mirror of
https://github.com/vx3r/wg-gen-web.git
synced 2024-11-23 02:42:07 +01:00
specify ip address / proper error validation in backend / refactor
This commit is contained in:
parent
4edd5cb44e
commit
b7c88b747b
@ -3,7 +3,7 @@ WORKDIR /app
|
||||
ADD . .
|
||||
RUN go build -o wg-gen-web-linux
|
||||
|
||||
FROM node:10-alpine as build-front
|
||||
FROM node:10-alpine AS build-front
|
||||
WORKDIR /app
|
||||
ADD ui .
|
||||
RUN npm install
|
||||
|
@ -22,6 +22,17 @@ import (
|
||||
|
||||
// CreateClient client with all necessary data
|
||||
func CreateClient(client *model.Client) (*model.Client, error) {
|
||||
// check if client is valid
|
||||
errs := client.IsValid()
|
||||
if len(errs) != 0 {
|
||||
for _, err := range errs {
|
||||
log.WithFields(log.Fields{
|
||||
"err": err,
|
||||
}).Error("client validation error")
|
||||
}
|
||||
return nil, errors.New("failed to validate client")
|
||||
}
|
||||
|
||||
u := uuid.NewV4()
|
||||
client.Id = u.String()
|
||||
|
||||
@ -32,32 +43,14 @@ func CreateClient(client *model.Client) (*model.Client, error) {
|
||||
client.PrivateKey = key.String()
|
||||
client.PublicKey = key.PublicKey().String()
|
||||
|
||||
// find available IP address from selected networks
|
||||
clients, err := ReadClients()
|
||||
reserverIps, err := GetAllReservedIps()
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
reserverIps := make([]string, 0)
|
||||
for _, client := range clients {
|
||||
ips := strings.Split(client.Address, ",")
|
||||
for i := range ips {
|
||||
if util.IsIPv6(ips[i]) {
|
||||
ips[i] = strings.ReplaceAll(strings.TrimSpace(ips[i]), "/128", "")
|
||||
} else {
|
||||
ips[i] = strings.ReplaceAll(strings.TrimSpace(ips[i]), "/32", "")
|
||||
}
|
||||
}
|
||||
reserverIps = append(reserverIps, ips...)
|
||||
}
|
||||
|
||||
networks := strings.Split(client.Address, ",")
|
||||
for i := range networks {
|
||||
networks[i] = strings.TrimSpace(networks[i])
|
||||
}
|
||||
ips := make([]string, 0)
|
||||
for _, network := range networks {
|
||||
ip, err := util.GetAvailableIp(network, reserverIps)
|
||||
for _, network := range strings.Split(client.Address, ",") {
|
||||
ip, err := util.GetAvailableIp(strings.TrimSpace(network), reserverIps)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
@ -109,6 +102,18 @@ func UpdateClient(Id string, client *model.Client) (*model.Client, error) {
|
||||
if current.Id != client.Id {
|
||||
return nil, errors.New("records Id mismatch")
|
||||
}
|
||||
|
||||
// check if client is valid
|
||||
errs := client.IsValid()
|
||||
if len(errs) != 0 {
|
||||
for _, err := range errs {
|
||||
log.WithFields(log.Fields{
|
||||
"err": err,
|
||||
}).Error("client validation error")
|
||||
}
|
||||
return nil, errors.New("failed to validate client")
|
||||
}
|
||||
|
||||
// keep keys
|
||||
client.PrivateKey = current.PrivateKey
|
||||
client.PublicKey = current.PublicKey
|
||||
@ -159,7 +164,7 @@ func ReadClients() ([]*model.Client, error) {
|
||||
log.WithFields(log.Fields{
|
||||
"err": err,
|
||||
"path": f.Name(),
|
||||
}).Error("failed to storage.Destorage.Serialize client")
|
||||
}).Error("failed to deserialize client")
|
