maatma: interface for domain delegation (mostly)

2019-03-14 11:21:45 +01:00 · 2019-03-14 11:21:45 +01:00 · 7ebbf79bda
commit 7ebbf79bda
parent 5f83c5cd2c
5 changed files with 407 additions and 24 deletions
--- a/token-validator/domain.go
+++ b/token-validator/domain.go
@ -1,6 +1,7 @@
 package main

 import (
+	"encoding/json"
 	"errors"
 	"fmt"
 	"log"
@ -12,6 +13,11 @@ import (
 	"github.com/julienschmidt/httprouter"
 )

+const (
+	AssociatedDomainSuffix = "adlin2020.p0m.fr"
+	DelegatedDomainSuffix = "srs.p0m.fr"
+)
+
 func init() {
 	router.GET("/api/adomains/", apiAuthHandler(func (student Student, ps httprouter.Params, body []byte) (interface{}, error) {
 		return student.GetAssociatedDomains(), nil
@ -24,10 +30,56 @@ func init() {
 	}))

 	router.GET("/api/ddomains/", apiAuthHandler(func (student Student, ps httprouter.Params, body []byte) (interface{}, error) {
-		return student.GetDelegatedDomains()
+		return []string{student.MyDelegatedDomain()}, nil
 	}))
-	router.GET("/api/ddomains/:dn", apiAuthHandler(func (student Student, ps httprouter.Params, body []byte) (interface{}, error) {
-		return student.GetDelegatedDomain(ps.ByName("dn"))
+	router.GET("/api/ddomains/:dn/", apiAuthHandler(func (student Student, ps httprouter.Params, body []byte) (interface{}, error) {
+		return student.getRRDelegatedDomain(ps.ByName("dn"), "")
+	}))
+	router.GET("/api/ddomains/:dn/NS", apiAuthHandler(func (student Student, ps httprouter.Params, body []byte) (interface{}, error) {
+		return student.getRRDelegatedDomain(ps.ByName("dn"), "NS")
+	}))
+	router.POST("/api/ddomains/:dn/NS", apiAuthHandler(func (student Student, ps httprouter.Params, body []byte) (interface{}, error) {
+		var ue Entry
+		if err := json.Unmarshal(body, &ue); err != nil {
+			return nil, err
+		}
+		return true, student.UpdateNSDelegatedDomain(ps.ByName("dn"), ue.TTL, ue.Values[0])
+	}))
+	router.DELETE("/api/ddomains/:dn/NS", apiAuthHandler(func (student Student, ps httprouter.Params, body []byte) (interface{}, error) {
+		return true, student.DeleteRRDelegatedDomain(ps.ByName("dn"), "NS")
+	}))
+	router.GET("/api/ddomains/:dn/GLUE", apiAuthHandler(func (student Student, ps httprouter.Params, body []byte) (interface{}, error) {
+		return student.getRRDelegatedDomain(ps.ByName("dn"), "AAAA")
+	}))
+	router.POST("/api/ddomains/:dn/AAAA", apiAuthHandler(func (student Student, ps httprouter.Params, body []byte) (interface{}, error) {
+		var ue Entry
+		if err := json.Unmarshal(body, &ue); err != nil {
+			return nil, err
+		}
+		return true, student.UpdateGLUEDelegatedDomain(ps.ByName("dn"), ue.TTL, ue.Values[0])
+	}))
+	router.POST("/api/ddomains/:dn/GLUE", apiAuthHandler(func (student Student, ps httprouter.Params, body []byte) (interface{}, error) {
+		var ue Entry
+		if err := json.Unmarshal(body, &ue); err != nil {
+			return nil, err
+		}
+		return true, student.UpdateGLUEDelegatedDomain(ps.ByName("dn"), ue.TTL, ue.Values[0])
+	}))
+	router.DELETE("/api/ddomains/:dn/AAAA", apiAuthHandler(func (student Student, ps httprouter.Params, body []byte) (interface{}, error) {
+		return true, student.DeleteRRDelegatedDomain(ps.ByName("dn"), "AAAA")
+	}))
+	router.GET("/api/ddomains/:dn/DS", apiAuthHandler(func (student Student, ps httprouter.Params, body []byte) (interface{}, error) {
+		return student.getRRDelegatedDomain(ps.ByName("dn"), "DS")
+	}))
+	router.POST("/api/ddomains/:dn/DS", apiAuthHandler(func (student Student, ps httprouter.Params, body []byte) (interface{}, error) {
+		var ue Entry
+		if err := json.Unmarshal(body, &ue); err != nil {
+			return nil, err
+		}
+		return true, student.UpdateDSDelegatedDomain(ps.ByName("dn"), ue.TTL, ue.Values)
+	}))
+	router.DELETE("/api/ddomains/:dn/DS", apiAuthHandler(func (student Student, ps httprouter.Params, body []byte) (interface{}, error) {
+		return true, student.DeleteRRDelegatedDomain(ps.ByName("dn"), "DS")
 	}))
 }

