Completely replaced logfile with stderr
parent
66d8521ce9
commit
aa35d5c31a
|
@ -4,7 +4,7 @@
|
|||
|
||||
CONFIG_FILE='/etc/wgapi/config'
|
||||
if ! [ -f "${CONFIG_FILE}" ]; then
|
||||
printf 'ERROR! %s could not find %s!\n' "${0}" "${CONFIG_FILE}" >>"${LOGFILE}"
|
||||
printf 'ERROR! %s could not find %s!\n' "${0}" "${CONFIG_FILE}" >&2
|
||||
"${LIB_DIR}/http_res" 500; exit
|
||||
fi; source "${CONFIG_FILE}"
|
||||
|
||||
|
|
|
@ -4,7 +4,7 @@
|
|||
|
||||
CONFIG_FILE='/etc/wgapi/config'
|
||||
if ! [ -f "${CONFIG_FILE}" ]; then
|
||||
printf 'ERROR! %s could not find %s!\n' "${0}" "${CONFIG_FILE}" >>"${LOGFILE}"
|
||||
printf 'ERROR! %s could not find %s!\n' "${0}" "${CONFIG_FILE}" >&2
|
||||
"${LIB_DIR}/http_res" 500; exit
|
||||
fi; source "${CONFIG_FILE}"
|
||||
|
||||
|
|
|
@ -7,7 +7,7 @@
|
|||
|
||||
CONFIG_FILE='/etc/wgapi/config'
|
||||
if ! [ -f "${CONFIG_FILE}" ]; then
|
||||
printf 'ERROR! %s could not find %s!\n' "${0}" "${CONFIG_FILE}" >>"${LOGFILE}"
|
||||
printf 'ERROR! %s could not find %s!\n' "${0}" "${CONFIG_FILE}" >&2
|
||||
"${LIB_DIR}/http_res" 500; exit
|
||||
fi; source "${CONFIG_FILE}"
|
||||
|
||||
|
|
|
@ -6,7 +6,7 @@
|
|||
# 4: Missing config file
|
||||
CONFIG_FILE='/etc/wgapi/config'
|
||||
if ! [ -f "${CONFIG_FILE}" ]; then
|
||||
printf 'ERROR! %s could not find %s!\n' "${0}" "${CONFIG_FILE}" >>"${LOGFILE}"
|
||||
printf 'ERROR! %s could not find %s!\n' "${0}" "${CONFIG_FILE}" >&2
|
||||
exit 4
|
||||
fi; source "${CONFIG_FILE}"
|
||||
|
||||
|
|
|
@ -7,10 +7,10 @@
|
|||
|
||||
CONFIG_FILE='/etc/wgapi/config'
|
||||
if ! [ ${#} -eq 0 ]; then
|
||||
printf 'ERROR! Bad input: %s %s\n' "${0}" "${*}" >>"${LOGFILE}"
|
||||
printf 'ERROR! Bad input: %s %s\n' "${0}" "${*}" >&2
|
||||
exit 3
|
||||
fi & if ! [ -f "${CONFIG_FILE}" ]; then
|
||||
printf 'ERROR! %s could not find %s!\n' "${0}" "${CONFIG_FILE}" >>"${LOGFILE}"
|
||||
printf 'ERROR! %s could not find %s!\n' "${0}" "${CONFIG_FILE}" >&2
|
||||
exit 4
|
||||
fi; source "${CONFIG_FILE}"
|
||||
|
||||
|
|
|
@ -7,21 +7,21 @@
|
|||
CONFIG_FILE='/etc/wgapi/config'
|
||||
SERVERS_FILE='/etc/wgapi/servers'
|
||||
if ! [ ${#} -eq 2 ]; then
|
||||
printf 'ERROR! Bad input: %s %s\n' "${0}" "${*}" >>"${LOGFILE}"
|
||||
printf 'ERROR! Bad input: %s %s\n' "${0}" "${*}" >&2
|
||||
"${LIB_DIR}/http_res" 500; exit
|
||||
fi & if ! [ -x '/usr/bin/wg' ]; then
|
||||
printf 'ERROR! %s could not find /usr/bin/wg\n' "${0}" >>"${LOGFILE}"
|
||||
printf 'ERROR! %s could not find /usr/bin/wg\n' "${0}" >&2
|
||||
"${LIB_DIR}/http_res" 500; exit
|
||||
fi & if ! [ -f "${CONFIG_FILE}" ]; then
|
||||
printf 'ERROR! %s could not find %s!\n' "${0}" "${CONFIG_FILE}" >>"${LOGFILE}"
|
||||
printf 'ERROR! %s could not find %s!\n' "${0}" "${CONFIG_FILE}" >&2
|
||||
"${LIB_DIR}/http_res" 500; exit
|
||||
fi
|
||||
source "${CONFIG_FILE}"
|
||||
if ! [ -f "${SERVERS_FILE}" ]; then
|
||||
printf 'ERROR! %s could not find %s!\n' "${0}" "${SERVERS_FILE}" >>"${LOGFILE}"
|
||||
printf 'ERROR! %s could not find %s!\n' "${0}" "${SERVERS_FILE}" >&2
|
||||
"${LIB_DIR}/http_res" 500; exit
|
||||
fi & if ! [ -f "${TOKENS_FILE}" ]; then
|
||||
printf 'ERROR! %s could not find %s!\n' "${0}" "${TOKENS_FILE}" >>"${LOGFILE}"
|
||||
printf 'ERROR! %s could not find %s!\n' "${0}" "${TOKENS_FILE}" >&2
|
||||
"${LIB_DIR}/http_res" 500; exit
|
||||
fi
|
||||
ip="${1}"
|
||||
|
@ -29,54 +29,54 @@ qs="$(<<<"${2}" tr '&' '\n' | sed 's/?//')"
|
|||
|
||||
# Check token
|
||||
token_fail(){
|
||||
printf 'Rejecting admin %s request for new peer due to %s token\n' "${ip}" "${1}" >>"${LOGFILE}"
|
||||
printf 'Rejecting admin %s request for new peer due to %s token\n' "${ip}" "${1}" >&2
|
||||
printf 'Invalid token\n' | "${LIB_DIR}/http_res" 403; exit
|
||||
}
|
||||
saved_token="$(grep "${ip}" "${TOKENS_FILE}" | cut -f2)"
|
||||
[ "${saved_token}" == "" ] && token_fail 'missing' &
|
||||
<<<"${qs}" grep -qx "t=${saved_token}" || token_fail 'mismatched'
|
||||
printf '%s token was valid\n' "${ip}" >>"${LOGFILE}"
|
||||
printf '%s token was valid\n' "${ip}" >&2
|
||||
|
||||
# Parse new hostname and username and usernumber
|
||||
hostname="$(<<<"${qs}" grep -oP 'host=(.*)' | sed 's/^host=//' | xargs | tr -dc 'a-z0-9' | head -c10)"
|
||||
username="$(<<<"${qs}" grep -oP 'user=(.*)' | sed 's/^user=//')"
|
||||
usernumber="$(<<<"${qs}" grep -oP 'num=(.*)' | sed 's/^num=//')"
|
||||
if ! domain="${hostname:?}.${username:?}.${TLD:?}"; then
|
||||
printf 'ERROR! Hostname "%s" or username "%s" or tld "%s" missing!\n' "${hostname}" "${username}" "${TLD}" >>"${LOGFILE}"
|
||||
printf 'ERROR! Hostname "%s" or username "%s" or tld "%s" missing!\n' "${hostname}" "${username}" "${TLD}" >&2
|
||||
printf 'Hostname or username missing!\n' | "${LIB_DIR}/http_res" 400; exit
|
||||
elif [[ "${usernumber}" == "" ]]; then
|
||||
printf 'Usernumber missing!\n' | tee -a "${LOGFILE}" | "${LIB_DIR}/http_res" 400; exit
|
||||
printf 'Usernumber missing!\n' | tee >(cat 1>&2) | "${LIB_DIR}/http_res" 400; exit
|
||||
else
|
||||
printf 'Admin %s requested new peer %s for user number %s\n' "${ip}" "${domain}" "${usernumber}" >>"${LOGFILE}"
|
||||
printf 'Admin %s requested new peer %s for user number %s\n' "${ip}" "${domain}" "${usernumber}" >&2
|
||||
fi
|
||||
|
||||
# Check hostname length
|
||||
if ! [[ ${#hostname} -ge 3 ]]; then
|
||||
printf 'Rejecting hostname %s because it is too short.\n' "${hostname}" >>"${LOGFILE}"
|
||||
printf 'Rejecting hostname %s because it is too short.\n' "${hostname}" >&2
|
||||
printf 'Hostname too short\n' | "${LIB_DIR}/http_res" 400; exit
|
||||
fi
|
||||
|
||||
# Check if new peer already exists
|
||||
if "${LIB_DIR}/ns_lookup_send" "${domain}" >/dev/null; then
|
||||
printf 'Host %s already exists!\n' "${domain}" | tee -a "${LOGFILE}" | "${LIB_DIR}/http_res" 409; exit
|
||||
printf 'Host %s already exists!\n' "${domain}" | tee >(cat 1>&2) | "${LIB_DIR}/http_res" 409; exit
|
||||
fi
|
||||
|
||||
# Get all peer IPs
|
||||
if ! wg_output="$(sudo /usr/bin/wg show "${TLD}" allowed-ips)"; then
|
||||
printf 'ERROR! Wireguard failed!\n' >>"${LOGFILE}"
|
||||
printf 'ERROR! Wireguard failed!\n' >&2
|
||||
"${LIB_DIR}/http_res" 500; exit
|
||||
fi
|
||||
|
||||
# Filter out the user's
|
||||
user_peers="$(grep "${IPV4_NET%.*.*}.${usernumber}." <<<"${wg_output}" 2>/dev/null)"
|
||||
if [ "${user_peers}" == "" ]; then
|
||||
printf "ERROR! Couldn't find any peers for %s!\n" "${IPV4_NET%.*.*}.${usernumber}." >>"${LOGFILE}"
|
||||
printf "ERROR! Couldn't find any peers for %s!\n" "${IPV4_NET%.*.*}.${usernumber}." >&2
|
||||
"${LIB_DIR}/http_res" 500; exit
|
||||
fi
|
||||
|
||||
# Get user peer domains
|
||||
if ! peers="$("${LIB_DIR}/ips_to_peers" tsv <<<"${user_peers}")"; then
|
||||
printf 'ERROR! Failed to retrieve peers for %s!\n' "${IPV4_NET%.*.*}.${usernumber}" >>"${LOGFILE}"
|
||||
printf 'ERROR! Failed to retrieve peers for %s!\n' "${IPV4_NET%.*.*}.${usernumber}" >&2
|
||||
"${LIB_DIR}/http_res" 500; exit
|
||||
fi
|
||||
|
||||
|
@ -90,9 +90,8 @@ hostnumber=1; while <<<"${used_hostnumbers}" grep -q "${hostnumber}"
|
|||
done
|
||||
ipv4="${IPV4_NET%.*.*}.${usernumber}.${hostnumber}"
|
||||
ipv6="${IPV6_NET%:*:*}:${usernumber}:${hostnumber}"
|
||||
if ! printf 'IP addresses for %s created: %s %s\n' "${domain:?}" "${ipv4:?}" "${ipv6:?}" \
|
||||
>>"${LOGFILE}"; then
|
||||
printf 'ERROR! Failed to create IP addresses for %s!' "${domain}" >>"${LOGFILE}"
|
||||
if ! printf 'IP addresses for %s created: %s %s\n' "${domain:?}" "${ipv4:?}" "${ipv6:?}" >&2; then
|
||||
printf 'ERROR! Failed to create IP addresses for %s!' "${domain}" >&2
|
||||
"${LIB_DIR}/http_res" 500; exit
|
||||
fi
|
||||
|
||||
|
@ -103,14 +102,14 @@ address="${ipv4}/${IPV4_NET##*/},${ipv6}/${IPV6_NET##*/}"
|
|||
|
||||
# Update nameserver
|
||||
if "${LIB_DIR}/ns_update_add" "${domain:?}" "${ipv4:?}" "${ipv6:?}"
|
||||
then printf 'Successfully added %s to DNS server.\n' "${domain}" >>"${LOGFILE}"
|
||||
else printf 'ERROR! Failed to add %s %s %s to DNS server!\n' "${domain}" "${ipv4}" "${ipv6}" >>"${LOGFILE}"
|
||||
then printf 'Successfully added %s to DNS server.\n' "${domain}" >&2
|
||||
else printf 'ERROR! Failed to add %s %s %s to DNS server!\n' "${domain}" "${ipv4}" "${ipv6}" >&2
|
||||
fi &
|
||||
|
||||
# Create SSL cert
|
||||
if "${LIB_DIR}/ssl_peer_add" "${hostname:?}" "${username:?}" "IP:${ipv4},IP:${ipv6}"
|
||||
then printf 'Successfully signed SSL certs for %s\n' "${domain}" >>"${LOGFILE}"
|
||||
else printf 'ERROR! Failed to create certs for %s with IPS: %s %s!\n' "${domain}" "${ipv4}" "${ipv6}" >>"${LOGFILE}"
|
||||
then printf 'Successfully signed SSL certs for %s\n' "${domain}" >&2
|
||||
else printf 'ERROR! Failed to create certs for %s with IPS: %s %s!\n' "${domain}" "${ipv4}" "${ipv6}" >&2