||||
} else {
|
||||
clients = append(clients, c.(*model.Client))
|
||||
}
|
||||
|
@ -1,6 +1,8 @@
|
||||
package core
|
||||
|
||||
import (
|
||||
"errors"
|
||||
log "github.com/sirupsen/logrus"
|
||||
"gitlab.127-0-0-1.fr/vx3r/wg-gen-web/model"
|
||||
"gitlab.127-0-0-1.fr/vx3r/wg-gen-web/storage"
|
||||
"gitlab.127-0-0-1.fr/vx3r/wg-gen-web/template"
|
||||
@ -8,6 +10,7 @@ import (
|
||||
"golang.zx2c4.com/wireguard/wgctrl/wgtypes"
|
||||
"os"
|
||||
"path/filepath"
|
||||
"strings"
|
||||
"time"
|
||||
)
|
||||
|
||||
@ -62,6 +65,18 @@ func UpdateServer(server *model.Server) (*model.Server, error) {
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
// check if server is valid
|
||||
errs := server.IsValid()
|
||||
if len(errs) != 0 {
|
||||
for _, err := range errs {
|
||||
log.WithFields(log.Fields{
|
||||
"err": err,
|
||||
}).Error("server validation error")
|
||||
}
|
||||
return nil, errors.New("failed to validate server")
|
||||
}
|
||||
|
||||
server.PrivateKey = current.(*model.Server).PrivateKey
|
||||
server.PublicKey = current.(*model.Server).PublicKey
|
||||
server.PresharedKey = current.(*model.Server).PresharedKey
|
||||
@ -100,3 +115,46 @@ func UpdateServerConfigWg() error {
|
||||
|
||||
return nil
|
||||
}
|
||||
|
||||
// GetAllReservedIps the list of all reserved IPs, client and server
|
||||
func GetAllReservedIps() ([]string, error) {
|
||||
clients, err := ReadClients()
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
server, err := ReadServer()
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
reserverIps := make([]string, 0)
|
||||
|
||||
for _, client := range clients {
|
||||
for _, cidr := range strings.Split(client.Address, ",") {
|
||||
ip, err := util.GetIpFromCidr(strings.TrimSpace(cidr))
|
||||
if err != nil {
|
||||
log.WithFields(log.Fields{
|
||||
"err": err,
|
||||
"cidr": err,
|
||||
}).Error("failed to ip from cidr")
|
||||
} else {
|
||||
reserverIps = append(reserverIps, ip)
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
for _, cidr := range strings.Split(server.Address, ",") {
|
||||
ip, err := util.GetIpFromCidr(strings.TrimSpace(cidr))
|
||||
if err != nil {
|
||||
log.WithFields(log.Fields{
|
||||
"err": err,
|
||||
"cidr": err,
|
||||
}).Error("failed to ip from cidr")
|
||||
} else {
|
||||
reserverIps = append(reserverIps, ip)
|
||||
}
|
||||
}
|
||||
|
||||
return reserverIps, nil
|
||||
}
|
||||
|
@ -1,6 +1,11 @@
|
||||
package model
|
||||
|
||||
import "time"
|
||||
import (
|
||||
"fmt"
|
||||
"gitlab.127-0-0-1.fr/vx3r/wg-gen-web/util"
|
||||
"strings"
|
||||
"time"
|
||||
)
|
||||
|
||||
// Client structure
|
||||
type Client struct {
|
||||
@ -8,10 +13,53 @@ type Client struct {
|
||||
Name string `json:"name"`
|
||||
Email string `json:"email"`
|
||||
Enable bool `json:"enable"`
|
||||
Created time.Time `json:"created"`
|
||||
Updated time.Time `json:"updated"`
|
||||
AllowedIPs string `json:"allowedIPs"`
|
||||
Address string `json:"address"`
|
||||
PrivateKey string `json:"privateKey"`
|
||||
PublicKey string `json:"publicKey"`
|
||||
Created time.Time `json:"created"`
|
||||
Updated time.Time `json:"updated"`
|
||||
}
|
||||
|
||||
