3 files changed, 117 insertions, 6 deletions
diff --git a/web/config.go b/web/config.go
index 2479e38..acdc4bf 100644
--- a/web/config.go
+++ b/web/config.go
@@ -1,6 +1,7 @@
 package web
 import (
+        "crypto/subtle"
        "encoding/json"
        "io/ioutil"
        "strings"
@@ -10,12 +11,13 @@ import (
 )
 type ServerConfig struct {
-        BindConfig     *bind.BINDConfig
+        BindConfig       *bind.BINDConfig
-        DNSClient      *dns.DNSClient
+        DNSClient        *dns.DNSClient
-        AcmeView       string
+        AcmeView         string
-        DynamicDnsView string
+        DynamicDnsView   string
-        DDNSSecrets    map[string]string         `json:"DDNS"`
+        DDNSSecrets      map[string]string         `json:"DDNS"`
-        AcmeSecrets    map[string]map[string]int `json:"ACME"`
+        AcmeSecrets      map[string]map[string]int `json:"ACME"`
+        DNSManageSecrets map[string]string         `json:"DNS_MANAGE"`
 }
 func LoadServerConfig(zonesFile, secretsFile, server, view string) (*ServerConfig, error) {
@@ -53,6 +55,14 @@ func (s *ServerConfig) AcmeSecretExists(k string) bool {
        return ok
 }
+func (s *ServerConfig) DNSUserAuth(u, p string) bool {
+        cp, ok := s.DNSManageSecrets[u]
+        if !ok {
+                return false
+        }
+        return subtle.ConstantTimeCompare([]byte(p), []byte(cp)) == 1
+}
 func (s *ServerConfig) IsAcmeClientAllowed(key, zone string) bool {
        u, ok := s.AcmeSecrets[key]
        if !ok {
diff --git a/web/controllers/dns_manage.go b/web/controllers/dns_manage.go
new file mode 100644
index 0000000..6db0b13
--- /dev/null
+++ b/web/controllers/dns_manage.go
@@ -0,0 +1,68 @@
+package controllers
+import (
+        "net/http"
+        "github.com/gin-gonic/gin"
+        "github.com/miekg/dns"
+        "code.crute.me/mcrute/go_ddns_manager/bind"
+        "code.crute.me/mcrute/go_ddns_manager/util"
+        "code.crute.me/mcrute/go_ddns_manager/web/middleware"
+)
+func DnsManageRoot(c *gin.Context) {
+        c.IndentedJSON(http.StatusOK, gin.H{
+                "_rels": gin.H{
+                        "zones": util.MakeURL(c.Request, "/dns/zone").String(),
+                        "views": util.MakeURL(c.Request, "/dns/view").String(),
+                },
+        })
+}
+func DnsViews(c *gin.Context) {
+        cfg := middleware.GetServerConfig(c)
+        out := map[string]map[string]string{}
+        for _, v := range cfg.BindConfig.Views() {
+                k := map[string]string{}
+                out[v] = k
+                for _, z := range cfg.BindConfig.ZonesInView(v) {
+                        zn := bind.DeCanonicalize(z.Name)
+                        k[zn] = util.MakeURL(c.Request, "/dns/zone/%s/%s", v, zn).String()
+                }
+        }
+        c.IndentedJSON(http.StatusOK, gin.H{"views": out})
+}
+func DnsZones(c *gin.Context) {
+}
+func DnsZoneDetails(c *gin.Context) {
+        cfg := middleware.GetServerConfig(c)
+        z := cfg.BindConfig.Zone(c.Param("view"), c.Param("name"))
+        if z == nil {
+                c.JSON(http.StatusNotFound, gin.H{
+                        "error": "Zone not found",
+                })
+                return
+        }
+        envs := []*dns.Envelope{}
+        ec, err := cfg.DNSClient.AXFR(z)
+        if err != nil {
+                c.JSON(http.StatusInternalServerError, gin.H{
+                        "error": err.Error(),
+                })
+                return
+        }
+        for e := range ec {
+                envs = append(envs, e)
+        }
+        c.JSON(http.StatusOK, envs)
+}
diff --git a/web/middleware/dns_manage.go b/web/middleware/dns_manage.go
new file mode 100644
index 0000000..d3b420b
--- /dev/null
+++ b/web/middleware/dns_manage.go
@@ -0,0 +1,33 @@
+package middleware
+import (
+        "net/http"
+        "github.com/gin-gonic/gin"
+)
+const dnsUserId = "DNSManageUserID"
+func DnsManageAuthMiddleware(c *gin.Context) {
+        cfg := GetServerConfig(c)
+        user, pwd, ok := c.Request.BasicAuth()
+        if !ok {
+                c.Request.Header.Set("WWW-Authenticate", `Basic realm="closed site"`)
+                c.AbortWithStatus(http.StatusUnauthorized)
+                return
+        }
+        if !cfg.DNSUserAuth(user, pwd) {
+                c.AbortWithStatus(http.StatusForbidden)
+                return
+        } else {
+                c.Set(dnsUserId, user)
+        }
+        c.Next()
+}
+func GetDnsAuthContext(c *gin.Context) string {
+        return c.GetString(dnsUserId)
+}

