First working implementation

- implemented update request processing
- separated host and domain name in config (req. for DNS updates)
- enhanced NFT update validation
- cleaned up example user
- cleand up logging in update request
- moved appropriate config into user request struct
This commit is contained in:
Torben Nehmer 2021-08-24 16:44:52 +02:00
parent 2feb864551
commit ae3b1d0897
4 changed files with 112 additions and 41 deletions

View File

@ -24,17 +24,18 @@ type UserConfig struct {
UserName string UserName string
PassWord string PassWord string
Domain string
Router UserConfigRouter Router UserConfigRouter
Others []UserConfigOther Others []UserConfigOther
} }
type UserConfigRouter struct { type UserConfigRouter struct {
DNS string Hostname string
NFT UserConfigNFT NFT UserConfigNFT
} }
type UserConfigOther struct { type UserConfigOther struct {
DNS string Hostname string
V6IID string V6IID string
RegisterV4 bool RegisterV4 bool
NFT UserConfigNFT NFT UserConfigNFT
@ -119,44 +120,51 @@ func (uco *UserConfigOther) ConvertIIDToAddress(localNet *net.IPNet) net.IP {
return out return out
} }
func (ucn *UserConfigNFT) ValidateSetNames() bool { func (ucn *UserConfigNFT) ValidateSetNames() error {
if ucn.Set4 == "" && ucn.Set6 == "" { if ucn.Set4 == "" && ucn.Set6 == "" {
return true return nil
} }
return ucn.Set4 != ucn.Set6 if ucn.Table == "" {
return errors.New("NFT table name undefined")
}
if ucn.Set4 == ucn.Set6 {
return errors.New("set4 and set6 are identical")
}
return nil
} }
func (uc *UserConfig) Validate() error { func (uc *UserConfig) Validate() error {
if !uc.Router.NFT.ValidateSetNames() { if err := uc.Router.NFT.ValidateSetNames(); err != nil {
return errors.New("router NFT set names invalid (probably identical for v4 and v6)") return fmt.Errorf("router NFT validation failed: %v", err)
} }
if uc.Router.DNS == "" { if uc.Router.Hostname == "" {
return errors.New("router record has no DNS") return errors.New("router record has no Hostname")
} }
dnsnames := make(map[string]bool) dnsnames := make(map[string]bool)
dnsnames[uc.Router.DNS] = true dnsnames[uc.Router.Hostname] = true
for i, other := range uc.Others { for i, other := range uc.Others {
if other.DNS == "" { if other.Hostname == "" {
return fmt.Errorf("other record #%d has no DNS", i) return fmt.Errorf("other record #%d has no Hostname", i)
} }
if dnsnames[other.DNS] { if dnsnames[other.Hostname] {
return fmt.Errorf("the DNS FQDN %s is used twice", other.DNS) return fmt.Errorf("the Hostname %s is used twice", other.Hostname)
} }
dnsnames[other.DNS] = true dnsnames[other.Hostname] = true
if !other.NFT.ValidateSetNames() { if err := other.NFT.ValidateSetNames(); err != nil {
return fmt.Errorf("other %s NFT set names invalid (probably identical for v4 and v6)", other.DNS) return fmt.Errorf("other %s NFT validation failed: %v", other.Hostname, err)
} }
if other.V6IID == "" { if other.V6IID == "" {
return fmt.Errorf("other record %s has no V6IID", other.DNS) return fmt.Errorf("other record %s has no V6IID", other.Hostname)
} }
iidIP := net.ParseIP(other.V6IID) iidIP := net.ParseIP(other.V6IID)
if iidIP == nil { if iidIP == nil {
return fmt.Errorf("other record %s has invalid V6IID %s", other.DNS, other.V6IID) return fmt.Errorf("other record %s has invalid V6IID %s", other.Hostname, other.V6IID)
} }
if iidIP.To4() != nil { if iidIP.To4() != nil {
return fmt.Errorf("other record %s IID looks like an IPv4 Address", other.DNS) return fmt.Errorf("other record %s IID looks like an IPv4 Address", other.Hostname)
} }
} }

View File

@ -1,19 +1,20 @@
password: $2a$10$ymHFfGjKINWsUKwEo5xp.efN6DR6NkiRCXsbH4VWo0Nnzma8Yc.82 password: $2a$10$ymHFfGjKINWsUKwEo5xp.efN6DR6NkiRCXsbH4VWo0Nnzma8Yc.82
domain: dyn.local
router: router:
DNS: brandfeld.dyn.local Hostname: mainhost
NFT: NFT:
table: sshguard table: sshguard
set4: blackhole set4: blackhole
set6: blackhole6 set6: blackhole6
others: others:
- DNS: atlantis.dyn.local - Hostname: atlantis
v6iid: ::dead:beef:dead:beef v6iid: ::dead:beef:dead:beef
registerv4: true registerv4: true
NFT: NFT:
table: sshguard table: sshguard
set4: blackhole set4: blackhole
set6: blackhole6 set6: blackhole6
- DNS: troya.dyn.local - Hostname: troya
v6iid: ::cafe:babe:deca:fbad v6iid: ::cafe:babe:deca:fbad
registerv4: false registerv4: false
NFT: NFT:

