Start debugging backend

back/admin_user.cgi

@@ -20,13 +20,16 @@ case "${REQUEST_METHOD}" in
 	'GET') "${LIB_DIR}/admin/user/list" "${HTTP_X_REAL_IP}";;
 
 	# Add new user
+	# POST /user?t=mytoken&name=newusername
 	'POST') "${LIB_DIR}/admin/user/add" "${HTTP_X_REAL_IP}" "${QUERY_STRING}";;
 
 	# Delete user
+	# DELETE /user?t=mytoken&user=username
 	'DELETE') "${LIB_DIR}/admin/user/del" "${HTTP_X_REAL_IP}" "${QUERY_STRING}";;
 
 	# Needed for CORS preflight
 	'OPTIONS') "${LIB_DIR}/http_res" 200;;
+
 	# Bad request
 	*) printf 'Invalid HTTP verb' | "${LIB_DIR}/http_res" 405;;
 esac

back/lib/admin/peer/add

@@ -39,109 +39,110 @@ fi & if ! [ -f "${TOKENS_FILE}" ]; then
 fi
 ip="${1}"
 qs="$(<<<"${2}" tr '&' '\n' | sed 's/?//')"
+echo "${qs}" >>"${LOGFILE}"
 
 # Check hostname
-hostname="$(<<<"${qs}" grep -oP 'name=(.*)' | sed 's/^name//' | xargs | tr -dc 'a-z0-9' | head -c10)"
+#hostname="$(<<<"${qs}" grep -oP 'name=(.*)' | sed 's/^name//' | xargs | tr -dc 'a-z0-9' | head -c10)"
-printf '%s requested new peer with hostname %s\n' "${ip}" "${hostname}" >>"${LOGFILE}"
+#printf '%s requested new peer with hostname %s\n' "${ip}" "${hostname}" >>"${LOGFILE}"
-if ! [[ ${#hostname} -ge 3 ]]; then
+#if ! [[ ${#hostname} -ge 3 ]]; then
-	printf 'Rejecting hostname %s because it is too short.\n' "${hostname}" >>"${LOGFILE}"
+#	printf 'Rejecting hostname %s because it is too short.\n' "${hostname}" >>"${LOGFILE}"
-	printf 'Hostname too short\n' | "${LIB_DIR}/http_res" 400
+#	printf 'Hostname too short\n' | "${LIB_DIR}/http_res" 400
-	exit 7
+#	exit 7
-fi
+#fi
 
 # Check token
-token_fail(){
+#token_fail(){
-	printf 'Rejecting %s request for new peer due to %s token\n' "${ip}" "${1}" >>"${LOGFILE}"
+#	printf 'Rejecting %s request for new peer due to %s token\n' "${ip}" "${1}" >>"${LOGFILE}"
-	printf 'Invalid token\n' | "${LIB_DIR}/http_res" 403
+#	printf 'Invalid token\n' | "${LIB_DIR}/http_res" 403
-	exit 8
+#	exit 8
-}
+#}
-saved_token="$(grep "${ip}" "${TOKENS_FILE}" | cut -f2)"
+#saved_token="$(grep "${ip}" "${TOKENS_FILE}" | cut -f2)"
-[ "${saved_token}" == "" ] && token_fail 'missing' &
+#[ "${saved_token}" == "" ] && token_fail 'missing' &
-<<<"${qs}" grep -qx "t=${saved_token}" || token_fail 'mismatched'
+#<<<"${qs}" grep -qx "t=${saved_token}" || token_fail 'mismatched'
-printf '%s token was valid\n' "${ip}" >>"${LOGFILE}"
+#printf '%s token was valid\n' "${ip}" >>"${LOGFILE}"
 
 # Check user
-username="$("${LIB_DIR}/ns_lookup_rdns" "${ip}" | cut -d'.' -f2)" || (
+#username="$("${LIB_DIR}/ns_lookup_rdns" "${ip}" | cut -d'.' -f2)" || (
-	printf 'User not found for %s\n' "${ip}" >>"${LOGFILE}"
+#	printf 'User not found for %s\n' "${ip}" >>"${LOGFILE}"
-	printf 'User not found' | "${LIB_DIR}/http_res" 403
+#	printf 'User not found' | "${LIB_DIR}/http_res" 403
-	exit 17
+#	exit 17
-)
+#)
-printf '%s identified as %s\n' "${ip}" "${username}" >>"${LOGFILE}"
+#printf '%s identified as %s\n' "${ip}" "${username}" >>"${LOGFILE}"
-domain="${hostname}.${username}.${TLD}"
+#domain="${hostname}.${username}.${TLD}"
 
 # Check if new peer already exists
-if "${LIB_DIR}/ns_lookup_send" "${domain}" >/dev/null; then
+#if "${LIB_DIR}/ns_lookup_send" "${domain}" >/dev/null; then
-	printf '%s.%s.%s already exists!\n' "${hostname}" "${username}" "${TLD}" >>"${LOGFILE}"
+#	printf '%s.%s.%s already exists!\n' "${hostname}" "${username}" "${TLD}" >>"${LOGFILE}"
-	printf 'Hostname %s already exists!\n' "${hostname}" | "${LIB_DIR}/http_res" 409
+#	printf 'Hostname %s already exists!\n' "${hostname}" | "${LIB_DIR}/http_res" 409
-	exit 6
+#	exit 6
-fi
+#fi
 
 # Create new domain
-domain="${hostname:?}.${username:?}.${TLD:?}"
+#domain="${hostname:?}.${username:?}.${TLD:?}"
-printf 'New domain will be %s\n' "${domain}" >>"${LOGFILE}"
+#printf 'New domain will be %s\n' "${domain}" >>"${LOGFILE}"
 
 # Get all peer IPs
-if ! peers="$(sudo /usr/bin/wg show "${TLD}" allowed-ips)"; then
+#if ! peers="$(sudo /usr/bin/wg show "${TLD}" allowed-ips)"; then
-	printf 'ERROR! Wireguard failed!\n' >>"${LOGFILE}"
+#	printf 'ERROR! Wireguard failed!\n' >>"${LOGFILE}"
-	exit 5
+#	exit 5
-fi
+#fi
 
 # Get peer domains
-if ! peers="$("${LIB_DIR}/ips_to_peers_rxfr" tsv <<<"${peers}")"; then
+#if ! peers="$("${LIB_DIR}/ips_to_peers_rxfr" tsv <<<"${peers}")"; then
-	printf 'ERROR! Failed to retrieve peers for %s!\n' "${ip}" >>"${LOGFILE}"
+#	printf 'ERROR! Failed to retrieve peers for %s!\n' "${ip}" >>"${LOGFILE}"
-	exit 10
+#	exit 10
-fi
+#fi
 
 # Create new IPs
-hostnames="$(<<<"${peers}" awk '{print $1}' | cut -d'.' -f1)"
+#hostnames="$(<<<"${peers}" awk '{print $1}' | cut -d'.' -f1)"
-ipv4s="$(<<<"${peers}" awk '{print $2}')"
+#ipv4s="$(<<<"${peers}" awk '{print $2}')"
-ipv6s="$(<<<"${peers}" awk '{print $3}')"
+#ipv6s="$(<<<"${peers}" awk '{print $3}')"
-usernumber="$(<<<"${ipv4s}" head -n1 | cut -d'.' -f3)"
+#usernumber="$(<<<"${ipv4s}" head -n1 | cut -d'.' -f3)"
 # Increment hostnumber from 1 until an unused one is found
-used_hostnumbers="$(<<<"${ipv4s}" cut -d'.' -f4 | sort | uniq)"
+#used_hostnumbers="$(<<<"${ipv4s}" cut -d'.' -f4 | sort | uniq)"
-hostnumber=1; while <<<"${used_hostnumbers}" grep -q "${hostnumber}"
+#hostnumber=1; while <<<"${used_hostnumbers}" grep -q "${hostnumber}"
-	do ((hostnumber++))
+#	do ((hostnumber++))
-done
+#done
-ipv4="${IPV4_NET%.*.*}.${usernumber}.${hostnumber}"
+#ipv4="${IPV4_NET%.*.*}.${usernumber}.${hostnumber}"
-ipv6="${IPV6_NET%:*:*}:${usernumber}:${hostnumber}"
+#ipv6="${IPV6_NET%:*:*}:${usernumber}:${hostnumber}"
-if ! printf 'IP addresses for %s created: %s %s\n' "${domain:?}" "${ipv4:?}" "${ipv6:?}" \
+#if ! printf 'IP addresses for %s created: %s %s\n' "${domain:?}" "${ipv4:?}" "${ipv6:?}" \
-	>>"${LOGFILE}"; then
+#	>>"${LOGFILE}"; then
-		printf 'ERROR! Failed to create IP addresses for %s!' "${domain}" >>"${LOGFILE}"
+#		printf 'ERROR! Failed to create IP addresses for %s!' "${domain}" >>"${LOGFILE}"
-		exit 11
+#		exit 11
-fi
+#fi
 
 # Create wg config
-privkey="$(/usr/bin/wg genkey)"
+#privkey="$(/usr/bin/wg genkey)"
-pubkey="$(echo "${privkey}" | /usr/bin/wg pubkey)"
+#pubkey="$(echo "${privkey}" | /usr/bin/wg pubkey)"
-address="${ipv4}/${IPV4_NET##*/},${ipv6}/${IPV6_NET##*/}"
+#address="${ipv4}/${IPV4_NET##*/},${ipv6}/${IPV6_NET##*/}"
 
