add stats and kill http calls

2019-07-11 12:20:08 +02:00
parent 24406ca0f4
commit f73b2c117a
6 changed files with 219 additions and 77 deletions
--- a/httpd.go
+++ b/httpd.go
@@ -8,21 +8,48 @@ import (
 	"encoding/json"
 	"fmt"
 	"io"
+	"io/ioutil"
 	"log"
 	"net/http"
 	"os"
+	"strings"
 )

+type jsonInput struct {
+	Action string          `json:"action"`
+	Params jsonInputParams `json:"params"`
+}
+
+type jsonInputParams struct {
+	Id      int    `json:"id"`
+	Session string `json:"session"`
+}
+
 type HttpServer struct {
-	Port     string
-	ovpn     *OpenVpnMgt
-	key      string
-	cert     string
-	certPool *x509.CertPool
+	Port          string
+	ovpn          *OpenVpnMgt
+	key           string
+	cert          string
+	minProfile    string
+	neededProfile string
+	certPool      *x509.CertPool
+}
+
+func parseJsonQuery(r *http.Request) (*jsonInput, error) {
+	var in jsonInput
+	body, err := ioutil.ReadAll(r.Body)
+	if err != nil {
+		return nil, err
+	}
+	if err = json.Unmarshal(body, &in); err !=
+		nil {
+		return nil, err
+	}
+	return &in, nil
 }

 func (h *HttpServer) handler(w http.ResponseWriter, r *http.Request) {
-	fmt.Fprintf(w, "Hi there, I love %s!", r.URL.Path[1:])
+	fmt.Fprintf(w, "nothing here\n")
 }

 func (h *HttpServer) versionHandler(w http.ResponseWriter, r *http.Request) {
@@ -50,15 +77,91 @@ func (h *HttpServer) helpHandler(w http.ResponseWriter, r *http.Request) {
 	fmt.Fprintf(w, "%s", jsonStr)
 }

-func NewHTTPServer(port, key, cert, ca string, s *OpenVpnMgt) {
+func (h *HttpServer) ajaxHandler(w http.ResponseWriter, r *http.Request) {
+	var sslUsage = []x509.ExtKeyUsage{x509.ExtKeyUsageAny}
+
+	// deactivate if there is no https auth
+	if h.key == "" || h.cert == "" || h.certPool == nil {
+		http.Error(w, "No security, deactivated", 403)
+		return
+	}
+
+	// add CORS headers
+	w.Header().Set("Access-Control-Allow-Origin", r.Header.Get("Origin"))
+	w.Header().Set("Access-Control-Allow-Methods", "POST")
+	w.Header().Set("Access-Control-Allow-Credentials", "true")
+	w.Header().Set("Access-Control-Allow-Headers", "content-type, accept, origin, user-agent, Accept-Encoding")
+
+	// stop here if the method is OPTIONS, to allow CORS to work
+	if r.Method == "OPTIONS" {
+		return
+	}
+
+	// stop here if the method is OPTIONS, to allow CORS to work
+	if r.Method != "POST" {
+		http.Error(w, "post only", 405)
+		return
+	}
+
+	// ssl auth
+	if len(r.TLS.PeerCertificates) == 0 {
+		log.Println(len(r.TLS.PeerCertificates))
+		http.Error(w, "Need certificate", 403)
+		return
+	}
+	opts := x509.VerifyOptions{Roots: h.certPool, KeyUsages: sslUsage}
+	if _, err := r.TLS.PeerCertificates[0].Verify(opts); err != nil {
+		http.Error(w, "Bad certificate", 403)
+		return
+	}
+
+	profile, _ := h.ovpn.AuthLoop(h.minProfile,
+		strings.Replace(r.TLS.PeerCertificates[0].Subject.CommonName, " ", "", -1), "", false)
+	if profile != h.neededProfile {
+		http.Error(w, fmt.Sprintf("You need the %s profile", h.neededProfile), 403)
+		return
+	}
+
+	req, err := parseJsonQuery(r)
+	if err != nil {
+		log.Println(err)
+		http.Error(w, "Invalid request", 500)
+		return
+	}
+
+	switch req.Action {
+	case "stats":
+		jsonStr, err := json.Marshal(h.ovpn.Stats())
+		if err != nil {
+			fmt.Fprintf(w, "Error : %s", err)
+		}
+		fmt.Fprintf(w, "%s", jsonStr)
+
+	case "kill":
+		if err := h.ovpn.Kill(req.Params.Session, req.Params.Id); err != nil {
+			http.Error(w, fmt.Sprintf("%s", err), 500)
+		}
+
+	default:
+		http.Error(w, "Invalid request", 500)
+
+	}
+
+	return
+}
+
+func NewHTTPServer(port, key, cert, ca, minProfile, neededProfile string, s *OpenVpnMgt) {
 	h := &HttpServer{
-		Port: port,
-		ovpn: s,
-		key:  key,
-		cert: cert,
+		Port:          port,
+		ovpn:          s,
+		key:           key,
+		cert:          cert,
+		minProfile:    minProfile,
+		neededProfile: neededProfile,
 	}

 	http.HandleFunc("/help", h.helpHandler)
+	http.HandleFunc("/ajax", h.ajaxHandler)
 	http.HandleFunc("/version", h.versionHandler)
 	http.HandleFunc("/", h.handler)