|
||||
fi
|
||||
|
||||
# Do the wireguard and tell the user
|
||||
|
@ -123,9 +122,9 @@ while IFS=$'\t' read -r server_hostname server_ipv4 server_ipv6 server_pubkey se
|
|||
server_blocks="${server_blocks}\n[Peer] # ${server_hostname}.${TLD}\nPublicKey=${server_pubkey}\nPresharedKey=${server_psk}\nAllowedIPs=${server_ipv4}/${IPV4_NET#*/},${server_ipv6}/${IPV6_NET#*/}\nEndpoint=${server_endpoint}\n"
|
||||
# Add new user to local wireguard
|
||||
if "${LIB_DIR}/wg_peer_add" "${pubkey}" "${server_psk}" "${ipv4}/32,${ipv6}/128"; then
|
||||
printf 'Added %s to local wireguard server.\n' "${domain}" >>"${LOGFILE}"
|
||||
printf 'Added %s to local wireguard server.\n' "${domain}" >&2
|
||||
else
|
||||
printf 'ERROR! Failed to add %s to local wireguard server!\n' "${domain}" >>"${LOGFILE}"
|
||||
printf 'ERROR! Failed to add %s to local wireguard server!\n' "${domain}" >&2
|
||||
"${LIB_DIR}/http_res" 500; exit
|
||||
fi
|
||||
# Remote server
|
||||
|
@ -133,9 +132,9 @@ while IFS=$'\t' read -r server_hostname server_ipv4 server_ipv6 server_pubkey se
|
|||
server_blocks="${server_blocks}\n[Peer] # ${server_hostname}.${TLD}\nPublicKey=${server_pubkey}\nPresharedKey=${server_psk}\nAllowedIPs=${server_ipv4}/32,${server_ipv6}/128\nEndpoint=${server_endpoint}\n"
|
||||
# Send new user config to federated server
|
||||
if "${LIB_DIR}/fed_peer_add" "${server_admin}" "${pubkey}" "${server_psk}" "${ipv4}/32,${ipv6}/128" "${server_secret}"; then
|
||||
printf 'Sent %s to remote wireguard server %s.\n' "${domain}" "${server_hostname}" >>"${LOGFILE}"
|
||||
printf 'Sent %s to remote wireguard server %s.\n' "${domain}" "${server_hostname}" >&2
|
||||
else
|
||||
printf 'ERROR! Failed to send %s to remote wireguard server %s!\n' "${domain}" "${server_hostname}" >>"${LOGFILE}"
|
||||
printf 'ERROR! Failed to send %s to remote wireguard server %s!\n' "${domain}" "${server_hostname}" >&2
|
||||
fi
|
||||
fi
|
||||
done <"${SERVERS_FILE}"
|
||||
|
|
|
@ -7,20 +7,20 @@
|
|||
CONFIG_FILE='/etc/wgapi/config'
|
||||
SERVERS_FILE='/etc/wgapi/servers'
|
||||
if ! [ ${#} -eq 2 ]; then
|
||||
printf 'ERROR! Bad input: %s %s\n' "${0}" "${*}" >>"${LOGFILE}"
|
||||
printf 'ERROR! Bad input: %s %s\n' "${0}" "${*}" >&2
|
||||
"${LIB_DIR}/http_res" 500; exit
|
||||
fi & if ! [ -x '/usr/bin/wg' ]; then
|
||||
printf 'ERROR! %s could not find /usr/bin/wg\n' "${0}" >>"${LOGFILE}"
|
||||
printf 'ERROR! %s could not find /usr/bin/wg\n' "${0}" >&2
|
||||
"${LIB_DIR}/http_res" 500; exit
|
||||
fi & if ! [ -f "${CONFIG_FILE}" ]; then
|
||||
printf 'ERROR! %s could not find %s!\n' "${0}" "${CONFIG_FILE}" >>"${LOGFILE}"
|
||||
printf 'ERROR! %s could not find %s!\n' "${0}" "${CONFIG_FILE}" >&2
|
||||
"${LIB_DIR}/http_res" 500; exit
|
||||
fi; source "${CONFIG_FILE}"
|
||||
if ! [ -f "${SERVERS_FILE}" ]; then
|
||||
printf 'ERROR! %s could not find %s!\n' "${0}" "${SERVERS_FILE}" >>"${LOGFILE}"
|
||||
printf 'ERROR! %s could not find %s!\n' "${0}" "${SERVERS_FILE}" >&2
|
||||
"${LIB_DIR}/http_res" 500; exit
|
||||
fi & if ! [ -f "${TOKENS_FILE}" ]; then
|
||||
printf 'ERROR! %s could not find %s!\n' "${0}" "${TOKENS_FILE}" >>"${LOGFILE}"
|
||||
printf 'ERROR! %s could not find %s!\n' "${0}" "${TOKENS_FILE}" >&2
|
||||
"${LIB_DIR}/http_res" 500; exit
|
||||
fi
|
||||
ip="${1}"
|
||||
|
@ -28,47 +28,47 @@ qs="$(<<<"${2}" tr '&' '\n' | sed 's/?//')"
|
|||
|
||||
# Parse pubkey
|
||||
pubkey="$(<<<"${qs#}" grep 'pubkey=' | sed 's/pubkey=//')"
|
||||
printf '%s requested to delete %s\n' "${ip}" "${pubkey}" >>"${LOGFILE}"
|
||||
printf '%s requested to delete %s\n' "${ip}" "${pubkey}" >&2
|
||||
|
||||
# Check token
|
||||
token_fail(){
|
||||
printf 'Rejecting admin %s request to delete peer due to %s token\n' "${ip}" "${1}" >>"${LOGFILE}"
|
||||
printf 'Rejecting admin %s request to delete peer due to %s token\n' "${ip}" "${1}" >&2
|
||||
printf 'Invalid token\n' | "${LIB_DIR}/http_res" 403; exit
|
||||
}
|
||||
saved_token="$(grep "${ip}" "${TOKENS_FILE}" | cut -f2)"
|
||||
[ "${saved_token}" == "" ] && token_fail 'missing' &
|
||||
<<<"${qs}" grep -qx "t=${saved_token}" || token_fail 'mismatched'
|
||||
printf '%s token was valid\n' "${ip}" >>"${LOGFILE}"
|
||||
printf '%s token was valid\n' "${ip}" >&2
|
||||
|
||||
# Get peer IP list
|
||||
if ! wg_output="$(sudo /usr/bin/wg show "${TLD}" allowed-ips)"; then
|
||||
printf 'ERROR! Wireguard failed!\n' >>"${LOGFILE}"
|
||||
printf 'ERROR! Wireguard failed!\n' >&2
|
||||
"${LIB_DIR}/http_res" 500; exit
|
||||
fi
|
||||
|
||||
# Filter out this user's
|
||||
user_peer="$(grep "${pubkey}" <<<"${wg_output}" 2>/dev/null)"
|
||||
if [ "${user_peer}" == "" ]; then
|
||||
printf 'ERROR! Could not find user for pubkey %s!\n' "${pubkey}" >>"${LOGFILE}"
|
||||
printf 'ERROR! Could not find user for pubkey %s!\n' "${pubkey}" >&2
|
||||
printf 'Peer not found' | "${LIB_DIR}/http_res" 404; exit
|
||||
fi
|
||||
|
||||
# Get peer domains
|
||||
if ! peer="$("${LIB_DIR}/ips_to_peers" tsv <<<"${user_peer}" | grep "${pubkey}")"; then
|
||||
printf 'ERROR! Failed to lookup domain for pubkey %s!\n' "${pubkey}" >>"${LOGFILE}"
|
||||
printf 'ERROR! Failed to lookup domain for pubkey %s!\n' "${pubkey}" >&2
|
||||
"${LIB_DIR}/http_res" 500; exit
|
||||
fi
|
||||
domain="$(<<<"${peer}" cut -f1)"
|
||||
ipv4="$(<<<"${peer}" cut -f2)"
|
||||
ipv6="$(<<<"${peer}" cut -f3)"
|
||||
if ! printf 'Delete request was for %s %s %s\n' "${domain:?}" "${ipv4:?}" "${ipv6:?}" >>"${LOGFILE}"; then
|
||||
printf 'ERROR! Failed to collect peer data: %s %s %s\n' "${domain}" "${ipv4}" "${ipv6}" >>"${LOGFILE}"
|
||||
if ! printf 'Delete request was for %s %s %s\n' "${domain:?}" "${ipv4:?}" "${ipv6:?}" >&2; then
|
||||
printf 'ERROR! Failed to collect peer data: %s %s %s\n' "${domain}" "${ipv4}" "${ipv6}" >&2
|
||||
"${LIB_DIR}/http_res" 500; exit
|
||||
fi
|
||||
|
||||
# Make sure admin isn't deleting their own peer
|
||||
if [ "${ip}" == "${ipv4}" ] || [ "${ip}" == "${ipv6}" ]; then
|
||||
printf 'Admin requested to delete peer from itself: %s.\n' "${ip}" >>"${LOGFILE}"
|
||||
printf 'Admin requested to delete peer from itself: %s.\n' "${ip}" >&2
|
||||
printf 'You cannot delete a peer from itself!' | "${LIB_DIR}/http_res" 400; exit
|
||||
fi
|
||||
|
||||
|
@ -84,18 +84,18 @@ for_server_do() {
|
|||
server_endpoint="${5}"; server_admin="${6}"; server_secret="${7}"
|
||||
if [ "${server_hostname}" == "${LOCAL_SERVER}" ]; then
|
||||
if "${LIB_DIR}/wg_peer_del" "${pubkey}"; then
|
||||
printf 'Deleted %s from local wireguard server.\n' "${domain}" >>"${LOGFILE}"
|
||||
printf 'Deleted %s from local wireguard server.\n' "${domain}" >&2
|
||||
else
|
||||
printf 'ERROR! Failed to delete %s from local wireguard server!\n' "${domain}" >>"${LOGFILE}"
|
||||
printf 'ERROR! Failed to delete %s from local wireguard server!\n' "${domain}" >&2
|
||||
# TODO: clear existing progress
|
||||
"${LIB_DIR}/http_res" 500; exit
|
||||
fi
|
||||
# TODO Add federated peer
|
||||
#else
|
||||
# if "${LIB_DIR}/fed_peer_add" "${server_admin}" "${pubkey}" "${server_psk}" "${ipv4}/32,${ipv6}/128" "${server_secret}"; then
|
||||
# printf 'Deleted %s from remote wireguard server %s.\n' "${domain}" "${server_hostname}" >>"${LOGFILE}"
|
||||
# printf 'Deleted %s from remote wireguard server %s.\n' "${domain}" "${server_hostname}" >&2
|
||||
# else
|
||||
# printf 'ERROR! Failed to delete %s from remote wireguard server %s!\n' "${domain}" "${server_hostname}" >>"${LOGFILE}"
|
||||
# printf 'ERROR! Failed to delete %s from remote wireguard server %s!\n' "${domain}" "${server_hostname}" >&2
|
||||
# # TODO: Send a 500 error
|
||||
# # TODO: clear existing progress
|
||||
# exit 16
|
||||
|
@ -109,14 +109,14 @@ done <"${SERVERS_FILE}" &
|
|||
|
||||
# Update nameserver
|
||||
if "${LIB_DIR}/ns_update_del" "${domain:?}" "${ipv4:?}" "${ipv6:?}"
|
||||
then printf 'Successfully deleted %s from DNS server.\n' "${domain}" >>"${LOGFILE}"
|
||||
else printf 'ERROR! Failed to delete %s %s %s from DNS server!\n' "${domain}" "${ipv4}" "${ipv6}" >>"${LOGFILE}"
|
||||
then printf 'Successfully deleted %s from DNS server.\n' "${domain}" >&2
|
||||
else printf 'ERROR! Failed to delete %s %s %s from DNS server!\n' "${domain}" "${ipv4}" "${ipv6}" >&2
|
||||
fi &
|
||||
|
||||
# Delete SSL cert
|
||||
if "${LIB_DIR}/ssl_peer_del" "${hostname:?}" "${username:?}"
|
||||
then printf 'Successfully deleted SSL certs for %s\n' "${domain}" >>"${LOGFILE}"
|
||||
else printf 'ERROR! Failed to delete certs for %s!\n' "${domain}" >>"${LOGFILE}"
|
||||
then printf 'Successfully deleted SSL certs for %s\n' "${domain}" >&2
|
||||
else printf 'ERROR! Failed to delete certs for %s!\n' "${domain}" >&2
|
||||
fi
|
||||
|
||||
# Respond to user
|
