Readied peer add code
parent
587c4e5256
commit
397f4b63a5
|
@ -23,34 +23,45 @@ SERVERS_FILE='/etc/wgapi/servers'
|
||||||
[ -f "${TOKENS_FILE}" ] || exit 9
|
[ -f "${TOKENS_FILE}" ] || exit 9
|
||||||
[ -f "${SERVERS_FILE}" ] || exit 12
|
[ -f "${SERVERS_FILE}" ] || exit 12
|
||||||
source "${CONFIG_FILE}"
|
source "${CONFIG_FILE}"
|
||||||
|
ip="${1}"
|
||||||
|
|
||||||
# Check hostname
|
# Check hostname
|
||||||
hostname="$(printf ${2}\n | jq -r '.name' | xargs | tr -dc '[a-z0-9]' | head -c10)"
|
hostname="$(printf ${2}\n | jq -r '.name' | xargs | tr -dc '[a-z0-9]' | head -c10)"
|
||||||
|
printf "${ip} requested new peer with hostname ${hostname}\n" >>"${LOGFILE}"
|
||||||
[[ ${#hostname} -ge 3 ]] || (
|
[[ ${#hostname} -ge 3 ]] || (
|
||||||
printf 'Hostname too short\n' | res 400
|
printf "Rejecting hostname ${hostname} because it's too short.\n" >>"${LOGFILE}"
|
||||||
|
printf 'Hostname too short\n' | "${LIB_DIR}/http_res" 400
|
||||||
exit 7
|
exit 7
|
||||||
)
|
)
|
||||||
|
|
||||||
|
# Check token
|
||||||
|
token_fail(){
|
||||||
|
printf "Rejecting ${ip} request for new peer due to ${1} token\n" >>"${LOGFILE}"
|
||||||
|
printf 'Invalid token\n' | "${LIB_DIR}/http_res" 403
|
||||||
|
exit 8
|
||||||
|
}
|
||||||
|
saved_token=$(grep "${1}" "${TOKENS_FILE}" | cut -f2)
|
||||||
|
[ "${saved_token}" == "" ] && token_fail 'missing'
|
||||||
|
<<<"${username}" grep "t=${saved_token}" || token_fail 'mismatched'
|
||||||
|
|
||||||
|
# Check user
|
||||||
username="$(${LIB_DIR}/ns_lookup_rdns ${REMOTE_ADDR} | cut -d'.' -f2)"
|
username="$(${LIB_DIR}/ns_lookup_rdns ${REMOTE_ADDR} | cut -d'.' -f2)"
|
||||||
[ $? -ne 0 ] && (
|
[ $? -ne 0 ] && (
|
||||||
|
printf "\n" >>"${LOGFILE}"
|
||||||
printf 'User not found' | "${LIB)DIR}/http_res" 403
|
printf 'User not found' | "${LIB)DIR}/http_res" 403
|
||||||
exit 403
|
exit 403
|
||||||
) ||
|
) || printf "${ip} identified as ${username} ${hostname}\n" >>"${LOGFILE}"
|
||||||
|
domain="${hostname}.${username}.${TLD}"
|
||||||
# Check token
|
|
||||||
token_fail(){ printf 'Invalid token\n' | res 403; exit 8; }
|
|
||||||
saved_token=$(grep "${1}" "${TOKENS_FILE}" | cut -f2)
|
|
||||||
[ "${saved_token}" == "" ] && token_fail
|
|
||||||
printf "${username}" | grep "t=${saved_token}" || token_fail
|
|
||||||
|
|
||||||
# Check if new peer already exists
|
# Check if new peer already exists
|
||||||
printf "${hostnames}" | grep "${hostname}" && (
|
printf "${hostnames}" | grep "${hostname}" && (
|
||||||
printf "Hostname ${hostname} already exists!\n" | res 40
|
printf "${hostname}.${username}.${TLD} already exists, sending 409...\n" >>"${LOGFILE}"
|
||||||
|
printf "Hostname ${hostname} already exists!\n" | "${LIB_DIR}/http_res" 409
|
||||||
exit 6
