diff options
author | Paul Donald <newtwen+github@gmail.com> | 2024-11-22 19:50:43 +0100 |
---|---|---|
committer | Paul Donald <newtwen+github@gmail.com> | 2024-11-22 20:26:23 +0100 |
commit | aa955d6465b4d0f00cc713904e2de7bfb0cbd062 (patch) | |
tree | a56d88aae9923a49e900ae20c8c64ef353a558b4 /protocols | |
parent | 0060e431742bca744bed6960bac302ab995d6660 (diff) |
luci-proto-openconnect: convert helper to ucode
set also dep to luci-base
Signed-off-by: Paul Donald <newtwen+github@gmail.com>
Diffstat (limited to 'protocols')
3 files changed, 116 insertions, 79 deletions
diff --git a/protocols/luci-proto-openconnect/Makefile b/protocols/luci-proto-openconnect/Makefile index de821b588b..096f55e3bb 100644 --- a/protocols/luci-proto-openconnect/Makefile +++ b/protocols/luci-proto-openconnect/Makefile @@ -7,7 +7,7 @@ include $(TOPDIR)/rules.mk LUCI_TITLE:=Support for OpenConnect VPN -LUCI_DEPENDS:=+openconnect +luci-lua-runtime +LUCI_DEPENDS:=+openconnect +luci-base PKG_LICENSE:=Apache-2.0 PKG_MAINTAINER:=Jo-Philipp Wich <jo@mein.io> diff --git a/protocols/luci-proto-openconnect/root/usr/libexec/rpcd/luci.openconnect b/protocols/luci-proto-openconnect/root/usr/libexec/rpcd/luci.openconnect deleted file mode 100755 index 38650a615f..0000000000 --- a/protocols/luci-proto-openconnect/root/usr/libexec/rpcd/luci.openconnect +++ /dev/null @@ -1,78 +0,0 @@ -#!/usr/bin/env lua - -local json = require "luci.jsonc" -local fs = require "nixio.fs" - -local function readfile(path) - local s = fs.readfile(path) - return s and (s:gsub("^%s+", ""):gsub("%s+$", "")) -end - -local function writefile(path, data) - local n = fs.writefile(path, data) - return (n == #data) -end - -local function parseInput() - local parse = json.new() - local done, err - - while true do - local chunk = io.read(4096) - if not chunk then - break - elseif not done and not err then - done, err = parse:parse(chunk) - end - end - - if not done then - print(json.stringify({ error = err or "Incomplete input" })) - os.exit(1) - end - - return parse:get() -end - -if arg[1] == "list" then - print(json.stringify({ - getCertificates = { - interface = "interface" - }, - setCertificates = { - interface = "interface", - user_certificate = "PEM file data", - user_privatekey = "PEM file data", - ca_certificate = "PEM file data" - } - })) -elseif arg[1] == "call" then - local args = parseInput() - - if not args.interface or - type(args.interface) ~= "string" or - not args.interface:match("^[a-zA-Z0-9_]+$") - then - print(json.stringify({ error = "Invalid interface name" })) - os.exit(1) - end - - if arg[2] == "getCertificates" then - print(json.stringify({ - user_certificate = readfile(string.format("/etc/openconnect/user-cert-vpn-%s.pem", args.interface)), - user_privatekey = readfile(string.format("/etc/openconnect/user-key-vpn-%s.pem", args.interface)), - ca_certificate = readfile(string.format("/etc/openconnect/ca-vpn-%s.pem", args.interface)) - })) - elseif arg[2] == "setCertificates" then - if args.user_certificate then - writefile(string.format("/etc/openconnect/user-cert-vpn-%s.pem", args.interface), args.user_certificate) - end - if args.user_privatekey then - writefile(string.format("/etc/openconnect/user-key-vpn-%s.pem", args.interface), args.user_privatekey) - end - if args.ca_certificate then - writefile(string.format("/etc/openconnect/ca-vpn-%s.pem", args.interface), args.ca_certificate) - end - print(json.stringify({ result = true })) - end -end diff --git a/protocols/luci-proto-openconnect/root/usr/share/rpcd/ucode/luci.openconnect b/protocols/luci-proto-openconnect/root/usr/share/rpcd/ucode/luci.openconnect new file mode 100644 index 0000000000..8e728e6bd0 --- /dev/null +++ b/protocols/luci-proto-openconnect/root/usr/share/rpcd/ucode/luci.openconnect @@ -0,0 +1,115 @@ +#!/usr/bin/env ucode + +'use strict'; + +import { readfile, writefile, stat } from 'fs'; + +const interfaceregex = /^[a-zA-Z0-9_]+$/; +const user_certificate_string = "/etc/openconnect/user-cert-vpn-%s.pem"; +const user_privatekey_string = "/etc/openconnect/user-key-vpn-%s.pem"; +const ca_certificate_string = "/etc/openconnect/ca-vpn-%s.pem"; + + +// Utility to read a file +function _readfile(path) { + let _stat = stat(path); + if (_stat && _stat.type == "file") { + let content = readfile(path); + return content ? trim(content) : 'File empty'; + } + return 'File not found'; +} + +// Utility to write a file +function _writefile(path, data) { + if (!data) { + return false; + } + return writefile(path, data) == length(data); +} + +const methods = { + + list:{ + call: function() { + return { + getCertificates: { + interface: "interface" + }, + setCertificates: { + interface: "interface", + user_certificate: "user_certificate", + user_privatekey: "user_privatekey", + ca_certificate: "ca_certificate" + } + }; + } + }, + + getCertificates: { + args: { + interface: "interface", + }, + call: function(req) { + + const _interface = req.args?.interface; + if (!_interface || !match(_interface, interfaceregex)) { + // printf("Invalid interface name"); + return; + } + + const user_certificate_pem = _readfile(sprintf(user_certificate_string, _interface)); + const user_privatekey_pem = _readfile(sprintf(user_privatekey_string, _interface)); + const ca_certificate_pem = _readfile(sprintf(ca_certificate_string, _interface)); + + if(user_certificate_pem && user_privatekey_pem && ca_certificate_pem){ + return { + user_certificate: user_certificate_pem, + user_privatekey: user_privatekey_pem, + ca_certificate: ca_certificate_pem, + }; + } + + } + }, + + setCertificates: { + args: { + interface: "interface", + user_certificate: "user_certificate", + user_privatekey: "user_privatekey", + ca_certificate: "ca_certificate", + }, + call: function(req) { + + let result = false; + let _interface = req.args?.interface; + + if (!_interface || !match(_interface, interfaceregex)) { + // printf("Invalid interface name"); + return; + } + + /* the interface is set up to call 1 write per certificate, + with only one of the following arguments not null */ + if (req.args?.user_certificate) { + result = _writefile(sprintf(user_certificate_string, _interface), req.args?.user_certificate); + } + if (req.args?.user_privatekey) { + result = _writefile(sprintf(user_privatekey_string, _interface), req.args?.user_privatekey); + } + if (req.args?.ca_certificate) { + result = _writefile(sprintf(ca_certificate_string, _interface), req.args?.ca_certificate); + } + + return { + result: result, + }; + + } + } + +}; + +return { 'luci.openconnect': methods }; + |