Tweaks for delete code
parent
b193f31874
commit
6a4e23db81
|
@ -1,7 +1,7 @@
|
||||||
#!/bin/bash
|
#!/bin/bash
|
||||||
# FILE: wgapi:back/api/dashboard/add
|
# FILE: wgapi:back/api/dashboard/add
|
||||||
# DESCRIPTION: Add a new peer
|
# DESCRIPTION: Add a new peer
|
||||||
# USAGE: add ip querystring
|
# USAGE: add remote_ip querystring
|
||||||
# ERRORS:
|
# ERRORS:
|
||||||
# 3: bad args/usage
|
# 3: bad args/usage
|
||||||
# 4: vars file not found
|
# 4: vars file not found
|
||||||
|
@ -19,12 +19,24 @@
|
||||||
|
|
||||||
CONFIG_FILE='/etc/wgapi/config'
|
CONFIG_FILE='/etc/wgapi/config'
|
||||||
SERVERS_FILE='/etc/wgapi/servers'
|
SERVERS_FILE='/etc/wgapi/servers'
|
||||||
[ ${#} -eq 2 ] || exit 3
|
if ! [ ${#} -eq 2 ]; then
|
||||||
[ -x '/usr/bin/wg' ] || exit 5
|
printf 'ERROR! Bad input: %s %s\n' "${0}" "${*}" >>"${LOGFILE}"
|
||||||
[ -f "${CONFIG_FILE}" ] || exit 4
|
exit 3
|
||||||
[ -f "${SERVERS_FILE}" ] || exit 12
|
fi; if ! [ -x '/usr/bin/wg' ]; then
|
||||||
|
printf 'ERROR! %s could not find /usr/bin/wg\n' "${0}" >>"${LOGFILE}"
|
||||||
|
exit 5
|
||||||
|
fi; if ! [ -f "${CONFIG_FILE}" ]; then
|
||||||
|
printf 'ERROR! %s could not find %s!\n' "${0}" "${CONFIG_FILE}" >>"${LOGFILE}"
|
||||||
|
exit 4
|
||||||
|
fi
|
||||||
source "${CONFIG_FILE}"
|
source "${CONFIG_FILE}"
|
||||||
[ -f "${TOKENS_FILE}" ] || exit 9
|
if ! [ -f "${SERVERS_FILE}" ]; then
|
||||||
|
printf 'ERROR! %s could not find %s!\n' "${0}" "${SERVERS_FILE}" >>"${LOGFILE}"
|
||||||
|
exit 12
|
||||||
|
fi; if ! [ -f "${TOKENS_FILE}" ]; then
|
||||||
|
printf 'ERROR! %s could not find %s!\n' "${0}" "${TOKENS_FILE}" >>"${LOGFILE}"
|
||||||
|
exit 9
|
||||||
|
fi
|
||||||
ip="${1}"
|
ip="${1}"
|
||||||
qs="$(<<<"${2}" tr '&' '\n' | sed 's/?//')"
|
qs="$(<<<"${2}" tr '&' '\n' | sed 's/?//')"
|
||||||
|
|
||||||
|
@ -81,13 +93,11 @@ hostnumber=1; while <<<"${used_hostnumbers}" grep -q "${hostnumber}"
|
||||||
done
|
done
|
||||||
ipv4="${IPV4_NET%.*.*}.${usernumber}.${hostnumber}"
|
ipv4="${IPV4_NET%.*.*}.${usernumber}.${hostnumber}"
|
||||||
ipv6="${IPV6_NET%:*:*}:${usernumber}:${hostnumber}"
|
ipv6="${IPV6_NET%:*:*}:${usernumber}:${hostnumber}"
|
||||||
printf 'IP addresses for %s created: %s %s\n' "${domain:?}" "${ipv4:?}" "${ipv6:?}" \
|
if ! printf 'IP addresses for %s created: %s %s\n' "${domain:?}" "${ipv4:?}" "${ipv6:?}" \
|
||||||
>>"${LOGFILE}" || (
|
>>"${LOGFILE}"; then
|
||||||
printf 'ERROR! Failed to create IP addresses for %s!' "${domain}" >>"${LOGFILE}"
|
printf 'ERROR! Failed to create IP addresses for %s!' "${domain}" >>"${LOGFILE}"
|
||||||
|
|
||||||
exit 11
|
exit 11
|
||||||
)
|
fi
|
||||||
# TODO: Check it or exit 11
|
|
||||||
|
|
||||||
# Create wg config
|
# Create wg config
|
||||||
privkey="$(/usr/bin/wg genkey)"
|
privkey="$(/usr/bin/wg genkey)"
|
||||||
|
@ -111,7 +121,8 @@ while IFS=$'\t' read -r server_hostname server_ipv4 server_ipv6 server_pubkey se
|
||||||
fi
|
fi
|
||||||
# Send new user config to federated server
|
