Next implementation steps
- Simplified UpdateRequest to the minimum required - renamed test user to example - removed user property from yml config, it is given by the file name. - splitted server code analogous to command line code so that each handler has its own file. - made viper confgi in userconfig internal - added validation to userconfig - added helper to combaine an IID with a v6net in userconfig
This commit is contained in:
parent
fbfd75bf99
commit
fbf10f9d1b
@ -2,8 +2,10 @@ package service
|
|||||||
|
|
||||||
import (
|
import (
|
||||||
"encoding/json"
|
"encoding/json"
|
||||||
|
"errors"
|
||||||
"fmt"
|
"fmt"
|
||||||
"log"
|
"log"
|
||||||
|
"net"
|
||||||
"os"
|
"os"
|
||||||
"path"
|
"path"
|
||||||
|
|
||||||
@ -18,7 +20,7 @@ func (uae UnauthorizedError) Error() string {
|
|||||||
}
|
}
|
||||||
|
|
||||||
type UserConfig struct {
|
type UserConfig struct {
|
||||||
DB *viper.Viper
|
db *viper.Viper
|
||||||
|
|
||||||
UserName string
|
UserName string
|
||||||
PassWord string
|
PassWord string
|
||||||
@ -62,16 +64,22 @@ func LoadConfigForUser(username string, password string) (*UserConfig, error) {
|
|||||||
return nil, fmt.Errorf("failed to parse config file %s: %v", configFile, err)
|
return nil, fmt.Errorf("failed to parse config file %s: %v", configFile, err)
|
||||||
}
|
}
|
||||||
|
|
||||||
result := &UserConfig{DB: v}
|
result := &UserConfig{db: v, UserName: username}
|
||||||
|
|
||||||
|
err = result.db.Unmarshal(result)
|
||||||
|
if err != nil {
|
||||||
|
return nil, fmt.Errorf("failed to unmarshal config file %s: %v", configFile, err)
|
||||||
|
}
|
||||||
|
|
||||||
err = result.PasswordCheck(password)
|
err = result.PasswordCheck(password)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
|
log.Printf("Failed to check password")
|
||||||
return nil, UnauthorizedError("pwcheck failed")
|
return nil, UnauthorizedError("pwcheck failed")
|
||||||
}
|
}
|
||||||
|
|
||||||
err = result.DB.Unmarshal(result)
|
err = result.Validate()
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, fmt.Errorf("failed to unmarshal config file %s: %v", configFile, err)
|
return nil, fmt.Errorf("failed to parse config: %v", err)
|
||||||
}
|
}
|
||||||
|
|
||||||
return result, nil
|
return result, nil
|
||||||
@ -85,8 +93,8 @@ func HashPassword(pw []byte) (string, error) {
|
|||||||
return string(hash), nil
|
return string(hash), nil
|
||||||
}
|
}
|
||||||
|
|
||||||
func (ur *UserConfig) PasswordCheck(pwToCheck string) error {
|
func (uc *UserConfig) PasswordCheck(pwToCheck string) error {
|
||||||
hashedPassword := []byte(ur.DB.GetString("password"))
|
hashedPassword := []byte(uc.PassWord)
|
||||||
bytePwToCheck := []byte(pwToCheck)
|
bytePwToCheck := []byte(pwToCheck)
|
||||||
|
|
||||||
err := bcrypt.CompareHashAndPassword(hashedPassword, bytePwToCheck)
|
err := bcrypt.CompareHashAndPassword(hashedPassword, bytePwToCheck)
|
||||||
@ -94,6 +102,67 @@ func (ur *UserConfig) PasswordCheck(pwToCheck string) error {
|
|||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func (uco *UserConfigOther) ConvertIIDToAddress(localNet *net.IPNet) net.IP {
|
||||||
|
if localNet == nil {
|
||||||
|
return nil
|
||||||
|
}
|
||||||
|
out := make(net.IP, net.IPv6len)
|
||||||
|
ipiid := net.ParseIP(uco.V6IID)
|
||||||
|
for i := 0; i < net.IPv6len; i++ {
|
||||||
|
// We take the corresponding byte from the IID and mask it out with the
|
||||||
|
// inversed Mask of the network we got (in essence a Host Mask). This
|
||||||
|
// leaves us those bits, that are not taken by the netmask, so that we
|
||||||
|
// can OR all this together.
