From dea2436c88356bc5b4e7fe07afec9b62945d20d5 Mon Sep 17 00:00:00 2001
From: Pierre-Olivier Mercier <nemunaire@nemunai.re>
Date: Thu, 4 Feb 2021 09:37:24 +0100
Subject: [PATCH] maatma: Can specify a dedicated IPv6 for NS association

---
 token-validator/domain.go                 | 61 +++++++++++++++++++----
 token-validator/htdocs/js/adlin-main.js   | 29 +++++++++--
 token-validator/htdocs/views/domains.html | 46 ++++++++++++++++-
 3 files changed, 120 insertions(+), 16 deletions(-)

diff --git a/token-validator/domain.go b/token-validator/domain.go
index a71922b..46f3994 100644
--- a/token-validator/domain.go
+++ b/token-validator/domain.go
@@ -26,7 +26,22 @@ func init() {
 		return student.GetAssociatedDomains(), nil
 	}))
 	router.POST("/api/adomains/", apiAuthHandler(func(student adlin.Student, ps httprouter.Params, body []byte) (interface{}, error) {
-		return true, AddAssociatedDomains(student)
+		ue := &struct {
+			Domain string `json:"domain"`
+			A      string `json:"a"`
+			AAAA   string `json:"aaaa"`
+		}{}
+
+		if err := json.Unmarshal(body, &ue); err != nil {
+			return nil, err
+		}
+
+		var aaaa net.IP
+		if ue != nil && len(ue.AAAA) > 0 {
+			aaaa = net.ParseIP(ue.AAAA)
+		}
+
+		return true, AddAssociatedDomains(student, aaaa)
 	}))
 	router.GET("/api/adomains/:dn", apiAuthHandler(func(student adlin.Student, ps httprouter.Params, body []byte) (interface{}, error) {
 		return GetAssociatedDomain(student, ps.ByName("dn"))
@@ -186,20 +201,30 @@ func GetAssociatedDomain(student adlin.Student, dn string) (rrs []Entry, err err
 	return
 }
 
-func AddAssociatedDomains(student adlin.Student) (err error) {
+func delAssociatedDomains(student adlin.Student, dn string) (err error) {
+	var adomains []Entry
+	adomains, err = GetAssociatedDomain(student, dn)
+	if err != nil {
+		return
+	}
+
 	m1 := new(dns.Msg)
 	m1.Id = dns.Id()
 	m1.Opcode = dns.OpcodeUpdate
 	m1.Question = make([]dns.Question, 1)
 	m1.Question[0] = dns.Question{adlin.AssociatedDomainSuffix, dns.TypeSOA, dns.ClassINET}
 
-	rrAd := new(dns.A)
-	rrAd.Hdr = dns.RR_Header{Name: student.MyAssociatedDomain(), Rrtype: dns.TypeA, Class: dns.ClassINET, Ttl: 0}
-	m1.Remove([]dns.RR{rrAd})
+	var rrs []dns.RR
+	for _, domain := range adomains {
+		rr, errr := dns.NewRR(fmt.Sprintf("%s %s %s", domain.Domain, domain.RR, strings.Join(domain.Values, " ")))
+		if errr != nil {
+			return errr
+		}
 
-	rrAAAAd := new(dns.AAAA)
-	rrAAAAd.Hdr = dns.RR_Header{Name: student.MyAssociatedDomain(), Rrtype: dns.TypeAAAA, Class: dns.ClassINET, Ttl: 0}
-	m1.Remove([]dns.RR{rrAAAAd})
+		rrs = append(rrs, rr)
+	}
+
+	m1.Remove(rrs)
 
 	c := new(dns.Client)
 	c.TsigSecret = tsigSecret
@@ -210,6 +235,21 @@ func AddAssociatedDomains(student adlin.Student) (err error) {
 		return
 	}
 
+	return
+}
+
+func AddAssociatedDomains(student adlin.Student, aaaa net.IP) (err error) {
+	err = delAssociatedDomains(student, student.MyAssociatedDomain())
+	if err != nil {
+		return
+	}
+
+	if aaaa == nil {
+		aaaa = net.ParseIP(adlin.StudentIP(student.Id).String() + "1")
+	} else if !strings.HasPrefix(aaaa.String(), adlin.StudentIP(student.Id).String()) {
+		return errors.New("The associated IP has to be in your IP range.")
+	}
+
 	m2 := new(dns.Msg)
 	m2.Id = dns.Id()
 	m2.Opcode = dns.OpcodeUpdate
@@ -223,11 +263,10 @@ func AddAssociatedDomains(student adlin.Student) (err error) {
 
 	rrAAAA := new(dns.AAAA)
 	rrAAAA.Hdr = dns.RR_Header{Name: student.MyAssociatedDomain(), Rrtype: dns.TypeAAAA, Class: dns.ClassINET, Ttl: 3600}
-	rrAAAA.AAAA = adlin.StudentIP(student.Id)
-	rrAAAA.AAAA[15] = 1
+	rrAAAA.AAAA = aaaa
 	m2.Insert([]dns.RR{rrAAAA})
 
