Added state perstistance
- Define new state directory to hold the last dns update config and push it into the config, default to state/ - Refactoring, move updaterequest into service and out of webapp. Keep only the form parsing there. Specifically, move the processing code into the service package, it shouldn't be in the webapp. - Add code to load and save the last updaterequest into a state file (watch out to keep the possibly unhashed password out of it). - Add a command line option to load all available state files given the current configured user list from the command line. - Refactor user configuartion loading to separate it from user authentication, claen up the code. - We now require the username in the config, to make handling it in state updates easier. This will allow easier transition to DB style storage anyway. - Update .gitignore
This commit is contained in:
parent
9952343cda
commit
a23043ba5f
|
|
@ -19,4 +19,5 @@ dyndns
|
|||
# Non-Example configs
|
||||
conf.yml
|
||||
users/*
|
||||
!users/example.yml
|
||||
!users/example.yml
|
||||
state/*
|
||||
|
|
@ -0,0 +1,68 @@
|
|||
package cmd
|
||||
|
||||
import (
|
||||
"fmt"
|
||||
"io/ioutil"
|
||||
"log"
|
||||
"os"
|
||||
"path"
|
||||
|
||||
"gitea.nehmer.net/torben/dyndns/service"
|
||||
"github.com/spf13/cobra"
|
||||
)
|
||||
|
||||
var cmdLoadState = &cobra.Command{
|
||||
Use: "load-state",
|
||||
Short: "Load all state files and process them",
|
||||
Long: `Loads the state files of all present users and reprocesses them. Use this after
|
||||
for example a firewall restart or when dyndns data gets lost. It will recreate all
|
||||
neccessary NFT set and DNS entries based on the last known state.`,
|
||||
Run: func(cmd *cobra.Command, args []string) {
|
||||
service.LoadConfig()
|
||||
if err := loadAndProcessAllStates(); err != nil {
|
||||
log.Fatalf("Failed to load states: %s", err)
|
||||
}
|
||||
log.Println("State processing successful.")
|
||||
},
|
||||
}
|
||||
|
||||
func init() {
|
||||
rootCmd.AddCommand(cmdLoadState)
|
||||
}
|
||||
|
||||
func loadAndProcessAllStates() error {
|
||||
files, err := ioutil.ReadDir(service.C.Users.ConfigDir)
|
||||
if err != nil {
|
||||
return fmt.Errorf("failed to list config directory %s: %v",
|
||||
service.C.Users.ConfigDir, err)
|
||||
}
|
||||
|
||||
for _, file := range files {
|
||||
configFile := path.Join(service.C.Users.ConfigDir, file.Name())
|
||||
uc, err := service.LoadConfigFile(configFile)
|
||||
if err != nil {
|
||||
return fmt.Errorf("failed to load config file %s: %v", configFile, err)
|
||||
}
|
||||
|
||||
stateFile := uc.GetStateFileName()
|
||||
if _, err := os.Stat(stateFile); err != nil {
|
||||
log.Printf("No state file for user %s, skipping (%v)", configFile, err)
|
||||
continue
|
||||
}
|
||||
|
||||
ur, err := service.LoadStateFile(uc)
|
||||
if err != nil {
|
||||
return fmt.Errorf("failed to load sate file %s for user %s: %v",
|
||||
stateFile, uc.UserName, err)
|
||||
}
|
||||
|
||||
