480 lines
13 KiB
Go
480 lines
13 KiB
Go
package web
|
|
|
|
import (
|
|
"html/template"
|
|
"io/fs"
|
|
"log"
|
|
"net"
|
|
"net/http"
|
|
"strconv"
|
|
"strings"
|
|
"time"
|
|
|
|
"infinite-noodle/internal/assets"
|
|
"infinite-noodle/internal/noodle"
|
|
)
|
|
|
|
func StaticFiles() fs.FS {
|
|
return assets.FS
|
|
}
|
|
|
|
type indexPageData struct {
|
|
Username string
|
|
Role string
|
|
ClientIP string
|
|
Noodles []noodle.Noodle
|
|
}
|
|
|
|
type userConfigPageData struct {
|
|
Username string
|
|
Role string
|
|
Users []noodle.User
|
|
Error string
|
|
}
|
|
|
|
func HandleMain(db *noodle.Database, pc *chan noodle.Noodle, auth *Auth) func(w http.ResponseWriter, req *http.Request) {
|
|
tmpl, err := template.ParseFS(assets.FS, "templates/*.html")
|
|
if err != nil {
|
|
log.Fatalf("Error parsing templates: %v", err)
|
|
}
|
|
return func(w http.ResponseWriter, req *http.Request) {
|
|
currentUser, _ := auth.CurrentUser(req)
|
|
data := indexPageData{
|
|
Username: currentUser.Username,
|
|
Role: currentUser.Role,
|
|
ClientIP: clientIPFromRequest(req),
|
|
Noodles: db.GetAll(),
|
|
}
|
|
if err := tmpl.ExecuteTemplate(w, "index.html", data); err != nil {
|
|
http.Error(w, err.Error(), http.StatusInternalServerError)
|
|
}
|
|
}
|
|
}
|
|
|
|
func HandleUsers(auth *Auth, db *noodle.Database) func(w http.ResponseWriter, req *http.Request) {
|
|
tmpl, err := template.ParseFS(assets.FS, "templates/*.html")
|
|
if err != nil {
|
|
log.Fatalf("Error parsing templates: %v", err)
|
|
}
|
|
|
|
return func(w http.ResponseWriter, req *http.Request) {
|
|
currentUser, _ := auth.CurrentUser(req)
|
|
data := userConfigPageData{
|
|
Username: currentUser.Username,
|
|
Role: currentUser.Role,
|
|
}
|
|
if currentUser.Role == noodle.UserRoleAdmin {
|
|
data.Users = db.GetAllUsers()
|
|
}
|
|
if err := tmpl.ExecuteTemplate(w, "users.html", data); err != nil {
|
|
http.Error(w, err.Error(), http.StatusInternalServerError)
|
|
}
|
|
}
|
|
}
|
|
|
|
func HandleAddUser(auth *Auth, db *noodle.Database) func(w http.ResponseWriter, req *http.Request) {
|
|
tmpl, err := template.ParseFS(assets.FS, "templates/*.html")
|
|
if err != nil {
|
|
log.Fatalf("Error parsing templates: %v", err)
|
|
}
|
|
|
|
return func(w http.ResponseWriter, req *http.Request) {
|
|
currentUser, _ := auth.CurrentUser(req)
|
|
if req.Method != http.MethodPost {
|
|
http.Error(w, "", http.StatusMethodNotAllowed)
|
|
return
|
|
}
|
|
|
|
if err := req.ParseForm(); err != nil {
|
|
http.Error(w, err.Error(), http.StatusBadRequest)
|
|
return
|
|
}
|
|
|
|
username := strings.TrimSpace(req.FormValue("username"))
|
|
password := req.FormValue("password")
|
|
role := normalizeUserRole(req.FormValue("role"))
|
|
if username == "" || password == "" {
|
|
renderUsersPage(w, tmpl, db, currentUser, "username and password are required", http.StatusBadRequest)
|
|
return
|
|
}
|
|
if role == "" {
|
|
renderUsersPage(w, tmpl, db, currentUser, "invalid user role", http.StatusBadRequest)
|
|
return
|
|
}
|
|
|
|
user := noodle.User{
|
|
Id: db.MakeID(),
|
|
Username: username,
|
|
Role: role,
|
|
PasswordHash: HashPassword(password),
|
|
CreatedAt: time.Now().UTC(),
|
|
}
|
|
if err := db.AddUser(user); err != nil {
|
|
renderUsersPage(w, tmpl, db, currentUser, err.Error(), http.StatusBadRequest)
|
|
return
|
|
}
|
|
|
|
http.Redirect(w, req, "/users", http.StatusSeeOther)
|
|
}
|
|
}
|
|
|
|
func HandleSetUserRole(auth *Auth, db *noodle.Database) func(w http.ResponseWriter, req *http.Request) {
|
|
