public_git
/
wireguard-ui
mirror of https://github.com/ngoduykhanh/wireguard-ui.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

authentication fixes

This commit is contained in:
Giorgos Komninos 2021-08-08 19:50:05 +03:00
parent 0981c2fe07
commit dfeb0fbb43
6 changed files with 44 additions and 63 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
docker-compose.yaml
View File

@ -9,6 +9,7 @@ services:
- SENDGRID_API_KEY - SENDGRID_API_KEY
- EMAIL_FROM - EMAIL_FROM
- EMAIL_FROM_NAME - EMAIL_FROM_NAME
- SESSION_SECRET
ports: ports:
- 5000:5000 - 5000:5000
logging: logging:

32
handler/routes.go
View File

@ -79,8 +79,6 @@ func Logout() echo.HandlerFunc {
// WireGuardClients handler // WireGuardClients handler
func WireGuardClients() echo.HandlerFunc { func WireGuardClients() echo.HandlerFunc {
return func(c echo.Context) error { return func(c echo.Context) error {
// access validation
validSession(c)
clientDataList, err := util.GetClients(true) clientDataList, err := util.GetClients(true)
if err != nil { if err != nil {
@ -99,8 +97,6 @@ func WireGuardClients() echo.HandlerFunc {
// GetClients handler return a list of Wireguard client data // GetClients handler return a list of Wireguard client data
func GetClients() echo.HandlerFunc { func GetClients() echo.HandlerFunc {
return func(c echo.Context) error { return func(c echo.Context) error {
// access validation
validSession(c)
clientDataList, err := util.GetClients(true) clientDataList, err := util.GetClients(true)
if err != nil { if err != nil {
@ -116,8 +112,6 @@ func GetClients() echo.HandlerFunc {
// GetClient handler return a of Wireguard client data // GetClient handler return a of Wireguard client data
func GetClient() echo.HandlerFunc { func GetClient() echo.HandlerFunc {
return func(c echo.Context) error { return func(c echo.Context) error {
// access validation
validSession(c)
clientID := c.Param("id") clientID := c.Param("id")
clientData, err := util.GetClientByID(clientID, true) clientData, err := util.GetClientByID(clientID, true)
@ -132,8 +126,6 @@ func GetClient() echo.HandlerFunc {
// NewClient handler // NewClient handler
func NewClient() echo.HandlerFunc { func NewClient() echo.HandlerFunc {
return func(c echo.Context) error { return func(c echo.Context) error {
// access validation
validSession(c)
client := new(model.Client) client := new(model.Client)
c.Bind(client) c.Bind(client)
@ -204,8 +196,6 @@ func EmailClient(mailer emailer.Emailer) echo.HandlerFunc {
} }
return func(c echo.Context) error { return func(c echo.Context) error {
// access validation
validSession(c)
var payload clientIdEmailPayload var payload clientIdEmailPayload
c.Bind(&payload) c.Bind(&payload)
// TODO validate email // TODO validate email
@ -245,8 +235,6 @@ func EmailClient(mailer emailer.Emailer) echo.HandlerFunc {
// UpdateClient handler to update client information // UpdateClient handler to update client information
func UpdateClient() echo.HandlerFunc { func UpdateClient() echo.HandlerFunc {
return func(c echo.Context) error { return func(c echo.Context) error {
// access validation
validSession(c)
_client := new(model.Client) _client := new(model.Client)
c.Bind(_client) c.Bind(_client)
@ -305,8 +293,6 @@ func UpdateClient() echo.HandlerFunc {
// SetClientStatus handler to enable / disable a client // SetClientStatus handler to enable / disable a client
func SetClientStatus() echo.HandlerFunc { func SetClientStatus() echo.HandlerFunc {
return func(c echo.Context) error { return func(c echo.Context) error {
// access validation
validSession(c)
data := make(map[string]interface{}) data := make(map[string]interface{})
err := json.NewDecoder(c.Request().Body).Decode(&data) err := json.NewDecoder(c.Request().Body).Decode(&data)
@ -368,8 +354,6 @@ func DownloadClient() echo.HandlerFunc {
// RemoveClient handler // RemoveClient handler
func RemoveClient() echo.HandlerFunc { func RemoveClient() echo.HandlerFunc {
return func(c echo.Context) error { return func(c echo.Context) error {
// access validation
validSession(c)
