invokable provision script controllers
This commit is contained in:
52
app/Http/Controllers/ProvisionCallback.php
Normal file
52
app/Http/Controllers/ProvisionCallback.php
Normal file
@@ -0,0 +1,52 @@
|
|||||||
|
<?php
|
||||||
|
|
||||||
|
namespace App\Http\Controllers;
|
||||||
|
|
||||||
|
use App\Actions\Servers\SyncWireguardRules;
|
||||||
|
use App\Enums\ServerStatus;
|
||||||
|
use App\Models\Server;
|
||||||
|
use App\Support\Ip;
|
||||||
|
use Illuminate\Http\Request;
|
||||||
|
|
||||||
|
class ProvisionCallback extends Controller
|
||||||
|
{
|
||||||
|
public function __invoke(Request $request)
|
||||||
|
{
|
||||||
|
$validated = $request->validate([
|
||||||
|
'server_id' => ['required', 'integer', 'exists:servers,id'],
|
||||||
|
'internal_public_key' => ['required', 'string'],
|
||||||
|
]);
|
||||||
|
|
||||||
|
$server = Server::find($validated['server_id']);
|
||||||
|
|
||||||
|
// Check against ipv4 and ipv6
|
||||||
|
$isValidIp = false;
|
||||||
|
if ($server->ipv4 && Ip::inNetwork($request->ip(), $server->ipv4)) {
|
||||||
|
$isValidIp = true;
|
||||||
|
}
|
||||||
|
if ($server->ipv6 && Ip::inNetwork($request->ip(), $server->ipv6)) {
|
||||||
|
$isValidIp = true;
|
||||||
|
}
|
||||||
|
|
||||||
|
if (! $isValidIp) {
|
||||||
|
logger('someone tried to callback from an invalid IP');
|
||||||
|
logger(' server ip: ' . $server->ipv4);
|
||||||
|
logger(' server ipv6: ' . $server->ipv6);
|
||||||
|
logger(' callback ip: ' . $request->ip());
|
||||||
|
logger(' server id: ' . $server->id);
|
||||||
|
|
||||||
|
return response('Unauthorized', 401);
|
||||||
|
}
|
||||||
|
|
||||||
|
$server->update([
|
||||||
|
'status' => ServerStatus::ACTIVE,
|
||||||
|
'internal_public_key' => $validated['internal_public_key'],
|
||||||
|
]);
|
||||||
|
|
||||||
|
$server->organisation->servers()->each(function ($s) {
|
||||||
|
app(SyncWireguardRules::class)->onQueue()->execute($s);
|
||||||
|
});
|
||||||
|
|
||||||
|
return response('OK', 200);
|
||||||
|
}
|
||||||
|
}
|
||||||
30
app/Http/Controllers/ProvisionScript.php
Normal file
30
app/Http/Controllers/ProvisionScript.php
Normal file
@@ -0,0 +1,30 @@
|
|||||||
|
<?php
|
||||||
|
|
||||||
|
namespace App\Http\Controllers;
|
||||||
|
|
||||||
|
use Illuminate\Http\Request;
|
||||||
|
|
||||||
|
class ProvisionScript extends Controller
|
||||||
|
{
|
||||||
|
public function __invoke(Request $request)
|
||||||
|
{
|
||||||
|
$validated = $request->validate([
|
||||||
|
'sudo_password' => ['required', 'string'],
|
||||||
|
'hostname' => ['required', 'string'],
|
||||||
|
'server_id' => ['required', 'integer', 'exists:servers,id'],
|
||||||
|
]);
|
||||||
|
|
||||||
|
$script = file_get_contents(base_path('provision.sh'));
|
||||||
|
|
||||||
|
$keystonePublicKey = file_get_contents(storage_path('app/private/ssh/id_ed25519.pub'));
|
||||||
|
|
||||||
|
$script = str_replace('[!hostname!]', $validated['hostname'], $script);
|
||||||
|
$script = str_replace('[!sudo_password!]', $validated['sudo_password'], $script);
|
||||||
|
$script = str_replace('[!server_id!]', $validated['server_id'], $script);
|
||||||
|
$script = str_replace('[!keystonepublickey!]', $keystonePublicKey, $script);
|
||||||
|
$script = str_replace('[!callback!]', route('provision.callback'), $script);
|
||||||
|
|
||||||
|
return response($script)
|
||||||
|
->header('Content-Type', 'text/plain');
|
||||||
|
}
|
||||||
|
}
|
||||||
@@ -5,6 +5,8 @@ use App\Enums\ServerStatus;
|
|||||||
use App\Http\Controllers\ApplicationController;
|
use App\Http\Controllers\ApplicationController;
|
||||||
use App\Http\Controllers\EnvironmentController;
|
use App\Http\Controllers\EnvironmentController;
|
||||||
use App\Http\Controllers\OrganisationController;
|
use App\Http\Controllers\OrganisationController;
|
||||||
|
use App\Http\Controllers\ProvisionCallback;
|
||||||
|
use App\Http\Controllers\ProvisionScript;
|
||||||
use App\Http\Controllers\ServerController;
