First attempt at returning user SSL files
parent
a791b1bf3e
commit
b8fa426971
|
@ -31,8 +31,9 @@ RUN echo "www-data ALL=(ALL:ALL) NOPASSWD: /usr/bin/wg, /usr/bin/openssl, /usr/b
|
||||||
| sudo EDITOR='tee -a' visudo
|
| sudo EDITOR='tee -a' visudo
|
||||||
|
|
||||||
# Copy over cgi and libs
|
# Copy over cgi and libs
|
||||||
# TODO: Copy only needed libs
|
|
||||||
COPY dashboard.cgi /var/www/cgi-bin/index.cgi
|
COPY dashboard.cgi /var/www/cgi-bin/index.cgi
|
||||||
|
COPY dashboard_ssl.cgi /var/www/cgi-bin/ssl.cgi
|
||||||
|
# TODO: Copy only needed libs
|
||||||
COPY lib/ /usr/lib/wgapi/
|
COPY lib/ /usr/lib/wgapi/
|
||||||
|
|
||||||
# Run time!
|
# Run time!
|
||||||
|
|
|
@ -0,0 +1,22 @@
|
||||||
|
#!/bin/bash
|
||||||
|
# FILE: wgapi:back/dashboard_ssl.cgi
|
||||||
|
# DESCRIPTION: Sends SSL certs and keys to users
|
||||||
|
# ERRORS:
|
||||||
|
# 3: Bad usage
|
||||||
|
# 4: Missing config file
|
||||||
|
|
||||||
|
CONFIG_FILE='/etc/wgapi/config'
|
||||||
|
if ! [ -f "${CONFIG_FILE}" ]; then
|
||||||
|
printf 'ERROR! %s could not find %s!\n' "${0}" "${CONFIG_FILE}" >>"${LOGFILE}"
|
||||||
|
exit 4
|
||||||
|
fi; source "${CONFIG_FILE}"
|
||||||
|
|
||||||
|
case "${REQUEST_METHOD}" in
|
||||||
|
|
||||||
|
# Cet
|
||||||
|
'GET') "${LIB_DIR}/dashboard/ssl" "${HTTP_X_REAL_IP}" "${QUERY_STRING}";;
|
||||||
|
|
||||||
|
# Bad request
|
||||||
|
*) printf 'Invalid HTTP verb' | "${LIB_DIR}/http_res" 405;;
|
||||||
|
|
||||||
|
esac
|
|
@ -1,7 +1,7 @@
|
||||||
#!/bin/bash
|
#!/bin/bash
|
||||||
# FILE: lib/dashboard/peer/list
|
# FILE: lib/dashboard/peer/list
|
||||||
# DESCRIPTION: List a user's peers
|
# DESCRIPTION: List a user's peers
|
||||||
# USAGE: add remote_ip
|
# USAGE: list remote_ip
|
||||||
# ERRORS:
|
# ERRORS:
|
||||||
# 3: bad args/usage
|
# 3: bad args/usage
|
||||||
# 4: config file not found
|
# 4: config file not found
|
||||||
|
|
|
@ -0,0 +1,71 @@
|
||||||
|
#!/bin/bash
|
||||||
|
# FILE: lib/dashboard/ssl
|
||||||
|
# DESCRIPTION: Get a user's SSL certs and keys
|
||||||
|
# USAGE: ssl remote_ip querystring
|
||||||
|
# QUERYSTRING: ?host=$hostname&ext=crt
|
||||||
|
# ERRORS:
|
||||||
|
# 3: Bad args/usage
|
||||||
|
# 4: Config file not found
|
||||||
|
# 5: Missing part of the querystring
|
||||||
|
# 6: Invalid extension
|
||||||
|
# 7: SSL file missing
|
||||||
|
# 8: Failed to return SSL file
|
||||||
|
|
||||||
|
CONFIG_FILE='/etc/wgapi/config'
|
||||||
|
if ! [ ${#} -eq 2 ]; then
|
||||||
|
printf 'ERROR! Bad input: %s %s\n' "${0}" "${*}" >>"${LOGFILE}"
|
||||||
|
exit 3
|
||||||
|
fi & if ! [ -f "${CONFIG_FILE}" ]; then
|
||||||
|
printf 'ERROR! %s could not find %s!\n' "${0}" "${CONFIG_FILE}" >>"${LOGFILE}"
|
||||||
|
exit 4
|
||||||
|
fi
|
||||||
|
source "${CONFIG_FILE}"
|
||||||
|
ip="${1}"
|
||||||
|
qs="$(<<<"${2}" tr '&' '\n' | sed 's/?//')"
|
||||||
|
|
||||||
|
# Parse querystring
|
||||||
|
hostname="$(<<<"${qs}" grep -oP 'host=(.*)' | sed 's/^host//' | xargs)"
|
||||||
|
ext="$(<<<"${qs}" grep -oP 'ext=(.*)' | sed 's/^ext//' | xargs)"
|
||||||
|
|
||||||
|
if ! file="${hostname:?}/server.${ext:?}"; then
|
||||||
|
printf 'ERROR! Hostname "%s" or extension "%s" or SSL_CONFIG_DIR "%s" missing!\n' "${hostname}" "${username}" "${ext}" "${SSL_CONFIG_DIR}" >>"${LOGFILE}"
|
||||||
|
printf 'Hostname or username or extension missing!\n' | "${LIB_DIR}/http_res" 400
|
||||||
|
exit 5
|
||||||
|
else
|
||||||
|
printf 'User %s requested SSL file %s\n' "${ip}" "${file}" >>"${LOGFILE}"
|
||||||
|
fi
|
||||||
|
|
||||||
|
# Make sure extension is 'crt' or 'key'
|
||||||
|
if [ "${ext}" != 'crt' ] && [ "${ext}" != 'key' ]; then
|
||||||
|
printf 'Invalid extension: %s\n' | tee -a "${LOGFILE}" | "${LIB_DIR}/http_res" 400
