CaZzzer/vpgen
1
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

opnsense: sanitize usernames for creating peers

Browse Source
This commit is contained in:
Yuri Tatishchev 2025-01-09 14:44:48 -08:00
parent 29fbccc953
commit 80acec720c
Signed by: CaZzzer
GPG Key ID: E0EBF441EA424369
3 changed files with 9 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
src/lib/opnsense/index.ts Normal file
View File

@ -0,0 +1,3 @@
export function opnsenseSanitezedUsername(username: string) {
return username.slice(0, 63).replace(/[^a-zA-Z0-9_-]/g, '_');
}

3
src/lib/server/devices.ts
View File

@ -7,6 +7,7 @@ import { env } from '$env/dynamic/private';
import { and, count, eq, isNull } from 'drizzle-orm'; import { and, count, eq, isNull } from 'drizzle-orm';
import { err, ok, type Result } from '$lib/types'; import { err, ok, type Result } from '$lib/types';
import type { DeviceDetails } from '$lib/devices'; import type { DeviceDetails } from '$lib/devices';
import { opnsenseSanitezedUsername } from '$lib/opnsense';
export async function findDevices(userId: string) { export async function findDevices(userId: string) {
return db.query.devices.findMany({ return db.query.devices.findMany({
@ -196,7 +197,7 @@ async function opnsenseCreateClient(params: {
body: JSON.stringify({ body: JSON.stringify({
configbuilder: { configbuilder: {
enabled: '1', enabled: '1',
name: `vpgen-${params.username}`, name: `vpgen-${opnsenseSanitezedUsername(params.username)}`,
pubkey: params.pubkey, pubkey: params.pubkey,
psk: params.psk, psk: params.psk,
tunneladdress: params.allowedIps, tunneladdress: params.allowedIps,

10
src/routes/api/connections/+server.ts
View File

@ -4,6 +4,7 @@ import { opnsenseAuth, opnsenseUrl } from '$lib/server/opnsense';
import type { OpnsenseWgPeers } from '$lib/opnsense/wg'; import type { OpnsenseWgPeers } from '$lib/opnsense/wg';
import { findDevices } from '$lib/server/devices'; import { findDevices } from '$lib/server/devices';
import type { ConnectionDetails } from '$lib/connections'; import type { ConnectionDetails } from '$lib/connections';
import { opnsenseSanitezedUsername } from '$lib/opnsense';
export const GET: RequestHandler = async (event) => { export const GET: RequestHandler = async (event) => {
if (!event.locals.user) { if (!event.locals.user) {
@ -50,8 +51,7 @@ export const GET: RequestHandler = async (event) => {
}; };
async function fetchOpnsensePeers(username: string) { async function fetchOpnsensePeers(username: string) {
const apiUrl = `${opnsenseUrl}/api/wireguard/service/show`; const res = await fetch(`${opnsenseUrl}/api/wireguard/service/show`, {
const options: RequestInit = {
method: 'POST', method: 'POST',
headers: { headers: {
Authorization: opnsenseAuth, Authorization: opnsenseAuth,
@ -65,11 +65,9 @@ async function fetchOpnsensePeers(username: string) {
// TODO: use a more unique search phrase // TODO: use a more unique search phrase
// unfortunately 64 character limit, // unfortunately 64 character limit,
// but it should be fine if users can't change their own username // but it should be fine if users can't change their own username
searchPhrase: `vpgen-${username}`, searchPhrase: `vpgen-${opnsenseSanitezedUsername(username)}`,
type: ['peer'], type: ['peer'],
}), }),
}; });
const res = await fetch(apiUrl, options);
return (await res.json()) as OpnsenseWgPeers; return (await res.json()) as OpnsenseWgPeers;
} }