Merge pull request #14 from bnhf/develop-2

Make DNS fields optional in config and add passphrase to certificate generation. Cleanup lib/certificates.go
bnhf · Dec 10, 2022 · 6d3408b · 6d3408b
2 parents 60e721d + 1872d22
commit 6d3408b
Show file tree

Hide file tree

Showing 6 changed files with 55 additions and 46 deletions.
diff --git a/build/Multi-arch.dockerfile b/build/Multi-arch.dockerfile
@@ -4,7 +4,7 @@ WORKDIR /go/src/github.com/bnhf
 # Uncomment for a multi-arch buildx of the main branch
 # RUN git clone https://github.com/bnhf/pivpn-tap-web-ui
 # Uncomment for a multi-arch buildx of the develop branch
-RUN git clone -b develop --single-branch https://github.com/bnhf/pivpn-tap-web-ui
+RUN git clone -b develop-2 --single-branch https://github.com/bnhf/pivpn-tap-web-ui
 WORKDIR /go/src/github.com/bnhf/pivpn-tap-web-ui
 RUN go mod tidy && \
     bee pack -exr='^vendor|^data.db|^build|^README.md|^docs'

diff --git a/conf/openvpn-server-config.tpl b/conf/openvpn-server-config.tpl
@@ -12,8 +12,8 @@ ecdh-curve prime256v1
 topology subnet
 {{ .Server }}
 ifconfig-pool-persist {{ .IfconfigPoolPersist }}
-{{ .DNSServerOne }}"
-{{ .DNSServerTwo }}"
+{{ .DNSServerOne }}
+{{ .DNSServerTwo }}
 
 keepalive {{ .Keepalive }}
 remote-cert-tls client

diff --git a/controllers/certificates.go b/controllers/certificates.go
@@ -17,7 +17,8 @@ import (
 )
 
 type NewCertParams struct {
-	Name string `form:"Name" valid:"Required;"`
+	Name       string `form:"Name" valid:"Required;"`
+	Passphrase string `form:"passphrase"`
 }
 
 type CertificatesController struct {
@@ -158,7 +159,7 @@ func (c *CertificatesController) Post() {
 		if vMap := validateCertParams(cParams); vMap != nil {
 			c.Data["validation"] = vMap
 		} else {
-			if err := lib.CreateCertificate(cParams.Name); err != nil {
+			if err := lib.CreateCertificate(cParams.Name, cParams.Passphrase); err != nil {
 				beego.Error(err)
 				flash.Error(err.Error())
 				flash.Store(&c.Controller)

diff --git a/lib/certificates.go b/lib/certificates.go
@@ -95,18 +95,14 @@ func trim(s string) string {
 	return strings.Trim(strings.Trim(s, "\r\n"), "\n")
 }
 