log.Printf("Loaded state file %s:\n%v", stateFile, ur.PrettyPrint())
|
||||
|
||||
if err = ur.Process(); err != nil {
|
||||
return fmt.Errorf("failed to process state file %s for user %s: %v",
|
||||
stateFile, uc.UserName, err)
|
||||
}
|
||||
}
|
||||
|
||||
return nil
|
||||
}
|
||||
|
|
@ -4,5 +4,6 @@ service:
|
|||
server: 127.0.0.1:53
|
||||
users:
|
||||
configdir: users/
|
||||
statedir: state/
|
||||
webapi:
|
||||
listenaddress: :8080
|
||||
|
|
|
|||
|
|
@ -20,6 +20,7 @@ type configDNS struct {
|
|||
|
||||
type configUsers struct {
|
||||
ConfigDir string
|
||||
StateDir string
|
||||
}
|
||||
|
||||
var C config
|
||||
|
|
@ -32,6 +33,7 @@ func SetConfigDefaults() {
|
|||
viper.SetDefault("Service.DNS.Server", "127.0.0.1:53")
|
||||
viper.SetDefault("Service.DNS.DefaultTTL", 60)
|
||||
viper.SetDefault("Service.Users.ConfigDir", "users/")
|
||||
viper.SetDefault("Service.Users.StateDir", "state/")
|
||||
}
|
||||
|
||||
func LoadConfig() {
|
||||
|
|
@ -47,6 +49,12 @@ func LoadConfig() {
|
|||
} else {
|
||||
C.Users.ConfigDir = filepath.Join(viper.GetString("ConfigDir"), path)
|
||||
}
|
||||
path = viper.GetString("Service.Users.StateDir")
|
||||
if filepath.IsAbs(path) {
|
||||
C.Users.StateDir = filepath.Clean(path)
|
||||
} else {
|
||||
C.Users.StateDir = filepath.Join(viper.GetString("StateDir"), path)
|
||||
}
|
||||
}
|
||||
|
||||
func (obj *config) PrettyPrint() string {
|
||||
|
|
|
|||
|
|
@ -0,0 +1,120 @@
|
|||
package service
|
||||
|
||||
import (
|
||||
"encoding/json"
|
||||
"fmt"
|
||||
"io/ioutil"
|
||||
"log"
|
||||
"net"
|
||||
)
|
||||
|
||||
type UpdateRequest struct {
|
||||
IPv4 net.IP
|
||||
IPv6 net.IP
|
||||
UserName string
|
||||
Password string `json:"-"`
|
||||
IPv6Net *net.IPNet
|
||||
Config *UserConfig `json:"-"`
|
||||
}
|
||||
|
||||
func (ur *UpdateRequest) String() string {
|
||||
return fmt.Sprintf("IPv4: %v, IPv6: %v, UserName: %v, Password: %v, IPv6Net: %v",
|
||||
ur.IPv4, ur.IPv6, ur.UserName, ur.Password, ur.IPv6Net)
|
||||
}
|
||||
|
||||
func (ur *UpdateRequest) PrettyPrint() string {
|
||||
s, err := json.MarshalIndent(ur, "", " ")
|
||||
if err != nil {
|
||||
log.Fatalf("Failed to pretty print UpdateRequest via JSON: %v", err)
|
||||
}
|
||||
return string(s)
|
||||
}
|
||||
|
||||
func (ur *UpdateRequest) SaveStateFile() error {
|
||||
data, err := json.MarshalIndent(ur, "", " ")
|
||||
if err != nil {
|
||||
return fmt.Errorf("failed to convert state for user %s to JSON: %v",
|
||||
ur.UserName, err)
|
||||
}
|
||||
filename := ur.Config.GetStateFileName()
|
||||
if err = ioutil.WriteFile(filename, data, 0640); err != nil {
|
||||
return fmt.Errorf("failed to to write sate file for user %s to file %s: %v",
|
||||
ur.UserName, filename, err)
|
||||
}
|
||||
return nil
|
||||
}
|
||||
|
||||
func LoadStateFile(uc *UserConfig) (*UpdateRequest, error) {
|
||||
filename := uc.GetStateFileName()
|
||||
data, err := ioutil.ReadFile(filename)
|
||||
if err != nil {
|
||||
return nil, fmt.Errorf("failed to read state file %s for user %s, %v",
