~fkooman/vpn-user-portal

231efb1762b2439141daad220e7f3c58f73a2276 — François Kooman a month ago bbb34bd
always enable APIv3
2 files changed, 87 insertions(+), 92 deletions(-)

M src/VpnApiModule.php
M web/well-known.php
M src/VpnApiModule.php => src/VpnApiModule.php +82 -84
@@ 55,110 55,108 @@ class VpnApiModule implements ServiceModuleInterface
    public function init(Service $service)
    {
        // API 3
        if ($this->config->requireBool('enableApiThree', false)) {
            $service->get(
                '/v3/info',
                /**
                 * @return \LC\Common\Http\Response
                 */
                function (Request $request, array $hookData) {
                    /** @var \LC\Portal\OAuth\VpnAccessTokenInfo */
                    $accessTokenInfo = $hookData['auth'];
        $service->get(
            '/v3/info',
            /**
             * @return \LC\Common\Http\Response
             */
            function (Request $request, array $hookData) {
                /** @var \LC\Portal\OAuth\VpnAccessTokenInfo */
                $accessTokenInfo = $hookData['auth'];

                    $profileList = $this->serverClient->getRequireArray('profile_list');
                    $userPermissions = $this->getPermissionList($accessTokenInfo);
                $profileList = $this->serverClient->getRequireArray('profile_list');
                $userPermissions = $this->getPermissionList($accessTokenInfo);

                $responseData = [
                    'info' => [
                        'profile_list' => [],
                    ],
                ];

                $userProfileList = [];
                foreach ($profileList as $profileId => $profileData) {
                    $profileConfig = new ProfileConfig(new Config($profileData));
                    if ($profileConfig->hideProfile()) {
                        continue;
                    }
                    if ($profileConfig->enableAcl()) {
                        // is the user member of the aclPermissionList?
                        if (!VpnPortalModule::isMember($profileConfig->aclPermissionList(), $userPermissions)) {
                            continue;
                        }
                    }

                    $responseData = [
                        'info' => [
                            'profile_list' => [],
                        ],
                    $responseData['info']['profile_list'][] = [
                        'profile_id' => $profileId,
                        'default_gateway' => $profileConfig->defaultGateway(),
                        'display_name' => $profileConfig->displayName(),
                        'vpn_proto' => 'openvpn',
                    ];
                }

                return new JsonResponse($responseData, 200);
            }
        );

                    $userProfileList = [];
        $service->post(
            '/v3/connect',
            /**
             * @return \LC\Common\Http\Response
             */
            function (Request $request, array $hookData) {
                /** @var \LC\Portal\OAuth\VpnAccessTokenInfo */
                $accessTokenInfo = $hookData['auth'];
                try {
                    $requestedProfileId = InputValidation::profileId($request->requirePostParameter('profile_id'));
                    $remoteStrategy = ClientConfig::STRATEGY_RANDOM;
                    $profileList = $this->serverClient->getRequireArray('profile_list');
                    $userPermissions = $this->getPermissionList($accessTokenInfo);
                    $availableProfiles = [];
                    foreach ($profileList as $profileId => $profileData) {
                        $profileConfig = new ProfileConfig(new Config($profileData));
                        if ($profileConfig->hideProfile()) {
                            continue;
                        }
                        if ($profileConfig->enableAcl()) {
                            // is the user member of the aclPermissionList?
                            // is the user member of the userPermissions?
                            if (!VpnPortalModule::isMember($profileConfig->aclPermissionList(), $userPermissions)) {
                                continue;
                            }
                        }

                        $responseData['info']['profile_list'][] = [
                            'profile_id' => $profileId,
                            'default_gateway' => $profileConfig->defaultGateway(),
                            'display_name' => $profileConfig->displayName(),
                            'vpn_proto' => 'openvpn',
                        ];
                        $availableProfiles[] = $profileId;
                    }

                    return new JsonResponse($responseData, 200);
                }
            );

            $service->post(
                '/v3/connect',
                /**
                 * @return \LC\Common\Http\Response
                 */
                function (Request $request, array $hookData) {
                    /** @var \LC\Portal\OAuth\VpnAccessTokenInfo */
                    $accessTokenInfo = $hookData['auth'];
                    try {
                        $requestedProfileId = InputValidation::profileId($request->requirePostParameter('profile_id'));
                        $remoteStrategy = ClientConfig::STRATEGY_RANDOM;
                        $profileList = $this->serverClient->getRequireArray('profile_list');
                        $userPermissions = $this->getPermissionList($accessTokenInfo);
                        $availableProfiles = [];
                        foreach ($profileList as $profileId => $profileData) {
                            $profileConfig = new ProfileConfig(new Config($profileData));
                            if ($profileConfig->hideProfile()) {
                                continue;
                            }
                            if ($profileConfig->enableAcl()) {
                                // is the user member of the userPermissions?
                                if (!VpnPortalModule::isMember($profileConfig->aclPermissionList(), $userPermissions)) {
                                    continue;
                                }
                            }

