mirror
/
wg-easy
mirror of https://github.com/wg-easy/wg-easy
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

start adding a better permission handler

pull/1619/head
Bernd Storath 5 months ago
parent
a07ba7fc91
commit
93e42c05c0
11 changed files with 213 additions and 12 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 15
      src/server/database/repositories/sessionConfig/schema.ts
  2. 26
      src/server/database/repositories/sessionConfig/service.ts
  3. 29
      src/server/database/repositories/user/service.ts
  4. 4
      src/server/database/repositories/user/types.ts
  5. 5
      src/server/database/schema.ts
  6. 13
      src/server/database/sqlite.ts
  7. 1
      src/server/utils/Database.ts
  8. 7
      src/server/utils/WireGuard.ts
  9. 101
      src/server/utils/handler.ts
  10. 22
      src/server/utils/session.ts

15
src/server/database/repositories/sessionConfig/schema.ts
View File

@ -0,0 +1,15 @@
import { sql } from 'drizzle-orm';
import { int, sqliteTable, text } from 'drizzle-orm/sqlite-core';
export const sessionConfig = sqliteTable('session_config_table', {
// limit to one entry
id: int().primaryKey({ autoIncrement: false }).default(1),
password: text().notNull(),
createdAt: text('created_at')
.notNull()
.default(sql`(CURRENT_TIMESTAMP)`),
updatedAt: text('updated_at')
.notNull()
.default(sql`(CURRENT_TIMESTAMP)`)
.$onUpdate(() => sql`(CURRENT_TIMESTAMP)`),
});

26
src/server/database/repositories/sessionConfig/service.ts
View File

@ -0,0 +1,26 @@
import type { DBType } from '#db/sqlite';
function createPreparedStatement(db: DBType) {
return {
find: db.query.sessionConfig.findFirst().prepare(),
};
}
export class SessionConfigService {
#statements: ReturnType<typeof createPreparedStatement>;
constructor(db: DBType) {
this.#statements = createPreparedStatement(db);
}
/**
* @throws
*/
async get() {
const result = await this.#statements.find.all();
if (!result) {
throw new Error('Session Config not found');
}
return result;
}
}

29
src/server/database/repositories/user/service.ts
View File

@ -0,0 +1,29 @@
import type { DBType } from '#db/sqlite';
import { eq, sql } from 'drizzle-orm';
import { user } from './schema';
import type { ID } from '../../schema';
function createPreparedStatement(db: DBType) {
return {
findAll: db.query.user.findMany().prepare(),
findById: db.query.user
.findFirst({ where: eq(user.id, sql.placeholder('id')) })
.prepare(),
};
}
export class UserService {
#statements: ReturnType<typeof createPreparedStatement>;
constructor(db: DBType) {
this.#statements = createPreparedStatement(db);
}
async getAll() {
return this.#statements.findAll.all();
}
async get(id: ID) {
return this.#statements.findById.all({ id });
}
}

4
src/server/database/repositories/user/types.ts
View File

@ -0,0 +1,4 @@
import type { InferSelectModel } from 'drizzle-orm';
import type { user } from './schema';
export type UserType = InferSelectModel<typeof user>;

5
src/server/database/schema.ts
View File

@ -5,5 +5,8 @@ export * from './repositories/hooks/schema';
export * from './repositories/interface/schema'; export * from './repositories/interface/schema';
export * from './repositories/metrics/schema'; export * from './repositories/metrics/schema';
export * from './repositories/oneTimeLink/schema'; export * from './repositories/oneTimeLink/schema';
export * from './repositories/userConfig/schema'; export * from './repositories/sessionConfig/schema';
export * from './repositories/user/schema'; export * from './repositories/user/schema';
export * from './repositories/userConfig/schema';
export type ID = number;

13
src/server/database/sqlite.ts
View File

@ -4,6 +4,8 @@ import { createClient } from '@libsql/client';
import * as schema from './schema'; import * as schema from './schema';
import { ClientService } from './repositories/client/service'; import { ClientService } from './repositories/client/service';
import { SessionConfigService } from './repositories/sessionConfig/service';
import { UserService } from './repositories/user/service';
const client = createClient({ url: 'file:/etc/wireguard/wg0.db' }); const client = createClient({ url: 'file:/etc/wireguard/wg0.db' });
const db = drizzle({ client, schema }); const db = drizzle({ client, schema });
@ -14,8 +16,14 @@ export async function connect() {
} }
class DBService { class DBService {
clients = new ClientService(db); clients: ClientService;
constructor(private db: DBType) {} sessionConfig: SessionConfigService;
users: UserService;
constructor(db: DBType) {
this.clients = new ClientService(db);
this.sessionConfig = new SessionConfigService(db);
this.users = new UserService(db);
}
} }
export type DBType = typeof db; export type DBType = typeof db;
@ -27,6 +35,7 @@ async function migrate() {
await drizzleMigrate(db, { await drizzleMigrate(db, {
migrationsFolder: './server/database/migrations', migrationsFolder: './server/database/migrations',
}); });
// TODO: data migration
console.log('Migration complete'); console.log('Migration complete');
} catch (e) { } catch (e) {
if (e instanceof Error) { if (e instanceof Error) {