 # Update nameserver
-if "${LIB_DIR}/ns_update_add" "${domain:?}" "${ipv4:?}" "${ipv6:?}"
+#if "${LIB_DIR}/ns_update_add" "${domain:?}" "${ipv4:?}" "${ipv6:?}"
-	then printf 'Successfully added %s to DNS server.\n' "${domain}" >>"${LOGFILE}"
+#	then printf 'Successfully added %s to DNS server.\n' "${domain}" >>"${LOGFILE}"
-	else printf 'ERROR! Failed to add %s %s %s to DNS server!\n' "${domain}" "${ipv4}" "${ipv6}" >>"${LOGFILE}"
+#	else printf 'ERROR! Failed to add %s %s %s to DNS server!\n' "${domain}" "${ipv4}" "${ipv6}" >>"${LOGFILE}"
-fi &
+#fi &
 
 # Create SSL cert
-if "${LIB_DIR}/ssl_peer_add" "${hostname:?}" "${username:?}" "IP:${ipv4},IP:${ipv6}"
+#if "${LIB_DIR}/ssl_peer_add" "${hostname:?}" "${username:?}" "IP:${ipv4},IP:${ipv6}"
-	then printf 'Successfully signed SSL certs for %s\n' "${domain}" >>"${LOGFILE}"
+#	then printf 'Successfully signed SSL certs for %s\n' "${domain}" >>"${LOGFILE}"
-	else printf 'ERROR! Failed to create certs for %s with IPS: %s %s!\n' "${domain}" "${ipv4}" "${ipv6}" >>"${LOGFILE}"
+#	else printf 'ERROR! Failed to create certs for %s with IPS: %s %s!\n' "${domain}" "${ipv4}" "${ipv6}" >>"${LOGFILE}"
-fi
+#fi
 
 # Do the wireguard and tell the user
-server_blocks=''
+#server_blocks=''
-while IFS=$'\t' read -r server_hostname server_ipv4 server_ipv6 server_pubkey server_endpoint server_admin server_secret; do
+#while IFS=$'\t' read -r server_hostname server_ipv4 server_ipv6 server_pubkey server_endpoint server_admin server_secret; do
-	[[ ${server_hostname:0:1} = \# ]] && continue
+#	[[ ${server_hostname:0:1} = \# ]] && continue
-	server_psk="$(/usr/bin/wg genpsk)"
+#	server_psk="$(/usr/bin/wg genpsk)"
-	server_blocks="${server_blocks}\n[Peer] # ${server_hostname}.${TLD}\nPublicKey=${server_pubkey}\nPresharedKey=${server_psk}\nAllowedIPs=${server_ipv4}/32,${server_ipv6}/128\nEndpoint=${server_endpoint}\n"
+#	server_blocks="${server_blocks}\n[Peer] # #${server_hostname}.${TLD}\nPublicKey=${server_pubkey}\nPresharedKey=${server_psk}\nAllowedIPs=${server_ipv4}/32,${server_ipv6}/128\nEndpoint=${server_endpoint}\n"
-	if [ "${server_hostname}" == "${LOCAL_SERVER}" ]; then
+#	if [ "${server_hostname}" == "${LOCAL_SERVER}" ]; then
-		# Add new user to local server
+#		# Add new user to local server
-		if "${LIB_DIR}/wg_peer_add" "${pubkey}" "${server_psk}" "${ipv4}/32,${ipv6}/128"; then
+#		if "${LIB_DIR}/wg_peer_add" "${pubkey}" "${server_psk}" "${ipv4}/32,${ipv6}/128"; then
-			printf 'Added %s to local wireguard server.\n' "${domain}" >>"${LOGFILE}"
+#			printf 'Added %s to local wireguard server.\n' "${domain}" >>"${LOGFILE}"
-		else
+#		else
-			printf 'ERROR! Failed to add %s to local wireguard server!\n' "${domain}" >>"${LOGFILE}"
+#			printf 'ERROR! Failed to add %s to local wireguard server!\n' "${domain}" >>"${LOGFILE}"
-			# TODO: clear existing progress
+#			# TODO: clear existing progress
-			exit 15
+#			exit 15
-		fi
+#		fi
 	# TODO: Send new user config to federated server
 	#else
 	#	if "${LIB_DIR}/fed_peer_add" "${server_admin}" "${pubkey}" "${server_psk}" "${ipv4}/32,${ipv6}/128" "${server_secret}"; then
@@ -151,7 +152,7 @@ while IFS=$'\t' read -r server_hostname server_ipv4 server_ipv6 server_pubkey se
 	#	# TODO: clear existing progress
 	# exit 16
 	#fi
-	fi
+#	fi
-done <"${SERVERS_FILE}"
+#done <"${SERVERS_FILE}"
-wg_config="[Interface] # ${hostname}.${username}.${TLD}\nPrivateKey=${privkey:?}\nAddress=${address:?}\n${WG_DNS}\n${server_blocks:?}"
+#wg_config="[Interface] # ${hostname}.${username}.${TLD}\nPrivateKey=${privkey:?}\nAddress=${address:?}\n${WG_DNS}\n${server_blocks:?}"
-<<<"${wg_config}" "${LIB_DIR}/http_res" 202
+#<<<"${wg_config}" "${LIB_DIR}/http_res" 202