                            $availableProfiles[] = $profileId;
                        }
                    if (!\in_array($requestedProfileId, $availableProfiles, true)) {
                        return new JsonResponse(['error' => 'profile not available'], 400);
                    }

                        if (!\in_array($requestedProfileId, $availableProfiles, true)) {
                            return new JsonResponse(['error' => 'profile not available'], 400);
                        }
                    $tcpOnly = 'on' === InputValidation::tcpOnly($request->optionalPostParameter('tcp_only'));
                    $vpnConfig = $this->getConfigOnly($requestedProfileId, $remoteStrategy, $tcpOnly);
                    $clientCertificate = $this->getCertificate($accessTokenInfo);
                    $vpnConfig .= "\n<cert>\n".$clientCertificate['certificate']."\n</cert>\n<key>\n".$clientCertificate['private_key']."\n</key>";
                    $response = new Response(200, 'application/x-openvpn-profile');
                    $response->addHeader('Expires', $this->getExpiresAt($accessTokenInfo)->format('D, d M Y H:i:s \G\M\T'));
                    $response->setBody($vpnConfig);

                        $tcpOnly = 'on' === InputValidation::tcpOnly($request->optionalPostParameter('tcp_only'));
                        $vpnConfig = $this->getConfigOnly($requestedProfileId, $remoteStrategy, $tcpOnly);
                        $clientCertificate = $this->getCertificate($accessTokenInfo);
                        $vpnConfig .= "\n<cert>\n".$clientCertificate['certificate']."\n</cert>\n<key>\n".$clientCertificate['private_key']."\n</key>";
                        $response = new Response(200, 'application/x-openvpn-profile');
                        $response->addHeader('Expires', $this->getExpiresAt($accessTokenInfo)->format('D, d M Y H:i:s \G\M\T'));
                        $response->setBody($vpnConfig);

                        return $response;
                    } catch (InputValidationException $e) {
                        return new JsonResponse(['error' => $e->getMessage()], 400);
                    } catch (ClientConfigException $e) {
                        return new JsonResponse(['error' => $e->getMessage()], 406);
                    }
                }
            );

            $service->post(
                '/v3/disconnect',
                /**
                 * @return \LC\Common\Http\Response
                 */
                function (Request $request, array $hookData) {
                    return new Response(204);
                    return $response;
                } catch (InputValidationException $e) {
                    return new JsonResponse(['error' => $e->getMessage()], 400);
                } catch (ClientConfigException $e) {
                    return new JsonResponse(['error' => $e->getMessage()], 406);
                }
            );
        }
            }
        );

        $service->post(
            '/v3/disconnect',
            /**
             * @return \LC\Common\Http\Response
             */
            function (Request $request, array $hookData) {
                return new Response(204);
            }
        );

        // API 1, 2
        $service->get(

M web/well-known.php => web/well-known.php +5 -8
@@ 32,18 32,15 @@ try {
                'authorization_endpoint' => $appRootUri.'/_oauth/authorize',
                'token_endpoint' => $appRootUri.'/oauth.php/token',
            ],
            'http://eduvpn.org/api#3' => [
                'api_endpoint' => $appRootUri.'/api.php/v3',
                'authorization_endpoint' => $appRootUri.'/_oauth/authorize',
                'token_endpoint' => $appRootUri.'/oauth.php/token',
            ],
        ],
        'v' => trim(FileIO::readFile(sprintf('%s/VERSION', $baseDir))),
    ];

    if ($config->requireBool('enableApiThree', false)) {
        $jsonData['api']['http://eduvpn.org/api#3'] = [
            'api_endpoint' => $appRootUri.'/api.php/v3',
            'authorization_endpoint' => $appRootUri.'/_oauth/authorize',
            'token_endpoint' => $appRootUri.'/oauth.php/token',
        ];
    }

    $response = new JsonResponse($jsonData);
    $response->addHeader('Cache-Control', 'no-store');
    $response->send();