Next implementation steps

- Simplified UpdateRequest to the minimum required
- renamed test user to example
- removed user property from yml config, it is given by the file name.
- splitted server code analogous to command line code so that each handler has its own file.
- made viper confgi in userconfig internal
- added validation to userconfig
- added helper to combaine an IID with a v6net in userconfig

service/userconfig.go

@@ -2,8 +2,10 @@ package service
 
 import (
 	"encoding/json"
+	"errors"
 	"fmt"
 	"log"
+	"net"
 	"os"
 	"path"
 
@@ -18,7 +20,7 @@ func (uae UnauthorizedError) Error() string {
 }
 
 type UserConfig struct {
-	DB *viper.Viper
+	db *viper.Viper
 
 	UserName string
 	PassWord string
@@ -62,16 +64,22 @@ func LoadConfigForUser(username string, password string) (*UserConfig, error) {
 		return nil, fmt.Errorf("failed to parse config file %s: %v", configFile, err)
 	}
 
-	result := &UserConfig{DB: v}
+	result := &UserConfig{db: v, UserName: username}
+
+	err = result.db.Unmarshal(result)
+	if err != nil {
+		return nil, fmt.Errorf("failed to unmarshal config file %s: %v", configFile, err)
+	}
 
 	err = result.PasswordCheck(password)
 	if err != nil {
+		log.Printf("Failed to check password")
 		return nil, UnauthorizedError("pwcheck failed")
 	}
 
-	err = result.DB.Unmarshal(result)
+	err = result.Validate()
 	if err != nil {
-		return nil, fmt.Errorf("failed to unmarshal config file %s: %v", configFile, err)
+		return nil, fmt.Errorf("failed to parse config: %v", err)
 	}
 
 	return result, nil
@@ -85,8 +93,8 @@ func HashPassword(pw []byte) (string, error) {
 	return string(hash), nil
 }
 
-func (ur *UserConfig) PasswordCheck(pwToCheck string) error {
-	hashedPassword := []byte(ur.DB.GetString("password"))
+func (uc *UserConfig) PasswordCheck(pwToCheck string) error {
+	hashedPassword := []byte(uc.PassWord)
 	bytePwToCheck := []byte(pwToCheck)
 
 	err := bcrypt.CompareHashAndPassword(hashedPassword, bytePwToCheck)
@@ -94,6 +102,67 @@ func (ur *UserConfig) PasswordCheck(pwToCheck string) error {
 	return err
 }
 
+func (uco *UserConfigOther) ConvertIIDToAddress(localNet *net.IPNet) net.IP {
+	if localNet == nil {
+		return nil
+	}
+	out := make(net.IP, net.IPv6len)
+	ipiid := net.ParseIP(uco.V6IID)
+	for i := 0; i < net.IPv6len; i++ {
+		// We take the corresponding byte from the IID and mask it out with the
+		// inversed Mask of the network we got (in essence a Host Mask). This
+		// leaves us those bits, that are not taken by the netmask, so that we
+		// can OR all this together.
+		maskedIID := ipiid[i] &^ localNet.Mask[i]
+		out[i] = localNet.IP[i] | maskedIID
+	}
+	return out
+}
+
+func (ucn *UserConfigNFT) ValidateSetNames() bool {
+	if ucn.Set4 == "" && ucn.Set6 == "" {
+		return true
+	}
+	return ucn.Set4 != ucn.Set6
+}
+
+func (uc *UserConfig) Validate() error {
+	if !uc.Router.NFT.ValidateSetNames() {
+		return errors.New("router NFT set names invalid (probably identical for v4 and v6)")
+	}
+	if uc.Router.DNS == "" {
+		return errors.New("router record has no DNS")
+	}
+
+	dnsnames := make(map[string]bool)
+	dnsnames[uc.Router.DNS] = true
+
+	for i, other := range uc.Others {
+		if other.DNS == "" {
+			return fmt.Errorf("other record #%d has no DNS", i)
+		}
+		if dnsnames[other.DNS] {
+			return fmt.Errorf("the DNS FQDN %s is used twice", other.DNS)
+		}
+		dnsnames[other.DNS] = true
+		if !other.NFT.ValidateSetNames() {
+			return fmt.Errorf("other %s NFT set names invalid (probably identical for v4 and v6)", other.DNS)
+		}
+		if other.V6IID == "" {
+			return fmt.Errorf("other record %s has no V6IID", other.DNS)
+		}
+		iidIP := net.ParseIP(other.V6IID)
+		if iidIP == nil {
+			return fmt.Errorf("other record %s has invalid V6IID %s", other.DNS, other.V6IID)
+		}
+		if iidIP.To4() != nil {
+			return fmt.Errorf("other record %s IID looks like an IPv4 Address", other.DNS)
+		}
+	}
+
+	return nil
+}
+
 func (uc *UserConfig) PrettyPrint() string {
 	s, err := json.MarshalIndent(uc, "", " ")
 	if err != nil {