diff --git a/back/srv/dashboard/add b/back/srv/dashboard/add index 55b917e..0838d13 100755 --- a/back/srv/dashboard/add +++ b/back/srv/dashboard/add @@ -23,34 +23,45 @@ SERVERS_FILE='/etc/wgapi/servers' [ -f "${TOKENS_FILE}" ] || exit 9 [ -f "${SERVERS_FILE}" ] || exit 12 source "${CONFIG_FILE}" +ip="${1}" # Check hostname hostname="$(printf ${2}\n | jq -r '.name' | xargs | tr -dc '[a-z0-9]' | head -c10)" +printf "${ip} requested new peer with hostname ${hostname}\n" >>"${LOGFILE}" [[ ${#hostname} -ge 3 ]] || ( - printf 'Hostname too short\n' | res 400 + printf "Rejecting hostname ${hostname} because it's too short.\n" >>"${LOGFILE}" + printf 'Hostname too short\n' | "${LIB_DIR}/http_res" 400 exit 7 ) +# Check token +token_fail(){ + printf "Rejecting ${ip} request for new peer due to ${1} token\n" >>"${LOGFILE}" + printf 'Invalid token\n' | "${LIB_DIR}/http_res" 403 + exit 8 +} +saved_token=$(grep "${1}" "${TOKENS_FILE}" | cut -f2) +[ "${saved_token}" == "" ] && token_fail 'missing' +<<<"${username}" grep "t=${saved_token}" || token_fail 'mismatched' + +# Check user username="$(${LIB_DIR}/ns_lookup_rdns ${REMOTE_ADDR} | cut -d'.' -f2)" [ $? -ne 0 ] && ( + printf "\n" >>"${LOGFILE}" printf 'User not found' | "${LIB)DIR}/http_res" 403 exit 403 -) || - -# Check token -token_fail(){ printf 'Invalid token\n' | res 403; exit 8; } -saved_token=$(grep "${1}" "${TOKENS_FILE}" | cut -f2) -[ "${saved_token}" == "" ] && token_fail -printf "${username}" | grep "t=${saved_token}" || token_fail +) || printf "${ip} identified as ${username} ${hostname}\n" >>"${LOGFILE}" +domain="${hostname}.${username}.${TLD}" # Check if new peer already exists printf "${hostnames}" | grep "${hostname}" && ( - printf "Hostname ${hostname} already exists!\n" | res 40 + printf "${hostname}.${username}.${TLD} already exists, sending 409...\n" >>"${LOGFILE}" + printf "Hostname ${hostname} already exists!\n" | "${LIB_DIR}/http_res" 409 exit 6 ) # Collect/parse existing peer data -# Create new IPs and domain +# Create new IPs peers="$(sudo ${LIB_DIR}/wg_peer_list ${1} tsv)" [ ${?} -ne 0 ] && exit 10 hostnames="$(printf "${peers}" | awk '{print $0}' | cut -d'.' -f1)" @@ -65,7 +76,7 @@ while printf "${used_hostnumbers}" | grep "${hostnumber}" done ipv4="${IPV4_NET%.*.*}.${usernumber}.${hostnumber}" ipv6="${IPV6_NET%:*:*}:${usernumber}:${hostnumber}" -domain="${hostname}.${username}.${TLD}" +printf "IP addresses for ${domain} created:\t${ipv4} ${ipv6} \n" >>"${LOGFILE}" # TODO: Check it or exit 11 # Create wg config @@ -74,27 +85,49 @@ privkey="$(/usr/bin/wg genkey)" pubkey="$(echo $privkey | /usr/bin/wg pubkey)" address="${ipv4}/${IPV4_NET##*/},${ipv6}/${IPV6_NET##*/}" server_blocks='' -while read server_hostname server_ipv4 server_ipv6 server_pubkey server_endpoint server_admin server_secret; do +while read -r -a arr; do + server_hostname="${arr[0]}" + server_ipv4="${arr[1]}" + server_ipv6="${arr[2]}" + server_pubkey="${arr[3]}" + server_endpoint="${arr[4]}" + server_admin="${arr[5]}" + server_secret="${arr[6]}" server_psk="$(/usr/bin/wg genpsk)" server_blocks="${server_blocks}\n[Peer] # ${server_hostname}.${TLD}\nPublicKey=${server_pubkey}\nPresharedKey=${server_psk}\nAllowedIPs=${server_ipv4}/32,${server_ipv6}/128\nEndpoint=${server_endpoint}\n" if [ "${server_hostname}" == "${LOCAL_SERVER}" ] # Add new user to local server - then "${LIB_DIR}/wg_peer_add" "${pubkey}" "${server_psk}" "${ipv4}/32,${ipv6}/128" - [ ${?} -ne 0 ] && printf 'Failed to add new peer ${ipv4} to local server!' >&2 # TODO: clear existing progress and exit 15 + then printf "Adding ${domain} to local server..." >>"${LOGFILE}" + #"${LIB_DIR}/wg_peer_add" "${pubkey}" "${server_psk}" "${ipv4}/32,${ipv6}/128" + true + [ ${?} -ne 0 ] && ( + printf 'Failed to add new peer ${ipv4} to local server!' >>"${LOGFILE}" + # TODO: clear existing progress and exit 15 + ) # Send new user config to federated server - else "${LIB_DIR}/fed_add" "${server_admin}" "${pubkey}" "${server_psk}" "${ipv4}/32,${ipv6}/128" "${server_secret}" - [ ${?} -ne 0 ] && printf 'Failed to add new peer ${ipv4} to federated server ${server_hostname}!' >&2 # TODO: clear existing progress and exit 16 + else printf "Sending ${domain} to remote server ${server_hostname}..." >>"${LOGFILE}" + #"${LIB_DIR}/fed_add" "${server_admin}" "${pubkey}" "${server_psk}" "${ipv4}/32,${ipv6}/128" "${server_secret}" + true + [ ${?} -ne 0 ] && ( + printf 'Failed to add new peer ${ipv4} to federated server ${server_hostname}!' >>"${LOGFILE}" + # TODO: clear existing progress and exit 16 + ) fi done <${SERVERS_FILE} wg_config="[Interface] # ${hostname}.${username}.${TLD}\nPrivateKey=${privkey}\nAddress=${address}\n${WG_DNS}\n${server_blocks}" # Respond to user +# Do it before updating nameserver and certs because +# if wireguard worked, there's no going back. The admin +# can clean up missing records and certs after checking the logs printf "${wg_config}" | "${LIB_DIR}/http_res" # Update nameserver -"${LIB_DIR}/ns_update_add" "${domain}" "${ipv4}" "${ipv6}" -[ ${?} -ne 0 ] && printf "Failed to add ${domain} ${ipv4} ${ipv6} to DNS server!" >&2 +#"${LIB_DIR}/ns_update_add" "${domain}" "${ipv4}" "${ipv6}" +true +[ ${?} -ne 0 ] && printf "Failed to add ${domain} ${ipv4} ${ipv6} to DNS server!" >>"${LOGFILE}" # Create SSL cert -sudo "${LIB_DIR}/ssl_peer_add" "${hostname}" "${username}" "IP:${ipv4},IP:${ipv6}" -[ ${?} -ne 0 ] && printf "Failed to add ${domain} ${ipv4} ${ipv6} to DNS server!" >&2 +#sudo "${LIB_DIR}/ssl_peer_add" "${hostname}" "${username}" "IP:${ipv4},IP:${ipv6}" +true +[ ${?} -ne 0 ] && printf "Failed to create certs for ${domain} with IPS: ${ipv4} ${ipv6}!" >>"${LOGFILE}"