|
||||
uc.UserName, filename, err)
|
||||
}
|
||||
var ur UpdateRequest
|
||||
if err = json.Unmarshal(data, &ur); err != nil {
|
||||
return nil, fmt.Errorf("failed to unmarshal state JSON for user %s: %v",
|
||||
uc.UserName, err)
|
||||
}
|
||||
ur.Config = uc
|
||||
return &ur, nil
|
||||
}
|
||||
|
||||
func (ur *UpdateRequest) Process() error {
|
||||
nfu := NewNFTUpdate()
|
||||
|
||||
if err := DNSUpdateEntry(ur.Config.Domain, ur.Config.Router.Hostname, ur.IPv4, ur.IPv6); err != nil {
|
||||
return fmt.Errorf("failed to update router DNS: %v", err)
|
||||
}
|
||||
if ur.Config.Router.NFT.Table != "" {
|
||||
if ur.IPv4 != nil && ur.Config.Router.NFT.Set4 != "" {
|
||||
if err := nfu.AddIP(ur.Config.Router.NFT.Table, ur.Config.Router.NFT.Set4, ur.IPv4); err != nil {
|
||||
return fmt.Errorf("failed to update IPv4 Router NFT setup: %v", err)
|
||||
}
|
||||
}
|
||||
if ur.IPv6 != nil && ur.Config.Router.NFT.Set6 != "" {
|
||||
if err := nfu.AddIP(ur.Config.Router.NFT.Table, ur.Config.Router.NFT.Set6, ur.IPv6); err != nil {
|
||||
return fmt.Errorf("failed to update IPv6 Router NFT setup: %v", err)
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
for _, other := range ur.Config.Others {
|
||||
fullV6IP := other.ConvertIIDToAddress(ur.IPv6Net)
|
||||
if other.RegisterV4 {
|
||||
if err := DNSUpdateEntry(ur.Config.Domain, other.Hostname, ur.IPv4, fullV6IP); err != nil {
|
||||
return fmt.Errorf("failed to update DNS for host %s: %v", other.Hostname, err)
|
||||
}
|
||||
} else {
|
||||
if err := DNSUpdateEntry(ur.Config.Domain, other.Hostname, nil, fullV6IP); err != nil {
|
||||
return fmt.Errorf("failed to update DNS for host %s: %v", other.Hostname, err)
|
||||
}
|
||||
}
|
||||
|
||||
if other.NFT.Table != "" {
|
||||
if other.NFT.Set6 != "" {
|
||||
if err := nfu.AddIP(other.NFT.Table, other.NFT.Set6, fullV6IP); err != nil {
|
||||
return fmt.Errorf("failed to update IPv6 NFT setup for host %s: %v", other.Hostname, err)
|
||||
}
|
||||
}
|
||||
if other.RegisterV4 && other.NFT.Set4 != "" {
|
||||
if err := nfu.AddIP(other.NFT.Table, other.NFT.Set4, ur.IPv4); err != nil {
|
||||
return fmt.Errorf("failed to update IPv6 NFT setup for host %s: %v", other.Hostname, err)
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
log.Println("Summary of collected NFT Updates:")
|
||||
log.Println(nfu.PrettyPrint())
|
||||
|
||||
if err := nfu.Process(); err != nil {
|
||||
return fmt.Errorf("failed to update NFT Setup: %v", err)
|
||||
}
|
||||
|
||||
if err := ur.SaveStateFile(); err != nil {
|
||||
return fmt.Errorf("failed to save state file: %v", err)
|
||||
}
|
||||
|
||||
return nil
|
||||
}
|
||||
|
|
@ -47,16 +47,14 @@ type UserConfigNFT struct {
|
|||
Set6 string
|
||||
}
|
||||
|
||||
func LoadConfigForUser(username string, password string) (*UserConfig, error) {
|
||||
configFile := fmt.Sprintf("%s/%s.yml", C.Users.ConfigDir, username)
|
||||
func LoadConfigFile(configFile string) (*UserConfig, error) {
|
||||
configFile = path.Clean(configFile)
|
||||
