Start debugging backend
parent
1a81da293a
commit
cd9e01814b
|
@ -20,13 +20,16 @@ case "${REQUEST_METHOD}" in
|
||||||
'GET') "${LIB_DIR}/admin/user/list" "${HTTP_X_REAL_IP}";;
|
'GET') "${LIB_DIR}/admin/user/list" "${HTTP_X_REAL_IP}";;
|
||||||
|
|
||||||
# Add new user
|
# Add new user
|
||||||
|
# POST /user?t=mytoken&name=newusername
|
||||||
'POST') "${LIB_DIR}/admin/user/add" "${HTTP_X_REAL_IP}" "${QUERY_STRING}";;
|
'POST') "${LIB_DIR}/admin/user/add" "${HTTP_X_REAL_IP}" "${QUERY_STRING}";;
|
||||||
|
|
||||||
# Delete user
|
# Delete user
|
||||||
|
# DELETE /user?t=mytoken&user=username
|
||||||
'DELETE') "${LIB_DIR}/admin/user/del" "${HTTP_X_REAL_IP}" "${QUERY_STRING}";;
|
'DELETE') "${LIB_DIR}/admin/user/del" "${HTTP_X_REAL_IP}" "${QUERY_STRING}";;
|
||||||
|
|
||||||
# Needed for CORS preflight
|
# Needed for CORS preflight
|
||||||
'OPTIONS') "${LIB_DIR}/http_res" 200;;
|
'OPTIONS') "${LIB_DIR}/http_res" 200;;
|
||||||
|
|
||||||
# Bad request
|
# Bad request
|
||||||
*) printf 'Invalid HTTP verb' | "${LIB_DIR}/http_res" 405;;
|
*) printf 'Invalid HTTP verb' | "${LIB_DIR}/http_res" 405;;
|
||||||
esac
|
esac
|
||||||
|
|
|
@ -39,109 +39,110 @@ fi & if ! [ -f "${TOKENS_FILE}" ]; then
|
||||||
fi
|
fi
|
||||||
ip="${1}"
|
ip="${1}"
|
||||||
qs="$(<<<"${2}" tr '&' '\n' | sed 's/?//')"
|
qs="$(<<<"${2}" tr '&' '\n' | sed 's/?//')"
|
||||||
|
echo "${qs}" >>"${LOGFILE}"
|
||||||
|
|
||||||
# Check hostname
|
# Check hostname
|
||||||
hostname="$(<<<"${qs}" grep -oP 'name=(.*)' | sed 's/^name//' | xargs | tr -dc 'a-z0-9' | head -c10)"
|
#hostname="$(<<<"${qs}" grep -oP 'name=(.*)' | sed 's/^name//' | xargs | tr -dc 'a-z0-9' | head -c10)"
|
||||||
printf '%s requested new peer with hostname %s\n' "${ip}" "${hostname}" >>"${LOGFILE}"
|
#printf '%s requested new peer with hostname %s\n' "${ip}" "${hostname}" >>"${LOGFILE}"
|
||||||
if ! [[ ${#hostname} -ge 3 ]]; then
|
#if ! [[ ${#hostname} -ge 3 ]]; then
|
||||||
printf 'Rejecting hostname %s because it is too short.\n' "${hostname}" >>"${LOGFILE}"
|
# printf 'Rejecting hostname %s because it is too short.\n' "${hostname}" >>"${LOGFILE}"
|
||||||
printf 'Hostname too short\n' | "${LIB_DIR}/http_res" 400
|
# printf 'Hostname too short\n' | "${LIB_DIR}/http_res" 400
|
||||||
exit 7
|
# exit 7
|
||||||
fi
|
#fi
|
||||||
|
|
||||||
# Check token
|
# Check token
|
||||||
token_fail(){
|
#token_fail(){
|
||||||
printf 'Rejecting %s request for new peer due to %s token\n' "${ip}" "${1}" >>"${LOGFILE}"
|
# printf 'Rejecting %s request for new peer due to %s token\n' "${ip}" "${1}" >>"${LOGFILE}"
|
||||||
printf 'Invalid token\n' | "${LIB_DIR}/http_res" 403
|
# printf 'Invalid token\n' | "${LIB_DIR}/http_res" 403
|
||||||
exit 8
|
# exit 8
|
||||||
}
|
#}
|
||||||
saved_token="$(grep "${ip}" "${TOKENS_FILE}" | cut -f2)"
|
#saved_token="$(grep "${ip}" "${TOKENS_FILE}" | cut -f2)"
|
||||||
[ "${saved_token}" == "" ] && token_fail 'missing' &
|
#[ "${saved_token}" == "" ] && token_fail 'missing' &
|
||||||