tmpl, err := template.ParseFS(assets.FS, "templates/*.html")
|
|
if err != nil {
|
|
log.Fatalf("Error parsing templates: %v", err)
|
|
}
|
|
|
|
return func(w http.ResponseWriter, req *http.Request) {
|
|
currentUser, _ := auth.CurrentUser(req)
|
|
if req.Method != http.MethodPost {
|
|
http.Error(w, "", http.StatusMethodNotAllowed)
|
|
return
|
|
}
|
|
|
|
if err := req.ParseForm(); err != nil {
|
|
http.Error(w, err.Error(), http.StatusBadRequest)
|
|
return
|
|
}
|
|
|
|
username := strings.TrimSpace(req.FormValue("username"))
|
|
role := normalizeUserRole(req.FormValue("role"))
|
|
if username == "" {
|
|
renderUsersPage(w, tmpl, db, currentUser, "username is required", http.StatusBadRequest)
|
|
return
|
|
}
|
|
if role == "" {
|
|
renderUsersPage(w, tmpl, db, currentUser, "invalid user role", http.StatusBadRequest)
|
|
return
|
|
}
|
|
|
|
if _, err := db.SetUserRole(username, role); err != nil {
|
|
renderUsersPage(w, tmpl, db, currentUser, err.Error(), http.StatusBadRequest)
|
|
return
|
|
}
|
|
|
|
http.Redirect(w, req, "/users", http.StatusSeeOther)
|
|
}
|
|
}
|
|
|
|
func HandleChangePassword(auth *Auth, db *noodle.Database) func(w http.ResponseWriter, req *http.Request) {
|
|
tmpl, err := template.ParseFS(assets.FS, "templates/*.html")
|
|
if err != nil {
|
|
log.Fatalf("Error parsing templates: %v", err)
|
|
}
|
|
|
|
return func(w http.ResponseWriter, req *http.Request) {
|
|
currentUser, _ := auth.CurrentUser(req)
|
|
if req.Method != http.MethodPost {
|
|
http.Error(w, "", http.StatusMethodNotAllowed)
|
|
return
|
|
}
|
|
|
|
if err := req.ParseForm(); err != nil {
|
|
http.Error(w, err.Error(), http.StatusBadRequest)
|
|
return
|
|
}
|
|
|
|
targetUsername := strings.TrimSpace(req.FormValue("username"))
|
|
password := req.FormValue("password")
|
|
confirmPassword := req.FormValue("confirm_password")
|
|
if targetUsername == "" || password == "" {
|
|
renderUsersPage(w, tmpl, db, currentUser, "username and password are required", http.StatusBadRequest)
|
|
return
|
|
}
|
|
if confirmPassword != "" && password != confirmPassword {
|
|
renderUsersPage(w, tmpl, db, currentUser, "password confirmation does not match", http.StatusBadRequest)
|
|
return
|
|
}
|
|
if currentUser.Role != noodle.UserRoleAdmin && targetUsername != currentUser.Username {
|
|
http.Error(w, "cannot change another user's password", http.StatusForbidden)
|
|
return
|
|
}
|
|
|
|
if _, err := db.SetUserPassword(targetUsername, HashPassword(password)); err != nil {
|
|
renderUsersPage(w, tmpl, db, currentUser, err.Error(), http.StatusBadRequest)
|
|
return
|
|
}
|
|
|
|
http.Redirect(w, req, "/users", http.StatusSeeOther)
|
|
}
|
|
}
|
|
|
|
func HandleDeleteUser(auth *Auth, db *noodle.Database) func(w http.ResponseWriter, req *http.Request) {
|
|
tmpl, err := template.ParseFS(assets.FS, "templates/*.html")
|
|
if err != nil {
|
|
log.Fatalf("Error parsing templates: %v", err)
|
|
}
|
|
|
|
return func(w http.ResponseWriter, req *http.Request) {
|
|
currentUser, _ := auth.CurrentUser(req)
|
|
if req.Method != http.MethodPost {
|
|
http.Error(w, "", http.StatusMethodNotAllowed)
|
|
return
|
|
}
|
|
if currentUser.Role != noodle.UserRoleAdmin {
|
|
http.Error(w, "admin access required", http.StatusForbidden)
|
|
return
|
|
}
|
|
|
|
if err := req.ParseForm(); err != nil {
|
|
http.Error(w, err.Error(), http.StatusBadRequest)
|
|
return
|
|
}
|
|
|
|
username := strings.TrimSpace(req.FormValue("username"))
|
|
if username == "" {
|
|
renderUsersPage(w, tmpl, db, currentUser, "username is required", http.StatusBadRequest)
