Commit 90531140 authored by Girish Ramakrishnan's avatar Girish Ramakrishnan

Match legacy keys in the CN

parent 843c6c01
...@@ -25,6 +25,9 @@ const DATA_DIR = process.env.CLOUDRON ? '/app/data/' : path.join(__dirname, '../ ...@@ -25,6 +25,9 @@ const DATA_DIR = process.env.CLOUDRON ? '/app/data/' : path.join(__dirname, '../
const ADMIN_TOKEN = fs.readFileSync(path.join(RUN_DIR, 'admin-token'), 'utf8') const ADMIN_TOKEN = fs.readFileSync(path.join(RUN_DIR, 'admin-token'), 'utf8')
// legacy keys had username:devicename. new keys have username/devicename
const CN_REGEXP = /^([A-Za-z0-9.]+)(?:\/|:)([A-Za-z0-9\-_]+)$/
const baseDir = '/app/code/easyrsa' const baseDir = '/app/code/easyrsa'
const keyDir = path.join(DATA_DIR, 'keys') const keyDir = path.join(DATA_DIR, 'keys')
const hostsDir = path.join(RUN_DIR, '/dnsmasq/hosts') const hostsDir = path.join(RUN_DIR, '/dnsmasq/hosts')
...@@ -171,7 +174,7 @@ const createKey = (req, res, next) => { ...@@ -171,7 +174,7 @@ const createKey = (req, res, next) => {
return spawnFile({ return spawnFile({
tag: 'createUserKey', tag: 'createUserKey',
file: path.join(baseDir, 'pkitool'), file: path.join(baseDir, 'pkitool'),
args: [ path.join(keyDir, `${cleanUserName(req.session.user.username)}/${deviceName}`) ] args: [ `${cleanUserName(req.session.user.username)}/${deviceName}` ]
}) })
.then(() => res.status(201).send({created: deviceName})) .then(() => res.status(201).send({created: deviceName}))
}) })
...@@ -263,7 +266,7 @@ const revokeKey = (req, res, next) => { ...@@ -263,7 +266,7 @@ const revokeKey = (req, res, next) => {
return spawnFile({ return spawnFile({
tag: 'revokeUserKey', tag: 'revokeUserKey',
file: path.join(baseDir, 'revoke-full'), file: path.join(baseDir, 'revoke-full'),
args: [ path.join(keyDir, `${cleanUserName(req.session.user.username)}/${deviceName}`) ], args: [ `${cleanUserName(req.session.user.username)}/${deviceName}` ],
wantedCode: 2 wantedCode: 2
}) })
.then(() => rm(path.join(keyDir, `${cleanUserName(req.session.user.username)}/${deviceName}.key`))) .then(() => rm(path.join(keyDir, `${cleanUserName(req.session.user.username)}/${deviceName}.key`)))
...@@ -281,7 +284,7 @@ const onClientConnect = (req, res, next) => { ...@@ -281,7 +284,7 @@ const onClientConnect = (req, res, next) => {
if (token !== ADMIN_TOKEN) return next(new HttpError(401, 'Unauthorized')) if (token !== ADMIN_TOKEN) return next(new HttpError(401, 'Unauthorized'))
if (!cn || !remoteIp || !vpnIp) return next(new HttpError(400, 'Invalid Request')) if (!cn || !remoteIp || !vpnIp) return next(new HttpError(400, 'Invalid Request'))
const match = /^.*\/([A-Za-z0-9.]+)\/([A-Za-z0-9\-_]+)$/.exec(cn) // cn is the full path of the key that matched const match = CN_REGEXP.exec(cn) // cn is the full path of the key that matched
if (!match) return next(new HttpError(400, `Invalid CN: ${cn}`)) if (!match) return next(new HttpError(400, `Invalid CN: ${cn}`))
const [, user, deviceName] = match const [, user, deviceName] = match
...@@ -306,7 +309,7 @@ const onClientDisconnect = (req, res, next) => { ...@@ -306,7 +309,7 @@ const onClientDisconnect = (req, res, next) => {
if (token !== ADMIN_TOKEN) return next(new HttpError(401, 'Unauthorized')) if (token !== ADMIN_TOKEN) return next(new HttpError(401, 'Unauthorized'))
if (!cn) return next(new HttpError(400, 'Invalid Request')) if (!cn) return next(new HttpError(400, 'Invalid Request'))
const match = /^.*\/([A-Za-z0-9.]+)\/([A-Za-z0-9\-_]+)$/.exec(cn) // cn is the full path of the key that matched const match = CN_REGEXP.exec(cn) // cn is the full path of the key that matched
if (!match) return next(new HttpError(400, `Invalid CN: ${cn}`)) if (!match) return next(new HttpError(400, `Invalid CN: ${cn}`))
const [, user, deviceName] = match const [, user, deviceName] = match
...@@ -329,7 +332,7 @@ const onLearnAddress = (req, res, next) => { ...@@ -329,7 +332,7 @@ const onLearnAddress = (req, res, next) => {
if (operation.match(/^(add|update)$/) && !cn) return next(new HttpError(400, 'cn is required')) if (operation.match(/^(add|update)$/) && !cn) return next(new HttpError(400, 'cn is required'))
if (operation === 'add' || operation === 'update') { if (operation === 'add' || operation === 'update') {
const match = /^.*\/([A-Za-z0-9.]+)\/([A-Za-z0-9\-_]+)$/.exec(cn) // cn is the full path of the key that matched const match = CN_REGEXP.exec(cn) // cn is the full path of the key that matched
if (!match) return next(new HttpError(400, `Invalid CN: ${cn}`)) if (!match) return next(new HttpError(400, `Invalid CN: ${cn}`))
const [, user, deviceName] = match const [, user, deviceName] = match
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment