Commit 90531140 authored by Girish Ramakrishnan's avatar Girish Ramakrishnan

Match legacy keys in the CN

parent 843c6c01
......@@ -25,6 +25,9 @@ const DATA_DIR = process.env.CLOUDRON ? '/app/data/' : path.join(__dirname, '../
const ADMIN_TOKEN = fs.readFileSync(path.join(RUN_DIR, 'admin-token'), 'utf8')
// legacy keys had username:devicename. new keys have username/devicename
const CN_REGEXP = /^([A-Za-z0-9.]+)(?:\/|:)([A-Za-z0-9\-_]+)$/
const baseDir = '/app/code/easyrsa'
const keyDir = path.join(DATA_DIR, 'keys')
const hostsDir = path.join(RUN_DIR, '/dnsmasq/hosts')
......@@ -171,7 +174,7 @@ const createKey = (req, res, next) => {
return spawnFile({
tag: 'createUserKey',
file: path.join(baseDir, 'pkitool'),
args: [ path.join(keyDir, `${cleanUserName(req.session.user.username)}/${deviceName}`) ]
args: [ `${cleanUserName(req.session.user.username)}/${deviceName}` ]
})
.then(() => res.status(201).send({created: deviceName}))
})
......@@ -263,7 +266,7 @@ const revokeKey = (req, res, next) => {
return spawnFile({
tag: 'revokeUserKey',
file: path.join(baseDir, 'revoke-full'),
args: [ path.join(keyDir, `${cleanUserName(req.session.user.username)}/${deviceName}`) ],
args: [ `${cleanUserName(req.session.user.username)}/${deviceName}` ],
wantedCode: 2
})
.then(() => rm(path.join(keyDir, `${cleanUserName(req.session.user.username)}/${deviceName}.key`)))
......@@ -281,7 +284,7 @@ const onClientConnect = (req, res, next) => {
if (token !== ADMIN_TOKEN) return next(new HttpError(401, 'Unauthorized'))
if (!cn || !remoteIp || !vpnIp) return next(new HttpError(400, 'Invalid Request'))
const match = /^.*\/([A-Za-z0-9.]+)\/([A-Za-z0-9\-_]+)$/.exec(cn) // cn is the full path of the key that matched
const match = CN_REGEXP.exec(cn) // cn is the full path of the key that matched
if (!match) return next(new HttpError(400, `Invalid CN: ${cn}`))
const [, user, deviceName] = match
......@@ -306,7 +309,7 @@ const onClientDisconnect = (req, res, next) => {
if (token !== ADMIN_TOKEN) return next(new HttpError(401, 'Unauthorized'))
if (!cn) return next(new HttpError(400, 'Invalid Request'))
const match = /^.*\/([A-Za-z0-9.]+)\/([A-Za-z0-9\-_]+)$/.exec(cn) // cn is the full path of the key that matched
const match = CN_REGEXP.exec(cn) // cn is the full path of the key that matched
if (!match) return next(new HttpError(400, `Invalid CN: ${cn}`))
const [, user, deviceName] = match
......@@ -329,7 +332,7 @@ const onLearnAddress = (req, res, next) => {
if (operation.match(/^(add|update)$/) && !cn) return next(new HttpError(400, 'cn is required'))
if (operation === 'add' || operation === 'update') {
const match = /^.*\/([A-Za-z0-9.]+)\/([A-Za-z0-9\-_]+)$/.exec(cn) // cn is the full path of the key that matched
const match = CN_REGEXP.exec(cn) // cn is the full path of the key that matched
if (!match) return next(new HttpError(400, `Invalid CN: ${cn}`))
const [, user, deviceName] = match
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment