Readied peer add code

back/srv/dashboard/add

@@ -23,34 +23,45 @@ SERVERS_FILE='/etc/wgapi/servers'
 [ -f "${TOKENS_FILE}" ] || exit 9
 [ -f "${SERVERS_FILE}" ] || exit 12
 source "${CONFIG_FILE}"
+ip="${1}"
 
 # Check hostname
 hostname="$(printf ${2}\n | jq -r '.name' | xargs | tr -dc '[a-z0-9]' | head -c10)"
+printf "${ip} requested new peer with hostname ${hostname}\n" >>"${LOGFILE}"
 [[ ${#hostname} -ge 3 ]] || (
-	printf 'Hostname too short\n' | res 400
+	printf "Rejecting hostname ${hostname} because it's too short.\n" >>"${LOGFILE}"
+	printf 'Hostname too short\n' | "${LIB_DIR}/http_res" 400
 	exit 7
 )
 
+# Check token
+token_fail(){
+	printf "Rejecting ${ip} request for new peer due to ${1} token\n" >>"${LOGFILE}"
+	printf 'Invalid token\n' | "${LIB_DIR}/http_res" 403
+	exit 8
+}
+saved_token=$(grep "${1}" "${TOKENS_FILE}" | cut -f2)
+[ "${saved_token}" == "" ] && token_fail 'missing'
+<<<"${username}" grep "t=${saved_token}" || token_fail 'mismatched'
+
+# Check user
 username="$(${LIB_DIR}/ns_lookup_rdns ${REMOTE_ADDR} | cut -d'.' -f2)"
 [ $? -ne 0 ] && (
+	printf "\n" >>"${LOGFILE}"
 	printf 'User not found' | "${LIB)DIR}/http_res" 403
 	exit 403
-) || 
-
-# Check token
-token_fail(){ printf 'Invalid token\n' | res 403; exit 8; }
-saved_token=$(grep "${1}" "${TOKENS_FILE}" | cut -f2)
-[ "${saved_token}" == "" ] && token_fail
-printf "${username}" | grep "t=${saved_token}" || token_fail
+) || printf "${ip} identified as ${username} ${hostname}\n" >>"${LOGFILE}"
+domain="${hostname}.${username}.${TLD}"
 
 # Check if new peer already exists
 printf "${hostnames}" | grep "${hostname}" && (
-	printf "Hostname ${hostname} already exists!\n" | res 40
+	printf "${hostname}.${username}.${TLD} already exists, sending 409...\n" >>"${LOGFILE}"
+	printf "Hostname ${hostname} already exists!\n" | "${LIB_DIR}/http_res" 409
 	exit 6
 )
 
 # Collect/parse existing peer data
-# Create new IPs and domain
+# Create new IPs
 peers="$(sudo ${LIB_DIR}/wg_peer_list ${1} tsv)"
 [ ${?} -ne 0 ] && exit 10
 hostnames="$(printf "${peers}" | awk '{print $0}' | cut -d'.' -f1)"
@@ -65,7 +76,7 @@ while printf "${used_hostnumbers}" | grep "${hostnumber}"
 done
 ipv4="${IPV4_NET%.*.*}.${usernumber}.${hostnumber}"
 ipv6="${IPV6_NET%:*:*}:${usernumber}:${hostnumber}"
-domain="${hostname}.${username}.${TLD}"
+printf "IP addresses for ${domain} created:\t${ipv4} ${ipv6} \n" >>"${LOGFILE}"
 # TODO: Check it or exit 11
 