func (a Client) IsValid() []error {
|
||||
errs := make([]error, 0)
|
||||
|
||||
// check if the name empty
|
||||
if a.Name == "" {
|
||||
errs = append(errs, fmt.Errorf("name is required"))
|
||||
}
|
||||
// check the name field is between 3 to 40 chars
|
||||
if len(a.Name) < 2 || len(a.Name) > 40 {
|
||||
errs = append(errs, fmt.Errorf("name field must be between 2-40 chars"))
|
||||
}
|
||||
// check if the email empty
|
||||
if a.Email == "" {
|
||||
errs = append(errs, fmt.Errorf("email field is required"))
|
||||
}
|
||||
// check if email valid
|
||||
if !util.RegexpEmail.MatchString(a.Email) {
|
||||
errs = append(errs, fmt.Errorf("email %s is invalid", a.Email))
|
||||
}
|
||||
// check if the allowedIPs empty
|
||||
if a.AllowedIPs == "" {
|
||||
errs = append(errs, fmt.Errorf("allowedIPs field is required"))
|
||||
}
|
||||
// check if the allowedIPs are valid
|
||||
for _, allowedIP := range strings.Split(a.AllowedIPs, ",") {
|
||||
if !util.IsValidCidr(strings.TrimSpace(allowedIP)) {
|
||||
errs = append(errs, fmt.Errorf("allowedIP %s is invalid", allowedIP))
|
||||
}
|
||||
}
|
||||
// check if the address empty
|
||||
if a.Address == "" {
|
||||
errs = append(errs, fmt.Errorf("address field is required"))
|
||||
}
|
||||
// check if the address are valid
|
||||
for _, address := range strings.Split(a.Address, ",") {
|
||||
if !util.IsValidCidr(strings.TrimSpace(address)) {
|
||||
errs = append(errs, fmt.Errorf("address %s is invalid", address))
|
||||
}
|
||||
}
|
||||
|
||||
return errs
|
||||
}
|
||||
|
@ -1,12 +1,15 @@
|
||||
package model
|
||||
|
||||
import "time"
|
||||
import (
|
||||
"fmt"
|
||||
"gitlab.127-0-0-1.fr/vx3r/wg-gen-web/util"
|
||||
"strings"
|
||||
"time"
|
||||
)
|
||||
|
||||
// Server structure
|
||||
type Server struct {
|
||||
Name string `json:"name"`
|
||||
Created time.Time `json:"created"`
|
||||
Updated time.Time `json:"updated"`
|
||||
Address string `json:"address"`
|
||||
ListenPort int `json:"listenPort"`
|
||||
PrivateKey string `json:"privateKey"`
|
||||
@ -19,4 +22,53 @@ type Server struct {
|
||||
PostUp string `json:"postUp"`
|
||||
PreDown string `json:"preDown"`
|
||||
PostDown string `json:"postDown"`
|
||||
Created time.Time `json:"created"`
|
||||
Updated time.Time `json:"updated"`
|
||||
}
|
||||
|
||||
func (a Server) IsValid() []error {
|
||||
errs := make([]error, 0)
|
||||
|
||||
// check if the name empty
|
||||
if a.Name == "" {
|
||||
errs = append(errs, fmt.Errorf("name is required"))
|
||||
}
|
||||
// check the name field is between 3 to 40 chars
|
||||
if len(a.Name) < 2 || len(a.Name) > 40 {
|
||||
errs = append(errs, fmt.Errorf("name must be between 2-40 chars"))
|
||||
}
|
||||
// check if the address empty
|
||||
if a.Address == "" {
|
||||
errs = append(errs, fmt.Errorf("address is required"))
|
||||
}
|
||||
// check if the address are valid
|
||||
for _, address := range strings.Split(a.Address, ",") {
|
||||
if !util.IsValidCidr(strings.TrimSpace(address)) {
|
||||
errs = append(errs, fmt.Errorf("address %s is invalid", address))
|
||||
}
|
||||
}
|
||||
// check if the listenPort is valid
|
||||
if a.ListenPort < 0 || a.ListenPort > 65535 {