diff --git a/web/config.go b/web/config.go index 2479e38..acdc4bf 100644 --- a/web/config.go +++ b/web/config.go
@@ -1,6 +1,7 @@
1	package web	1	package web
2		2
3	import (	3	import (
		4	"crypto/subtle"
4	"encoding/json"	5	"encoding/json"
5	"io/ioutil"	6	"io/ioutil"
6	"strings"	7	"strings"
@@ -10,12 +11,13 @@ import (
10	)	11	)
11		12
12	type ServerConfig struct {	13	type ServerConfig struct {
13	BindConfig *bind.BINDConfig	14	BindConfig *bind.BINDConfig
14	DNSClient *dns.DNSClient	15	DNSClient *dns.DNSClient
15	AcmeView string	16	AcmeView string
16	DynamicDnsView string	17	DynamicDnsView string
17	DDNSSecrets map[string]string `json:"DDNS"`	18	DDNSSecrets map[string]string `json:"DDNS"`
18	AcmeSecrets map[string]map[string]int `json:"ACME"`	19	AcmeSecrets map[string]map[string]int `json:"ACME"`
		20	DNSManageSecrets map[string]string `json:"DNS_MANAGE"`
19	}	21	}
20		22
21	func LoadServerConfig(zonesFile, secretsFile, server, view string) (*ServerConfig, error) {	23	func LoadServerConfig(zonesFile, secretsFile, server, view string) (*ServerConfig, error) {
@@ -53,6 +55,14 @@ func (s *ServerConfig) AcmeSecretExists(k string) bool {
53	return ok	55	return ok
54	}	56	}
55		57
		58	func (s *ServerConfig) DNSUserAuth(u, p string) bool {
		59	cp, ok := s.DNSManageSecrets[u]
		60	if !ok {
		61	return false
		62	}
		63	return subtle.ConstantTimeCompare([]byte(p), []byte(cp)) == 1
		64	}
		65
56	func (s *ServerConfig) IsAcmeClientAllowed(key, zone string) bool {	66	func (s *ServerConfig) IsAcmeClientAllowed(key, zone string) bool {
57	u, ok := s.AcmeSecrets[key]	67	u, ok := s.AcmeSecrets[key]
58	if !ok {	68	if !ok {


diff --git a/web/controllers/dns_manage.go b/web/controllers/dns_manage.go new file mode 100644 index 0000000..6db0b13 --- /dev/null +++ b/web/controllers/dns_manage.go
@@ -0,0 +1,68 @@
		1	package controllers
		2
		3	import (
		4	"net/http"
		5
		6	"github.com/gin-gonic/gin"
		7	"github.com/miekg/dns"
		8
		9	"code.crute.me/mcrute/go_ddns_manager/bind"
		10	"code.crute.me/mcrute/go_ddns_manager/util"
		11	"code.crute.me/mcrute/go_ddns_manager/web/middleware"
		12	)
		13
		14	func DnsManageRoot(c *gin.Context) {
		15	c.IndentedJSON(http.StatusOK, gin.H{
		16	"_rels": gin.H{
		17	"zones": util.MakeURL(c.Request, "/dns/zone").String(),
		18	"views": util.MakeURL(c.Request, "/dns/view").String(),
		19	},
		20	})
		21	}
		22
		23	func DnsViews(c *gin.Context) {
		24	cfg := middleware.GetServerConfig(c)
		25	out := map[string]map[string]string{}
		26
		27	for _, v := range cfg.BindConfig.Views() {
		28	k := map[string]string{}
		29	out[v] = k
		30	for _, z := range cfg.BindConfig.ZonesInView(v) {
		31	zn := bind.DeCanonicalize(z.Name)
		32	k[zn] = util.MakeURL(c.Request, "/dns/zone/%s/%s", v, zn).String()
		33	}
		34	}
		35
		36	c.IndentedJSON(http.StatusOK, gin.H{"views": out})
		37	}
		38
		39	func DnsZones(c *gin.Context) {
		40
		41	}
		42
		43	func DnsZoneDetails(c *gin.Context) {
		44	cfg := middleware.GetServerConfig(c)
		45
		46	z := cfg.BindConfig.Zone(c.Param("view"), c.Param("name"))
		47	if z == nil {
		48	c.JSON(http.StatusNotFound, gin.H{
		49	"error": "Zone not found",
		50	})
		51	return
		52	}
		53
		54	envs := []*dns.Envelope{}
		55	ec, err := cfg.DNSClient.AXFR(z)
		56	if err != nil {
		57	c.JSON(http.StatusInternalServerError, gin.H{
		58	"error": err.Error(),
		59	})
		60	return
		61	}
		62
		63	for e := range ec {
		64	envs = append(envs, e)
		65	}
		66
		67	c.JSON(http.StatusOK, envs)
		68	}


diff --git a/web/middleware/dns_manage.go b/web/middleware/dns_manage.go new file mode 100644 index 0000000..d3b420b --- /dev/null +++ b/web/middleware/dns_manage.go
@@ -0,0 +1,33 @@
		1	package middleware
		2
		3	import (
		4	"net/http"
		5
		6	"github.com/gin-gonic/gin"
		7	)
		8
		9	const dnsUserId = "DNSManageUserID"
		10
		11	func DnsManageAuthMiddleware(c *gin.Context) {
		12	cfg := GetServerConfig(c)
		13
		14	user, pwd, ok := c.Request.BasicAuth()
		15	if !ok {
		16	c.Request.Header.Set("WWW-Authenticate", `Basic realm="closed site"`)
		17	c.AbortWithStatus(http.StatusUnauthorized)
		18	return
		19	}
		20
		21	if !cfg.DNSUserAuth(user, pwd) {
		22	c.AbortWithStatus(http.StatusForbidden)
		23	return
		24	} else {
		25	c.Set(dnsUserId, user)
		26	}
		27
		28	c.Next()
		29	}
		30
		31	func GetDnsAuthContext(c *gin.Context) string {
		32	return c.GetString(dnsUserId)
		33	}