1
1
mirror of https://github.com/vx3r/wg-gen-web.git synced 2024-11-23 02:42:07 +01:00

specify ip address / proper error validation in backend / refactor

This commit is contained in:
vx3r 2020-02-06 13:30:36 +09:00
parent 4edd5cb44e
commit b7c88b747b
8 changed files with 268 additions and 35 deletions

@ -3,7 +3,7 @@ WORKDIR /app
ADD . .
RUN go build -o wg-gen-web-linux
FROM node:10-alpine as build-front
FROM node:10-alpine AS build-front
WORKDIR /app
ADD ui .
RUN npm install

@ -22,6 +22,17 @@ import (
// CreateClient client with all necessary data
func CreateClient(client *model.Client) (*model.Client, error) {
// check if client is valid
errs := client.IsValid()
if len(errs) != 0 {
for _, err := range errs {
log.WithFields(log.Fields{
"err": err,
}).Error("client validation error")
}
return nil, errors.New("failed to validate client")
}
u := uuid.NewV4()
client.Id = u.String()
@ -32,32 +43,14 @@ func CreateClient(client *model.Client) (*model.Client, error) {
client.PrivateKey = key.String()
client.PublicKey = key.PublicKey().String()
// find available IP address from selected networks
clients, err := ReadClients()
reserverIps, err := GetAllReservedIps()
if err != nil {
return nil, err
}
reserverIps := make([]string, 0)
for _, client := range clients {
ips := strings.Split(client.Address, ",")
for i := range ips {
if util.IsIPv6(ips[i]) {
ips[i] = strings.ReplaceAll(strings.TrimSpace(ips[i]), "/128", "")
} else {
ips[i] = strings.ReplaceAll(strings.TrimSpace(ips[i]), "/32", "")
}
}
reserverIps = append(reserverIps, ips...)
}
networks := strings.Split(client.Address, ",")
for i := range networks {
networks[i] = strings.TrimSpace(networks[i])
}
ips := make([]string, 0)
for _, network := range networks {
ip, err := util.GetAvailableIp(network, reserverIps)
for _, network := range strings.Split(client.Address, ",") {
ip, err := util.GetAvailableIp(strings.TrimSpace(network), reserverIps)
if err != nil {
return nil, err
}
@ -109,6 +102,18 @@ func UpdateClient(Id string, client *model.Client) (*model.Client, error) {
if current.Id != client.Id {
return nil, errors.New("records Id mismatch")
}
// check if client is valid
errs := client.IsValid()
if len(errs) != 0 {
for _, err := range errs {
log.WithFields(log.Fields{
"err": err,
}).Error("client validation error")
}
return nil, errors.New("failed to validate client")
}
// keep keys
client.PrivateKey = current.PrivateKey
client.PublicKey = current.PublicKey
@ -159,7 +164,7 @@ func ReadClients() ([]*model.Client, error) {
log.WithFields(log.Fields{
"err": err,
"path": f.Name(),
}).Error("failed to storage.Destorage.Serialize client")
}).Error("failed to deserialize client")
} else {
clients = append(clients, c.(*model.Client))
}

@ -1,6 +1,8 @@
package core
import (
"errors"
log "github.com/sirupsen/logrus"
"gitlab.127-0-0-1.fr/vx3r/wg-gen-web/model"
"gitlab.127-0-0-1.fr/vx3r/wg-gen-web/storage"
"gitlab.127-0-0-1.fr/vx3r/wg-gen-web/template"
@ -8,6 +10,7 @@ import (
"golang.zx2c4.com/wireguard/wgctrl/wgtypes"
"os"
"path/filepath"
"strings"
"time"
)
@ -62,6 +65,18 @@ func UpdateServer(server *model.Server) (*model.Server, error) {
if err != nil {
return nil, err
}
// check if server is valid
errs := server.IsValid()
if len(errs) != 0 {
for _, err := range errs {
log.WithFields(log.Fields{
"err": err,
}).Error("server validation error")
}
return nil, errors.New("failed to validate server")
}
server.PrivateKey = current.(*model.Server).PrivateKey
server.PublicKey = current.(*model.Server).PublicKey
server.PresharedKey = current.(*model.Server).PresharedKey
@ -100,3 +115,46 @@ func UpdateServerConfigWg() error {
return nil
}
// GetAllReservedIps the list of all reserved IPs, client and server
func GetAllReservedIps() ([]string, error) {
clients, err := ReadClients()
if err != nil {
return nil, err
}
server, err := ReadServer()
if err != nil {
return nil, err
}
reserverIps := make([]string, 0)
for _, client := range clients {
for _, cidr := range strings.Split(client.Address, ",") {
ip, err := util.GetIpFromCidr(strings.TrimSpace(cidr))
if err != nil {
log.WithFields(log.Fields{
"err": err,
"cidr": err,
}).Error("failed to ip from cidr")
} else {
reserverIps = append(reserverIps, ip)
}
}
}
for _, cidr := range strings.Split(server.Address, ",") {
ip, err := util.GetIpFromCidr(strings.TrimSpace(cidr))
if err != nil {
log.WithFields(log.Fields{
"err": err,
"cidr": err,
}).Error("failed to ip from cidr")
} else {
reserverIps = append(reserverIps, ip)
}
}
return reserverIps, nil
}