# Send new user config to federated server
|
||||||
else printf 'Sending %s to remote wireguard server %s... ' "${domain}" "${server_hostname}" >>"${LOGFILE}"
|
else printf 'Sending %s to remote wireguard server %s... ' "${domain}" "${server_hostname}" >>"${LOGFILE}"
|
||||||
#if "${LIB_DIR}/fed_add" "${server_admin}" "${pubkey}" "${server_psk}" "${ipv4}/32,${ipv6}/128" "${server_secret}"; then
|
# TODO Add federated peer
|
||||||
|
#if "${LIB_DIR}/fed_peer_add" "${server_admin}" "${pubkey}" "${server_psk}" "${ipv4}/32,${ipv6}/128" "${server_secret}"; then
|
||||||
printf 'success.\n' >>"${LOGFILE}"
|
printf 'success.\n' >>"${LOGFILE}"
|
||||||
#else
|
#else
|
||||||
# printf 'failed!\n' >>"${LOGFILE}"
|
# printf 'failed!\n' >>"${LOGFILE}"
|
||||||
|
|
|
@ -1,19 +1,41 @@
|
||||||
#!/bin/bash
|
#!/bin/bash
|
||||||
# FILE: wgapi:back/api/dashboard/del
|
# FILE: wgapi:back/api/dashboard/del
|
||||||
# DESCRIPTION: Del a peer
|
# DESCRIPTION: Del a peer
|
||||||
# USAGE: del ip querystring
|
# USAGE: del remote_ip querystring
|
||||||
# ERRORS:
|
# ERRORS:
|
||||||
# 3: Bad usage
|
# 3: Bad usage
|
||||||
# 4: Missing config
|
# 4: Missing config
|
||||||
# 5: Invalid token
|
# 5: wg not found
|
||||||
|
# 8: Invalid token
|
||||||
|
# 6: Pubkey not in user peer list
|
||||||
|
|
||||||
[ ${#} -eq 2 ] || exit 3
|
|
||||||
CONFIG_FILE='/etc/wgapi/config'
|
CONFIG_FILE='/etc/wgapi/config'
|
||||||
[ -f "${CONFIG_FILE}" ] || exit 4
|
SERVERS_FILE='/etc/wgapi/servers'
|
||||||
|
if ! [ ${#} -eq 2 ]; then
|
||||||
|
printf 'ERROR! Bad input: %s %s\n' "${0}" "${*}" >>"${LOGFILE}"
|
||||||
|
exit 3
|
||||||
|
fi; if ! [ -x '/usr/bin/wg' ]; then
|
||||||
|
printf 'ERROR! %s could not find /usr/bin/wg\n' "${0}" >>"${LOGFILE}"
|
||||||
|
exit 5
|
||||||
|
fi; if ! [ -f "${CONFIG_FILE}" ]; then
|
||||||
|
printf 'ERROR! %s could not find %s!\n' "${0}" "${CONFIG_FILE}" >>"${LOGFILE}"
|
||||||
|
exit 4
|
||||||
|
fi
|
||||||
source "${CONFIG_FILE}"
|
source "${CONFIG_FILE}"
|
||||||
|
if ! [ -f "${SERVERS_FILE}" ]; then
|
||||||
|
printf 'ERROR! %s could not find %s!\n' "${0}" "${SERVERS_FILE}" >>"${LOGFILE}"
|
||||||
|
exit 4
|
||||||
|
fi; if ! [ -f "${TOKENS_FILE}" ]; then
|
||||||
|
printf 'ERROR! %s could not find %s!\n' "${0}" "${TOKENS_FILE}" >>"${LOGFILE}"
|
||||||
|
exit 4
|
||||||
|
fi
|
||||||
ip="${1}"
|
ip="${1}"
|
||||||
qs="$(<<<"${2}" tr '&' '\n' | sed 's/?//')"
|
qs="$(<<<"${2}" tr '&' '\n' | sed 's/?//')"
|
||||||
|
|
||||||
|
# Parse pubkey
|
||||||
|
pubkey="$(<<<"${qs#}" grep 'pubkey=' | sed 's/pubkey=//')"
|
||||||
|
printf '%s requested to delete %s\n' "${ip}" "${pubkey}" >>"${LOGFILE}"
|
||||||
|
|
||||||
# Check token
|
# Check token
|
||||||
token_fail(){
|
token_fail(){
|
||||||
printf 'Rejecting %s request for new peer due to %s token\n' "${ip}" "${1}" >>"${LOGFILE}"
|
printf 'Rejecting %s request for new peer due to %s token\n' "${ip}" "${1}" >>"${LOGFILE}"
|
||||||
|
@ -22,15 +44,47 @@ token_fail(){
|
||||||
}
|
}
|
||||||
