public function init(Service $service) { $service->get('/log', function (Request $request, array $hookData) { Utils::requireUser($hookData, ['vpn-admin-portal']); $dateTime = $request->getQueryParameter('date_time'); InputValidation::dateTime($dateTime); $dateTimeUnix = strtotime($dateTime); $ipAddress = $request->getQueryParameter('ip_address'); InputValidation::ipAddress($ipAddress); return new ApiResponse('log', $this->get($dateTimeUnix, $ipAddress)); }); $service->get('/stats', function (Request $request, array $hookData) { Utils::requireUser($hookData, ['vpn-admin-portal']); $statsFile = sprintf('%s/stats.json', $this->dataDir); return new ApiResponse('stats', FileIO::readJsonFile($statsFile)); }); }
public function init(Service $service) { $service->get('/server_pools', function (Request $request, array $hookData) { Utils::requireUser($hookData, ['vpn-admin-portal', 'vpn-user-portal']); $responseData = []; foreach (array_keys($this->instanceConfig->v('vpnPools')) as $poolId) { $poolConfig = new PoolConfig($this->instanceConfig->v('vpnPools', $poolId)); $responseData[$poolId] = $poolConfig->v(); } return new ApiResponse('server_pools', $responseData); }); $service->get('/server_pool', function (Request $request, array $hookData) { Utils::requireUser($hookData, ['vpn-admin-portal', 'vpn-user-portal']); $poolId = $request->getQueryParameter('pool_id'); InputValidation::poolId($poolId); $poolConfig = new PoolConfig($this->instanceConfig->v('vpnPools', $poolId)); return new ApiResponse('server_pool', $poolConfig->v()); }); }
public function init(Service $service) { $service->get('/client_connections', function (Request $request, array $hookData) { Utils::requireUser($hookData, ['vpn-admin-portal']); return new ApiResponse('client_connections', $this->serverManager->connections()); }); $service->post('/kill_client', function (Request $request, array $hookData) { Utils::requireUser($hookData, ['vpn-admin-portal', 'vpn-user-portal']); $commonName = $request->getPostParameter('common_name'); InputValidation::commonName($commonName); return new ApiResponse('kill_client', $this->serverManager->kill($commonName)); }); }
public function init(Service $service) { $service->get('/user_groups', function (Request $request, array $hookData) { Utils::requireUser($hookData, ['vpn-user-portal']); $userId = $request->getQueryParameter('user_id'); InputValidation::userId($userId); $groupMembership = []; foreach ($this->groupProviders as $groupProvider) { $groupMembership = array_merge($groupMembership, $groupProvider->getGroups($userId)); } return new ApiResponse('user_groups', $groupMembership); }); }
public function init(Service $service) { $service->get('/disabled_common_names', function (Request $request, array $hookData) { Utils::requireUser($hookData, ['vpn-admin-portal', 'vpn-user-portal']); return new ApiResponse('disabled_common_names', $this->commonNames->getDisabled()); }); $service->post('/disable_common_name', function (Request $request, array $hookData) { Utils::requireUser($hookData, ['vpn-admin-portal', 'vpn-user-portal']); $commonName = $request->getPostParameter('common_name'); InputValidation::commonName($commonName); $this->logger->info(sprintf('disabling common_name "%s"', $commonName)); return new ApiResponse('disable_common_name', $this->commonNames->setDisabled($commonName)); }); $service->post('/enable_common_name', function (Request $request, array $hookData) { Utils::requireUser($hookData, ['vpn-admin-portal']); $commonName = $request->getPostParameter('common_name'); InputValidation::commonName($commonName); $this->logger->info(sprintf('enabling common_name "%s"', $commonName)); return new ApiResponse('enable_common_name', $this->commonNames->setEnabled($commonName)); }); }
