some fixes and additional features

2021-02-08 12:53:09 +03:00 · 2021-02-08 12:53:09 +03:00 · 4abbc1a308
parent 43c0962f25
commit 4abbc1a308
2 changed files with 101 additions and 26 deletions
--- a/auth.sh
+++ b/auth.sh
@ -1,5 +1,13 @@
 #!/usr/bin/env sh

+PATH=$PATH:/usr/local/bin
 set -e
+auth_usr=$(head -1 $1)
+auth_passwd=$(tail -1 $1)

-openvpn-user auth --user $(head -1 $1) --password $(tail -1 $1)
+if [ $common_name = ${auth_usr} ]; then
+  openvpn-user auth --user ${auth_usr} --password ${auth_passwd}
+else
+  echo "Authorization failed"
+  exit 1
+fi
--- a/openvpn-user.go
+++ b/openvpn-user.go
@ -10,6 +10,10 @@ import (
 	"text/tabwriter"
 )

+const (
+	version = "1.0.3-alpha"
+)
+
 var (
 	dbPath = kingpin.Flag("db.path", "path do openvpn-user db").Default("./openvpn-user.db").String()

@ -43,9 +47,9 @@ var (
 	changePasswordCommandUserFlag     = changePasswordCommand.Flag("user", "Username.").Required().String()
 	changePasswordCommandPasswordFlag = changePasswordCommand.Flag("password", "Password.").Required().String()

-	//debug   = kingpin.Flag("debug", "Enable debug mode.").Default("false").Bool()
-	//verbose = kingpin.Flag("verbose", "Enable verbose mode.").Default("false").Bool()
+	debug = kingpin.Flag("debug", "Enable debug mode.").Default("false").Bool()

+	versionCommand = kingpin.Command("version", "Show version.")
 )

 type User struct {
@ -79,8 +83,13 @@ func main() {
 		initDb()
 	case dbMigrateCommand.FullCommand():
 		migrateDb()
+	case versionCommand.FullCommand():
+		showVersion()
 	}
 }
+func showVersion() {
+	fmt.Printf("openvpn-user: version %s n", version)
+}

 func getDb() *sql.DB {
 	db, err := sql.Open("sqlite3", *dbPath)
@ -108,28 +117,58 @@ func createUser(username, password string) {
 		_, err := getDb().Exec("INSERT INTO users(username, password) VALUES ($1, $2)", username, string(hash))
 		checkErr(err)
 		fmt.Printf("User %s created\n", username)
+	} else {
+		fmt.Printf("ERROR: User %s already registered\n", username)
+		os.Exit(1)
 	}
+
 }

 func deleteUser(username string) {
-	_, err := getDb().Exec("UPDATE users SET deleted = 1 WHERE username = $1", username)
+	res, err := getDb().Exec("UPDATE users SET deleted = 1 WHERE username = $1", username)
 	checkErr(err)
+	if rowsAffected, rowsErr := res.RowsAffected(); rowsErr != nil {
+		if rowsAffected == 1 {
 			fmt.Printf("User %s deleted\n", username)
 		}
+	} else {
+		if *debug {
+			fmt.Printf("ERROR: due deleting user %s: %s\n", username, rowsErr)
+		}
+	}
+}

 func revokedUser(username string) {
-	// TODO: ignore deleted user
-	_, err := getDb().Exec("UPDATE users SET revoked = 1 WHERE username = $1", username)
+	if !userDeleted(username) {
+		res, err := getDb().Exec("UPDATE users SET revoked = 1 WHERE username = $1", username)
 		checkErr(err)
+		if rowsAffected, rowsErr := res.RowsAffected(); rowsErr != nil {
+			if rowsAffected == 1 {
 				fmt.Printf("User %s revoked\n", username)
 			}
+		} else {
+			if *debug {
+				fmt.Printf("ERROR: due reoking user %s: %s\n", username, rowsErr)
+			}
+		}
+	}
+}

 func restoreUser(username string) {
-	// TODO: ignore deleted user
-	_, err := getDb().Exec("UPDATE users SET revoked = 0 WHERE username = $1", username)
+	if !userDeleted(username) {
+		res, err := getDb().Exec("UPDATE users SET revoked = 0 WHERE username = $1", username)
 		checkErr(err)
+		if rowsAffected, rowsErr := res.RowsAffected(); rowsErr != nil {
+			if rowsAffected == 1 {
 				fmt.Printf("User %s restored\n", username)
 			}
+		} else {
+			if *debug {
+				fmt.Printf("ERROR: due restoring user %s: %s\n", username, rowsErr)
+			}
+		}
+	}
+}

 func checkUserExistent(username string) bool {
 	// we need to check if there is already such a user
@ -137,13 +176,38 @@ func checkUserExistent(username string) bool {
 	var c int
 	_ = getDb().QueryRow("SELECT count(*) FROM users WHERE username = $1", username).Scan(&c)
 	if c == 1 {
-		fmt.Printf("WARNING: User %s already registered\n", username)
+		fmt.Printf("User %s exist\n", username)
 		return true
 	} else {
 		return false
 	}
 }

+func userDeleted(username string) bool {
+	// return true if user marked as deleted
+	u := User{}
+	_ = getDb().QueryRow("SELECT * FROM users WHERE username = $1", username).Scan(&u)
+	if u.deleted  {
+		fmt.Printf("User %s marked as deleted\n", username)
+		return true
+	} else {
+		return false
+	}
+}
+
+func userIsActive(username string) bool {
+	// return true if user exist and not deleted and revoked
+	u := User{}
+	_ = getDb().QueryRow("SELECT * FROM users WHERE username = $1", username).Scan(&u)
+	if  !u.revoked && !u.deleted  {
+		fmt.Printf("User %s is active\n", username)
+		return true
+	} else {
+		fmt.Println("User may be deleted or revoked")
+		return false
+	}
+}
+
 func listUsers() []User {
 	condition := "WHERE deleted = 0 AND revoked = 0"
 	var users []User
@ -196,13 +260,16 @@ func authUser(username, password string)  {
 	err := row.Scan(&u.id, &u.name, &u.password, &u.revoked, &u.deleted)
 	checkErr(err)

-	if ! u.revoked && ! u.deleted {
+	if userIsActive(username) {
 		err = bcrypt.CompareHashAndPassword([]byte(u.password), []byte(password))
 		if err != nil {
+			fmt.Println("Authorization failed")
+			if *debug {
 				fmt.Println("Passwords mismatched")
+			}
 			os.Exit(1)
 		} else {
-			fmt.Println("Auth successful")
+			fmt.Println("Authorization successful")
 			os.Exit(0)
 		}
 	}