2021-08-21 18:34:45 +00:00
|
|
|
package service
|
|
|
|
|
|
|
|
import (
|
2021-08-22 12:36:55 +00:00
|
|
|
"encoding/json"
|
2021-08-23 18:41:32 +00:00
|
|
|
"errors"
|
2021-08-21 18:34:45 +00:00
|
|
|
"fmt"
|
|
|
|
"log"
|
2021-08-23 18:41:32 +00:00
|
|
|
"net"
|
2021-08-21 18:34:45 +00:00
|
|
|
"os"
|
|
|
|
"path"
|
|
|
|
|
|
|
|
"github.com/spf13/viper"
|
2021-08-22 12:36:55 +00:00
|
|
|
"golang.org/x/crypto/bcrypt"
|
2021-08-21 18:34:45 +00:00
|
|
|
)
|
|
|
|
|
2021-08-22 12:36:55 +00:00
|
|
|
type UnauthorizedError string
|
|
|
|
|
|
|
|
func (uae UnauthorizedError) Error() string {
|
|
|
|
return "Invalid user or password"
|
|
|
|
}
|
|
|
|
|
|
|
|
type UserConfig struct {
|
2021-08-23 18:41:32 +00:00
|
|
|
db *viper.Viper
|
2021-08-22 12:36:55 +00:00
|
|
|
|
|
|
|
UserName string
|
|
|
|
PassWord string
|
|
|
|
Router UserConfigRouter
|
|
|
|
Others []UserConfigOther
|
|
|
|
}
|
|
|
|
|
|
|
|
type UserConfigRouter struct {
|
|
|
|
DNS string
|
|
|
|
NFT UserConfigNFT
|
|
|
|
}
|
|
|
|
|
|
|
|
type UserConfigOther struct {
|
|
|
|
DNS string
|
|
|
|
V6IID string
|
|
|
|
RegisterV4 bool
|
|
|
|
NFT UserConfigNFT
|
|
|
|
}
|
|
|
|
|
|
|
|
type UserConfigNFT struct {
|
|
|
|
Table string
|
|
|
|
Set4 string
|
|
|
|
Set6 string
|
|
|
|
}
|
|
|
|
|
|
|
|
func LoadConfigForUser(username string, password string) (*UserConfig, error) {
|
2021-08-22 12:46:48 +00:00
|
|
|
configFile := fmt.Sprintf("%s/%s.yml", C.Users.ConfigDir, username)
|
2021-08-21 18:34:45 +00:00
|
|
|
configFile = path.Clean(configFile)
|
|
|
|
log.Printf("Trying to load config file %s for user %s", configFile, username)
|
|
|
|
|
|
|
|
if _, err := os.Stat(configFile); err != nil {
|
2021-08-22 12:36:55 +00:00
|
|
|
log.Printf("cannot stat the file %s: %v", configFile, err)
|
|
|
|
return nil, UnauthorizedError("cannot stat")
|
2021-08-21 18:34:45 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
v := viper.New()
|
|
|
|
v.SetConfigFile(configFile)
|
|
|
|
err := v.ReadInConfig()
|
|
|
|
|
|
|
|
if err != nil {
|
|
|
|
return nil, fmt.Errorf("failed to parse config file %s: %v", configFile, err)
|
|
|
|
}
|
|
|
|
|
2021-08-23 18:41:32 +00:00
|
|
|
result := &UserConfig{db: v, UserName: username}
|
|
|
|
|
|
|
|
err = result.db.Unmarshal(result)
|
|
|
|
if err != nil {
|
|
|
|
return nil, fmt.Errorf("failed to unmarshal config file %s: %v", configFile, err)
|
|
|
|
}
|
2021-08-22 12:36:55 +00:00
|
|
|
|
|
|
|
err = result.PasswordCheck(password)
|
|
|
|
if err != nil {
|
2021-08-23 18:41:32 +00:00
|
|
|
log.Printf("Failed to check password")
|
2021-08-22 12:36:55 +00:00
|
|
|
return nil, UnauthorizedError("pwcheck failed")
|
|
|
|
}
|
|
|
|
|
2021-08-23 18:41:32 +00:00
|
|
|
err = result.Validate()
|
2021-08-22 12:36:55 +00:00
|
|
|
if err != nil {
|
2021-08-23 18:41:32 +00:00
|
|
|
return nil, fmt.Errorf("failed to parse config: %v", err)
|
2021-08-22 12:36:55 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
return result, nil
|
|
|
|
}
|
|
|
|
|
|
|
|
func HashPassword(pw []byte) (string, error) {
|
|
|
|