||||
|
|
|
@ -6,36 +6,36 @@
|
|||
|
||||
CONFIG_FILE='/etc/wgapi/config'
|
||||
if ! [ ${#} -eq 2 ]; then # Two because even an empty string querystring will be counted
|
||||
printf 'ERROR! Bad input: %s %s\n' "${0}" "${*}" >>"${LOGFILE}"
|
||||
printf 'ERROR! Bad input: %s %s\n' "${0}" "${*}" >&2
|
||||
"${LIB_DIR}/http_res" 500; exit
|
||||
fi & if ! [ -x '/usr/bin/wg' ]; then
|
||||
printf 'ERROR! %s could not find /usr/bin/wg\n' "${0}" >>"${LOGFILE}"
|
||||
printf 'ERROR! %s could not find /usr/bin/wg\n' "${0}" >&2
|
||||
"${LIB_DIR}/http_res" 500; exit
|
||||
fi & if ! [ -f "${CONFIG_FILE}" ]; then
|
||||
printf 'ERROR! %s could not find %s!\n' "${0}" "${CONFIG_FILE}" >>"${LOGFILE}"
|
||||
printf 'ERROR! %s could not find %s!\n' "${0}" "${CONFIG_FILE}" >&2
|
||||
"${LIB_DIR}/http_res" 500; exit
|
||||
fi; source "${CONFIG_FILE}"
|
||||
if ! [ -f "${TOKENS_FILE}" ]; then
|
||||
printf 'ERROR! %s could not find %s!\n' "${0}" "${TOKENS_FILE}" >>"${LOGFILE}"
|
||||
printf 'ERROR! %s could not find %s!\n' "${0}" "${TOKENS_FILE}" >&2
|
||||
"${LIB_DIR}/http_res" 500; exit
|
||||
fi
|
||||
ip="${1}"
|
||||
qs="$(<<<"${2}" tr '&' '\n' | sed 's/?//')"
|
||||
un="$(<<<"${qs}" grep -oP 'un=(.*)' | sed 's/^un=//' | xargs)"
|
||||
|
||||
printf 'Admin %s requested peer listing...\n' "${ip}" >>"${LOGFILE}"
|
||||
printf 'Admin %s requested peer listing...\n' "${ip}" >&2
|
||||
|
||||
# Create token if needed
|
||||
token="$(grep "${ip}" "${TOKENS_FILE}" | cut -f2)"
|
||||
if [ "${token}" == "" ]; then
|
||||
printf 'Creating token for %s...\n' "${ip}" >>"${LOGFILE}"
|
||||
printf 'Creating token for %s...\n' "${ip}" >&2
|
||||
token="$(</dev/urandom tr -dc '[:alnum:]' | fold -w64 | head -n1)"
|
||||
printf '%s\t%s\n' "${ip}" "${token}" >>"${TOKENS_FILE}"
|
||||
fi
|
||||
|
||||
# Get peer IP list
|
||||
if ! peers="$(sudo /usr/bin/wg show "${TLD}" allowed-ips)"; then
|
||||
printf 'ERROR! Wireguard failed!\n' >>"${LOGFILE}"
|
||||
printf 'ERROR! Wireguard failed!\n' >&2
|
||||
"${LIB_DIR}/http_res" 500; exit
|
||||
fi
|
||||
|
||||
|
@ -43,7 +43,7 @@ fi
|
|||
if [ "${un}" != '' ]; then
|
||||
peers="$(grep "${IPV4_NET%.*.*}\.${un}\." <<<"${peers}" 2>/dev/null)"
|
||||
if [ "${peers}" == '' ]; then
|
||||
printf 'User number %s not found!\n' "${un}" >>"${LOGFILE}"
|
||||
printf 'User number %s not found!\n' "${un}" >&2
|
||||
printf 'User not found!\n' | "${LIB_DIR}/http_res" 404; exit
|
||||
fi
|
||||
fi
|
||||
|
@ -51,8 +51,8 @@ fi
|
|||
# Get domains for each peer
|
||||
if peers="[$("${LIB_DIR}/ips_to_peers" json <<<"${peers}")]"; then
|
||||
printf '{"token":"%s","peers":%s}' "${token:?}" "${peers:?}" | "${LIB_DIR}/http_res" 200 'application/json'
|
||||
printf 'Sent peers to admin %s\n' "${ip}" >>"${LOGFILE}"
|
||||
printf 'Sent peers to admin %s\n' "${ip}" >&2
|
||||
else
|
||||
printf 'ERROR: Failed to lookup user domain: %s\n' "${ip}" >>"${LOGFILE}"
|
||||
printf 'ERROR: Failed to lookup user domain: %s\n' "${ip}" >&2
|
||||
"${LIB_DIR}/http_res" 500; exit
|
||||
fi
|
||||
|
|
|
@ -7,21 +7,21 @@
|
|||
CONFIG_FILE='/etc/wgapi/config'
|
||||
SERVERS_FILE='/etc/wgapi/servers'
|
||||
if ! [ ${#} -eq 2 ]; then
|
||||
printf 'ERROR! Bad input: %s %s\n' "${0}" "${*}" >>"${LOGFILE}"
|
||||
printf 'ERROR! Bad input: %s %s\n' "${0}" "${*}" >&2
|
||||
"${LIB_DIR}/http_res" 500; exit
|
||||
fi & if ! [ -x '/usr/bin/wg' ]; then
|
||||
printf 'ERROR! %s could not find /usr/bin/wg\n' "${0}" >>"${LOGFILE}"
|
||||
printf 'ERROR! %s could not find /usr/bin/wg\n' "${0}" >&2
|
||||
"${LIB_DIR}/http_res" 500; exit
|
||||
fi & if ! [ -f "${CONFIG_FILE}" ]; then
|
||||
printf 'ERROR! %s could not find %s!\n' "${0}" "${CONFIG_FILE}" >>"${LOGFILE}"
|
||||
printf 'ERROR! %s could not find %s!\n' "${0}" "${CONFIG_FILE}" >&2
|
||||
"${LIB_DIR}/http_res" 500; exit
|
||||
fi
|
||||
source "${CONFIG_FILE}"
|
||||
if ! [ -f "${SERVERS_FILE}" ]; then
|
||||
printf 'ERROR! %s could not find %s!\n' "${0}" "${SERVERS_FILE}" >>"${LOGFILE}"
|
||||
printf 'ERROR! %s could not find %s!\n' "${0}" "${SERVERS_FILE}" >&2
|
||||
"${LIB_DIR}/http_res" 500; exit
|
||||
fi & if ! [ -f "${TOKENS_FILE}" ]; then
|
||||
printf 'ERROR! %s could not find %s!\n' "${0}" "${TOKENS_FILE}" >>"${LOGFILE}"
|
||||
printf 'ERROR! %s could not find %s!\n' "${0}" "${TOKENS_FILE}" >&2
|
||||
"${LIB_DIR}/http_res" 500; exit
|
||||
fi
|
||||
ip="${1}"
|
||||
|
@ -29,40 +29,40 @@ qs="$(<<<"${2}" tr '&' '\n' | sed 's/?//')"
|
|||
|
||||
# Check token
|
||||
token_fail(){
|
||||
printf 'Rejecting admin %s request for new peer due to %s token\n' "${ip}" "${1}" >>"${LOGFILE}"
|
||||
printf 'Rejecting admin %s request for new peer due to %s token\n' "${ip}" "${1}" >&2
|
||||
printf 'Invalid token\n' | "${LIB_DIR}/http_res" 403; exit
|
||||
}
|
||||
saved_token="$(grep "${ip}" "${TOKENS_FILE}" | cut -f2)"
|
||||
[ "${saved_token}" == "" ] && token_fail 'missing' &
|
||||
<<<"${qs}" grep -qx "t=${saved_token}" || token_fail 'mismatched'
|
||||
printf '%s token was valid\n' "${ip}" >>"${LOGFILE}"
|
||||
printf '%s token was valid\n' "${ip}" >&2
|
||||
|
||||
# Parse new hostname and new username
|
||||
hostname="$(<<<"${qs}" grep -oP 'host=(.*)' | sed 's/^host=//' | xargs | tr -dc 'a-z0-9' | head -c10)"
|
||||
username="$(<<<"${qs}" grep -oP 'user=(.*)' | sed 's/^user=//' | xargs | tr -dc 'a-z0-9' | head -c10)"
|
||||
if ! domain="${hostname:?}.${username:?}.${TLD:?}"; then
|
||||
printf 'ERROR! Hostname "%s" or username "%s" or tld "%s" missing!\n' "${hostname}" "${username}" "${TLD}" >>"${LOGFILE}"
|
||||
printf 'ERROR! Hostname "%s" or username "%s" or tld "%s" missing!\n' "${hostname}" "${username}" "${TLD}" >&2
|
||||
printf 'Hostname or username missing!\n' | "${LIB_DIR}/http_res" 400; exit
|
||||
else
|
||||
printf 'Admin %s requested new user created with initial peer of %s\n' "${ip}" "${domain}" >>"${LOGFILE}"
|
||||
printf 'Admin %s requested new user created with initial peer of %s\n' "${ip}" "${domain}" >&2
|
||||
fi
|
||||
if ! [[ ${#hostname} -ge 3 ]]; then
|
||||
printf 'Rejecting hostname %s because it is too short.\n' "${hostname}" >>"${LOGFILE}"
|
||||
printf 'Rejecting hostname %s because it is too short.\n' "${hostname}" >&2
|
||||
printf 'Hostname too short\n' | "${LIB_DIR}/http_res" 400; exit
|
||||
elif ! [[ ${#username} -ge 3 ]]; then
|
||||
printf 'Rejecting username %s because it is too short.\n' "${username}" >>"${LOGFILE}"
|
||||
printf 'Rejecting username %s because it is too short.\n' "${username}" >&2
|
||||
printf 'Username too short\n' | "${LIB_DIR}/http_res" 400; exit
|
||||
fi
|
||||
|
||||
# Check if user already exists
|
||||
if "${LIB_DIR}/ns_lookup_rxfr" | grep ".${username}.${TLD}" >/dev/null; then
|
||||
printf 'User %s already exists!\n' "${username}" | tee -a "${LOGFILE}" | "${LIB_DIR}/http_res" 409
|
||||
printf 'User %s already exists!\n' "${username}" | tee >(cat 1>&2) | "${LIB_DIR}/http_res" 409
|
||||
exit
|
||||
fi
|
||||
|
||||
# Get all peer IPs
|
||||
if ! peers="$(sudo /usr/bin/wg show "${TLD}" allowed-ips)"; then
|
||||
printf 'ERROR! Wireguard failed!\n' >>"${LOGFILE}"
|
||||
printf 'ERROR! Wireguard failed!\n' >&2
|
||||
"${LIB_DIR}/http_res" 500; exit
|
||||
fi
|
||||
|
||||
|
@ -77,9 +77,8 @@ usernumber=1; while <<<"${used_usernumbers}" grep -q "${usernumber}"
|
|||
done
|
||||
ipv4="${IPV4_NET%.*.*}.${usernumber}.${hostnumber}"
|
||||
ipv6="${IPV6_NET%:*:*}:${usernumber}:${hostnumber}"
|
||||
if ! printf 'IP addresses for %s created: %s %s\n' "${domain:?}" "${ipv4:?}" "${ipv6:?}" \
|
||||
>>"${LOGFILE}"; then
|
||||
printf 'ERROR! Failed to create IP addresses for %s!' "${domain}" >>"${LOGFILE}"
|
||||
if ! printf 'IP addresses for %s created: %s %s\n' "${domain:?}" "${ipv4:?}" "${ipv6:?}" >&2; then
|
||||
printf 'ERROR! Failed to create IP addresses for %s!' "${domain}" >&2
|
||||
"${LIB_DIR}/http_res" 500; exit
|
||||
fi
|
||||
|
||||
|
@ -90,18 +89,18 @@ address="${ipv4}/${IPV4_NET##*/},${ipv6}/${IPV6_NET##*/}"
|
|||
|
||||
# Update nameserver
|
||||
if "${LIB_DIR}/ns_update_add" "${domain:?}" "${ipv4:?}" "${ipv6:?}"
|
||||
then printf 'Successfully added %s to DNS server.\n' "${domain}" >>"${LOGFILE}"
|
||||
else printf 'ERROR! Failed to add %s %s %s to DNS server!\n' "${domain}" "${ipv4}" "${ipv6}" >>"${LOGFILE}"
|
||||
then printf 'Successfully added %s to DNS server.\n' "${domain}" >&2
|
||||
else printf 'ERROR! Failed to add %s %s %s to DNS server!\n' "${domain}" "${ipv4}" "${ipv6}" >&2
|
||||
fi &
|
||||
|
||||
# Create SSL cert
|
||||
if ! sudo mkdir "${SSL_CONFIG_DIR:?}/${username:?}/"; then
|
||||
printf 'Failed to create directory %s/%s/:\n' "${SSL_CONFIG_DIR}" "${username}" >>"${LOGFILE}"
|
||||
printf 'Failed to create directory %s/%s/:\n' "${SSL_CONFIG_DIR}" "${username}" >&2
