Next implementation steps

- Simplified UpdateRequest to the minimum required
- renamed test user to example
- removed user property from yml config, it is given by the file name.
- splitted server code analogous to command line code so that each handler has its own file.
- made viper confgi in userconfig internal
- added validation to userconfig
- added helper to combaine an IID with a v6net in userconfig
This commit is contained in:
Torben Nehmer 2021-08-23 20:41:32 +02:00
parent fbfd75bf99
commit fbf10f9d1b
5 changed files with 146 additions and 74 deletions

View File

@ -2,8 +2,10 @@ package service
import ( import (
"encoding/json" "encoding/json"
"errors"
"fmt" "fmt"
"log" "log"
"net"
"os" "os"
"path" "path"
@ -18,7 +20,7 @@ func (uae UnauthorizedError) Error() string {
} }
type UserConfig struct { type UserConfig struct {
DB *viper.Viper db *viper.Viper
UserName string UserName string
PassWord string PassWord string
@ -62,16 +64,22 @@ func LoadConfigForUser(username string, password string) (*UserConfig, error) {
return nil, fmt.Errorf("failed to parse config file %s: %v", configFile, err) return nil, fmt.Errorf("failed to parse config file %s: %v", configFile, err)
} }
result := &UserConfig{DB: v} result := &UserConfig{db: v, UserName: username}
err = result.db.Unmarshal(result)
if err != nil {
return nil, fmt.Errorf("failed to unmarshal config file %s: %v", configFile, err)
}
err = result.PasswordCheck(password) err = result.PasswordCheck(password)
if err != nil { if err != nil {
log.Printf("Failed to check password")
return nil, UnauthorizedError("pwcheck failed") return nil, UnauthorizedError("pwcheck failed")
} }
err = result.DB.Unmarshal(result) err = result.Validate()
if err != nil { if err != nil {
return nil, fmt.Errorf("failed to unmarshal config file %s: %v", configFile, err) return nil, fmt.Errorf("failed to parse config: %v", err)
} }
return result, nil return result, nil
@ -85,8 +93,8 @@ func HashPassword(pw []byte) (string, error) {
return string(hash), nil return string(hash), nil
} }
func (ur *UserConfig) PasswordCheck(pwToCheck string) error { func (uc *UserConfig) PasswordCheck(pwToCheck string) error {
hashedPassword := []byte(ur.DB.GetString("password")) hashedPassword := []byte(uc.PassWord)
bytePwToCheck := []byte(pwToCheck) bytePwToCheck := []byte(pwToCheck)
err := bcrypt.CompareHashAndPassword(hashedPassword, bytePwToCheck) err := bcrypt.CompareHashAndPassword(hashedPassword, bytePwToCheck)
@ -94,6 +102,67 @@ func (ur *UserConfig) PasswordCheck(pwToCheck string) error {
return err return err
} }
func (uco *UserConfigOther) ConvertIIDToAddress(localNet *net.IPNet) net.IP {
if localNet == nil {
return nil
}
out := make(net.IP, net.IPv6len)
ipiid := net.ParseIP(uco.V6IID)
for i := 0; i < net.IPv6len; i++ {
// We take the corresponding byte from the IID and mask it out with the
// inversed Mask of the network we got (in essence a Host Mask). This
// leaves us those bits, that are not taken by the netmask, so that we
// can OR all this together.
maskedIID := ipiid[i] &^ localNet.Mask[i]
out[i] = localNet.IP[i] | maskedIID
}
return out
}
func (ucn *UserConfigNFT) ValidateSetNames() bool {
if ucn.Set4 == "" && ucn.Set6 == "" {
return true
}
return ucn.Set4 != ucn.Set6
}
func (uc *UserConfig) Validate() error {
if !uc.Router.NFT.ValidateSetNames() {
return errors.New("router NFT set names invalid (probably identical for v4 and v6)")
}
if uc.Router.DNS == "" {
return errors.New("router record has no DNS")
}
dnsnames := make(map[string]bool)
dnsnames[uc.Router.DNS] = true
for i, other := range uc.Others {
if other.DNS == "" {
return fmt.Errorf("other record #%d has no DNS", i)
}
if dnsnames[other.DNS] {
return fmt.Errorf("the DNS FQDN %s is used twice", other.DNS)
}
dnsnames[other.DNS] = true
if !other.NFT.ValidateSetNames() {
return fmt.Errorf("other %s NFT set names invalid (probably identical for v4 and v6)", other.DNS)
}
if other.V6IID == "" {
return fmt.Errorf("other record %s has no V6IID", other.DNS)
}
iidIP := net.ParseIP(other.V6IID)
if iidIP == nil {
return fmt.Errorf("other record %s has invalid V6IID %s", other.DNS, other.V6IID)
}
if iidIP.To4() != nil {
return fmt.Errorf("other record %s IID looks like an IPv4 Address", other.DNS)
}
}
return nil
}
func (uc *UserConfig) PrettyPrint() string { func (uc *UserConfig) PrettyPrint() string {
s, err := json.MarshalIndent(uc, "", " ") s, err := json.MarshalIndent(uc, "", " ")
if err != nil { if err != nil {

