update
This commit is contained in:
136
httpd.go
136
httpd.go
@@ -1,17 +1,12 @@
|
||||
package main
|
||||
|
||||
import (
|
||||
"bufio"
|
||||
"bytes"
|
||||
"crypto/tls"
|
||||
"crypto/x509"
|
||||
"encoding/json"
|
||||
"errors"
|
||||
"fmt"
|
||||
"io"
|
||||
"io/ioutil"
|
||||
"log"
|
||||
"net/http"
|
||||
"os"
|
||||
)
|
||||
|
||||
type jsonInput struct {
|
||||
@@ -20,18 +15,13 @@ type jsonInput struct {
|
||||
}
|
||||
|
||||
type jsonInputParams struct {
|
||||
Id int `json:"id"`
|
||||
Session string `json:"session"`
|
||||
Server string `json:"server"`
|
||||
Session int `json:"session"`
|
||||
}
|
||||
|
||||
type HttpServer struct {
|
||||
Port string
|
||||
ovpn *OpenVpnMgt
|
||||
key string
|
||||
cert string
|
||||
minProfile string
|
||||
neededProfiles []string
|
||||
certPool *x509.CertPool
|
||||
Port string
|
||||
ovpn *OpenVpnMgt
|
||||
}
|
||||
|
||||
func parseJsonQuery(r *http.Request) (*jsonInput, error) {
|
||||
@@ -52,43 +42,12 @@ func (h *HttpServer) handler(w http.ResponseWriter, r *http.Request) {
|
||||
fmt.Fprintf(w, "\n")
|
||||
}
|
||||
|
||||
func (h *HttpServer) versionHandler(w http.ResponseWriter, r *http.Request) {
|
||||
err, message := h.ovpn.Version()
|
||||
if err != nil {
|
||||
fmt.Fprintf(w, "Error : %s", err)
|
||||
}
|
||||
|
||||
jsonStr, err := json.Marshal(message)
|
||||
if err != nil {
|
||||
fmt.Fprintf(w, "Error : %s", err)
|
||||
}
|
||||
fmt.Fprintf(w, "%s", jsonStr)
|
||||
}
|
||||
|
||||
func (h *HttpServer) helpHandler(w http.ResponseWriter, r *http.Request) {
|
||||
err, message := h.ovpn.Help()
|
||||
if err != nil {
|
||||
fmt.Fprintf(w, "Error : %s", err)
|
||||
}
|
||||
jsonStr, err := json.Marshal(message)
|
||||
if err != nil {
|
||||
fmt.Fprintf(w, "Error : %s", err)
|
||||
}
|
||||
fmt.Fprintf(w, "%s", jsonStr)
|
||||
}
|
||||
|
||||
func (h *HttpServer) ajaxHandler(w http.ResponseWriter, r *http.Request) {
|
||||
//var sslUsage = []x509.ExtKeyUsage{x509.ExtKeyUsageAny}
|
||||
var err error
|
||||
var jsonStr []byte
|
||||
|
||||
w.Header().Set("Content-type", "application/json")
|
||||
|
||||
// deactivate if there is no https auth
|
||||
/*
|
||||
if h.key == "" || h.cert == "" || h.certPool == nil {
|
||||
http.Error(w, "No security, deactivated", 403)
|
||||
return
|
||||
}
|
||||
*/
|
||||
// add CORS headers
|
||||
w.Header().Set("Access-Control-Allow-Origin", r.Header.Get("Origin"))
|
||||
w.Header().Set("Access-Control-Allow-Methods", "POST")
|
||||
@@ -106,27 +65,6 @@ func (h *HttpServer) ajaxHandler(w http.ResponseWriter, r *http.Request) {
|
||||
return
|
||||
}
|
||||
|
||||
// ssl auth
|
||||
/*
|
||||
if len(r.TLS.PeerCertificates) == 0 {
|
||||
log.Println(len(r.TLS.PeerCertificates))
|
||||
http.Error(w, "Need certificate", 403)
|
||||
return
|
||||
}
|
||||
opts := x509.VerifyOptions{Roots: h.certPool, KeyUsages: sslUsage}