client := new(model.Client) client := new(model.Client)
c.Bind(client) c.Bind(client)
@ -394,8 +378,6 @@ func RemoveClient() echo.HandlerFunc {
// WireGuardServer handler // WireGuardServer handler
func WireGuardServer() echo.HandlerFunc { func WireGuardServer() echo.HandlerFunc {
return func(c echo.Context) error { return func(c echo.Context) error {
// access validation
validSession(c)
server, err := util.GetServer() server, err := util.GetServer()
if err != nil { if err != nil {
@ -413,8 +395,6 @@ func WireGuardServer() echo.HandlerFunc {
// WireGuardServerInterfaces handler // WireGuardServerInterfaces handler
func WireGuardServerInterfaces() echo.HandlerFunc { func WireGuardServerInterfaces() echo.HandlerFunc {
return func(c echo.Context) error { return func(c echo.Context) error {
// access validation
validSession(c)
serverInterface := new(model.ServerInterface) serverInterface := new(model.ServerInterface)
c.Bind(serverInterface) c.Bind(serverInterface)
@ -444,8 +424,6 @@ func WireGuardServerInterfaces() echo.HandlerFunc {
// WireGuardServerKeyPair handler to generate private and public keys // WireGuardServerKeyPair handler to generate private and public keys
func WireGuardServerKeyPair() echo.HandlerFunc { func WireGuardServerKeyPair() echo.HandlerFunc {
return func(c echo.Context) error { return func(c echo.Context) error {
// access validation
validSession(c)
// gen Wireguard key pair // gen Wireguard key pair
key, err := wgtypes.GeneratePrivateKey() key, err := wgtypes.GeneratePrivateKey()
@ -476,8 +454,6 @@ func WireGuardServerKeyPair() echo.HandlerFunc {
// GlobalSettings handler // GlobalSettings handler
func GlobalSettings() echo.HandlerFunc { func GlobalSettings() echo.HandlerFunc {
return func(c echo.Context) error { return func(c echo.Context) error {
// access validation
validSession(c)
globalSettings, err := util.GetGlobalSettings() globalSettings, err := util.GetGlobalSettings()
if err != nil { if err != nil {
@ -494,8 +470,6 @@ func GlobalSettings() echo.HandlerFunc {
// GlobalSettingSubmit handler to update the global settings // GlobalSettingSubmit handler to update the global settings
func GlobalSettingSubmit() echo.HandlerFunc { func GlobalSettingSubmit() echo.HandlerFunc {
return func(c echo.Context) error { return func(c echo.Context) error {
// access validation
validSession(c)
globalSettings := new(model.GlobalSetting) globalSettings := new(model.GlobalSetting)
c.Bind(globalSettings) c.Bind(globalSettings)
@ -525,8 +499,6 @@ func GlobalSettingSubmit() echo.HandlerFunc {
// MachineIPAddresses handler to get local interface ip addresses // MachineIPAddresses handler to get local interface ip addresses
func MachineIPAddresses() echo.HandlerFunc { func MachineIPAddresses() echo.HandlerFunc {
return func(c echo.Context) error { return func(c echo.Context) error {
// access validation
validSession(c)
// get private ip addresses // get private ip addresses
interfaceList, err := util.GetInterfaceIPs() interfaceList, err := util.GetInterfaceIPs()
@ -551,8 +523,6 @@ func MachineIPAddresses() echo.HandlerFunc {
// SuggestIPAllocation handler to get the list of ip address for client // SuggestIPAllocation handler to get the list of ip address for client
func SuggestIPAllocation() echo.HandlerFunc { func SuggestIPAllocation() echo.HandlerFunc {
return func(c echo.Context) error { return func(c echo.Context) error {
// access validation
validSession(c)
server, err := util.GetServer() server, err := util.GetServer()
if err != nil { if err != nil {
@ -589,8 +559,6 @@ func SuggestIPAllocation() echo.HandlerFunc {
// ApplyServerConfig handler to write config file and restart Wireguard server // ApplyServerConfig handler to write config file and restart Wireguard server
func ApplyServerConfig(tmplBox *rice.Box) echo.HandlerFunc { func ApplyServerConfig(tmplBox *rice.Box) echo.HandlerFunc {
return func(c echo.Context) error { return func(c echo.Context) error {
// access validation
validSession(c)
server, err := util.GetServer() server, err := util.GetServer()
if err != nil { if err != nil {

28
handler/session.go
View File

@ -9,22 +9,32 @@ import (
"github.com/ngoduykhanh/wireguard-ui/util" "github.com/ngoduykhanh/wireguard-ui/util"
) )
// validSession to redirect user to the login page if they are not authenticated or session expired. func ValidSession(next echo.HandlerFunc) echo.HandlerFunc {
func validSession(c echo.Context) { return func(c echo.Context) error {
if !util.DisableLogin { if !isValidSession(c) {
sess, _ := session.Get("session", c)
cookie, err := c.Cookie("session_token")
if err != nil || sess.Values["session_token"] != cookie.Value {
nextURL := c.Request().URL nextURL := c.Request().URL
if nextURL != nil { if nextURL != nil && c.Request().Method == http.MethodGet {
c.Redirect(http.StatusTemporaryRedirect, fmt.Sprintf("/login?next=%s", c.Request().URL)) return c.Redirect(http.StatusTemporaryRedirect, fmt.Sprintf("/login?next=%s", c.Request().URL))
} else { } else {
c.Redirect(http.StatusTemporaryRedirect, "/login") return c.Redirect(http.StatusTemporaryRedirect, "/login")
} }
} }
return next(c)
} }
} }
func isValidSession(c echo.Context) bool {
if util.DisableLogin {
return true
}
sess, _ := session.Get("session", c)
cookie, err := c.Cookie("session_token")
if err != nil || sess.Values["session_token"] != cookie.Value {
return false
}
return true
}
// currentUser to get username of logged in user // currentUser to get username of logged in user
func currentUser(c echo.Context) string { func currentUser(c echo.Context) string {
if util.DisableLogin { if util.DisableLogin {

39
main.go
View File

@ -36,6 +36,7 @@ func init() {
util.SendgridApiKey = os.Getenv("SENDGRID_API_KEY") util.SendgridApiKey = os.Getenv("SENDGRID_API_KEY")
util.EmailFrom = os.Getenv("EMAIL_FROM") util.EmailFrom = os.Getenv("EMAIL_FROM")
util.EmailFromName = os.Getenv("EMAIL_FROM_NAME") util.EmailFromName = os.Getenv("EMAIL_FROM_NAME")
util.SessionSecret = []byte(os.Getenv("SESSION_SECRET"))
// print app information // print app information
fmt.Println("Wireguard UI") fmt.Println("Wireguard UI")
@ -66,9 +67,9 @@ func main() {
assetHandler := http.FileServer(rice.MustFindBox("assets").HTTPBox()) assetHandler := http.FileServer(rice.MustFindBox("assets").HTTPBox())
// register routes // register routes
app := router.New(tmplBox, extraData) app := router.New(tmplBox, extraData, util.SessionSecret)
app.GET("/", handler.WireGuardClients()) app.GET("/", handler.WireGuardClients(), handler.ValidSession)
if !util.DisableLogin { if !util.DisableLogin {
app.GET("/login", handler.LoginPage()) app.GET("/login", handler.LoginPage())
@ -77,23 +78,23 @@ func main() {
sendmail := emailer.NewSendgridApiMail(util.SendgridApiKey, util.EmailFromName, util.EmailFrom) sendmail := emailer.NewSendgridApiMail(util.SendgridApiKey, util.EmailFromName, util.EmailFrom)
app.GET("/logout", handler.Logout()) app.GET("/logout", handler.Logout(), handler.ValidSession)
app.POST("/new-client", handler.NewClient()) app.POST("/new-client", handler.NewClient(), handler.ValidSession)
app.POST("/update-client", handler.UpdateClient()) app.POST("/update-client", handler.UpdateClient(), handler.ValidSession)
app.POST("/email-client", handler.EmailClient(sendmail)) app.POST("/email-client", handler.EmailClient(sendmail), handler.ValidSession)
app.POST("/client/set-status", handler.SetClientStatus()) app.POST("/client/set-status", handler.SetClientStatus(), handler.ValidSession)
app.POST("/remove-client", handler.RemoveClient()) app.POST("/remove-client", handler.RemoveClient(), handler.ValidSession)
app.GET("/download", handler.DownloadClient()) app.GET("/download", handler.DownloadClient(), handler.ValidSession)
app.GET("/wg-server", handler.WireGuardServer()) app.GET("/wg-server", handler.WireGuardServer(), handler.ValidSession)
app.POST("wg-server/interfaces", handler.WireGuardServerInterfaces()) app.POST("wg-server/interfaces", handler.WireGuardServerInterfaces(), handler.ValidSession)
app.POST("wg-server/keypair", handler.WireGuardServerKeyPair()) app.POST("wg-server/keypair", handler.WireGuardServerKeyPair(), handler.ValidSession)
app.GET("/global-settings", handler.GlobalSettings()) app.GET("/global-settings", handler.GlobalSettings(), handler.ValidSession)
app.POST("/global-settings", handler.GlobalSettingSubmit()) app.POST("/global-settings", handler.GlobalSettingSubmit(), handler.ValidSession)
app.GET("/api/clients", handler.GetClients()) app.GET("/api/clients", handler.GetClients(), handler.ValidSession)
app.GET("/api/client/:id", handler.GetClient()) app.GET("/api/client/:id", handler.GetClient(), handler.ValidSession)
app.GET("/api/machine-ips", handler.MachineIPAddresses()) app.GET("/api/machine-ips", handler.MachineIPAddresses(), handler.ValidSession)
app.GET("/api/suggest-client-ips", handler.SuggestIPAllocation()) app.GET("/api/suggest-client-ips", handler.SuggestIPAllocation(), handler.ValidSession)
app.GET("/api/apply-wg-config", handler.ApplyServerConfig(tmplBox)) app.GET("/api/apply-wg-config", handler.ApplyServerConfig(tmplBox), handler.ValidSession)
// servers other static files // servers other static files
app.GET("/static/*", echo.WrapHandler(http.StripPrefix("/static/", assetHandler))) app.GET("/static/*", echo.WrapHandler(http.StripPrefix("/static/", assetHandler)))

6
router/router.go
View File

@ -6,7 +6,7 @@ import (
"reflect" "reflect"
"text/template" "text/template"
"github.com/GeertJohan/go.rice" rice "github.com/GeertJohan/go.rice"
"github.com/gorilla/sessions" "github.com/gorilla/sessions"
"github.com/labstack/echo-contrib/session" "github.com/labstack/echo-contrib/session"
"github.com/labstack/echo/v4" "github.com/labstack/echo/v4"
@ -44,9 +44,9 @@ func (t *TemplateRegistry) Render(w io.Writer, name string, data interface{}, c
} }
// New function // New function
func New(tmplBox *rice.Box, extraData map[string]string) *echo.Echo { func New(tmplBox *rice.Box, extraData map[string]string, secret []byte) *echo.Echo {
e := echo.New() e := echo.New()
e.Use(session.Middleware(sessions.NewCookieStore([]byte("secret")))) e.Use(session.Middleware(sessions.NewCookieStore(secret)))
// read html template file to string // read html template file to string
tmplBaseString, err := tmplBox.String("base.html") tmplBaseString, err := tmplBox.String("base.html")

1
util/config.go
View File

@ -7,4 +7,5 @@ var (
SendgridApiKey string SendgridApiKey string
EmailFrom string EmailFrom string
EmailFromName string EmailFromName string
SessionSecret []byte
) )