public function init(Service $service)
{
$service->get('/disabled_common_names', function (Request $request, array $hookData) {
Utils::requireUser($hookData, ['vpn-admin-portal', 'vpn-user-portal']);
return new ApiResponse('disabled_common_names', $this->commonNames->getDisabled());
});
$service->post('/disable_common_name', function (Request $request, array $hookData) {
Utils::requireUser($hookData, ['vpn-admin-portal', 'vpn-user-portal']);
$commonName = $request->getPostParameter('common_name');
InputValidation::commonName($commonName);
$this->logger->info(sprintf('disabling common_name "%s"', $commonName));
return new ApiResponse('disable_common_name', $this->commonNames->setDisabled($commonName));
});
$service->post('/enable_common_name', function (Request $request, array $hookData) {
Utils::requireUser($hookData, ['vpn-admin-portal']);
$commonName = $request->getPostParameter('common_name');
InputValidation::commonName($commonName);
$this->logger->info(sprintf('enabling common_name "%s"', $commonName));
return new ApiResponse('enable_common_name', $this->commonNames->setEnabled($commonName));
});
}
public function init(Service $service)
{
$service->get('/client_connections', function (Request $request, array $hookData) {
Utils::requireUser($hookData, ['vpn-admin-portal']);
return new ApiResponse('client_connections', $this->serverManager->connections());
});
$service->post('/kill_client', function (Request $request, array $hookData) {
Utils::requireUser($hookData, ['vpn-admin-portal', 'vpn-user-portal']);
$commonName = $request->getPostParameter('common_name');
InputValidation::commonName($commonName);
return new ApiResponse('kill_client', $this->serverManager->kill($commonName));
});
}
public function init(Service $service)
{
// DISABLED
$service->get('/disabled_users', function (Request $request, array $hookData) {
Utils::requireUser($hookData, ['vpn-admin-portal']);
return new ApiResponse('disabled_users', $this->users->getDisabled());
});
$service->get('/is_disabled_user', function (Request $request, array $hookData) {
Utils::requireUser($hookData, ['vpn-admin-portal', 'vpn-user-portal']);
$userId = $request->getQueryParameter('user_id');
InputValidation::userId($userId);
return new ApiResponse('is_disabled_user', $this->users->isDisabled($userId));
});
$service->post('/disable_user', function (Request $request, array $hookData) {
Utils::requireUser($hookData, ['vpn-admin-portal']);
$userId = $request->getPostParameter('user_id');
InputValidation::userId($userId);
$this->logger->info(sprintf('disabling user "%s"', $userId));
return new ApiResponse('disable_user', $this->users->setDisabled($userId));
});
$service->post('/enable_user', function (Request $request, array $hookData) {
Utils::requireUser($hookData, ['vpn-admin-portal']);
$userId = $request->getPostParameter('user_id');
InputValidation::userId($userId);
$this->logger->info(sprintf('enabling user "%s"', $userId));
return new ApiResponse('enable_user', $this->users->setEnabled($userId));
});
// OTP_SECRETS
$service->get('/has_otp_secret', function (Request $request, array $hookData) {
Utils::requireUser($hookData, ['vpn-admin-portal', 'vpn-user-portal']);
$userId = $request->getQueryParameter('user_id');
InputValidation::userId($userId);
return new ApiResponse('has_otp_secret', $this->users->hasOtpSecret($userId));
});
$service->post('/set_otp_secret', function (Request $request, array $hookData) {
Utils::requireUser($hookData, ['vpn-user-portal']);
$userId = $request->getPostParameter('user_id');
InputValidation::userId($userId);
$otpSecret = $request->getPostParameter('otp_secret');
InputValidation::otpSecret($otpSecret);
return new ApiResponse('set_otp_secret', $this->users->setOtpSecret($userId, $otpSecret));
});
$service->post('/delete_otp_secret', function (Request $request, array $hookData) {
Utils::requireUser($hookData, ['vpn-admin-portal']);
$userId = $request->getPostParameter('user_id');
InputValidation::userId($userId);
return new ApiResponse('delete_otp_secret', $this->users->deleteOtpSecret($userId));
});
// VOOT_TOKENS
$service->get('/has_voot_token', function (Request $request, array $hookData) {
Utils::requireUser($hookData, ['vpn-user-portal', 'vpn-admin-portal']);
$userId = $request->getQueryParameter('user_id');
InputValidation::userId($userId);
return new ApiResponse('has_voot_token', $this->users->hasVootToken($userId));
});
$service->post('/set_voot_token', function (Request $request, array $hookData) {
Utils::requireUser($hookData, ['vpn-user-portal']);
$userId = $request->getPostParameter('user_id');
InputValidation::userId($userId);
$vootToken = $request->getPostParameter('voot_token');
InputValidation::vootToken($vootToken);
return new ApiResponse('set_voot_token', $this->users->setVootToken($userId, $vootToken));
});
}
public function init(Service $service)
{
$service->get('/', function (Request $request) {
return new RedirectResponse($request->getRootUri() . 'connections', 302);
});
$service->get('/connections', function () {
// get the fancy profile name
$profileList = $this->serverClient->get('profile_list');
$idNameMapping = [];