1
src/server/utils/Database.ts
View File

@ -18,6 +18,7 @@ let provider = nullObject as never as DBServiceType;
connect().then((db) => { connect().then((db) => {
provider = db; provider = db;
// TODO: start wireguard
}); });
// TODO: check if old config exists and tell user about migration path // TODO: check if old config exists and tell user about migration path

7
src/server/utils/WireGuard.ts
View File

@ -4,10 +4,7 @@ import QRCode from 'qrcode';
import CRC32 from 'crc-32'; import CRC32 from 'crc-32';
import isCidr from 'is-cidr'; import isCidr from 'is-cidr';
import type { import type { UpdateClient } from '~~/services/database/repositories/client';
CreateClient,
UpdateClient,
} from '~~/services/database/repositories/client';
const DEBUG = debug('WireGuard'); const DEBUG = debug('WireGuard');
@ -24,7 +21,7 @@ class WireGuard {
* Generates and saves WireGuard config from database as wg0 * Generates and saves WireGuard config from database as wg0
*/ */
async #saveWireguardConfig() { async #saveWireguardConfig() {
const system = await Database.system.get(); const system = await Database.get();
const clients = await Database.client.findAll(); const clients = await Database.client.findAll();
const result = []; const result = [];
result.push(wg.generateServerInterface(system)); result.push(wg.generateServerInterface(system));

101
src/server/utils/handler.ts
View File

@ -0,0 +1,101 @@
import type {
EventHandler,
EventHandlerRequest,
EventHandlerResponse,
H3Event,
} from 'h3';
import type { UserType } from '#db/repositories/user/types';
export const definePermissionEventHandler = <
TReq extends EventHandlerRequest,
TRes extends EventHandlerResponse,
>(
handler: EventHandler<TReq, TRes>
) => {
return defineEventHandler(async (event) => {
const user = await getCurrentUser(event);
checkPermissions('', user);
return await handler(event);
});
};
function checkPermissions(permission: unknown, user: UserType) {
console.log({ permission, user });
}
/**
* @throws
*/
async function getCurrentUser(event: H3Event) {
const session = await getWGSession(event);
const authorization = getHeader(event, 'Authorization');
let user: UserType | undefined = undefined;
if (session.data.userId) {
// Handle if authenticating using Session
user = await Database.users.get(session.data.userId);
} else if (authorization) {
// Handle if authenticating using Header
const [method, value] = authorization.split(' ');
// Support Basic Authentication
// TODO: support personal access token or similar
if (method !== 'Basic' || !value) {
throw createError({
statusCode: 401,
statusMessage: 'Session failed',
});
}
const basicValue = Buffer.from(value, 'base64').toString('utf-8');
// Split by first ":"
const index = basicValue.indexOf(':');
const userId = basicValue.substring(0, index);
const password = basicValue.substring(index + 1);
if (!userId || !password) {
throw createError({
statusCode: 401,
statusMessage: 'Session failed',
});
}
const foundUser = await Database.users.get(Number.parseInt(userId));
if (!foundUser) {
throw createError({
statusCode: 401,
statusMessage: 'Session failed',
});
}
const userHashPassword = foundUser.password;
const passwordValid = await isPasswordValid(password, userHashPassword);
if (!passwordValid) {
throw createError({
statusCode: 401,
statusMessage: 'Incorrect Password',
});
}
user = foundUser;
}
if (!user) {
throw createError({
statusCode: 401,
statusMessage: 'Session failed. User not found',
});
}
if (!user.enabled) {
throw createError({
statusCode: 403,
statusMessage: 'User is disabled',
});
}
return user;
}

22
src/server/utils/session.ts
View File

@ -1,10 +1,26 @@
import type { H3Event } from 'h3'; import type { H3Event } from 'h3';
import type { ID } from '#db/schema';
export type WGSession = Partial<{ export type WGSession = Partial<{
userId: string; userId: ID;
}>; }>;
const name = 'wg-easy';
export async function useWGSession(event: H3Event) { export async function useWGSession(event: H3Event) {
const system = await Database.system.get(); const sessionConfig = await Database.sessionConfig.get();
return useSession<WGSession>(event, system.sessionConfig); return useSession<WGSession>(event, {
password: sessionConfig.password,
name,
cookie: {},
});
}
export async function getWGSession(event: H3Event) {
const sessionConfig = await Database.sessionConfig.get();
return getSession<WGSession>(event, {
password: sessionConfig.password,
name,
cookie: {},
});
} }

Write Preview
Loading…
Cancel
Save