View File

@ -1,4 +1,3 @@
username: test
password: $2a$10$ymHFfGjKINWsUKwEo5xp.efN6DR6NkiRCXsbH4VWo0Nnzma8Yc.82 password: $2a$10$ymHFfGjKINWsUKwEo5xp.efN6DR6NkiRCXsbH4VWo0Nnzma8Yc.82
router: router:
DNS: brandfeld.dyn.local DNS: brandfeld.dyn.local

View File

@ -5,19 +5,18 @@ import (
"log" "log"
"net/http" "net/http"
"gitea.nehmer.net/torben/dyndns/service"
"github.com/gorilla/mux" "github.com/gorilla/mux"
) )
func Server() { var router = mux.NewRouter()
r := mux.NewRouter()
r.StrictSlash(true)
r.HandleFunc("/hello", handleHello) func Server() {
r.HandleFunc("/update", handleUpdate) router.StrictSlash(true)
router.HandleFunc("/hello", handleHello)
log.Printf("Listening to: %s", C.ListenAddress) log.Printf("Listening to: %s", C.ListenAddress)
go log.Fatal(http.ListenAndServe(C.ListenAddress, r)) go log.Fatal(http.ListenAndServe(C.ListenAddress, router))
} }
func handleHello(w http.ResponseWriter, r *http.Request) { func handleHello(w http.ResponseWriter, r *http.Request) {
@ -28,43 +27,3 @@ func handleHello(w http.ResponseWriter, r *http.Request) {
log.Println(r.Form) log.Println(r.Form)
fmt.Fprint(w, "<html><body><p>Hello World</p></body></html>") fmt.Fprint(w, "<html><body><p>Hello World</p></body></html>")
} }
func handleUpdate(w http.ResponseWriter, r *http.Request) {
err := r.ParseForm()
if err != nil {
http.Error(w, err.Error(), http.StatusBadRequest)
return
}
ur, err := createUpdateRequestFromForm(r.Form)
if err != nil {
http.Error(w, err.Error(), http.StatusBadRequest)
return
}
uc, err := service.LoadConfigForUser(ur.UserName, ur.Password)
if err != nil {
if _, ok := err.(*service.UnauthorizedError); ok {
http.Error(w, err.Error(), http.StatusUnauthorized)
} else {
http.Error(w, err.Error(), http.StatusInternalServerError)
}
return
}
v := uc.DB
w.Header().Set("Content-Type", "text/plain")
fmt.Fprintln(w, "OK")
fmt.Fprintln(w, ur.PrettyPrint())
log.Println(ur.PrettyPrint())
log.Println(ur.IPv6Net.IP)
log.Println(ur.IPv6Net.Mask)
log.Println(v.AllSettings())
log.Printf("Request PW: %s, Config PW: %s", ur.Password, v.GetString("password"))
fmt.Fprintln(w, "Unmarshalled userconfig:")
fmt.Fprintln(w, uc.PrettyPrint())
fmt.Fprintln(w, "WebAPI Config:")
fmt.Fprintln(w, C.PrettyPrint())
fmt.Fprintln(w, "Service Config:")
fmt.Fprintln(w, service.C.PrettyPrint())
}