log.Printf("Trying to load config file %s for user %s", configFile, username)
|
||||
log.Printf("Trying to load config file %s", configFile)
|
||||
|
||||
if _, err := os.Stat(configFile); err != nil {
|
||||
log.Printf("cannot stat the file %s: %v", configFile, err)
|
||||
return nil, UnauthorizedError("cannot stat")
|
||||
}
|
||||
|
||||
v := viper.New()
|
||||
v.SetConfigFile(configFile)
|
||||
err := v.ReadInConfig()
|
||||
|
|
@ -65,19 +63,13 @@ func LoadConfigForUser(username string, password string) (*UserConfig, error) {
|
|||
return nil, fmt.Errorf("failed to parse config file %s: %v", configFile, err)
|
||||
}
|
||||
|
||||
result := &UserConfig{db: v, UserName: username}
|
||||
result := &UserConfig{db: v}
|
||||
|
||||
err = result.db.Unmarshal(result)
|
||||
if err != nil {
|
||||
return nil, fmt.Errorf("failed to unmarshal config file %s: %v", configFile, err)
|
||||
}
|
||||
|
||||
err = result.PasswordCheck(password)
|
||||
if err != nil {
|
||||
log.Printf("Failed to check password")
|
||||
return nil, UnauthorizedError("pwcheck failed")
|
||||
}
|
||||
|
||||
err = result.Validate()
|
||||
if err != nil {
|
||||
return nil, fmt.Errorf("failed to parse config: %v", err)
|
||||
|
|
@ -86,6 +78,23 @@ func LoadConfigForUser(username string, password string) (*UserConfig, error) {
|
|||
return result, nil
|
||||
}
|
||||
|
||||
func LoadConfigForUser(username string, password string) (*UserConfig, error) {
|
||||
configFile := fmt.Sprintf("%s/%s.yml", C.Users.ConfigDir, username)
|
||||
|
||||
result, err := LoadConfigFile(configFile)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
err = result.Authenticate(password)
|
||||
if err != nil {
|
||||
log.Printf("Failed to check password")
|
||||
return nil, UnauthorizedError("pwcheck failed")
|
||||
}
|
||||
|
||||
return result, nil
|
||||
}
|
||||
|
||||
func HashPassword(pw []byte) (string, error) {
|
||||
hash, err := bcrypt.GenerateFromPassword(pw, bcrypt.DefaultCost)
|
||||
if err != nil {
|
||||
|
|
@ -94,7 +103,7 @@ func HashPassword(pw []byte) (string, error) {
|
|||
return string(hash), nil
|
||||
}
|
||||
|
||||
func (uc *UserConfig) PasswordCheck(pwToCheck string) error {
|
||||
func (uc *UserConfig) Authenticate(pwToCheck string) error {
|
||||
hashedPassword := []byte(uc.PassWord)
|
||||
bytePwToCheck := []byte(pwToCheck)
|
||||
|
||||
|
|
@ -171,6 +180,10 @@ func (uc *UserConfig) Validate() error {
|
|||
return nil
|
||||
}
|
||||
|
||||
func (uc *UserConfig) GetStateFileName() string {
|
||||
return fmt.Sprintf("%s/%s.yml", C.Users.StateDir, uc.UserName)
|
||||
}
|
||||
|
||||
func (uc *UserConfig) PrettyPrint() string {
|
||||
s, err := json.MarshalIndent(uc, "", " ")
|
||||
if err != nil {
|
||||
|
|
|
|||
|
|
@ -1,3 +1,4 @@
|
|||
username: example
|
||||
password: $2a$10$ymHFfGjKINWsUKwEo5xp.efN6DR6NkiRCXsbH4VWo0Nnzma8Yc.82
|
||||
domain: dyn.local
|
||||
router:
|
||||
|
|
@ -19,4 +20,4 @@ others:
|
|||
registerv4: false
|
||||
NFT:
|
||||
table: sshguard
|
||||
set6: blackhole6
|