public function init(Service $service) { // DISABLED $service->get('/disabled_users', function (Request $request, array $hookData) { Utils::requireUser($hookData, ['vpn-admin-portal']); return new ApiResponse('disabled_users', $this->users->getDisabled()); }); $service->get('/is_disabled_user', function (Request $request, array $hookData) { Utils::requireUser($hookData, ['vpn-admin-portal', 'vpn-user-portal']); $userId = $request->getQueryParameter('user_id'); InputValidation::userId($userId); return new ApiResponse('is_disabled_user', $this->users->isDisabled($userId)); }); $service->post('/disable_user', function (Request $request, array $hookData) { Utils::requireUser($hookData, ['vpn-admin-portal']); $userId = $request->getPostParameter('user_id'); InputValidation::userId($userId); $this->logger->info(sprintf('disabling user "%s"', $userId)); return new ApiResponse('disable_user', $this->users->setDisabled($userId)); }); $service->post('/enable_user', function (Request $request, array $hookData) { Utils::requireUser($hookData, ['vpn-admin-portal']); $userId = $request->getPostParameter('user_id'); InputValidation::userId($userId); $this->logger->info(sprintf('enabling user "%s"', $userId)); return new ApiResponse('enable_user', $this->users->setEnabled($userId)); }); // OTP_SECRETS $service->get('/has_otp_secret', function (Request $request, array $hookData) { Utils::requireUser($hookData, ['vpn-admin-portal', 'vpn-user-portal']); $userId = $request->getQueryParameter('user_id'); InputValidation::userId($userId); return new ApiResponse('has_otp_secret', $this->users->hasOtpSecret($userId)); }); $service->post('/set_otp_secret', function (Request $request, array $hookData) { Utils::requireUser($hookData, ['vpn-user-portal']); $userId = $request->getPostParameter('user_id'); InputValidation::userId($userId); $otpSecret = $request->getPostParameter('otp_secret'); InputValidation::otpSecret($otpSecret); return new ApiResponse('set_otp_secret', $this->users->setOtpSecret($userId, $otpSecret)); }); $service->post('/delete_otp_secret', function (Request $request, array $hookData) { Utils::requireUser($hookData, ['vpn-admin-portal']); $userId = $request->getPostParameter('user_id'); InputValidation::userId($userId); return new ApiResponse('delete_otp_secret', $this->users->deleteOtpSecret($userId)); }); // VOOT_TOKENS $service->get('/has_voot_token', function (Request $request, array $hookData) { Utils::requireUser($hookData, ['vpn-user-portal', 'vpn-admin-portal']); $userId = $request->getQueryParameter('user_id'); InputValidation::userId($userId); return new ApiResponse('has_voot_token', $this->users->hasVootToken($userId)); }); $service->post('/set_voot_token', function (Request $request, array $hookData) { Utils::requireUser($hookData, ['vpn-user-portal']); $userId = $request->getPostParameter('user_id'); InputValidation::userId($userId); $vootToken = $request->getPostParameter('voot_token'); InputValidation::vootToken($vootToken); return new ApiResponse('set_voot_token', $this->users->setVootToken($userId, $vootToken)); }); }
public function init(Service $service) { $service->get('/', function (Request $request) { return new RedirectResponse($request->getRootUri() . 'connections', 302); }); $service->get('/connections', function () { // get the fancy profile name $profileList = $this->serverClient->get('profile_list'); $idNameMapping = []; foreach ($profileList as $profileId => $profileData) { $idNameMapping[$profileId] = $profileData['displayName']; } return new HtmlResponse($this->tpl->render('vpnConnections', ['idNameMapping' => $idNameMapping, 'connections' => $this->serverClient->get('client_connections')])); }); $service->get('/info', function () { return new HtmlResponse($this->tpl->render('vpnInfo', ['profileList' => $this->serverClient->get('profile_list')])); }); $service->get('/users', function () { $userList = $this->serverClient->get('user_list'); return new HtmlResponse($this->tpl->render('vpnUserList', ['userList' => $userList])); }); $service->get('/user', function (Request $request) { $userId = $request->getQueryParameter('user_id'); InputValidation::userId($userId); $clientCertificateList = $this->serverClient->get('client_certificate_list', ['user_id' => $userId]); $userMessages = $this->serverClient->get('user_messages', ['user_id' => $userId]); return new HtmlResponse($this->tpl->render('vpnUserConfigList', ['userId' => $userId, 'userMessages' => $userMessages, 