 # Create wg config
@@ -74,27 +85,49 @@ privkey="$(/usr/bin/wg genkey)"
 pubkey="$(echo $privkey | /usr/bin/wg pubkey)"
 address="${ipv4}/${IPV4_NET##*/},${ipv6}/${IPV6_NET##*/}"
 server_blocks=''
-while read server_hostname server_ipv4 server_ipv6 server_pubkey server_endpoint server_admin server_secret; do
+while read -r -a arr; do
+	server_hostname="${arr[0]}"
+	server_ipv4="${arr[1]}"
+	server_ipv6="${arr[2]}"
+	server_pubkey="${arr[3]}"
+	server_endpoint="${arr[4]}"
+	server_admin="${arr[5]}"
+	server_secret="${arr[6]}"
 	server_psk="$(/usr/bin/wg genpsk)"
 	server_blocks="${server_blocks}\n[Peer] # ${server_hostname}.${TLD}\nPublicKey=${server_pubkey}\nPresharedKey=${server_psk}\nAllowedIPs=${server_ipv4}/32,${server_ipv6}/128\nEndpoint=${server_endpoint}\n"
 	if [ "${server_hostname}" == "${LOCAL_SERVER}" ]
 		# Add new user to local server
-		then "${LIB_DIR}/wg_peer_add" "${pubkey}" "${server_psk}" "${ipv4}/32,${ipv6}/128"
-			[ ${?} -ne 0 ] && printf 'Failed to add new peer ${ipv4} to local server!' >&2 # TODO: clear existing progress and exit 15
+		then printf "Adding ${domain} to local server..." >>"${LOGFILE}"
+			#"${LIB_DIR}/wg_peer_add" "${pubkey}" "${server_psk}" "${ipv4}/32,${ipv6}/128"
+			true
+			[ ${?} -ne 0 ] && (
+				printf 'Failed to add new peer ${ipv4} to local server!' >>"${LOGFILE}"
+				# TODO: clear existing progress and exit 15
+			)
 		# Send new user config to federated server
-		else "${LIB_DIR}/fed_add" "${server_admin}" "${pubkey}" "${server_psk}" "${ipv4}/32,${ipv6}/128" "${server_secret}"
-			[ ${?} -ne 0 ] && printf 'Failed to add new peer ${ipv4} to federated server ${server_hostname}!' >&2 # TODO: clear existing progress and exit 16
+		else printf "Sending ${domain} to remote server ${server_hostname}..." >>"${LOGFILE}"
+			#"${LIB_DIR}/fed_add" "${server_admin}" "${pubkey}" "${server_psk}" "${ipv4}/32,${ipv6}/128" "${server_secret}"
+			true
+			[ ${?} -ne 0 ] && (
+				printf 'Failed to add new peer ${ipv4} to federated server ${server_hostname}!' >>"${LOGFILE}"
+				# TODO: clear existing progress and exit 16
+			)
 	fi
 done <${SERVERS_FILE}
 wg_config="[Interface] # ${hostname}.${username}.${TLD}\nPrivateKey=${privkey}\nAddress=${address}\n${WG_DNS}\n${server_blocks}"
 
 # Respond to user
+# Do it before updating nameserver and certs because
+# if wireguard worked, there's no going back.  The admin
+# can clean up missing records and certs after checking the logs
 printf "${wg_config}" | "${LIB_DIR}/http_res"
 
 # Update nameserver
-"${LIB_DIR}/ns_update_add" "${domain}" "${ipv4}" "${ipv6}"
-[ ${?} -ne 0 ] && printf "Failed to add ${domain} ${ipv4} ${ipv6} to DNS server!" >&2
+#"${LIB_DIR}/ns_update_add" "${domain}" "${ipv4}" "${ipv6}"
+true
+[ ${?} -ne 0 ] && printf "Failed to add ${domain} ${ipv4} ${ipv6} to DNS server!" >>"${LOGFILE}"
 
 # Create SSL cert
-sudo "${LIB_DIR}/ssl_peer_add" "${hostname}" "${username}" "IP:${ipv4},IP:${ipv6}" 
-[ ${?} -ne 0 ] && printf "Failed to add ${domain} ${ipv4} ${ipv6} to DNS server!" >&2
+#sudo "${LIB_DIR}/ssl_peer_add" "${hostname}" "${username}" "IP:${ipv4},IP:${ipv6}"
+true
+[ ${?} -ne 0 ] && printf "Failed to create certs for ${domain} with IPS: ${ipv4} ${ipv6}!" >>"${LOGFILE}"