From 1ffabe8093688ca38554cff4d26e32018a8f5517 Mon Sep 17 00:00:00 2001 From: "Harry (hjbdev)" Date: Mon, 7 Apr 2025 13:31:10 +0100 Subject: [PATCH] invokable provision script controllers --- app/Http/Controllers/ProvisionCallback.php | 52 +++++++++++++++++ app/Http/Controllers/ProvisionScript.php | 30 ++++++++++ routes/web.php | 67 ++-------------------- 3 files changed, 87 insertions(+), 62 deletions(-) create mode 100644 app/Http/Controllers/ProvisionCallback.php create mode 100644 app/Http/Controllers/ProvisionScript.php diff --git a/app/Http/Controllers/ProvisionCallback.php b/app/Http/Controllers/ProvisionCallback.php new file mode 100644 index 0000000..975ba39 --- /dev/null +++ b/app/Http/Controllers/ProvisionCallback.php @@ -0,0 +1,52 @@ +validate([ + 'server_id' => ['required', 'integer', 'exists:servers,id'], + 'internal_public_key' => ['required', 'string'], + ]); + + $server = Server::find($validated['server_id']); + + // Check against ipv4 and ipv6 + $isValidIp = false; + if ($server->ipv4 && Ip::inNetwork($request->ip(), $server->ipv4)) { + $isValidIp = true; + } + if ($server->ipv6 && Ip::inNetwork($request->ip(), $server->ipv6)) { + $isValidIp = true; + } + + if (! $isValidIp) { + logger('someone tried to callback from an invalid IP'); + logger(' server ip: ' . $server->ipv4); + logger(' server ipv6: ' . $server->ipv6); + logger(' callback ip: ' . $request->ip()); + logger(' server id: ' . $server->id); + + return response('Unauthorized', 401); + } + + $server->update([ + 'status' => ServerStatus::ACTIVE, + 'internal_public_key' => $validated['internal_public_key'], + ]); + + $server->organisation->servers()->each(function ($s) { + app(SyncWireguardRules::class)->onQueue()->execute($s); + }); + + return response('OK', 200); + } +} diff --git a/app/Http/Controllers/ProvisionScript.php b/app/Http/Controllers/ProvisionScript.php new file mode 100644 index 0000000..bcf6127 --- /dev/null +++ b/app/Http/Controllers/ProvisionScript.php @@ -0,0 +1,30 @@ +validate([ + 'sudo_password' => ['required', 'string'], + 'hostname' => ['required', 'string'], + 'server_id' => ['required', 'integer', 'exists:servers,id'], + ]); + + $script = file_get_contents(base_path('provision.sh')); + + $keystonePublicKey = file_get_contents(storage_path('app/private/ssh/id_ed25519.pub')); + + $script = str_replace('[!hostname!]', $validated['hostname'], $script); + $script = str_replace('[!sudo_password!]', $validated['sudo_password'], $script); + $script = str_replace('[!server_id!]', $validated['server_id'], $script); + $script = str_replace('[!keystonepublickey!]', $keystonePublicKey, $script); + $script = str_replace('[!callback!]', route('provision.callback'), $script); + + return response($script) + ->header('Content-Type', 'text/plain'); + } +} diff --git a/routes/web.php b/routes/web.php index 199c523..8055d73 100644 --- a/routes/web.php +++ b/routes/web.php @@ -5,6 +5,8 @@ use App\Enums\ServerStatus; use App\Http\Controllers\ApplicationController; use App\Http\Controllers\EnvironmentController; use App\Http\Controllers\OrganisationController; +use App\Http\Controllers\ProvisionCallback; +use App\Http\Controllers\ProvisionScript; use App\Http\Controllers\ServerController; use App\Http\Controllers\ServiceController; use App\Models\Server; @@ -13,9 +15,7 @@ use Illuminate\Http\Request; use Illuminate\Support\Facades\Route; use Inertia\Inertia; -Route::get('/', function () { - return Inertia::render('Welcome'); -})->name('home'); +Route::inertia('/', 'Welcome')->name('home'); Route::middleware(['auth', 'verified'])->group(function () { Route::inertia('dashboard', 'Dashboard')->name('dashboard'); @@ -49,65 +49,8 @@ Route::middleware(['auth', 'verified'])->group(function () { }); }); -Route::get('/provision-script', function (Request $request) { - $validated = $request->validate([ - 'sudo_password' => ['required', 'string'], - 'hostname' => ['required', 'string'], - 'server_id' => ['required', 'integer', 'exists:servers,id'], - ]); - - $script = file_get_contents(base_path('provision.sh')); - - $keystonePublicKey = file_get_contents(storage_path('app/private/ssh/id_ed25519.pub')); - - $script = str_replace('[!hostname!]', $validated['hostname'], $script); - $script = str_replace('[!sudo_password!]', $validated['sudo_password'], $script); - $script = str_replace('[!server_id!]', $validated['server_id'], $script); - $script = str_replace('[!keystonepublickey!]', $keystonePublicKey, $script); - $script = str_replace('[!callback!]', route('provision.callback'), $script); - - return response($script) - ->header('Content-Type', 'text/plain'); -})->name('provision-script'); - -Route::post('/provision-callback', function (Request $request) { - $validated = $request->validate([ - 'server_id' => ['required', 'integer', 'exists:servers,id'], - 'internal_public_key' => ['required', 'string'], - ]); - - $server = Server::find($validated['server_id']); - - // Check against ipv4 and ipv6 - $isValidIp = false; - if ($server->ipv4 && Ip::inNetwork($request->ip(), $server->ipv4)) { - $isValidIp = true; - } - if ($server->ipv6 && Ip::inNetwork($request->ip(), $server->ipv6)) { - $isValidIp = true; - } - - if (! $isValidIp) { - logger('someone tried to callback from an invalid IP'); - logger(' server ip: '.$server->ipv4); - logger(' server ipv6: '.$server->ipv6); - logger(' callback ip: '.$request->ip()); - logger(' server id: '.$server->id); - - return response('Unauthorized', 401); - } - - $server->update([ - 'status' => ServerStatus::ACTIVE, - 'internal_public_key' => $validated['internal_public_key'], - ]); - - $server->organisation->servers()->each(function ($s) { - app(SyncWireguardRules::class)->onQueue()->execute($s); - }); - - return response('OK', 200); -})->name('provision.callback'); +Route::get('/provision-script', ProvisionScript::class)->name('provision-script'); +Route::post('/provision-callback', ProvisionCallback::class)->name('provision.callback'); require __DIR__.'/settings.php'; require __DIR__.'/auth.php';