|
|
return
|
|
}
|
|
|
|
if _, err := db.DeleteUser(username); err != nil {
|
|
renderUsersPage(w, tmpl, db, currentUser, err.Error(), http.StatusBadRequest)
|
|
return
|
|
}
|
|
|
|
if username == currentUser.Username {
|
|
auth.ClearSession(w)
|
|
http.Redirect(w, req, "/login", http.StatusSeeOther)
|
|
return
|
|
}
|
|
|
|
http.Redirect(w, req, "/users", http.StatusSeeOther)
|
|
}
|
|
}
|
|
|
|
func HandleDelete(db *noodle.Database, pc *chan noodle.Noodle) func(w http.ResponseWriter, req *http.Request) {
|
|
return func(w http.ResponseWriter, req *http.Request) {
|
|
if req.Method != http.MethodPost {
|
|
http.Error(w, "", http.StatusMethodNotAllowed)
|
|
return
|
|
}
|
|
|
|
if err := req.ParseForm(); err != nil {
|
|
http.Error(w, err.Error(), http.StatusBadRequest)
|
|
return
|
|
}
|
|
|
|
id := strings.TrimSpace(req.FormValue("id"))
|
|
if id == "" {
|
|
http.Error(w, "missing noodle id", http.StatusBadRequest)
|
|
return
|
|
}
|
|
|
|
item, err := db.DeleteByID(id)
|
|
if err != nil {
|
|
http.Error(w, "noodle not found", http.StatusNotFound)
|
|
return
|
|
}
|
|
item.IsUp = false
|
|
*pc <- item
|
|
log.Printf("Deleting noodle=%v", item)
|
|
|
|
http.Redirect(w, req, "/", http.StatusTemporaryRedirect)
|
|
}
|
|
}
|
|
|
|
func HandleAdd(db *noodle.Database, pc *chan noodle.Noodle, auth *Auth) func(w http.ResponseWriter, req *http.Request) {
|
|
return func(w http.ResponseWriter, req *http.Request) {
|
|
currentUser, _ := auth.CurrentUser(req)
|
|
if req.Method != http.MethodPost {
|
|
http.Error(w, "", http.StatusMethodNotAllowed)
|
|
return
|
|
}
|
|
|
|
if err := req.ParseForm(); err != nil {
|
|
http.Error(w, err.Error(), http.StatusBadRequest)
|
|
return
|
|
}
|
|
|
|
listenPort, err := strconv.Atoi(strings.TrimSpace(req.FormValue("listen_port")))
|
|
if err != nil {
|
|
http.Error(w, "invalid listen port", http.StatusBadRequest)
|
|
return
|
|
}
|
|
if !isValidPort(listenPort) {
|
|
http.Error(w, "listen port must be between 1 and 65535", http.StatusBadRequest)
|
|
return
|
|
}
|
|
|
|
destPort, err := strconv.Atoi(strings.TrimSpace(req.FormValue("dest_port")))
|
|
if err != nil {
|
|
http.Error(w, "invalid destination port", http.StatusBadRequest)
|
|
return
|
|
}
|
|
if !isValidPort(destPort) {
|
|
http.Error(w, "destination port must be between 1 and 65535", http.StatusBadRequest)
|
|
return
|
|
}
|
|
|
|
expiration, err := time.ParseDuration(strings.TrimSpace(req.FormValue("expiration")))
|
|
if err != nil {
|
|
http.Error(w, "invalid expiration duration", http.StatusBadRequest)
|
|
return
|
|
}
|
|
|
|
proto := strings.ToUpper(strings.TrimSpace(req.FormValue("proto")))
|
|
if proto != "TCP" && proto != "UDP" {
|
|
http.Error(w, "invalid protocol", http.StatusBadRequest)
|
|
return
|
|
}
|
|
|
|
src, err := normalizeSourceList(req.FormValue("src"))
|
|
if err != nil {
|
|
http.Error(w, "invalid source restriction", http.StatusBadRequest)
|
|
return
|
|
}
|
|
|
|
destHost := strings.TrimSpace(req.FormValue("dest_host"))
|
|
if destHost == "" {
|
|
http.Error(w, "destination host is required", http.StatusBadRequest)
|
|
return
|
|
}
|
|
|
|
item := noodle.Noodle{
|
|
Id: db.MakeID(),
|
|
Name: strings.TrimSpace(req.FormValue("name")),
|
|
Proto: proto,
|
|
Src: src,
|
|
ListenPort: listenPort,
|
|
DestPort: destPort,
|
|
DestHost: destHost,
|
|
Expiration: expiration,
|
|
IsUp: true,
|
|
CreatedBy: currentUser.Username,
|
|
}
|
|
if err := db.Add(item); err != nil {
|
|
http.Error(w, err.Error(), http.StatusInternalServerError)
|
|
return
|
|
