From 52547234b0cddff46e45bea62baca363bc68dd5e Mon Sep 17 00:00:00 2001 From: MrMelon54 Date: Fri, 27 Oct 2023 09:16:52 +0100 Subject: [PATCH] Add domain specific get request --- certs/certs_test.go | 8 ++++++-- go.mod | 3 ++- go.sum | 4 ++++ router/manager.go | 35 +++++++++++++++++++++++++++++++---- servers/api/api.go | 14 ++++++++++++-- servers/api/target.go | 8 ++++++-- 6 files changed, 61 insertions(+), 11 deletions(-) diff --git a/certs/certs_test.go b/certs/certs_test.go index f0549d9..4e6b304 100644 --- a/certs/certs_test.go +++ b/certs/certs_test.go @@ -16,7 +16,7 @@ func TestCertsNew_Lookup(t *testing.T) { // type to test that certificate files can be found and read correctly. This // uses a MapFS for performance during tests. - ca, err := certgen.MakeCaTls(4096, pkix.Name{ + ca, err := certgen.MakeCaTls(2048, pkix.Name{ Country: []string{"GB"}, Organization: []string{"Violet"}, OrganizationalUnit: []string{"Development"}, @@ -29,7 +29,7 @@ func TestCertsNew_Lookup(t *testing.T) { domain := "example.com" sn := int64(1) - serverTls, err := certgen.MakeServerTls(ca, 4096, pkix.Name{ + serverTls, err := certgen.MakeServerTls(ca, 2048, pkix.Name{ Country: []string{"GB"}, Organization: []string{domain}, OrganizationalUnit: []string{domain}, @@ -63,6 +63,10 @@ func TestCertsNew_Lookup(t *testing.T) { } func TestCertsNew_SelfSigned(t *testing.T) { + if testing.Short() { + return + } + certs := New(nil, nil, true) cc := certs.GetCertForDomain("example.com") leaf := certgen.TlsLeaf(cc) diff --git a/go.mod b/go.mod index 83a94f7..98eb6ae 100644 --- a/go.mod +++ b/go.mod @@ -6,7 +6,7 @@ require ( github.com/AlecAivazis/survey/v2 v2.3.7 github.com/MrMelon54/certgen v0.0.1 github.com/MrMelon54/exit-reload v0.0.1 - github.com/MrMelon54/mjwt v0.1.1 + github.com/MrMelon54/mjwt v0.1.3 github.com/MrMelon54/png2ico v1.0.1 github.com/MrMelon54/rescheduler v0.0.1 github.com/MrMelon54/trie v0.0.2 @@ -23,6 +23,7 @@ require ( ) require ( + github.com/becheran/wildmatch-go v1.0.0 // indirect github.com/davecgh/go-spew v1.1.1 // indirect github.com/golang-jwt/jwt/v4 v4.5.0 // indirect github.com/kballard/go-shellquote v0.0.0-20180428030007-95032a82bc51 // indirect diff --git a/go.sum b/go.sum index f4fec71..4bfb056 100644 --- a/go.sum +++ b/go.sum @@ -6,6 +6,8 @@ github.com/MrMelon54/exit-reload v0.0.1 h1:sxHa59tNEQMcikwuX2+93lw6Vi1+R7oCRF8a0 github.com/MrMelon54/exit-reload v0.0.1/go.mod h1:PLiSfmUzwdpTTQP3BBfUPhkqPwaIZjx0DuXBnM76Bug= github.com/MrMelon54/mjwt v0.1.1 h1:m+aTpxbhQCrOPKHN170DQMFR5r938LkviU38unob5Jw= github.com/MrMelon54/mjwt v0.1.1/go.mod h1:oYrDBWK09Hju98xb+bRQ0wy+RuAzacxYvKYOZchR2Tk= +github.com/MrMelon54/mjwt v0.1.3 h1:FgwPPxxVgE/+BHIVB9ll1SOdu8nWpjBnAwLdAzzZ5HU= +github.com/MrMelon54/mjwt v0.1.3/go.mod h1:JD+ZkffNcuIS05p1oV+nYjgDZ0wLpiWMuTmPBqkVZck= github.com/MrMelon54/png2ico v1.0.1 h1:zJoSSl4OkvSIMWGyGPvb8fWNa0KrUvMIjgNGLNLJhVQ= github.com/MrMelon54/png2ico v1.0.1/go.mod h1:NOv3tO4497mInG+3tcFkIohmxCywUwMLU8WNxJZLVmU= github.com/MrMelon54/rescheduler v0.0.1 h1:gzNvL8X81M00uYN0i9clFVrXCkG1UuLNYxDcvjKyBqo= @@ -14,6 +16,8 @@ github.com/MrMelon54/trie v0.0.2 h1:ZXWcX5ij62O9K4I/anuHmVg8L3tF0UGdlPceAASwKEY= github.com/MrMelon54/trie v0.0.2/go.mod h1:sGCGOcqb+DxSxvHgSOpbpkmA7mFZR47YDExy9OCbVZI= github.com/Netflix/go-expect v0.0.0-20220104043353-73e0943537d2 h1:+vx7roKuyA63nhn5WAunQHLTznkw5W8b1Xc0dNjp83s= github.com/Netflix/go-expect v0.0.0-20220104043353-73e0943537d2/go.mod h1:HBCaDeC1lPdgDeDbhX8XFpy1jqjK0IBG8W5K+xYqA0w= +github.com/becheran/wildmatch-go v1.0.0 h1:mE3dGGkTmpKtT4Z+88t8RStG40yN9T+kFEGj2PZFSzA= +github.com/becheran/wildmatch-go v1.0.0/go.mod h1:gbMvj0NtVdJ15Mg/mH9uxk2R1QCistMyU7d9KFzroX4= github.com/creack/pty v1.1.17 h1:QeVUsEDNrLBW4tMgZHvxy18sKtr6VI492kBhUfhDJNI= github.com/creack/pty v1.1.17/go.mod h1:MOBLtS5ELjhRRrroQr9kyvTxUAFNvYEK993ew/Vr4O4= github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= diff --git a/router/manager.go b/router/manager.go index