||||
set6: blackhole6
|
||||
|
|
|
|||
|
|
@ -1,9 +1,12 @@
|
|||
package webapi
|
||||
|
||||
import (
|
||||
"errors"
|
||||
"fmt"
|
||||
"log"
|
||||
"net"
|
||||
"net/http"
|
||||
"net/url"
|
||||
|
||||
"gitea.nehmer.net/torben/dyndns/service"
|
||||
)
|
||||
|
|
@ -52,7 +55,7 @@ func handleUpdate(w http.ResponseWriter, r *http.Request) {
|
|||
log.Println(service.C.PrettyPrint())
|
||||
// End DEBUG Output
|
||||
|
||||
if err := processUpdateRequest(ur); err != nil {
|
||||
if err := ur.Process(); err != nil {
|
||||
log.Printf("failed to process UpdateRequest: %v", err)
|
||||
http.Error(w, err.Error(), http.StatusInternalServerError)
|
||||
}
|
||||
|
|
@ -61,57 +64,38 @@ func handleUpdate(w http.ResponseWriter, r *http.Request) {
|
|||
fmt.Fprintln(w, "OK")
|
||||
}
|
||||
|
||||
func processUpdateRequest(ur *UpdateRequest) error {
|
||||
nfu := service.NewNFTUpdate()
|
||||
func createUpdateRequestFromForm(form url.Values) (*service.UpdateRequest, error) {
|
||||
ur := &service.UpdateRequest{}
|
||||
|
||||
if err := service.DNSUpdateEntry(ur.Config.Domain, ur.Config.Router.Hostname, ur.IPv4, ur.IPv6); err != nil {
|
||||
return fmt.Errorf("failed to update router DNS: %v", err)
|
||||
}
|
||||
if ur.Config.Router.NFT.Table != "" {
|
||||
if ur.IPv4 != nil && ur.Config.Router.NFT.Set4 != "" {
|
||||
if err := nfu.AddIP(ur.Config.Router.NFT.Table, ur.Config.Router.NFT.Set4, ur.IPv4); err != nil {
|
||||
return fmt.Errorf("failed to update IPv4 Router NFT setup: %v", err)
|
||||
}
|
||||
}
|
||||
if ur.IPv6 != nil && ur.Config.Router.NFT.Set6 != "" {
|
||||
if err := nfu.AddIP(ur.Config.Router.NFT.Table, ur.Config.Router.NFT.Set6, ur.IPv6); err != nil {
|
||||
return fmt.Errorf("failed to update IPv6 Router NFT setup: %v", err)
|
||||
}
|
||||
if form.Get("IPv4") != "" {
|
||||
if ur.IPv4 = net.ParseIP(form.Get("IPv4")); ur.IPv4 == nil {
|
||||
return nil, errors.New("could not parse IPv4 address")
|
||||
}
|
||||
}
|
||||
|
||||
for _, other := range ur.Config.Others {
|
||||
fullV6IP := other.ConvertIIDToAddress(ur.IPv6Net)
|
||||
if other.RegisterV4 {
|
||||
if err := service.DNSUpdateEntry(ur.Config.Domain, other.Hostname, ur.IPv4, fullV6IP); err != nil {
|
||||
return fmt.Errorf("failed to update DNS for host %s: %v", other.Hostname, err)
|
||||
}
|
||||
} else {
|
||||
if err := service.DNSUpdateEntry(ur.Config.Domain, other.Hostname, nil, fullV6IP); err != nil {
|
||||
return fmt.Errorf("failed to update DNS for host %s: %v", other.Hostname, err)
|
||||
}
|
||||
}
|
||||
|
||||
if other.NFT.Table != "" {
|
||||
if other.NFT.Set6 != "" {
|
||||
if err := nfu.AddIP(other.NFT.Table, other.NFT.Set6, fullV6IP); err != nil {
|
||||
return fmt.Errorf("failed to update IPv6 NFT setup for host %s: %v", other.Hostname, err)
|
||||
}
|
||||
}
|
||||
if other.RegisterV4 && other.NFT.Set4 != "" {
|
||||
if err := nfu.AddIP(other.NFT.Table, other.NFT.Set4, ur.IPv4); err != nil {
|
||||
return fmt.Errorf("failed to update IPv6 NFT setup for host %s: %v", other.Hostname, err)