|
||||
errs = append(errs, fmt.Errorf("listenPort %s is invalid", a.ListenPort))
|
||||
}
|
||||
// check if the endpoint empty
|
||||
if a.Endpoint == "" {
|
||||
errs = append(errs, fmt.Errorf("endpoint is required"))
|
||||
}
|
||||
// check if the persistentKeepalive is valid
|
||||
if a.PersistentKeepalive < 0 {
|
||||
errs = append(errs, fmt.Errorf("persistentKeepalive %d is invalid", a.PersistentKeepalive))
|
||||
}
|
||||
// check if the dns empty
|
||||
if a.Dns == "" {
|
||||
errs = append(errs, fmt.Errorf("dns is required"))
|
||||
}
|
||||
// check if the address are valid
|
||||
for _, dns := range strings.Split(a.Dns, ",") {
|
||||
if !util.IsValidIp(strings.TrimSpace(dns)) {
|
||||
errs = append(errs, fmt.Errorf("dns %s is invalid", dns))
|
||||
}
|
||||
}
|
||||
|
||||
return errs
|
||||
}
|
||||
|
@ -13,7 +13,7 @@
|
||||
</v-content>
|
||||
|
||||
<v-footer app>
|
||||
<span>Copyright <a class="pr-1 pl-1" href="http://www.wtfpl.net/" target="_blank">WTFPL</a> © {{ new Date().getFullYear() }} Created with</span><v-icon class="pr-1 pl-1">mdi-heart</v-icon><span>by</span><a class="pr-1 pl-1" href="mailto:vx3r@127-0-0-1.fr">vx3r</a>
|
||||
<span>License <a class="pr-1 pl-1" href="http://www.wtfpl.net/" target="_blank">WTFPL</a> © {{ new Date().getFullYear() }} Created with</span><v-icon class="pr-1 pl-1">mdi-heart</v-icon><span>by</span><a class="pr-1 pl-1" href="mailto:vx3r@127-0-0-1.fr">vx3r</a>
|
||||
</v-footer>
|
||||
|
||||
</v-app>
|
||||
|
@ -318,12 +318,14 @@
|
||||
@click="addClient(client)"
|
||||
>
|
||||
Submit
|
||||
<v-icon right dark>mdi-check-outline</v-icon>
|
||||
</v-btn>
|
||||
<v-btn
|
||||
color="primary"
|
||||
@click="dialogAddClient = false"
|
||||
>
|
||||
Cancel
|
||||
<v-icon right dark>mdi-close-circle-outline</v-icon>
|
||||
</v-btn>
|
||||
</v-card-actions>
|
||||
</v-card>
|
||||
@ -361,6 +363,26 @@
|
||||
]"
|
||||
required
|
||||
/>
|
||||
<v-combobox
|
||||
v-model="client.address"
|
||||
chips
|
||||
hint="Write IPv4 or IPv6 CIDR and hit enter"
|
||||
label="Addresses"
|
||||
multiple
|
||||
dark
|
||||
>
|
||||
<template v-slot:selection="{ attrs, item, select, selected }">
|
||||
<v-chip
|
||||
v-bind="attrs"
|
||||
:input-value="selected"
|
||||
close
|
||||
@click="select"
|
||||
@click:close="client.address.splice(client.address.indexOf(item), 1)"
|
||||
>
|
||||
<strong>{{ item }}</strong>
|
||||
</v-chip>
|
||||
</template>
|
||||
</v-combobox>
|
||||
<v-combobox
|
||||
v-model="client.allowedIPs"
|
||||
chips
|
||||
@ -393,12 +415,14 @@
|
||||
@click="updateClient(client)"
|
||||
>
|
||||
Submit
|
||||
<v-icon right dark>mdi-check-outline</v-icon>
|
||||
</v-btn>
|
||||
<v-btn
|
||||
color="primary"
|
||||
@click="dialogEditClient = false"
|
||||
>
|
||||
Cancel
|
||||
<v-icon right dark>mdi-close-circle-outline</v-icon>
|
||||
</v-btn>
|
||||
</v-card-actions>
|
||||
</v-card>
|
||||
@ -460,13 +484,19 @@
|
||||
this.$get(`/client/${id}`).then((res) => {
|
||||
this.dialogEditClient = true;
|
||||
res.allowedIPs = res.allowedIPs.split(',');
|
||||
res.address = res.address.split(',');
|
||||
this.client = res
|
||||
}).catch((e) => {