-func CreateCertificate(name string) error {
-	rsaPath := "/etc/openvpn/easy-rsa"
-	//	//	varsPath := models.GlobalCfg.OVConfigPath + "easy-rsa/vars"
-	//	cmd := exec.Command("/bin/bash", "-c",
-	//		fmt.Sprintf(
-	//			//			"source %s &&"+
-	//			"export KEY_NAME=%s &&"+
-	//				"%s/easyrsa --batch build-client-full %s nopass", name, rsaPath, name))
-	//	cmd.Dir = models.GlobalCfg.OVConfigPath
-	//	output, err := cmd.CombinedOutput()
-	path := models.GlobalCfg.OVConfigPath + "easy-rsa/pki/index.txt"
-	certs, err := ReadCerts(path)
+func CreateCertificate(name string, passphrase string) error {
+	rsaPath := models.GlobalCfg.OVConfigPath + "easy-rsa"
+	rsaIndex := models.GlobalCfg.OVConfigPath + "easy-rsa/pki/index.txt"
+	pass := false
+	if passphrase != "" {
+		pass = true
+	}
+	certs, err := ReadCerts(rsaIndex)
 	if err != nil {
 		//		beego.Debug(string(output))
 		beego.Error(err)
@@ -119,12 +115,25 @@ func CreateCertificate(name string) error {
 			exists = true
 		}
 	}
-	if !exists {
+	if !exists && !pass {
 		cmd := exec.Command("/bin/bash", "-c",
 			fmt.Sprintf(
-				//			    "source %s &&"+
-				"export KEY_NAME=%s &&"+
-					"%s/easyrsa --batch build-client-full %s nopass", name, rsaPath, name))
+				"%s/easyrsa --batch build-client-full %s nopass",
+				rsaPath, name))
+		cmd.Dir = models.GlobalCfg.OVConfigPath
+		output, err := cmd.CombinedOutput()
+		if err != nil {
+			beego.Debug(string(output))
+			beego.Error(err)
+			return err
+		}
+		return nil
+	}
+	if !exists && pass {
+		cmd := exec.Command("/bin/bash", "-c",
+			fmt.Sprintf(
+				"%s/easyrsa --passout=pass:%s build-client-full %s",
+				rsaPath, passphrase, name))
 		cmd.Dir = models.GlobalCfg.OVConfigPath
 		output, err := cmd.CombinedOutput()
 		if err != nil {
@@ -138,20 +147,17 @@ func CreateCertificate(name string) error {
 }
 
 func RevokeCertificate(name string, serial string) error {
-	path := models.GlobalCfg.OVConfigPath + "easy-rsa/pki/index.txt"
-	certs, err := ReadCerts(path)
+	rsaPath := models.GlobalCfg.OVConfigPath + "easy-rsa"
+	rsaIndex := models.GlobalCfg.OVConfigPath + "easy-rsa/pki/index.txt"
+	certs, err := ReadCerts(rsaIndex)
 	if err != nil {
 		beego.Error(err)
 	}
 	Dump(certs)
 	for _, v := range certs {
 		if v.Details.Name == name {
-			rsaPath := "/etc/openvpn/easy-rsa/"
-			//			varsPath := models.GlobalCfg.OVConfigPath + "keys/vars"
-
 			cmd := exec.Command("/bin/bash", "-c",
 				fmt.Sprintf(
-					//					"source %s &&"+
 					"%s/easyrsa --batch revoke %s &&"+
 						"%s/easyrsa gen-crl &&"+
 						"cp %s/pki/crl.pem %s/..",
@@ -166,49 +172,43 @@ func RevokeCertificate(name string, serial string) error {
 			return nil
 		}
 	}
-	return nil //do nothing for now
+	return nil
 }
 
 func RemoveCertificate(name string, serial string) error {
-	path := models.GlobalCfg.OVConfigPath + "easy-rsa/pki/index.txt"
-	certs, err := ReadCerts(path)
+	rsaIndex := models.GlobalCfg.OVConfigPath + "easy-rsa/pki/index.txt"
+	certs, err := ReadCerts(rsaIndex)
 	if err != nil {
 		beego.Error(err)
 	}
 	Dump(certs)
 	for _, v := range certs {
 		if v.Details.Name == name {
-			keyDb := models.GlobalCfg.OVConfigPath + "easy-rsa/pki/index.txt"
-			/*file, err := os.Open(keyDb)
-			    	if err != nil {
-							beego.Error(err)
-							return err
-			    	}*/
 			_ = os.Remove(models.GlobalCfg.OVConfigPath + "easy-rsa/pki/certs_by_serial/" + serial + ".pem")
 			_ = os.Remove(models.GlobalCfg.OVConfigPath + "easy-rsa/pki/issued/" + name + ".crt")
 			_ = os.Remove(models.GlobalCfg.OVConfigPath + "easy-rsa/pki/private/" + name + ".key")
 			_ = os.Remove(models.GlobalCfg.OVConfigPath + "easy-rsa/pki/" + name + ".ovpn")
 			_ = os.Remove(models.GlobalCfg.OVConfigPath + "easy-rsa/pki/" + name + ".conf")
-			lines, err := readLines(keyDb)
+			lines, err := readLines(rsaIndex)
 			if err != nil {
 				beego.Error(err)
 				return err
 			}
-			newkeyDb := ""
+			newrsaIndex := ""
 			for _, line := range lines {
 				if !checkSubstrings(line, name, "\t"+serial) {
-					newkeyDb += line + "\n"
+					newrsaIndex += line + "\n"
 				}
 			}
-			err = ioutil.WriteFile(keyDb, []byte(newkeyDb), 0644)
+			err = ioutil.WriteFile(rsaIndex, []byte(newrsaIndex), 0644)
 			if err != nil {
 				beego.Error(err)
 				return err
 			}
 			return nil
 		}
 	}
-	return nil //do nothing for now
+	return nil
 }
 