@ -1,6 +1,11 @@
package model
import "time"
import (
"fmt"
"gitlab.127-0-0-1.fr/vx3r/wg-gen-web/util"
"strings"
"time"
)
// Client structure
type Client struct {
@ -8,10 +13,53 @@ type Client struct {
Name string `json:"name"`
Email string `json:"email"`
Enable bool `json:"enable"`
Created time.Time `json:"created"`
Updated time.Time `json:"updated"`
AllowedIPs string `json:"allowedIPs"`
Address string `json:"address"`
PrivateKey string `json:"privateKey"`
PublicKey string `json:"publicKey"`
Created time.Time `json:"created"`
Updated time.Time `json:"updated"`
}
func (a Client) IsValid() []error {
errs := make([]error, 0)
// check if the name empty
if a.Name == "" {
errs = append(errs, fmt.Errorf("name is required"))
}
// check the name field is between 3 to 40 chars
if len(a.Name) < 2 || len(a.Name) > 40 {
errs = append(errs, fmt.Errorf("name field must be between 2-40 chars"))
}
// check if the email empty
if a.Email == "" {
errs = append(errs, fmt.Errorf("email field is required"))
}
// check if email valid
if !util.RegexpEmail.MatchString(a.Email) {
errs = append(errs, fmt.Errorf("email %s is invalid", a.Email))
}
// check if the allowedIPs empty
if a.AllowedIPs == "" {
errs = append(errs, fmt.Errorf("allowedIPs field is required"))
}
// check if the allowedIPs are valid
for _, allowedIP := range strings.Split(a.AllowedIPs, ",") {
if !util.IsValidCidr(strings.TrimSpace(allowedIP)) {
errs = append(errs, fmt.Errorf("allowedIP %s is invalid", allowedIP))
}
}
// check if the address empty
if a.Address == "" {
errs = append(errs, fmt.Errorf("address field is required"))
}
// check if the address are valid
for _, address := range strings.Split(a.Address, ",") {
if !util.IsValidCidr(strings.TrimSpace(address)) {
errs = append(errs, fmt.Errorf("address %s is invalid", address))
}
}
return errs
}

@ -1,12 +1,15 @@
package model
import "time"
import (
"fmt"
"gitlab.127-0-0-1.fr/vx3r/wg-gen-web/util"
"strings"
"time"
)
// Server structure
type Server struct {
Name string `json:"name"`
Created time.Time `json:"created"`
Updated time.Time `json:"updated"`
Address string `json:"address"`
ListenPort int `json:"listenPort"`
PrivateKey string `json:"privateKey"`
@ -19,4 +22,53 @@ type Server struct {
PostUp string `json:"postUp"`
PreDown string `json:"preDown"`
PostDown string `json:"postDown"`
Created time.Time `json:"created"`
Updated time.Time `json:"updated"`
}
func (a Server) IsValid() []error {
errs := make([]error, 0)
// check if the name empty
if a.Name == "" {
errs = append(errs, fmt.Errorf("name is required"))
}
// check the name field is between 3 to 40 chars
if len(a.Name) < 2 || len(a.Name) > 40 {
errs = append(errs, fmt.Errorf("name must be between 2-40 chars"))
}
// check if the address empty
if a.Address == "" {
errs = append(errs, fmt.Errorf("address is required"))
}
// check if the address are valid
for _, address := range strings.Split(a.Address, ",") {
if !util.IsValidCidr(strings.TrimSpace(address)) {
errs = append(errs, fmt.Errorf("address %s is invalid", address))
}
}
// check if the listenPort is valid
if a.ListenPort < 0 || a.ListenPort > 65535 {
errs = append(errs, fmt.Errorf("listenPort %s is invalid", a.ListenPort))
}
// check if the endpoint empty
if a.Endpoint == "" {
errs = append(errs, fmt.Errorf("endpoint is required"))
}
// check if the persistentKeepalive is valid
if a.PersistentKeepalive < 0 {
errs = append(errs, fmt.Errorf("persistentKeepalive %d is invalid", a.PersistentKeepalive))
}
// check if the dns empty
if a.Dns == "" {
errs = append(errs, fmt.Errorf("dns is required"))
}
// check if the address are valid
for _, dns := range strings.Split(a.Dns, ",") {
if !util.IsValidIp(strings.TrimSpace(dns)) {
errs = append(errs, fmt.Errorf("dns %s is invalid", dns))
}
}
return errs
}