<<<"${qs}" grep -qx "t=${saved_token}" || token_fail 'mismatched'
|
#<<<"${qs}" grep -qx "t=${saved_token}" || token_fail 'mismatched'
|
||||||
printf '%s token was valid\n' "${ip}" >>"${LOGFILE}"
|
#printf '%s token was valid\n' "${ip}" >>"${LOGFILE}"
|
||||||
|
|
||||||
# Check user
|
# Check user
|
||||||
username="$("${LIB_DIR}/ns_lookup_rdns" "${ip}" | cut -d'.' -f2)" || (
|
#username="$("${LIB_DIR}/ns_lookup_rdns" "${ip}" | cut -d'.' -f2)" || (
|
||||||
printf 'User not found for %s\n' "${ip}" >>"${LOGFILE}"
|
# printf 'User not found for %s\n' "${ip}" >>"${LOGFILE}"
|
||||||
printf 'User not found' | "${LIB_DIR}/http_res" 403
|
# printf 'User not found' | "${LIB_DIR}/http_res" 403
|
||||||
exit 17
|
# exit 17
|
||||||
)
|
#)
|
||||||
printf '%s identified as %s\n' "${ip}" "${username}" >>"${LOGFILE}"
|
#printf '%s identified as %s\n' "${ip}" "${username}" >>"${LOGFILE}"
|
||||||
domain="${hostname}.${username}.${TLD}"
|
#domain="${hostname}.${username}.${TLD}"
|
||||||
|
|
||||||
# Check if new peer already exists
|
# Check if new peer already exists
|
||||||
if "${LIB_DIR}/ns_lookup_send" "${domain}" >/dev/null; then
|
#if "${LIB_DIR}/ns_lookup_send" "${domain}" >/dev/null; then
|
||||||
printf '%s.%s.%s already exists!\n' "${hostname}" "${username}" "${TLD}" >>"${LOGFILE}"
|
# printf '%s.%s.%s already exists!\n' "${hostname}" "${username}" "${TLD}" >>"${LOGFILE}"
|
||||||
printf 'Hostname %s already exists!\n' "${hostname}" | "${LIB_DIR}/http_res" 409
|
# printf 'Hostname %s already exists!\n' "${hostname}" | "${LIB_DIR}/http_res" 409
|
||||||
exit 6
|
# exit 6
|
||||||
fi
|
#fi
|
||||||
|
|
||||||
# Create new domain
|
# Create new domain
|
||||||
domain="${hostname:?}.${username:?}.${TLD:?}"
|
#domain="${hostname:?}.${username:?}.${TLD:?}"
|
||||||
printf 'New domain will be %s\n' "${domain}" >>"${LOGFILE}"
|
#printf 'New domain will be %s\n' "${domain}" >>"${LOGFILE}"
|
||||||
|
|
||||||
# Get all peer IPs
|
# Get all peer IPs
|
||||||
if ! peers="$(sudo /usr/bin/wg show "${TLD}" allowed-ips)"; then
|
#if ! peers="$(sudo /usr/bin/wg show "${TLD}" allowed-ips)"; then
|
||||||
printf 'ERROR! Wireguard failed!\n' >>"${LOGFILE}"
|
# printf 'ERROR! Wireguard failed!\n' >>"${LOGFILE}"
|
||||||
exit 5
|
# exit 5
|
||||||
fi
|
#fi
|
||||||
|
|
||||||
# Get peer domains
|
# Get peer domains
|
||||||
if ! peers="$("${LIB_DIR}/ips_to_peers_rxfr" tsv <<<"${peers}")"; then
|
#if ! peers="$("${LIB_DIR}/ips_to_peers_rxfr" tsv <<<"${peers}")"; then
|
||||||
printf 'ERROR! Failed to retrieve peers for %s!\n' "${ip}" >>"${LOGFILE}"
|
# printf 'ERROR! Failed to retrieve peers for %s!\n' "${ip}" >>"${LOGFILE}"
|
||||||
exit 10
|
# exit 10
|
||||||
fi
|
#fi
|
||||||
|
|
||||||
# Create new IPs
|
# Create new IPs
|
||||||
hostnames="$(<<<"${peers}" awk '{print $1}' | cut -d'.' -f1)"
|
#hostnames="$(<<<"${peers}" awk '{print $1}' | cut -d'.' -f1)"
|
||||||
ipv4s="$(<<<"${peers}" awk '{print $2}')"
|
#ipv4s="$(<<<"${peers}" awk '{print $2}')"
|
||||||
ipv6s="$(<<<"${peers}" awk '{print $3}')"
|
#ipv6s="$(<<<"${peers}" awk '{print $3}')"