|
||||
}
|
||||
}
|
||||
if form.Get("IPv6") != "" {
|
||||
if ur.IPv6 = net.ParseIP(form.Get("IPv6")); ur.IPv6 == nil {
|
||||
return nil, errors.New("could not parse IPv6 address")
|
||||
}
|
||||
}
|
||||
|
||||
log.Println("Summary of collected NFT Updates:")
|
||||
log.Println(nfu.PrettyPrint())
|
||||
|
||||
if err := nfu.Process(); err != nil {
|
||||
return fmt.Errorf("failed to update NFT Setup: %v", err)
|
||||
ur.UserName = form.Get("UserName")
|
||||
if ur.UserName == "" {
|
||||
return nil, errors.New("a UserName must be specified")
|
||||
}
|
||||
|
||||
return nil
|
||||
ur.Password = form.Get("Password")
|
||||
if ur.Password == "" {
|
||||
return nil, errors.New("a Password must be specified")
|
||||
}
|
||||
|
||||
if ip6net := form.Get("IPv6Net"); ip6net != "" {
|
||||
_, ipnet, err := net.ParseCIDR(ip6net)
|
||||
if err != nil {
|
||||
return nil, errors.New("could not parse IPv6Net")
|
||||
}
|
||||
ur.IPv6Net = ipnet
|
||||
}
|
||||
|
||||
return ur, nil
|
||||
}
|
||||
|
|
|
|||
|
|
@ -1,70 +0,0 @@
|
|||
package webapi
|
||||
|
||||
import (
|
||||
"encoding/json"
|
||||
"errors"
|
||||
"fmt"
|
||||
"log"
|
||||
"net"
|
||||
"net/url"
|
||||
|
||||
"gitea.nehmer.net/torben/dyndns/service"
|
||||
)
|
||||
|
||||
type UpdateRequest struct {
|
||||
IPv4 net.IP
|
||||
IPv6 net.IP
|
||||
UserName string
|
||||
Password string
|
||||
IPv6Net *net.IPNet
|
||||
Config *service.UserConfig
|
||||
}
|
||||
|
||||
func (ur *UpdateRequest) String() string {
|
||||
return fmt.Sprintf("IPv4: %v, IPv6: %v, UserName: %v, Password: %v, IPv6Net: %v",
|
||||
ur.IPv4, ur.IPv6, ur.UserName, ur.Password, ur.IPv6Net)
|
||||
}
|
||||
|
||||
func (ur *UpdateRequest) PrettyPrint() string {
|
||||
s, err := json.MarshalIndent(ur, "", " ")
|
||||
if err != nil {
|
||||
log.Fatalf("Failed to pretty print UpdateRequest via JSON: %v", err)
|
||||
}
|
||||
return string(s)
|
||||
}
|
||||
|
||||
func createUpdateRequestFromForm(form url.Values) (*UpdateRequest, error) {
|
||||
ur := &UpdateRequest{}
|
||||
|
||||
if form.Get("IPv4") != "" {
|
||||
if ur.IPv4 = net.ParseIP(form.Get("IPv4")); ur.IPv4 == nil {
|
||||
return nil, errors.New("could not parse IPv4 address")
|
||||
}
|
||||
}
|
||||
|
||||
if form.Get("IPv6") != "" {
|
||||
if ur.IPv6 = net.ParseIP(form.Get("IPv6")); ur.IPv6 == nil {
|
||||
return nil, errors.New("could not parse IPv6 address")
|
||||
}
|
||||
}
|
||||
|
||||
ur.UserName = form.Get("UserName")
|
||||
if ur.UserName == "" {
|
||||
return nil, errors.New("a UserName must be specified")
|
||||
}
|
||||
|
||||
ur.Password = form.Get("Password")
|
||||
if ur.Password == "" {
|
||||
return nil, errors.New("a Password must be specified")
|
||||
}
|
||||
|
||||
if ip6net := form.Get("IPv6Net"); ip6net != "" {
|
||||
_, ipnet, err := net.ParseCIDR(ip6net)
|
||||
if err != nil {
|
||||
return nil, errors.New("could not parse IPv6Net")
|
||||
}
|
||||
ur.IPv6Net = ipnet
|
||||
}
|
||||
|
||||
return ur, nil
|
||||
}
|
||||
Loading…
Reference in New Issue