mirror of
https://github.com/1f349/violet.git
synced 2024-11-21 19:01:39 +00:00
Add domain specific get request
This commit is contained in:
parent
6559b21c16
commit
52547234b0
@ -16,7 +16,7 @@ func TestCertsNew_Lookup(t *testing.T) {
|
||||
// type to test that certificate files can be found and read correctly. This
|
||||
// uses a MapFS for performance during tests.
|
||||
|
||||
ca, err := certgen.MakeCaTls(4096, pkix.Name{
|
||||
ca, err := certgen.MakeCaTls(2048, pkix.Name{
|
||||
Country: []string{"GB"},
|
||||
Organization: []string{"Violet"},
|
||||
OrganizationalUnit: []string{"Development"},
|
||||
@ -29,7 +29,7 @@ func TestCertsNew_Lookup(t *testing.T) {
|
||||
|
||||
domain := "example.com"
|
||||
sn := int64(1)
|
||||
serverTls, err := certgen.MakeServerTls(ca, 4096, pkix.Name{
|
||||
serverTls, err := certgen.MakeServerTls(ca, 2048, pkix.Name{
|
||||
Country: []string{"GB"},
|
||||
Organization: []string{domain},
|
||||
OrganizationalUnit: []string{domain},
|
||||
@ -63,6 +63,10 @@ func TestCertsNew_Lookup(t *testing.T) {
|
||||
}
|
||||
|
||||
func TestCertsNew_SelfSigned(t *testing.T) {
|
||||
if testing.Short() {
|
||||
return
|
||||
}
|
||||
|
||||
certs := New(nil, nil, true)
|
||||
cc := certs.GetCertForDomain("example.com")
|
||||
leaf := certgen.TlsLeaf(cc)
|
||||
|
3
go.mod
3
go.mod
@ -6,7 +6,7 @@ require (
|
||||
github.com/AlecAivazis/survey/v2 v2.3.7
|
||||
github.com/MrMelon54/certgen v0.0.1
|
||||
github.com/MrMelon54/exit-reload v0.0.1
|
||||
github.com/MrMelon54/mjwt v0.1.1
|
||||
github.com/MrMelon54/mjwt v0.1.3
|
||||
github.com/MrMelon54/png2ico v1.0.1
|
||||
github.com/MrMelon54/rescheduler v0.0.1
|
||||
github.com/MrMelon54/trie v0.0.2
|
||||
@ -23,6 +23,7 @@ require (
|
||||
)
|
||||
|
||||
require (
|
||||
github.com/becheran/wildmatch-go v1.0.0 // indirect
|
||||
github.com/davecgh/go-spew v1.1.1 // indirect
|
||||
github.com/golang-jwt/jwt/v4 v4.5.0 // indirect
|
||||
github.com/kballard/go-shellquote v0.0.0-20180428030007-95032a82bc51 // indirect
|
||||
|
4
go.sum
4
go.sum
@ -6,6 +6,8 @@ github.com/MrMelon54/exit-reload v0.0.1 h1:sxHa59tNEQMcikwuX2+93lw6Vi1+R7oCRF8a0
|
||||
github.com/MrMelon54/exit-reload v0.0.1/go.mod h1:PLiSfmUzwdpTTQP3BBfUPhkqPwaIZjx0DuXBnM76Bug=
|
||||
github.com/MrMelon54/mjwt v0.1.1 h1:m+aTpxbhQCrOPKHN170DQMFR5r938LkviU38unob5Jw=
|
||||
github.com/MrMelon54/mjwt v0.1.1/go.mod h1:oYrDBWK09Hju98xb+bRQ0wy+RuAzacxYvKYOZchR2Tk=
|
||||
github.com/MrMelon54/mjwt v0.1.3 h1:FgwPPxxVgE/+BHIVB9ll1SOdu8nWpjBnAwLdAzzZ5HU=
|
||||
github.com/MrMelon54/mjwt v0.1.3/go.mod h1:JD+ZkffNcuIS05p1oV+nYjgDZ0wLpiWMuTmPBqkVZck=
|
||||
github.com/MrMelon54/png2ico v1.0.1 h1:zJoSSl4OkvSIMWGyGPvb8fWNa0KrUvMIjgNGLNLJhVQ=
|
||||
github.com/MrMelon54/png2ico v1.0.1/go.mod h1:NOv3tO4497mInG+3tcFkIohmxCywUwMLU8WNxJZLVmU=
|
||||
github.com/MrMelon54/rescheduler v0.0.1 h1:gzNvL8X81M00uYN0i9clFVrXCkG1UuLNYxDcvjKyBqo=
|
||||
@ -14,6 +16,8 @@ github.com/MrMelon54/trie v0.0.2 h1:ZXWcX5ij62O9K4I/anuHmVg8L3tF0UGdlPceAASwKEY=
|
||||
github.com/MrMelon54/trie v0.0.2/go.mod h1:sGCGOcqb+DxSxvHgSOpbpkmA7mFZR47YDExy9OCbVZI=
|
||||
github.com/Netflix/go-expect v0.0.0-20220104043353-73e0943537d2 h1:+vx7roKuyA63nhn5WAunQHLTznkw5W8b1Xc0dNjp83s=
|
||||
github.com/Netflix/go-expect v0.0.0-20220104043353-73e0943537d2/go.mod h1:HBCaDeC1lPdgDeDbhX8XFpy1jqjK0IBG8W5K+xYqA0w=
|
||||
github.com/becheran/wildmatch-go v1.0.0 h1:mE3dGGkTmpKtT4Z+88t8RStG40yN9T+kFEGj2PZFSzA=
|
||||
github.com/becheran/wildmatch-go v1.0.0/go.mod h1:gbMvj0NtVdJ15Mg/mH9uxk2R1QCistMyU7d9KFzroX4=
|
||||
github.com/creack/pty v1.1.17 h1:QeVUsEDNrLBW4tMgZHvxy18sKtr6VI492kBhUfhDJNI=
|
||||
github.com/creack/pty v1.1.17/go.mod h1:MOBLtS5ELjhRRrroQr9kyvTxUAFNvYEK993ew/Vr4O4=
|
||||
github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
|
||||
|
@ -8,6 +8,7 @@ import (
|
||||
"github.com/MrMelon54/rescheduler"
|
||||
"log"
|
||||
"net/http"
|
||||
"strings"
|
||||
"sync"
|
||||
)
|
||||
|
||||
@ -140,10 +141,23 @@ func (m *Manager) internalCompile(router *Router) error {
|
||||
return rows.Err()
|
||||
}
|
||||
|
||||
func (m *Manager) GetAllRoutes() ([]target.RouteWithActive, error) {
|
||||
func (m *Manager) GetAllRoutes(hosts []string) ([]target.RouteWithActive, error) {
|
||||
if len(hosts) < 1 {
|
||||
return []target.RouteWithActive{}, nil
|
||||
}
|
||||
|
||||
var searchString strings.Builder
|
||||
searchString.WriteString("WHERE ")
|
||||
for i := range hosts {
|
||||
if i != 0 {
|
||||
searchString.WriteString(" OR ")
|
||||
}
|
||||
searchString.WriteString("source LIKE ?")