|
||||
"${LIB_DIR}/http_res" 500; exit
|
||||
fi
|
||||
if "${LIB_DIR}/ssl_peer_add" "${hostname:?}" "${username:?}" "IP:${ipv4},IP:${ipv6}"
|
||||
then printf 'Successfully signed SSL certs for %s\n' "${domain}" >>"${LOGFILE}"
|
||||
else printf 'ERROR! Failed to create certs for %s with IPS: %s %s!\n' "${domain}" "${ipv4}" "${ipv6}" >>"${LOGFILE}"
|
||||
then printf 'Successfully signed SSL certs for %s\n' "${domain}" >&2
|
||||
else printf 'ERROR! Failed to create certs for %s with IPS: %s %s!\n' "${domain}" "${ipv4}" "${ipv6}" >&2
|
||||
fi
|
||||
|
||||
# Do the wireguard and tell the user
|
||||
|
@ -114,9 +113,9 @@ while IFS=$'\t' read -r server_hostname server_ipv4 server_ipv6 server_pubkey se
|
|||
server_blocks="${server_blocks}\n[Peer] # ${server_hostname}.${TLD}\nPublicKey=${server_pubkey}\nPresharedKey=${server_psk}\nAllowedIPs=${server_ipv4}/${IPV4_NET#*/},${server_ipv6}/${IPV6_NET#*/}\nEndpoint=${server_endpoint}\n"
|
||||
# Add new user to local wireguard
|
||||
if "${LIB_DIR}/wg_peer_add" "${pubkey}" "${server_psk}" "${ipv4}/32,${ipv6}/128"; then
|
||||
printf 'Added %s to local wireguard server.\n' "${domain}" >>"${LOGFILE}"
|
||||
printf 'Added %s to local wireguard server.\n' "${domain}" >&2
|
||||
else
|
||||
printf 'ERROR! Failed to add %s to local wireguard server!\n' "${domain}" >>"${LOGFILE}"
|
||||
printf 'ERROR! Failed to add %s to local wireguard server!\n' "${domain}" >&2
|
||||
# TODO: clear existing progress
|
||||
"${LIB_DIR}/http_res" 500; exit
|
||||
fi
|
||||
|
@ -125,9 +124,9 @@ while IFS=$'\t' read -r server_hostname server_ipv4 server_ipv6 server_pubkey se
|
|||
server_blocks="${server_blocks}\n[Peer] # ${server_hostname}.${TLD}\nPublicKey=${server_pubkey}\nPresharedKey=${server_psk}\nAllowedIPs=${server_ipv4}/32,${server_ipv6}/128\nEndpoint=${server_endpoint}\n"
|
||||
# Send new user config to federated server
|
||||
if "${LIB_DIR}/fed_peer_add" "${server_admin}" "${pubkey}" "${server_psk}" "${ipv4}/32,${ipv6}/128" "${server_secret}"; then
|
||||
printf 'Sent %s to remote wireguard server %s.\n' "${domain}" "${server_hostname}" >>"${LOGFILE}"
|
||||
printf 'Sent %s to remote wireguard server %s.\n' "${domain}" "${server_hostname}" >&2
|
||||
else
|
||||
printf 'ERROR! Failed to send %s to remote wireguard server %s!\n' "${domain}" "${server_hostname}" >>"${LOGFILE}"
|
||||
printf 'ERROR! Failed to send %s to remote wireguard server %s!\n' "${domain}" "${server_hostname}" >&2
|
||||
fi
|
||||
fi
|
||||
done <"${SERVERS_FILE}"
|
||||
|
|
|
@ -7,21 +7,21 @@
|
|||
CONFIG_FILE='/etc/wgapi/config'
|
||||
SERVERS_FILE='/etc/wgapi/servers'
|
||||
if ! [ ${#} -eq 2 ]; then
|
||||
printf 'ERROR! Bad input: %s %s\n' "${0}" "${*}" >>"${LOGFILE}"
|
||||
printf 'ERROR! Bad input: %s %s\n' "${0}" "${*}" >&2
|
||||
"${LIB_DIR}/http_res" 500; exit
|
||||
fi & if ! [ -x '/usr/bin/wg' ]; then
|
||||
printf 'ERROR! %s could not find /usr/bin/wg\n' "${0}" >>"${LOGFILE}"
|
||||
printf 'ERROR! %s could not find /usr/bin/wg\n' "${0}" >&2
|
||||
"${LIB_DIR}/http_res" 500; exit
|
||||
fi & if ! [ -f "${CONFIG_FILE}" ]; then
|
||||
printf 'ERROR! %s could not find %s!\n' "${0}" "${CONFIG_FILE}" >>"${LOGFILE}"
|
||||
printf 'ERROR! %s could not find %s!\n' "${0}" "${CONFIG_FILE}" >&2
|
||||
"${LIB_DIR}/http_res" 500; exit
|
||||
fi
|
||||
source "${CONFIG_FILE}"
|
||||
if ! [ -f "${SERVERS_FILE}" ]; then
|
||||
printf 'ERROR! %s could not find %s!\n' "${0}" "${SERVERS_FILE}" >>"${LOGFILE}"
|
||||
printf 'ERROR! %s could not find %s!\n' "${0}" "${SERVERS_FILE}" >&2
|
||||
"${LIB_DIR}/http_res" 500; exit
|
||||
fi & if ! [ -f "${TOKENS_FILE}" ]; then
|
||||
printf 'ERROR! %s could not find %s!\n' "${0}" "${TOKENS_FILE}" >>"${LOGFILE}"
|
||||
printf 'ERROR! %s could not find %s!\n' "${0}" "${TOKENS_FILE}" >&2
|
||||
"${LIB_DIR}/http_res" 500; exit
|
||||
fi
|
||||
ip="${1}"
|
||||
|
@ -29,41 +29,41 @@ qs="$(<<<"${2}" tr '&' '\n' | sed 's/?//')"
|
|||
|
||||
# Check token
|
||||
token_fail(){
|
||||
printf 'Rejecting admin %s request for new peer due to %s token\n' "${ip}" "${1}" >>"${LOGFILE}"
|
||||
printf 'Rejecting admin %s request for new peer due to %s token\n' "${ip}" "${1}" >&2
|
||||
printf 'Invalid token\n' | "${LIB_DIR}/http_res" 403; exit
|
||||
}
|
||||
saved_token="$(grep "${ip}" "${TOKENS_FILE}" | cut -f2)"
|
||||
[ "${saved_token}" == "" ] && token_fail 'missing' &
|
||||
<<<"${qs}" grep -qx "t=${saved_token}" || token_fail 'mismatched'
|
||||
printf '%s token was valid\n' "${ip}" >>"${LOGFILE}"
|
||||
printf '%s token was valid\n' "${ip}" >&2
|
||||
|
||||
# Check username and usernumber
|
||||
username="$(<<<"${qs}" grep -oP 'user=(.*)' | sed 's/^user=//')"
|
||||
usernumber="$(<<<"${qs}" grep -oP 'un=(.*)' | sed 's/^un=//')"
|
||||
if [[ "${username}" == "" ]]; then
|
||||
printf 'ERROR! Username missing!\n' | tee -a "${LOGFILE}" | "${LIB_DIR}/http_res" 400; exit
|
||||
printf 'ERROR! Username missing!\n' | tee >(cat 1>&2) | "${LIB_DIR}/http_res" 400; exit
|
||||
elif [[ "${usernumber}" == "" ]]; then
|
||||
printf 'ERROR! Usernumber missing!\n' | tee -a "${LOGFILE}" |"${LIB_DIR}/http_res" 400; exit
|
||||
printf 'ERROR! Usernumber missing!\n' | tee >(cat 1>&2) |"${LIB_DIR}/http_res" 400; exit
|
||||
else
|
||||
printf 'Admin %s requested deletion of user "%s" with usernumber "%s"\n' "${ip}" "${username}" "${usernumber}" >>"${LOGFILE}"
|
||||
printf 'Admin %s requested deletion of user "%s" with usernumber "%s"\n' "${ip}" "${username}" "${usernumber}" >&2
|
||||
fi
|
||||
|
||||
# Get all peer IPs
|
||||
if ! wg_output="$(sudo /usr/bin/wg show "${TLD}" allowed-ips)"; then
|
||||
printf 'ERROR! Wireguard failed!\n' >>"${LOGFILE}"
|
||||
printf 'ERROR! Wireguard failed!\n' >&2
|
||||
"${LIB_DIR}/http_res" 500; exit
|
||||
fi
|
||||
|
||||
# Filter out the user's
|
||||
user_peers="$(grep "${IPV4_NET%.*.*}.${usernumber}." <<<"${wg_output}" 2>/dev/null)"
|
||||
if [ "${user_peers}" == "" ]; then
|
||||
printf "ERROR! Couldn't find any peers for %s!\n" "${IPV4_NET%.*.*}.${usernumber}." >>"${LOGFILE}"
|
||||
printf "ERROR! Couldn't find any peers for %s!\n" "${IPV4_NET%.*.*}.${usernumber}." >&2
|
||||
"${LIB_DIR}/http_res" 500; exit
|
||||
fi
|
||||
|
||||
# Get user peer domains
|
||||
if ! peers="$("${LIB_DIR}/ips_to_peers" tsv <<<"${user_peers}")"; then
|
||||
printf 'ERROR! Failed to retrieve domains for peers for %s!\n' "${IPV4_NET%.*.*}.${usernumber}" >>"${LOGFILE}"
|
||||
printf 'ERROR! Failed to retrieve domains for peers for %s!\n' "${IPV4_NET%.*.*}.${usernumber}" >&2
|
||||
"${LIB_DIR}/http_res" 500; exit
|
||||
fi
|
||||
|
||||
|
@ -75,18 +75,18 @@ for_server_do() {
|
|||
server_endpoint="${5}"; server_admin="${6}"; server_secret="${7}"
|
||||
if [ "${server_hostname}" == "${LOCAL_SERVER}" ]; then
|
||||
if "${LIB_DIR}/wg_peer_del" "${pubkey}"; then
|
||||
printf 'Deleted %s from local wireguard server.\n' "${domain}" >>"${LOGFILE}"
|
||||
printf 'Deleted %s from local wireguard server.\n' "${domain}" >&2
|
||||
else
|
||||
printf 'ERROR! Failed to delete %s from local wireguard server!\n' "${domain}" >>"${LOGFILE}"
|
||||
printf 'ERROR! Failed to delete %s from local wireguard server!\n' "${domain}" >&2
|
||||
# TODO: clear existing progress
|
||||
"${LIB_DIR}/http_res" 500; exit
|
||||
fi
|
||||
# TODO Delete federated peer
|
||||
#else
|
||||
# if "${LIB_DIR}/fed_peer_del" "${server_admin}" "${pubkey}" "${server_psk}" "${ipv4}/32,${ipv6}/128" "${server_secret}"; then
|
||||
# printf 'Deleted %s from remote wireguard server %s.\n' "${domain}" "${server_hostname}" >>"${LOGFILE}"
|
||||
# printf 'Deleted %s from remote wireguard server %s.\n' "${domain}" "${server_hostname}" >&2
|
||||
# else
|
||||
# printf 'ERROR! Failed to delete %s from remote wireguard server %s!\n' "${domain}" "${server_hostname}" >>"${LOGFILE}"
|
||||
# printf 'ERROR! Failed to delete %s from remote wireguard server %s!\n' "${domain}" "${server_hostname}" >&2
|
||||
# # TODO: Send a 500 error
|
||||
# # TODO: clear existing progress
|
||||
# exit 16
|
||||
|
@ -98,7 +98,7 @@ for_server_do() {
|
|||
delete_peer() {
|
||||
domain="${1}"; ipv4="${2}"; ipv6="${3}"; pubkey="${4}"
|
||||
username="$(<<<"${domain}" cut -d'.' -f2)"
|
||||
printf 'Deleting peer %s\n' "${domain}" >> "${LOGFILE}"
|
||||
printf 'Deleting peer %s\n' "${domain}" >&2
|
||||
|
||||
# Remove peer from wireguard
|
||||
while IFS=$'\t' read -r server_hostname server_ipv4 server_ipv6 server_pubkey server_endpoint server_admin server_secret
|
||||
|
@ -109,8 +109,8 @@ delete_peer() {
|
|||
|
||||
# Remove peer from nameserver
|
||||
if "${LIB_DIR}/ns_update_del" "${domain:?}" "${ipv4:?}" "${ipv6:?}"
|
||||
then printf 'Successfully deleted %s from DNS server.\n' "${domain}" >>"${LOGFILE}"
|
||||
