acme-dns/api.go

92 lines
2.8 KiB
Go
Raw Normal View History

2016-11-11 21:48:00 +07:00
package main
import (
"errors"
"fmt"
2016-11-26 20:42:35 +07:00
log "github.com/Sirupsen/logrus"
2016-11-11 21:48:00 +07:00
"github.com/kataras/iris"
)
2016-11-23 23:07:38 +07:00
// Serve is an authentication middlware function used to authenticate update requests
func (a authMiddleware) Serve(ctx *iris.Context) {
2016-11-17 00:15:36 +07:00
usernameStr := ctx.RequestHeader("X-Api-User")
2016-11-13 19:50:44 +07:00
password := ctx.RequestHeader("X-Api-Key")
postData := ACMETxt{}
2016-11-13 19:50:44 +07:00
2016-11-23 22:11:31 +07:00
username, err := getValidUsername(usernameStr)
if err == nil && validKey(password) {
2016-11-13 19:50:44 +07:00
au, err := DB.GetByUsername(username)
2016-11-23 22:11:31 +07:00
if err == nil && correctPassword(password, au.Password) {
// Password ok
2016-11-21 17:59:35 +07:00
if err := ctx.ReadJSON(&postData); err == nil {
// Check that the subdomain belongs to the user
if au.Subdomain == postData.Subdomain {
ctx.Next()
return
}
} else {
ctx.JSON(iris.StatusBadRequest, iris.Map{"error": "bad data"})
return
}
2016-11-13 19:50:44 +07:00
}
// To protect against timed side channel (never gonna give you up)
2016-11-23 22:11:31 +07:00
correctPassword(password, "$2a$10$8JEFVNYYhLoBysjAxe2yBuXrkDojBQBkVpXEQgyQyjn43SvJ4vL36")
2016-11-13 19:50:44 +07:00
}
ctx.JSON(iris.StatusUnauthorized, iris.Map{"error": "unauthorized"})
}
2016-11-23 23:07:38 +07:00
func webRegisterPost(ctx *iris.Context) {
2016-11-11 21:48:00 +07:00
// Create new user
nu, err := DB.Register()
2016-11-17 00:15:36 +07:00
var regJSON iris.Map
var regStatus int
2016-11-11 21:48:00 +07:00
if err != nil {
errstr := fmt.Sprintf("%v", err)
regJSON = iris.Map{"error": errstr}
2016-11-17 00:15:36 +07:00
regStatus = iris.StatusInternalServerError
2016-11-26 20:42:35 +07:00
log.WithFields(log.Fields{"error": err.Error()}).Debug("Error in registration")
2016-11-11 21:48:00 +07:00
} else {
2016-11-17 00:15:36 +07:00
regJSON = iris.Map{"username": nu.Username, "password": nu.Password, "fulldomain": nu.Subdomain + "." + DNSConf.General.Domain, "subdomain": nu.Subdomain}
regStatus = iris.StatusCreated
2016-11-17 22:52:55 +07:00
2016-11-26 20:42:35 +07:00
log.WithFields(log.Fields{"user": nu.Username.String()}).Debug("Created new user")
2016-11-11 21:48:00 +07:00
}
2016-11-17 00:15:36 +07:00
ctx.JSON(regStatus, regJSON)
2016-11-11 21:48:00 +07:00
}
2016-11-23 23:07:38 +07:00
func webRegisterGet(ctx *iris.Context) {
2016-11-11 21:48:00 +07:00
// This is placeholder for now
2016-11-23 23:07:38 +07:00
webRegisterPost(ctx)
2016-11-11 21:48:00 +07:00
}
2016-11-23 23:07:38 +07:00
func webUpdatePost(ctx *iris.Context) {
2016-11-13 19:50:44 +07:00
// User auth done in middleware
2016-11-17 00:15:36 +07:00
a := ACMETxt{}
userStr := ctx.RequestHeader("X-API-User")
// Already checked in auth middlware
username, _ := getValidUsername(userStr)
// Already checked in auth middleware
_ = ctx.ReadJSON(&a)
2016-11-13 19:50:44 +07:00
a.Username = username
// Do update
2016-11-23 22:11:31 +07:00
if validSubdomain(a.Subdomain) && validTXT(a.Value) {
2016-11-13 19:50:44 +07:00
err := DB.Update(a)
if err != nil {
2016-11-26 20:42:35 +07:00
log.WithFields(log.Fields{"error": err.Error()}).Debug("Error while trying to update record")
2016-11-23 23:07:38 +07:00
webUpdatePostError(ctx, errors.New("internal error"), iris.StatusInternalServerError)
2016-11-11 21:48:00 +07:00
return
}
2016-11-13 19:50:44 +07:00
ctx.JSON(iris.StatusOK, iris.Map{"txt": a.Value})
} else {
2016-11-26 20:42:35 +07:00
log.WithFields(log.Fields{"subdomain": a.Subdomain, "txt": a.Value}).Debug("Bad data for subdomain")
2016-11-23 23:07:38 +07:00
webUpdatePostError(ctx, errors.New("bad data"), iris.StatusBadRequest)
2016-11-13 19:50:44 +07:00
return
2016-11-11 21:48:00 +07:00
}
}
2016-11-23 23:07:38 +07:00
func webUpdatePostError(ctx *iris.Context, err error, status int) {
2016-11-17 00:15:36 +07:00
errStr := fmt.Sprintf("%v", err)
updJSON := iris.Map{"error": errStr}
ctx.JSON(status, updJSON)
2016-11-11 21:48:00 +07:00
}