mirror of
https://github.com/gravitl/netmaker.git
synced 2025-10-05 08:47:35 +08:00
Merge pull request #2100 from gravitl/GRA-1335-ext-client-pubkeys
GRA-1335 allowed public key input for ext clients
This commit is contained in:
dcarns
@@ -17,6 +17,7 @@ import (
|
|||||||
"github.com/gravitl/netmaker/models/promodels"
|
"github.com/gravitl/netmaker/models/promodels"
|
||||||
"github.com/gravitl/netmaker/mq"
|
"github.com/gravitl/netmaker/mq"
|
||||||
"github.com/skip2/go-qrcode"
|
"github.com/skip2/go-qrcode"
|
||||||
|
"golang.zx2c4.com/wireguard/wgctrl/wgtypes"
|
||||||
)
|
)
|
||||||
|
|
||||||
func extClientHandlers(r *mux.Router) {
|
func extClientHandlers(r *mux.Router) {
|
||||||
@@ -317,16 +318,22 @@ func createExtClient(w http.ResponseWriter, r *http.Request) {
|
|||||||
}
|
}
|
||||||
|
|
||||||
var extclient models.ExtClient
|
var extclient models.ExtClient
|
||||||
var CustomExtClient models.CustomExtClient
|
var customExtClient models.CustomExtClient
|
||||||
|
|
||||||
err := json.NewDecoder(r.Body).Decode(&CustomExtClient)
|
|
||||||
|
|
||||||
|
err := json.NewDecoder(r.Body).Decode(&customExtClient)
|
||||||
if err == nil {
|
if err == nil {
|
||||||
if CustomExtClient.ClientID != "" && !validName(CustomExtClient.ClientID) {
|
if customExtClient.ClientID != "" && !validName(customExtClient.ClientID) {
|
||||||
logic.ReturnErrorResponse(w, r, logic.FormatError(errInvalidExtClientID, "badrequest"))
|
logic.ReturnErrorResponse(w, r, logic.FormatError(errInvalidExtClientID, "badrequest"))
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
extclient.ClientID = CustomExtClient.ClientID
|
extclient.ClientID = customExtClient.ClientID
|
||||||
|
if len(customExtClient.PublicKey) > 0 {
|
||||||
|
if _, err := wgtypes.ParseKey(customExtClient.PublicKey); err != nil {
|
||||||
|
logic.ReturnErrorResponse(w, r, logic.FormatError(errInvalidExtClientPubKey, "badrequest"))
|
||||||
|
return
|
||||||
|
}
|
||||||
|
extclient.PublicKey = customExtClient.PublicKey
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
extclient.Network = networkName
|
extclient.Network = networkName
|
||||||
@@ -350,16 +357,13 @@ func createExtClient(w http.ResponseWriter, r *http.Request) {
|
|||||||
listenPort = host.ProxyListenPort
|
listenPort = host.ProxyListenPort
|
||||||
}
|
}
|
||||||
extclient.IngressGatewayEndpoint = host.EndpointIP.String() + ":" + strconv.FormatInt(int64(listenPort), 10)
|
extclient.IngressGatewayEndpoint = host.EndpointIP.String() + ":" + strconv.FormatInt(int64(listenPort), 10)
|
||||||
|
|
||||||
extclient.Enabled = true
|
extclient.Enabled = true
|
||||||
parentNetwork, err := logic.GetNetwork(networkName)
|
parentNetwork, err := logic.GetNetwork(networkName)
|
||||||
if err == nil { // check if parent network default ACL is enabled (yes) or not (no)
|
if err == nil { // check if parent network default ACL is enabled (yes) or not (no)
|
||||||
extclient.Enabled = parentNetwork.DefaultACL == "yes"
|
extclient.Enabled = parentNetwork.DefaultACL == "yes"
|
||||||
}
|
}
|
||||||
// check pro settings
|
|
||||||
|
|
||||||
err = logic.CreateExtClient(&extclient)
|
if err = logic.CreateExtClient(&extclient); err != nil {
|
||||||
if err != nil {
|
|
||||||
logger.Log(0, r.Header.Get("user"),
|
logger.Log(0, r.Header.Get("user"),
|
||||||
fmt.Sprintf("failed to create new ext client on network [%s]: %v", networkName, err))
|
fmt.Sprintf("failed to create new ext client on network [%s]: %v", networkName, err))
|
||||||
logic.ReturnErrorResponse(w, r, logic.FormatError(err, "internal"))
|
logic.ReturnErrorResponse(w, r, logic.FormatError(err, "internal"))
|
||||||
@@ -389,8 +393,7 @@ func createExtClient(w http.ResponseWriter, r *http.Request) {
|
|||||||
logger.Log(0, r.Header.Get("user"), "created new ext client on network", networkName)