else printf 'ERROR! Failed to delete %s %s %s from DNS server!\n' "${domain}" "${ipv4}" "${ipv6}" >>"${LOGFILE}"
|
||||
then printf 'Successfully deleted %s from DNS server.\n' "${domain}" >&2
|
||||
else printf 'ERROR! Failed to delete %s %s %s from DNS server!\n' "${domain}" "${ipv4}" "${ipv6}" >&2
|
||||
fi
|
||||
}
|
||||
printf '%s\n' "${peers}" | while IFS=$'\t' read -r domain ipv4 ipv6 pubkey
|
||||
|
@ -120,7 +120,7 @@ done
|
|||
|
||||
# Delete SSL cert directory
|
||||
if ! sudo rm -rf "${SSL_CONFIG_DIR:?}/${username:?}/"; then
|
||||
printf 'Failed to delete user SSL directory %s/%s/:\n' "${SSL_CONFIG_DIR}" "${username}" >>"${LOGFILE}"
|
||||
printf 'Failed to delete user SSL directory %s/%s/:\n' "${SSL_CONFIG_DIR}" "${username}" >&2
|
||||
fi
|
||||
|
||||
# Respond to user
|
||||
|
|
|
@ -7,21 +7,21 @@
|
|||
CONFIG_FILE='/etc/wgapi/config'
|
||||
SERVERS_FILE='/etc/wgapi/servers'
|
||||
if ! [ ${#} -eq 2 ]; then
|
||||
printf 'ERROR! Bad input: %s %s\n' "${0}" "${*}" >>"${LOGFILE}"
|
||||
printf 'ERROR! Bad input: %s %s\n' "${0}" "${*}" >&2
|
||||
"${LIB_DIR}/http_res" 500; exit
|
||||
fi & if ! [ -x '/usr/bin/wg' ]; then
|
||||
printf 'ERROR! %s could not find /usr/bin/wg\n' "${0}" >>"${LOGFILE}"
|
||||
printf 'ERROR! %s could not find /usr/bin/wg\n' "${0}" >&2
|
||||
"${LIB_DIR}/http_res" 500; exit
|
||||
fi & if ! [ -f "${CONFIG_FILE}" ]; then
|
||||
printf 'ERROR! %s could not find %s!\n' "${0}" "${CONFIG_FILE}" >>"${LOGFILE}"
|
||||
printf 'ERROR! %s could not find %s!\n' "${0}" "${CONFIG_FILE}" >&2
|
||||
"${LIB_DIR}/http_res" 500; exit
|
||||
fi
|
||||
source "${CONFIG_FILE}"
|
||||
if ! [ -f "${SERVERS_FILE}" ]; then
|
||||
printf 'ERROR! %s could not find %s!\n' "${0}" "${SERVERS_FILE}" >>"${LOGFILE}"
|
||||
printf 'ERROR! %s could not find %s!\n' "${0}" "${SERVERS_FILE}" >&2
|
||||
"${LIB_DIR}/http_res" 500; exit
|
||||
fi & if ! [ -f "${TOKENS_FILE}" ]; then
|
||||
printf 'ERROR! %s could not find %s!\n' "${0}" "${TOKENS_FILE}" >>"${LOGFILE}"
|
||||
printf 'ERROR! %s could not find %s!\n' "${0}" "${TOKENS_FILE}" >&2
|
||||
"${LIB_DIR}/http_res" 500; exit
|
||||
fi
|
||||
ip="${1}"
|
||||
|
@ -29,47 +29,47 @@ qs="$(<<<"${2}" tr '&' '\n' | sed 's/?//')"
|
|||
|
||||
# Parse pubkey
|
||||
pubkey="$(<<<"${qs#}" grep 'pubkey=' | sed 's/pubkey=//')"
|
||||
printf '%s requested to delete %s\n' "${ip}" "${pubkey:?}" >>"${LOGFILE}"
|
||||
printf '%s requested to delete %s\n' "${ip}" "${pubkey:?}" >&2
|
||||
|
||||
# Check token
|
||||
token_fail(){
|
||||
printf 'Rejecting %s request to delete peer due to %s token\n' "${ip}" "${1}" >>"${LOGFILE}"
|
||||
printf 'Rejecting %s request to delete peer due to %s token\n' "${ip}" "${1}" >&2
|
||||
printf 'Invalid token\n' | "${LIB_DIR}/http_res" 403; exit
|
||||
}
|
||||
saved_token="$(grep "${ip}" "${TOKENS_FILE}" | cut -f2)"
|
||||
[ "${saved_token}" == "" ] && token_fail 'missing' &
|
||||
<<<"${qs}" grep -qx "t=${saved_token}" || token_fail 'mismatched'
|
||||
printf '%s token was valid\n' "${ip}" >>"${LOGFILE}"
|
||||
printf '%s token was valid\n' "${ip}" >&2
|
||||
|
||||
# Get peer IP list
|
||||
if ! wg_output="$(sudo /usr/bin/wg show "${TLD}" allowed-ips)"; then
|
||||
printf 'ERROR! Wireguard failed!\n' >>"${LOGFILE}"
|
||||
printf 'ERROR! Wireguard failed!\n' >&2
|
||||
"${LIB_DIR}/http_res" 500; exit
|
||||
fi
|
||||
|
||||
# Filter out this user's
|
||||
user_peers="$(grep "${ip%[.:]*}" <<<"${wg_output}" 2>/dev/null)"
|
||||
if [ "${user_peers}" == "" ]; then
|
||||
printf "ERROR! %s accessed the dashboard but isn't on the network!\n" "${ip}" >>"${LOGFILE}"
|
||||
printf "ERROR! %s accessed the dashboard but isn't on the network!\n" "${ip}" >&2
|
||||
"${LIB_DIR}/http_res" 500; exit
|
||||
fi
|
||||
|
||||
# Get peer domains
|
||||
if ! peer="$("${LIB_DIR}/ips_to_peers" tsv <<<"${user_peers}" | grep "${pubkey}")"; then
|
||||
printf 'ERROR! Peer %s not found for user %s!\n' "${pubkey}" "${ip}" >>"${LOGFILE}" &
|
||||
printf 'ERROR! Peer %s not found for user %s!\n' "${pubkey}" "${ip}" >&2 &
|
||||
printf 'Peer not found\n' | "${LIB_DIR}/http_res" 404; exit
|
||||
fi
|
||||
domain="$(<<<"${peer}" cut -f1)"
|
||||
ipv4="$(<<<"${peer}" cut -f2)"
|
||||
ipv6="$(<<<"${peer}" cut -f3)"
|
||||
if ! printf 'Delete request was for %s %s %s\n' "${domain:?}" "${ipv4:?}" "${ipv6:?}" >>"${LOGFILE}"; then
|
||||
printf 'ERROR! Failed to collect peer data: %s %s %s\n' "${domain}" "${ipv4}" "${ipv6}" >>"${LOGFILE}" &
|
||||
if ! printf 'Delete request was for %s %s %s\n' "${domain:?}" "${ipv4:?}" "${ipv6:?}" >&2; then
|
||||
printf 'ERROR! Failed to collect peer data: %s %s %s\n' "${domain}" "${ipv4}" "${ipv6}" >&2 &
|
||||
"${LIB_DIR}/http_res" 500; exit
|
||||
fi
|
||||
|
||||
# Make sure user isn't deleting their own peer
|
||||
if [ "${ip}" == "${ipv4}" ] || [ "${ip}" == "${ipv6}" ]; then
|
||||
printf 'User requested to delete peer from itself: %s.\n' "${ip}" >>"${LOGFILE}"
|
||||
printf 'User requested to delete peer from itself: %s.\n' "${ip}" >&2
|
||||
printf 'You cannot delete a peer from itself!' | "${LIB_DIR}/http_res" 400; exit
|
||||
fi
|
||||
|
||||
|
@ -85,18 +85,18 @@ for_server_do() {
|
|||
server_endpoint="${5}"; server_admin="${6}"; server_secret="${7}"
|
||||
if [ "${server_hostname}" == "${LOCAL_SERVER}" ]; then
|
||||
if "${LIB_DIR}/wg_peer_del" "${pubkey}"; then
|
||||
printf 'Deleted %s from local wireguard server.\n' "${domain}" >>"${LOGFILE}"
|
||||
printf 'Deleted %s from local wireguard server.\n' "${domain}" >&2
|
||||
else
|
||||
printf 'ERROR! Failed to delete %s from local wireguard server!\n' "${domain}" >>"${LOGFILE}"
|
||||
printf 'ERROR! Failed to delete %s from local wireguard server!\n' "${domain}" >&2
|
||||
# TODO: clear existing progress
|
||||
"${LIB_DIR}/http_res" 500; exit
|
||||
fi
|
||||
# TODO Add federated peer
|
||||
#else
|
||||
# if "${LIB_DIR}/fed_peer_add" "${server_admin}" "${pubkey}" "${server_psk}" "${ipv4}/32,${ipv6}/128" "${server_secret}"; then
|
||||
# printf 'Deleted %s from remote wireguard server %s.\n' "${domain}" "${server_hostname}" >>"${LOGFILE}"
|
||||
# printf 'Deleted %s from remote wireguard server %s.\n' "${domain}" "${server_hostname}" >&2
|
||||
# else
|
||||
# printf 'ERROR! Failed to delete %s from remote wireguard server %s!\n' "${domain}" "${server_hostname}" >>"${LOGFILE}"
|
||||
# printf 'ERROR! Failed to delete %s from remote wireguard server %s!\n' "${domain}" "${server_hostname}" >&2
|
||||
# # TODO: Send a 500 error
|
||||
# # TODO: clear existing progress
|
||||
# exit 16
|
||||
|
@ -110,14 +110,14 @@ done <"${SERVERS_FILE}" &
|
|||
|
||||
# Update nameserver
|
||||
if "${LIB_DIR}/ns_update_del" "${domain:?}" "${ipv4:?}" "${ipv6:?}"
|
||||
then printf 'Successfully deleted %s from DNS server.\n' "${domain}" >>"${LOGFILE}"
|
||||
else printf 'ERROR! Failed to delete %s %s %s from DNS server!\n' "${domain}" "${ipv4}" "${ipv6}" >>"${LOGFILE}"
|
||||
then printf 'Successfully deleted %s from DNS server.\n' "${domain}" >&2
|
||||
else printf 'ERROR! Failed to delete %s %s %s from DNS server!\n' "${domain}" "${ipv4}" "${ipv6}" >&2
|
||||
fi &
|
||||
|
||||
# Create SSL cert
|
||||
if "${LIB_DIR}/ssl_peer_del" "${hostname:?}" "${username:?}"
|
||||
then printf 'Successfully deleted SSL certs for %s\n' "${domain}" >>"${LOGFILE}"
|
||||
else printf 'ERROR! Failed to delete certs for %s!\n' "${domain}" >>"${LOGFILE}"
|
||||
then printf 'Successfully deleted SSL certs for %s\n' "${domain}" >&2
|
||||
else printf 'ERROR! Failed to delete certs for %s!\n' "${domain}" >&2
|
||||
fi
|
||||
|
||||
# Respond to user
|
||||
|
|
|
@ -5,49 +5,49 @@
|
|||
|
||||
CONFIG_FILE='/etc/wgapi/config'
|
||||
if ! [ ${#} -eq 1 ]; then
|
||||
printf 'ERROR! Bad input: %s %s\n' "${0}" "${*}" >>"${LOGFILE}"
|
||||
printf 'ERROR! Bad input: %s %s\n' "${0}" "${*}" >&2
|
||||
"${LIB_DIR}/http_res" 500; exit
|
||||
fi & if ! [ -x '/usr/bin/wg' ]; then
|
||||
printf 'ERROR! %s could not find /usr/bin/wg\n' "${0}" >>"${LOGFILE}"
|
||||
printf 'ERROR! %s could not find /usr/bin/wg\n' "${0}" >&2
|
||||
"${LIB_DIR}/http_res" 500; exit
|
||||
fi & if ! [ -f "${CONFIG_FILE}" ]; then
|
||||
printf 'ERROR! %s could not find %s!\n' "${0}" "${CONFIG_FILE}" >>"${LOGFILE}"
|
||||
printf 'ERROR! %s could not find %s!\n' "${0}" "${CONFIG_FILE}" >&2
|
||||
"${LIB_DIR}/http_res" 500; exit
|
||||
fi
|
||||
source "${CONFIG_FILE}"
|
||||
if ! [ -f "${TOKENS_FILE}" ]; then
|
||||
printf 'ERROR! %s could not find %s!\n' "${0}" "${TOKENS_FILE}" >>"${LOGFILE}"
|
||||
printf 'ERROR! %s could not find %s!\n' "${0}" "${TOKENS_FILE}" >&2
|
||||
"${LIB_DIR}/http_res" 500; exit
|
||||
fi
|
||||
ip="${1}"
|
||||
printf '%s requested peer listing...\n' "${ip}" >>"${LOGFILE}"
|
||||
