Added state perstistance
- Define new state directory to hold the last dns update config and push it into the config, default to state/ - Refactoring, move updaterequest into service and out of webapp. Keep only the form parsing there. Specifically, move the processing code into the service package, it shouldn't be in the webapp. - Add code to load and save the last updaterequest into a state file (watch out to keep the possibly unhashed password out of it). - Add a command line option to load all available state files given the current configured user list from the command line. - Refactor user configuartion loading to separate it from user authentication, claen up the code. - We now require the username in the config, to make handling it in state updates easier. This will allow easier transition to DB style storage anyway. - Update .gitignore
This commit is contained in:
@@ -20,6 +20,7 @@ type configDNS struct {
|
||||
|
||||
type configUsers struct {
|
||||
ConfigDir string
|
||||
StateDir string
|
||||
}
|
||||
|
||||
var C config
|
||||
@@ -32,6 +33,7 @@ func SetConfigDefaults() {
|
||||
viper.SetDefault("Service.DNS.Server", "127.0.0.1:53")
|
||||
viper.SetDefault("Service.DNS.DefaultTTL", 60)
|
||||
viper.SetDefault("Service.Users.ConfigDir", "users/")
|
||||
viper.SetDefault("Service.Users.StateDir", "state/")
|
||||
}
|
||||
|
||||
func LoadConfig() {
|
||||
@@ -47,6 +49,12 @@ func LoadConfig() {
|
||||
} else {
|
||||
C.Users.ConfigDir = filepath.Join(viper.GetString("ConfigDir"), path)
|
||||
}
|
||||
path = viper.GetString("Service.Users.StateDir")
|
||||
if filepath.IsAbs(path) {
|
||||
C.Users.StateDir = filepath.Clean(path)
|
||||
} else {
|
||||
C.Users.StateDir = filepath.Join(viper.GetString("StateDir"), path)
|
||||
}
|
||||
}
|
||||
|
||||
func (obj *config) PrettyPrint() string {
|
||||
|
||||
120
service/updaterequest.go
Normal file
120
service/updaterequest.go
Normal file
@@ -0,0 +1,120 @@
|
||||
package service
|
||||
|
||||
import (
|
||||
"encoding/json"
|
||||
"fmt"
|
||||
"io/ioutil"
|
||||
"log"
|
||||
"net"
|
||||
)
|
||||
|
||||
type UpdateRequest struct {
|
||||
IPv4 net.IP
|
||||
IPv6 net.IP
|
||||
UserName string
|
||||
Password string `json:"-"`
|
||||
IPv6Net *net.IPNet
|
||||
Config *UserConfig `json:"-"`
|
||||
}
|
||||
|
||||
func (ur *UpdateRequest) String() string {
|
||||
return fmt.Sprintf("IPv4: %v, IPv6: %v, UserName: %v, Password: %v, IPv6Net: %v",
|
||||
ur.IPv4, ur.IPv6, ur.UserName, ur.Password, ur.IPv6Net)
|
||||
}
|
||||
|
||||
func (ur *UpdateRequest) PrettyPrint() string {
|
||||
s, err := json.MarshalIndent(ur, "", " ")
|
||||
if err != nil {
|
||||
log.Fatalf("Failed to pretty print UpdateRequest via JSON: %v", err)
|
||||
}
|
||||
return string(s)
|
||||
}
|
||||
|
||||
func (ur *UpdateRequest) SaveStateFile() error {
|
||||
data, err := json.MarshalIndent(ur, "", " ")
|
||||
if err != nil {
|
||||
return fmt.Errorf("failed to convert state for user %s to JSON: %v",
|
||||
ur.UserName, err)
|
||||
}
|
||||
filename := ur.Config.GetStateFileName()
|
||||
if err = ioutil.WriteFile(filename, data, 0640); err != nil {