|
||||||
|
maskedIID := ipiid[i] &^ localNet.Mask[i]
|
||||||
|
out[i] = localNet.IP[i] | maskedIID
|
||||||
|
}
|
||||||
|
return out
|
||||||
|
}
|
||||||
|
|
||||||
|
func (ucn *UserConfigNFT) ValidateSetNames() bool {
|
||||||
|
if ucn.Set4 == "" && ucn.Set6 == "" {
|
||||||
|
return true
|
||||||
|
}
|
||||||
|
return ucn.Set4 != ucn.Set6
|
||||||
|
}
|
||||||
|
|
||||||
|
func (uc *UserConfig) Validate() error {
|
||||||
|
if !uc.Router.NFT.ValidateSetNames() {
|
||||||
|
return errors.New("router NFT set names invalid (probably identical for v4 and v6)")
|
||||||
|
}
|
||||||
|
if uc.Router.DNS == "" {
|
||||||
|
return errors.New("router record has no DNS")
|
||||||
|
}
|
||||||
|
|
||||||
|
dnsnames := make(map[string]bool)
|
||||||
|
dnsnames[uc.Router.DNS] = true
|
||||||
|
|
||||||
|
for i, other := range uc.Others {
|
||||||
|
if other.DNS == "" {
|
||||||
|
return fmt.Errorf("other record #%d has no DNS", i)
|
||||||
|
}
|
||||||
|
if dnsnames[other.DNS] {
|
||||||
|
return fmt.Errorf("the DNS FQDN %s is used twice", other.DNS)
|
||||||
|
}
|
||||||
|
dnsnames[other.DNS] = true
|
||||||
|
if !other.NFT.ValidateSetNames() {
|
||||||
|
return fmt.Errorf("other %s NFT set names invalid (probably identical for v4 and v6)", other.DNS)
|
||||||
|
}
|
||||||
|
if other.V6IID == "" {
|
||||||
|
return fmt.Errorf("other record %s has no V6IID", other.DNS)
|
||||||
|
}
|
||||||
|
iidIP := net.ParseIP(other.V6IID)
|
||||||
|
if iidIP == nil {
|
||||||
|
return fmt.Errorf("other record %s has invalid V6IID %s", other.DNS, other.V6IID)
|
||||||
|
}
|
||||||
|
if iidIP.To4() != nil {
|
||||||
|
return fmt.Errorf("other record %s IID looks like an IPv4 Address", other.DNS)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
return nil
|
||||||
|
}
|
||||||
|
|
||||||
func (uc *UserConfig) PrettyPrint() string {
|
func (uc *UserConfig) PrettyPrint() string {
|
||||||
s, err := json.MarshalIndent(uc, "", " ")
|
s, err := json.MarshalIndent(uc, "", " ")
|
||||||
if err != nil {
|
if err != nil {
|
||||||
|
@ -1,4 +1,3 @@
|
|||||||
username: test
|
|
||||||
password: $2a$10$ymHFfGjKINWsUKwEo5xp.efN6DR6NkiRCXsbH4VWo0Nnzma8Yc.82
|
password: $2a$10$ymHFfGjKINWsUKwEo5xp.efN6DR6NkiRCXsbH4VWo0Nnzma8Yc.82
|
||||||
router:
|
router:
|
||||||
DNS: brandfeld.dyn.local
|
DNS: brandfeld.dyn.local
|
@ -5,19 +5,18 @@ import (
|
|||||||
"log"
|
"log"
|
||||||
"net/http"
|
"net/http"
|
||||||
|
|
||||||
"gitea.nehmer.net/torben/dyndns/service"
|
|
||||||
"github.com/gorilla/mux"
|
"github.com/gorilla/mux"
|
||||||
)
|
)
|
||||||
|
|
||||||
func Server() {
|
var router = mux.NewRouter()
|
||||||
r := mux.NewRouter()
|
|
||||||
r.StrictSlash(true)
|
|
||||||
|
|
||||||
r.HandleFunc("/hello", handleHello)
|
func Server() {
|
||||||
r.HandleFunc("/update", handleUpdate)
|
router.StrictSlash(true)
|
||||||
|
|
||||||
|
router.HandleFunc("/hello", handleHello)
|
||||||
|
|
||||||
log.Printf("Listening to: %s", C.ListenAddress)
|