@ -69,13 +121,13 @@ func parseKnotZoneRead(args ...string) (rr []Entry, err error) {
 }

 func (student Student) myAssociatedDomain() (string) {
-	return fmt.Sprintf("%s.adlin2020.p0m.fr.", student.Login)
+	return fmt.Sprintf("%s.%s.", student.Login, AssociatedDomainSuffix)
 }

 func (student Student) GetAssociatedDomains() (ds []string) {
 	studentDomain := student.myAssociatedDomain()

-	if _, err := parseKnotZoneRead("adlin2020.p0m.fr", studentDomain); err == nil {
+	if _, err := parseKnotZoneRead(AssociatedDomainSuffix, studentDomain); err == nil {
 		ds = append(ds, studentDomain)
 	}

@ -95,7 +147,7 @@ func (student Student) GetAssociatedDomain(dn string) (rrs []Entry, err error) {
 		err = errors.New(fmt.Sprintf("Unable to find domain %q.", dn))
 	}

-	rrs, err = parseKnotZoneRead("adlin2020.p0m.fr", dn)
+	rrs, err = parseKnotZoneRead(AssociatedDomainSuffix, dn)

 	return
 }
@ -103,16 +155,17 @@ func (student Student) GetAssociatedDomain(dn string) (rrs []Entry, err error) {
 func (student Student) AddAssociatedDomains() (err error) {
 	for _, d := range []string{student.myAssociatedDomain()} {
 		for _, cmd := range [][]string{
-			[]string{"zone-begin", "adlin2020.p0m.fr"},
-			[]string{"zone-set", "adlin2020.p0m.fr", d, "900", "A", "82.64.31.248"},
-			[]string{"zone-set", "adlin2020.p0m.fr", d, "900", "AAAA", studentIP(student.Id) + "1"},
-			[]string{"zone-commit", "adlin2020.p0m.fr"},
+			[]string{"zone-begin", AssociatedDomainSuffix},
+			[]string{"zone-set", AssociatedDomainSuffix, d, "900", "A", "82.64.31.248"},
+			[]string{"zone-set", AssociatedDomainSuffix, d, "900", "AAAA", studentIP(student.Id) + "1"},
+			[]string{"zone-commit", AssociatedDomainSuffix},
 		} {
 			var out []byte
 			out, err = runKnotc(cmd...)
 			if err != nil {
 				err = errors.New(fmt.Sprintf("An error occurs on command '%s': %s", strings.Join(cmd, " "), err.Error()))
 				log.Println(string(out))
+				runKnotc("zone-abort", AssociatedDomainSuffix)
 				return
 			}
 		}
@ -122,14 +175,137 @@ func (student Student) AddAssociatedDomains() (err error) {
 }


-type DelegatedDomain struct {
-
+func (student Student) MyDelegatedDomain() (string) {
+	return fmt.Sprintf("%s.%s.", student.Login, DelegatedDomainSuffix)
 }

