summaryrefslogtreecommitdiffhomepage
path: root/protocols
diff options
context:
space:
mode:
authorPaul Donald <newtwen+github@gmail.com>2024-11-22 19:50:43 +0100
committerPaul Donald <newtwen+github@gmail.com>2024-11-22 20:26:23 +0100
commitaa955d6465b4d0f00cc713904e2de7bfb0cbd062 (patch)
treea56d88aae9923a49e900ae20c8c64ef353a558b4 /protocols
parent0060e431742bca744bed6960bac302ab995d6660 (diff)
luci-proto-openconnect: convert helper to ucode
set also dep to luci-base Signed-off-by: Paul Donald <newtwen+github@gmail.com>
Diffstat (limited to 'protocols')
-rw-r--r--protocols/luci-proto-openconnect/Makefile2
-rwxr-xr-xprotocols/luci-proto-openconnect/root/usr/libexec/rpcd/luci.openconnect78
-rw-r--r--protocols/luci-proto-openconnect/root/usr/share/rpcd/ucode/luci.openconnect115
3 files changed, 116 insertions, 79 deletions
diff --git a/protocols/luci-proto-openconnect/Makefile b/protocols/luci-proto-openconnect/Makefile
index de821b588b..096f55e3bb 100644
--- a/protocols/luci-proto-openconnect/Makefile
+++ b/protocols/luci-proto-openconnect/Makefile
@@ -7,7 +7,7 @@
include $(TOPDIR)/rules.mk
LUCI_TITLE:=Support for OpenConnect VPN
-LUCI_DEPENDS:=+openconnect +luci-lua-runtime
+LUCI_DEPENDS:=+openconnect +luci-base
PKG_LICENSE:=Apache-2.0
PKG_MAINTAINER:=Jo-Philipp Wich <jo@mein.io>
diff --git a/protocols/luci-proto-openconnect/root/usr/libexec/rpcd/luci.openconnect b/protocols/luci-proto-openconnect/root/usr/libexec/rpcd/luci.openconnect
deleted file mode 100755
index 38650a615f..0000000000
--- a/protocols/luci-proto-openconnect/root/usr/libexec/rpcd/luci.openconnect
+++ /dev/null
@@ -1,78 +0,0 @@
-#!/usr/bin/env lua
-
-local json = require "luci.jsonc"
-local fs = require "nixio.fs"
-
-local function readfile(path)
- local s = fs.readfile(path)
- return s and (s:gsub("^%s+", ""):gsub("%s+$", ""))
-end
-
-local function writefile(path, data)
- local n = fs.writefile(path, data)
- return (n == #data)
-end
-
-local function parseInput()
- local parse = json.new()
- local done, err
-
- while true do
- local chunk = io.read(4096)
- if not chunk then
- break
- elseif not done and not err then
- done, err = parse:parse(chunk)
- end
- end
-
- if not done then
- print(json.stringify({ error = err or "Incomplete input" }))
- os.exit(1)
- end
-
- return parse:get()
-end
-
-if arg[1] == "list" then
- print(json.stringify({
- getCertificates = {
- interface = "interface"
- },
- setCertificates = {
- interface = "interface",
- user_certificate = "PEM file data",
- user_privatekey = "PEM file data",
- ca_certificate = "PEM file data"
- }
- }))
-elseif arg[1] == "call" then
- local args = parseInput()
-
- if not args.interface or
- type(args.interface) ~= "string" or
- not args.interface:match("^[a-zA-Z0-9_]+$")
- then
- print(json.stringify({ error = "Invalid interface name" }))
- os.exit(1)
- end
-
- if arg[2] == "getCertificates" then
- print(json.stringify({
- user_certificate = readfile(string.format("/etc/openconnect/user-cert-vpn-%s.pem", args.interface)),
- user_privatekey = readfile(string.format("/etc/openconnect/user-key-vpn-%s.pem", args.interface)),
- ca_certificate = readfile(string.format("/etc/openconnect/ca-vpn-%s.pem", args.interface))
- }))
- elseif arg[2] == "setCertificates" then
- if args.user_certificate then
- writefile(string.format("/etc/openconnect/user-cert-vpn-%s.pem", args.interface), args.user_certificate)
- end
- if args.user_privatekey then
- writefile(string.format("/etc/openconnect/user-key-vpn-%s.pem", args.interface), args.user_privatekey)
- end
- if args.ca_certificate then
- writefile(string.format("/etc/openconnect/ca-vpn-%s.pem", args.interface), args.ca_certificate)
- end
- print(json.stringify({ result = true }))
- end
-end
diff --git a/protocols/luci-proto-openconnect/root/usr/share/rpcd/ucode/luci.openconnect b/protocols/luci-proto-openconnect/root/usr/share/rpcd/ucode/luci.openconnect
new file mode 100644
index 0000000000..8e728e6bd0
--- /dev/null
+++ b/protocols/luci-proto-openconnect/root/usr/share/rpcd/ucode/luci.openconnect
@@ -0,0 +1,115 @@
+#!/usr/bin/env ucode
+
+'use strict';
+
+import { readfile, writefile, stat } from 'fs';
+
+const interfaceregex = /^[a-zA-Z0-9_]+$/;
+const user_certificate_string = "/etc/openconnect/user-cert-vpn-%s.pem";
+const user_privatekey_string = "/etc/openconnect/user-key-vpn-%s.pem";
+const ca_certificate_string = "/etc/openconnect/ca-vpn-%s.pem";
+
+
+// Utility to read a file
+function _readfile(path) {
+ let _stat = stat(path);
+ if (_stat && _stat.type == "file") {
+ let content = readfile(path);
+ return content ? trim(content) : 'File empty';
+ }
+ return 'File not found';
+}
+
+// Utility to write a file
+function _writefile(path, data) {
+ if (!data) {
+ return false;
+ }
+ return writefile(path, data) == length(data);
+}
+
+const methods = {
+
+ list:{
+ call: function() {
+ return {
+ getCertificates: {
+ interface: "interface"
+ },
+ setCertificates: {
+ interface: "interface",
+ user_certificate: "user_certificate",
+ user_privatekey: "user_privatekey",
+ ca_certificate: "ca_certificate"
+ }
+ };
+ }
+ },
+
+ getCertificates: {
+ args: {
+ interface: "interface",
+ },
+ call: function(req) {
+
+ const _interface = req.args?.interface;
+ if (!_interface || !match(_interface, interfaceregex)) {
+ // printf("Invalid interface name");
+ return;
+ }
+
+ const user_certificate_pem = _readfile(sprintf(user_certificate_string, _interface));
+ const user_privatekey_pem = _readfile(sprintf(user_privatekey_string, _interface));
+ const ca_certificate_pem = _readfile(sprintf(ca_certificate_string, _interface));
+
+ if(user_certificate_pem && user_privatekey_pem && ca_certificate_pem){
+ return {
+ user_certificate: user_certificate_pem,
+ user_privatekey: user_privatekey_pem,
+ ca_certificate: ca_certificate_pem,
+ };
+ }
+
+ }
+ },
+
+ setCertificates: {
+ args: {
+ interface: "interface",
+ user_certificate: "user_certificate",
+ user_privatekey: "user_privatekey",
+ ca_certificate: "ca_certificate",
+ },
+ call: function(req) {
+
+ let result = false;
+ let _interface = req.args?.interface;
+
+ if (!_interface || !match(_interface, interfaceregex)) {
+ // printf("Invalid interface name");
+ return;
+ }
+
+ /* the interface is set up to call 1 write per certificate,
+ with only one of the following arguments not null */
+ if (req.args?.user_certificate) {
+ result = _writefile(sprintf(user_certificate_string, _interface), req.args?.user_certificate);
+ }
+ if (req.args?.user_privatekey) {
+ result = _writefile(sprintf(user_privatekey_string, _interface), req.args?.user_privatekey);
+ }
+ if (req.args?.ca_certificate) {
+ result = _writefile(sprintf(ca_certificate_string, _interface), req.args?.ca_certificate);
+ }
+
+ return {
+ result: result,
+ };
+
+ }
+ }
+
+};
+
+return { 'luci.openconnect': methods };
+