1
0
Fork 0
mirror of synced 2024-12-19 12:41:10 -05:00
ovpn-admin/backend/handlers.go
2023-10-10 15:20:40 +00:00

280 lines
7.9 KiB
Go

package backend
import (
"encoding/json"
"fmt"
log "github.com/sirupsen/logrus"
"net/http"
)
func (oAdmin *OvpnAdmin) UserListHandler(w http.ResponseWriter, r *http.Request) {
log.Info(r.RemoteAddr, " ", r.RequestURI)
if *StorageBackend == "kubernetes.secrets" {
err := oAdmin.KubeClient.updateIndexTxtOnDisk()
if err != nil {
log.Errorln(err)
}
oAdmin.clients = oAdmin.usersList()
}
usersList, _ := json.Marshal(oAdmin.clients)
fmt.Fprintf(w, "%s", usersList)
}
func (oAdmin *OvpnAdmin) AuthCheckHandler(w http.ResponseWriter, r *http.Request) {
log.Info(r.RemoteAddr, " ", r.RequestURI)
_ = r.ParseForm()
authErr := oAdmin.checkAuth(r.FormValue("username"), r.FormValue("token"))
if authErr != nil {
http.Error(w, "auth failed", http.StatusUnauthorized)
}
fmt.Fprint(w, "auth ok")
}
func (oAdmin *OvpnAdmin) UserGetSecretHandler(w http.ResponseWriter, r *http.Request) {
oAdmin.OnlyMasterWrapper(w, r, false)
_ = r.ParseForm()
userSecret, err := oAdmin.getUserSecret(r.FormValue("username"))
if err != nil {
http.Error(w, err.Error(), http.StatusBadRequest)
} else {
w.WriteHeader(http.StatusOK)
fmt.Fprintf(w, userSecret)
}
}
func (oAdmin *OvpnAdmin) UserSetupTFAHandler(w http.ResponseWriter, r *http.Request) {
oAdmin.OnlyMasterWrapper(w, r, false)
_ = r.ParseForm()
err := oAdmin.registerUserAuthApp(r.FormValue("username"), r.FormValue("token"))
if err != nil {
http.Error(w, err.Error(), http.StatusBadRequest)
} else {
w.WriteHeader(http.StatusOK)
fmt.Fprintf(w, "Application registered")
}
}
func (oAdmin *OvpnAdmin) UserResetTFAHandler(w http.ResponseWriter, r *http.Request) {
oAdmin.OnlyMasterWrapper(w, r, false)
_ = r.ParseForm()
err := oAdmin.resetUserAuthApp(r.FormValue("username"))
if err != nil {
http.Error(w, err.Error(), http.StatusBadRequest)
} else {
w.WriteHeader(http.StatusOK)
fmt.Fprintf(w, "TOTP reseted")
}
}
func (oAdmin *OvpnAdmin) UserStatisticHandler(w http.ResponseWriter, r *http.Request) {
log.Info(r.RemoteAddr, " ", r.RequestURI)
_ = r.ParseForm()
userStatistic, _ := json.Marshal(oAdmin.getUserStatistic(r.FormValue("username")))
fmt.Fprintf(w, "%s", userStatistic)
}
func (oAdmin *OvpnAdmin) UserCreateHandler(w http.ResponseWriter, r *http.Request) {
oAdmin.OnlyMasterWrapper(w, r, false)
_ = r.ParseForm()
userCreateStatus, userCreateErr := oAdmin.userCreate(r.FormValue("username"), r.FormValue("password"))
if userCreateErr != nil {
http.Error(w, userCreateStatus, http.StatusUnprocessableEntity)
} else {
oAdmin.clients = oAdmin.usersList()
w.WriteHeader(http.StatusOK)
fmt.Fprintf(w, userCreateStatus)
return
}
}
func (oAdmin *OvpnAdmin) UserRotateHandler(w http.ResponseWriter, r *http.Request) {
oAdmin.OnlyMasterWrapper(w, r, false)
_ = r.ParseForm()
err, msg := oAdmin.userRotate(r.FormValue("username"), r.FormValue("password"))
if err != nil {
http.Error(w, err.Error(), http.StatusBadRequest)
} else {
w.WriteHeader(http.StatusOK)
fmt.Fprintf(w, msg)
}
}
func (oAdmin *OvpnAdmin) UserDeleteHandler(w http.ResponseWriter, r *http.Request) {
oAdmin.OnlyMasterWrapper(w, r, false)
_ = r.ParseForm()
err, msg := oAdmin.userDelete(r.FormValue("username"))
if err != nil {
http.Error(w, err.Error(), http.StatusBadRequest)
} else {
w.WriteHeader(http.StatusOK)
fmt.Fprintf(w, msg)
}
}
func (oAdmin *OvpnAdmin) UserRevokeHandler(w http.ResponseWriter, r *http.Request) {
oAdmin.OnlyMasterWrapper(w, r, false)
_ = r.ParseForm()
err, msg := oAdmin.userRevoke(r.FormValue("username"))
if err != nil {
http.Error(w, err.Error(), http.StatusBadRequest)
} else {
w.WriteHeader(http.StatusOK)
fmt.Fprintf(w, msg)
}
}
func (oAdmin *OvpnAdmin) UserUnrevokeHandler(w http.ResponseWriter, r *http.Request) {
oAdmin.OnlyMasterWrapper(w, r, false)
_ = r.ParseForm()
err, msg := oAdmin.userUnrevoke(r.FormValue("username"))
if err != nil {
http.Error(w, err.Error(), http.StatusBadRequest)