printf '%s requested peer listing...\n' "${ip}" >&2
|
||||
|
||||
# Create token if needed
|
||||
token="$(grep "${ip}" "${TOKENS_FILE}" | cut -f2)"
|
||||
if [ "${token}" == "" ]; then
|
||||
printf 'Creating token for %s...\n' "${ip}" >>"${LOGFILE}"
|
||||
printf 'Creating token for %s...\n' "${ip}" >&2
|
||||
token="$(</dev/urandom tr -dc '[:alnum:]' | fold -w 64 | head -n 1)"
|
||||
printf '%s\t%s\n' "${ip}" "${token}" >>"${TOKENS_FILE}"
|
||||
fi
|
||||
|
||||
# Get peer IP list
|
||||
if ! wg_output="$(sudo /usr/bin/wg show "${TLD}" allowed-ips)"; then
|
||||
printf 'ERROR! Wireguard failed!\n' >>"${LOGFILE}"
|
||||
printf 'ERROR! Wireguard failed!\n' >&2
|
||||
"${LIB_DIR}/http_res" 500; exit
|
||||
fi
|
||||
|
||||
# Filter out this user's
|
||||
user_peers="$(grep "${ip%[.:]*}" <<<"${wg_output}" 2>/dev/null)"
|
||||
if [ "${user_peers}" == '' ]; then
|
||||
printf "ERROR! %s accessed the dashboard but isn't on the network!\n" "${ip}" >>"${LOGFILE}"
|
||||
printf "ERROR! %s accessed the dashboard but isn't on the network!\n" "${ip}" >&2
|
||||
printf 'User not found!\n' | "${LIB_DIR}/http_res" 403; exit
|
||||
fi
|
||||
|
||||
# Get domains for each one
|
||||
if peers="[$("${LIB_DIR}/ips_to_peers" json <<<"${user_peers}")]"; then
|
||||
printf '{"token":"%s","peers":%s}' "${token}" "${peers}" | "${LIB_DIR}/http_res" 200 'application/json'
|
||||
printf 'Sent peers to user %s\n' "${ip}" >>"${LOGFILE}"
|
||||
printf 'Sent peers to user %s\n' "${ip}" >&2
|
||||
else
|
||||
printf 'ERROR: Failed to lookup domains for user: %s\n' "${ip}" >>"${LOGFILE}"
|
||||
printf 'ERROR: Failed to lookup domains for user: %s\n' "${ip}" >&2
|
||||
"${LIB_DIR}/http_res" 500; exit
|
||||
fi
|
||||
|
|
|
@ -6,10 +6,10 @@
|
|||
|
||||
CONFIG_FILE='/etc/wgapi/config'
|
||||
if ! [ ${#} -eq 2 ]; then
|
||||
printf 'ERROR! Bad input: %s %s\n' "${0}" "${*}" >>"${LOGFILE}"
|
||||
printf 'ERROR! Bad input: %s %s\n' "${0}" "${*}" >&2
|
||||
"${LIB_DIR}/http_res" 500; exit
|
||||
fi & if ! [ -f "${CONFIG_FILE}" ]; then
|
||||
printf 'ERROR! %s could not find %s!\n' "${0}" "${CONFIG_FILE}" >>"${LOGFILE}"
|
||||
printf 'ERROR! %s could not find %s!\n' "${0}" "${CONFIG_FILE}" >&2
|
||||
"${LIB_DIR}/http_res" 500; exit
|
||||
fi
|
||||
source "${CONFIG_FILE}"
|
||||
|
@ -21,43 +21,43 @@ hostname="$(<<<"${qs}" grep -oP 'host=(.*)' | sed 's/^host=//' | xargs)"
|
|||
ext="$(<<<"${qs}" grep -oP 'ext=(.*)' | sed 's/^ext=//' | xargs)"
|
||||
|
||||
if ! file="${hostname:?}/server.${ext:?}"; then
|
||||
printf 'ERROR! Hostname "%s" or extension "%s" missing!\n' "${hostname}" "${ext}" >>"${LOGFILE}"
|
||||
printf 'ERROR! Hostname "%s" or extension "%s" missing!\n' "${hostname}" "${ext}" >&2
|
||||
printf 'Hostname or extension missing!\n' | "${LIB_DIR}/http_res" 400; exit
|
||||
else
|
||||
printf 'User %s requested SSL file %s\n' "${ip}" "${file}" >>"${LOGFILE}"
|
||||
printf 'User %s requested SSL file %s\n' "${ip}" "${file}" >&2
|
||||
fi
|
||||
|
||||
# Make sure extension is 'crt' or 'key'
|
||||
if [ "${ext}" != 'crt' ] && [ "${ext}" != 'key' ]; then
|
||||
printf 'Invalid extension: %s\n' "${ext}"| tee -a "${LOGFILE}" | "${LIB_DIR}/http_res" 400; exit
|
||||
printf 'Invalid extension: %s\n' "${ext}" | tee >(cat 1>&2) | "${LIB_DIR}/http_res" 400; exit
|
||||
fi
|
||||
|
||||
# Get username
|
||||
if ! domain="$("${LIB_DIR}/ns_lookup_rdns" "${ip}")"; then
|
||||
printf 'ERROR! Failed to lookup domain from user IP %s\n' "${ip}" | tee -a "${LOGFILE}" | "${LIB_DIR}/http_res" 500
|
||||
printf 'ERROR! Failed to lookup domain from user IP %s\n' "${ip}" | tee >(cat 1>&2) | "${LIB_DIR}/http_res" 500
|
||||
exit 7
|
||||
fi; if ! username="$(<<<"${domain}" cut -d'.' -f2)"; then
|
||||
printf 'ERROR! Failed to parse username from domain "%s"\n' "${domain}" >>"${LOGFILE}"
|
||||
printf 'ERROR! Failed to parse username from domain "%s"\n' "${domain}" >&2
|
||||
"${LIB_DIR}/http_res" 500; exit
|
||||
else
|
||||
printf 'User %s is "%s"\n' "${ip}" "${username}" >>"${LOGFILE}"
|
||||
printf 'User %s is "%s"\n' "${ip}" "${username}" >&2
|
||||
fi
|
||||
|
||||
if ! path="${SSL_CONFIG_DIR:?}/${username:?}/${file}"; then
|
||||
printf 'ERROR! Username "%s" or SSL_CONFIG_DIR "%s" missing!\n' "${username}" "${SSL_CONFIG_DIR}" >> "${LOGFILE}"
|
||||
printf 'ERROR! Username "%s" or SSL_CONFIG_DIR "%s" missing!\n' "${username}" "${SSL_CONFIG_DIR}" >&2
|
||||
"${LIB_DIR}/http_res" 500; exit
|
||||
fi
|
||||
|
||||
# Check that the file exists
|
||||
if ! [ -f "${path}" ]; then
|
||||
printf 'ERROR! File missing: "%s"\n' "${path}" >>"${LOGFILE}"
|
||||
printf 'ERROR! File missing: "%s"\n' "${path}" >&2
|
||||
"${LIB_DIR}/http_res" 500; exit
|
||||
fi
|
||||
|
||||
# Try to return it to the user
|
||||
if <"${path}" "${LIB_DIR}/http_res" 200; then
|
||||
printf 'Sent SSL file "%s" to %s\n' "${path}" "${username}" >>"${LOGFILE}"
|
||||
printf 'Sent SSL file "%s" to %s\n' "${path}" "${username}" >&2
|
||||
else
|
||||
printf 'ERROR! Failed to return file: "%s"\n' "${path}" >>"${LOGFILE}"
|
||||
printf 'ERROR! Failed to return file: "%s"\n' "${path}" >&2
|
||||
"${LIB_DIR}/http_res" 500; exit
|
||||
fi
|
||||
|
|
|
@ -25,9 +25,9 @@ allowedips="$(<<<"${qs}" grep -oP 'ips=(.*)' | sed 's/^ips//' | xargs)"
|
|||
|
||||
# Add peer to wireguard
|
||||
if "${LIB_DIR}/wg_peer_add" "${pubkey}" "${server_psk}" "${allowedips}"; then
|
||||
printf 'Added %s to local wireguard server.\n' "${pubkey}" >>"${LOGFILE}"
|
||||
printf 'Added %s to local wireguard server.\n' "${pubkey}" >&2
|
||||
else
|
||||
printf 'ERROR! Failed to add %s to wireguard server!\n' "${pubkey}" >>"${LOGFILE}"
|
||||
printf 'ERROR! Failed to add %s to wireguard server!\n' "${pubkey}" >&2
|
||||
# TODO: clear existing progress
|
||||
"${LIB_DIR}/http_res" 500; exit
|
||||
fi
|
||||
|
|
|
@ -7,21 +7,21 @@
|
|||
CONFIG_FILE='/etc/wgapi/config'
|
||||
SERVERS_FILE='/etc/wgapi/servers'
|
||||
if ! [ ${#} -eq 2 ]; then
|
||||
printf 'ERROR! Bad input: %s %s\n' "${0}" "${*}" >>"${LOGFILE}"
|
||||
printf 'ERROR! Bad input: %s %s\n' "${0}" "${*}" >&2
|
||||
"${LIB_DIR}/http_res" 500; exit
|
||||
fi & if ! [ -x '/usr/bin/wg' ]; then
|
||||
printf 'ERROR! %s could not find /usr/bin/wg\n' "${0}" >>"${LOGFILE}"
|
||||
printf 'ERROR! %s could not find /usr/bin/wg\n' "${0}" >&2
|
||||
"${LIB_DIR}/http_res" 500; exit
|
||||
fi & if ! [ -f "${CONFIG_FILE}" ]; then
|
||||
printf 'ERROR! %s could not find %s!\n' "${0}" "${CONFIG_FILE}" >>"${LOGFILE}"
|
||||
printf 'ERROR! %s could not find %s!\n' "${0}" "${CONFIG_FILE}" >&2
|
||||
"${LIB_DIR}/http_res" 500; exit
|
||||
fi
|
||||
source "${CONFIG_FILE}"
|
||||
if ! [ -f "${SERVERS_FILE}" ]; then
|
||||
printf 'ERROR! %s could not find %s!\n' "${0}" "${SERVERS_FILE}" >>"${LOGFILE}"
|
||||
printf 'ERROR! %s could not find %s!\n' "${0}" "${SERVERS_FILE}" >&2
|
||||
"${LIB_DIR}/http_res" 500; exit
|
||||
fi & if ! [ -f "${TOKENS_FILE}" ]; then
|
||||
printf 'ERROR! %s could not find %s!\n' "${0}" "${TOKENS_FILE}" >>"${LOGFILE}"
|
||||
printf 'ERROR! %s could not find %s!\n' "${0}" "${TOKENS_FILE}" >&2
|
||||
"${LIB_DIR}/http_res" 500; exit
|
||||
fi
|
||||
ip="${1}"
|
||||
|
@ -29,47 +29,47 @@ qs="$(<<<"${2}" tr '&' '\n' | sed 's/?//')"
|
|||
|
||||
# Parse pubkey
|
||||
pubkey="$(<<<"${qs#}" grep 'pubkey=' | sed 's/pubkey=//')"
|
||||
printf '%s requested to delete %s\n' "${ip}" "${pubkey:?}" >>"${LOGFILE}"
|
||||
printf '%s requested to delete %s\n' "${ip}" "${pubkey:?}" >&2
|
||||
|
||||
# Check token
|
||||
token_fail(){
|
||||
printf 'Rejecting %s request to delete peer due to %s token\n' "${ip}" "${1}" >>"${LOGFILE}"
|
||||
printf 'Rejecting %s request to delete peer due to %s token\n' "${ip}" "${1}" >&2
|
||||
printf 'Invalid token\n' | "${LIB_DIR}/http_res" 403; exit
|
||||
}
|
||||
saved_token="$(grep "${ip}" "${TOKENS_FILE}" | cut -f2)"
|
||||
[ "${saved_token}" == "" ] && token_fail 'missing' &
|
||||
<<<"${qs}" grep -qx "t=${saved_token}" || token_fail 'mismatched'
|
||||
printf '%s token was valid\n' "${ip}" >>"${LOGFILE}"
|
||||
printf '%s token was valid\n' "${ip}" >&2
|
||||
|
||||
# Get peer IP list
|
||||
if ! wg_output="$(sudo /usr/bin/wg show "${TLD}" allowed-ips)"; then
|
||||
printf 'ERROR! Wireguard failed!\n' >>"${LOGFILE}"
|
||||
printf 'ERROR! Wireguard failed!\n' >&2
|
||||
"${LIB_DIR}/http_res" 500; exit
|
||||
fi
|
||||
|
||||
# Filter out this user's
|
||||
user_peers="$(grep "${ip%[.:]*}" <<<"${wg_output}" 2>/dev/null)"
|
||||
if [ "${user_peers}" == "" ]; then
|
||||
printf "ERROR! %s accessed the dashboard but isn't on the network!\n" "${ip}" >>"${LOGFILE}"
|
||||
printf "ERROR! %s accessed the dashboard but isn't on the network!\n" "${ip}" >&2
|
||||
"${LIB_DIR}/http_res" 500; exit
|
||||
fi
|
||||
|
||||
# Get peer domains
|
||||