-	c = new(dns.Client)
+	c := new(dns.Client)
 	c.TsigSecret = tsigSecret
 	m2.SetTsig("rndc-key.", dns.HmacSHA256, 300, time.Now().Unix())
 
diff --git a/token-validator/htdocs/js/adlin-main.js b/token-validator/htdocs/js/adlin-main.js
index 1c296cb..7ead988 100644
--- a/token-validator/htdocs/js/adlin-main.js
+++ b/token-validator/htdocs/js/adlin-main.js
@@ -282,13 +282,36 @@ angular.module("AdLinApp")
 		});
 	    });
 	};
-	$scope.updateDelegatedD();
+        $scope.updateDelegatedD();
 
-	$scope.newAssociationD = function() {
+        $scope.askAssociationD = function() {
+            if ($scope.adomains.length == 0) {
+                return $scope.newAssociationD({})
+            }
+
+            var aaaa = ""
+            if ($scope.adomains.length >= 1) {
+              $scope.adomains.forEach(function (adomain) {
+                if (adomain.values.join("").slice(0, 5) == "2a01:")
+                  aaaa = adomain.values.join("")
+              })
+            }
+
+	    $scope.assoc = {
+		"domain": $scope.adomains[0].domain,
+		"a": "82.64.31.248",
+		"aaaa": aaaa,
+	    }
+	    $('#AssocModal').modal('show');
+	}
+
+	$scope.newAssociationD = function(assoc) {
+	    $('#AssocModal').modal('hide');
 	    $scope.pleaseWaitNewAssociation = true;
 	    $http({
 		method: 'POST',
-		url: "api/adomains/",
+	        url: "api/adomains/",
+                data: assoc,
 	    }).then(function(response) {
 		$scope.updateAssociationD();
 		$scope.pleaseWaitNewAssociation = false;
diff --git a/token-validator/htdocs/views/domains.html b/token-validator/htdocs/views/domains.html
index 1566c94..cd2161a 100644
--- a/token-validator/htdocs/views/domains.html
+++ b/token-validator/htdocs/views/domains.html
@@ -24,9 +24,9 @@
   <tfoot>
     <tr>
       <td colspan="4">
-	<button class="btn btn-primary" ng-click="newAssociationD()">
+	<button class="btn btn-primary" ng-click="askAssociationD()">
 	  <span class="spinner-border spinner-border-sm" role="status" aria-hidden="true" ng-show="pleaseWaitNewAssociation"></span>
-	  Demander un nouveau nom de domaine
+	  Demander une nouvelle association
 	</button>
       </td>
     </tr>
@@ -182,6 +182,48 @@
 </div>
 
 
+<div class="modal" id="AssocModal" tabindex="-1" role="dialog">
+  <div class="modal-dialog" role="document">
+    <div class="modal-content">
+      <div class="modal-header">
+	<h5 class="modal-title">Nouvelle association</h5>
+	<button type="button" class="close" data-dismiss="modal" aria-label="Close">
+	  <span aria-hidden="true">&times;</span>
+	</button>
+      </div>
+      <div class="modal-body">
+        <p>
+          Attention : la nouvelle association écrasera toute association précédente&nbsp;!
+        </p>
+	<form class="ml-2 mr-2">
+	  <div class="form-group row">
+	    <label class="col-sm-2 col-form-label">Domaine</label>
+	    <div class="col-sm-10">
+	      <input class="form-control-plaintext" ng-model="assoc.domain" readonly>
+	    </div>
+	  </div>
+	  <div class="form-group row">
+	    <label class="col-sm-2 col-form-label">IPv4</label>
+	    <div class="col-sm-10">
+	      <input class="form-control-plaintext" ng-model="assoc.a" readonly>
+	    </div>
+	  </div>
+	  <div class="form-group row">
+	    <label for="value" class="col-sm-2 col-form-label">IPv6</label>
+	    <div class="col-sm-10">
+	      <input class="form-control" id="value" ng-model="assoc.aaaa">
+	    </div>
+	  </div>
+	</form>
+      </div>
+      <div class="modal-footer">
+	<button type="button" class="btn btn-secondary" data-dismiss="modal">Annuler</button>
+	<button type="button" class="btn btn-primary" ng-click="newAssociationD(assoc)">Envoyer</button>
+      </div>
+    </div>
+  </div>
+</div>
+
 <div class="modal" id="NSModal" tabindex="-1" role="dialog">
   <div class="modal-dialog" role="document">
     <div class="modal-content">