foreach ($profileList as $profileId => $profileData) {
$idNameMapping[$profileId] = $profileData['displayName'];
}
return new HtmlResponse($this->tpl->render('vpnConnections', ['idNameMapping' => $idNameMapping, 'connections' => $this->serverClient->get('client_connections')]));
});
$service->get('/info', function () {
return new HtmlResponse($this->tpl->render('vpnInfo', ['profileList' => $this->serverClient->get('profile_list')]));
});
$service->get('/users', function () {
$userList = $this->serverClient->get('user_list');
return new HtmlResponse($this->tpl->render('vpnUserList', ['userList' => $userList]));
});
$service->get('/user', function (Request $request) {
$userId = $request->getQueryParameter('user_id');
InputValidation::userId($userId);
$clientCertificateList = $this->serverClient->get('client_certificate_list', ['user_id' => $userId]);
$userMessages = $this->serverClient->get('user_messages', ['user_id' => $userId]);
return new HtmlResponse($this->tpl->render('vpnUserConfigList', ['userId' => $userId, 'userMessages' => $userMessages, 'clientCertificateList' => $clientCertificateList, 'hasOtpSecret' => $this->serverClient->get('has_totp_secret', ['user_id' => $userId]), 'isDisabled' => $this->serverClient->get('is_disabled_user', ['user_id' => $userId])]));
});
$service->post('/user', function (Request $request) {
$userId = $request->getPostParameter('user_id');
InputValidation::userId($userId);
$userAction = $request->getPostParameter('user_action');
// no need to explicitly validate userAction, as we will have
// switch below with whitelisted acceptable values
switch ($userAction) {
case 'disableUser':
$this->serverClient->post('disable_user', ['user_id' => $userId]);
// kill all active connections for this user
$clientConnections = $this->serverClient->get('client_connections');
foreach ($clientConnections as $profile) {
foreach ($profile['connections'] as $connection) {
if ($connection['user_id'] === $userId) {
$this->serverClient->post('kill_client', ['common_name' => $connection['common_name']]);
}
}
}
break;
case 'enableUser':
$this->serverClient->post('enable_user', ['user_id' => $userId]);
break;
case 'deleteOtpSecret':
$this->serverClient->post('delete_totp_secret', ['user_id' => $userId]);
break;
default:
throw new HttpException('unsupported "user_action"', 400);
}
$returnUrl = sprintf('%susers', $request->getRootUri());
return new RedirectResponse($returnUrl);
});
$service->post('/setCertificateStatus', function (Request $request, array $hookData) {
$commonName = $request->getPostParameter('commonName');
InputValidation::commonName($commonName);
$newState = $request->getPostParameter('newState');
if ('enable' === $newState) {
$this->serverClient->post('enable_client_certificate', ['common_name' => $commonName]);
} else {
$this->serverClient->post('disable_client_certificate', ['common_name' => $commonName]);
$this->serverClient->post('kill_client', ['common_name' => $commonName]);
}
return new RedirectResponse($request->getHeader('HTTP_REFERER'), 302);
});
$service->get('/log', function () {
return new HtmlResponse($this->tpl->render('vpnLog', ['date_time' => null, 'ip_address' => null]));
});
$service->get('/stats', function () {
return new HtmlResponse($this->tpl->render('vpnStats', ['stats' => $this->serverClient->get('stats')]));
});
$service->get('/messages', function () {
$motdMessages = $this->serverClient->get('system_messages', ['message_type' => 'motd']);
// we only want the first one
if (0 === count($motdMessages)) {
$motdMessage = false;
} else {
$motdMessage = $motdMessages[0];
}
return new HtmlResponse($this->tpl->render('vpnMessages', ['motdMessage' => $motdMessage]));
});
$service->post('/messages', function (Request $request) {
$messageAction = $request->getPostParameter('message_action');
switch ($messageAction) {
case 'set':
// we can only have one "motd", so remove the ones that
// already exist
$motdMessages = $this->serverClient->get('system_messages', ['message_type' => 'motd']);
foreach ($motdMessages as $motdMessage) {
$this->serverClient->post('delete_system_message', ['message_id' => $motdMessage['id']]);
}
// no need to validate, we accept everything
$messageBody = $request->getPostParameter('message_body');
$this->serverClient->post('add_system_message', ['message_type' => 'motd', 'message_body' => $messageBody]);
break;
case 'delete':
$messageId = InputValidation::messageId($request->getPostParameter('message_id'));
$this->serverClient->post('delete_system_message', ['message_id' => $messageId]);
break;
default:
throw new HttpException('unsupported "message_action"', 400);
}
$returnUrl = sprintf('%smessages', $request->getRootUri());
return new RedirectResponse($returnUrl);
});
$service->post('/log', function (Request $request) {
$dateTime = $request->getPostParameter('date_time');
InputValidation::dateTime($dateTime);
$ipAddress = $request->getPostParameter('ip_address');
InputValidation::ipAddress($ipAddress);
return new HtmlResponse($this->tpl->render('vpnLog', ['date_time' => $dateTime, 'ip_address' => $ipAddress, 'results' => $this->serverClient->get('log', ['date_time' => $dateTime, 'ip_address' => $ipAddress])]));
});
}