|
exit 6
|
||||||
)
|
)
|
||||||
|
|
||||||
# Collect/parse existing peer data
|
# Collect/parse existing peer data
|
||||||
# Create new IPs and domain
|
# Create new IPs
|
||||||
peers="$(sudo ${LIB_DIR}/wg_peer_list ${1} tsv)"
|
peers="$(sudo ${LIB_DIR}/wg_peer_list ${1} tsv)"
|
||||||
[ ${?} -ne 0 ] && exit 10
|
[ ${?} -ne 0 ] && exit 10
|
||||||
hostnames="$(printf "${peers}" | awk '{print $0}' | cut -d'.' -f1)"
|
hostnames="$(printf "${peers}" | awk '{print $0}' | cut -d'.' -f1)"
|
||||||
|
@ -65,7 +76,7 @@ while printf "${used_hostnumbers}" | grep "${hostnumber}"
|
||||||
done
|
done
|
||||||
ipv4="${IPV4_NET%.*.*}.${usernumber}.${hostnumber}"
|
ipv4="${IPV4_NET%.*.*}.${usernumber}.${hostnumber}"
|
||||||
ipv6="${IPV6_NET%:*:*}:${usernumber}:${hostnumber}"
|
ipv6="${IPV6_NET%:*:*}:${usernumber}:${hostnumber}"
|
||||||
domain="${hostname}.${username}.${TLD}"
|
printf "IP addresses for ${domain} created:\t${ipv4} ${ipv6} \n" >>"${LOGFILE}"
|
||||||
# TODO: Check it or exit 11
|
# TODO: Check it or exit 11
|
||||||
|
|
||||||
# Create wg config
|
# Create wg config
|
||||||
|
@ -74,27 +85,49 @@ privkey="$(/usr/bin/wg genkey)"
|
||||||
pubkey="$(echo $privkey | /usr/bin/wg pubkey)"
|
pubkey="$(echo $privkey | /usr/bin/wg pubkey)"
|
||||||
address="${ipv4}/${IPV4_NET##*/},${ipv6}/${IPV6_NET##*/}"
|
address="${ipv4}/${IPV4_NET##*/},${ipv6}/${IPV6_NET##*/}"
|
||||||
server_blocks=''
|
server_blocks=''
|
||||||
while read server_hostname server_ipv4 server_ipv6 server_pubkey server_endpoint server_admin server_secret; do
|
while read -r -a arr; do
|
||||||
|
server_hostname="${arr[0]}"
|
||||||
|
server_ipv4="${arr[1]}"
|
||||||
|
server_ipv6="${arr[2]}"
|
||||||
|
server_pubkey="${arr[3]}"
|
||||||
|
server_endpoint="${arr[4]}"
|
||||||
|
server_admin="${arr[5]}"
|
||||||
|
server_secret="${arr[6]}"
|
||||||
server_psk="$(/usr/bin/wg genpsk)"
|
server_psk="$(/usr/bin/wg genpsk)"
|
||||||
server_blocks="${server_blocks}\n[Peer] # ${server_hostname}.${TLD}\nPublicKey=${server_pubkey}\nPresharedKey=${server_psk}\nAllowedIPs=${server_ipv4}/32,${server_ipv6}/128\nEndpoint=${server_endpoint}\n"
|
server_blocks="${server_blocks}\n[Peer] # ${server_hostname}.${TLD}\nPublicKey=${server_pubkey}\nPresharedKey=${server_psk}\nAllowedIPs=${server_ipv4}/32,${server_ipv6}/128\nEndpoint=${server_endpoint}\n"
|
||||||
if [ "${server_hostname}" == "${LOCAL_SERVER}" ]
|
if [ "${server_hostname}" == "${LOCAL_SERVER}" ]
|
||||||
# Add new user to local server
|
# Add new user to local server
|
||||||
then "${LIB_DIR}/wg_peer_add" "${pubkey}" "${server_psk}" "${ipv4}/32,${ipv6}/128"
|
then printf "Adding ${domain} to local server..." >>"${LOGFILE}"
|
||||||
[ ${?} -ne 0 ] && printf 'Failed to add new peer ${ipv4} to local server!' >&2 # TODO: clear existing progress and exit 15
