1
0
Fork 0
mirror of synced 2024-12-19 12:41:10 -05:00

add basic auth for web app

This commit is contained in:
Ivan Khakhanov 2023-06-01 18:29:45 +03:00
parent f4d0212bfc
commit d2eed859d8
2 changed files with 53 additions and 24 deletions

View file

@ -36,6 +36,8 @@ services:
OVPN_AUTH: "true" OVPN_AUTH: "true"
OVPN_AUTH_DB_PATH: "/mnt/easyrsa/pki/users.db" OVPN_AUTH_DB_PATH: "/mnt/easyrsa/pki/users.db"
LOG_LEVEL: "debug" LOG_LEVEL: "debug"
BASIC_USERNAME: "admin"
BASIC_PASSWORD: "admin"
network_mode: service:openvpn network_mode: service:openvpn
volumes: volumes:
- ./easyrsa_master:/mnt/easyrsa - ./easyrsa_master:/mnt/easyrsa

75
main.go
View file

@ -9,11 +9,7 @@ import (
"encoding/pem" "encoding/pem"
"errors" "errors"
"fmt" "fmt"
"github.com/google/uuid"
"io/ioutil" "io/ioutil"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"k8s.io/client-go/kubernetes"
"k8s.io/client-go/rest"
"net" "net"
"net/http" "net/http"
"os" "os"
@ -25,6 +21,11 @@ import (
"time" "time"
"unicode/utf8" "unicode/utf8"
"github.com/google/uuid"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"k8s.io/client-go/kubernetes"
"k8s.io/client-go/rest"
"github.com/gobuffalo/packr/v2" "github.com/gobuffalo/packr/v2"
"github.com/prometheus/client_golang/prometheus" "github.com/prometheus/client_golang/prometheus"
"github.com/prometheus/client_golang/prometheus/promhttp" "github.com/prometheus/client_golang/prometheus/promhttp"
@ -72,9 +73,11 @@ var (
logLevel = kingpin.Flag("log.level", "set log level: trace, debug, info, warn, error (default info)").Default("info").Envar("LOG_LEVEL").String() logLevel = kingpin.Flag("log.level", "set log level: trace, debug, info, warn, error (default info)").Default("info").Envar("LOG_LEVEL").String()
logFormat = kingpin.Flag("log.format", "set log format: text, json (default text)").Default("text").Envar("LOG_FORMAT").String() logFormat = kingpin.Flag("log.format", "set log format: text, json (default text)").Default("text").Envar("LOG_FORMAT").String()
storageBackend = kingpin.Flag("storage.backend", "storage backend: filesystem, kubernetes.secrets (default filesystem)").Default("filesystem").Envar("STORAGE_BACKEND").String() storageBackend = kingpin.Flag("storage.backend", "storage backend: filesystem, kubernetes.secrets (default filesystem)").Default("filesystem").Envar("STORAGE_BACKEND").String()
certsArchivePath = "/tmp/" + certsArchiveFileName
ccdArchivePath = "/tmp/" + ccdArchiveFileName
certsArchivePath = "/tmp/" + certsArchiveFileName basicAuthUser = kingpin.Flag("basic.username", "Username for BasicAuth").Default("").Envar("BASIC_USERNAME").String()
ccdArchivePath = "/tmp/" + ccdArchiveFileName basicAuthPass = kingpin.Flag("basic.password", "Password for BasicAuth").Default("").Envar("BASIC_PASSWORD").String()
version = "2.0.0" version = "2.0.0"
) )
@ -482,6 +485,30 @@ func (oAdmin *OvpnAdmin) downloadCcdHandler(w http.ResponseWriter, r *http.Reque
http.ServeFile(w, r, ccdArchivePath) http.ServeFile(w, r, ccdArchivePath)
} }
func basicAuthHandler(next http.HandlerFunc) http.HandlerFunc {
return func(w http.ResponseWriter, r *http.Request) {
if checkBasicAuth(r) {
next(w, r)
return
}
w.Header().Set("WWW-Authenticate", `Basic realm="restricted", charset="UTF-8"`)
w.WriteHeader(401)
w.Write([]byte("401 Unauthorized\n"))
}
}
func checkBasicAuth(r *http.Request) bool {
// if basic auth user and password not set return true
if *basicAuthUser == "" && *basicAuthPass == "" {
return true
}
u, p, ok := r.BasicAuth()
if !ok {
return false
}
return u == *basicAuthUser && p == *basicAuthPass
}
var app OpenVPNPKI var app OpenVPNPKI
func main() { func main() {
@ -555,25 +582,25 @@ func main() {
staticBox := packr.New("static", "./frontend/static") staticBox := packr.New("static", "./frontend/static")
static := CacheControlWrapper(http.FileServer(staticBox)) static := CacheControlWrapper(http.FileServer(staticBox))
http.Handle("/", static) http.Handle("/", basicAuthHandler(static.ServeHTTP))
http.HandleFunc("/api/server/settings", ovpnAdmin.serverSettingsHandler) http.HandleFunc("/api/server/settings", basicAuthHandler(ovpnAdmin.serverSettingsHandler))
http.HandleFunc("/api/users/list", ovpnAdmin.userListHandler) http.HandleFunc("/api/users/list", basicAuthHandler(ovpnAdmin.userListHandler))
http.HandleFunc("/api/user/create", ovpnAdmin.userCreateHandler) http.HandleFunc("/api/user/create", basicAuthHandler(ovpnAdmin.userCreateHandler))
http.HandleFunc("/api/user/change-password", ovpnAdmin.userChangePasswordHandler) http.HandleFunc("/api/user/change-password", basicAuthHandler(ovpnAdmin.userChangePasswordHandler))
http.HandleFunc("/api/user/rotate", ovpnAdmin.userRotateHandler) http.HandleFunc("/api/user/rotate", basicAuthHandler(ovpnAdmin.userRotateHandler))
http.HandleFunc("/api/user/delete", ovpnAdmin.userDeleteHandler) http.HandleFunc("/api/user/delete", basicAuthHandler(ovpnAdmin.userDeleteHandler))
http.HandleFunc("/api/user/revoke", ovpnAdmin.userRevokeHandler) http.HandleFunc("/api/user/revoke", basicAuthHandler(ovpnAdmin.userRevokeHandler))
http.HandleFunc("/api/user/unrevoke", ovpnAdmin.userUnrevokeHandler) http.HandleFunc("/api/user/unrevoke", basicAuthHandler(ovpnAdmin.userUnrevokeHandler))
http.HandleFunc("/api/user/config/show", ovpnAdmin.userShowConfigHandler) http.HandleFunc("/api/user/config/show", basicAuthHandler(ovpnAdmin.userShowConfigHandler))
http.HandleFunc("/api/user/disconnect", ovpnAdmin.userDisconnectHandler) http.HandleFunc("/api/user/disconnect", basicAuthHandler(ovpnAdmin.userDisconnectHandler))
http.HandleFunc("/api/user/statistic", ovpnAdmin.userStatisticHandler) http.HandleFunc("/api/user/statistic", basicAuthHandler(ovpnAdmin.userStatisticHandler))
http.HandleFunc("/api/user/ccd", ovpnAdmin.userShowCcdHandler) http.HandleFunc("/api/user/ccd", basicAuthHandler(ovpnAdmin.userShowCcdHandler))
http.HandleFunc("/api/user/ccd/apply", ovpnAdmin.userApplyCcdHandler) http.HandleFunc("/api/user/ccd/apply", basicAuthHandler(ovpnAdmin.userApplyCcdHandler))
http.HandleFunc("/api/sync/last/try", ovpnAdmin.lastSyncTimeHandler) http.HandleFunc("/api/sync/last/try", basicAuthHandler(ovpnAdmin.lastSyncTimeHandler))
http.HandleFunc("/api/sync/last/successful", ovpnAdmin.lastSuccessfulSyncTimeHandler) http.HandleFunc("/api/sync/last/successful", basicAuthHandler(ovpnAdmin.lastSuccessfulSyncTimeHandler))
http.HandleFunc(downloadCertsApiUrl, ovpnAdmin.downloadCertsHandler) http.HandleFunc(downloadCertsApiUrl, basicAuthHandler(ovpnAdmin.downloadCertsHandler))
http.HandleFunc(downloadCcdApiUrl, ovpnAdmin.downloadCcdHandler) http.HandleFunc(downloadCcdApiUrl, basicAuthHandler(ovpnAdmin.downloadCcdHandler))
http.Handle(*metricsPath, promhttp.HandlerFor(ovpnAdmin.promRegistry, promhttp.HandlerOpts{})) http.Handle(*metricsPath, promhttp.HandlerFor(ovpnAdmin.promRegistry, promhttp.HandlerOpts{}))
http.HandleFunc("/ping", func(w http.ResponseWriter, r *http.Request) { http.HandleFunc("/ping", func(w http.ResponseWriter, r *http.Request) {