log.Printf("Listening to: %s", C.ListenAddress)
|
||||||
go log.Fatal(http.ListenAndServe(C.ListenAddress, r))
|
go log.Fatal(http.ListenAndServe(C.ListenAddress, router))
|
||||||
}
|
}
|
||||||
|
|
||||||
func handleHello(w http.ResponseWriter, r *http.Request) {
|
func handleHello(w http.ResponseWriter, r *http.Request) {
|
||||||
@ -28,43 +27,3 @@ func handleHello(w http.ResponseWriter, r *http.Request) {
|
|||||||
log.Println(r.Form)
|
log.Println(r.Form)
|
||||||
fmt.Fprint(w, "<html><body><p>Hello World</p></body></html>")
|
fmt.Fprint(w, "<html><body><p>Hello World</p></body></html>")
|
||||||
}
|
}
|
||||||
|
|
||||||
func handleUpdate(w http.ResponseWriter, r *http.Request) {
|
|
||||||
err := r.ParseForm()
|
|
||||||
if err != nil {
|
|
||||||
http.Error(w, err.Error(), http.StatusBadRequest)
|
|
||||||
return
|
|
||||||
}
|
|
||||||
|
|
||||||
ur, err := createUpdateRequestFromForm(r.Form)
|
|
||||||
if err != nil {
|
|
||||||
http.Error(w, err.Error(), http.StatusBadRequest)
|
|
||||||
return
|
|
||||||
}
|
|
||||||
|
|
||||||
uc, err := service.LoadConfigForUser(ur.UserName, ur.Password)
|
|
||||||
if err != nil {
|
|
||||||
if _, ok := err.(*service.UnauthorizedError); ok {
|
|
||||||
http.Error(w, err.Error(), http.StatusUnauthorized)
|
|
||||||
} else {
|
|
||||||
http.Error(w, err.Error(), http.StatusInternalServerError)
|
|
||||||
}
|
|
||||||
return
|
|
||||||
}
|
|
||||||
v := uc.DB
|
|
||||||
|
|
||||||
w.Header().Set("Content-Type", "text/plain")
|
|
||||||
fmt.Fprintln(w, "OK")
|
|
||||||
fmt.Fprintln(w, ur.PrettyPrint())
|
|
||||||
log.Println(ur.PrettyPrint())
|
|
||||||
log.Println(ur.IPv6Net.IP)
|
|
||||||
log.Println(ur.IPv6Net.Mask)
|
|
||||||
log.Println(v.AllSettings())
|
|
||||||
log.Printf("Request PW: %s, Config PW: %s", ur.Password, v.GetString("password"))
|
|
||||||
fmt.Fprintln(w, "Unmarshalled userconfig:")
|
|
||||||
fmt.Fprintln(w, uc.PrettyPrint())
|
|
||||||
fmt.Fprintln(w, "WebAPI Config:")
|
|
||||||
fmt.Fprintln(w, C.PrettyPrint())
|
|
||||||
fmt.Fprintln(w, "Service Config:")
|
|
||||||
fmt.Fprintln(w, service.C.PrettyPrint())
|
|
||||||
}
|
|
||||||
|
58
webapi/update.go
Normal file
58
webapi/update.go
Normal file
@ -0,0 +1,58 @@
|
|||||||
|
package webapi
|
||||||
|
|
||||||
|
import (
|
||||||
|
"fmt"
|
||||||
|
"log"
|
||||||
|
"net/http"
|
||||||
|
|
||||||
|
"gitea.nehmer.net/torben/dyndns/service"
|
||||||
|
)
|
||||||
|
|
||||||
|
func init() {
|
||||||
|
router.HandleFunc("/update", handleUpdate)
|
||||||
|
}
|
||||||
|
|
||||||
|
func handleUpdate(w http.ResponseWriter, r *http.Request) {
|
||||||
|
err := r.ParseForm()
|
||||||
|
if err != nil {
|
||||||
|
http.Error(w, err.Error(), http.StatusBadRequest)
|
||||||
|
return
|
||||||
|
}
|
||||||
|
|
||||||
|
ur, err := createUpdateRequestFromForm(r.Form)
|
||||||
|
if err != nil {
|
||||||
|
http.Error(w, err.Error(), http.StatusBadRequest)
|
||||||
|
return
|
||||||
|
}
|
||||||
|
|
||||||
|
uc, err := service.LoadConfigForUser(ur.UserName, ur.Password)
|
||||||
|
if err != nil {
|
||||||
|
if _, ok := err.(*service.UnauthorizedError); ok {
|
||||||
|
http.Error(w, err.Error(), http.StatusUnauthorized)
|
||||||
|
} else {
|
||||||
|
http.Error(w, err.Error(), http.StatusInternalServerError)
|
||||||
|
}
|
||||||
|
log.Printf("Authorization failed: %v", err)
|
||||||
|
return
|
||||||
|
}
|
||||||
|
|
||||||
|
w.Header().Set("Content-Type", "text/plain")
|
||||||
|
fmt.Fprintln(w, "OK")
|
||||||
|
fmt.Fprintln(w, ur.PrettyPrint())
|
||||||
|
log.Println(ur.PrettyPrint())
|
||||||
|
log.Println(ur.IPv6Net.IP)
|
||||||
|
log.Println(ur.IPv6Net.Mask)
|
||||||
|
log.Printf("Request PW: %s, Config PW: %s", ur.Password, uc.PassWord)
|
||||||
|
fmt.Fprintln(w, "Unmarshalled userconfig:")
|
||||||
|
fmt.Fprintln(w, uc.PrettyPrint())
|
||||||
|
fmt.Fprintln(w, "WebAPI Config:")
|
||||||
|
fmt.Fprintln(w, C.PrettyPrint())
|
||||||
|
fmt.Fprintln(w, "Service Config:")
|
||||||
|
fmt.Fprintln(w, service.C.PrettyPrint())
|
||||||
|
|
||||||
|
for _, other := range uc.Others {
|
||||||
|
log.Printf("Other %s, IID %v, UR V6NEt: %v, merged: %v",
|
||||||
|
other.DNS, other.V6IID, ur.IPv6Net,
|
||||||
|
other.ConvertIIDToAddress(ur.IPv6Net))
|
||||||
|
}
|
||||||
|
}
|
@ -14,14 +14,12 @@ type UpdateRequest struct {
|
|||||||
IPv6 net.IP
|
IPv6 net.IP
|
||||||
UserName string
|
UserName string
|
||||||
Password string
|
Password string
|
||||||
Domain string
|
|
||||||
DualStack bool
|
|
||||||
IPv6Net *net.IPNet
|
IPv6Net *net.IPNet
|
||||||
}
|
}
|
||||||
|
|
||||||
func (ur *UpdateRequest) String() string {
|
func (ur *UpdateRequest) String() string {
|
||||||
return fmt.Sprintf("IPv4: %v, IPv6: %v, UserName: %v, Password: %v, Domain: %v, DualStack: %v, IPv6Net: %v",
|
return fmt.Sprintf("IPv4: %v, IPv6: %v, UserName: %v, Password: %v, IPv6Net: %v",
|
||||||
ur.IPv4, ur.IPv6, ur.UserName, ur.Password, ur.Domain, ur.DualStack, ur.IPv6Net)
|
ur.IPv4, ur.IPv6, ur.UserName, ur.Password, ur.IPv6Net)
|
||||||
}
|
}
|
||||||
|
|
||||||
func (ur *UpdateRequest) PrettyPrint() string {
|
func (ur *UpdateRequest) PrettyPrint() string {
|
||||||
@ -57,17 +55,6 @@ func createUpdateRequestFromForm(form url.Values) (*UpdateRequest, error) {
|
|||||||
return nil, errors.New("a Password must be specified")
|
return nil, errors.New("a Password must be specified")
|
||||||
}
|
}
|
||||||
|
|
||||||
ur.Domain = form.Get("Domain")
|
|
||||||
if ur.Domain == "" {
|
|
||||||
return nil, errors.New("a Domain must be specified")
|
|
||||||
}
|
|
||||||
|
|
||||||
if form.Get("DualStack") == "1" {
|
|
||||||
ur.DualStack = true
|
|
||||||
} else {
|
|
||||||
ur.DualStack = false
|
|
||||||
}
|
|
||||||
|
|
||||||
if ip6net := form.Get("IPv6Net"); ip6net != "" {
|
if ip6net := form.Get("IPv6Net"); ip6net != "" {
|
||||||
_, ipnet, err := net.ParseCIDR(ip6net)
|
_, ipnet, err := net.ParseCIDR(ip6net)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
|
Loading…
Reference in New Issue
Block a user