headscale
/
hsman
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Version 1.0

This commit is contained in:
Andrea Mistrali 2024-07-04 13:50:32 +02:00
parent ca72edd087
commit 454eae48a0
8 changed files with 214 additions and 82 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
hsapi/hsapi/preauthkeys.py
View File

@ -16,7 +16,7 @@ class v1PreAuthKeyResponse(BaseModel):
class v1ExpirePreAuthKeyRequest(BaseModel):
user: str = Field(alias="user", default=None)
key: int = Field(alias="key", default=None)
key: str = Field(alias="key", default=None)
class v1CreatePreAuthKeyRequest(BaseModel):

5
hsapi/hsapi/schemas.py
View File

@ -45,7 +45,10 @@ class v1PreAuthKey(BaseModel):
def expired(self) -> bool:
tzinfo = timezone(timedelta(hours=0)) # UTC
now = datetime.now(tzinfo)
return self.expiration < now # type: ignore
exptime = self.expiration < now
expused = not self.reusable and self.used
expephemereal = self.ephemeral and self.used
return exptime or expused or expephemereal
class v1User(BaseModel):

6
hsman/app/__init__.py
View File

@ -13,11 +13,11 @@ import os
mobility = Mobility()
client_metadata = ClientMetadata(
client_id='client-id',
client_secret='client-secret')
client_id=os.getenv('HSMAN_OIDC_CLIENT_ID'),
client_secret=os.getenv('HSMAN_OIDC_CLIENT_SECRET'))
provider_config = ProviderConfiguration(issuer='oidc-issuer-url',
provider_config = ProviderConfiguration(issuer=os.getenv('HSMAN_OIDC_URL'),
client_metadata=client_metadata,
auth_request_params={
'scope': ['openid',

4
hsman/app/static/main.css
View File

@ -99,3 +99,7 @@ a.route.False {
div.dt-container div.dt-scroll-body {
border-bottom: none !important;
}
tr.pka-hide {
visibility: collapse;
}

42
hsman/app/static/main.js
View File

@ -1,6 +1,6 @@
function renameNode(nodeId) {
var newName = $("#newName").val();
var url = "/node/" + nodeId + "/rename/" + newName;
var url = `/node/${nodeId}/rename/${newName}`;
$.ajax({
url: url,
xhrFields: {
@ -13,9 +13,38 @@ function renameNode(nodeId) {
});
}
function createPKA(username) {
console.log(username);
var url = `/user/${username}/pakcreate`;
console.log(url);
var ephemereal = $("#ephemereal").is(":checked");
var reusable = $("#reusable").is(":checked");
var expiration = $("#expiration").val();
console.log(expiration);
$.ajax({
url: url,
method: "POST",
dataType: "json",
contentType: "application/json; charset=utf-8",
xhrFields: {
withCredentials: true,
},
data: JSON.stringify({
ephemeral: ephemereal,
reusable: reusable,
expiration: expiration,
}),
success: function (data) {
$("#createPKA").modal("hide");
location.reload();
},
});
}
function copyToClipboard(obj) {
var span = $(obj);
var value = span.attr("data-original-title");
var value = span.attr("value");
var original = span.html();
try {
navigator.clipboard.writeText(value);
@ -28,3 +57,12 @@ function copyToClipboard(obj) {
console.error(error);
}
}
function toggleExpired(obj) {
var toggle = $(obj);
if (toggle.is(":checked")) {
$(".pka-expired").removeClass("pka-hide");
} else {
$(".pka-expired").addClass("pka-hide");
}
}

49
hsman/app/templates/node.html
View File

@ -1,5 +1,4 @@
{% extends "base.html" %}
{% block content %}
<h3>
<span id="givenName">
@ -51,21 +50,21 @@
</div>
</div>
<p></p>
<div class="row">
<div class="col col-3 float-left">
<!-- ADDRESSES -->
<h5>addresses</h5>
</div>
</div>
{% for ip in node.ipAddresses %}
<div class="row data">
<div class="col col-3 float-left">
<div class="col col-3">
{{ ip }}
</div>
</div>
{% endfor %}
<p></p>
<!-- TAGS -->
<h5>tags</h5>
<div class="row">
<div class="row data">
<div class="col col-3 float-left">
<strong>
announced
@ -74,7 +73,7 @@
<div class="col col-6 float-left">
{% if node.validTags %}
{% for tag in node.validTags %}
<span class="badge badge-pill badge-success">
<span class="badge badge-pill badge-info">
{{ tag }}
</span>
{% endfor %}
@ -83,7 +82,7 @@
{% endif %}
</div>
</div>
<div class="row">
<div class="row data">
<div class="col col-3 float-left">
<strong>forced</strong>
</div>
@ -100,12 +99,12 @@
</div>
</div>
<!-- KEYS -->
<p></p>
<h5>keys</h5>
<div class="row">
<div class="col col-4 float-left">
<div class="row data">
<div class="col col-3 float-left">
<strong>machineKey</strong>
</div>
<div class="col col-8 float-left">
@ -113,8 +112,8 @@
</div>
</div>
<div class="row">
<div class="col col-4 float-left">
<div class="row data">
<div class="col col-3 float-left">
<strong>nodeKey</strong>
</div>
<div class="col col-8 float-left">
@ -122,43 +121,43 @@
</div>
</div>
<div class="row">
<div class="col col-4 float-left">
<div class="row data">
<div class="col col-3 float-left">
<strong>discoKey</strong>
</div>
<div class="col col-8 float-left">
<code>{{ node.discoKey }}</code>
</div>
</div>
<p></p>
<!-- ROUTES -->
<h5>routes
{% if isExitNode %}
<span class="small badge-pill badge-success">Exit Node</span>
<span class="small badge-pill badge-primary">Exit Node</span>
{% endif %}
</h5>
{% if routes %}
<div class="row">
<div class="col col-4 float-left">
<div class="col col-3 float-left">
<strong>prefix</strong>
</div>
<div class="col col-4 float-left">
<div class="col col-3 float-left">
<strong>enabled</strong>
</div>
<div class="col col-4 float-left">
<div class="col col-3 float-left">
<strong>primary</strong>
</div>
</div>
{% for route in routes | sort(attribute='prefix') %}
<div class="row data">
<div class="col col-4 float-left">
<div class="col col-3 float-left">
{{ route.prefix }}
</div>
<div class="col col-4 float-left">
<div class="col col-3 float-left">
{{ route.enabled | fancyBool | safe }}
</div>
<div class="col col-4 float-left">
<div class="col col-3 float-left">
{{ route.isPrimary | fancyBool | safe }}
</div>
</div>
@ -169,6 +168,7 @@
<h3>No routes announced</h3>
</div>
</div>
{% endif %}
<!-- rename modal -->
<!-- Modal -->
@ -191,5 +191,4 @@
</div>
</div>
</div>
{% endif %}
{% endblock %}

79
hsman/app/templates/user.html
View File

@ -14,12 +14,15 @@
<strong>registered</strong>
</div>
<div class="col col-8">
<span data-toggle="tooltip" data-placement="right" title="{{ user.createdAt | fmt_datetime }}">
<span data-toggle="tooltip"
data-placement="right"
title="{{ user.createdAt | fmt_datetime }}">
{{ user.createdAt | htime_dt }}
</span>
</div>
</div>
<p></p>
<!-- NODES -->
<h5>nodes</h5>
<table id="nodes" class="display" style="width:80%">
<thead>
@ -38,7 +41,9 @@
</a>
</td>
<td>
<span data-toggle="tooltip" data-placement="right" title="{{ node.lastSeen | fmt_datetime }}">
<span data-toggle="tooltip"
data-placement="right"
title="{{ node.lastSeen | fmt_datetime }}">
{{node.lastSeen | htime_dt }}
</span>
</td>
@ -50,26 +55,40 @@
</tbody>
</table>
<p></p>
<h5>pre auth keys</h5>
<!-- PRE AUTH KEYS -->
<h5>
pre auth keys
&nbsp;
<button class="btn btn-outline-primary btn-sm" data-toggle="modal" data-target="#createPKA">create</button>
</h5>
{% if preauthKeys %}
<table id="paks" class="display" style="width:80%">
<thead>
<tr>
<th>&nbsp;</th>
<th>
<div class="form-check form-check-inline">
<label class="form-check-label small" for="showExpired">
show expired&nbsp;
</label>
<input type="checkbox" class="form-check-input form-control-sm" id="showExpired">
</div>
</th>
<th>created</th>
<th>expiration</th>
<th>attributes</th>
<!-- <th>valid</th> -->
<!-- <th>&nbsp;</th> -->
</tr>
</thead>
<tbody>
{% for key in preauthKeys %}
<tr>
<tr class="pka{% if key.expired %} pka-expired pka-hide{% endif %}">
<td>
<span data-toggle="tooltip"
data-placement="right"
title="click to copy"
class="pak_copy">{{ key.key }}</span>
value="{{ key.key}}"
title="click to copy full value"
class="pak_copy">{{ key.key[:5] }}&hellip;{{ key.key[-5:] }}</span>
</td>
<td>
<span data-toggle="tooltip"
@ -97,7 +116,11 @@
{% endif %}
</td>
<!-- <td>
{{(not key.expired) | fancyBool | safe}}
<span data-toggle="tooltip" data-placement="right" title="expire">
<a class="nodeco" href="/user/{{user.name}}/expire/{{key.key}}">
<i class="fas fa-trash"></i>
</a>
</span>
</td> -->
</tr>
{% endfor %}
@ -111,7 +134,38 @@
</div>
{% endif %}
<!-- new key modal -->
<div class="modal fade" id="createPKA" tabindex="-1" role="dialog" aria-labelledby="cretePKA" aria-hidden="true">
<div class="modal-dialog" role="document">
<div class="modal-content">
<div class="modal-header">
<h5 class="modal-title" id="renameModalLabel">create new pre auth key</h5>
<button type="button" class="close" data-dismiss="modal" aria-label="Close">
<span aria-hidden="true">&times;</span>
</button>
</div>
<div class="modal-body">
<div class="form-check form-check-inline">
<input class="form-check-input" type="datetime-local" name="expiration" id="expiration" value="{{ defaultExpiry}}">
<label class="form-check-label" for="ephemereal">expiration</label>
</div>
<p></p>
<div class="form-check form-check-inline">
<input class="form-check-input" type="checkbox" name="reusable" id="reusable">
<label class="form-check-label" for="reusable">reusable</label>
</div>
<div class="form-check form-check-inline">
<input class="form-check-input" type="checkbox" name="ephemereal" id="ephemereal">
<label class="form-check-label" for="ephemereal">ephemereal</label>
</div>
</div>
<div class="modal-footer">
<button type="button" class="btn btn-secondary" data-dismiss="modal">Close</button>
<button type="button" class="btn btn-primary" onClick="createPKA(user='{{user.name}}')">Save changes</button>
</div>
</div>
</div>
</div>
{% endblock %}
{% block scripts %}
@ -121,6 +175,9 @@
$('.pak_copy').on('click', function() {
copyToClipboard(this)
})
$('#showExpired').on('change', function() {
toggleExpired(this)
})
new DataTable('#nodes', {
scrollY: 130,
@ -138,7 +195,7 @@
keys: false,
});
new DataTable('#paks', {
scrollY: 130,
scrollY: 230,
scrollCollapse: true,
paging: false,
// lengthMenu: [5, 10, 30, 50, { label: 'All', value: -1 }],

45
hsman/app/views.py
View File

@ -1,15 +1,19 @@
from flask import render_template, Blueprint
import logging
from .lib import remote_ip
import datetime
from flask import render_template, Blueprint, request
from flask import redirect, session, url_for
from app import auth
from flask import jsonify
from flask_pyoidc.user_session import UserSession
from hsapi import Node, User, Route, PreAuthKey, v1ListPreAuthKeyRequest
from hsapi import Node, User, Route, PreAuthKey
from hsapi.preauthkeys import (v1ListPreAuthKeyRequest,
v1CreatePreAuthKeyRequest,
v1ExpirePreAuthKeyRequest)
from .lib import remote_ip
import logging
log = logging.getLogger()
main_blueprint = Blueprint('main', __name__)
@ -90,14 +94,17 @@ def users():
def user(userName):
user = User().get(userName)
userNodeList = [n for n in Node().list().nodes if n.user.name == userName]
preauthkeyreq = v1ListPreAuthKeyRequest(user=userName)
preauthkeyreq = v1ListPreAuthKeyRequest(user=userName)
preauthKeys = PreAuthKey().list(preauthkeyreq)
validpak = [k for k in preauthKeys.preAuthKeys if not k.expired]
defaultExpiry = datetime.datetime.now() + datetime.timedelta(days=7)
expStr = defaultExpiry.strftime('%Y-%m-%dT%H:%M')
return render_template("user.html",
user=user.user,
preauthKeys=validpak,
defaultExpiry=expStr,
preauthKeys=preauthKeys.preAuthKeys,
userNodeList=userNodeList)
@ -171,3 +178,27 @@ def deleteUser(userName: str):
Node().delete(node.id)
User().delete(userName)
return redirect(url_for("main.users"))
@ main_blueprint.route('/user/<userName>/pakcreate', methods=['POST'])
@ auth.authorize_admins('default')
def createPKA(userName: str):
data = request.json
log.debug(data)
expiration = f"{data['expiration']}:00Z"
req = v1CreatePreAuthKeyRequest(user=userName,
reusable=data['reusable'],
ephemeral=data['ephemeral'],
expiration=expiration)
pak = PreAuthKey().create((req))
return jsonify(dict(key=pak.preAuthKey.key))
@ main_blueprint.route('/user/<userName>/expire/<key>', methods=['GET'])
@ auth.authorize_admins('default')
def expirePKA(userName: str, key: str):
log.debug(key)
req = v1ExpirePreAuthKeyRequest(user=userName, key=key)
PreAuthKey().expire(req)
return redirect(url_for('main.user', userName=userName))