 'Delete request was for %s %s %s\n' "${domain:?}" "${ipv4:?}" "${ipv6:?}" >>"${LOGFILE}"; then
|
||||
printf 'ERROR! Failed to collect peer data: %s %s %s\n' "${domain}" "${ipv4}" "${ipv6}" >>"${LOGFILE}" &
|
||||
printf 'Failed to collect peer data\n' | "${LIB_DIR}/http_res" 500
|
||||
exit 6
|
||||
printf 'ERROR! Failed to collect peer data: %s %s %s\n' "${domain}" "${ipv4}" "${ipv6}" >>"${LOGFILE}"
|
||||
"${LIB_DIR}/http_res" 500; exit
|
||||
fi
|
||||
|
||||
# Make sure admin isn't deleting their own peer
|
||||
if [ "${ip}" == "${ipv4}" ] || [ "${ip}" == "${ipv6}" ]; then
|
||||
printf 'Admin requested to delete peer from itself: %s.\n' "${ip}" >>"${LOGFILE}"
|
||||
printf 'You cannot delete a peer from that peer! Make the request from a different device.' | "${LIB_DIR}/http_res" 400
|
||||
exit 7
|
||||
printf 'You cannot delete a peer from itself!' | "${LIB_DIR}/http_res" 400; exit
|
||||
fi
|
||||
|
||||
hostname="$(<<<"${domain}" cut -d'.' -f1)"
|
||||
|
@ -96,9 +87,8 @@ for_server_do() {
|
|||
printf 'Deleted %s from local wireguard server.\n' "${domain}" >>"${LOGFILE}"
|
||||
else
|
||||
printf 'ERROR! Failed to delete %s from local wireguard server!\n' "${domain}" >>"${LOGFILE}"
|
||||
# TODO: Send a 500 error
|
||||
# TODO: clear existing progress
|
||||
exit 15
|
||||
"${LIB_DIR}/http_res" 500; exit
|
||||
fi
|
||||
# TODO Add federated peer
|
||||
#else
|
||||
|
|
|
@ -1,33 +1,23 @@
|
|||
#!/bin/bash
|
||||
# FILE: admin/peer/list
|
||||
# DESCRIPTION: List peers for a user, or all peers
|
||||
# ERRORS:
|
||||
# 3: bad args/usage
|
||||
# 4: config file not found
|
||||
# 5: Wireguard not installed
|
||||
# 9: Token file not found
|
||||
# 10: Failed to get peer data from wg
|
||||
# 11: Failed to generate new IPs
|
||||
# 12: Servers file doesn't exist
|
||||
# 15: Failed to add user to local wireguard
|
||||
# 16: Failed to add user to federated server
|
||||
# 17: User not found
|
||||
# 18: rDNS failed
|
||||
# USAGE: list $remote_ip $querystring
|
||||
# QUERYSTRING: ?un=$username
|
||||
|
||||
CONFIG_FILE='/etc/wgapi/config'
|
||||
if ! [ ${#} -eq 2 ]; then # Only two because even an empty string querystring will be counted
|
||||
if ! [ ${#} -eq 2 ]; then # Two because even an empty string querystring will be counted
|
||||
printf 'ERROR! Bad input: %s %s\n' "${0}" "${*}" >>"${LOGFILE}"
|
||||
exit 3
|
||||
"${LIB_DIR}/http_res" 500; exit
|
||||
fi & if ! [ -x '/usr/bin/wg' ]; then
|
||||
printf 'ERROR! %s could not find /usr/bin/wg\n' "${0}" >>"${LOGFILE}"
|
||||
exit 5
|
||||
"${LIB_DIR}/http_res" 500; exit
|
||||
fi & if ! [ -f "${CONFIG_FILE}" ]; then
|
||||
printf 'ERROR! %s could not find %s!\n' "${0}" "${CONFIG_FILE}" >>"${LOGFILE}"
|
||||
exit 4
|
||||
"${LIB_DIR}/http_res" 500; exit
|
||||
fi; source "${CONFIG_FILE}"
|
||||
if ! [ -f "${TOKENS_FILE}" ]; then
|
||||
printf 'ERROR! %s could not find %s!\n' "${0}" "${TOKENS_FILE}" >>"${LOGFILE}"
|
||||
exit 9
|
||||
"${LIB_DIR}/http_res" 500; exit
|
||||
fi
|
||||
ip="${1}"
|
||||
qs="$(<<<"${2}" tr '&' '\n' | sed 's/?//')"
|
||||
|
@ -46,8 +36,7 @@ fi
|
|||
# Get peer IP list
|
||||
if ! peers="$(sudo /usr/bin/wg show "${TLD}" allowed-ips)"; then
|
||||
printf 'ERROR! Wireguard failed!\n' >>"${LOGFILE}"
|
||||
printf 'Server error!\n' | "${LIB_DIR}/http_res" 500
|
||||
exit 5
|
||||
"${LIB_DIR}/http_res" 500; exit
|
||||
fi
|
||||
|
||||
# Filter out single user (if provided)
|
||||
|
@ -55,8 +44,7 @@ if [ "${un}" != '' ]; then
|
|||
peers="$(grep "${IPV4_NET%.*.*}\.${un}\." <<<"${peers}" 2>/dev/null)"
|
||||
if [ "${peers}" == '' ]; then
|
||||
printf 'User number %s not found!\n' "${un}" >>"${LOGFILE}"
|
||||
printf 'User not found!\n' | "${LIB_DIR}/http_res" 404
|
||||
exit 17
|
||||
printf 'User not found!\n' | "${LIB_DIR}/http_res" 404; exit
|
||||
fi
|
||||
fi
|
||||
|
||||
|
@ -65,7 +53,6 @@ if peers="[$("${LIB_DIR}/ips_to_peers" json <<<"${peers}")]"; then
|
|||
printf '{"token":"%s","peers":%s}' "${token:?}" "${peers:?}" | "${LIB_DIR}/http_res" 200 'application/json'
|
||||
printf 'Sent peers to admin %s\n' "${ip}" >>"${LOGFILE}"
|
||||
else
|
||||
printf 'ERROR: Failed to lookup user: %s\n' "${ip}" >>"${LOGFILE}"
|
||||
printf 'Failed to lookup rdns' | "${LIB_DIR}/http_res" 500
|
||||
exit 18
|
||||
printf 'ERROR: Failed to lookup user domain: %s\n' "${ip}" >>"${LOGFILE}"
|
||||
"${LIB_DIR}/http_res" 500; exit
|
||||
fi
|
||||
|
|
|
@ -1,44 +1,28 @@
|
|||
#!/bin/bash
|
||||
# FILE: admin/user/add
|
||||
# DESCRIPTION: Add a new user
|
||||
# USAGE: add remote_ip querystring
|
||||
# DESCRIPTION: Add a new user from admin UI
|
||||
# USAGE: add $remote_ip $querystring
|
||||
# QUERYSTRING: ?t=$token&host=$hostname&user=$username
|
||||
# ERRORS:
|
||||
# 3: bad args/usage
|
||||
# 4: Wireguard not installed
|
||||
# 5: vars file not found
|
||||
# 6: Servers file not found
|
||||
# 7: Token file not found
|
||||
# 8: Invalid token
|
||||
# 9: Hostname or username not provided
|
||||
# 10: Hostname too short
|
||||
# 11: Username too short
|
||||
# 12: User already exists
|
||||
# 13: Wireguard failed to fetch peers
|
||||
# 14: Failed to create IP addresses
|
||||
# 15: Failed to create directory for user SSL certs
|
||||
# 16: Failed to add user to wireguard
|
||||
# 17: Failed to send user to federated wg server
|
||||
|
||||
CONFIG_FILE='/etc/wgapi/config'
|
||||
SERVERS_FILE='/etc/wgapi/servers'
|
||||
if ! [ ${#} -eq 2 ]; then
|
||||
printf 'ERROR! Bad input: %s %s\n' "${0}" "${*}" >>"${LOGFILE}"
|
||||
exit 3
|
||||
"${LIB_DIR}/http_res" 500; exit
|
||||
fi & if ! [ -x '/usr/bin/wg' ]; then
|
||||
printf 'ERROR! %s could not find /usr/bin/wg\n' "${0}" >>"${LOGFILE}"
|
||||
exit 4
|
||||
"${LIB_DIR}/http_res" 500; exit
|
||||
fi & if ! [ -f "${CONFIG_FILE}" ]; then
|
||||
printf 'ERROR! %s could not find %s!\n' "${0}" "${CONFIG_FILE}" >>"${LOGFILE}"
|
||||
exit 5
|
||||
"${LIB_DIR}/http_res" 500; exit
|
||||
fi
|
||||
source "${CONFIG_FILE}"
|
||||
if ! [ -f "${SERVERS_FILE}" ]; then
|
||||
printf 'ERROR! %s could not find %s!\n' "${0}" "${SERVERS_FILE}" >>"${LOGFILE}"
|
||||
exit 6
|
||||
"${LIB_DIR}/http_res" 500; exit
|
||||
fi & if ! [ -f "${TOKENS_FILE}" ]; then
|
||||
printf 'ERROR! %s could not find %s!\n' "${0}" "${TOKENS_FILE}" >>"${LOGFILE}"
|
||||
exit 7
|
||||
"${LIB_DIR}/http_res" 500; exit
|
||||
fi
|
||||
ip="${1}"
|
||||
qs="$(<<<"${2}" tr '&' '\n' | sed 's/?//')"
|
||||
|
@ -46,8 +30,7 @@ qs="$(<<<"${2}" tr '&' '\n' | sed 's/?//')"
|
|||
# Check token
|
||||
token_fail(){
|
||||
printf 'Rejecting admin %s request for new peer due to %s token\n' "${ip}" "${1}" >>"${LOGFILE}"
|
||||
printf 'Invalid token\n' | "${LIB_DIR}/http_res" 403
|
||||
exit 8
|
||||
printf 'Invalid token\n' | "${LIB_DIR}/http_res" 403; exit
|
||||
}
|
||||
saved_token="$(grep "${ip}" "${TOKENS_FILE}" | cut -f2)"
|
||||
[ "${saved_token}" == "" ] && token_fail 'missing' &
|
||||
|
@ -59,32 +42,28 @@ hostname="$(<<<"${qs}" grep -oP 'host=(.*)' | sed 's/^host=//' | xargs | tr -dc
|
|||
username="$(<<<"${qs}" grep -oP 'user=(.*)' | sed 's/^user=//' | xargs | tr -dc 'a-z0-9' | head -c10)"
|
||||
if ! domain="${hostname:?}.${username:?}.${TLD:?}"; then
|
||||
printf 'ERROR! Hostname "%s" or username "%s" or tld "%s" missing!\n' "${hostname}" "${username}" "${TLD}" >>"${LOGFILE}"
|
||||
printf 'Hostname or username missing!\n' | "${LIB_DIR}/http_res" 400
|
||||
exit 9
|
||||
printf 'Hostname or username missing!\n' | "${LIB_DIR}/http_res" 400; exit
|
||||
else
|
||||
printf 'Admin %s requested new user created with initial peer of %s\n' "${ip}" "${domain}" >>"${LOGFILE}"
|
||||
fi
|
||||
if ! [[ ${#hostname} -ge 3 ]]; then
|
||||
printf 'Rejecting hostname %s because it is too short.\n' "${hostname}" >>"${LOGFILE}"
|
||||
printf 'Hostname too short\n' | "${LIB_DIR}/http_res" 400
|
||||
exit 10
|
||||
printf 'Hostname too short\n' | "${LIB_DIR}/http_res" 400; exit
|
||||
elif ! [[ ${#username} -ge 3 ]]; then
|
||||
printf 'Rejecting username %s because it is too short.\n' "${username}" >>"${LOGFILE}"
|
||||
printf 'Username too short\n' | "${LIB_DIR}/http_res" 400
|
||||
exit 11
|
||||
printf 'Username too short\n' | "${LIB_DIR}/http_res" 400; exit
|
||||
fi
|
||||
|
||||
# Check if user already exists
|
||||
if "${LIB_DIR}/ns_lookup_rxfr" | grep ".${username}.${TLD}" >/dev/null; then
|
||||
printf 'User %s already exists!\n' "${username}" | tee -a "${LOGFILE}" | "${LIB_DIR}/http_res" 409
|
||||
exit 12
|
||||
exit
|
||||
fi
|
||||
|
||||
# Get all peer IPs
|
||||
if ! peers="$(sudo /usr/bin/wg show "${TLD}" allowed-ips)"; then
|
||||
printf 'ERROR! Wireguard failed!\n' >>"${LOGFILE}"
|
||||
printf 'Wireguard failed!\n' | "${LIB_DIR}/http_res" 500
|
||||
exit 13
|
||||
"${LIB_DIR}/http_res" 500; exit
|
||||
fi
|
||||
|
||||
# Create new IPs
|
||||
|
@ -101,7 +80,7 @@ ipv6="${IPV6_NET%:*:*}:${usernumber}:${hostnumber}"
|
|||
if ! printf 'IP addresses for %s created: %s %s\n' "${domain:?}" "${ipv4:?}" "${ipv6:?}" \
|
||||
>>"${LOGFILE}"; then
|
||||
printf 'ERROR! Failed to create IP addresses for %s!' "${domain}" >>"${LOGFILE}"
|
||||
exit 14
|
||||
"${LIB_DIR}/http_res" 500; exit
|
||||
fi
|
||||
|
||||
# Create wg config
|
||||
|
@ -118,7 +97,7 @@ fi &
|
|||
# Create SSL cert
|
||||
if ! sudo mkdir "${SSL_CONFIG_DIR:?}/${username:?}/"; then
|
||||
printf 'Failed to create directory %s/%s/:\n' "${SSL_CONFIG_DIR}" "${username}" >>"${LOGFILE}"
|
||||
exit 15
|
||||
"${LIB_DIR}/http_res" 500; exit
|
||||
fi
|
||||
if "${LIB_DIR}/ssl_peer_add" "${hostname:?}" "${username:?}" "IP:${ipv4},IP:${ipv6}"
|
||||
then printf 'Successfully signed SSL certs for %s\n' "${domain}" >>"${LOGFILE}"
|
||||
|
@ -139,7 +118,7 @@ while IFS=$'\t' read -r server_hostname server_ipv4 server_ipv6 server_pubkey se
|
|||
else
|
||||
printf 'ERROR! Failed to add %s to local wireguard server!\n' "${domain}" >>"${LOGFILE}"
|
||||
# TODO: clear existing progress
|
||||
exit 16
|
||||
"${LIB_DIR}/http_res" 500; exit
|
||||
fi
|
||||
# Remote server
|
||||
else
|
||||
|
|
|
@ -1,40 +1,28 @@
|
|||
#!/bin/bash
|
||||
# FILE: admin/user/del
|
||||
# DESCRIPTION: Delete a user
|
||||
# USAGE: del remote_ip querystring
|
||||
# DESCRIPTION: Delete a user from admin UI
|
||||
# USAGE: del $remote_ip $querystring
|
||||
# QUERYSTRING: ?t=$token&user=$username&un=$usernumber
|
||||
# ERRORS:
|
||||
# 3: bad args/usage
|
||||
# 4: Wireguard not installed
|
||||
# 5: vars file not found
|
||||
# 6: Servers file not found
|
||||
# 7: Token file not found
|
||||
# 8: Invalid token
|
||||
# 9: Username or usernumber not provided
|
||||
# 10: Wireguard failed to get peers
|
||||
# 11: Failed to find user's peers
|
||||
# 12: Failed to get domains for user's peers
|
||||
# 13: Failed to delete a peer from wireguard server
|
||||
|
||||
CONFIG_FILE='/etc/wgapi/config'
|
||||
SERVERS_FILE='/etc/wgapi/servers'
|
||||
if ! [ ${#} -eq 2 ]; then
|
||||
printf 'ERROR! Bad input: %s %s\n' "${0}" "${*}" >>"${LOGFILE}"
|
||||
exit 3
|
||||
"${LIB_DIR}/http_res" 500; exit
|
||||
fi & if ! [ -x '/usr/bin/wg' ]; then
|
||||
printf 'ERROR! %s could not find /usr/bin/wg\n' "${0}" >>"${LOGFILE}"
|
||||
exit 4
|
||||
"${LIB_DIR}/http_res" 500; exit
|
||||
fi & if ! [ -f "${CONFIG_FILE}" ]; then
|
||||
printf 'ERROR! %s could not find %s!\n' "${0}" "${CONFIG_FILE}" >>"${LOGFILE}"
|
||||
exit 5
|
||||
"${LIB_DIR}/http_res" 500; exit
|
||||
fi
|
||||
source "${CONFIG_FILE}"
|
||||
if ! [ -f "${SERVERS_FILE}" ]; then
|
||||
printf 'ERROR! %s could not find %s!\n' "${0}" "${SERVERS_FILE}" >>"${LOGFILE}"
|
||||
exit 6
|
||||
"${LIB_DIR}/http_res" 500; exit
|
||||
fi & if ! [ -f "${TOKENS_FILE}" ]; then
|
||||
printf 'ERROR! %s could not find %s!\n' "${0}" "${TOKENS_FILE}" >>"${LOGFILE}"
|
||||
exit 7
|
||||
"${LIB_DIR}/http_res" 500; exit
|
||||
fi
|
||||
ip="${1}"
|
||||
qs="$(<<<"${2}" tr '&' '\n' | sed 's/?//')"
|
||||
|
@ -42,8 +30,7 @@ qs="$(<<<"${2}" tr '&' '\n' | sed 's/?//')"
|
|||
# Check token
|
||||
token_fail(){
|
||||
