Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Patch: Fix URL path, WG subnet and initsetup route logic #196

Open
wants to merge 36 commits into
base: master
Choose a base branch
from
Open
Show file tree
Hide file tree
Changes from 34 commits
Commits
Show all changes
36 commits
Select commit Hold shift + click to select a range
fe69cc3
fix: prepend all templates with backlink value
lifehome Jun 20, 2021
c0a00ad
fix: prepend all golang files with backlink variable
lifehome Jun 20, 2021
f33deff
fix: remove trailing slash from entrypoint.sh
lifehome Jun 20, 2021
2f457bb
fix: display listening address correctly
lifehome Jun 20, 2021
0867e85
fix: remove trailing slash for cookies
lifehome Jun 20, 2021
3e7098d
fix: remove trailing slash for version info message
lifehome Jun 20, 2021
73da0fe
patch: escalate all Backlink template variable to top level access
lifehome Jun 20, 2021
e6f205c
fix: HTML template message typo on 'deleteprofile' error
lifehome Jun 20, 2021
0cb20f8
patch: fundamentally remove all trailing slash behaviour
lifehome Jun 20, 2021
94cdecd
patch: prepend backlink value to SAML URLs
lifehome Jun 20, 2021
a9cb880
[important] fix: match LAN subnet to user config
lifehome Jun 20, 2021
8e9e284
[important] fix: make sure user is a valid multiuser admin
lifehome Jun 20, 2021
8fe00ef
patch: remove more trailing slash behaviour
lifehome Jun 20, 2021
a8e448d
patch: remove trailing slashes inside HTML templates
lifehome Jun 20, 2021
d7af24c
[important] fix: enforce first time setup even URL points to auth end…
lifehome Jun 20, 2021
6cf175e
revert: code block positioning (variables in handlers.go)
lifehome Jun 20, 2021
8ab3bd9
revert: spacing issue in handlers.go
lifehome Jun 20, 2021
6f3d62d
patch: remove trailing slash from README.md
lifehome Jun 20, 2021
f5d2665
patch: improve the meaning of 'backlink'
lifehome Jun 20, 2021
197b81e
patch: completely rename 'backlink' to SubDirectory
lifehome Jun 20, 2021
1e038c4
fix: remove trailing slash from subdir in README.md
lifehome Jun 20, 2021
6c5e88e
patch: reword subdir argument flag for cli
lifehome Jun 20, 2021
9d646ea
fix: spacing issue in main.go
lifehome Jun 20, 2021
6905f42
fix: spacing issue (again) in handlers.go
lifehome Jun 20, 2021
bbe8e29
revert a8e448d: keep trailing slash for homepage
lifehome Jun 20, 2021
cbd3524
💢 patch: add backward compatibility and startup delay for using depre…
lifehome Oct 9, 2021
e01abb1
🔮 patch: Dockerfile to always build with latest golang and alpine images
lifehome Oct 9, 2021
d74e074
🏺 revert: old message with deprecated flag only
lifehome Oct 9, 2021
b9ddb0f
🧨 patch: typo for startup delay
lifehome Oct 9, 2021
ddc8b89
🪓 trim: line length to satisfy sonarcloud standard
lifehome Oct 9, 2021
27f238e
🪓 trim: line length to satisfy sonarcloud standard, again
lifehome Oct 9, 2021
eb06d99
🧹 revert: 0cb20f857e0683793c67b9d522230d8f9f9f664f
lifehome Oct 9, 2021
7f2f498
💡 update: golang modules and fix go-bindata upstream path
lifehome Oct 9, 2021
54d7f38
🔨 fix: d7af24c8d040d76215b3b1c72cd88c45ee6bb49b
lifehome Oct 9, 2021
797bc20
🪓 revert e01abb139ca772d811e5e57d7baba36ca507d6d1
lifehome Oct 11, 2021
9173cc9
💈 patch: revert and patch entrypoint.sh for backward compatability
lifehome Oct 16, 2021
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 2 additions & 2 deletions Dockerfile
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
FROM golang:1.16-alpine as build
FROM golang:alpine as build

RUN apk add --no-cache \
git \
Expand All @@ -18,7 +18,7 @@ ENV GODEBUG="netdns=go http2server=0"