|
use App\Http\Controllers\ServerController;
|
||||||
use App\Http\Controllers\ServiceController;
|
use App\Http\Controllers\ServiceController;
|
||||||
use App\Models\Server;
|
use App\Models\Server;
|
||||||
@@ -13,9 +15,7 @@ use Illuminate\Http\Request;
|
|||||||
use Illuminate\Support\Facades\Route;
|
use Illuminate\Support\Facades\Route;
|
||||||
use Inertia\Inertia;
|
use Inertia\Inertia;
|
||||||
|
|
||||||
Route::get('/', function () {
|
Route::inertia('/', 'Welcome')->name('home');
|
||||||
return Inertia::render('Welcome');
|
|
||||||
})->name('home');
|
|
||||||
|
|
||||||
Route::middleware(['auth', 'verified'])->group(function () {
|
Route::middleware(['auth', 'verified'])->group(function () {
|
||||||
Route::inertia('dashboard', 'Dashboard')->name('dashboard');
|
Route::inertia('dashboard', 'Dashboard')->name('dashboard');
|
||||||
@@ -49,65 +49,8 @@ Route::middleware(['auth', 'verified'])->group(function () {
|
|||||||
});
|
});
|
||||||
});
|
});
|
||||||
|
|
||||||
Route::get('/provision-script', function (Request $request) {
|
Route::get('/provision-script', ProvisionScript::class)->name('provision-script');
|
||||||
$validated = $request->validate([
|
Route::post('/provision-callback', ProvisionCallback::class)->name('provision.callback');
|
||||||
'sudo_password' => ['required', 'string'],
|
|
||||||
'hostname' => ['required', 'string'],
|
|
||||||
'server_id' => ['required', 'integer', 'exists:servers,id'],
|
|
||||||
]);
|
|
||||||
|
|
||||||
$script = file_get_contents(base_path('provision.sh'));
|
|
||||||
|
|
||||||
$keystonePublicKey = file_get_contents(storage_path('app/private/ssh/id_ed25519.pub'));
|
|
||||||
|
|
||||||
$script = str_replace('[!hostname!]', $validated['hostname'], $script);
|
|
||||||
$script = str_replace('[!sudo_password!]', $validated['sudo_password'], $script);
|
|
||||||
$script = str_replace('[!server_id!]', $validated['server_id'], $script);
|
|
||||||
$script = str_replace('[!keystonepublickey!]', $keystonePublicKey, $script);
|
|
||||||
$script = str_replace('[!callback!]', route('provision.callback'), $script);
|
|
||||||
|
|
||||||
return response($script)
|
|
||||||
->header('Content-Type', 'text/plain');
|
|
||||||
})->name('provision-script');
|
|
||||||
|
|
||||||
Route::post('/provision-callback', function (Request $request) {
|
|
||||||
$validated = $request->validate([
|
|
||||||
'server_id' => ['required', 'integer', 'exists:servers,id'],
|
|
||||||
'internal_public_key' => ['required', 'string'],
|
|
||||||
]);
|
|
||||||
|
|
||||||
$server = Server::find($validated['server_id']);
|
|
||||||
|
|
||||||
// Check against ipv4 and ipv6
|
|
||||||
$isValidIp = false;
|
|
||||||
if ($server->ipv4 && Ip::inNetwork($request->ip(), $server->ipv4)) {
|
|
||||||
$isValidIp = true;
|
|
||||||
}
|
|
||||||
if ($server->ipv6 && Ip::inNetwork($request->ip(), $server->ipv6)) {
|
|
||||||
$isValidIp = true;
|
|
||||||
}
|
|
||||||
|
|
||||||
if (! $isValidIp) {
|
|
||||||
logger('someone tried to callback from an invalid IP');
|
|
||||||
logger(' server ip: '.$server->ipv4);
|
|
||||||
logger(' server ipv6: '.$server->ipv6);
|
|
||||||
logger(' callback ip: '.$request->ip());
|
|
||||||
logger(' server id: '.$server->id);
|
|
||||||
|
|
||||||
return response('Unauthorized', 401);
|
|
||||||
}
|
|
||||||
|
|
||||||
$server->update([
|
|
||||||
'status' => ServerStatus::ACTIVE,
|
|
||||||
'internal_public_key' => $validated['internal_public_key'],
|
|
||||||
]);
|
|
||||||
|
|
||||||
$server->organisation->servers()->each(function ($s) {
|
|
||||||
app(SyncWireguardRules::class)->onQueue()->execute($s);
|
|
||||||
});
|
|
||||||
|
|
||||||
return response('OK', 200);
|
|
||||||
})->name('provision.callback');
|
|
||||||
|
|
||||||
require __DIR__.'/settings.php';
|
require __DIR__.'/settings.php';
|
||||||
require __DIR__.'/auth.php';
|
require __DIR__.'/auth.php';
|
||||||
|
|||||||
Reference in New Issue
Block a user