printf 'Rejecting admin %s request for new peer due to %s token\n' "${ip}" "${1}" >>"${LOGFILE}"
|
||||
printf 'Invalid token\n' | "${LIB_DIR}/http_res" 403
|
||||
exit 8
|
||||
printf 'Invalid token\n' | "${LIB_DIR}/http_res" 403; exit
|
||||
}
|
||||
saved_token="$(grep "${ip}" "${TOKENS_FILE}" | cut -f2)"
|
||||
[ "${saved_token}" == "" ] && token_fail 'missing' &
|
||||
|
@ -54,11 +41,9 @@ printf '%s token was valid\n' "${ip}" >>"${LOGFILE}"
|
|||
username="$(<<<"${qs}" grep -oP 'user=(.*)' | sed 's/^user=//')"
|
||||
usernumber="$(<<<"${qs}" grep -oP 'un=(.*)' | sed 's/^un=//')"
|
||||
if [[ "${username}" == "" ]]; then
|
||||
printf 'ERROR! Username missing!\n' | tee -a "${LOGFILE}" | "${LIB_DIR}/http_res" 400
|
||||
exit 9
|
||||
printf 'ERROR! Username missing!\n' | tee -a "${LOGFILE}" | "${LIB_DIR}/http_res" 400; exit
|
||||
elif [[ "${usernumber}" == "" ]]; then
|
||||
printf 'ERROR! Usernumber missing!\n' | tee -a "${LOGFILE}" |"${LIB_DIR}/http_res" 400
|
||||
exit 9
|
||||
printf 'ERROR! Usernumber missing!\n' | tee -a "${LOGFILE}" |"${LIB_DIR}/http_res" 400; exit
|
||||
else
|
||||
printf 'Admin %s requested deletion of user "%s" with usernumber "%s"\n' "${ip}" "${username}" "${usernumber}" >>"${LOGFILE}"
|
||||
fi
|
||||
|
@ -66,23 +51,20 @@ fi
|
|||
# Get all peer IPs
|
||||
if ! wg_output="$(sudo /usr/bin/wg show "${TLD}" allowed-ips)"; then
|
||||
printf 'ERROR! Wireguard failed!\n' >>"${LOGFILE}"
|
||||
printf 'Wireguard failed!\n' | "${LIB_DIR}/http_res" 500
|
||||
exit 10
|
||||
"${LIB_DIR}/http_res" 500; exit
|
||||
fi
|
||||
|
||||
# Filter out the user's
|
||||
user_peers="$(grep "${IPV4_NET%.*.*}.${usernumber}." <<<"${wg_output}" 2>/dev/null)"
|
||||
if [ "${user_peers}" == "" ]; then
|
||||
printf "ERROR! Couldn't find any peers for %s!\n" "${IPV4_NET%.*.*}.${usernumber}." >>"${LOGFILE}"
|
||||
printf 'No user peers found for %s!\n' "${IPV4_NET%.*.*}.${usernumber}" | "${LIB_DIR}/http_res" 404
|
||||
exit 11
|
||||
"${LIB_DIR}/http_res" 500; exit
|
||||
fi
|
||||
|
||||
# Get user peer domains
|
||||
if ! peers="$("${LIB_DIR}/ips_to_peers" tsv <<<"${user_peers}")"; then
|
||||
printf 'ERROR! Failed to retrieve peers for %s!\n' "${IPV4_NET%.*.*}.${usernumber}" >>"${LOGFILE}"
|
||||
printf 'Failed to retrieve peers for %s!\n' "${IPV4_NET%.*.*}.${usernumber}" | "${LIB_DIR}/http_res" 500
|
||||
exit 12
|
||||
printf 'ERROR! Failed to retrieve domains for peers for %s!\n' "${IPV4_NET%.*.*}.${usernumber}" >>"${LOGFILE}"
|
||||
"${LIB_DIR}/http_res" 500; exit
|
||||
fi
|
||||
|
||||
# Run this function in parallel in the while loop below
|
||||
|
@ -96,9 +78,8 @@ for_server_do() {
|
|||
printf 'Deleted %s from local wireguard server.\n' "${domain}" >>"${LOGFILE}"
|
||||
else
|
||||
printf 'ERROR! Failed to delete %s from local wireguard server!\n' "${domain}" >>"${LOGFILE}"
|
||||
# TODO: Send a 500 error
|
||||
# TODO: clear existing progress
|
||||
exit 13
|
||||
"${LIB_DIR}/http_res" 500; exit
|
||||
fi
|
||||
# TODO Delete federated peer
|
||||
#else
|
||||
|
|
|
@ -1,41 +1,28 @@
|
|||
#!/bin/bash
|
||||
# FILE: peer_add
|
||||
# DESCRIPTION: Add a new peer
|
||||
# USAGE: add remote_ip querystring
|
||||
# ERRORS:
|
||||
# 3: bad args/usage
|
||||
# 4: vars file not found
|
||||
# 5: Wireguard not installed
|
||||
# 6: Hostname in use
|
||||
# 7: Hostname too short
|
||||
# 8: Invalid token
|
||||
# 9: Token file not found
|
||||
# 10: Failed to get peer data from wg
|
||||
# 11: Failed to generate new IPs
|
||||
# 12: Servers file doesn't exist
|
||||
# 15: Failed to add user to local wireguard
|
||||
# 16: Failed to add user to federated server
|
||||
# 17: User not found
|
||||
# FILE: dashboard/peer/add
|
||||
# DESCRIPTION: Add a new peer from user dashboard
|
||||
# USAGE: add $remote_ip $querystring
|
||||
# QUERYSTRING: ?t=$token&name=$hostname
|
||||
|
||||
CONFIG_FILE='/etc/wgapi/config'
|
||||
SERVERS_FILE='/etc/wgapi/servers'
|
||||
if ! [ ${#} -eq 2 ]; then
|
||||
