mirror of
https://github.com/Telecominfraproject/wlan-cloud-owprov.git
synced 2025-10-31 18:48:09 +00:00
Signed-off-by: stephb9959 <stephane.bourque@gmail.com>
This commit is contained in:
stephb9959
@@ -3,15 +3,9 @@
|
||||
//
|
||||
|
||||
#include "RESTAPI_radius_endpoint_handler.h"
|
||||
#include <storage/storage_orion_accounts.h>
|
||||
|
||||
namespace OpenWifi {
|
||||
static inline bool ValidEndpointTypes(const std::string &T) {
|
||||
return T=="radius" || T=="radsec" || T=="globalreach" || T=="orion";
|
||||
}
|
||||
|
||||
static inline bool ValidPoolStrategy(const std::string &T) {
|
||||
return T=="none" || T=="random" || T=="weighted";
|
||||
}
|
||||
|
||||
void RESTAPI_radius_endpoint_handler::DoGet() {
|
||||
auto id = GetBinding("id");
|
||||
@@ -40,6 +34,17 @@ namespace OpenWifi {
|
||||
return NotFound();
|
||||
}
|
||||
|
||||
static bool ValidPort(std::uint32_t P) {
|
||||
return P>0 && P<65535;
|
||||
}
|
||||
|
||||
static bool ValidRadiusServer(const ProvObjects::RADIUSServer &S) {
|
||||
if(S.Hostname.empty() || !ValidPort(S.Port) || !Utils::ValidIP(S.IP) || S.Secret.empty()) {
|
||||
return false;
|
||||
}
|
||||
return true;
|
||||
}
|
||||
|
||||
void RESTAPI_radius_endpoint_handler::DoPost() {
|
||||
auto id = GetBinding("id");
|
||||
if(id.empty()) {
|
||||
@@ -52,19 +57,98 @@ namespace OpenWifi {
|
||||
return BadRequest(RESTAPI::Errors::InvalidJSONDocument);
|
||||
}
|
||||
|
||||
if(!ValidEndpointTypes(NewRecord.Type)) {
|
||||
if(RadiusEndpointDB::EndpointType(NewRecord.Type)!=RadiusEndpointDB::EndpointType::unknown) {
|
||||
return BadRequest(RESTAPI::Errors::InvalidRadiusTypeEndpoint);
|
||||
}
|
||||
if(!ValidPoolStrategy(NewRecord.PoolStrategy)) {
|
||||
if(RadiusEndpointDB::PoolStrategy(NewRecord.PoolStrategy)!=RadiusEndpointDB::PoolStrategy::unknown) {
|
||||
return BadRequest(RESTAPI::Errors::InvalidRadiusEndpointPoolStrategy);
|
||||
}
|
||||
if(!NewRecord.RadiusServers.empty() && !NewRecord.RadsecServers.empty()) {
|
||||
return BadRequest(RESTAPI::Errors::EndpointMustHaveOneTypeOfServers);
|
||||
}
|
||||
if(NewRecord.Index.empty()) {
|
||||
|
||||
auto EndPointType = RadiusEndpointDB::EndpointType(NewRecord.Type);
|
||||
switch(EndPointType) {
|
||||
case RadiusEndpointDB::EndpointType::radsec:
|
||||
case RadiusEndpointDB::EndpointType::orion:
|
||||
case RadiusEndpointDB::EndpointType::globalreach:
|
||||
{
|
||||
if(NewRecord.RadsecServers.empty()) {
|
||||
return BadRequest(RESTAPI::Errors::EndpointMustHaveOneTypeOfServers);
|
||||
}
|
||||
} break;
|
||||
case RadiusEndpointDB::EndpointType::radius: {
|
||||
if(NewRecord.RadiusServers.empty()) {
|
||||
return BadRequest(RESTAPI::Errors::EndpointMustHaveOneTypeOfServers);
|
||||
}
|
||||
} break;
|
||||
default:
|
||||