} else {
w.WriteHeader(http.StatusOK)
fmt.Fprintf(w, msg)
}
}
func (oAdmin *OvpnAdmin) UserChangePasswordHandler(w http.ResponseWriter, r *http.Request) {
log.Info(r.RemoteAddr, " ", r.RequestURI)
_ = r.ParseForm()
if oAdmin.ExtraAuth {
err, msg := oAdmin.userChangePassword(r.FormValue("username"), r.FormValue("password"))
if err != nil {
w.WriteHeader(http.StatusInternalServerError)
fmt.Fprintf(w, `{"status":"error", "message": "%s"}`, msg)
} else {
w.WriteHeader(http.StatusOK)
fmt.Fprintf(w, `{"status":"ok", "message": "%s"}`, msg)
}
} else {
http.Error(w, `{"status":"error"}`, http.StatusNotImplemented)
}
}
func (oAdmin *OvpnAdmin) UserShowConfigHandler(w http.ResponseWriter, r *http.Request) {
log.Info(r.RemoteAddr, " ", r.RequestURI)
_ = r.ParseForm()
fmt.Fprintf(w, "%s", oAdmin.renderClientConfig(r.FormValue("username")))
}
func (oAdmin *OvpnAdmin) UserDisconnectHandler(w http.ResponseWriter, r *http.Request) {
log.Info(r.RemoteAddr, " ", r.RequestURI)
_ = r.ParseForm()
// fmt.Fprintf(w, "%s", userDisconnect(r.FormValue("username")))
fmt.Fprintf(w, "%s", r.FormValue("username"))
}
func (oAdmin *OvpnAdmin) UserShowCcdHandler(w http.ResponseWriter, r *http.Request) {
log.Info(r.RemoteAddr, " ", r.RequestURI)
_ = r.ParseForm()
ccd, _ := json.Marshal(oAdmin.getCcd(r.FormValue("username")))
fmt.Fprintf(w, "%s", ccd)
}
func (oAdmin *OvpnAdmin) UserApplyCcdHandler(w http.ResponseWriter, r *http.Request) {
oAdmin.OnlyMasterWrapper(w, r, false)
var ccd CCD
if r.Body == nil {
http.Error(w, "Please send a request body", http.StatusBadRequest)
return
}
err := json.NewDecoder(r.Body).Decode(&ccd)
if err != nil {
log.Errorln(err)
}
ccdApplied, applyStatus := oAdmin.modifyCcd(ccd)
if ccdApplied {
w.WriteHeader(http.StatusOK)
fmt.Fprintf(w, applyStatus)
return
} else {
http.Error(w, applyStatus, http.StatusUnprocessableEntity)
}
}
func (oAdmin *OvpnAdmin) ServerSettingsHandler(w http.ResponseWriter, r *http.Request) {
log.Info(r.RemoteAddr, " ", r.RequestURI)
enabledModules, enabledModulesErr := json.Marshal(oAdmin.Modules)
if enabledModulesErr != nil {
log.Errorln(enabledModulesErr)
}
fmt.Fprintf(w, `{"status":"ok", "serverRole": "%s", "modules": %s }`, oAdmin.Role, string(enabledModules))
}
func (oAdmin *OvpnAdmin) LastSyncTimeHandler(w http.ResponseWriter, r *http.Request) {
log.Debug(r.RemoteAddr, " ", r.RequestURI)
fmt.Fprint(w, oAdmin.LastSyncTime)
}
func (oAdmin *OvpnAdmin) LastSuccessfulSyncTimeHandler(w http.ResponseWriter, r *http.Request) {
log.Debug(r.RemoteAddr, " ", r.RequestURI)
fmt.Fprint(w, oAdmin.LastSuccessfulSyncTime)
}
func (oAdmin *OvpnAdmin) DownloadCertsHandler(w http.ResponseWriter, r *http.Request) {
oAdmin.OnlyMasterWrapper(w, r, false)
if *StorageBackend == "kubernetes.secrets" {
http.Error(w, `{"status":"error"}`, http.StatusBadRequest)
return
}
_ = r.ParseForm()
token := r.Form.Get("token")
if token != oAdmin.MasterSyncToken {
http.Error(w, `{"status":"error"}`, http.StatusForbidden)
return
}
archiveCerts()
w.Header().Set("Content-Disposition", "attachment; filename="+certsArchiveFileName)
http.ServeFile(w, r, certsArchivePath)
}
func (oAdmin *OvpnAdmin) DownloadCcdHandler(w http.ResponseWriter, r *http.Request) {
oAdmin.OnlyMasterWrapper(w, r, false)
if *StorageBackend == "kubernetes.secrets" {
http.Error(w, `{"status":"error"}`, http.StatusBadRequest)
return
}
_ = r.ParseForm()
token := r.Form.Get("token")
if token != oAdmin.MasterSyncToken {
http.Error(w, `{"status":"error"}`, http.StatusForbidden)
return
}
archiveCcd()
w.Header().Set("Content-Disposition", "attachment; filename="+ccdArchiveFileName)
http.ServeFile(w, r, ccdArchivePath)
}
func (oAdmin *OvpnAdmin) OnlyMasterWrapper(w http.ResponseWriter, r *http.Request, d bool) {
if d {
log.Debug(r.RemoteAddr, " ", r.RequestURI)
} else {
log.Info(r.RemoteAddr, " ", r.RequestURI)
}
if oAdmin.Role == "slave" {
http.Error(w, `{"status":"error"}`, http.StatusBadRequest)
return
}
}