|
#"${LIB_DIR}/wg_peer_add" "${pubkey}" "${server_psk}" "${ipv4}/32,${ipv6}/128"
|
||||||
|
true
|
||||||
|
[ ${?} -ne 0 ] && (
|
||||||
|
printf 'Failed to add new peer ${ipv4} to local server!' >>"${LOGFILE}"
|
||||||
|
# TODO: clear existing progress and exit 15
|
||||||
|
)
|
||||||
# Send new user config to federated server
|
# Send new user config to federated server
|
||||||
else "${LIB_DIR}/fed_add" "${server_admin}" "${pubkey}" "${server_psk}" "${ipv4}/32,${ipv6}/128" "${server_secret}"
|
else printf "Sending ${domain} to remote server ${server_hostname}..." >>"${LOGFILE}"
|
||||||
[ ${?} -ne 0 ] && printf 'Failed to add new peer ${ipv4} to federated server ${server_hostname}!' >&2 # TODO: clear existing progress and exit 16
|
#"${LIB_DIR}/fed_add" "${server_admin}" "${pubkey}" "${server_psk}" "${ipv4}/32,${ipv6}/128" "${server_secret}"
|
||||||
|
true
|
||||||
|
[ ${?} -ne 0 ] && (
|
||||||
|
printf 'Failed to add new peer ${ipv4} to federated server ${server_hostname}!' >>"${LOGFILE}"
|
||||||
|
# TODO: clear existing progress and exit 16
|
||||||
|
)
|
||||||
fi
|
fi
|
||||||
done <${SERVERS_FILE}
|
done <${SERVERS_FILE}
|
||||||
wg_config="[Interface] # ${hostname}.${username}.${TLD}\nPrivateKey=${privkey}\nAddress=${address}\n${WG_DNS}\n${server_blocks}"
|
wg_config="[Interface] # ${hostname}.${username}.${TLD}\nPrivateKey=${privkey}\nAddress=${address}\n${WG_DNS}\n${server_blocks}"
|
||||||
|
|
||||||
# Respond to user
|
# Respond to user
|
||||||
|
# Do it before updating nameserver and certs because
|
||||||
|
# if wireguard worked, there's no going back. The admin
|
||||||
|
# can clean up missing records and certs after checking the logs
|
||||||
printf "${wg_config}" | "${LIB_DIR}/http_res"
|
printf "${wg_config}" | "${LIB_DIR}/http_res"
|
||||||
|
|
||||||
# Update nameserver
|
# Update nameserver
|
||||||
"${LIB_DIR}/ns_update_add" "${domain}" "${ipv4}" "${ipv6}"
|
#"${LIB_DIR}/ns_update_add" "${domain}" "${ipv4}" "${ipv6}"
|
||||||
[ ${?} -ne 0 ] && printf "Failed to add ${domain} ${ipv4} ${ipv6} to DNS server!" >&2
|
true
|
||||||
|
[ ${?} -ne 0 ] && printf "Failed to add ${domain} ${ipv4} ${ipv6} to DNS server!" >>"${LOGFILE}"
|
||||||
|
|
||||||
# Create SSL cert
|
# Create SSL cert
|
||||||
sudo "${LIB_DIR}/ssl_peer_add" "${hostname}" "${username}" "IP:${ipv4},IP:${ipv6}"
|
#sudo "${LIB_DIR}/ssl_peer_add" "${hostname}" "${username}" "IP:${ipv4},IP:${ipv6}"
|
||||||
[ ${?} -ne 0 ] && printf "Failed to add ${domain} ${ipv4} ${ipv6} to DNS server!" >&2
|
true
|
||||||
|
[ ${?} -ne 0 ] && printf "Failed to create certs for ${domain} with IPS: ${ipv4} ${ipv6}!" >>"${LOGFILE}"
|
||||||
|
|
Loading…
Reference in New Issue