fea: support get openvpn file from user

2025-10-24 09:23:21 +08:00 · 2023-12-27 21:24:02 +08:00
parent dd05f95017
commit 9909380092
8 changed files with 82 additions and 38 deletions
--- a/2
+++ b/2
@@ -5,7 +5,7 @@ SHELL := /bin/bash

 ## version
 LSB = $(shell lsb_release -i -s)$(shell lsb_release -r -s)
-VER = $(shell cat VERSION)
+VER = $(shell ./dist/version.sh)
 ARCH = $(shell uname -m)

 ## declare directory
--- a/1
+++ b/1
@@ -1 +0,0 @@
-23.09.18
--- a/dist/version.sh
+++ b/dist/version.sh
@@ -0,0 +1,14 @@
+#!/bin/bash
+
+if [ -e "VERSION" ]; then
+	cat VERSION
+	exit 0
+fi
+
+ver=$(git describe --tags --abbrev=0 --match 'v*')
+if [ $? -eq 0 ]; then
+	echo $ver
+	exit 0
+fi
+
+date +%y%m%d
--- a/pkg/api/network.go
+++ b/pkg/api/network.go
@@ -1,12 +1,13 @@
 package api

 import (
+	"net/http"
+	"strings"
+
 	"github.com/gorilla/mux"
 	"github.com/luscis/openlan/pkg/cache"
 	"github.com/luscis/openlan/pkg/models"
 	"github.com/luscis/openlan/pkg/schema"
-	"net/http"
-	"strings"
 )

 type Network struct {
@@ -15,7 +16,7 @@ type Network struct {
 func (h Network) Router(router *mux.Router) {
 	router.HandleFunc("/api/network", h.List).Methods("GET")
 	router.HandleFunc("/api/network/{id}", h.Get).Methods("GET")
-	router.HandleFunc("/get/network/{id}/{ie}.ovpn", h.Profile).Methods("GET")
+	router.HandleFunc("/get/network/{id}/ovpn", h.Profile).Methods("GET")
 }

 func (h Network) List(w http.ResponseWriter, r *http.Request) {
@@ -42,7 +43,7 @@ func (h Network) Get(w http.ResponseWriter, r *http.Request) {
 func (h Network) Profile(w http.ResponseWriter, r *http.Request) {
 	server := strings.SplitN(r.Host, ":", 2)[0]
 	vars := mux.Vars(r)
-	data, err := cache.VPNClient.GetClientProfile(vars["id"], vars["ie"], server)
+	data, err := cache.VPNClient.GetClientProfile(vars["id"], server)
 	if err == nil {
 		_, _ = w.Write([]byte(data))
 	} else {
--- a/pkg/api/user.go
+++ b/pkg/api/user.go
@@ -72,14 +72,25 @@ func (h User) Del(w http.ResponseWriter, r *http.Request) {
 	ResponseMsg(w, 0, "")
 }

+func UserCheck(user, pass string) error {
+	model := &models.User{
+		Name:     user,
+		Password: pass,
+	}
+	if _, err := cache.User.Check(model); err == nil {
+		return nil
+	} else {
+		return err
+	}
+}
+
 func (h User) Check(w http.ResponseWriter, r *http.Request) {
 	user := &schema.User{}
 	if err := GetData(r, user); err != nil {
 		http.Error(w, err.Error(), http.StatusInternalServerError)
 		return
 	}
-	model := models.SchemaToUserModel(user)
-	if _, err := cache.User.Check(model); err == nil {
+	if err := UserCheck(user.Name, user.Password); err == nil {
 		ResponseMsg(w, 0, "success")
 	} else {
 		http.Error(w, err.Error(), http.StatusUnauthorized)
--- a/pkg/cache/openvpn.go
+++ b/pkg/cache/openvpn.go
@@ -2,9 +2,6 @@ package cache

 import (
 	"bufio"
-	"github.com/luscis/openlan/pkg/config"
-	"github.com/luscis/openlan/pkg/libol"
-	"github.com/luscis/openlan/pkg/schema"
 	"io"
 	"os"
 	"path/filepath"
@@ -12,6 +9,10 @@ import (
 	"strings"
 	"time"
 	"unicode"
+
+	"github.com/luscis/openlan/pkg/config"
+	"github.com/luscis/openlan/pkg/libol"
+	"github.com/luscis/openlan/pkg/schema"
 )

 type vpnClient struct {
@@ -156,9 +157,15 @@ func (o *vpnClient) List(name string) <-chan *schema.VPNClient {
 	return c
 }

-func (o *vpnClient) GetClientProfile(network, client, remote string) (string, error) {
-	file := o.Dir(network, client+"client.ovpn")
-	reader, err := os.Open(file)
+func (o *vpnClient) clientFile(name string) string {
+	files, _ := filepath.Glob(o.Dir(name, "*client.ovpn"))
+	if len(files) > 0 {
+		return files[0]
+	}
+	return ""
+}
+func (o *vpnClient) GetClientProfile(network, remote string) (string, error) {
+	reader, err := os.Open(o.clientFile(network))
 	if err != nil {
 		return "", err
 	}
@@ -166,8 +173,9 @@ func (o *vpnClient) GetClientProfile(network, client, remote string) (string, er
 	scanner := bufio.NewScanner(reader)
 	for scanner.Scan() {
 		line := scanner.Text()
-		if strings.HasPrefix(line, "remote 0.0.0.0") {
-			profile += strings.Replace(line, "0.0.0.0", remote, 1)
+		elements := strings.SplitN(line, " ", 3)
+		if len(elements) == 3 && elements[0] == "remote" {
+			profile += "remote " + remote + " " + elements[2]
 		} else {
 			profile += line
 		}
--- a/pkg/models/user.go
+++ b/pkg/models/user.go
@@ -2,10 +2,11 @@ package models

 import (
 	"fmt"
-	"github.com/luscis/openlan/pkg/libol"
 	"runtime"
 	"strings"
 	"time"
+
+	"github.com/luscis/openlan/pkg/libol"
 )

 type User struct {
@@ -56,5 +57,8 @@ func (u *User) Update() {
 }

 func (u *User) Id() string {
+	if u.Network == "" {
+		return u.Name
+	}
 	return u.Name + "@" + u.Network
 }
--- a/pkg/switch/http.go
+++ b/pkg/switch/http.go
@@ -2,16 +2,7 @@ package _switch

 import (
 	"context"
-	"crypto/md5"
-	"encoding/hex"
 	"fmt"
-	"github.com/gorilla/mux"
-	"github.com/luscis/openlan/pkg/api"
-	"github.com/luscis/openlan/pkg/cache"
-	co "github.com/luscis/openlan/pkg/config"
-	"github.com/luscis/openlan/pkg/libol"
-	"github.com/luscis/openlan/pkg/models"
-	"github.com/luscis/openlan/pkg/schema"
 	"io/ioutil"
 	"net/http"
 	"net/http/pprof"
@@ -21,13 +12,20 @@ import (
 	"strings"
 	"text/template"
 	"time"
+
+	"github.com/gorilla/mux"
+	"github.com/luscis/openlan/pkg/api"
+	"github.com/luscis/openlan/pkg/cache"
+	co "github.com/luscis/openlan/pkg/config"
+	"github.com/luscis/openlan/pkg/libol"
+	"github.com/luscis/openlan/pkg/models"
+	"github.com/luscis/openlan/pkg/schema"
 )

 type Http struct {
 	switcher   api.Switcher
 	listen     string
 	adminToken string
-	guestToken string
 	adminFile  string
 	server     *http.Server
 	crtFile    string
@@ -141,9 +139,7 @@ func (h *Http) LoadToken() {
 }

 func (h *Http) SetToken(value string) {
-	sum := md5.Sum([]byte(value))
 	h.adminToken = value
-	h.guestToken = hex.EncodeToString(sum[:16])[:12]
 }

 func (h *Http) Start() {
@@ -182,16 +178,27 @@ func (h *Http) Shutdown() {
 func (h *Http) IsAuth(w http.ResponseWriter, r *http.Request) bool {
 	token, pass, ok := r.BasicAuth()
 	libol.Debug("Http.IsAuth token: %s, pass: %s", token, pass)
-	if strings.HasPrefix(r.URL.Path, "/api/") {
-		if !ok || token != h.adminToken {
-			return false
-		}
-	} else if strings.HasPrefix(r.URL.Path, "/get/") {
-		if !ok || token != h.guestToken {
-			return false
+	if !ok {
+		return false
+	}
+	if token == h.adminToken {
+		return true
+	}
+
+	elements := strings.SplitN(r.URL.Path, "/", 8)
+	if len(elements) > 3 {
+		if elements[2] == "network" {
+			zone := elements[3]
+			if !strings.HasSuffix(token, "@"+zone) {
+				return false
+			}
+			if api.UserCheck(token, pass) == nil {
+				return true
+			}
 		}
 	}
-	return true
+
+	return false
 }

 func (h *Http) getFile(name string) string {