Skip to content

Commit 13f08df

Browse files
author
Jamie Curnow
committed
Access Lists
1 parent 3a9fc8e commit 13f08df

File tree

17 files changed

+377
-34
lines changed

17 files changed

+377
-34
lines changed

TODO.md

Lines changed: 18 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,18 @@
1+
# TODO
2+
3+
In order of importance, somewhat..
4+
5+
- Manual certificate writing to disk and usage in nginx configs - MIGRATING.md
6+
- Access Lists UI and Nginx usage
7+
- Make modal dialogs unclosable in overlay
8+
- Dashboard stats are caching instead of querying
9+
- Create a nice way of importing from v1 let's encrypt certs and config data
10+
- UI Log tail
11+
12+
Testing
13+
14+
- Access Levels
15+
- Visibility
16+
- Forwarding
17+
- Cert renewals
18+
- Custom certs

config/README.md

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,2 @@
1+
These files are use in development and are not deployed as part of the final product.
2+

config/my.cnf

Lines changed: 2 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -1,8 +1,7 @@
11
[mysqld]
22
skip-innodb
3-
default-storage-engine=MyISAM
4-
default-tmp-storage-engine=MyISAM
3+
default-storage-engine=Aria
4+
default-tmp-storage-engine=Aria
55
innodb=OFF
66
symbolic-links=0
77
log-output=file
8-

doc/example/docker-compose.yml

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -3,13 +3,14 @@ services:
33
app:
44
image: jc21/nginx-proxy-manager:2
55
restart: always
6-
network_mode: host
76
volumes:
87
- ./config.json:/app/config/production.json
98
- ./data:/data
109
- ./letsencrypt:/etc/letsencrypt
1110
depends_on:
1211
- db
12+
links:
13+
- db
1314
db:
1415
image: mariadb
1516
restart: always

src/backend/internal/access-list.js

Lines changed: 82 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -1,8 +1,10 @@
11
'use strict';
22

3-
const _ = require('lodash');
4-
const error = require('../lib/error');
5-
const accessListModel = require('../models/access_list');
3+
const _ = require('lodash');
4+
const error = require('../lib/error');
5+
const accessListModel = require('../models/access_list');
6+
const accessListAuthModel = require('../models/access_list_auth');
7+
const internalAuditLog = require('./audit-log');
68

79
function omissions () {
810
return ['is_deleted'];
@@ -18,8 +20,51 @@ const internalAccessList = {
1820
create: (access, data) => {
1921
return access.can('access_lists:create', data)
2022
.then(access_data => {
21-
// TODO
22-
return {};
23+
return accessListModel
24+
.query()
25+
.omit(omissions())
26+
.insertAndFetch({
27+
name: data.name,
28+
owner_user_id: access.token.get('attrs').id
29+
});
30+
})
31+
.then(row => {
32+
// Now add the items
33+
let promises = [];
34+
data.items.map(function (item) {
35+
promises.push(accessListAuthModel
36+
.query()
37+
.insert({
38+
access_list_id: row.id,
39+
username: item.username,
40+
password: item.password
41+
})
42+
);
43+
});
44+
45+
return Promise.all(promises);
46+
})
47+
.then(row => {
48+
// re-fetch with cert
49+
return internalAccessList.get(access, {
50+
id: row.id,
51+
expand: ['owner', 'items']
52+
});
53+
})
54+
.then(row => {
55+
// Audit log
56+
data.meta = _.assign({}, data.meta || {}, row.meta);
57+
58+
// Add to audit log
59+
return internalAuditLog.add(access, {
60+
action: 'created',
61+
object_type: 'access-list',
62+
object_id: row.id,
63+
meta: data
64+
})
65+
.then(() => {
66+
return row;
67+
});
2368
});
2469
},
2570

@@ -62,7 +107,7 @@ const internalAccessList = {
62107
.query()
63108
.where('is_deleted', 0)
64109
.andWhere('id', data.id)
65-
.allowEager('[owner]')
110+
.allowEager('[owner,items]')
66111
.first();
67112

68113
if (access_data.permission_visibility !== 'all') {
@@ -82,6 +127,10 @@ const internalAccessList = {
82127
})
83128
.then(row => {
84129
if (row) {
130+
if (typeof row.items !== 'undefined' && row.items) {
131+
row.items = internalAccessList.maskItems(row.items);
132+
}
133+
85134
return _.omit(row, omissions());
86135
} else {
87136
throw new error.ItemNotFoundError(data.id);
@@ -134,7 +183,7 @@ const internalAccessList = {
134183
.where('is_deleted', 0)
135184
.groupBy('id')
136185
.omit(['is_deleted'])
137-
.allowEager('[owner]')
186+
.allowEager('[owner,items]')
138187
.orderBy('name', 'ASC');
139188

140189
if (access_data.permission_visibility !== 'all') {
@@ -153,6 +202,17 @@ const internalAccessList = {
153202
}
154203

155204
return query;
205+
})
206+
.then(rows => {
207+
if (rows) {
208+
rows.map(function (row, idx) {
209+
if (typeof row.items !== 'undefined' && row.items) {
210+
rows[idx].items = internalAccessList.maskItems(row.items);
211+
}
212+
});
213+
}
214+
215+
return rows;
156216
});
157217
},
158218

