~fkooman/vpn-user-portal

0f8fff0b045c1c4baa89cca861c36c046cae0820 — François Kooman a month ago cc452cb
allow configuring log format
M config/config.php.example => config/config.php.example +7 -0
@@ 190,6 190,13 @@ return [
//        //'remoteAccess' => false,
//    ],

    // how/what to log the connect/disconnect events to syslog
    // EVENT_TYPE = {CONNECT,DISCONNECT}
    // DEFAULT: '{{TYPE}} ({{PROFILE_ID}}) [{{IP_FOUR}},{{IP_SIX}}]'
    //'connectionLogFormat' => '{{EVENT_TYPE}} {{USER_ID}} ({{PROFILE_ID}}) [{{IP_FOUR}},{{IP_SIX}}]',
    // also log the client's originating IP
    //'connectionLogFormat' => '{{EVENT_TYPE}} {{USER_ID}} ({{PROFILE_ID}}) [{{ORIGINATING_IP}} => {{IP_FOUR}},{{IP_SIX}}]',

    // Allow disabling manual configuration downloads from the portal.
    // DEFAULT: true
//    'enableConfigDownload' => true,

M src/Config.php => src/Config.php +5 -0
@@ 76,6 76,11 @@ class Config
        return $this->optionalString('styleName');
    }

    public function connectionLogFormat(): string
    {
        return $this->requireString('connectionLogFormat', '{{EVENT_TYPE}} {{USER_ID}} ({{PROFILE_ID}}) [{{IP_FOUR}},{{IP_SIX}}]');
    }

    public function showPermissions(): bool
    {
        return $this->requireBool('showPermissions', false);

M src/Http/NodeApiModule.php => src/Http/NodeApiModule.php +25 -2
@@ 103,7 103,7 @@ class NodeApiModule implements ServiceModuleInterface
        $userId = $this->verifyConnection($profileId, $commonName);
        $this->storage->clientConnect($userId, $profileId, $ipFour, $ipSix, Dt::get(sprintf('@%d', $connectedAt)));
        $this->logger->info(
            sprintf('CONNECT %s (%s) [%s => %s,%s]', $userId, $profileId, $originatingIp, $ipFour, $ipSix)
            $this->logMessage('CONNECT', $userId, $profileId, $originatingIp, $ipFour, $ipSix)
        );
    }



@@ 126,7 126,7 @@ class NodeApiModule implements ServiceModuleInterface
        $userId = $certInfo['user_id'];
        $this->storage->clientDisconnect($userId, $profileId, $ipFour, $ipSix, Dt::get(sprintf('@%d', $disconnectedAt)));
        $this->logger->info(
            sprintf('DISCONNECT %s (%s) [%s => %s,%s]', $userId, $profileId, $originatingIp, $ipFour, $ipSix)
            $this->logMessage('DISCONNECT', $userId, $profileId, $originatingIp, $ipFour, $ipSix)
        );
    }



@@ 172,4 172,27 @@ class NodeApiModule implements ServiceModuleInterface

        return false;
    }

    private function logMessage(string $eventType, string $userId, string $profileId, string $originatingIp, string $ipFour, string $ipSix): string
    {
        return str_replace(
            [
                '{{EVENT_TYPE}}',
                '{{USER_ID}}',
                '{{PROFILE_ID}}',
                '{{ORIGINATING_IP}}',
                '{{IP_FOUR}}',
                '{{IP_SIX}}',
            ],
            [
                $eventType,
                $userId,
                $profileId,
                $originatingIp,
                $ipFour,
                $ipSix,
            ],
            $this->config->connectionLogFormat()
        );
    }
}

M src/Http/VpnApiThreeModule.php => src/Http/VpnApiThreeModule.php +3 -0
@@ 109,6 109,8 @@ class VpnApiThreeModule implements ApiServiceModuleInterface

                $profileConfig = $this->config->profileConfig($requestedProfileId);

                // XXX delete all OpenVPN and WireGuard active configs with this auth_id

                switch ($profileConfig->vpnType()) {
                    case 'openvpn':
                        return $this->getOpenVpnConfigResponse($profileConfig, $accessToken);


@@ 140,6 142,7 @@ class VpnApiThreeModule implements ApiServiceModuleInterface
            function (AccessToken $accessToken, Request $request): Response {
                // XXX duplicate from connect
                // XXX catch InputValidationException
                // XXX why do we need profile_id again?
                $requestedProfileId = InputValidation::profileId($request->requirePostParameter('profile_id'));
                $profileConfigList = $this->config->profileConfigList();
                $userPermissions = $this->storage->getPermissionList($accessToken->userId());

M src/WireGuard/Wg.php => src/WireGuard/Wg.php +1 -1
@@ 98,7 98,7 @@ class Wg
        // XXX add bytesTransferred to some global table

        $ipFour = '0.0.0.0/32';
        $ipSix = '::/32';
        $ipSix = '::/0';
        foreach ($peerInfo['AllowedIPs'] as $ip) {
            if (false !== strpos($ip, ':')) {
                [$ipSix, ] = explode('/', $ip);