Move /waygate/authorize into waygate library

This commit is contained in:
Anders Pitman 2022-03-08 11:11:03 -07:00
parent da4b2d1035
commit 42cbf1abe2
4 changed files with 48 additions and 84 deletions

31
api.go
View File

@ -618,6 +618,37 @@ func (a *Api) DeleteClient(tokenData TokenData, ownerId, clientId string) error
return nil
}
func (a *Api) GetDomainNames(r *http.Request) ([]string, error) {
token, err := extractToken("access_token", r)
if err != nil {
return nil, errors.New("No access token")
}
tokenData, exists := a.db.GetLegacyTokenData(token)
if !exists {
return nil, errors.New("Error getting token")
}
if tokenData.Client != "" {
return nil, errors.New("Attempted to use client token")
}
domainMap := a.GetDomains(tokenData)
domains := []string{}
for domainName, _ := range domainMap {
domains = append(domains, domainName)
}
if len(domains) == 0 {
return nil, errors.New("No domains")
}
return domains, nil
}
func (a *Api) GetDomains(tokenData TokenData) map[string]Domain {
user, _ := a.db.GetUser(tokenData.Owner)

View File

@ -96,18 +96,6 @@ func Listen() {
fmt.Printf("WARNING: Failed to access %s:%d from the internet\n", ip, *httpsPort)
}
user, err := user.Current()
if err != nil {
log.Fatalf("Unable to get current user: %v", err)
}
waygateServer := waygate.NewServer(db)
waygateServer.SshConfig = &waygate.SshConfig{
ServerAddress: db.GetAdminDomain(),
ServerPort: *sshServerPort,
Username: user.Username,
AuthorizedKeysPath: filepath.Join(user.HomeDir, ".ssh", "authorized_keys"),
}
autoCerts := true
if *httpPort != 80 || *httpsPort != 443 {
fmt.Printf("WARNING: LetsEncrypt only supports HTTP/HTTPS ports 80/443. You are using %d/%d. Disabling automatic certificate management\n", *httpPort, *httpsPort)
@ -191,6 +179,18 @@ func Listen() {
api := NewApi(config, db, auth, tunMan)
user, err := user.Current()
if err != nil {
log.Fatalf("Unable to get current user: %v", err)
}
waygateServer := waygate.NewServer(db, api)
waygateServer.SshConfig = &waygate.SshConfig{
ServerAddress: db.GetAdminDomain(),
ServerPort: *sshServerPort,
Username: user.Username,
AuthorizedKeysPath: filepath.Join(user.HomeDir, ".ssh", "authorized_keys"),
}
webUiHandler := NewWebUiHandler(config, db, api, auth)
httpClient := &http.Client{
@ -212,9 +212,9 @@ func Listen() {
http.Handle("/waygate/", http.StripPrefix("/waygate", waygateServer))
// TODO: This feels like a bit of a hack.
http.HandleFunc("/waygate/authorize", func(w http.ResponseWriter, r *http.Request) {
webUiHandler.handleWebUiRequest(w, r)
})
//http.HandleFunc("/waygate/authorize", func(w http.ResponseWriter, r *http.Request) {
// webUiHandler.handleWebUiRequest(w, r)
//})
http.HandleFunc("/waygate/authorized", func(w http.ResponseWriter, r *http.Request) {
webUiHandler.handleWebUiRequest(w, r)
})

View File

@ -1,27 +0,0 @@
<p>
A service is requesting to create a tunnel. If you want to approve this action, select a domain below.
</p>
<h1>Select Domain</h1>
<form action="/waygate/authorized" method="POST">
<input type="hidden" name="client_id" value="{{.AuthRequest.ClientId}}" required>
<input type="hidden" name="redirect_uri" value="{{.AuthRequest.RedirectUri}}" required>
<input type="hidden" name="scope" value="{{.AuthRequest.Scope}}" required>
<input type="hidden" name="state" value="{{.AuthRequest.State}}" required>
<div>
<input type="text" name="host" placeholder="Subdomain" required>
<span>.</span>
<select id="domain-input" name="domain">
{{range $domainName := $.Domains}}
<option>{{$domainName}}</option>
{{ end }}
</select>
</div>
<div class='tn-button-row'>
<button class='button'>Approve</button>
<button class='button' formaction="/deny">Deny</button>
</div>
</form>

View File

@ -72,6 +72,7 @@ func NewWebUiHandler(config *Config, db *Database, api *Api, auth *Auth) *WebUiH
func (h *WebUiHandler) handleWebUiRequest(w http.ResponseWriter, r *http.Request) {
// TODO: Still want to be parsing this at runtime?
var err error
h.tmpl, err = template.ParseFS(fs, "templates/*.tmpl")
if err != nil {
@ -99,8 +100,8 @@ func (h *WebUiHandler) handleWebUiRequest(w http.ResponseWriter, r *http.Request
user, _ := h.db.GetUser(tokenData.Owner)
// TODO: is this used/doing anything?
tunnels := h.api.GetTunnels(tokenData)
for domain, tun := range tunnels {
tunnels[domain] = tun
}
@ -164,47 +165,6 @@ func (h *WebUiHandler) handleWebUiRequest(w http.ResponseWriter, r *http.Request
}
return
case "/waygate/authorize":
if r.Method != "GET" {
w.WriteHeader(405)
h.alertDialog(w, r, err.Error(), "/")
return
}
r.ParseForm()
authReq, err := waygate.ExtractAuthRequest(r)
if err != nil {
w.WriteHeader(400)
h.alertDialog(w, r, err.Error(), "/")
return
}
wildcardDomains := []string{}
domains := h.api.GetDomains(tokenData)
for domainName, _ := range domains {
if strings.HasPrefix(domainName, "*.") {
wildcardDomains = append(wildcardDomains, domainName[2:])
}
}
data := struct {
Domains []string
AuthRequest *waygate.AuthRequest
}{
Domains: wildcardDomains,
AuthRequest: authReq,
}
err = h.tmpl.ExecuteTemplate(w, "authorize.tmpl", data)
if err != nil {
w.WriteHeader(500)
h.alertDialog(w, r, err.Error(), "/")
return
}
case "/login":
h.handleLogin(w, r)
case "/users":