RUN make build BUILD_VERSION=${BUILD_VERSION}

FROM alpine:3.13.4
FROM alpine:latest
lifehome marked this conversation as resolved.
Show resolved Hide resolved
LABEL maintainer="github.com/subspacecommunity/subspace"

COPY --from=build /src/subspace /usr/bin/subspace
Expand Down
4 changes: 2 additions & 2 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -99,7 +99,7 @@ $ subspace --http-host subspace.example.com
| flag | default | description |
| :-------------: | :-----: | :------------------------------------------------------------------------------------------------------------------------ |
| `http-host` | | REQUIRED: The host to listen on and set cookies for |
| `backlink` | `/` | OPTIONAL: The page to set the home button to |
| `subdir` | `` | OPTIONAL: The subdirectory that runs `subspace` |
| `datadir` | `/data` | OPTIONAL: The directory to store data such as the WireGuard configuration files |
| `debug` | | OPTIONAL: Place subspace into debug mode for verbose log output |
| `http-addr` | `:80` | OPTIONAL: HTTP listen address |
Expand All @@ -125,7 +125,7 @@ $ subspace --http-host subspace.example.com
| `SUBSPACE_IPV4_NAT_ENABLED` | `true` | Whether to enable NAT routing for IPv4 |
| `SUBSPACE_IPV6_NAT_ENABLED` | `true` | Whether to enable NAT routing for IPv6 |
| `SUBSPACE_THEME` | `green` | The theme to use, please refer to [semantic-ui](https://semantic-ui.com/usage/theming.html) for accepted colors |
| `SUBSPACE_BACKLINK` | `/` | The page to set the home button to |
| `SUBSPACE_URL_SUBDIRECTORY` | `` | The subdirectory that runs `subspace` |
| `SUBSPACE_DISABLE_DNS` | `false` | Whether to disable DNS so the client uses their own configured DNS server(s). Consider disabling DNS server, if supporting international VPN clients |

### Run as a Docker container
Expand Down
2 changes: 1 addition & 1 deletion cmd/subspace/assets.go
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
package main

import (
_ "github.com/jteeuwen/go-bindata"
_ "github.com/kevinburke/go-bindata"
)

//go:generate go run github.com/jteeuwen/go-bindata/go-bindata --pkg main static/... templates/... email/...
82 changes: 41 additions & 41 deletions cmd/subspace/handlers.go
Original file line number Diff line number Diff line change
Expand Up @@ -36,7 +36,7 @@ func getEnv(key, fallback string) string {
func ssoHandler(w http.ResponseWriter, r *http.Request, _ httprouter.Params) {
session, err := samlSP.Session.GetSession(r)
if session != nil {
http.Redirect(w, r, "/", http.StatusFound)
http.Redirect(w, r, subdir, http.StatusFound)
return
}
if err == samlsp.ErrNoSession {
Expand Down Expand Up @@ -120,7 +120,7 @@ func wireguardConfigHandler(w *Web) {

func configureHandler(w *Web) {
if config.FindInfo().Configured {
w.Redirect("/?error=configured")
w.Redirect(subdir + "?error=configured")
return
}

Expand All @@ -134,13 +134,13 @@ func configureHandler(w *Web) {
password := w.r.FormValue("password")

if !validEmail.MatchString(email) || !validPassword.MatchString(password) || email != emailConfirm {
w.Redirect("/configure?error=invalid")
w.Redirect(subdir + "/configure?error=invalid")
return
}

hashedPassword, err := bcrypt.GenerateFromPassword([]byte(password), bcrypt.DefaultCost)
if err != nil {
w.Redirect("/forgot?error=bcrypt")
w.Redirect(subdir + "/forgot?error=bcrypt")
return
}
config.UpdateInfo(func(i *Info) error {
Expand All @@ -154,7 +154,7 @@ func configureHandler(w *Web) {
Error(w.w, err)
return
}
w.Redirect("/settings?success=configured")
w.Redirect(subdir + "/settings?success=configured")
}

func forgotHandler(w *Web) {
Expand All @@ -168,20 +168,20 @@ func forgotHandler(w *Web) {
password := w.r.FormValue("password")