if ! peer="$("${LIB_DIR}/ips_to_peers" tsv <<<"${user_peers}" | grep "${pubkey}")"; then
|
||||
printf 'ERROR! Peer %s not found for user %s!\n' "${pubkey}" "${ip}" >>"${LOGFILE}" &
|
||||
printf 'ERROR! Peer %s not found for user %s!\n' "${pubkey}" "${ip}" >&2 &
|
||||
printf 'Peer not found\n' | "${LIB_DIR}/http_res" 404; exit
|
||||
fi
|
||||
domain="$(<<<"${peer}" cut -f1)"
|
||||
ipv4="$(<<<"${peer}" cut -f2)"
|
||||
ipv6="$(<<<"${peer}" cut -f3)"
|
||||
if ! printf 'Delete request was for %s %s %s\n' "${domain:?}" "${ipv4:?}" "${ipv6:?}" >>"${LOGFILE}"; then
|
||||
printf 'ERROR! Failed to collect peer data: %s %s %s\n' "${domain}" "${ipv4}" "${ipv6}" >>"${LOGFILE}" &
|
||||
if ! printf 'Delete request was for %s %s %s\n' "${domain:?}" "${ipv4:?}" "${ipv6:?}" >&2; then
|
||||
printf 'ERROR! Failed to collect peer data: %s %s %s\n' "${domain}" "${ipv4}" "${ipv6}" >&2 &
|
||||
"${LIB_DIR}/http_res" 500; exit
|
||||
fi
|
||||
|
||||
# Make sure user isn't deleting their own peer
|
||||
if [ "${ip}" == "${ipv4}" ] || [ "${ip}" == "${ipv6}" ]; then
|
||||
printf 'User requested to delete peer from itself: %s.\n' "${ip}" >>"${LOGFILE}"
|
||||
printf 'User requested to delete peer from itself: %s.\n' "${ip}" >&2
|
||||
printf 'You cannot delete a peer from itself!' | "${LIB_DIR}/http_res" 400; exit
|
||||
fi
|
||||
|
||||
|
@ -85,18 +85,18 @@ for_server_do() {
|
|||
server_endpoint="${5}"; server_admin="${6}"; server_secret="${7}"
|
||||
if [ "${server_hostname}" == "${LOCAL_SERVER}" ]; then
|
||||
if "${LIB_DIR}/wg_peer_del" "${pubkey}"; then
|
||||
printf 'Deleted %s from local wireguard server.\n' "${domain}" >>"${LOGFILE}"
|
||||
printf 'Deleted %s from local wireguard server.\n' "${domain}" >&2
|
||||
else
|
||||
printf 'ERROR! Failed to delete %s from local wireguard server!\n' "${domain}" >>"${LOGFILE}"
|
||||
printf 'ERROR! Failed to delete %s from local wireguard server!\n' "${domain}" >&2
|
||||
# TODO: clear existing progress
|
||||
"${LIB_DIR}/http_res" 500; exit
|
||||
fi
|
||||
# TODO Add federated peer
|
||||
#else
|
||||
# if "${LIB_DIR}/fed_peer_add" "${server_admin}" "${pubkey}" "${server_psk}" "${ipv4}/32,${ipv6}/128" "${server_secret}"; then
|
||||
# printf 'Deleted %s from remote wireguard server %s.\n' "${domain}" "${server_hostname}" >>"${LOGFILE}"
|
||||
# printf 'Deleted %s from remote wireguard server %s.\n' "${domain}" "${server_hostname}" >&2
|
||||
# else
|
||||
# printf 'ERROR! Failed to delete %s from remote wireguard server %s!\n' "${domain}" "${server_hostname}" >>"${LOGFILE}"
|
||||
# printf 'ERROR! Failed to delete %s from remote wireguard server %s!\n' "${domain}" "${server_hostname}" >&2
|
||||
# # TODO: Send a 500 error
|
||||
# # TODO: clear existing progress
|
||||
# exit 16
|
||||
|
@ -110,14 +110,14 @@ done <"${SERVERS_FILE}" &
|
|||
|
||||
# Update nameserver
|
||||
if "${LIB_DIR}/ns_update_del" "${domain:?}" "${ipv4:?}" "${ipv6:?}"
|
||||
then printf 'Successfully deleted %s from DNS server.\n' "${domain}" >>"${LOGFILE}"
|
||||
else printf 'ERROR! Failed to delete %s %s %s from DNS server!\n' "${domain}" "${ipv4}" "${ipv6}" >>"${LOGFILE}"
|
||||
then printf 'Successfully deleted %s from DNS server.\n' "${domain}" >&2
|
||||
else printf 'ERROR! Failed to delete %s %s %s from DNS server!\n' "${domain}" "${ipv4}" "${ipv6}" >&2
|
||||
fi &
|
||||
|
||||
# Create SSL cert
|
||||
if "${LIB_DIR}/ssl_peer_del" "${hostname:?}" "${username:?}"
|
||||
then printf 'Successfully deleted SSL certs for %s\n' "${domain}" >>"${LOGFILE}"
|
||||
else printf 'ERROR! Failed to delete certs for %s!\n' "${domain}" >>"${LOGFILE}"
|
||||
then printf 'Successfully deleted SSL certs for %s\n' "${domain}" >&2
|
||||
else printf 'ERROR! Failed to delete certs for %s!\n' "${domain}" >&2
|
||||
fi
|
||||
|
||||
# Respond to user
|
||||
|
|
|
@ -25,8 +25,8 @@ psk="${3}"
|
|||
allowedips="${4}"
|
||||
|
||||
if res="$(curl --silent --request POST "wg-test-fed.${server}.${TLD}?pubkey=${pubkey}&psk=${psk}&ips=${allowedips}")"; then
|
||||
printf 'Sent peer %s to federated server %s\n' "${pubkey}" "${server}" >>"${LOGFILE}"
|
||||
printf 'Sent peer %s to federated server %s\n' "${pubkey}" "${server}" >&2
|
||||
else
|
||||
printf 'ERROR: Failed to send peer to federated server %s: %s\n' "${server}" "${res}" "${res}" >>"${LOGFILE}"
|
||||
printf 'ERROR: Failed to send peer to federated server %s: %s\n' "${server}" "${res}" "${res}" >&2
|
||||
exit 6
|
||||
fi
|
|
@ -11,13 +11,13 @@
|
|||
|
||||
CONFIG_FILE='/etc/wgapi/config'
|
||||
if ! [ -f "${CONFIG_FILE}" ]; then
|
||||
printf 'ERROR! %s Config file not found\n' "${0}" >>"${LOGFILE}"
|
||||
printf 'ERROR! %s Config file not found\n' "${0}" >&2
|
||||
exit 6
|
||||
fi & if ! [ ${#} -eq 1 ] || [ ${#} -eq 3 ]; then
|
||||
printf 'ERROR! Bad usage: %s %s\n' "$0" "$*" >>"${LOGFILE}"
|
||||
printf 'ERROR! Bad usage: %s %s\n' "$0" "$*" >&2
|
||||
exit 3
|
||||
fi & if ! [ -x /usr/bin/wg ]; then
|
||||
printf 'ERROR! %s /usr/bin/wg not found\n' "${0}" >>"${LOGFILE}"
|
||||
printf 'ERROR! %s /usr/bin/wg not found\n' "${0}" >&2
|
||||
exit 5
|
||||
fi
|
||||
source "${CONFIG_FILE}"
|
||||
|
@ -40,7 +40,7 @@ while IFS= read -r line; do
|
|||
'json') printf '{"domain":"%s","ipv4":"%s","ipv6":"%s","pubkey":"%s"},' \
|
||||
"${domain}" "${ipv4}" "${ipv6}" "${pubkey}";;
|
||||
'tsv') printf '%s\t%s\t%s\t%s\n' "${domain}" "${ipv4}" "${ipv6}" "${pubkey}";;
|
||||
*) printf 'ERROR! Invalid format for %s: %s\n' "${0}" "${format}" >>"${LOGFILE}"
|
||||
*) printf 'ERROR! Invalid format for %s: %s\n' "${0}" "${format}" >&2
|
||||
exit 5;
|
||||
esac
|
||||
done | sed 's/\n//g' | sed 's/,$//' # Remove trailing comma and newlines
|
||||
|
|
|
@ -19,8 +19,8 @@ source "${CONFIG_FILE}"
|
|||
domain="$("${LIB_DIR}/ns_lookup_send" "${1}")"
|
||||
case $? in
|
||||
0) printf '%s' "${domain%.}" | cut -d'=' -f2 | xargs -0; exit 0;;
|
||||
4) printf 'Domain for %s not found!\n' "${1}" >>"${LOGFILE}"; exit 4;;
|
||||
5) printf 'Nameserver not available: %s\n' "${DNS_MASTER}" >>"${LOGFILE}"; exit 5;;
|
||||
6) printf 'nslookup not installed!\n' >>"${LOGFILE}"; exit 6;;
|
||||
*) printf 'Bad usage: %s %s\n' "${0}" "${@}" >>"${LOGFILE}"; exit 3;;
|
||||
4) printf 'Domain for %s not found!\n' "${1}" >&2; exit 4;;
|
||||
5) printf 'Nameserver not available: %s\n' "${DNS_MASTER}" >&2; exit 5;;
|
||||
6) printf 'nslookup not installed!\n' >&2; exit 6;;
|
||||
*) printf 'Bad usage: %s %s\n' "${0}" "${@}" >&2; exit 3;;
|
||||
esac
|
||||
|
|
|
@ -21,10 +21,10 @@ source "${CONFIG_FILE}"
|
|||
res="$("${LIB_DIR}/ns_lookup_send" "-query=AXFR" "${TLD}.")"
|
||||
case $? in
|
||||
0) printf '%s' "${res}"; exit 0;;
|
||||
4) printf 'Domain for %s not found!\n' "${1}" >>"${LOGFILE}"; exit 4;;
|
||||
5) printf 'Nameserver not available: %s\n' "${DNS_MASTER}" >>"${LOGFILE}"; exit 5;;
|
||||
6) printf 'nslookup not installed!\n' >>"${LOGFILE}"; exit 6;;
|
||||
8) printf 'nslookup threw an error!\n' >>"${LOGFILE}"; exit 9;;
|
||||
9) printf 'nslookup refused RXFR request!\n' >>"${LOGFILE}"; exit 8;;
|
||||
*) printf 'Bad usage: %s %s\n' "${0}" "${@}" >>"${LOGFILE}"; exit 3;;
|
||||
4) printf 'Domain for %s not found!\n' "${1}" >&2; exit 4;;
|
||||
5) printf 'Nameserver not available: %s\n' "${DNS_MASTER}" >&2; exit 5;;
|
||||
6) printf 'nslookup not installed!\n' >&2; exit 6;;
|
||||
8) printf 'nslookup threw an error!\n' >&2; exit 9;;
|
||||
9) printf 'nslookup refused RXFR request!\n' >&2; exit 8;;
|
||||
*) printf 'Bad usage: %s %s\n' "${0}" "${@}" >&2; exit 3;;
|
||||
esac
|
||||
|
|
|
@ -9,10 +9,10 @@
|
|||
|
||||
CONFIG_FILE='/etc/wgapi/config'
|
||||
if ! [ ${#} -eq 3 ]; then
|
||||
printf 'ERROR! Invalid number of arguments to %s: %s\n' "${0}" "${*}" >>"${LOGFILE}"
|
||||
printf 'ERROR! Invalid number of arguments to %s: %s\n' "${0}" "${*}" >&2
|
||||
exit 3
|
||||
fi; if ! [ -f "${CONFIG_FILE}" ]; then
|
||||
printf 'ERROR! %s couldnt find %s\n' "${0}" "${CONFIG_FILE}" >>"${LOGFILE}"
|
||||
printf 'ERROR! %s couldnt find %s\n' "${0}" "${CONFIG_FILE}" >&2
|
||||
exit 4
|
||||
fi
|
||||
source "${CONFIG_FILE}"
|
||||
|
|
|
@ -9,10 +9,10 @@
|
|||
|
||||
CONFIG_FILE='/etc/wgapi/config'
|
||||
if ! [ ${#} -eq 3 ]; then
|
||||
printf 'ERROR! Invalid number of arguments to %s: %s\n' "${0}" "${*}" >>"${LOGFILE}"
|
||||
printf 'ERROR! Invalid number of arguments to %s: %s\n' "${0}" "${*}" >&2
|
||||
exit 3
|
||||
fi; if ! [ -f "${CONFIG_FILE}" ]; then
|
||||
printf 'ERROR! %s couldnt find %s\n' "${0}" "${CONFIG_FILE}" >>"${LOGFILE}"
|
||||
printf 'ERROR! %s couldnt find %s\n' "${0}" "${CONFIG_FILE}" >&2
|
||||
exit 4
|
||||
fi
|
||||
source "${CONFIG_FILE}"
|
||||
|
|
|
@ -11,4 +11,4 @@ CONFIG_FILE='/etc/wgapi/config'
|
|||
[ -f "${CONFIG_FILE}" ] || exit 4
|
||||