e8683aa..af11ed6 100644 --- a/router/manager.go +++ b/router/manager.go @@ -8,6 +8,7 @@ import ( "github.com/MrMelon54/rescheduler" "log" "net/http" + "strings" "sync" ) @@ -140,10 +141,23 @@ func (m *Manager) internalCompile(router *Router) error { return rows.Err() } -func (m *Manager) GetAllRoutes() ([]target.RouteWithActive, error) { +func (m *Manager) GetAllRoutes(hosts []string) ([]target.RouteWithActive, error) { + if len(hosts) < 1 { + return []target.RouteWithActive{}, nil + } + + var searchString strings.Builder + searchString.WriteString("WHERE ") + for i := range hosts { + if i != 0 { + searchString.WriteString(" OR ") + } + searchString.WriteString("source LIKE ?") + } + s := make([]target.RouteWithActive, 0) - query, err := m.db.Query(`SELECT source, destination, flags, active FROM routes`) + query, err := m.db.Query(`SELECT source, destination, flags, active FROM routes `+searchString.String(), hosts) if err != nil { return nil, err } @@ -169,10 +183,23 @@ func (m *Manager) DeleteRoute(source string) error { return err } -func (m *Manager) GetAllRedirects() ([]target.RedirectWithActive, error) { +func (m *Manager) GetAllRedirects(hosts []string) ([]target.RedirectWithActive, error) { + if len(hosts) < 1 { + return []target.RedirectWithActive{}, nil + } + + var searchString strings.Builder + searchString.WriteString("WHERE ") + for i := range hosts { + if i != 0 { + searchString.WriteString(" OR ") + } + searchString.WriteString("source LIKE ?") + } + s := make([]target.RedirectWithActive, 0) - query, err := m.db.Query(`SELECT source, destination, flags, code, active FROM redirects`) + query, err := m.db.Query(`SELECT source, destination, flags, code, active FROM redirects `+searchString.String(), hosts) if err != nil { return nil, err } diff --git a/servers/api/api.go b/servers/api/api.go index fcf16aa..6cac49f 100644 --- a/servers/api/api.go +++ b/servers/api/api.go @@ -86,11 +86,21 @@ func acmeChallengeManage(verify mjwt.Verifier, domains utils.DomainProvider, acm }) } +// getDomainOwnershipClaims returns the domains marked as owned from PermStorage, +// they match `domain:owns=` where fqdn will be returned +func getDomainOwnershipClaims(perms *claims.PermStorage) []string { + a := perms.Search("domain:owns=") + for i := range a { + a[i] = a[i][len("domain:owns="):] + } + return a +} + // validateDomainOwnershipClaims validates if the claims contain the -// `owns=` field with the matching top level domain +// `domain:owns=` field with the matching top level domain func validateDomainOwnershipClaims(a string, perms *claims.PermStorage) bool { if fqdn, ok := utils.GetTopFqdn(a); ok { - if perms.Has("owns=" + fqdn) { + if perms.Has("domain:owns=" + fqdn) { return true } } diff --git a/servers/api/target.go b/servers/api/target.go index 511fbe5..2aad29f 100644 --- a/servers/api/target.go +++ b/servers/api/target.go @@ -15,7 +15,9 @@ import ( func SetupTargetApis(r *httprouter.Router, verify mjwt.Verifier, manager *router.Manager) { // Endpoint for routes r.GET("/route", checkAuthWithPerm(verify, "violet:route", func(rw http.ResponseWriter, req *http.Request, params httprouter.Params, b AuthClaims) { - routes, err := manager.GetAllRoutes() + domains := getDomainOwnershipClaims(b.Claims.Perms) + + routes, err := manager.GetAllRoutes(domains) if err != nil { apiError(rw, http.StatusInternalServerError, "Failed to get routes from database") return @@ -44,7 +46,9 @@ func SetupTargetApis(r *httprouter.Router, verify mjwt.Verifier, manager *router // Endpoint for redirects r.GET("/redirect", checkAuthWithPerm(verify, "violet:redirect", func(rw http.ResponseWriter, req *http.Request, params httprouter.Params, b AuthClaims) { - redirects, err := manager.GetAllRedirects() + domains := getDomainOwnershipClaims(b.Claims.Perms) + + redirects, err := manager.GetAllRedirects(domains) if err != nil { apiError(rw, http.StatusInternalServerError, "Failed to get redirects from database") return