public_git
/
wg-portal
mirror of https://github.com/h44z/wg-portal.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

deployment api completed (#11)

This commit is contained in:
Christoph Haas 2021-04-29 11:23:32 +02:00
parent 9c8a1df01f
commit 7b1f59d86a
3 changed files with 141 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

63
internal/server/api.go
View File

@ -732,6 +732,63 @@ func (s *ApiServer) PatchDevice(c *gin.Context) {
c.JSON(http.StatusNotImplemented, device) c.JSON(http.StatusNotImplemented, device)
} }
type PeerDeploymentInformation struct {
PublicKey string
Identifier string
Device string
DeviceIdentifier string
}
// GetPeerDeploymentInformation godoc
// @Tags Provisioning
// @Summary Retrieves all active peers for the given email address
// @Produce json
// @Param email path string true "Email Address"
// @Success 200 {object} []PeerDeploymentInformation "All active WireGuard peers"
// @Failure 401 {object} ApiError
// @Failure 403 {object} ApiError
// @Failure 404 {object} ApiError
// @Router /provisioning/peers/{email} [get]
// @Security GeneralBasicAuth
func (s *ApiServer) GetPeerDeploymentInformation(c *gin.Context) {
email := c.Param("email")
if email == "" {
c.JSON(http.StatusBadRequest, ApiError{Message: "email parameter must be specified"})
return
}
// Get authenticated user to check permissions
username, _, _ := c.Request.BasicAuth()
user := s.s.users.GetUser(username)
if !user.IsAdmin && user.Email != email {
c.JSON(http.StatusForbidden, ApiError{Message: "not enough permissions to access this resource"})
return
}
peers := s.s.peers.GetPeersByMail(email)
result := make([]PeerDeploymentInformation, 0, len(peers))
for i := range peers {
if peers[i].DeactivatedAt != nil {
continue // skip deactivated peers
}
device := s.s.peers.GetDevice(peers[i].DeviceName)
if device.Type != wireguard.DeviceTypeServer {
continue // Skip peers on non-server devices
}
result = append(result, PeerDeploymentInformation{
PublicKey: peers[i].PublicKey,
Identifier: peers[i].Identifier,
Device: device.DeviceName,
DeviceIdentifier: device.DisplayName,
})
}
c.JSON(http.StatusOK, result)
}
// GetPeerDeploymentConfig godoc // GetPeerDeploymentConfig godoc
// @Tags Provisioning // @Tags Provisioning
// @Summary Retrieves the peer config for the given public key // @Summary Retrieves the peer config for the given public key
@ -760,7 +817,7 @@ func (s *ApiServer) GetPeerDeploymentConfig(c *gin.Context) {
username, _, _ := c.Request.BasicAuth() username, _, _ := c.Request.BasicAuth()
user := s.s.users.GetUser(username) user := s.s.users.GetUser(username)
if !user.IsAdmin && user.Email == peer.Email { if !user.IsAdmin && user.Email != peer.Email {
c.JSON(http.StatusForbidden, ApiError{Message: "not enough permissions to access this resource"}) c.JSON(http.StatusForbidden, ApiError{Message: "not enough permissions to access this resource"})
return return
} }
@ -799,7 +856,7 @@ type ProvisioningRequest struct {
// @Failure 401 {object} ApiError // @Failure 401 {object} ApiError
// @Failure 403 {object} ApiError // @Failure 403 {object} ApiError
// @Failure 404 {object} ApiError // @Failure 404 {object} ApiError
// @Router /provisioning/peer [post] // @Router /provisioning/peers [post]
// @Security GeneralBasicAuth // @Security GeneralBasicAuth
func (s *ApiServer) PostPeerDeploymentConfig(c *gin.Context) { func (s *ApiServer) PostPeerDeploymentConfig(c *gin.Context) {
req := ProvisioningRequest{} req := ProvisioningRequest{}
@ -817,7 +874,7 @@ func (s *ApiServer) PostPeerDeploymentConfig(c *gin.Context) {
return return
} }
if !user.IsAdmin && user.Email == req.Email { if !user.IsAdmin && user.Email != req.Email {
c.JSON(http.StatusForbidden, ApiError{Message: "not enough permissions to access this resource"}) c.JSON(http.StatusForbidden, ApiError{Message: "not enough permissions to access this resource"})
return return
} }

87
internal/server/docs/docs.go
View File

@ -1039,7 +1039,58 @@ var doc = `{
} }
} }
}, },
"/provisioning/peer": { "/provisioning/peer/{pkey}": {
"get": {
"security": [
{
"GeneralBasicAuth": []
}
],
"produces": [
"text/plain"
],
"tags": [
"Provisioning"
],
"summary": "Retrieves the peer config for the given public key",
"parameters": [
{
"type": "string",
"description": "Public Key (Base 64)",
"name": "pkey",
"in": "path",
"required": true
}
],
"responses": {
"200": {
"description": "The WireGuard configuration file",
"schema": {
"type": "string"
}
},
"401": {
"description": "Unauthorized",
"schema": {
"$ref": "#/definitions/server.ApiError"
}
},
"403": {
"description": "Forbidden",
"schema": {
"$ref": "#/definitions/server.ApiError"
}
},
"404": {
"description": "Not Found",
"schema": {
"$ref": "#/definitions/server.ApiError"
}
}
}
}
},
"/provisioning/peers": {
"post": { "post": {
"security": [ "security": [
{ {
@ -1095,7 +1146,7 @@ var doc = `{
} }
} }
}, },
"/provisioning/peer/{pkey}": { "/provisioning/peers/{email}": {
"get": { "get": {
"security": [ "security": [
{ {
@ -1103,26 +1154,29 @@ var doc = `{
} }
], ],
"produces": [ "produces": [
"text/plain" "application/json"
], ],
"tags": [ "tags": [
"Provisioning" "Provisioning"
], ],
"summary": "Retrieves the peer config for the given public key", "summary": "Retrieves all active peers for the given email address",
"parameters": [ "parameters": [
{ {
"type": "string", "type": "string",
"description": "Public Key (Base 64)", "description": "Email Address",
"name": "pkey", "name": "email",
"in": "path", "in": "path",
"required": true "required": true
} }
], ],
"responses": { "responses": {
"200": { "200": {
"description": "The WireGuard configuration file", "description": "All active WireGuard peers",
"schema": { "schema": {
"type": "string" "type": "array",
"items": {
"$ref": "#/definitions/server.PeerDeploymentInformation"
}
} }
}, },
"401": { "401": {
@ -1168,6 +1222,23 @@ var doc = `{
} }
} }
}, },
"server.PeerDeploymentInformation": {
"type": "object",
"properties": {
"device": {
"type": "string"
},
"deviceIdentifier": {
"type": "string"
},
"identifier": {
"type": "string"
},
"publicKey": {
"type": "string"
}
}
},
"server.ProvisioningRequest": { "server.ProvisioningRequest": {
"type": "object", "type": "object",
"required": [ "required": [

3
internal/server/routes.go
View File

@ -107,8 +107,9 @@ func SetupApiRoutes(s *Server) {
apiV1Deployment := s.server.Group("/api/v1/provisioning") apiV1Deployment := s.server.Group("/api/v1/provisioning")
apiV1Deployment.Use(s.RequireApiAuthentication("")) apiV1Deployment.Use(s.RequireApiAuthentication(""))
apiV1Deployment.GET("/peers/:email", api.GetPeerDeploymentInformation)
apiV1Deployment.GET("/peer/:pkey", api.GetPeerDeploymentConfig) apiV1Deployment.GET("/peer/:pkey", api.GetPeerDeploymentConfig)
apiV1Deployment.POST("/peer", api.PostPeerDeploymentConfig) apiV1Deployment.POST("/peers", api.PostPeerDeploymentConfig)
// Swagger doc/ui // Swagger doc/ui
s.server.GET("/swagger/*any", ginSwagger.WrapHandler(swaggerFiles.Handler)) s.server.GET("/swagger/*any", ginSwagger.WrapHandler(swaggerFiles.Handler))