|
||||||
usernumber="$(<<<"${ipv4s}" head -n1 | cut -d'.' -f3)"
|
#usernumber="$(<<<"${ipv4s}" head -n1 | cut -d'.' -f3)"
|
||||||
# Increment hostnumber from 1 until an unused one is found
|
# Increment hostnumber from 1 until an unused one is found
|
||||||
used_hostnumbers="$(<<<"${ipv4s}" cut -d'.' -f4 | sort | uniq)"
|
#used_hostnumbers="$(<<<"${ipv4s}" cut -d'.' -f4 | sort | uniq)"
|
||||||
hostnumber=1; while <<<"${used_hostnumbers}" grep -q "${hostnumber}"
|
#hostnumber=1; while <<<"${used_hostnumbers}" grep -q "${hostnumber}"
|
||||||
do ((hostnumber++))
|
# do ((hostnumber++))
|
||||||
done
|
#done
|
||||||
ipv4="${IPV4_NET%.*.*}.${usernumber}.${hostnumber}"
|
#ipv4="${IPV4_NET%.*.*}.${usernumber}.${hostnumber}"
|
||||||
ipv6="${IPV6_NET%:*:*}:${usernumber}:${hostnumber}"
|
#ipv6="${IPV6_NET%:*:*}:${usernumber}:${hostnumber}"
|
||||||
if ! printf 'IP addresses for %s created: %s %s\n' "${domain:?}" "${ipv4:?}" "${ipv6:?}" \
|
#if ! printf 'IP addresses for %s created: %s %s\n' "${domain:?}" "${ipv4:?}" "${ipv6:?}" \
|
||||||
>>"${LOGFILE}"; then
|
# >>"${LOGFILE}"; then
|
||||||
printf 'ERROR! Failed to create IP addresses for %s!' "${domain}" >>"${LOGFILE}"
|
# printf 'ERROR! Failed to create IP addresses for %s!' "${domain}" >>"${LOGFILE}"
|
||||||
exit 11
|
# exit 11
|
||||||
fi
|
#fi
|
||||||
|
|
||||||
# Create wg config
|
# Create wg config
|
||||||
privkey="$(/usr/bin/wg genkey)"
|
#privkey="$(/usr/bin/wg genkey)"
|
||||||
pubkey="$(echo "${privkey}" | /usr/bin/wg pubkey)"
|
#pubkey="$(echo "${privkey}" | /usr/bin/wg pubkey)"
|
||||||
address="${ipv4}/${IPV4_NET##*/},${ipv6}/${IPV6_NET##*/}"
|
#address="${ipv4}/${IPV4_NET##*/},${ipv6}/${IPV6_NET##*/}"
|
||||||
|
|
||||||
# Update nameserver
|
# Update nameserver
|
||||||
if "${LIB_DIR}/ns_update_add" "${domain:?}" "${ipv4:?}" "${ipv6:?}"
|
#if "${LIB_DIR}/ns_update_add" "${domain:?}" "${ipv4:?}" "${ipv6:?}"
|
||||||
then printf 'Successfully added %s to DNS server.\n' "${domain}" >>"${LOGFILE}"
|
# then printf 'Successfully added %s to DNS server.\n' "${domain}" >>"${LOGFILE}"
|
||||||
else printf 'ERROR! Failed to add %s %s %s to DNS server!\n' "${domain}" "${ipv4}" "${ipv6}" >>"${LOGFILE}"
|
# else printf 'ERROR! Failed to add %s %s %s to DNS server!\n' "${domain}" "${ipv4}" "${ipv6}" >>"${LOGFILE}"
|
||||||
fi &
|
#fi &
|
||||||
|
|
||||||
# Create SSL cert
|
# Create SSL cert
|
||||||
if "${LIB_DIR}/ssl_peer_add" "${hostname:?}" "${username:?}" "IP:${ipv4},IP:${ipv6}"
|
#if "${LIB_DIR}/ssl_peer_add" "${hostname:?}" "${username:?}" "IP:${ipv4},IP:${ipv6}"
|
||||||
then printf 'Successfully signed SSL certs for %s\n' "${domain}" >>"${LOGFILE}"
|
# then printf 'Successfully signed SSL certs for %s\n' "${domain}" >>"${LOGFILE}"
|
||||||
else printf 'ERROR! Failed to create certs for %s with IPS: %s %s!\n' "${domain}" "${ipv4}" "${ipv6}" >>"${LOGFILE}"
|
# else printf 'ERROR! Failed to create certs for %s with IPS: %s %s!\n' "${domain}" "${ipv4}" "${ipv6}" >>"${LOGFILE}"
|
||||||
fi
|
#fi
|
||||||