printf 'ERROR! Bad input: %s %s\n' "${0}" "${*}" >>"${LOGFILE}"
|
||||
exit 3
|
||||
"${LIB_DIR}/http_res" 500; exit
|
||||
fi & if ! [ -x '/usr/bin/wg' ]; then
|
||||
printf 'ERROR! %s could not find /usr/bin/wg\n' "${0}" >>"${LOGFILE}"
|
||||
exit 5
|
||||
"${LIB_DIR}/http_res" 500; exit
|
||||
fi & if ! [ -f "${CONFIG_FILE}" ]; then
|
||||
printf 'ERROR! %s could not find %s!\n' "${0}" "${CONFIG_FILE}" >>"${LOGFILE}"
|
||||
exit 4
|
||||
"${LIB_DIR}/http_res" 500; exit
|
||||
fi
|
||||
source "${CONFIG_FILE}"
|
||||
if ! [ -f "${SERVERS_FILE}" ]; then
|
||||
printf 'ERROR! %s could not find %s!\n' "${0}" "${SERVERS_FILE}" >>"${LOGFILE}"
|
||||
exit 12
|
||||
"${LIB_DIR}/http_res" 500; exit
|
||||
fi & if ! [ -f "${TOKENS_FILE}" ]; then
|
||||
printf 'ERROR! %s could not find %s!\n' "${0}" "${TOKENS_FILE}" >>"${LOGFILE}"
|
||||
exit 9
|
||||
"${LIB_DIR}/http_res" 500; exit
|
||||
fi
|
||||
ip="${1}"
|
||||
qs="$(<<<"${2}" tr '&' '\n' | sed 's/?//')"
|
||||
|
@ -45,15 +32,13 @@ hostname="$(<<<"${qs}" grep -oP 'name=(.*)' | sed 's/^name//' | xargs | tr -dc '
|
|||
printf '%s requested new peer with hostname %s\n' "${ip}" "${hostname}" >>"${LOGFILE}"
|
||||
if ! [[ ${#hostname} -ge 3 ]]; then
|
||||
printf 'Rejecting hostname %s because it is too short.\n' "${hostname}" >>"${LOGFILE}"
|
||||
printf 'Hostname too short\n' | "${LIB_DIR}/http_res" 400
|
||||
exit 7
|
||||
printf 'Hostname too short\n' | "${LIB_DIR}/http_res" 400; exit
|
||||
fi
|
||||
|
||||
# Check token
|
||||
token_fail(){
|
||||
printf 'Rejecting %s request for new peer due to %s token\n' "${ip}" "${1}" >>"${LOGFILE}"
|
||||
printf 'Invalid token\n' | "${LIB_DIR}/http_res" 403
|
||||
exit 8
|
||||
printf 'Invalid token\n' | "${LIB_DIR}/http_res" 403; exit
|
||||
}
|
||||
saved_token="$(grep "${ip}" "${TOKENS_FILE}" | cut -f2)"
|
||||
[ "${saved_token}" == "" ] && token_fail 'missing' &
|
||||
|
@ -62,9 +47,8 @@ printf '%s token was valid\n' "${ip}" >>"${LOGFILE}"
|
|||
|
||||
# Check user
|
||||
username="$("${LIB_DIR}/ns_lookup_rdns" "${ip}" | cut -d'.' -f2)" || (
|
||||
printf 'User not found for %s\n' "${ip}" >>"${LOGFILE}"
|
||||
printf 'User not found' | "${LIB_DIR}/http_res" 403
|
||||
exit 17
|
||||
printf 'User domains not found for %s\n' "${ip}" >>"${LOGFILE}"
|
||||
"${LIB_DIR}/http_res" 500; exit
|
||||
)
|
||||
printf '%s identified as %s\n' "${ip}" "${username}" >>"${LOGFILE}"
|
||||
domain="${hostname}.${username}.${TLD}"
|
||||
|
@ -72,8 +56,7 @@ domain="${hostname}.${username}.${TLD}"
|
|||
# Check if new peer already exists
|
||||
if "${LIB_DIR}/ns_lookup_send" "${domain}" >/dev/null; then
|
||||
printf '%s.%s.%s already exists!\n' "${hostname}" "${username}" "${TLD}" >>"${LOGFILE}"
|
||||
printf 'Hostname %s already exists!\n' "${hostname}" | "${LIB_DIR}/http_res" 409
|
||||
exit 6
|
||||
printf 'Hostname %s already exists!\n' "${hostname}" | "${LIB_DIR}/http_res" 409; exit
|
||||
fi
|
||||
|
||||
# Create new domain
|
||||
|
@ -83,27 +66,27 @@ printf 'New domain will be %s\n' "${domain}" >>"${LOGFILE}"
|
|||
# Get peer IP list
|
||||
if ! wg_output="$(sudo /usr/bin/wg show "${TLD}" allowed-ips)"; then
|
||||
printf 'ERROR! Wireguard failed!\n' >>"${LOGFILE}"
|
||||
exit 5
|
||||
"${LIB_DIR}/http_res" 500; exit
|
||||
fi
|
||||
|
||||
# Filter out this user's
|
||||
user_peers="$(grep "${ip%[.:]*}" <<<"${wg_output}" 2>/dev/null)"
|
||||
if [ "${user_peers}" == "" ]; then
|
||||
printf "ERROR! %s accessed the dashboard but isn't on the network!\n" "${ip}" >>"${LOGFILE}"
|
||||
exit 8
|
||||
"${LIB_DIR}/http_res" 500; exit
|
||||
fi
|
||||
|
||||
# Get domains
|
||||
if ! peers="$("${LIB_DIR}/ips_to_peers" tsv <<<"${user_peers}")"; then
|
||||
printf 'ERROR! Failed to parse peers for %s!\n' "${ip}" >>"${LOGFILE}"
|
||||
exit 10
|
||||
"${LIB_DIR}/http_res" 500; exit
|
||||
fi
|
||||
|
||||
# Make sure hostname isn't taken
|
||||
hostnames="$(<<<"${peers}" awk '{print $1}' | cut -d'.' -f1)"
|
||||
if <<<"${hostnames}" grep -x "${hostname}"; then
|
||||
printf 'User %s already has a host named %s!\n' "${username}" "${hostname}" >>"${LOGFILE}"
|
||||
exit 11
|
||||
"${LIB_DIR}/http_res" 500; exit
|
||||
fi
|
||||
|
||||
# Create new IPs
|
||||
|
@ -120,7 +103,7 @@ ipv6="${IPV6_NET%:*:*}:${usernumber}:${hostnumber}"
|
|||
if ! printf 'IP addresses for %s created: %s %s\n' "${domain:?}" "${ipv4:?}" "${ipv6:?}" \
|
||||
>>"${LOGFILE}"; then
|
||||
printf 'ERROR! Failed to create IP addresses for %s!' "${domain}" >>"${LOGFILE}"
|
||||
exit 11
|
||||
"${LIB_DIR}/http_res" 500; exit
|
||||
fi
|
||||
|
||||
# Create wg config
|
||||
|
@ -154,7 +137,7 @@ while IFS=$'\t' read -r server_hostname server_ipv4 server_ipv6 server_pubkey se
|
|||
else
|
||||
printf 'ERROR! Failed to add %s to local wireguard server!\n' "${domain}" >>"${LOGFILE}"
|
||||
# TODO: clear existing progress
|
||||
exit 15
|
||||
"${LIB_DIR}/http_res" 500; exit
|
||||
fi
|
||||
# Remote server
|
||||
else
|
||||
|
|
|
@ -1,33 +1,28 @@
|
|||
#!/bin/bash
|
||||
# FILE: peer_del
|
||||
# DESCRIPTION: Del a peer
|
||||
# USAGE: del remote_ip querystring
|
||||
# ERRORS:
|
||||
# 3: Bad usage
|
||||
# 4: Missing config
|
||||
# 5: wg not found
|
||||
# 8: Invalid token
|
||||
# 6: Pubkey not in user peer list
|
||||
# FILE: dashboard/peer/del
|
||||
# DESCRIPTION: Delete a peer from user dashboard
|
||||
# USAGE: del $remote_ip $querystring
|
||||
# QUERYSTRING: ?t=$token&pubkey=$pubkey
|
||||
|
||||
CONFIG_FILE='/etc/wgapi/config'
|
||||
SERVERS_FILE='/etc/wgapi/servers'
|
||||
if ! [ ${#} -eq 2 ]; then
|
||||
printf 'ERROR! Bad input: %s %s\n' "${0}" "${*}" >>"${LOGFILE}"
|
||||
exit 3
|
||||
fi; if ! [ -x '/usr/bin/wg' ]; then
|
||||
"${LIB_DIR}/http_res" 500; exit
|
||||
fi & if ! [ -x '/usr/bin/wg' ]; then
|
||||
printf 'ERROR! %s could not find /usr/bin/wg\n' "${0}" >>"${LOGFILE}"
|
||||
exit 5
|
||||
fi; if ! [ -f "${CONFIG_FILE}" ]; then
|
||||
"${LIB_DIR}/http_res" 500; exit
|
||||
fi & if ! [ -f "${CONFIG_FILE}" ]; then
|
||||
printf 'ERROR! %s could not find %s!\n' "${0}" "${CONFIG_FILE}" >>"${LOGFILE}"
|
||||
exit 4
|
||||
"${LIB_DIR}/http_res" 500; exit
|
||||
fi
|
||||
source "${CONFIG_FILE}"
|
||||
if ! [ -f "${SERVERS_FILE}" ]; then
|
||||
printf 'ERROR! %s could not find %s!\n' "${0}" "${SERVERS_FILE}" >>"${LOGFILE}"
|
||||
exit 4
|
||||
fi; if ! [ -f "${TOKENS_FILE}" ]; then
|
||||
"${LIB_DIR}/http_res" 500; exit
|
||||
fi & if ! [ -f "${TOKENS_FILE}" ]; then
|
||||
printf 'ERROR! %s could not find %s!\n' "${0}" "${TOKENS_FILE}" >>"${LOGFILE}"
|
||||
exit 4
|
||||
"${LIB_DIR}/http_res" 500; exit
|
||||
fi
|
||||
ip="${1}"
|
||||
qs="$(<<<"${2}" tr '&' '\n' | sed 's/?//')"
|
||||
|
@ -39,8 +34,7 @@ printf '%s requested to delete %s\n' "${ip}" "${pubkey:?}" >>"${LOGFILE}"
|
|||
# Check token
|
||||
token_fail(){
|
||||
printf 'Rejecting %s request to delete peer due to %s token\n' "${ip}" "${1}" >>"${LOGFILE}"
|
||||
printf 'Invalid token\n' | "${LIB_DIR}/http_res" 403
|
||||
exit 8
|
||||
printf 'Invalid token\n' | "${LIB_DIR}/http_res" 403; exit
|
||||
}
|
||||
saved_token="$(grep "${ip}" "${TOKENS_FILE}" | cut -f2)"
|
||||
[ "${saved_token}" == "" ] && token_fail 'missing' &
|
||||
|
@ -50,36 +44,33 @@ printf '%s token was valid\n' "${ip}" >>"${LOGFILE}"
|
|||
# Get peer IP list
|
||||
if ! wg_output="$(sudo /usr/bin/wg show "${TLD}" allowed-ips)"; then
|
||||
printf 'ERROR! Wireguard failed!\n' >>"${LOGFILE}"
|
||||
exit 5
|
||||
"${LIB_DIR}/http_res" 500; exit
|
||||
fi
|
||||
|
||||
# Filter out this user's
|
||||
user_peers="$(grep "${ip%[.:]*}" <<<"${wg_output}" 2>/dev/null)"
|
||||
if [ "${user_peers}" == "" ]; then
|
||||
printf "ERROR! %s accessed the dashboard but isn't on the network!\n" "${ip}" >>"${LOGFILE}"
|
||||
exit 8
|
||||
"${LIB_DIR}/http_res" 500; exit
|
||||
fi
|
||||
|
||||
# Get peer domains
|
||||
if ! peer="$("${LIB_DIR}/ips_to_peers" tsv <<<"${user_peers}" | grep "${pubkey}")"; then
|
||||
printf 'ERROR! Peer %s not found for user %s!\n' "${pubkey}" "${ip}" >>"${LOGFILE}" &