return BadRequest(RESTAPI::Errors::EndpointMustHaveOneTypeOfServers);
|
||||
}
|
||||
|
||||
if(NewRecord.Index.empty() || !RadiusEndpointDB::ValidIndex(NewRecord.Index)) {
|
||||
return BadRequest(RESTAPI::Errors::RadiusEndpointIndexInvalid);
|
||||
}
|
||||
|
||||
// Make sure that nobody is using that index
|
||||
auto where = fmt::format(" index='{}' ", NewRecord.Index);
|
||||
if(DB_.Count(where)!=0) {
|
||||
return BadRequest(RESTAPI::Errors::RadiusEndpointIndexInvalid);
|
||||
}
|
||||
|
||||
if(EndPointType==RadiusEndpointDB::EndpointType::radius) {
|
||||
for(const auto &Server:NewRecord.RadiusServers) {
|
||||
if(!ValidRadiusServer(Server.Authentication) ||
|
||||
!ValidRadiusServer(Server.Accounting) ||
|
||||
!ValidRadiusServer(Server.CoA)) {
|
||||
return BadRequest(RESTAPI::Errors::InvalidRadiusServer);
|
||||
}
|
||||
}
|
||||
} else {
|
||||
switch(EndPointType) {
|
||||
case RadiusEndpointDB::EndpointType::orion: {
|
||||
for(const auto &Server:NewRecord.RadsecServers) {
|
||||
if(!StorageService()->OrionAccountsDB().Exists("id",Server.UseOpenRoamingAccount)) {
|
||||
return BadRequest(RESTAPI::Errors::OrionAccountMustExist);
|
||||
}
|
||||
}
|
||||
} break;
|
||||
case RadiusEndpointDB::EndpointType::globalreach: {
|
||||
for(const auto &Server:NewRecord.RadsecServers) {
|
||||
if(!StorageService()->GLBLRCertsDB().Exists("id",Server.UseOpenRoamingAccount)) {
|
||||
return BadRequest(RESTAPI::Errors::GlobalReachCertMustExist);
|
||||
}
|
||||
}
|
||||
} break;
|
||||
case RadiusEndpointDB::EndpointType::radsec: {
|
||||
for(const auto &Server:NewRecord.RadsecServers) {
|
||||
if(Server.Certificate.empty() || !Utils::ValidX509Certificate(Server.Certificate)) {
|
||||
return BadRequest(RESTAPI::Errors::InvalidRadsecMainCertificate);
|
||||
}
|
||||
if(Server.CaCerts.empty() || !Utils::ValidX509Certificate(Server.CaCerts)) {
|
||||
return BadRequest(RESTAPI::Errors::InvalidRadsecCaCertificate);
|
||||
}
|
||||
if(Server.PrivateKey.empty() || !Utils::VerifyPrivateKey(Server.PrivateKey)) {
|
||||
return BadRequest(RESTAPI::Errors::InvalidRadsecPrivteKey);
|
||||
}
|
||||
if(!Utils::ValidIP(Server.IP)) {
|
||||
return BadRequest(RESTAPI::Errors::InvalidRadsecIPAddress);
|
||||
}
|
||||
if(!(Server.Port>0 && Server.Port<65535)) {
|
||||
return BadRequest(RESTAPI::Errors::InvalidRadsecPort);
|
||||
}
|
||||
if(Server.Secret.empty()) {
|
||||
return BadRequest(RESTAPI::Errors::InvalidRadsecSecret);
|
||||
}
|
||||
}
|
||||
|
||||
} break;
|
||||
default: {
|
||||
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
ProvObjects::CreateObjectInfo(RawObject,UserInfo_.userinfo,NewRecord.info);
|
||||
if(DB_.CreateRecord(NewRecord)) {
|
||||
RecordType AddedRecord;
|
||||
|
||||
Reference in New Issue
Block a user