Move /waygate/authorize into waygate library

2025-02-25 18:55:29 -06:00 · 2022-03-08 11:11:03 -07:00 · 2022-03-08 11:11:03 -07:00 · 42cbf1abe2
commit 42cbf1abe2
parent da4b2d1035
4 changed files with 48 additions and 84 deletions
--- a/api.go
+++ b/api.go
@ -618,6 +618,37 @@ func (a *Api) DeleteClient(tokenData TokenData, ownerId, clientId string) error
 	return nil
 }

+func (a *Api) GetDomainNames(r *http.Request) ([]string, error) {
+
+	token, err := extractToken("access_token", r)
+	if err != nil {
+		return nil, errors.New("No access token")
+	}
+
+	tokenData, exists := a.db.GetLegacyTokenData(token)
+	if !exists {
+		return nil, errors.New("Error getting token")
+	}
+
+	if tokenData.Client != "" {
+		return nil, errors.New("Attempted to use client token")
+	}
+
+	domainMap := a.GetDomains(tokenData)
+
+	domains := []string{}
+
+	for domainName, _ := range domainMap {
+		domains = append(domains, domainName)
+	}
+
+	if len(domains) == 0 {
+		return nil, errors.New("No domains")
+	}
+
+	return domains, nil
+}
+
 func (a *Api) GetDomains(tokenData TokenData) map[string]Domain {

 	user, _ := a.db.GetUser(tokenData.Owner)
--- a/boringproxy.go
+++ b/boringproxy.go
@ -96,18 +96,6 @@ func Listen() {
 		fmt.Printf("WARNING: Failed to access %s:%d from the internet\n", ip, *httpsPort)
 	}

-	user, err := user.Current()
-	if err != nil {
-		log.Fatalf("Unable to get current user: %v", err)
-	}
-	waygateServer := waygate.NewServer(db)
-	waygateServer.SshConfig = &waygate.SshConfig{
-		ServerAddress:      db.GetAdminDomain(),
-		ServerPort:         *sshServerPort,
-		Username:           user.Username,
-		AuthorizedKeysPath: filepath.Join(user.HomeDir, ".ssh", "authorized_keys"),
-	}
-
 	autoCerts := true
 	if *httpPort != 80 || *httpsPort != 443 {
 		fmt.Printf("WARNING: LetsEncrypt only supports HTTP/HTTPS ports 80/443. You are using %d/%d. Disabling automatic certificate management\n", *httpPort, *httpsPort)
@ -191,6 +179,18 @@ func Listen() {

 	api := NewApi(config, db, auth, tunMan)

+	user, err := user.Current()
+	if err != nil {
+		log.Fatalf("Unable to get current user: %v", err)
+	}
+	waygateServer := waygate.NewServer(db, api)
+	waygateServer.SshConfig = &waygate.SshConfig{
+		ServerAddress:      db.GetAdminDomain(),
+		ServerPort:         *sshServerPort,
+		Username:           user.Username,
+		AuthorizedKeysPath: filepath.Join(user.HomeDir, ".ssh", "authorized_keys"),
+	}
+
 	webUiHandler := NewWebUiHandler(config, db, api, auth)

 	httpClient := &http.Client{
@ -212,9 +212,9 @@ func Listen() {

 	http.Handle("/waygate/", http.StripPrefix("/waygate", waygateServer))
 	// TODO: This feels like a bit of a hack.
-	http.HandleFunc("/waygate/authorize", func(w http.ResponseWriter, r *http.Request) {
-		webUiHandler.handleWebUiRequest(w, r)
-	})
+	//http.HandleFunc("/waygate/authorize", func(w http.ResponseWriter, r *http.Request) {
+	//	webUiHandler.handleWebUiRequest(w, r)
+	//})
 	http.HandleFunc("/waygate/authorized", func(w http.ResponseWriter, r *http.Request) {
 		webUiHandler.handleWebUiRequest(w, r)
 	})
--- a/templates/authorize.tmpl
+++ b/templates/authorize.tmpl
@ -1,27 +0,0 @@
-<p>
-  A service is requesting to create a tunnel. If you want to approve this action, select a domain below.
-</p>
-
-<h1>Select Domain</h1>
-
-<form action="/waygate/authorized" method="POST">
-  <input type="hidden" name="client_id" value="{{.AuthRequest.ClientId}}" required>
-  <input type="hidden" name="redirect_uri" value="{{.AuthRequest.RedirectUri}}" required>
-  <input type="hidden" name="scope" value="{{.AuthRequest.Scope}}" required>
-  <input type="hidden" name="state" value="{{.AuthRequest.State}}" required>
-
-  <div>
-    <input type="text" name="host" placeholder="Subdomain" required>
-    <span>.</span>
-    <select id="domain-input" name="domain">
-      {{range $domainName := $.Domains}}
-      <option>{{$domainName}}</option>
-      {{ end }}
-    </select>
-  </div>
-
-  <div class='tn-button-row'>
-    <button class='button'>Approve</button>
-    <button class='button' formaction="/deny">Deny</button>
-  </div>
-</form>
--- a/ui_handler.go
+++ b/ui_handler.go
@ -72,6 +72,7 @@ func NewWebUiHandler(config *Config, db *Database, api *Api, auth *Auth) *WebUiH

 func (h *WebUiHandler) handleWebUiRequest(w http.ResponseWriter, r *http.Request) {

+	// TODO: Still want to be parsing this at runtime?
 	var err error
 	h.tmpl, err = template.ParseFS(fs, "templates/*.tmpl")
 	if err != nil {
@ -99,8 +100,8 @@ func (h *WebUiHandler) handleWebUiRequest(w http.ResponseWriter, r *http.Request

 	user, _ := h.db.GetUser(tokenData.Owner)

+	// TODO: is this used/doing anything?
 	tunnels := h.api.GetTunnels(tokenData)
-
 	for domain, tun := range tunnels {
 		tunnels[domain] = tun
 	}
@ -164,47 +165,6 @@ func (h *WebUiHandler) handleWebUiRequest(w http.ResponseWriter, r *http.Request
 		}

 		return
-
-	case "/waygate/authorize":
-		if r.Method != "GET" {
-			w.WriteHeader(405)
-			h.alertDialog(w, r, err.Error(), "/")
-			return
-		}
-
-		r.ParseForm()
-
-		authReq, err := waygate.ExtractAuthRequest(r)
-		if err != nil {
-			w.WriteHeader(400)
-			h.alertDialog(w, r, err.Error(), "/")
-			return
-		}
-
-		wildcardDomains := []string{}
-
-		domains := h.api.GetDomains(tokenData)
-
-		for domainName, _ := range domains {
-			if strings.HasPrefix(domainName, "*.") {
-				wildcardDomains = append(wildcardDomains, domainName[2:])
-			}
-		}
-
-		data := struct {
-			Domains     []string
-			AuthRequest *waygate.AuthRequest
-		}{
-			Domains:     wildcardDomains,
-			AuthRequest: authReq,
-		}
-
-		err = h.tmpl.ExecuteTemplate(w, "authorize.tmpl", data)
-		if err != nil {
-			w.WriteHeader(500)
-			h.alertDialog(w, r, err.Error(), "/")
-			return
-		}
 	case "/login":
 		h.handleLogin(w, r)
 	case "/users":