-func (student Student) GetDelegatedDomain(dn string) (d DelegatedDomain, err error) {
+func (student Student) getRRDelegatedDomain(dn string, rr string) (rrs []Entry, err error) {
+	domains := []string{student.MyDelegatedDomain()}
+	found := false
+	for _, d := range domains {
+		if d == dn {
+			found = true
+		}
+	}
+
+	if !found {
+		err = errors.New(fmt.Sprintf("Unable to find domain %q.", dn))
+	}
+
+	rrs, err = parseKnotZoneRead(DelegatedDomainSuffix, dn, rr)
+
 	return
 }

-func (student Student) GetDelegatedDomains() (ds []DelegatedDomain, err error) {
+func (student Student) UpdateNSDelegatedDomain(dn string, ttl uint64, ns string) (err error) {
+	for _, d := range []string{student.MyDelegatedDomain()} {
+		for _, cmd := range [][]string{
+			[]string{"zone-begin", DelegatedDomainSuffix},
+			[]string{"zone-unset", DelegatedDomainSuffix, d, "NS"},
+			[]string{"zone-set", DelegatedDomainSuffix, d, fmt.Sprintf("%d", ttl), "NS", ns},
+			[]string{"zone-commit", DelegatedDomainSuffix},
+		} {
+			var out []byte
+			out, err = runKnotc(cmd...)
+			if err != nil && cmd[0] != "zone-unset" {
+				err = errors.New(fmt.Sprintf("An error occurs on command '%s': %s", strings.Join(cmd, " "), err.Error()))
+				log.Println(string(out))
+				runKnotc("zone-abort", DelegatedDomainSuffix)
+				return
+			}
+		}
+	}
+
+	return
+}
+
+
+func (student Student) UpdateGLUEDelegatedDomain(dn string, ttl uint64, aaaa string) (err error) {
+	domains := []string{student.MyDelegatedDomain()}
+	found := false
+	for _, d := range domains {
+		if strings.HasSuffix(dn, d) {
+			found = true
+		}
+	}
+
+	if !found {
+		err = errors.New(fmt.Sprintf("Unable to find domain %q in your whitelist.", dn))
+		return
+	}
+
+	for _, cmd := range [][]string{
+		[]string{"zone-begin", DelegatedDomainSuffix},
+		[]string{"zone-unset", DelegatedDomainSuffix, student.MyDelegatedDomain(), "AAAA"},
+		[]string{"zone-unset", DelegatedDomainSuffix, dn, "AAAA"},
+		[]string{"zone-set", DelegatedDomainSuffix, dn, fmt.Sprintf("%d", ttl), "AAAA", aaaa},
+		[]string{"zone-commit", DelegatedDomainSuffix},
+	} {
+		var out []byte
+		out, err = runKnotc(cmd...)
+		if err != nil && cmd[0] != "zone-unset" {
+			err = errors.New(fmt.Sprintf("An error occurs on command '%s': %s", strings.Join(cmd, " "), err.Error()))
+			log.Println(string(out))
+			runKnotc("zone-abort", DelegatedDomainSuffix)
+			return
+		}
+	}
+
+	return
+}
+
+
+func (student Student) UpdateDSDelegatedDomain(dn string, ttl uint64, ds []string) (err error) {
+	for _, d := range []string{student.MyDelegatedDomain()} {
+		for _, cmd := range [][]string{
+			[]string{"zone-begin", DelegatedDomainSuffix},
+			[]string{"zone-unset", DelegatedDomainSuffix, d, "DS"},
+			[]string{"zone-set", DelegatedDomainSuffix, d, fmt.Sprintf("%d", ttl), "DS", strings.Join(ds, " ")},
+			[]string{"zone-commit", DelegatedDomainSuffix},
+		} {
+			var out []byte
+			out, err = runKnotc(cmd...)
+			if err != nil && cmd[0] != "zone-unset" {
+				err = errors.New(fmt.Sprintf("An error occurs on command '%s': %s", strings.Join(cmd, " "), err.Error()))
+				log.Println(string(out))
+				runKnotc("zone-abort", DelegatedDomainSuffix)
+				return
+			}
+		}
+	}
+
+	return
+}
+
+
+func (student Student) DeleteRRDelegatedDomain(dn string, rr string) (err error) {
+	domains := []string{student.MyDelegatedDomain()}
+	found := false
+	for _, d := range domains {
+		if strings.HasSuffix(dn, d) {
+			found = true
+		}
+	}
+
+	if !found {
+		err = errors.New(fmt.Sprintf("Unable to find domain %q in your whitelist.", dn))
+		return
+	}
+
+	for _, cmd := range [][]string{
+		[]string{"zone-begin", DelegatedDomainSuffix},
+		[]string{"zone-unset", DelegatedDomainSuffix, dn, rr},
+		[]string{"zone-commit", DelegatedDomainSuffix},
+	} {
+		var out []byte
+		out, err = runKnotc(cmd...)
+		if err != nil {
+			err = errors.New(fmt.Sprintf("An error occurs on command '%s': %s", strings.Join(cmd, " "), err.Error()))
+			log.Println(string(out))
+			runKnotc("zone-abort", DelegatedDomainSuffix)
+			return
+		}
+	}
+
 	return
 }
--- a/token-validator/htdocs/js/adlin-main.js
+++ b/token-validator/htdocs/js/adlin-main.js
@ -154,7 +154,7 @@ angular.module("AdLinApp")
 	}
    })