|
||||
printf 'Peer not found\n' | "${LIB_DIR}/http_res" 404
|
||||
exit 6
|
||||
printf 'Peer not found\n' | "${LIB_DIR}/http_res" 404; exit
|
||||
fi
|
||||
domain="$(<<<"${peer}" cut -f1)"
|
||||
ipv4="$(<<<"${peer}" cut -f2)"
|
||||
ipv6="$(<<<"${peer}" cut -f3)"
|
||||
if ! printf 'Delete request was for %s %s %s\n' "${domain:?}" "${ipv4:?}" "${ipv6:?}" >>"${LOGFILE}"; then
|
||||
printf 'ERROR! Failed to collect peer data: %s %s %s\n' "${domain}" "${ipv4}" "${ipv6}" >>"${LOGFILE}" &
|
||||
printf 'Failed to collect peer data\n' | "${LIB_DIR}/http_res" 500
|
||||
exit 6
|
||||
"${LIB_DIR}/http_res" 500; exit
|
||||
fi
|
||||
|
||||
# Make sure user isn't deleting their own peer
|
||||
if [ "${ip}" == "${ipv4}" ] || [ "${ip}" == "${ipv6}" ]; then
|
||||
printf 'User requested to delete peer from itself: %s.\n' "${ip}" >>"${LOGFILE}"
|
||||
printf 'You cannot delete a peer from that peer! Make the request from a different device.' | "${LIB_DIR}/http_res" 400
|
||||
exit 7
|
||||
printf 'You cannot delete a peer from itself!' | "${LIB_DIR}/http_res" 400; exit
|
||||
fi
|
||||
|
||||
hostname="$(<<<"${domain}" cut -d'.' -f1)"
|
||||
|
@ -97,9 +88,8 @@ for_server_do() {
|
|||
printf 'Deleted %s from local wireguard server.\n' "${domain}" >>"${LOGFILE}"
|
||||
else
|
||||
printf 'ERROR! Failed to delete %s from local wireguard server!\n' "${domain}" >>"${LOGFILE}"
|
||||
# TODO: Send a 500 error
|
||||
# TODO: clear existing progress
|
||||
exit 15
|
||||
"${LIB_DIR}/http_res" 500; exit
|
||||
fi
|
||||
# TODO Add federated peer
|
||||
#else
|
||||
|
|
|
@ -1,34 +1,23 @@
|
|||
#!/bin/bash
|
||||
# FILE: lib/dashboard/peer/list
|
||||
# FILE: dashboard/peer/list
|
||||
# DESCRIPTION: List a user's peers
|
||||
# USAGE: list remote_ip
|
||||
# ERRORS:
|
||||
# 3: bad args/usage
|
||||
# 4: config file not found
|
||||
# 5: Wireguard not installed
|
||||
# 9: Token file not found
|
||||
# 10: Failed to get peer data from wg
|
||||
# 11: Failed to generate new IPs
|
||||
# 12: Servers file doesn't exist
|
||||
# 15: Failed to add user to local wireguard
|
||||
# 16: Failed to add user to federated server
|
||||
# 17: User not found
|
||||
# USAGE: list $remote_ip
|
||||
|
||||
CONFIG_FILE='/etc/wgapi/config'
|
||||
if ! [ ${#} -eq 1 ]; then
|
||||
printf 'ERROR! Bad input: %s %s\n' "${0}" "${*}" >>"${LOGFILE}"
|
||||
exit 3
|
||||
"${LIB_DIR}/http_res" 500; exit
|
||||
fi & if ! [ -x '/usr/bin/wg' ]; then
|
||||
printf 'ERROR! %s could not find /usr/bin/wg\n' "${0}" >>"${LOGFILE}"
|
||||
exit 5
|
||||
"${LIB_DIR}/http_res" 500; exit
|
||||
fi & if ! [ -f "${CONFIG_FILE}" ]; then
|
||||
printf 'ERROR! %s could not find %s!\n' "${0}" "${CONFIG_FILE}" >>"${LOGFILE}"
|
||||
exit 4
|
||||
"${LIB_DIR}/http_res" 500; exit
|
||||
fi
|
||||
source "${CONFIG_FILE}"
|
||||
if ! [ -f "${TOKENS_FILE}" ]; then
|
||||
printf 'ERROR! %s could not find %s!\n' "${0}" "${TOKENS_FILE}" >>"${LOGFILE}"
|
||||
exit 9
|
||||
"${LIB_DIR}/http_res" 500; exit
|
||||
fi
|
||||
ip="${1}"
|
||||
printf '%s requested peer listing...\n' "${ip}" >>"${LOGFILE}"
|
||||
|
@ -44,15 +33,14 @@ fi
|
|||
# Get peer IP list
|
||||
if ! wg_output="$(sudo /usr/bin/wg show "${TLD}" allowed-ips)"; then
|
||||
printf 'ERROR! Wireguard failed!\n' >>"${LOGFILE}"
|
||||
exit 5
|
||||
"${LIB_DIR}/http_res" 500; exit
|
||||
fi
|
||||
|
||||
# Filter out this user's
|
||||
user_peers="$(grep "${ip%[.:]*}" <<<"${wg_output}" 2>/dev/null)"
|
||||
if [ "${user_peers}" == '' ]; then
|
||||
printf "ERROR! %s accessed the dashboard but isn't on the network!\n" "${ip}" >>"${LOGFILE}"
|
||||
printf 'User not found!\n' | "${LIB_DIR}/http_res" 403
|
||||
exit 8
|
||||
printf 'User not found!\n' | "${LIB_DIR}/http_res" 403; exit
|
||||
fi
|
||||
|
||||
# Get domains for each one
|
||||
|
@ -61,6 +49,5 @@ if peers="[$("${LIB_DIR}/ips_to_peers" json <<<"${user_peers}")]"; then
|
|||
printf 'Sent peers to user %s\n' "${ip}" >>"${LOGFILE}"
|
||||
else
|
||||