|
||||
}
|
||||
|
||||
s := make([]target.RouteWithActive, 0)
|
||||
|
||||
query, err := m.db.Query(`SELECT source, destination, flags, active FROM routes`)
|
||||
query, err := m.db.Query(`SELECT source, destination, flags, active FROM routes `+searchString.String(), hosts)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
@ -169,10 +183,23 @@ func (m *Manager) DeleteRoute(source string) error {
|
||||
return err
|
||||
}
|
||||
|
||||
func (m *Manager) GetAllRedirects() ([]target.RedirectWithActive, error) {
|
||||
func (m *Manager) GetAllRedirects(hosts []string) ([]target.RedirectWithActive, error) {
|
||||
if len(hosts) < 1 {
|
||||
return []target.RedirectWithActive{}, nil
|
||||
}
|
||||
|
||||
var searchString strings.Builder
|
||||
searchString.WriteString("WHERE ")
|
||||
for i := range hosts {
|
||||
if i != 0 {
|
||||
searchString.WriteString(" OR ")
|
||||
}
|
||||
searchString.WriteString("source LIKE ?")
|
||||
}
|
||||
|
||||
s := make([]target.RedirectWithActive, 0)
|
||||
|
||||
query, err := m.db.Query(`SELECT source, destination, flags, code, active FROM redirects`)
|
||||
query, err := m.db.Query(`SELECT source, destination, flags, code, active FROM redirects `+searchString.String(), hosts)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
@ -86,11 +86,21 @@ func acmeChallengeManage(verify mjwt.Verifier, domains utils.DomainProvider, acm
|
||||
})
|
||||
}
|
||||
|
||||
// getDomainOwnershipClaims returns the domains marked as owned from PermStorage,
|
||||
// they match `domain:owns=<fqdn>` where fqdn will be returned
|
||||
func getDomainOwnershipClaims(perms *claims.PermStorage) []string {
|
||||
a := perms.Search("domain:owns=")
|
||||
for i := range a {
|
||||
a[i] = a[i][len("domain:owns="):]
|
||||
}
|
||||
return a
|
||||
}
|
||||
|
||||
// validateDomainOwnershipClaims validates if the claims contain the
|
||||
// `owns=<fqdn>` field with the matching top level domain
|
||||
// `domain:owns=<fqdn>` field with the matching top level domain
|
||||
func validateDomainOwnershipClaims(a string, perms *claims.PermStorage) bool {
|
||||
if fqdn, ok := utils.GetTopFqdn(a); ok {
|
||||
if perms.Has("owns=" + fqdn) {
|
||||
if perms.Has("domain:owns=" + fqdn) {
|
||||
return true
|
||||
}
|
||||
}
|
||||
|
@ -15,7 +15,9 @@ import (
|
||||
func SetupTargetApis(r *httprouter.Router, verify mjwt.Verifier, manager *router.Manager) {
|
||||
// Endpoint for routes
|
||||
r.GET("/route", checkAuthWithPerm(verify, "violet:route", func(rw http.ResponseWriter, req *http.Request, params httprouter.Params, b AuthClaims) {
|
||||
routes, err := manager.GetAllRoutes()
|
||||
domains := getDomainOwnershipClaims(b.Claims.Perms)
|
||||
|
||||
routes, err := manager.GetAllRoutes(domains)
|
||||
if err != nil {
|
||||
apiError(rw, http.StatusInternalServerError, "Failed to get routes from database")
|
||||
return
|
||||
@ -44,7 +46,9 @@ func SetupTargetApis(r *httprouter.Router, verify mjwt.Verifier, manager *router
|
||||
|
||||
// Endpoint for redirects
|
||||
r.GET("/redirect", checkAuthWithPerm(verify, "violet:redirect", func(rw http.ResponseWriter, req *http.Request, params httprouter.Params, b AuthClaims) {
|
||||
redirects, err := manager.GetAllRedirects()
|
||||
domains := getDomainOwnershipClaims(b.Claims.Perms)
|
||||
|
||||
redirects, err := manager.GetAllRedirects(domains)
|
||||
if err != nil {
|
||||
apiError(rw, http.StatusInternalServerError, "Failed to get redirects from database")
|
||||
return
|
||||
|
Loading…
Reference in New Issue
Block a user