First attempt at returning user SSL files
parent
a791b1bf3e
commit
b8fa426971
GPG Key ID:
DF773B3F4A88DA86
|
|
@ -31,8 +31,9 @@ RUN echo "www-data ALL=(ALL:ALL) NOPASSWD: /usr/bin/wg, /usr/bin/openssl, /usr/b
|
|||
| sudo EDITOR='tee -a' visudo
|
||||
|
||||
# Copy over cgi and libs
|
||||
# TODO: Copy only needed libs
|
||||
COPY dashboard.cgi /var/www/cgi-bin/index.cgi
|
||||
COPY dashboard_ssl.cgi /var/www/cgi-bin/ssl.cgi
|
||||
# TODO: Copy only needed libs
|
||||
COPY lib/ /usr/lib/wgapi/
|
||||
|
||||
# Run time!
|
||||
|
|
|
|||
|
|
@ -0,0 +1,22 @@
|
|||
#!/bin/bash
|
||||
# FILE: wgapi:back/dashboard_ssl.cgi
|
||||
# DESCRIPTION: Sends SSL certs and keys to users
|
||||
# ERRORS:
|
||||
# 3: Bad usage
|
||||
# 4: Missing config file
|
||||
|
||||
CONFIG_FILE='/etc/wgapi/config'
|
||||
if ! [ -f "${CONFIG_FILE}" ]; then
|
||||
printf 'ERROR! %s could not find %s!\n' "${0}" "${CONFIG_FILE}" >>"${LOGFILE}"
|
||||
exit 4
|
||||
fi; source "${CONFIG_FILE}"
|
||||
|
||||
case "${REQUEST_METHOD}" in
|
||||
|
||||
# Cet
|
||||
'GET') "${LIB_DIR}/dashboard/ssl" "${HTTP_X_REAL_IP}" "${QUERY_STRING}";;
|
||||
|
||||
# Bad request
|
||||
*) printf 'Invalid HTTP verb' | "${LIB_DIR}/http_res" 405;;
|
||||
|
||||
esac
|
||||
|
|
@ -1,7 +1,7 @@
|
|||
#!/bin/bash
|
||||
# FILE: lib/dashboard/peer/list
|
||||
# DESCRIPTION: List a user's peers
|
||||
# USAGE: add remote_ip
|
||||
# USAGE: list remote_ip
|
||||
# ERRORS:
|
||||
# 3: bad args/usage
|
||||
# 4: config file not found
|
||||
|
|
|
|||
|
|
@ -0,0 +1,71 @@
|
|||
#!/bin/bash
|
||||
# FILE: lib/dashboard/ssl
|
||||
# DESCRIPTION: Get a user's SSL certs and keys
|
||||
# USAGE: ssl remote_ip querystring
|
||||
# QUERYSTRING: ?host=$hostname&ext=crt
|
||||
# ERRORS:
|
||||
# 3: Bad args/usage
|
||||
# 4: Config file not found
|
||||
# 5: Missing part of the querystring
|
||||
# 6: Invalid extension
|
||||
# 7: SSL file missing
|
||||
# 8: Failed to return SSL file
|
||||
|
||||
CONFIG_FILE='/etc/wgapi/config'
|
||||
if ! [ ${#} -eq 2 ]; then
|
||||
printf 'ERROR! Bad input: %s %s\n' "${0}" "${*}" >>"${LOGFILE}"
|
||||
exit 3
|
||||
fi & if ! [ -f "${CONFIG_FILE}" ]; then
|
||||
printf 'ERROR! %s could not find %s!\n' "${0}" "${CONFIG_FILE}" >>"${LOGFILE}"
|
||||
exit 4
|
||||
fi
|
||||
source "${CONFIG_FILE}"
|
||||
ip="${1}"
|
||||
qs="$(<<<"${2}" tr '&' '\n' | sed 's/?//')"
|
||||
|
||||
# Parse querystring
|
||||
hostname="$(<<<"${qs}" grep -oP 'host=(.*)' | sed 's/^host//' | xargs)"
|
||||
ext="$(<<<"${qs}" grep -oP 'ext=(.*)' | sed 's/^ext//' | xargs)"
|
||||
|
||||
if ! file="${hostname:?}/server.${ext:?}"; then
|
||||
printf 'ERROR! Hostname "%s" or extension "%s" or SSL_CONFIG_DIR "%s" missing!\n' "${hostname}" "${username}" "${ext}" "${SSL_CONFIG_DIR}" >>"${LOGFILE}"
|
||||
printf 'Hostname or username or extension missing!\n' | "${LIB_DIR}/http_res" 400
|
||||
exit 5
|
||||
else
|
||||
printf 'User %s requested SSL file %s\n' "${ip}" "${file}" >>"${LOGFILE}"