 func readLines(path string) ([]string, error) {

diff --git a/views/certificates.html b/views/certificates.html
@@ -125,10 +125,14 @@ <h3 class="box-title">Create a new certificate</h3>
   {{template "common/alert.html" .}}
   <form role="form" action="{{urlfor "CertificatesController.Post"}}" method="post">
     <div class="box-body">
-      <div class="form-group {{if field_error_exist .validation "Name" }}has-error{{end}}" >
+      <div class="form-group {{if field_error_exist .validation "Name" }}has-error{{end}}">
         <label for="name">Name</label>
         <input type="text" class="form-control" id="Name" name="Name">
       </div>
+      <div class="form-group">
+        <label for="name">Passphrase (Optional)</label>
+        <input type="text" class="form-control" id="passphrase" name="passphrase">
+      </div>
       <span class="help-block"> {{template "common/fvalid.html" field_error_message .validation "Name" }}</span>
     </div>
     <!-- /.box-body -->

diff --git a/views/ovconfig.html b/views/ovconfig.html
@@ -42,17 +42,21 @@ <h3 class="box-title">Edit configuration</h3>
       </div>
 
       <div class="form-group">
-        <label for="name">DNS Server #1 (optional)</label>
+        <label for="name">DNS Server #1 (optional, but in the form: push "dhcp-option DNS [IP of DNS Server]")</label>
         <input type="text" class="form-control" name="DNSServerOne" id="DNSServerOne" placeholder="Enter the first DNS server"
           value="{{ .Settings.DNSServerOne }}">
-        <span class="help-block">Uncomment if you want to push a DNS server to the client -- primarily for TAP clients (can be used for comments or left empty as well)</span>
+        <span class="help-block">Uncomment if you want to push a DNS server to the client -- primarily for TAP clients 
+          (can be used for comments or left empty as well). IMPORTANT: If you show an IP address only in this field 
+        now, please update to the full directive, e.g. push "dhcp-option DNS 8.8.8.8" or enter a # only to remove</span>
       </div>
 
       <div class="form-group">
-        <label for="name">DNS Server #2 (optional)</label>
+        <label for="name">DNS Server #2 (optional, but in the form: push "dhcp-option DNS [IP of DNS Server]")</label>
         <input type="text" class="form-control" name="DNSServerTwo" id="DNSServerTwo" placeholder="Enter the second DNS server"
           value="{{ .Settings.DNSServerTwo }}">
-        <span class="help-block">Uncomment if you want to push a DNS server to the client -- primarily for TAP clients (can be used for comments or left empty as well)</span>
+        <span class="help-block">Uncomment if you want to push a DNS server to the client -- primarily for TAP clients 
+          (can be used for comments or left empty as well). IMPORTANT: If you show an IP address only in this field 
+         now, please update to the full directive, e.g. push "dhcp-option DNS 8.8.4.4" or enter a # only to remove</span>
       </div>
 
       <div class="form-group">