printf 'ERROR: Failed to lookup domains for user: %s\n' "${ip}" >>"${LOGFILE}"
|
||||
printf 'Failed to lookup domains' | "${LIB_DIR}/http_res" 500
|
||||
exit 9
|
||||
"${LIB_DIR}/http_res" 500; exit
|
||||
fi
|
||||
|
|
|
@ -1,26 +1,16 @@
|
|||
#!/bin/bash
|
||||
# FILE: lib/dashboard/ssl
|
||||
# FILE: dashboard/ssl
|
||||
# DESCRIPTION: Get a user's SSL certs and keys
|
||||
# USAGE: ssl remote_ip querystring
|
||||
# QUERYSTRING: ?host=$hostname&ext=crt
|
||||
# ERRORS:
|
||||
# 3: Bad args/usage
|
||||
# 4: Config file not found
|
||||
# 5: Missing part of the querystring
|
||||
# 6: Invalid extension
|
||||
# 7: Failed to perform nslookup of ip
|
||||
# 8: Failed to parse username from domain
|
||||
# 9: Missing username or SSL_CONFIG_DIR
|
||||
# 10: SSL file missing
|
||||
# 11: Failed to return SSL file
|
||||
|
||||
CONFIG_FILE='/etc/wgapi/config'
|
||||
if ! [ ${#} -eq 2 ]; then
|
||||
printf 'ERROR! Bad input: %s %s\n' "${0}" "${*}" >>"${LOGFILE}"
|
||||
exit 3
|
||||
"${LIB_DIR}/http_res" 500; exit
|
||||
fi & if ! [ -f "${CONFIG_FILE}" ]; then
|
||||
printf 'ERROR! %s could not find %s!\n' "${0}" "${CONFIG_FILE}" >>"${LOGFILE}"
|
||||
exit 4
|
||||
"${LIB_DIR}/http_res" 500; exit
|
||||
fi
|
||||
source "${CONFIG_FILE}"
|
||||
ip="${1}"
|
||||
|
@ -32,16 +22,14 @@ ext="$(<<<"${qs}" grep -oP 'ext=(.*)' | sed 's/^ext=//' | xargs)"
|
|||
|
||||
if ! file="${hostname:?}/server.${ext:?}"; then
|
||||
printf 'ERROR! Hostname "%s" or extension "%s" missing!\n' "${hostname}" "${ext}" >>"${LOGFILE}"
|
||||
printf 'Hostname or extension missing!\n' | "${LIB_DIR}/http_res" 400
|
||||
exit 5
|
||||
printf 'Hostname or extension missing!\n' | "${LIB_DIR}/http_res" 400; exit
|
||||
else
|
||||
printf 'User %s requested SSL file %s\n' "${ip}" "${file}" >>"${LOGFILE}"
|
||||
fi
|
||||
|
||||
# Make sure extension is 'crt' or 'key'
|
||||
if [ "${ext}" != 'crt' ] && [ "${ext}" != 'key' ]; then
|
||||
printf 'Invalid extension: %s\n' "${ext}"| tee -a "${LOGFILE}" | "${LIB_DIR}/http_res" 400
|
||||
exit 6
|
||||
printf 'Invalid extension: %s\n' "${ext}"| tee -a "${LOGFILE}" | "${LIB_DIR}/http_res" 400; exit
|
||||
fi
|
||||
|
||||
# Get username
|
||||
|
@ -50,28 +38,26 @@ if ! domain="$("${LIB_DIR}/ns_lookup_rdns" "${ip}")"; then
|
|||
exit 7
|
||||
fi; if ! username="$(<<<"${domain}" cut -d'.' -f2)"; then
|
||||
printf 'ERROR! Failed to parse username from domain "%s"\n' "${domain}" >>"${LOGFILE}"
|
||||
"${LIB_DIR}/http_res" 500
|
||||
exit 8
|
||||
"${LIB_DIR}/http_res" 500; exit
|
||||
else
|
||||
printf 'User %s is "%s"\n' "${ip}" "${username}" >>"${LOGFILE}"
|
||||
fi
|
||||
|
||||
if ! path="${SSL_CONFIG_DIR:?}/${username:?}/${file}"; then
|
||||
printf 'ERROR! Username "%s" or SSL_CONFIG_DIR "%s" missing!\n' "${username}" "${SSL_CONFIG_DIR}" >> "${LOGFILE}"
|
||||
"${LIB_DIR}/http_res" 500
|
||||
exit 9
|
||||
"${LIB_DIR}/http_res" 500; exit
|
||||
fi
|
||||
|
||||
# Check that the file exists
|
||||
if ! [ -f "${path}" ]; then
|
||||
printf 'ERROR! File missing: "%s"\n' "${path}" | tee -a "${LOGFILE}" | "${LIB_DIR}/http_res" 404
|
||||
exit 10
|
||||
printf 'ERROR! File missing: "%s"\n' "${path}" >>"${LOGFILE}"
|
||||
"${LIB_DIR}/http_res" 500; exit
|
||||
fi
|
||||
|
||||
# Try to return it to the user
|
||||
if <"${path}" "${LIB_DIR}/http_res" 200; then
|
||||
printf 'Sent SSL file "%s" to %s\n' "${path}" "${username}" >>"${LOGFILE}"
|
||||
else
|
||||
printf 'ERROR! Failed to return file: "%s"\n' "${path}" | tee -a "${LOGFILE}" | "${LIB_DIR}/http_res" 500
|
||||
exit 11
|
||||
printf 'ERROR! Failed to return file: "%s"\n' "${path}" >>"${LOGFILE}"
|
||||
"${LIB_DIR}/http_res" 500; exit
|
||||
fi
|
||||
|
|
|
@ -19,7 +19,7 @@
|
|||
[X] Prepare config portability
|
||||
[X] Let this server route traffic for all hosts
|
||||
[X] Prevent deleting user's only peer
|
||||
[ ] Remove bash errors
|
||||
[X] Remove bash errors
|
||||
[ ] Federated servers
|
||||
[ ] shellcheck
|
||||
[ ] Deploy on GF4
|
||||
|
|
Loading…
Reference in New Issue