Add domain specific get request

2024-11-21 10:51:40 +00:00 · 2023-10-27 09:16:52 +01:00 · 2023-10-27 09:16:52 +01:00 · 52547234b0
commit 52547234b0
parent 6559b21c16
6 changed files with 61 additions and 11 deletions
--- a/certs/certs_test.go
+++ b/certs/certs_test.go
@ -16,7 +16,7 @@ func TestCertsNew_Lookup(t *testing.T) {
 	// type to test that certificate files can be found and read correctly. This
 	// uses a MapFS for performance during tests.

-	ca, err := certgen.MakeCaTls(4096, pkix.Name{
+	ca, err := certgen.MakeCaTls(2048, pkix.Name{
 		Country:            []string{"GB"},
 		Organization:       []string{"Violet"},
 		OrganizationalUnit: []string{"Development"},
@ -29,7 +29,7 @@ func TestCertsNew_Lookup(t *testing.T) {

 	domain := "example.com"
 	sn := int64(1)
-	serverTls, err := certgen.MakeServerTls(ca, 4096, pkix.Name{
+	serverTls, err := certgen.MakeServerTls(ca, 2048, pkix.Name{
 		Country:            []string{"GB"},
 		Organization:       []string{domain},
 		OrganizationalUnit: []string{domain},
@ -63,6 +63,10 @@ func TestCertsNew_Lookup(t *testing.T) {
 }

 func TestCertsNew_SelfSigned(t *testing.T) {
+	if testing.Short() {
+		return
+	}
+
 	certs := New(nil, nil, true)
 	cc := certs.GetCertForDomain("example.com")
 	leaf := certgen.TlsLeaf(cc)
--- a/go.mod
+++ b/go.mod
@ -6,7 +6,7 @@ require (
 	github.com/AlecAivazis/survey/v2 v2.3.7
 	github.com/MrMelon54/certgen v0.0.1
 	github.com/MrMelon54/exit-reload v0.0.1
-	github.com/MrMelon54/mjwt v0.1.1
+	github.com/MrMelon54/mjwt v0.1.3
 	github.com/MrMelon54/png2ico v1.0.1
 	github.com/MrMelon54/rescheduler v0.0.1
 	github.com/MrMelon54/trie v0.0.2
@ -23,6 +23,7 @@ require (
 )

 require (
+	github.com/becheran/wildmatch-go v1.0.0 // indirect
 	github.com/davecgh/go-spew v1.1.1 // indirect
 	github.com/golang-jwt/jwt/v4 v4.5.0 // indirect
 	github.com/kballard/go-shellquote v0.0.0-20180428030007-95032a82bc51 // indirect
--- a/go.sum
+++ b/go.sum
@ -6,6 +6,8 @@ github.com/MrMelon54/exit-reload v0.0.1 h1:sxHa59tNEQMcikwuX2+93lw6Vi1+R7oCRF8a0
 github.com/MrMelon54/exit-reload v0.0.1/go.mod h1:PLiSfmUzwdpTTQP3BBfUPhkqPwaIZjx0DuXBnM76Bug=
 github.com/MrMelon54/mjwt v0.1.1 h1:m+aTpxbhQCrOPKHN170DQMFR5r938LkviU38unob5Jw=
 github.com/MrMelon54/mjwt v0.1.1/go.mod h1:oYrDBWK09Hju98xb+bRQ0wy+RuAzacxYvKYOZchR2Tk=
+github.com/MrMelon54/mjwt v0.1.3 h1:FgwPPxxVgE/+BHIVB9ll1SOdu8nWpjBnAwLdAzzZ5HU=
+github.com/MrMelon54/mjwt v0.1.3/go.mod h1:JD+ZkffNcuIS05p1oV+nYjgDZ0wLpiWMuTmPBqkVZck=
 github.com/MrMelon54/png2ico v1.0.1 h1:zJoSSl4OkvSIMWGyGPvb8fWNa0KrUvMIjgNGLNLJhVQ=
 github.com/MrMelon54/png2ico v1.0.1/go.mod h1:NOv3tO4497mInG+3tcFkIohmxCywUwMLU8WNxJZLVmU=
 github.com/MrMelon54/rescheduler v0.0.1 h1:gzNvL8X81M00uYN0i9clFVrXCkG1UuLNYxDcvjKyBqo=
@ -14,6 +16,8 @@ github.com/MrMelon54/trie v0.0.2 h1:ZXWcX5ij62O9K4I/anuHmVg8L3tF0UGdlPceAASwKEY=
 github.com/MrMelon54/trie v0.0.2/go.mod h1:sGCGOcqb+DxSxvHgSOpbpkmA7mFZR47YDExy9OCbVZI=
 github.com/Netflix/go-expect v0.0.0-20220104043353-73e0943537d2 h1:+vx7roKuyA63nhn5WAunQHLTznkw5W8b1Xc0dNjp83s=
 github.com/Netflix/go-expect v0.0.0-20220104043353-73e0943537d2/go.mod h1:HBCaDeC1lPdgDeDbhX8XFpy1jqjK0IBG8W5K+xYqA0w=
+github.com/becheran/wildmatch-go v1.0.0 h1:mE3dGGkTmpKtT4Z+88t8RStG40yN9T+kFEGj2PZFSzA=
+github.com/becheran/wildmatch-go v1.0.0/go.mod h1:gbMvj0NtVdJ15Mg/mH9uxk2R1QCistMyU7d9KFzroX4=
 github.com/creack/pty v1.1.17 h1:QeVUsEDNrLBW4tMgZHvxy18sKtr6VI492kBhUfhDJNI=
 github.com/creack/pty v1.1.17/go.mod h1:MOBLtS5ELjhRRrroQr9kyvTxUAFNvYEK993ew/Vr4O4=
 github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
--- a/router/manager.go
+++ b/router/manager.go
@ -8,6 +8,7 @@ import (
 	"github.com/MrMelon54/rescheduler"
 	"log"
 	"net/http"
+	"strings"
 	"sync"
 )

@ -140,10 +141,23 @@ func (m *Manager) internalCompile(router *Router) error {
 	return rows.Err()
 }

-func (m *Manager) GetAllRoutes() ([]target.RouteWithActive, error) {
+func (m *Manager) GetAllRoutes(hosts []string) ([]target.RouteWithActive, error) {
+	if len(hosts) < 1 {
+		return []target.RouteWithActive{}, nil
+	}
+
+	var searchString strings.Builder
+	searchString.WriteString("WHERE ")
+	for i := range hosts {
+		if i != 0 {
+			searchString.WriteString(" OR ")
+		}
+		searchString.WriteString("source LIKE ?")
+	}
+
 	s := make([]target.RouteWithActive, 0)

-	query, err := m.db.Query(`SELECT source, destination, flags, active FROM routes`)
+	query, err := m.db.Query(`SELECT source, destination, flags, active FROM routes `+searchString.String(), hosts)
 	if err != nil {
 		return nil, err
 	}
@ -169,10 +183,23 @@ func (m *Manager) DeleteRoute(source string) error {
 	return err
 }

-func (m *Manager) GetAllRedirects() ([]target.RedirectWithActive, error) {
+func (m *Manager) GetAllRedirects(hosts []string) ([]target.RedirectWithActive, error) {
+	if len(hosts) < 1 {
+		return []target.RedirectWithActive{}, nil
+	}
+
+	var searchString strings.Builder
+	searchString.WriteString("WHERE ")
+	for i := range hosts {
+		if i != 0 {
+			searchString.WriteString(" OR ")
+		}
+		searchString.WriteString("source LIKE ?")
+	}
+
 	s := make([]target.RedirectWithActive, 0)

-	query, err := m.db.Query(`SELECT source, destination, flags, code, active FROM redirects`)
+	query, err := m.db.Query(`SELECT source, destination, flags, code, active FROM redirects `+searchString.String(), hosts)
 	if err != nil {
 		return nil, err
 	}
--- a/servers/api/api.go
+++ b/servers/api/api.go
@ -86,11 +86,21 @@ func acmeChallengeManage(verify mjwt.Verifier, domains utils.DomainProvider, acm
 	})
 }

+// getDomainOwnershipClaims returns the domains marked as owned from PermStorage,
+// they match `domain:owns=<fqdn>` where fqdn will be returned
+func getDomainOwnershipClaims(perms *claims.PermStorage) []string {
+	a := perms.Search("domain:owns=")
+	for i := range a {
+		a[i] = a[i][len("domain:owns="):]
+	}
+	return a
+}
+
 // validateDomainOwnershipClaims validates if the claims contain the
-// `owns=<fqdn>` field with the matching top level domain
+// `domain:owns=<fqdn>` field with the matching top level domain
 func validateDomainOwnershipClaims(a string, perms *claims.PermStorage) bool {
 	if fqdn, ok := utils.GetTopFqdn(a); ok {
-		if perms.Has("owns=" + fqdn) {
+		if perms.Has("domain:owns=" + fqdn) {
 			return true
 		}
 	}
--- a/servers/api/target.go
+++ b/servers/api/target.go
@ -15,7 +15,9 @@ import (
 func SetupTargetApis(r *httprouter.Router, verify mjwt.Verifier, manager *router.Manager) {
 	// Endpoint for routes
 	r.GET("/route", checkAuthWithPerm(verify, "violet:route", func(rw http.ResponseWriter, req *http.Request, params httprouter.Params, b AuthClaims) {
-		routes, err := manager.GetAllRoutes()
+		domains := getDomainOwnershipClaims(b.Claims.Perms)
+
+		routes, err := manager.GetAllRoutes(domains)
 		if err != nil {
 			apiError(rw, http.StatusInternalServerError, "Failed to get routes from database")
 			return
@ -44,7 +46,9 @@ func SetupTargetApis(r *httprouter.Router, verify mjwt.Verifier, manager *router

 	// Endpoint for redirects
 	r.GET("/redirect", checkAuthWithPerm(verify, "violet:redirect", func(rw http.ResponseWriter, req *http.Request, params httprouter.Params, b AuthClaims) {
-		redirects, err := manager.GetAllRedirects()
+		domains := getDomainOwnershipClaims(b.Claims.Perms)
+
+		redirects, err := manager.GetAllRedirects(domains)
 		if err != nil {
 			apiError(rw, http.StatusInternalServerError, "Failed to get redirects from database")
 			return