|
|
||||||
# Do the wireguard and tell the user
|
# Do the wireguard and tell the user
|
||||||
server_blocks=''
|
#server_blocks=''
|
||||||
while IFS=$'\t' read -r server_hostname server_ipv4 server_ipv6 server_pubkey server_endpoint server_admin server_secret; do
|
#while IFS=$'\t' read -r server_hostname server_ipv4 server_ipv6 server_pubkey server_endpoint server_admin server_secret; do
|
||||||
[[ ${server_hostname:0:1} = \# ]] && continue
|
# [[ ${server_hostname:0:1} = \# ]] && continue
|
||||||
server_psk="$(/usr/bin/wg genpsk)"
|
# server_psk="$(/usr/bin/wg genpsk)"
|
||||||
server_blocks="${server_blocks}\n[Peer] # ${server_hostname}.${TLD}\nPublicKey=${server_pubkey}\nPresharedKey=${server_psk}\nAllowedIPs=${server_ipv4}/32,${server_ipv6}/128\nEndpoint=${server_endpoint}\n"
|
# server_blocks="${server_blocks}\n[Peer] # #${server_hostname}.${TLD}\nPublicKey=${server_pubkey}\nPresharedKey=${server_psk}\nAllowedIPs=${server_ipv4}/32,${server_ipv6}/128\nEndpoint=${server_endpoint}\n"
|
||||||
if [ "${server_hostname}" == "${LOCAL_SERVER}" ]; then
|
# if [ "${server_hostname}" == "${LOCAL_SERVER}" ]; then
|
||||||
# Add new user to local server
|
# # Add new user to local server
|
||||||
if "${LIB_DIR}/wg_peer_add" "${pubkey}" "${server_psk}" "${ipv4}/32,${ipv6}/128"; then
|
# if "${LIB_DIR}/wg_peer_add" "${pubkey}" "${server_psk}" "${ipv4}/32,${ipv6}/128"; then
|
||||||
printf 'Added %s to local wireguard server.\n' "${domain}" >>"${LOGFILE}"
|
# printf 'Added %s to local wireguard server.\n' "${domain}" >>"${LOGFILE}"
|
||||||
else
|
# else
|
||||||
printf 'ERROR! Failed to add %s to local wireguard server!\n' "${domain}" >>"${LOGFILE}"
|
# printf 'ERROR! Failed to add %s to local wireguard server!\n' "${domain}" >>"${LOGFILE}"
|
||||||
# TODO: clear existing progress
|
# # TODO: clear existing progress
|
||||||
exit 15
|
# exit 15
|
||||||
fi
|
# fi
|
||||||
# TODO: Send new user config to federated server
|
# TODO: Send new user config to federated server
|
||||||
#else
|
#else
|
||||||
# if "${LIB_DIR}/fed_peer_add" "${server_admin}" "${pubkey}" "${server_psk}" "${ipv4}/32,${ipv6}/128" "${server_secret}"; then
|
# if "${LIB_DIR}/fed_peer_add" "${server_admin}" "${pubkey}" "${server_psk}" "${ipv4}/32,${ipv6}/128" "${server_secret}"; then
|
||||||
|
@ -151,7 +152,7 @@ while IFS=$'\t' read -r server_hostname server_ipv4 server_ipv6 server_pubkey se
|
||||||
# # TODO: clear existing progress
|
# # TODO: clear existing progress
|
||||||
# exit 16
|
# exit 16
|
||||||
#fi
|
#fi
|
||||||
fi
|
# fi
|
||||||
done <"${SERVERS_FILE}"
|
#done <"${SERVERS_FILE}"
|
||||||
wg_config="[Interface] # ${hostname}.${username}.${TLD}\nPrivateKey=${privkey:?}\nAddress=${address:?}\n${WG_DNS}\n${server_blocks:?}"
|
#wg_config="[Interface] # ${hostname}.${username}.${TLD}\nPrivateKey=${privkey:?}\nAddress=${address:?}\n${WG_DNS}\n${server_blocks:?}"
|
||||||
<<<"${wg_config}" "${LIB_DIR}/http_res" 202
|
#<<<"${wg_config}" "${LIB_DIR}/http_res" 202
|
||||||
|
|
Loading…
Reference in New Issue