}
|
|
*pc <- item
|
|
|
|
http.Redirect(w, req, "/", http.StatusTemporaryRedirect)
|
|
}
|
|
}
|
|
|
|
func HandleToggle(db *noodle.Database, pc *chan noodle.Noodle) func(w http.ResponseWriter, req *http.Request) {
|
|
return func(w http.ResponseWriter, req *http.Request) {
|
|
if req.Method != http.MethodPost {
|
|
http.Error(w, "", http.StatusMethodNotAllowed)
|
|
return
|
|
}
|
|
|
|
if err := req.ParseForm(); err != nil {
|
|
http.Error(w, err.Error(), http.StatusBadRequest)
|
|
return
|
|
}
|
|
|
|
id := strings.TrimSpace(req.FormValue("id"))
|
|
if id == "" {
|
|
http.Error(w, "missing noodle id", http.StatusBadRequest)
|
|
return
|
|
}
|
|
|
|
item, err := db.SetIsUp(id, req.FormValue("is_up") == "on")
|
|
if err != nil {
|
|
http.Error(w, "noodle not found", http.StatusNotFound)
|
|
return
|
|
}
|
|
*pc <- item
|
|
|
|
http.Redirect(w, req, "/", http.StatusTemporaryRedirect)
|
|
}
|
|
}
|
|
|
|
func clientIPFromRequest(req *http.Request) string {
|
|
forwardedFor := strings.TrimSpace(req.Header.Get("X-Forwarded-For"))
|
|
if forwardedFor != "" {
|
|
parts := strings.Split(forwardedFor, ",")
|
|
ip := strings.TrimSpace(parts[0])
|
|
if parsed := net.ParseIP(ip); parsed != nil {
|
|
return parsed.String()
|
|
}
|
|
}
|
|
|
|
realIP := strings.TrimSpace(req.Header.Get("X-Real-Ip"))
|
|
if realIP != "" {
|
|
if parsed := net.ParseIP(realIP); parsed != nil {
|
|
return parsed.String()
|
|
}
|
|
}
|
|
|
|
host, _, err := net.SplitHostPort(strings.TrimSpace(req.RemoteAddr))
|
|
if err == nil {
|
|
if parsed := net.ParseIP(host); parsed != nil {
|
|
return parsed.String()
|
|
}
|
|
}
|
|
|
|
if parsed := net.ParseIP(strings.TrimSpace(req.RemoteAddr)); parsed != nil {
|
|
return parsed.String()
|
|
}
|
|
|
|
return "127.0.0.1"
|
|
}
|
|
|
|
func isValidPort(port int) bool {
|
|
return port >= 1 && port <= 65535
|
|
}
|
|
|
|
func normalizeSourceList(raw string) (string, error) {
|
|
raw = strings.TrimSpace(raw)
|
|
if raw == "" {
|
|
return "", nil
|
|
}
|
|
if strings.EqualFold(raw, "All") {
|
|
return "All", nil
|
|
}
|
|
|
|
parts := strings.Split(raw, ",")
|
|
normalized := make([]string, 0, len(parts))
|
|
for _, part := range parts {
|
|
entry := strings.TrimSpace(part)
|
|
if entry == "" {
|
|
return "", net.InvalidAddrError("empty source")
|
|
}
|
|
|
|
if strings.Contains(entry, "/") {
|
|
_, network, err := net.ParseCIDR(entry)
|
|
if err != nil {
|
|
return "", err
|
|
}
|
|
normalized = append(normalized, network.String())
|
|
continue
|
|
}
|
|
|
|
parsed := net.ParseIP(entry)
|
|
if parsed == nil {
|
|
return "", net.InvalidAddrError(entry)
|
|
}
|
|
normalized = append(normalized, parsed.String())
|
|
}
|
|
|
|
return strings.Join(normalized, ", "), nil
|
|
}
|
|
|
|
func normalizeUserRole(role string) string {
|
|
switch strings.ToLower(strings.TrimSpace(role)) {
|
|
case noodle.UserRoleAdmin:
|
|
return noodle.UserRoleAdmin
|
|
case noodle.UserRoleRegular:
|
|
return noodle.UserRoleRegular
|
|
default:
|
|
return ""
|
|
}
|
|
}
|
|
|
|
func renderUsersPage(w http.ResponseWriter, tmpl *template.Template, db *noodle.Database, currentUser authUser, message string, status int) {
|
|
w.WriteHeader(status)
|
|
data := userConfigPageData{
|
|
Username: currentUser.Username,
|
|
Role: currentUser.Role,
|
|
Error: message,
|
|
}
|
|
if currentUser.Role == noodle.UserRoleAdmin {
|
|
data.Users = db.GetAllUsers()
|
|
}
|
|
if err := tmpl.ExecuteTemplate(w, "users.html", data); err != nil {
|
|
http.Error(w, err.Error(), http.StatusInternalServerError)
|
|
}
|
|
}
|