'clientCertificateList' => $clientCertificateList, 'hasOtpSecret' => $this->serverClient->get('has_totp_secret', ['user_id' => $userId]), 'isDisabled' => $this->serverClient->get('is_disabled_user', ['user_id' => $userId])])); }); $service->post('/user', function (Request $request) { $userId = $request->getPostParameter('user_id'); InputValidation::userId($userId); $userAction = $request->getPostParameter('user_action'); // no need to explicitly validate userAction, as we will have // switch below with whitelisted acceptable values switch ($userAction) { case 'disableUser': $this->serverClient->post('disable_user', ['user_id' => $userId]); // kill all active connections for this user $clientConnections = $this->serverClient->get('client_connections'); foreach ($clientConnections as $profile) { foreach ($profile['connections'] as $connection) { if ($connection['user_id'] === $userId) { $this->serverClient->post('kill_client', ['common_name' => $connection['common_name']]); } } } break; case 'enableUser': $this->serverClient->post('enable_user', ['user_id' => $userId]); break; case 'deleteOtpSecret': $this->serverClient->post('delete_totp_secret', ['user_id' => $userId]); break; default: throw new HttpException('unsupported "user_action"', 400); } $returnUrl = sprintf('%susers', $request->getRootUri()); return new RedirectResponse($returnUrl); }); $service->post('/setCertificateStatus', function (Request $request, array $hookData) { $commonName = $request->getPostParameter('commonName'); InputValidation::commonName($commonName); $newState = $request->getPostParameter('newState'); if ('enable' === $newState) { $this->serverClient->post('enable_client_certificate', ['common_name' => $commonName]); } else { $this->serverClient->post('disable_client_certificate', ['common_name' => $commonName]); $this->serverClient->post('kill_client', ['common_name' => $commonName]); } return new RedirectResponse($request->getHeader('HTTP_REFERER'), 302); }); $service->get('/log', function () { return new HtmlResponse($this->tpl->render('vpnLog', ['date_time' => null, 'ip_address' => null])); }); $service->get('/stats', function () { return new HtmlResponse($this->tpl->render('vpnStats', ['stats' => $this->serverClient->get('stats')])); }); $service->get('/messages', function () { $motdMessages = $this->serverClient->get('system_messages', ['message_type' => 'motd']); // we only want the first one if (0 === count($motdMessages)) { $motdMessage = false; } else { $motdMessage = $motdMessages[0]; } return new HtmlResponse($this->tpl->render('vpnMessages', ['motdMessage' => $motdMessage])); }); $service->post('/messages', function (Request $request) { $messageAction = $request->getPostParameter('message_action'); switch ($messageAction) { case 'set': // we can only have one "motd", so remove the ones that // already exist $motdMessages = $this->serverClient->get('system_messages', ['message_type' => 'motd']); foreach ($motdMessages as $motdMessage) { $this->serverClient->post('delete_system_message', ['message_id' => $motdMessage['id']]); } // no need to validate, we accept everything $messageBody = $request->getPostParameter('message_body'); $this->serverClient->post('add_system_message', ['message_type' => 'motd', 'message_body' => $messageBody]); break; case 'delete': $messageId = InputValidation::messageId($request->getPostParameter('message_id')); $this->serverClient->post('delete_system_message', ['message_id' => $messageId]); break; default: throw new HttpException('unsupported "message_action"', 400); } $returnUrl = sprintf('%smessages', $request->getRootUri()); return new RedirectResponse($returnUrl); }); $service->post('/log', function (Request $request) { $dateTime = $request->getPostParameter('date_time'); InputValidation::dateTime($dateTime); $ipAddress = $request->getPostParameter('ip_address'); InputValidation::ipAddress($ipAddress); return new HtmlResponse($this->tpl->render('vpnLog', ['date_time' => $dateTime, 'ip_address' => $ipAddress, 'results' => $this->serverClient->get('log', ['date_time' => $dateTime, 'ip_address' => $ipAddress])])); }); }