|
||||
fi
|
||||
|
||||
# Make sure extension is 'crt' or 'key'
|
||||
if [ "${ext}" != 'crt' ] && [ "${ext}" != 'key' ]; then
|
||||
printf 'Invalid extension: %s\n' | tee -a "${LOGFILE}" | "${LIB_DIR}/http_res" 400
|
||||
exit 6
|
||||
fi
|
||||
|
||||
# Get username
|
||||
if ! domain="$("${LIB_DIR}/ns_lookup_rdns" "${ip}")"; then
|
||||
printf 'ERROR! Failed to lookup domain from user IP %s\n' "${ip}" | tee -a "${LOGFILE}" | "${LIB_DIR}/http_res" 500
|
||||
exit 7
|
||||
fi
|
||||
if ! username="$(<<<"${domain}" cut -d'.' -f2)"; then
|
||||
printf 'ERROR! Failed to parse username from domain "%s"\n' "${domain}" >>"${LOGFILE}"
|
||||
"${LIB_DIR}/http_res" 500
|
||||
exit 8
|
||||
fi
|
||||
|
||||
if ! path="${SSL_CONFIG_DIR:?}/${username:?}/${file}"; then
|
||||
printf 'ERROR! Username "${username}" or SSL_CONFIG_DIR "%s" missing!\n' >> "${LOGFILE}"
|
||||
printf 'Hostname or username or extension missing!\n' | "${LIB_DIR}/http_res" 400
|
||||
exit 9
|
||||
fi
|
||||
|
||||
# Check that the file exists
|
||||
if ! [ -f "${path}" ]; then
|
||||
printf 'ERROR! File missing: "%s"\n' | tee -a "${LOGFILE}" | "${LIB_DIR}/http_res" 404
|
||||
exit 10
|
||||
fi
|
||||
|
||||
# Try to return it to the user
|
||||
if ! <"${file}" "${LIB_DIR}/http_res" 200; then
|
||||
printf 'ERROR! Failed to return file: "%s"\n' | tee -a "${LOGFILE}" | "${LIB_DIR}/http_res" 500
|
||||
exit 11
|
||||
fi
|
||||
|
|
@ -11,9 +11,10 @@
|
|||
[X] admin user adding backend
|
||||
[X] admin user deleting backend
|
||||
[X] Add Loading...
|
||||
[ ] Let users download ssl certs
|
||||
[ ] Let admins download ssl certs
|
||||
[ ] Replace ns_lookup_rdns with ns_lookup_rxfr where applicable
|
||||
[ ] Prevent deleting user's only peer
|
||||
[ ] Let users download ssl certs
|
||||
[ ] Show QR code with new config
|
||||
[ ] Clean up bash file headings
|
||||
[ ] Deploy on GF4
|
||||
|
|
|
|||
|
|
@ -9,10 +9,11 @@
|
|||
<p data-bind="hidden:isLoaded"><code>Loading...</code></p>
|
||||
<table data-bind="visible:isLoaded">
|
||||
<thead><tr>
|
||||
<th>Host</th><th></th>
|
||||
<th>Host</th><th>SSL</th><th></th>
|
||||
</tr></thead>
|
||||
<tbody data-bind="foreach:peers"><tr>
|
||||
<td data-bind="text:name"></td>
|
||||
<td><a data-bind="attr:{href:crtHref}">Cert</a> / <a data-bind="attr:{href:keyHref}">Key</a></td>
|
||||
<td><button style="float:right" data-bind="click:$parent.delPeer,disable:$data.isDeleting,text:deleteText">Delete</button></td>
|
||||
</tr></tbody>
|
||||
</table>
|
||||
|
|
|
|||
|
|
@ -7,6 +7,8 @@ function Peer(data) {
|
|||
this.ipv6 = data.ipv6
|
||||
this.isDeleting = ko.observable(false)
|
||||
this.deleteText = ko.computed(() => this.isDeleting()?'Deleting...':'Delete')
|
||||
this.crtHref = ko.computed(() => `/ssl?host=${this.name}&ext=crt`)
|
||||
this.keyHref = ko.computed(() => '/ssl?host=${this.name}&ext=key')
|
||||
}
|
||||
|
||||
function PeerList() {
|
||||
|
|
|
|||
Loading…
Reference in New Issue