@@ -177,6 +237,21 @@ const internalAccessList = {
177237
.then(row => {
178238
return parseInt(row.count, 10);
179239
});
240+
},
241+
242+
/**
243+
* @param {Object} list
244+
* @returns {Object}
245+
*/
246+
maskItems: list => {
247+
if (list && typeof list.items !== 'undefined') {
248+
list.items.map(function (val, idx) {
249+
list.items[idx].hint = val.password.charAt(0) + ('*').repeat(val.password.length - 1);
250+
list.items[idx].password = '';
251+
});
252+
}
253+
254+
return list;
180255
}
181256
};
182257

src/backend/internal/certificate.js

Lines changed: 36 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -41,14 +41,49 @@ const internalCertificate = {
4141
return utils.exec(certbot_command + ' renew -q ' + (debug_mode ? '--staging' : ''))
4242
.then(result => {
4343
logger.info(result);
44-
internalCertificate.interval_processing = false;
4544

4645
return internalNginx.reload()
4746
.then(() => {
4847
logger.info('Renew Complete');
4948
return result;
5049
});
5150
})
51+
.then(() => {
52+
// Now go and fetch all the letsencrypt certs from the db and query the files and update expiry times
53+
return certificateModel
54+
.query()
55+
.where('is_deleted', 0)
56+
.andWhere('provider', 'letsencrypt')
57+
.then(certificates => {
58+
if (certificates && certificates.length) {
59+
let promises = [];
60+
61+
certificates.map(function (certificate) {
62+
promises.push(
63+
internalCertificate.getCertificateInfoFromFile('/etc/letsencrypt/live/npm-' + certificate.id + '/fullchain.pem')
64+
.then(cert_info => {
65+
return certificateModel
66+
.query()
67+
.where('id', certificate.id)
68+
.andWhere('provider', 'letsencrypt')
69+
.patch({
70+
expires_on: certificateModel.raw('FROM_UNIXTIME(' + cert_info.dates.to + ')')
71+
});
72+
})
73+
.catch(err => {
74+
// Don't want to stop the train here, just log the error
75+
logger.error(err.message);
76+
})
77+
);
78+
});
79+
80+
return Promise.all(promises);
81+
}
82+
});
83+
})
84+
.then(() => {
85+
internalCertificate.interval_processing = false;
86+
})
5287
.catch(err => {
5388
logger.error(err);
5489
internalCertificate.interval_processing = false;

src/backend/models/access_list.js

Lines changed: 15 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -3,9 +3,10 @@
33

44
'use strict';
55

6-
const db = require('../db');
7-
const Model = require('objection').Model;
8-
const User = require('./user');
6+
const db = require('../db');
7+
const Model = require('objection').Model;
8+
const User = require('./user');
9+
const AccessListAuth = require('./access_list_auth');
910

1011
Model.knex(db);
1112

@@ -44,6 +45,17 @@ class AccessList extends Model {
4445
qb.where('user.is_deleted', 0);
4546
qb.omit(['id', 'created_on', 'modified_on', 'is_deleted', 'email', 'roles']);
4647
}
48+
},
49+
items: {
50+
relation: Model.HasManyRelation,
51+
modelClass: AccessListAuth,
52+
join: {
53+
from: 'access_list.id',
54+
to: 'access_list_auth.access_list_id'
55+
},
56+
modify: function (qb) {
57+
qb.omit(['id', 'created_on', 'modified_on']);
58+
}
4759
}
4860
};
4961
}

src/backend/models/access_list_auth.js

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -34,7 +34,7 @@ class AccessListAuth extends Model {
3434
return {
3535
access_list: {
3636
relation: Model.HasOneRelation,
37-
modelClass: './access_list',
37+
modelClass: require('./access_list'),
3838
join: {
3939
from: 'access_list_auth.access_list_id',
4040
to: 'access_list.id'

src/backend/routes/api/nginx/access_lists.js

Lines changed: 7 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -75,7 +75,7 @@ router
7575
* /api/nginx/access-lists/123
7676
*/
7777
router
78-
.route('/:host_id')
78+
.route('/:list_id')
7979
.options((req, res) => {
8080
res.sendStatus(204);
8181
})
@@ -88,23 +88,23 @@ router
8888
*/
8989
.get((req, res, next) => {
9090
validator({
91-
required: ['host_id'],
91+
required: ['list_id'],
9292
additionalProperties: false,
9393
properties: {
94-
host_id: {
94+
list_id: {
9595
$ref: 'definitions#/definitions/id'
9696
},
9797
expand: {
9898
$ref: 'definitions#/definitions/expand'
9999
}
100100
}
101101
}, {
102-
host_id: req.params.host_id,
102+
list_id: req.params.list_id,
103103
expand: (typeof req.query.expand === 'string' ? req.query.expand.split(',') : null)
104104
})
105105
.then(data => {
106106
return internalAccessList.get(res.locals.access, {
107-
id: parseInt(data.host_id, 10),
107+
id: parseInt(data.list_id, 10),
108108
expand: data.expand
109109
});
110110
})
@@ -123,7 +123,7 @@ router
123123
.put((req, res, next) => {
124124
apiValidator({$ref: 'endpoints/access-lists#/links/2/schema'}, req.body)
125125
.then(payload => {
126-
payload.id = parseInt(req.params.host_id, 10);
126+
payload.id = parseInt(req.params.list_id, 10);
127127
return internalAccessList.update(res.locals.access, payload);
128128
})
129129
.then(result => {
@@ -139,7 +139,7 @@ router
139139
* Update and existing access-list
140140
*/
141141
.delete((req, res, next) => {
142-
internalAccessList.delete(res.locals.access, {id: parseInt(req.params.host_id, 10)})
142+
internalAccessList.delete(res.locals.access, {id: parseInt(req.params.list_id, 10)})
143143
.then(result => {
144144
res.status(200)
145145
.send(result);

0 commit comments

Comments
 (0)