|
||||
this.notify('error', e.response.status + ' ' + e.response.statusText);
|
||||
});
|
||||
},
|
||||
disableClient(client) {
|
||||
client.allowedIPs = client.allowedIPs.split(',');
|
||||
if(!Array.isArray(client.allowedIPs)){
|
||||
client.allowedIPs = client.allowedIPs.split(',');
|
||||
}
|
||||
if(!Array.isArray(client.address)){
|
||||
client.address = client.address.split(',');
|
||||
}
|
||||
this.updateClient(client)
|
||||
},
|
||||
getData() {
|
||||
@ -476,7 +506,6 @@
|
||||
this.server = res;
|
||||
this.clientAddress = this.serverAddress = this.server.address
|
||||
}).catch((e) => {
|
||||
console.log(e)
|
||||
this.notify('error', e.response.status + ' ' + e.response.statusText);
|
||||
});
|
||||
|
||||
@ -564,6 +593,7 @@
|
||||
}
|
||||
},
|
||||
updateClient(client) {
|
||||
// check allowed IPs
|
||||
if (client.allowedIPs.length < 1) {
|
||||
this.notify('error', 'Please provide at least one valid CIDR address for client allowed IPs');
|
||||
return;
|
||||
@ -574,9 +604,21 @@
|
||||
return
|
||||
}
|
||||
}
|
||||
|
||||
// check address
|
||||
if (client.address.length < 1) {
|
||||
this.notify('error', 'Please provide at least one valid CIDR address for client');
|
||||
return;
|
||||
}
|
||||
for (let i = 0; i < client.address.length; i++){
|
||||
if (this.$isCidr(client.address[i]) === 0) {
|
||||
this.notify('error', 'Invalid CIDR detected, please correct before submitting');
|
||||
return
|
||||
}
|
||||
}
|
||||
// all good, submit
|
||||
this.dialogEditClient = false;
|
||||
client.allowedIPs = client.allowedIPs.join(',');
|
||||
client.address = client.address.join(',');
|
||||
|
||||
this.$patch(`/client/${client.id}`, client).then((res) => {
|
||||
this.notify('success', "Client successfully updated");
|
||||
|
32
util/util.go
32
util/util.go
@ -5,7 +5,11 @@ import (
|
||||
"io/ioutil"
|
||||
"net"
|
||||
"os"
|
||||
"strings"
|
||||
"regexp"
|
||||
)
|
||||
|
||||
var (
|
||||
RegexpEmail = regexp.MustCompile("^[a-zA-Z0-9.!#$%&'*+/=?^_`{|}~-]+@[a-zA-Z0-9](?:[a-zA-Z0-9-]{0,61}[a-zA-Z0-9])?(?:\\.[a-zA-Z0-9](?:[a-zA-Z0-9-]{0,61}[a-zA-Z0-9])?)*$")
|
||||
)
|
||||
|
||||
// ReadFile file content
|
||||
@ -86,7 +90,31 @@ func GetAllAddressesFromCidr(cidr string) ([]string, error) {
|
||||
|
||||
// IsIPv6 check if given ip is IPv6
|
||||
func IsIPv6(address string) bool {
|
||||
return strings.Count(address, ":") >= 2
|
||||
ip := net.ParseIP(address)
|
||||
if ip == nil {
|
||||
return false
|
||||
}
|
||||
return ip.To4() == nil
|
||||
}
|
||||
|
||||
// IsValidIp check if ip is valid
|
||||
func IsValidIp(ip string) bool {
|
||||
return net.ParseIP(ip) != nil
|
||||
}
|
||||
|
||||
// IsValidCidr check if CIDR is valid
|
||||
func IsValidCidr(cidr string) bool {
|
||||
_, _, err := net.ParseCIDR(cidr)
|
||||
return err == nil
|
||||
}
|
||||
|
||||
// GetIpFromCidr get ip from cidr
|
||||
func GetIpFromCidr(cidr string) (string, error) {
|
||||
ip, _, err := net.ParseCIDR(cidr)
|
||||
if err != nil {
|
||||
return "", err
|
||||
}
|
||||
return ip.String(), nil
|
||||
}
|
||||
|
||||
// http://play.golang.org/p/m8TNTtygK0
|
||||
|
Loading…
Reference in New Issue
Block a user