hash, err := bcrypt.GenerateFromPassword(pw, bcrypt.DefaultCost)
|
|
|
|
if err != nil {
|
|
|
|
return "", fmt.Errorf("failed to create password hash: %v", err)
|
|
|
|
}
|
|
|
|
return string(hash), nil
|
|
|
|
}
|
|
|
|
|
2021-08-23 18:41:32 +00:00
|
|
|
func (uc *UserConfig) PasswordCheck(pwToCheck string) error {
|
|
|
|
hashedPassword := []byte(uc.PassWord)
|
2021-08-22 12:36:55 +00:00
|
|
|
bytePwToCheck := []byte(pwToCheck)
|
|
|
|
|
|
|
|
err := bcrypt.CompareHashAndPassword(hashedPassword, bytePwToCheck)
|
|
|
|
|
|
|
|
return err
|
|
|
|
}
|
|
|
|
|
2021-08-23 18:41:32 +00:00
|
|
|
func (uco *UserConfigOther) ConvertIIDToAddress(localNet *net.IPNet) net.IP {
|
|
|
|
if localNet == nil {
|
|
|
|
return nil
|
|
|
|
}
|
|
|
|
out := make(net.IP, net.IPv6len)
|
|
|
|
ipiid := net.ParseIP(uco.V6IID)
|
|
|
|
for i := 0; i < net.IPv6len; i++ {
|
|
|
|
// We take the corresponding byte from the IID and mask it out with the
|
|
|
|
// inversed Mask of the network we got (in essence a Host Mask). This
|
|
|
|
// leaves us those bits, that are not taken by the netmask, so that we
|
|
|
|
// can OR all this together.
|
|
|
|
maskedIID := ipiid[i] &^ localNet.Mask[i]
|
|
|
|
out[i] = localNet.IP[i] | maskedIID
|
|
|
|
}
|
|
|
|
return out
|
|
|
|
}
|
|
|
|
|
|
|
|
func (ucn *UserConfigNFT) ValidateSetNames() bool {
|
|
|
|
if ucn.Set4 == "" && ucn.Set6 == "" {
|
|
|
|
return true
|
|
|
|
}
|
|
|
|
return ucn.Set4 != ucn.Set6
|
|
|
|
}
|
|
|
|
|
|
|
|
func (uc *UserConfig) Validate() error {
|
|
|
|
if !uc.Router.NFT.ValidateSetNames() {
|
|
|
|
return errors.New("router NFT set names invalid (probably identical for v4 and v6)")
|
|
|
|
}
|
|
|
|
if uc.Router.DNS == "" {
|
|
|
|
return errors.New("router record has no DNS")
|
|
|
|
}
|
|
|
|
|
|
|
|
dnsnames := make(map[string]bool)
|
|
|
|
dnsnames[uc.Router.DNS] = true
|
|
|
|
|
|
|
|
for i, other := range uc.Others {
|
|
|
|
if other.DNS == "" {
|
|
|
|
return fmt.Errorf("other record #%d has no DNS", i)
|
|
|
|
}
|
|
|
|
if dnsnames[other.DNS] {
|
|
|
|
return fmt.Errorf("the DNS FQDN %s is used twice", other.DNS)
|
|
|
|
}
|
|
|
|
dnsnames[other.DNS] = true
|
|
|
|
if !other.NFT.ValidateSetNames() {
|
|
|
|
return fmt.Errorf("other %s NFT set names invalid (probably identical for v4 and v6)", other.DNS)
|
|
|
|
}
|
|
|
|
if other.V6IID == "" {
|
|
|
|
return fmt.Errorf("other record %s has no V6IID", other.DNS)
|
|
|
|
}
|
|
|
|
iidIP := net.ParseIP(other.V6IID)
|
|
|
|
if iidIP == nil {
|
|
|
|
return fmt.Errorf("other record %s has invalid V6IID %s", other.DNS, other.V6IID)
|
|
|
|
}
|
|
|
|
if iidIP.To4() != nil {
|
|
|
|
return fmt.Errorf("other record %s IID looks like an IPv4 Address", other.DNS)
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
return nil
|
|
|
|
}
|
|
|
|
|
2021-08-22 12:36:55 +00:00
|
|
|
func (uc *UserConfig) PrettyPrint() string {
|
|
|
|
s, err := json.MarshalIndent(uc, "", " ")
|
|
|
|
if err != nil {
|
|
|
|
log.Fatalf("Failed to pretty print UpdateConfig via JSON: %v", err)
|
|
|
|
}
|
|
|
|
return string(s)
|
2021-08-21 18:34:45 +00:00
|
|
|
}
|