saved_token="$(grep "${ip}" "${TOKENS_FILE}" | cut -f2)"
|
saved_token="$(grep "${ip}" "${TOKENS_FILE}" | cut -f2)"
|
||||||
[ "${saved_token}" == "" ] && token_fail 'missing'
|
[ "${saved_token}" == "" ] && token_fail 'missing'
|
||||||
<<<"${qs}" grep -x "t=${saved_token}" || token_fail 'mismatched'
|
<<<"${qs}" grep -qx "t=${saved_token}" || token_fail 'mismatched'
|
||||||
|
printf '%s token was valid\n' "${ip}" >>"${LOGFILE}"
|
||||||
|
|
||||||
# Parse pubkey
|
# Get peer
|
||||||
pubkey="$(<<<"${qs#?*}" tr '&' ' ' | grep -oP 'k=[^\s]*' | cut -d'=' -f2)"
|
if ! peer="$("${LIB_DIR}/wg_peer_list" "${ip}" 'tsv' | grep "${pubkey}")"; then
|
||||||
|
printf 'ERROR! Peer %s not found for user %s!\n' "${pubkey}" "${ip}" >>"${LOGFILE}"
|
||||||
|
printf 'Peer not found\n' | "${LIB_DIR}/http_res" 404
|
||||||
|
exit 6
|
||||||
|
fi
|
||||||
|
domain="$(<<"${peer}" cut -f1)"
|
||||||
|
ipv4="$(<<"${peer}" cut -f2)"
|
||||||
|
ipv6="$(<<"${peer}" cut -f3)"
|
||||||
|
if ! printf 'Delete request was for %s %s %s\n' "${domain:?}" "${ipv4:?}" "${ipv6:?}" >>"${LOGFILE}"; then
|
||||||
|
printf 'ERROR! Failed to collect peer data: %s %s %s\n' "${domain}" "${ipv4}" "${ipv6}" >>"${LOGFILE}"
|
||||||
|
printf 'Failed to collect peer data\n' | "${LIB_DIR}/http_res" 500
|
||||||
|
exit 6
|
||||||
|
fi
|
||||||
|
hostname="$(<<<"${domain}" cut -d'.' -f1)"
|
||||||
|
username="$(<<<"${domain}" cut -d'.' -f2)"
|
||||||
|
|
||||||
|
# Wireguard
|
||||||
|
# TODO: Do this loop in parallel
|
||||||
while IFS=$'\t' read -r server_hostname server_ipv4 server_ipv6 server_pubkey server_endpoint server_admin server_secret; do
|
while IFS=$'\t' read -r server_hostname server_ipv4 server_ipv6 server_pubkey server_endpoint server_admin server_secret; do
|
||||||
if [ "${server_hostname}" == "${LOCAL_SERVER}" ]
|
if [ "${server_hostname}" == "${LOCAL_SERVER}" ]
|
||||||
then "${LIB_DIR}/wg_user_del" "${pubkey}"
|
then printf 'Deleting %s from local wireguard server... ' "${domain}" >>"${LOGFILE}"
|
||||||
else "${LIB_DIR}/fed_del" "${server_admin}" "${pubkey}" "${server_secret}"
|
if "${LIB_DIR}/wg_peer_del" "${pubkey}"; then
|
||||||
|
printf 'success.\n' >>"${LOGFILE}"
|
||||||
|
else
|
||||||
|
printf 'failed!\n' >>"${LOGFILE}"
|
||||||
|
# TODO: clear existing progress
|
||||||
|
exit 15
|
||||||
|
fi
|
||||||
|
else printf 'Deleting %s from remote wireguard server %s... ' "${domain}" "${server_hostname}" >>"${LOGFILE}"
|
||||||
|
# TODO Add federated peer
|
||||||
|
#if "${LIB_DIR}/fed_peer_add" "${server_admin}" "${pubkey}" "${server_psk}" "${ipv4}/32,${ipv6}/128" "${server_secret}"; then
|
||||||
|
printf 'success.\n' >>"${LOGFILE}"
|
||||||
|
#else
|
||||||
|
# printf 'failed!\n' >>"${LOGFILE}"
|
||||||
|
# # TODO: clear existing progress
|
||||||
|
# exit 16
|
||||||
|
#fi"${LIB_DIR}/fed_peer_del" "${server_admin}" "${pubkey}" "${server_secret}"
|
||||||
fi
|
fi
|
||||||
done <"${SERVERS_FILE}"
|
done <"${SERVERS_FILE}"
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue