Add domain specific get request

This commit is contained in:
Melon 2023-10-27 09:16:52 +01:00
parent 6559b21c16
commit 52547234b0
Signed by: melon
GPG Key ID: 6C9D970C50D26A25
6 changed files with 61 additions and 11 deletions

View File

@ -16,7 +16,7 @@ func TestCertsNew_Lookup(t *testing.T) {
// type to test that certificate files can be found and read correctly. This
// uses a MapFS for performance during tests.
ca, err := certgen.MakeCaTls(4096, pkix.Name{
ca, err := certgen.MakeCaTls(2048, pkix.Name{
Country: []string{"GB"},
Organization: []string{"Violet"},
OrganizationalUnit: []string{"Development"},
@ -29,7 +29,7 @@ func TestCertsNew_Lookup(t *testing.T) {
domain := "example.com"
sn := int64(1)
serverTls, err := certgen.MakeServerTls(ca, 4096, pkix.Name{
serverTls, err := certgen.MakeServerTls(ca, 2048, pkix.Name{
Country: []string{"GB"},
Organization: []string{domain},
OrganizationalUnit: []string{domain},
@ -63,6 +63,10 @@ func TestCertsNew_Lookup(t *testing.T) {
}
func TestCertsNew_SelfSigned(t *testing.T) {
if testing.Short() {
return
}
certs := New(nil, nil, true)
cc := certs.GetCertForDomain("example.com")
leaf := certgen.TlsLeaf(cc)

3
go.mod
View File

@ -6,7 +6,7 @@ require (
github.com/AlecAivazis/survey/v2 v2.3.7
github.com/MrMelon54/certgen v0.0.1
github.com/MrMelon54/exit-reload v0.0.1
github.com/MrMelon54/mjwt v0.1.1
github.com/MrMelon54/mjwt v0.1.3
github.com/MrMelon54/png2ico v1.0.1
github.com/MrMelon54/rescheduler v0.0.1
github.com/MrMelon54/trie v0.0.2
@ -23,6 +23,7 @@ require (
)
require (
github.com/becheran/wildmatch-go v1.0.0 // indirect
github.com/davecgh/go-spew v1.1.1 // indirect
github.com/golang-jwt/jwt/v4 v4.5.0 // indirect
github.com/kballard/go-shellquote v0.0.0-20180428030007-95032a82bc51 // indirect

4
go.sum
View File

@ -6,6 +6,8 @@ github.com/MrMelon54/exit-reload v0.0.1 h1:sxHa59tNEQMcikwuX2+93lw6Vi1+R7oCRF8a0
github.com/MrMelon54/exit-reload v0.0.1/go.mod h1:PLiSfmUzwdpTTQP3BBfUPhkqPwaIZjx0DuXBnM76Bug=
github.com/MrMelon54/mjwt v0.1.1 h1:m+aTpxbhQCrOPKHN170DQMFR5r938LkviU38unob5Jw=
github.com/MrMelon54/mjwt v0.1.1/go.mod h1:oYrDBWK09Hju98xb+bRQ0wy+RuAzacxYvKYOZchR2Tk=
github.com/MrMelon54/mjwt v0.1.3 h1:FgwPPxxVgE/+BHIVB9ll1SOdu8nWpjBnAwLdAzzZ5HU=
github.com/MrMelon54/mjwt v0.1.3/go.mod h1:JD+ZkffNcuIS05p1oV+nYjgDZ0wLpiWMuTmPBqkVZck=
github.com/MrMelon54/png2ico v1.0.1 h1:zJoSSl4OkvSIMWGyGPvb8fWNa0KrUvMIjgNGLNLJhVQ=
github.com/MrMelon54/png2ico v1.0.1/go.mod h1:NOv3tO4497mInG+3tcFkIohmxCywUwMLU8WNxJZLVmU=
github.com/MrMelon54/rescheduler v0.0.1 h1:gzNvL8X81M00uYN0i9clFVrXCkG1UuLNYxDcvjKyBqo=
@ -14,6 +16,8 @@ github.com/MrMelon54/trie v0.0.2 h1:ZXWcX5ij62O9K4I/anuHmVg8L3tF0UGdlPceAASwKEY=
github.com/MrMelon54/trie v0.0.2/go.mod h1:sGCGOcqb+DxSxvHgSOpbpkmA7mFZR47YDExy9OCbVZI=
github.com/Netflix/go-expect v0.0.0-20220104043353-73e0943537d2 h1:+vx7roKuyA63nhn5WAunQHLTznkw5W8b1Xc0dNjp83s=
github.com/Netflix/go-expect v0.0.0-20220104043353-73e0943537d2/go.mod h1:HBCaDeC1lPdgDeDbhX8XFpy1jqjK0IBG8W5K+xYqA0w=
github.com/becheran/wildmatch-go v1.0.0 h1:mE3dGGkTmpKtT4Z+88t8RStG40yN9T+kFEGj2PZFSzA=
github.com/becheran/wildmatch-go v1.0.0/go.mod h1:gbMvj0NtVdJ15Mg/mH9uxk2R1QCistMyU7d9KFzroX4=
github.com/creack/pty v1.1.17 h1:QeVUsEDNrLBW4tMgZHvxy18sKtr6VI492kBhUfhDJNI=
github.com/creack/pty v1.1.17/go.mod h1:MOBLtS5ELjhRRrroQr9kyvTxUAFNvYEK993ew/Vr4O4=
github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=

View File

@ -8,6 +8,7 @@ import (
"github.com/MrMelon54/rescheduler"
"log"
"net/http"
"strings"
"sync"
)
@ -140,10 +141,23 @@ func (m *Manager) internalCompile(router *Router) error {
return rows.Err()
}
func (m *Manager) GetAllRoutes() ([]target.RouteWithActive, error) {
func (m *Manager) GetAllRoutes(hosts []string) ([]target.RouteWithActive, error) {
if len(hosts) < 1 {
return []target.RouteWithActive{}, nil
}
var searchString strings.Builder
searchString.WriteString("WHERE ")
for i := range hosts {
if i != 0 {
searchString.WriteString(" OR ")
}
searchString.WriteString("source LIKE ?")
}
s := make([]target.RouteWithActive, 0)
query, err := m.db.Query(`SELECT source, destination, flags, active FROM routes`)
query, err := m.db.Query(`SELECT source, destination, flags, active FROM routes `+searchString.String(), hosts)
if err != nil {
return nil, err
}
@ -169,10 +183,23 @@ func (m *Manager) DeleteRoute(source string) error {
return err
}
func (m *Manager) GetAllRedirects() ([]target.RedirectWithActive, error) {
func (m *Manager) GetAllRedirects(hosts []string) ([]target.RedirectWithActive, error) {
if len(hosts) < 1 {
return []target.RedirectWithActive{}, nil
}
var searchString strings.Builder
searchString.WriteString("WHERE ")
for i := range hosts {
if i != 0 {
searchString.WriteString(" OR ")
}
searchString.WriteString("source LIKE ?")
}
s := make([]target.RedirectWithActive, 0)
query, err := m.db.Query(`SELECT source, destination, flags, code, active FROM redirects`)
query, err := m.db.Query(`SELECT source, destination, flags, code, active FROM redirects `+searchString.String(), hosts)
if err != nil {
return nil, err
}

View File

@ -86,11 +86,21 @@ func acmeChallengeManage(verify mjwt.Verifier, domains utils.DomainProvider, acm
})
}
// getDomainOwnershipClaims returns the domains marked as owned from PermStorage,
// they match `domain:owns=<fqdn>` where fqdn will be returned
func getDomainOwnershipClaims(perms *claims.PermStorage) []string {
a := perms.Search("domain:owns=")
for i := range a {
a[i] = a[i][len("domain:owns="):]
}
return a
}
// validateDomainOwnershipClaims validates if the claims contain the
// `owns=<fqdn>` field with the matching top level domain
// `domain:owns=<fqdn>` field with the matching top level domain
func validateDomainOwnershipClaims(a string, perms *claims.PermStorage) bool {
if fqdn, ok := utils.GetTopFqdn(a); ok {
if perms.Has("owns=" + fqdn) {
if perms.Has("domain:owns=" + fqdn) {
return true
}
}

View File

@ -15,7 +15,9 @@ import (
func SetupTargetApis(r *httprouter.Router, verify mjwt.Verifier, manager *router.Manager) {
// Endpoint for routes
r.GET("/route", checkAuthWithPerm(verify, "violet:route", func(rw http.ResponseWriter, req *http.Request, params httprouter.Params, b AuthClaims) {
routes, err := manager.GetAllRoutes()
domains := getDomainOwnershipClaims(b.Claims.Perms)
routes, err := manager.GetAllRoutes(domains)
if err != nil {
apiError(rw, http.StatusInternalServerError, "Failed to get routes from database")
return
@ -44,7 +46,9 @@ func SetupTargetApis(r *httprouter.Router, verify mjwt.Verifier, manager *router
// Endpoint for redirects
r.GET("/redirect", checkAuthWithPerm(verify, "violet:redirect", func(rw http.ResponseWriter, req *http.Request, params httprouter.Params, b AuthClaims) {
redirects, err := manager.GetAllRedirects()
domains := getDomainOwnershipClaims(b.Claims.Perms)
redirects, err := manager.GetAllRedirects(domains)
if err != nil {
apiError(rw, http.StatusInternalServerError, "Failed to get redirects from database")
return