source "${CONFIG_FILE}"
|
||||
printf 'server %s\n%s\nsend\n' "${DNS_MASTER}" "${1}" \
|
||||
| nsupdate -y "${DNS_KEY}" | tee -a "${LOGFILE}"
|
||||
| nsupdate -y "${DNS_KEY}" | tee >(cat 1>&2)
|
||||
|
|
|
@ -12,16 +12,16 @@
|
|||
|
||||
CONFIG_FILE='/etc/wgapi/config'
|
||||
if ! [ ${#} -eq 3 ]; then
|
||||
printf 'ERROR! Invalid number of arguments to %s: %s\n' "${0}" "${*}" >>"${LOGFILE}"
|
||||
printf 'ERROR! Invalid number of arguments to %s: %s\n' "${0}" "${*}" >&2
|
||||
exit 3
|
||||
fi; if ! [ -f "${CONFIG_FILE}" ]; then
|
||||
printf 'ERROR! %s couldnt find %s\n' "${0}" "${CONFIG_FILE}" >>"${LOGFILE}"
|
||||
printf 'ERROR! %s couldnt find %s\n' "${0}" "${CONFIG_FILE}" >&2
|
||||
exit 4
|
||||
fi; if ! [ -x '/usr/bin/openssl' ]; then
|
||||
printf 'ERROR! /usr/bin/openssl not found!\n' >>"${LOGFILE}"
|
||||
printf 'ERROR! /usr/bin/openssl not found!\n' >&2
|
||||
exit 5
|
||||
fi; if ! [ -f '/etc/ssl/openssl.cnf' ]; then
|
||||
printf 'ERROR! /etc/ssl/openssl.cnf not found!\n' >>"${LOGFILE}"
|
||||
printf 'ERROR! /etc/ssl/openssl.cnf not found!\n' >&2
|
||||
exit 5
|
||||
fi
|
||||
source "${CONFIG_FILE}"
|
||||
|
@ -32,22 +32,22 @@ ipstring="${3}"
|
|||
|
||||
# Make a directory for the new files
|
||||
if ! sudo mkdir "${SSL_CONFIG_DIR:?}/${username:?}/${hostname:?}/"; then
|
||||
printf 'Failed to create directory %s/%s/%s/:\n' "${SSL_CONFIG_DIR}" "${username}" "${hostname}" >>"${LOGFILE}"
|
||||
printf 'Failed to create directory %s/%s/%s/:\n' "${SSL_CONFIG_DIR}" "${username}" "${hostname}" >&2
|
||||
exit 7
|
||||
fi
|
||||
|
||||
# Generate key
|
||||
if ! sudo /usr/bin/openssl genrsa -out "${SSL_CONFIG_DIR:?}/${username:?}/${hostname:?}/server.key" >>/dev/null 2>&1; then
|
||||
printf 'Failed to generate SSL key %s/%s/%s/server.key\n' "${SSL_CONFIG_DIR}" "${username}" "${hostname}" >>"${LOGFILE}"
|
||||
printf 'Failed to generate SSL key %s/%s/%s/server.key\n' "${SSL_CONFIG_DIR}" "${username}" "${hostname}" >&2
|
||||
exit 7
|
||||
fi
|
||||
if ! sudo [ -f "${SSL_CONFIG_DIR}/${username}/${hostname}/server.key" ]; then
|
||||
printf 'SSL key %s/%s/%s/server.key was not generated!\n' "${SSL_CONFIG_DIR}" "${username}" "${hostname}" >>"${LOGFILE}"
|
||||
ls "${SSL_CONFIG_DIR}/${username}/${hostname}/" >>"${LOGFILE}"
|
||||
printf 'SSL key %s/%s/%s/server.key was not generated!\n' "${SSL_CONFIG_DIR}" "${username}" "${hostname}" >&2
|
||||
ls "${SSL_CONFIG_DIR}/${username}/${hostname}/" >&2
|
||||
exit 7
|
||||
fi
|
||||
if ! sudo chmod 400 "${SSL_CONFIG_DIR}/${username}/${hostname}/server.key" >>"${LOGFILE}" 2>&1; then
|
||||
printf 'Failed to chmod SSL key %s/%s/%s/server.key\n' "${SSL_CONFIG_DIR}" "${username}" "${hostname}" >>"${LOGFILE}"
|
||||
if ! sudo chmod 400 "${SSL_CONFIG_DIR}/${username}/${hostname}/server.key" >&2 2>&1; then
|
||||
printf 'Failed to chmod SSL key %s/%s/%s/server.key\n' "${SSL_CONFIG_DIR}" "${username}" "${hostname}" >&2
|
||||
exit 7
|
||||
fi
|
||||
|
||||
|
@ -58,7 +58,7 @@ subjectAltName = DNS:${hostname}.${username}.${TLD},DNS:*.${hostname}.${username
|
|||
[ "${ipstring}" != "" ] && san="${san},${ipstring}"
|
||||
if ! printf '%s\n' "${san}" | sudo cat '/etc/ssl/openssl.cnf' /dev/stdin \
|
||||
| sudo tee "${SSL_CONFIG_DIR}/${username}/${hostname}.cnf" >/dev/null; then
|
||||
printf 'Failed to generate %s/%s/%s.cnf\n' "${SSL_CONFIG_DIR}" "${username}" "${hostname}" >>"${LOGFILE}"
|
||||
printf 'Failed to generate %s/%s/%s.cnf\n' "${SSL_CONFIG_DIR}" "${username}" "${hostname}" >&2
|
||||
exit 7
|
||||
fi
|
||||
|
||||
|
@ -69,7 +69,7 @@ if ! sudo /usr/bin/openssl req -new -sha256 -reqexts SAN -extensions SAN \
|
|||
-config "${SSL_CONFIG_DIR}/${username}/${hostname}.cnf" \
|
||||
-subj "/O=${SSL_ORG}/OU=${username}/CN=${hostname}.${username}.${TLD}" \
|
||||
>/dev/null 2>&1; then
|
||||
printf 'Failed to generate %s/%s/%s.csr\n' "${SSL_CONFIG_DIR}" "${username}" "${hostname}" >>"${LOGFILE}"
|
||||
printf 'Failed to generate %s/%s/%s.csr\n' "${SSL_CONFIG_DIR}" "${username}" "${hostname}" >&2
|
||||
exit 7
|
||||
fi
|
||||
|
||||
|
@ -81,21 +81,21 @@ if ! sudo /usr/bin/openssl x509 -req -sha256 -extensions SAN -CAcreateserial \
|
|||
-passin "pass:${SSL_CA_PASS}" \
|
||||
-out "${SSL_CONFIG_DIR}/${username}/${hostname}/server.crt" \
|
||||
-days "${SSL_DAYS}" >/dev/null 2>&1; then
|
||||
printf 'ERROR! Failed to generate SSL cert %s/%s/server.crt\n' "${username}" "${hostname}" >>"${LOGFILE}"
|
||||
printf 'ERROR! Failed to generate SSL cert %s/%s/server.crt\n' "${username}" "${hostname}" >&2
|
||||
exit 7
|
||||
fi; if ! sudo [ -f "${SSL_CONFIG_DIR:?}/${username:?}/${hostname:?}/server.crt" ]; then
|
||||
printf 'ERROR! SSL key %s/%s/server.crt was not generated!\n' "${username}" "${hostname}" >>"${LOGFILE}"
|
||||
printf 'ERROR! SSL key %s/%s/server.crt was not generated!\n' "${username}" "${hostname}" >&2
|
||||
exit 7
|
||||
fi; if ! sudo chmod 640 "${SSL_CONFIG_DIR}/${username}/${hostname}/server.crt" "${SSL_CONFIG_DIR}/${username}/${hostname}/server.key"; then
|
||||
printf 'ERROR! Failed to chmod SSL cert %s/%s/server.*\n' "${username}" "${hostname}" >>"${LOGFILE}"
|
||||
printf 'ERROR! Failed to chmod SSL cert %s/%s/server.*\n' "${username}" "${hostname}" >&2
|
||||
exit 8
|
||||
fi & if ! sudo chgrp -R www-data "${SSL_CONFIG_DIR}/${username}/"; then
|
||||
printf 'ERROR! Failed to set group of %s!\n' "${SSL_CONFIG_DIR}/${username}/" >>"${LOGFILE}"
|
||||
printf 'ERROR! Failed to set group of %s!\n' "${SSL_CONFIG_DIR}/${username}/" >&2
|
||||
exit 8
|
||||
fi
|
||||
|
||||
# Remove old files
|
||||
if ! sudo rm "${SSL_CONFIG_DIR}/${username}/${hostname}.cnf" "${SSL_CONFIG_DIR}/${username}/${hostname}.csr" 2>/dev/null; then
|
||||
printf 'Failed to remove old SSL config files %s/%s/%s.cnf\n' "${SSL_CONFIG_DIR}" "${username}" "${hostname}" >>"${LOGFILE}"
|
||||
printf 'Failed to remove old SSL config files %s/%s/%s.cnf\n' "${SSL_CONFIG_DIR}" "${username}" "${hostname}" >&2
|
||||
exit 7
|
||||
fi
|
||||
|
|
|
@ -9,10 +9,10 @@
|
|||
|
||||
CONFIG_FILE='/etc/wgapi/config'
|
||||
if ! [ ${#} -eq 2 ]; then
|
||||
printf 'ERROR! Invalid number of arguments to %s: %s\n' "${0}" "${*}" >>"${LOGFILE}"
|
||||
printf 'ERROR! Invalid number of arguments to %s: %s\n' "${0}" "${*}" >&2
|
||||
exit 3
|
||||
fi; if ! [ -f "${CONFIG_FILE}" ]; then
|
||||
printf 'ERROR! %s couldnt find %s\n' "${0}" "${CONFIG_FILE}" >>"${LOGFILE}"
|
||||
printf 'ERROR! %s couldnt find %s\n' "${0}" "${CONFIG_FILE}" >&2
|
||||
exit 4
|
||||
fi
|
||||
source "${CONFIG_FILE}"
|
||||
|
@ -20,6 +20,6 @@ hostname="${1}"
|
|||
username="${2}"
|
||||
|
||||
if ! sudo rm -rf "${SSL_CONFIG_DIR:?}/${username:?}/${hostname:?}/" 2>/dev/null; then
|
||||
printf 'ERROR! %s failed to delete %s!\n' "${0}" "${SSL_CONFIG_DIR}/${username}/${hostname}/" >>"${LOGFILE}"
|
||||
printf 'ERROR! %s failed to delete %s!\n' "${0}" "${SSL_CONFIG_DIR}/${username}/${hostname}/" >&2
|
||||
exit 5
|
||||
fi
|
||||
|
|
|
@ -24,6 +24,6 @@ psk="${2}"
|
|||
allowedips="${3}"
|
||||
|
||||
if ! res="$(printf '%s\n' "${psk}" | sudo /usr/bin/wg set "${TLD}" peer "${pubkey}" preshared-key /dev/stdin allowed-ips "${allowedips}")"; then
|
||||
printf '%s %s\n' "${?}" "${res}" >>"${LOGFILE}"
|
||||
printf '%s %s\n' "${?}" "${res}" >&2
|
||||
exit 6
|
||||
fi
|
|
@ -11,18 +11,18 @@
|
|||
|
||||
CONFIG_FILE='/etc/wgapi/config'
|
||||
if ! [ ${#} -eq 1 ]; then
|
||||
printf 'ERROR! Bad input: %s %s\n' "${0}" "${*}" >>"${LOGFILE}"
|
||||
printf 'ERROR! Bad input: %s %s\n' "${0}" "${*}" >&2
|
||||
exit 3
|
||||
fi; if ! [ -x '/usr/bin/wg' ]; then
|
||||
printf 'ERROR! %s could not find /usr/bin/wg\n' "${0}" >>"${LOGFILE}"
|
||||
printf 'ERROR! %s could not find /usr/bin/wg\n' "${0}" >&2
|
||||
exit 4
|
||||
fi; if ! [ -f "${CONFIG_FILE}" ]; then
|
||||
printf 'ERROR! %s could not find %s!\n' "${0}" "${CONFIG_FILE}" >>"${LOGFILE}"
|
||||
printf 'ERROR! %s could not find %s!\n' "${0}" "${CONFIG_FILE}" >&2
|
||||
exit 5
|
||||
fi
|
||||
source "${CONFIG_FILE}"
|
||||
|
||||
if ! res="$(sudo /usr/bin/wg set "${TLD}" peer "${1}" remove)"; then
|
||||
printf 'ERROR! Wireguard failed: %s\n' "${res}" >>"${LOGFILE}"
|
||||
printf 'ERROR! Wireguard failed: %s\n' "${res}" >&2
|
||||
exit 6
|
||||
fi
|
||||
|
|
|
@ -20,7 +20,7 @@
|
|||
[X] Let this server route traffic for all hosts
|
||||
[X] Prevent deleting user's only peer
|
||||
[X] Remove bash errors
|
||||
[ ] Move loging to STDERR
|
||||
[X] Move loging to STDERR
|
||||
[ ] Federated servers
|
||||
[ ] shellcheck
|
||||
[ ] Deploy on GF4
|
||||
|
|
|
@ -1,5 +1,4 @@
|
|||
TLD='tld'
|
||||
LOGFILE='/var/log/apache2/error.log'
|
||||
LOCAL_SERVER='myhost'
|
||||
IPV4_NET='10.3.0.0/16'
|
||||
IPV6_NET='fd69:1337:0:420:f4:f3::/96'
|
||||
|
|
Loading…
Reference in New Issue