58
webapi/update.go Normal file
View File

@ -0,0 +1,58 @@
package webapi
import (
"fmt"
"log"
"net/http"
"gitea.nehmer.net/torben/dyndns/service"
)
func init() {
router.HandleFunc("/update", handleUpdate)
}
func handleUpdate(w http.ResponseWriter, r *http.Request) {
err := r.ParseForm()
if err != nil {
http.Error(w, err.Error(), http.StatusBadRequest)
return
}
ur, err := createUpdateRequestFromForm(r.Form)
if err != nil {
http.Error(w, err.Error(), http.StatusBadRequest)
return
}
uc, err := service.LoadConfigForUser(ur.UserName, ur.Password)
if err != nil {
if _, ok := err.(*service.UnauthorizedError); ok {
http.Error(w, err.Error(), http.StatusUnauthorized)
} else {
http.Error(w, err.Error(), http.StatusInternalServerError)
}
log.Printf("Authorization failed: %v", err)
return
}
w.Header().Set("Content-Type", "text/plain")
fmt.Fprintln(w, "OK")
fmt.Fprintln(w, ur.PrettyPrint())
log.Println(ur.PrettyPrint())
log.Println(ur.IPv6Net.IP)
log.Println(ur.IPv6Net.Mask)
log.Printf("Request PW: %s, Config PW: %s", ur.Password, uc.PassWord)
fmt.Fprintln(w, "Unmarshalled userconfig:")
fmt.Fprintln(w, uc.PrettyPrint())
fmt.Fprintln(w, "WebAPI Config:")
fmt.Fprintln(w, C.PrettyPrint())
fmt.Fprintln(w, "Service Config:")
fmt.Fprintln(w, service.C.PrettyPrint())
for _, other := range uc.Others {
log.Printf("Other %s, IID %v, UR V6NEt: %v, merged: %v",
other.DNS, other.V6IID, ur.IPv6Net,
other.ConvertIIDToAddress(ur.IPv6Net))
}
}

View File

@ -14,14 +14,12 @@ type UpdateRequest struct {
IPv6 net.IP IPv6 net.IP
UserName string UserName string
Password string Password string
Domain string
DualStack bool
IPv6Net *net.IPNet IPv6Net *net.IPNet
} }
func (ur *UpdateRequest) String() string { func (ur *UpdateRequest) String() string {
return fmt.Sprintf("IPv4: %v, IPv6: %v, UserName: %v, Password: %v, Domain: %v, DualStack: %v, IPv6Net: %v", return fmt.Sprintf("IPv4: %v, IPv6: %v, UserName: %v, Password: %v, IPv6Net: %v",
ur.IPv4, ur.IPv6, ur.UserName, ur.Password, ur.Domain, ur.DualStack, ur.IPv6Net) ur.IPv4, ur.IPv6, ur.UserName, ur.Password, ur.IPv6Net)
} }
func (ur *UpdateRequest) PrettyPrint() string { func (ur *UpdateRequest) PrettyPrint() string {
@ -57,17 +55,6 @@ func createUpdateRequestFromForm(form url.Values) (*UpdateRequest, error) {
return nil, errors.New("a Password must be specified") return nil, errors.New("a Password must be specified")
} }
ur.Domain = form.Get("Domain")
if ur.Domain == "" {
return nil, errors.New("a Domain must be specified")
}
if form.Get("DualStack") == "1" {
ur.DualStack = true
} else {
ur.DualStack = false
}
if ip6net := form.Get("IPv6Net"); ip6net != "" { if ip6net := form.Get("IPv6Net"); ip6net != "" {
_, ipnet, err := net.ParseCIDR(ip6net) _, ipnet, err := net.ParseCIDR(ip6net)
if err != nil { if err != nil {