@ -13,7 +13,7 @@
</v-content>
<v-footer app>
<span>Copyright <a class="pr-1 pl-1" href="http://www.wtfpl.net/" target="_blank">WTFPL</a> &copy; {{ new Date().getFullYear() }} Created with</span><v-icon class="pr-1 pl-1">mdi-heart</v-icon><span>by</span><a class="pr-1 pl-1" href="mailto:vx3r@127-0-0-1.fr">vx3r</a>
<span>License <a class="pr-1 pl-1" href="http://www.wtfpl.net/" target="_blank">WTFPL</a> &copy; {{ new Date().getFullYear() }} Created with</span><v-icon class="pr-1 pl-1">mdi-heart</v-icon><span>by</span><a class="pr-1 pl-1" href="mailto:vx3r@127-0-0-1.fr">vx3r</a>
</v-footer>
</v-app>

@ -318,12 +318,14 @@
@click="addClient(client)"
>
Submit
<v-icon right dark>mdi-check-outline</v-icon>
</v-btn>
<v-btn
color="primary"
@click="dialogAddClient = false"
>
Cancel
<v-icon right dark>mdi-close-circle-outline</v-icon>
</v-btn>
</v-card-actions>
</v-card>
@ -361,6 +363,26 @@
]"
required
/>
<v-combobox
v-model="client.address"
chips
hint="Write IPv4 or IPv6 CIDR and hit enter"
label="Addresses"
multiple
dark
>
<template v-slot:selection="{ attrs, item, select, selected }">
<v-chip
v-bind="attrs"
:input-value="selected"
close
@click="select"
@click:close="client.address.splice(client.address.indexOf(item), 1)"
>
<strong>{{ item }}</strong>&nbsp;
</v-chip>
</template>
</v-combobox>
<v-combobox
v-model="client.allowedIPs"
chips
@ -393,12 +415,14 @@
@click="updateClient(client)"
>
Submit
<v-icon right dark>mdi-check-outline</v-icon>
</v-btn>
<v-btn
color="primary"
@click="dialogEditClient = false"
>
Cancel
<v-icon right dark>mdi-close-circle-outline</v-icon>
</v-btn>
</v-card-actions>
</v-card>
@ -460,13 +484,19 @@
this.$get(`/client/${id}`).then((res) => {
this.dialogEditClient = true;
res.allowedIPs = res.allowedIPs.split(',');
res.address = res.address.split(',');
this.client = res
}).catch((e) => {
this.notify('error', e.response.status + ' ' + e.response.statusText);
});
},
disableClient(client) {
if(!Array.isArray(client.allowedIPs)){
client.allowedIPs = client.allowedIPs.split(',');
}
if(!Array.isArray(client.address)){
client.address = client.address.split(',');
}
this.updateClient(client)
},
getData() {
@ -476,7 +506,6 @@
this.server = res;
this.clientAddress = this.serverAddress = this.server.address
}).catch((e) => {
console.log(e)
this.notify('error', e.response.status + ' ' + e.response.statusText);
});
@ -564,6 +593,7 @@
}
},
updateClient(client) {
// check allowed IPs
if (client.allowedIPs.length < 1) {
this.notify('error', 'Please provide at least one valid CIDR address for client allowed IPs');
return;
@ -574,9 +604,21 @@
return
}
}
// check address
if (client.address.length < 1) {
this.notify('error', 'Please provide at least one valid CIDR address for client');
return;
}
for (let i = 0; i < client.address.length; i++){
if (this.$isCidr(client.address[i]) === 0) {
this.notify('error', 'Invalid CIDR detected, please correct before submitting');
return
}
}
// all good, submit
this.dialogEditClient = false;
client.allowedIPs = client.allowedIPs.join(',');
client.address = client.address.join(',');
this.$patch(`/client/${client.id}`, client).then((res) => {
this.notify('success', "Client successfully updated");

@ -5,7 +5,11 @@ import (
"io/ioutil"
"net"
"os"
"strings"
"regexp"
)
var (
RegexpEmail = regexp.MustCompile("^[a-zA-Z0-9.!#$%&'*+/=?^_`{|}~-]+@[a-zA-Z0-9](?:[a-zA-Z0-9-]{0,61}[a-zA-Z0-9])?(?:\\.[a-zA-Z0-9](?:[a-zA-Z0-9-]{0,61}[a-zA-Z0-9])?)*$")
)
// ReadFile file content
@ -86,7 +90,31 @@ func GetAllAddressesFromCidr(cidr string) ([]string, error) {
// IsIPv6 check if given ip is IPv6
func IsIPv6(address string) bool {
return strings.Count(address, ":") >= 2
ip := net.ParseIP(address)
if ip == nil {
return false
}
return ip.To4() == nil
}
// IsValidIp check if ip is valid
func IsValidIp(ip string) bool {
return net.ParseIP(ip) != nil
}
// IsValidCidr check if CIDR is valid
func IsValidCidr(cidr string) bool {
_, _, err := net.ParseCIDR(cidr)
return err == nil
}
// GetIpFromCidr get ip from cidr
func GetIpFromCidr(cidr string) (string, error) {
ip, _, err := net.ParseCIDR(cidr)
if err != nil {
return "", err
}
return ip.String(), nil
}
// http://play.golang.org/p/m8TNTtygK0