wip: create/update/...

2025-12-14 10:36:18 +00:00 · 2020-11-09 11:06:02 +01:00
parent a617cb1059
commit 5a933f20c9
8 changed files with 391 additions and 160 deletions
--- a/internal/server/helper.go
+++ b/internal/server/helper.go
@@ -0,0 +1,149 @@
+package server
+
+import (
+	"crypto/md5"
+	"errors"
+	"fmt"
+	"time"
+
+	"github.com/h44z/wg-portal/internal/common"
+
+	"golang.zx2c4.com/wireguard/wgctrl/wgtypes"
+)
+
+func (s *Server) PrepareNewUser() (User, error) {
+	device := s.users.GetDevice()
+
+	user := User{}
+	user.IsNew = true
+	user.AllowedIPsStr = device.AllowedIPsStr
+	user.IPs = make([]string, len(device.IPs))
+	for i := range device.IPs {
+		freeIP, err := s.users.GetAvailableIp(device.IPs[i])
+		if err != nil {
+			return User{}, err
+		}
+		user.IPs[i] = freeIP
+	}
+	user.IPsStr = common.ListToString(user.IPs)
+	psk, err := wgtypes.GenerateKey()
+	if err != nil {
+		return User{}, err
+	}
+	key, err := wgtypes.GeneratePrivateKey()
+	if err != nil {
+		return User{}, err
+	}
+	user.PresharedKey = psk.String()
+	user.PrivateKey = key.String()
+	user.PublicKey = key.PublicKey().String()
+	user.UID = fmt.Sprintf("u%x", md5.Sum([]byte(user.PublicKey)))
+
+	return user, nil
+}
+
+func (s *Server) CreateUserByEmail(email, identifierSuffix string, disabled bool) error {
+	ldapUser := s.ldapUsers.GetUserData(s.ldapUsers.GetUserDNByMail(email))
+	if ldapUser.DN == "" {
+		return errors.New("no user with email " + email + " found")
+	}
+
+	device := s.users.GetDevice()
+	user := User{}
+	user.AllowedIPsStr = device.AllowedIPsStr
+	user.IPsStr = "" // TODO: add a valid ip here
+	psk, err := wgtypes.GenerateKey()
+	if err != nil {
+		return err
+	}
+	key, err := wgtypes.GeneratePrivateKey()
+	if err != nil {
+		return err
+	}
+	user.PresharedKey = psk.String()
+	user.PrivateKey = key.String()
+	user.PublicKey = key.PublicKey().String()
+	user.UID = fmt.Sprintf("u%x", md5.Sum([]byte(user.PublicKey)))
+	user.Email = email
+	user.Identifier = fmt.Sprintf("%s %s (%s)", ldapUser.Firstname, ldapUser.Lastname, identifierSuffix)
+	now := time.Now()
+	if disabled {
+		user.DeactivatedAt = &now
+	}
+
+	return s.CreateUser(user)
+}
+
+func (s *Server) CreateUser(user User) error {
+
+	device := s.users.GetDevice()
+	user.AllowedIPsStr = device.AllowedIPsStr
+	user.IPsStr = ""           // TODO: add a valid ip here
+	if user.PrivateKey == "" { // if private key is empty create a new one
+		psk, err := wgtypes.GenerateKey()
+		if err != nil {
+			return err
+		}
+		key, err := wgtypes.GeneratePrivateKey()
+		if err != nil {
+			return err
+		}
+		user.PresharedKey = psk.String()
+		user.PrivateKey = key.String()
+		user.PublicKey = key.PublicKey().String()
+	}
+	user.UID = fmt.Sprintf("u%x", md5.Sum([]byte(user.PublicKey)))
+
+	// Create wireguard interface
+	if user.DeactivatedAt == nil {
+		if err := s.wg.AddPeer(user.GetPeerConfig()); err != nil {
+			return err
+		}
+	}
+
+	// Create in database
+	if err := s.users.CreateUser(user); err != nil {
+		return err
+	}
+
+	return nil
+}
+
+func (s *Server) UpdateUser(user User, updateTime time.Time) error {
+	currentUser := s.users.GetUserByKey(user.PublicKey)
+
+	// Update WireGuard device
+	var err error
+	switch {
+	case user.DeactivatedAt == &updateTime:
+		err = s.wg.RemovePeer(user.PublicKey)
+	case user.DeactivatedAt == nil && currentUser.Peer != nil:
+		err = s.wg.UpdatePeer(user.GetPeerConfig())
+	case user.DeactivatedAt == nil && currentUser.Peer == nil:
+		err = s.wg.AddPeer(user.GetPeerConfig())
+	}
+	if err != nil {
+		return err
+	}
+
+	// Update in database
+	if err := s.users.UpdateUser(user); err != nil {
+		return err
+	}
+
+	return nil
+}
+
+func (s *Server) DeleteUser(user User) error {
+	// Delete WireGuard peer
+	if err := s.wg.RemovePeer(user.PublicKey); err != nil {
+		return err
+	}
+
+	// Delete in database
+	if err := s.users.DeleteUser(user); err != nil {
+		return err
+	}
+
+	return nil
+}