|
logger.Log(0, r.Header.Get("user"), "created new ext client on network", networkName)
|
||||||
w.WriteHeader(http.StatusOK)
|
w.WriteHeader(http.StatusOK)
|
||||||
go func() {
|
go func() {
|
||||||
err = mq.PublishPeerUpdate()
|
if err := mq.PublishPeerUpdate(); err != nil {
|
||||||
if err != nil {
|
|
||||||
logger.Log(1, "error setting ext peers on "+nodeid+": "+err.Error())
|
logger.Log(1, "error setting ext peers on "+nodeid+": "+err.Error())
|
||||||
}
|
}
|
||||||
if err := mq.PublishExtCLientDNS(&extclient); err != nil {
|
if err := mq.PublishExtCLientDNS(&extclient); err != nil {
|
||||||
|
|||||||
@@ -5,7 +5,10 @@ import (
|
|||||||
"regexp"
|
"regexp"
|
||||||
)
|
)
|
||||||
|
|
||||||
var errInvalidExtClientID = errors.New("ext client ID must be alphanumderic and/or dashes")
|
var (
|
||||||
|
errInvalidExtClientPubKey = errors.New("incorrect ext client public key")
|
||||||
|
errInvalidExtClientID = errors.New("ext client ID must be alphanumderic and/or dashes")
|
||||||
|
)
|
||||||
|
|
||||||
// allow only dashes and alphaneumeric for ext client and node names
|
// allow only dashes and alphaneumeric for ext client and node names
|
||||||
func validName(name string) bool {
|
func validName(name string) bool {
|
||||||
|
|||||||
@@ -117,14 +117,15 @@ func GetExtClient(clientid string, network string) (models.ExtClient, error) {
|
|||||||
// CreateExtClient - creates an extclient
|
// CreateExtClient - creates an extclient
|
||||||
func CreateExtClient(extclient *models.ExtClient) error {
|
func CreateExtClient(extclient *models.ExtClient) error {
|
||||||
|
|
||||||
if extclient.PrivateKey == "" {
|
if len(extclient.PublicKey) == 0 {
|
||||||
privateKey, err := wgtypes.GeneratePrivateKey()
|
privateKey, err := wgtypes.GeneratePrivateKey()
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
|
|
||||||
extclient.PrivateKey = privateKey.String()
|
extclient.PrivateKey = privateKey.String()
|
||||||
extclient.PublicKey = privateKey.PublicKey().String()
|
extclient.PublicKey = privateKey.PublicKey().String()
|
||||||
|
} else {
|
||||||
|
extclient.PrivateKey = "[ENTER PRIVATE KEY]"
|
||||||
}
|
}
|
||||||
|
|
||||||
parentNetwork, err := GetNetwork(extclient.Network)
|
parentNetwork, err := GetNetwork(extclient.Network)
|
||||||
@@ -156,7 +157,6 @@ func CreateExtClient(extclient *models.ExtClient) error {
|
|||||||
}
|
}
|
||||||
|
|
||||||
extclient.LastModified = time.Now().Unix()
|
extclient.LastModified = time.Now().Unix()
|
||||||
|
|
||||||
key, err := GetRecordKey(extclient.ClientID, extclient.Network)
|
key, err := GetRecordKey(extclient.ClientID, extclient.Network)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return err
|
return err
|
||||||
|
|||||||
@@ -8,12 +8,17 @@ import (
|
|||||||
"golang.zx2c4.com/wireguard/wgctrl/wgtypes"
|
"golang.zx2c4.com/wireguard/wgctrl/wgtypes"
|
||||||
)
|
)
|
||||||
|
|
||||||
const PLACEHOLDER_KEY_TEXT = "ACCESS_KEY"
|
const (
|
||||||
const PLACEHOLDER_TOKEN_TEXT = "ACCESS_TOKEN"
|
// PLACEHOLDER_KEY_TEXT - access key placeholder text if option turned off
|
||||||
|
PLACEHOLDER_KEY_TEXT = "ACCESS_KEY"
|
||||||
|
// PLACEHOLDER_TOKEN_TEXT - access key token placeholder text if option turned off
|
||||||
|
PLACEHOLDER_TOKEN_TEXT = "ACCESS_TOKEN"
|
||||||
|
)
|
||||||
|
|
||||||
// CustomExtClient - struct for CustomExtClient params
|
// CustomExtClient - struct for CustomExtClient params
|
||||||
type CustomExtClient struct {
|
type CustomExtClient struct {
|
||||||
ClientID string `json:"clientid"`
|
ClientID string `json:"clientid"`
|
||||||
|
PublicKey string `json:"publickey,omitempty"`
|
||||||
}
|
}
|
||||||
|
|
||||||
// AuthParams - struct for auth params
|
// AuthParams - struct for auth params
|
||||||
|
|||||||
Reference in New Issue
Block a user