|
||||
return fmt.Errorf("failed to to write sate file for user %s to file %s: %v",
|
||||
ur.UserName, filename, err)
|
||||
}
|
||||
return nil
|
||||
}
|
||||
|
||||
func LoadStateFile(uc *UserConfig) (*UpdateRequest, error) {
|
||||
filename := uc.GetStateFileName()
|
||||
data, err := ioutil.ReadFile(filename)
|
||||
if err != nil {
|
||||
return nil, fmt.Errorf("failed to read state file %s for user %s, %v",
|
||||
uc.UserName, filename, err)
|
||||
}
|
||||
var ur UpdateRequest
|
||||
if err = json.Unmarshal(data, &ur); err != nil {
|
||||
return nil, fmt.Errorf("failed to unmarshal state JSON for user %s: %v",
|
||||
uc.UserName, err)
|
||||
}
|
||||
ur.Config = uc
|
||||
return &ur, nil
|
||||
}
|
||||
|
||||
func (ur *UpdateRequest) Process() error {
|
||||
nfu := NewNFTUpdate()
|
||||
|
||||
if err := DNSUpdateEntry(ur.Config.Domain, ur.Config.Router.Hostname, ur.IPv4, ur.IPv6); err != nil {
|
||||
return fmt.Errorf("failed to update router DNS: %v", err)
|
||||
}
|
||||
if ur.Config.Router.NFT.Table != "" {
|
||||
if ur.IPv4 != nil && ur.Config.Router.NFT.Set4 != "" {
|
||||
if err := nfu.AddIP(ur.Config.Router.NFT.Table, ur.Config.Router.NFT.Set4, ur.IPv4); err != nil {
|
||||
return fmt.Errorf("failed to update IPv4 Router NFT setup: %v", err)
|
||||
}
|
||||
}
|
||||
if ur.IPv6 != nil && ur.Config.Router.NFT.Set6 != "" {
|
||||
if err := nfu.AddIP(ur.Config.Router.NFT.Table, ur.Config.Router.NFT.Set6, ur.IPv6); err != nil {
|
||||
return fmt.Errorf("failed to update IPv6 Router NFT setup: %v", err)
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
for _, other := range ur.Config.Others {
|
||||
fullV6IP := other.ConvertIIDToAddress(ur.IPv6Net)
|
||||
if other.RegisterV4 {
|
||||
if err := DNSUpdateEntry(ur.Config.Domain, other.Hostname, ur.IPv4, fullV6IP); err != nil {
|
||||
return fmt.Errorf("failed to update DNS for host %s: %v", other.Hostname, err)
|
||||
}
|
||||
} else {
|
||||
if err := DNSUpdateEntry(ur.Config.Domain, other.Hostname, nil, fullV6IP); err != nil {
|
||||
return fmt.Errorf("failed to update DNS for host %s: %v", other.Hostname, err)
|
||||
}
|
||||
}
|
||||
|
||||
if other.NFT.Table != "" {
|
||||
if other.NFT.Set6 != "" {
|
||||
if err := nfu.AddIP(other.NFT.Table, other.NFT.Set6, fullV6IP); err != nil {
|
||||
return fmt.Errorf("failed to update IPv6 NFT setup for host %s: %v", other.Hostname, err)
|
||||
}
|
||||
}
|
||||
if other.RegisterV4 && other.NFT.Set4 != "" {
|
||||
if err := nfu.AddIP(other.NFT.Table, other.NFT.Set4, ur.IPv4); err != nil {
|
||||
return fmt.Errorf("failed to update IPv6 NFT setup for host %s: %v", other.Hostname, err)
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
log.Println("Summary of collected NFT Updates:")
|
||||
log.Println(nfu.PrettyPrint())
|
||||
|
||||
if err := nfu.Process(); err != nil {
|
||||
return fmt.Errorf("failed to update NFT Setup: %v", err)
|
||||
}
|
||||
|
||||
if err := ur.SaveStateFile(); err != nil {
|
||||
return fmt.Errorf("failed to save state file: %v", err)
|
||||
}
|
||||
|
||||
return nil
|
||||
}
|
||||
@@ -47,16 +47,14 @@ type UserConfigNFT struct {
|
||||
Set6 string
|
||||
}
|
||||
|
||||
func LoadConfigForUser(username string, password string) (*UserConfig, error) {
|
||||
configFile := fmt.Sprintf("%s/%s.yml", C.Users.ConfigDir, username)
|
||||
func LoadConfigFile(configFile string) (*UserConfig, error) {
|
||||
configFile = path.Clean(configFile)
|
||||
log.Printf("Trying to load config file %s for user %s", configFile, username)
|
||||
log.Printf("Trying to load config file %s", configFile)
|
||||
|
||||
if _, err := os.Stat(configFile); err != nil {
|
||||
log.Printf("cannot stat the file %s: %v", configFile, err)
|
||||
return nil, UnauthorizedError("cannot stat")
|
||||
}
|
||||
|
||||
v := viper.New()
|
||||
v.SetConfigFile(configFile)
|
||||
err := v.ReadInConfig()
|
||||
@@ -65,19 +63,13 @@ func LoadConfigForUser(username string, password string) (*UserConfig, error) {
|
||||
return nil, fmt.Errorf("failed to parse config file %s: %v", configFile, err)
|
||||
}
|
||||
|
||||
result := &UserConfig{db: v, UserName: username}
|
||||
result := &UserConfig{db: v}
|
||||
|
||||
err = result.db.Unmarshal(result)
|
||||
if err != nil {
|
||||
return nil, fmt.Errorf("failed to unmarshal config file %s: %v", configFile, err)
|
||||
}
|
||||
|
||||
err = result.PasswordCheck(password)
|
||||
if err != nil {
|
||||
log.Printf("Failed to check password")
|
||||
return nil, UnauthorizedError("pwcheck failed")
|
||||
}
|
||||
|
||||
err = result.Validate()
|
||||
if err != nil {
|
||||
return nil, fmt.Errorf("failed to parse config: %v", err)
|
||||
@@ -86,6 +78,23 @@ func LoadConfigForUser(username string, password string) (*UserConfig, error) {
|
||||
return result, nil
|
||||
}
|
||||
|
||||
func LoadConfigForUser(username string, password string) (*UserConfig, error) {
|
||||
configFile := fmt.Sprintf("%s/%s.yml", C.Users.ConfigDir, username)
|
||||
|
||||
result, err := LoadConfigFile(configFile)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
err = result.Authenticate(password)
|
||||
if err != nil {
|
||||
log.Printf("Failed to check password")
|
||||
return nil, UnauthorizedError("pwcheck failed")
|
||||
}
|
||||
|
||||
return result, nil
|
||||
}
|
||||
|
||||
func HashPassword(pw []byte) (string, error) {
|
||||
hash, err := bcrypt.GenerateFromPassword(pw, bcrypt.DefaultCost)
|
||||
if err != nil {
|
||||
@@ -94,7 +103,7 @@ func HashPassword(pw []byte) (string, error) {
|
||||
return string(hash), nil
|
||||
}
|
||||
|
||||
func (uc *UserConfig) PasswordCheck(pwToCheck string) error {
|
||||
func (uc *UserConfig) Authenticate(pwToCheck string) error {
|
||||
hashedPassword := []byte(uc.PassWord)
|
||||
bytePwToCheck := []byte(pwToCheck)
|
||||
|
||||
@@ -171,6 +180,10 @@ func (uc *UserConfig) Validate() error {
|
||||
return nil
|
||||
}
|
||||
|
||||
func (uc *UserConfig) GetStateFileName() string {
|
||||
return fmt.Sprintf("%s/%s.yml", C.Users.StateDir, uc.UserName)
|
||||
}
|
||||
|
||||
func (uc *UserConfig) PrettyPrint() string {
|
||||
s, err := json.MarshalIndent(uc, "", " ")
|
||||
if err != nil {
|
||||
|
||||
Reference in New Issue
Block a user