~fkooman/vpn-user-portal

ref: 2.3.10 vpn-user-portal/web/api.php -rw-r--r-- 2.7 KiB
e0bd9cc0François Kooman prepare for release 1 year, 17 days ago
                                                                                
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
<?php

/*
 * eduVPN - End-user friendly VPN.
 *
 * Copyright: 2016-2019, The Commons Conservancy eduVPN Programme
 * SPDX-License-Identifier: AGPL-3.0+
 */

require_once dirname(__DIR__).'/vendor/autoload.php';
$baseDir = dirname(__DIR__);

use fkooman\Jwt\Keys\EdDSA\SecretKey;
use LC\Common\Config;
use LC\Common\FileIO;
use LC\Common\Http\JsonResponse;
use LC\Common\Http\Request;
use LC\Common\Http\Service;
use LC\Common\HttpClient\CurlHttpClient;
use LC\Common\HttpClient\ServerClient;
use LC\Common\Logger;
use LC\Portal\BearerAuthenticationHook;
use LC\Portal\ClientFetcher;
use LC\Portal\Expiry;
use LC\Portal\OAuth\BearerValidator;
use LC\Portal\Storage;
use LC\Portal\VpnApiModule;

$logger = new Logger('vpn-user-api');

try {
    $request = new Request($_SERVER, $_GET, $_POST);

    $dataDir = sprintf('%s/data', $baseDir);
    FileIO::createDir($dataDir, 0700);

    $config = Config::fromFile(sprintf('%s/config/config.php', $baseDir));

    $service = new Service();

    $serverClient = new ServerClient(
        new CurlHttpClient($config->requireString('apiUser'), $config->requireString('apiPass')),
        $config->requireString('apiUri')
    );

    $sessionExpiry = new DateInterval($config->requireString('sessionExpiry', 'P90D'));
    if ($config->requireBool('sessionExpireAtNight', false)) {
        $sessionExpiry = Expiry::calculate($sessionExpiry);
    }

    $storage = new Storage(
        new PDO(sprintf('sqlite://%s/db.sqlite', $dataDir)),
        sprintf('%s/schema', $baseDir),
        $sessionExpiry
    );
    $storage->update();

    $clientFetcher = new ClientFetcher($config);

    $keyInstanceMapping = [];
    if ($config->s('Api')->requireBool('remoteAccess', false)) {
        $keyInstanceMappingFile = sprintf('%s/key_instance_mapping.json', $dataDir);
        if (FileIO::exists($keyInstanceMappingFile)) {
            $keyInstanceMapping = FileIO::readJsonFile($keyInstanceMappingFile);
        }
    }

    $secretKey = SecretKey::fromEncodedString(
        FileIO::readFile(
            sprintf('%s/config/oauth.key', $baseDir)
        )
    );

    $bearerValidator = new BearerValidator(
        $storage,
        $clientFetcher,
        $secretKey->getPublicKey(),
        $keyInstanceMapping
    );

    $service->addBeforeHook(
        'auth',
        new BearerAuthenticationHook(
            $bearerValidator
        )
    );

    // api module
    $vpnApiModule = new VpnApiModule(
        $config,
        $serverClient,
        $sessionExpiry
    );
    $service->addModule($vpnApiModule);
    $service->run($request)->send();
} catch (Exception $e) {
    $logger->error($e->getMessage());
    $response = new JsonResponse(['error' => $e->getMessage()], 500);
    $response->send();
}