|
||||||
|
exit 6
|
||||||
|
fi
|
||||||
|
|
||||||
|
# Get username
|
||||||
|
if ! domain="$("${LIB_DIR}/ns_lookup_rdns" "${ip}")"; then
|
||||||
|
printf 'ERROR! Failed to lookup domain from user IP %s\n' "${ip}" | tee -a "${LOGFILE}" | "${LIB_DIR}/http_res" 500
|
||||||
|
exit 7
|
||||||
|
fi
|
||||||
|
if ! username="$(<<<"${domain}" cut -d'.' -f2)"; then
|
||||||
|
printf 'ERROR! Failed to parse username from domain "%s"\n' "${domain}" >>"${LOGFILE}"
|
||||||
|
"${LIB_DIR}/http_res" 500
|
||||||
|
exit 8
|
||||||
|
fi
|
||||||
|
|
||||||
|
if ! path="${SSL_CONFIG_DIR:?}/${username:?}/${file}"; then
|
||||||
|
printf 'ERROR! Username "${username}" or SSL_CONFIG_DIR "%s" missing!\n' >> "${LOGFILE}"
|
||||||
|
printf 'Hostname or username or extension missing!\n' | "${LIB_DIR}/http_res" 400
|
||||||
|
exit 9
|
||||||
|
fi
|
||||||
|
|
||||||
|
# Check that the file exists
|
||||||
|
if ! [ -f "${path}" ]; then
|
||||||
|
printf 'ERROR! File missing: "%s"\n' | tee -a "${LOGFILE}" | "${LIB_DIR}/http_res" 404
|
||||||
|
exit 10
|
||||||
|
fi
|
||||||
|
|
||||||
|
# Try to return it to the user
|
||||||
|
if ! <"${file}" "${LIB_DIR}/http_res" 200; then
|
||||||
|
printf 'ERROR! Failed to return file: "%s"\n' | tee -a "${LOGFILE}" | "${LIB_DIR}/http_res" 500
|
||||||
|
exit 11
|
||||||
|
fi
|
|
@ -11,9 +11,10 @@
|
||||||
[X] admin user adding backend
|
[X] admin user adding backend
|
||||||
[X] admin user deleting backend
|
[X] admin user deleting backend
|
||||||
[X] Add Loading...
|
[X] Add Loading...
|
||||||
|
[ ] Let users download ssl certs
|
||||||
|
[ ] Let admins download ssl certs
|
||||||
[ ] Replace ns_lookup_rdns with ns_lookup_rxfr where applicable
|
[ ] Replace ns_lookup_rdns with ns_lookup_rxfr where applicable
|
||||||
[ ] Prevent deleting user's only peer
|
[ ] Prevent deleting user's only peer
|
||||||
[ ] Let users download ssl certs
|
|
||||||
[ ] Show QR code with new config
|
[ ] Show QR code with new config
|
||||||
[ ] Clean up bash file headings
|
[ ] Clean up bash file headings
|
||||||
[ ] Deploy on GF4
|
[ ] Deploy on GF4
|
||||||
|
|
|
@ -9,10 +9,11 @@
|
||||||
<p data-bind="hidden:isLoaded"><code>Loading...</code></p>
|
<p data-bind="hidden:isLoaded"><code>Loading...</code></p>
|
||||||
<table data-bind="visible:isLoaded">
|
<table data-bind="visible:isLoaded">
|
||||||
<thead><tr>
|
<thead><tr>
|
||||||
<th>Host</th><th></th>
|
<th>Host</th><th>SSL</th><th></th>
|
||||||
</tr></thead>
|
</tr></thead>
|
||||||
<tbody data-bind="foreach:peers"><tr>
|
<tbody data-bind="foreach:peers"><tr>
|
||||||
<td data-bind="text:name"></td>
|
<td data-bind="text:name"></td>
|
||||||
|
<td><a data-bind="attr:{href:crtHref}">Cert</a> / <a data-bind="attr:{href:keyHref}">Key</a></td>
|
||||||
<td><button style="float:right" data-bind="click:$parent.delPeer,disable:$data.isDeleting,text:deleteText">Delete</button></td>
|
<td><button style="float:right" data-bind="click:$parent.delPeer,disable:$data.isDeleting,text:deleteText">Delete</button></td>
|
||||||
</tr></tbody>
|
</tr></tbody>
|
||||||
</table>
|
</table>
|
||||||
|
|
|
@ -7,6 +7,8 @@ function Peer(data) {
|
||||||
this.ipv6 = data.ipv6
|
this.ipv6 = data.ipv6
|
||||||
this.isDeleting = ko.observable(false)
|
this.isDeleting = ko.observable(false)
|
||||||
this.deleteText = ko.computed(() => this.isDeleting()?'Deleting...':'Delete')
|
this.deleteText = ko.computed(() => this.isDeleting()?'Deleting...':'Delete')
|
||||||
|
this.crtHref = ko.computed(() => `/ssl?host=${this.name}&ext=crt`)
|
||||||
|
this.keyHref = ko.computed(() => '/ssl?host=${this.name}&ext=key')
|
||||||
}
|
}
|
||||||
|
|
||||||
function PeerList() {
|
function PeerList() {
|
||||||
|
|
Loading…
Reference in New Issue