|
||||
if _, err := r.TLS.PeerCertificates[0].Verify(opts); err != nil {
|
||||
http.Error(w, "Bad certificate", 403)
|
||||
return
|
||||
}
|
||||
|
||||
webuser := strings.Replace(r.TLS.PeerCertificates[0].Subject.CommonName, " ", "", -1)
|
||||
*/
|
||||
//TODO security
|
||||
|
||||
webuser := "xavier"
|
||||
|
||||
log.Printf("%s is connected via the web interfaces\n", webuser)
|
||||
|
||||
req, err := parseJsonQuery(r)
|
||||
if err != nil {
|
||||
log.Println(err)
|
||||
@@ -135,54 +73,40 @@ func (h *HttpServer) ajaxHandler(w http.ResponseWriter, r *http.Request) {
|
||||
}
|
||||
|
||||
switch req.Action {
|
||||
case "get-remotes":
|
||||
jsonStr, err = json.Marshal(h.ovpn)
|
||||
case "set-remote":
|
||||
err = h.ovpn.SetRemote(req.Params.Server, req.Params.Session)
|
||||
jsonStr = []byte("{\"status\": \"ok\"}")
|
||||
case "version":
|
||||
err, version := h.ovpn.Version()
|
||||
if err != nil {
|
||||
break
|
||||
}
|
||||
jsonStr, err = json.Marshal(version)
|
||||
case "stats":
|
||||
case "kill":
|
||||
default:
|
||||
http.Error(w, "Invalid request", 500)
|
||||
err = errors.New("Invalid request")
|
||||
}
|
||||
|
||||
if err != nil {
|
||||
http.Error(w, fmt.Sprintf("Error : %s", err), 500)
|
||||
return
|
||||
}
|
||||
fmt.Fprintf(w, "%s", jsonStr)
|
||||
|
||||
return
|
||||
}
|
||||
|
||||
func NewHTTPServer(port, key, cert, ca, minProfile string, neededProfiles []string, s *OpenVpnMgt) {
|
||||
func NewHTTPServer(port string, s *OpenVpnMgt) {
|
||||
h := &HttpServer{
|
||||
Port: port,
|
||||
ovpn: s,
|
||||
key: key,
|
||||
cert: cert,
|
||||
minProfile: minProfile,
|
||||
neededProfiles: neededProfiles,
|
||||
Port: port,
|
||||
ovpn: s,
|
||||
}
|
||||
|
||||
http.HandleFunc("/help", h.helpHandler)
|
||||
http.HandleFunc("/ajax", h.ajaxHandler)
|
||||
http.HandleFunc("/version", h.versionHandler)
|
||||
http.HandleFunc("/", h.handler)
|
||||
|
||||
switch {
|
||||
case key == "" || cert == "":
|
||||
log.Fatal(http.ListenAndServe(port, nil))
|
||||
case ca != "":
|
||||
h.certPool = x509.NewCertPool()
|
||||
fi, err := os.Open(ca)
|
||||
if err != nil {
|
||||
log.Fatal(err)
|
||||
}
|
||||
defer fi.Close()
|
||||
buf := new(bytes.Buffer)
|
||||
reader := bufio.NewReader(fi)
|
||||
io.Copy(buf, reader)
|
||||
if ok := h.certPool.AppendCertsFromPEM(buf.Bytes()); !ok {
|
||||
log.Fatal("Failed to append PEM.")
|
||||
}
|
||||
server := &http.Server{
|
||||
Addr: port,
|
||||
TLSConfig: &tls.Config{
|
||||
ClientAuth: tls.RequireAndVerifyClientCert,
|
||||
ClientCAs: h.certPool,
|
||||
},
|
||||
}
|
||||
log.Fatal(server.ListenAndServeTLS(cert, key))
|
||||
default:
|
||||
log.Fatal(http.ListenAndServeTLS(port, cert, key, nil))
|
||||
}
|
||||
log.Fatal(http.ListenAndServe(port, nil))
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user