if email != "" && !validEmail.MatchString(email) {
w.Redirect("/forgot?error=invalid")
w.Redirect(subdir + "/forgot?error=invalid")
return
}
if secret != "" && !validString.MatchString(secret) {
w.Redirect("/forgot?error=invalid")
w.Redirect(subdir + "/forgot?error=invalid")
return
}
if email != "" && secret != "" && !validPassword.MatchString(password) {
w.Redirect("/forgot?error=invalid&email=%s&secret=%s", email, secret)
w.Redirect(subdir + "/forgot?error=invalid&email=%s&secret=%s", email, secret)
return
}

if email != config.FindInfo().Email {
w.Redirect("/forgot?error=invalid")
w.Redirect(subdir + "/forgot?error=invalid")
return
}

Expand All @@ -203,18 +203,18 @@ func forgotHandler(w *Web) {
}
}()

w.Redirect("/forgot?success=forgot")
w.Redirect(subdir + "/forgot?success=forgot")
return
}

if secret != config.FindInfo().Secret {
w.Redirect("/forgot?error=invalid")
w.Redirect(subdir + "/forgot?error=invalid")
return
}

hashedPassword, err := bcrypt.GenerateFromPassword([]byte(password), bcrypt.DefaultCost)
if err != nil {
w.Redirect("/forgot?error=bcrypt")
w.Redirect(subdir + "/forgot?error=bcrypt")
return
}
config.UpdateInfo(func(i *Info) error {
Expand All @@ -227,12 +227,12 @@ func forgotHandler(w *Web) {
Error(w.w, err)
return
}
w.Redirect("/")
w.Redirect(subdir)
}

func signoutHandler(w *Web) {
w.SignoutSession()
w.Redirect("/signin")
w.Redirect(subdir + "/signin")
}

func signinHandler(w *Web) {
Expand All @@ -246,18 +246,18 @@ func signinHandler(w *Web) {
passcode := w.r.FormValue("totp")

if email != config.FindInfo().Email {
w.Redirect("/signin?error=invalid")
w.Redirect(subdir + "/signin?error=invalid")
return
}

if err := bcrypt.CompareHashAndPassword(config.FindInfo().Password, []byte(password)); err != nil {
w.Redirect("/signin?error=invalid")
w.Redirect(subdir + "/signin?error=invalid")
return
}

if config.FindInfo().TotpKey != "" && !totp.Validate(passcode, config.FindInfo().TotpKey) {
// Totp has been configured and the provided code doesn't match
w.Redirect("/signin?error=invalid")
w.Redirect(subdir + "/signin?error=invalid")
return
}

Expand All @@ -266,7 +266,7 @@ func signinHandler(w *Web) {
return
}

w.Redirect("/")
w.Redirect(subdir)
}

func totpQRHandler(w *Web) {
Expand All @@ -277,7 +277,7 @@ func totpQRHandler(w *Web) {

if config.Info.TotpKey != "" {
// TOTP is already configured, don't allow the current one to be leaked
w.Redirect("/")
w.Redirect(subdir + "/")
return
}

Expand Down Expand Up @@ -322,7 +322,7 @@ func userEditHandler(w *Web) {
}

if w.User.ID == user.ID {
w.Redirect("/user/edit/%s", user.ID)
w.Redirect(subdir + "/user/edit/%s", user.ID)
return
}

Expand All @@ -333,7 +333,7 @@ func userEditHandler(w *Web) {
return nil
})

w.Redirect("/user/edit/%s?success=edituser", user.ID)
w.Redirect(subdir + "/user/edit/%s?success=edituser", user.ID)
}

func userDeleteHandler(w *Web) {
Expand All @@ -351,7 +351,7 @@ func userDeleteHandler(w *Web) {
return
}
if w.User.ID == user.ID {
w.Redirect("/user/edit/%s?error=deleteuser", user.ID)
w.Redirect(subdir + "/user/edit/%s?error=deleteuser", user.ID)
return
}

Expand All @@ -364,7 +364,7 @@ func userDeleteHandler(w *Web) {
for _, profile := range config.ListProfilesByUser(user.ID) {
if err := deleteProfile(profile); err != nil {
logger.Errorf("delete profile failed: %s", err)
w.Redirect("/profile/delete?error=deleteprofile")
w.Redirect(subdir + "/profile/delete?error=deleteprofile")
return
}
}
Expand All @@ -373,7 +373,7 @@ func userDeleteHandler(w *Web) {
Error(w.w, err)
return
}
w.Redirect("/?success=deleteuser")
w.Redirect(subdir + "?success=deleteuser")
}

func profileAddHandler(w *Web) {
Expand All @@ -391,7 +391,7 @@ func profileAddHandler(w *Web) {
}

if name == "" {
w.Redirect("/?error=profilename")
w.Redirect(subdir + "?error=profilename")
return
}

Expand All @@ -403,14 +403,14 @@ func profileAddHandler(w *Web) {
}

if len(config.ListProfiles()) >= maxProfiles {
w.Redirect("/?error=addprofile")
w.Redirect(subdir + "?error=addprofile")
return
}

profile, err := config.AddProfile(userID, name, platform)
if err != nil {
logger.Warn(err)
w.Redirect("/?error=addprofile")
w.Redirect(subdir + "?error=addprofile")
return
}

Expand Down Expand Up @@ -527,11 +527,11 @@ WGCLIENT
f, _ := os.Create("/tmp/error.txt")
errstr := fmt.Sprintln(err)
f.WriteString(errstr)
w.Redirect("/?error=addprofile")
w.Redirect(subdir + "?error=addprofile")
return
}

w.Redirect("/profile/connect/%s?success=addprofile", profile.ID)
w.Redirect(subdir + "/profile/connect/%s?success=addprofile", profile.ID)
}

func profileConnectHandler(w *Web) {
Expand Down Expand Up @@ -570,14 +570,14 @@ func profileDeleteHandler(w *Web) {
}
if err := deleteProfile(profile); err != nil {
logger.Errorf("delete profile failed: %s", err)
w.Redirect("/profile/delete?error=deleteprofile")
w.Redirect(subdir + "/profile/delete?error=deleteprofile")
return
}
if w.Admin {
w.Redirect("/user/edit/%s?success=deleteprofile", profile.UserID)
if len(profile.UserID) > 0 && w.Admin {
w.Redirect(subdir + "/user/edit/%s?success=deleteprofile", profile.UserID)
return
}
w.Redirect("/?success=deleteprofile")
w.Redirect(subdir + "?success=deleteprofile")
}

func indexHandler(w *Web) {
Expand Down Expand Up @@ -623,26 +623,26 @@ func settingsHandler(w *Web) {
if len(samlMetadata) > 0 {
if err := configureSAML(); err != nil {
logger.Warnf("configuring SAML failed: %s", err)
w.Redirect("/settings?error=saml")
w.Redirect(subdir + "/settings?error=saml")
}
} else {
samlSP = nil
}

if currentPassword != "" || newPassword != "" {
if !validPassword.MatchString(newPassword) {
w.Redirect("/settings?error=invalid")
w.Redirect(subdir + "/settings?error=invalid")
return
}

if err := bcrypt.CompareHashAndPassword(config.FindInfo().Password, []byte(currentPassword)); err != nil {
w.Redirect("/settings?error=invalid")
w.Redirect(subdir + "/settings?error=invalid")
return
}

hashedPassword, err := bcrypt.GenerateFromPassword([]byte(newPassword), bcrypt.DefaultCost)
if err != nil {
w.Redirect("/settings?error=bcrypt")
w.Redirect(subdir + "/settings?error=bcrypt")
return
}

Expand All @@ -655,24 +655,24 @@ func settingsHandler(w *Web) {
if resetTotp == "true" {
err := config.ResetTotp()
if err != nil {
w.Redirect("/settings?error=totp")
w.Redirect(subdir + "/settings?error=totp")
return
}

w.Redirect("/settings?success=totp")
w.Redirect(subdir + "/settings?success=totp")
return
}

if config.Info.TotpKey == "" && totpCode != "" {
if !totp.Validate(totpCode, tempTotpKey.Secret()) {
w.Redirect("/settings?error=totp")
w.Redirect(subdir + "/settings?error=totp")
return
}
config.Info.TotpKey = tempTotpKey.Secret()
config.save()
}

w.Redirect("/settings?success=settings")
w.Redirect(subdir + "/settings?success=settings")
}

func helpHandler(w *Web) {
Expand Down
Loading