-    .controller("DomainsController", function($scope, $http, $interval) {
+    .controller("DomainsController", function($scope, $http, $interval, $location) {
 	$scope.updateAssociationD = function() {
 	    $http({
 		method: 'GET',
@ -182,9 +182,25 @@ angular.module("AdLinApp")
 		});
 	    });
 	};
-
 	$scope.updateAssociationD();

+	$scope.updateDelegatedD = function() {
+	    $http({
+		method: 'GET',
+		url: "/api/ddomains/",
+		headers: {
+		    'Authorization': "Bearer " + sessionStorage.token
+		},
+	    }).then(function(response) {
+		response.data.forEach(function(domain) {
+		    $scope.ddomains = response.data;
+		}, function(response) {
+		    alert(response.data.errmsg);
+		});
+	    });
+	};
+	$scope.updateDelegatedD();
+
 	$scope.newAssociationD = function() {
 	    $scope.pleaseWaitNewAssociation = true;
 	    $http({
@ -202,4 +218,104 @@ angular.module("AdLinApp")
 	    });
 	}

+	$scope.updateNS = function(domain) {
+	    $scope.nsrr = {
+		"domain": domain,
+		"ttl": 900,
+		"rr": "NS",
+		"value": "",
+	    }
+	    $('#NSModal').modal('show');
+	}
+	$scope.updateGLUE = function(domain) {
+	    $scope.nsrr = {
+		"domain": domain,
+		"ttl": 900,
+		"rr": "AAAA",
+		"value": "",
+	    }
+	    $('#NSModal').modal('show');
+	}
+	$scope.updateDS = function(domain) {
+	    $scope.nsrr = {
+		"domain": domain,
+		"ttl": 900,
+		"rr": "DS",
+		"labels": ["Key Tag", "Flag", "Algorithme", "Clef publique (base64)"],
+		"values": ["", "", "", ""],
+	    }
+	    $('#NSModal').modal('show');
+	}
+
+	$scope.saveNSRR = function(nsrr) {
+	    if (nsrr.values === undefined)
+		nsrr.values = [nsrr.value];
+
+	    $http({
+		method: 'POST',
+		url: "/api/ddomains/" + nsrr.domain + "/" + nsrr.rr,
+		headers: {
+		    'Authorization': "Bearer " + sessionStorage.token
+		},
+		data: nsrr,
+	    }).then(function(response) {
+		$('#NSModal').modal('hide');
+		$location.url("./domains");
+	    }, function(response) {
+		alert(response.data.errmsg);
+	    });
+	}
+
+    	$scope.delNSRR = function(nsrr) {
+	    $http({
+		method: 'DELETE',
+		url: "/api/ddomains/" + nsrr.domain + "/" + nsrr.rr,
+		headers: {
+		    'Authorization': "Bearer " + sessionStorage.token
+		},
+	    }).then(function(response) {
+		$('#NSModal').modal('hide');
+		$location.url("./domains");
+	    }, function(response) {
+		alert(response.data.errmsg);
+	    });
+	}
+    })
+
+    .controller("NSDomainsController", function($scope, $http) {
+	$http({
+	    method: 'GET',
+	    url: "/api/ddomains/" + $scope.domain + "/NS",
+	    headers: {
+		'Authorization': "Bearer " + sessionStorage.token
+	    },
+	}).then(function(response) {
+	    $scope.domainNS = response.data;
+	});
+    })
+
+    .controller("GLUEDomainsController", function($scope, $http) {
+	$http({
+	    method: 'GET',
+	    url: "/api/ddomains/" + $scope.domain + "/GLUE",
+	    headers: {
+		'Authorization': "Bearer " + sessionStorage.token
+	    },
+	}).then(function(response) {
+	    $scope.domainGLUE = response.data;
+	});
+
+    })
+
+    .controller("DSDomainsController", function($scope, $http) {
+	$http({
+	    method: 'GET',
+	    url: "/api/ddomains/" + $scope.domain + "/DS",
+	    headers: {
+		'Authorization': "Bearer " + sessionStorage.token
+	    },
+	}).then(function(response) {
+	    $scope.domainDS = response.data;
+	});
+
    })
--- a/token-validator/htdocs/js/jquery-3.3.1.slim.min.js
+++ b/token-validator/htdocs/js/jquery-3.3.1.slim.min.js
--- a/token-validator/htdocs/maatma.html
+++ b/token-validator/htdocs/maatma.html
@ -35,6 +35,8 @@