View File

@ -36,23 +36,82 @@ func handleUpdate(w http.ResponseWriter, r *http.Request) {
return return
} }
ur.Config = uc
// Start DEBUG Output
log.Println("Final request")
log.Println(ur.PrettyPrint())
for _, other := range uc.Others {
log.Printf("Other %s, IID %v, merged: %v",
other.Hostname, other.V6IID, other.ConvertIIDToAddress(ur.IPv6Net))
}
log.Println("WebAPI Config:")
log.Println(C.PrettyPrint())
log.Println("Service Config:")
log.Println(service.C.PrettyPrint())
// End DEBUG Output
if err := processUpdateRequest(ur); err != nil {
log.Printf("failed to process UpdateRequest: %v", err)
http.Error(w, err.Error(), http.StatusInternalServerError)
}
w.Header().Set("Content-Type", "text/plain") w.Header().Set("Content-Type", "text/plain")
fmt.Fprintln(w, "OK") fmt.Fprintln(w, "OK")
fmt.Fprintln(w, ur.PrettyPrint()) }
log.Println(ur.PrettyPrint())
log.Println(ur.IPv6Net.IP) func processUpdateRequest(ur *UpdateRequest) error {
log.Println(ur.IPv6Net.Mask) nfu := service.NewNFTUpdate()
log.Printf("Request PW: %s, Config PW: %s", ur.Password, uc.PassWord)
fmt.Fprintln(w, "Unmarshalled userconfig:") if err := service.DNSUpdateEntry(ur.Config.Domain, ur.Config.Router.Hostname, ur.IPv4, ur.IPv6); err != nil {
fmt.Fprintln(w, uc.PrettyPrint()) return fmt.Errorf("failed to update router DNS: %v", err)
fmt.Fprintln(w, "WebAPI Config:") }
fmt.Fprintln(w, C.PrettyPrint()) if ur.Config.Router.NFT.Table != "" {
fmt.Fprintln(w, "Service Config:") if ur.IPv4 != nil && ur.Config.Router.NFT.Set4 != "" {
fmt.Fprintln(w, service.C.PrettyPrint()) if err := nfu.AddIP(ur.Config.Router.NFT.Table, ur.Config.Router.NFT.Set4, ur.IPv4); err != nil {
return fmt.Errorf("failed to update IPv4 Router NFT setup: %v", err)
for _, other := range uc.Others { }
log.Printf("Other %s, IID %v, UR V6NEt: %v, merged: %v", }
other.DNS, other.V6IID, ur.IPv6Net, if ur.IPv6 != nil && ur.Config.Router.NFT.Set6 != "" {
other.ConvertIIDToAddress(ur.IPv6Net)) if err := nfu.AddIP(ur.Config.Router.NFT.Table, ur.Config.Router.NFT.Set6, ur.IPv6); err != nil {
} return fmt.Errorf("failed to update IPv6 Router NFT setup: %v", err)
}
}
}
for _, other := range ur.Config.Others {
fullV6IP := other.ConvertIIDToAddress(ur.IPv6Net)
if other.RegisterV4 {
if err := service.DNSUpdateEntry(ur.Config.Domain, other.Hostname, ur.IPv4, fullV6IP); err != nil {
return fmt.Errorf("failed to update DNS for host %s: %v", other.Hostname, err)
}
} else {
if err := service.DNSUpdateEntry(ur.Config.Domain, other.Hostname, nil, fullV6IP); err != nil {
return fmt.Errorf("failed to update DNS for host %s: %v", other.Hostname, err)
}
}
if other.NFT.Table != "" {
if other.NFT.Set6 != "" {
if err := nfu.AddIP(other.NFT.Table, other.NFT.Set6, fullV6IP); err != nil {
return fmt.Errorf("failed to update IPv6 NFT setup for host %s: %v", other.Hostname, err)
}
}
if other.RegisterV4 && other.NFT.Set4 != "" {
if err := nfu.AddIP(other.NFT.Table, other.NFT.Set4, ur.IPv4); err != nil {
return fmt.Errorf("failed to update IPv6 NFT setup for host %s: %v", other.Hostname, err)
}
}
}
}
log.Println("Summary of collected NFT Updates:")
log.Println(nfu.PrettyPrint())
if err := nfu.Process(); err != nil {
return fmt.Errorf("failed to update NFT Setup: %v", err)
}
return nil
} }

View File

@ -7,6 +7,8 @@ import (
"log" "log"
"net" "net"
"net/url" "net/url"
"gitea.nehmer.net/torben/dyndns/service"
) )
type UpdateRequest struct { type UpdateRequest struct {
@ -15,6 +17,7 @@ type UpdateRequest struct {
UserName string UserName string
Password string Password string
IPv6Net *net.IPNet IPv6Net *net.IPNet
Config *service.UserConfig
} }
func (ur *UpdateRequest) String() string { func (ur *UpdateRequest) String() string {