euclide
/
openvpn-mgt
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
openvpn-mgt/httpd.go

186 lines
4.2 KiB
Go
Raw Blame History

package main
import (
"bufio"
"bytes"
"crypto/tls"
"crypto/x509"
"encoding/json"
"fmt"
"io"
"io/ioutil"
"log"
"net/http"
"os"
"strings"
)
type jsonInput struct {
Action string `json:"action"`
Params jsonInputParams `json:"params"`
}
type jsonInputParams struct {
Id int `json:"id"`
Session string `json:"session"`
}
type HttpServer struct {
Port string
ovpn *OpenVpnMgt
key string
cert string
minProfile string
neededProfiles []string
certPool *x509.CertPool
}
func parseJsonQuery(r *http.Request) (*jsonInput, error) {
var in jsonInput
body, err := ioutil.ReadAll(r.Body)
if err != nil {
return nil, err
}
if err = json.Unmarshal(body, &in); err !=
nil {
return nil, err
}
return &in, nil
}
func (h *HttpServer) handler(w http.ResponseWriter, r *http.Request) {
w.Header().Set("Content-type", "application/javascript")
fmt.Fprintf(w, "\n")
}
func (h *HttpServer) versionHandler(w http.ResponseWriter, r *http.Request) {
err, message := h.ovpn.Version()
if err != nil {
fmt.Fprintf(w, "Error : %s", err)
}
jsonStr, err := json.Marshal(message)
if err != nil {
fmt.Fprintf(w, "Error : %s", err)
}
fmt.Fprintf(w, "%s", jsonStr)
}
func (h *HttpServer) helpHandler(w http.ResponseWriter, r *http.Request) {
err, message := h.ovpn.Help()
if err != nil {
fmt.Fprintf(w, "Error : %s", err)
}
jsonStr, err := json.Marshal(message)
if err != nil {
fmt.Fprintf(w, "Error : %s", err)
}
fmt.Fprintf(w, "%s", jsonStr)
}
func (h *HttpServer) ajaxHandler(w http.ResponseWriter, r *http.Request) {
var sslUsage = []x509.ExtKeyUsage{x509.ExtKeyUsageAny}
w.Header().Set("Content-type", "application/json")
// deactivate if there is no https auth
if h.key == "" || h.cert == "" || h.certPool == nil {
http.Error(w, "No security, deactivated", 403)
return
}
// add CORS headers
w.Header().Set("Access-Control-Allow-Origin", r.Header.Get("Origin"))
w.Header().Set("Access-Control-Allow-Methods", "POST")
w.Header().Set("Access-Control-Allow-Credentials", "true")
w.Header().Set("Access-Control-Allow-Headers", "content-type, accept, origin, user-agent, Accept-Encoding")
// stop here if the method is OPTIONS, to allow CORS to work
if r.Method == "OPTIONS" {
return
}
// stop here if the method is OPTIONS, to allow CORS to work
if r.Method != "POST" {
http.Error(w, "post only", 405)
return
}
// ssl auth
if len(r.TLS.PeerCertificates) == 0 {
log.Println(len(r.TLS.PeerCertificates))
http.Error(w, "Need certificate", 403)
return
}
opts := x509.VerifyOptions{Roots: h.certPool, KeyUsages: sslUsage}
if _, err := r.TLS.PeerCertificates[0].Verify(opts); err != nil {
http.Error(w, "Bad certificate", 403)
return
}
webuser := strings.Replace(r.TLS.PeerCertificates[0].Subject.CommonName, " ", "", -1)
//TODO security
log.Printf("%s is connected via the web interfaces\n", webuser)
req, err := parseJsonQuery(r)
if err != nil {
log.Println(err)
http.Error(w, "Invalid request", 500)
return
}
switch req.Action {
case "stats":
case "kill":
default:
http.Error(w, "Invalid request", 500)
}
return
}
func NewHTTPServer(port, key, cert, ca, minProfile string, neededProfiles []string, s *OpenVpnMgt) {
h := &HttpServer{
Port: port,
ovpn: s,
key: key,
cert: cert,
minProfile: minProfile,
neededProfiles: neededProfiles,
}
http.HandleFunc("/help", h.helpHandler)
http.HandleFunc("/ajax", h.ajaxHandler)
http.HandleFunc("/version", h.versionHandler)
http.HandleFunc("/", h.handler)
switch {
case key == "" || cert == "":
log.Fatal(http.ListenAndServe(port, nil))
case ca != "":
h.certPool = x509.NewCertPool()
fi, err := os.Open(ca)
if err != nil {
log.Fatal(err)
}
defer fi.Close()
buf := new(bytes.Buffer)
reader := bufio.NewReader(fi)
io.Copy(buf, reader)
if ok := h.certPool.AppendCertsFromPEM(buf.Bytes()); !ok {
log.Fatal("Failed to append PEM.")
}
server := &http.Server{
Addr: port,
TLSConfig: &tls.Config{
ClientAuth: tls.RequireAndVerifyClientCert,
ClientCAs: h.certPool,
},
}
log.Fatal(server.ListenAndServeTLS(cert, key))
default:
log.Fatal(http.ListenAndServeTLS(port, cert, key, nil))
}
}
Reference in New Issue View Git Blame Copy Permalink