    <div class="container mt-1" ng-view></div>

+    <script src="js/jquery-3.3.1.slim.min.js"></script>
+    <script src="js/bootstrap.min.js"></script>
    <script src="js/angular.min.js"></script>
    <script src="js/i18n/angular-locale_fr-fr.js"></script>
    <script src="js/angular-resource.min.js"></script>
--- a/token-validator/htdocs/views/domains.html
+++ b/token-validator/htdocs/views/domains.html
@ -47,20 +47,52 @@
    </tr>
  </thead>
  <tbody style="font-family: monospace">
-    <tr>
-      <td>{{ isLogged.login }}.srs2020.p0m.fr</td>
-      <td>ns.{{ isLogged.login }}.srs2020.p0m.fr</td>
-      <td>2a01:e0a:2b:2252:{{ isLogged.id.toString(16) }}::1</td>
-      <td>
-	<span class="badge badge-pill badge-success" ng-show="false">Activé</span>
-	<span class="badge badge-pill badge-danger">Non configuré</span>
+    <tr ng-repeat="domain in ddomains">
+      <td>{{ domain }}</td>
+      <td ng-controller="NSDomainsController">
+	<span ng-if="!domainNS" class="badge badge-pill badge-danger">Non défini</span>
+	<div ng-repeat="rr in domainNS">
+	  {{ rr.domain }}
+	  {{ rr.ttl }}
+	  {{ rr.rr }}
+	  <span ng-repeat="val in rr.values">{{ val }} </span>
+	</div>
+	<button class="btn btn-primary" ng-click="updateNS(domain)">
+	  Mettre à jour
+	</button>
+      </td>
+      <td ng-controller="GLUEDomainsController">
+	<span ng-if="!domainGLUE" class="badge badge-pill badge-danger">Non défini</span>
+	<div ng-repeat="rr in domainGLUE">
+	  {{ rr.domain }}
+	  {{ rr.ttl }}
+	  {{ rr.rr }}
+	  <span ng-repeat="val in rr.values">{{ val }} </span>
+	</div>
+	<br>
+	<button class="btn btn-primary" ng-click="updateGLUE(domain)">
+	  Mettre à jour
+	</button>
+      </td>
+      <td ng-controller="DSDomainsController">
+	<span class="badge badge-pill badge-danger" ng-show="!domainDS">Non configuré</span>
+	<div ng-repeat="rr in domainDS">
+	  {{ rr.domain }}
+	  {{ rr.ttl }}
+	  {{ rr.rr }}
+	  <span ng-repeat="val in rr.values">{{ val }} </span>
+	</div>
+	<br>
+	<button class="btn btn-primary" ng-click="updateDS(domain)">
+	  Mettre à jour
+	</button>
      </td>
    </tr>
  </tbody>
  <tfoot>
    <tr>
      <td colspan="4">
-	<button class="btn btn-primary" ng-click="newDelegation()">
+	<button class="btn btn-primary" ng-click="newDelegation()" disabled>
 	  <span class="spinner-border spinner-border-sm" role="status" aria-hidden="true" ng-show="pleaseWaitNewDelegation"></span>
 	  Demander un nouveau nom de domaine
 	</button>
@ -68,3 +100,58 @@
    </tr>
  </tfoot>
 </table>
+
+<div class="modal" id="NSModal" tabindex="-1" role="dialog">
+  <div class="modal-dialog" role="document">
+    <div class="modal-content">
+      <div class="modal-header">
+	<h5 class="modal-title" ng-if="nsrr.rr == 'NS'">Modifier la liste des serveurs de noms de la zone</h5>
+	<h5 class="modal-title" ng-if="nsrr.rr == 'AAAA'">Modifier les enregistrements GLUE du domaine</h5>
+	<h5 class="modal-title" ng-if="nsrr.rr == 'DS'">Modifier les clefs DNSSEC de la zone parente</h5>
+	<button type="button" class="close" data-dismiss="modal" aria-label="Close">
+	  <span aria-hidden="true">&times;</span>
+	</button>
+      </div>
+      <div class="modal-body">
+	<form class="ml-2 mr-2">
+	  <div class="form-group row">
+	    <label class="col-sm-2 col-form-label">Domaine</label>
+	    <div class="col-sm-10">
+	      <input class="form-control-plaintext" ng-model="nsrr.domain" ng-if="nsrr.rr == 'NS' || nsrr.rr == 'DS'" readonly>
+	      <input class="form-control" ng-model="nsrr.domain" ng-if="nsrr.rr == 'AAAA'">
+	    </div>
+	  </div>
+	  <div class="form-group row">
+	    <label for="ttl" class="col-sm-2 col-form-label">TTL</label>
+	    <div class="col-sm-10">
+	      <input class="form-control" id="ttl" ng-model="nsrr.ttl">
+	    </div>
+	  </div>
+	  <div class="form-group row">
+	    <label class="col-sm-2 col-form-label">Type</label>
+	    <div class="col-sm-10">
+	      <input class="form-control-plaintext" ng-model="nsrr.rr" readonly>
+	    </div>
+	  </div>
+	  <div class="form-group row" ng-if="nsrr.value !== undefined">
+	    <label for="value" class="col-sm-2 col-form-label">Valeur</label>
+	    <div class="col-sm-10">
+	      <input class="form-control" id="value" ng-model="nsrr.value" autofocus>
+	    </div>
+	  </div>
+	  <div class="form-group row" ng-repeat="v in nsrr.values track by $index">
+	    <label for="value{{$index}}" class="col-sm-2 col-form-label">{{ nsrr.labels[$index] }}</label>
+	    <div class="col-sm-10">
+	      <input class="form-control" id="value{{$index}}" ng-model="nsrr.values[$index]">
+	    </div>
+	  </div>
+	</form>
+      </div>
+      <div class="modal-footer">
+	<button type="button" class="btn btn-secondary" data-dismiss="modal">Annuler</button>
+	<button type="button" class="btn btn-primary" ng-click="saveNSRR(nsrr)">Enregistrer</button>
+	<button type="button" class="btn btn-danger" ng-click="delNSRR(nsrr)">Supprimer</button>
+      </div>
+    </div>
+  </div>
+</div>