diff --git a/app/app.pm b/app/app.pm index 85756f0..922ff04 100644 --- a/app/app.pm +++ b/app/app.pm @@ -116,7 +116,8 @@ sub delete_domain { } sub update_domain_raw { - my ($self, $login, $zone, $domain) = @_; + my ($self, $zone, $domain) = @_; + my $ze = app::zone::edit->new(zname => $domain , zdir => $self->zdir , host => $self->sshhost @@ -125,7 +126,7 @@ sub update_domain_raw { } sub update_domain { - my ($self, $login, $zone, $domain) = @_; + my ($self, $zone, $domain) = @_; my $ze = app::zone::edit->new(zname => $domain , zdir => $self->zdir , host => $self->sshhost @@ -134,7 +135,7 @@ sub update_domain { } sub get_domain { - my ($self, $login, $domain) = @_; + my ($self, $domain) = @_; my $ze = app::zone::edit->new(zname => $domain , zdir => $self->zdir , host => $self->sshhost @@ -160,7 +161,7 @@ sub get_all_users { } sub new_tmp { - my ($self, $login, $domain) = @_; + my ($self, $domain) = @_; my $ze = app::zone::edit->new(zname => $domain , zdir => $self->zdir , host => $self->sshhost @@ -169,107 +170,106 @@ sub new_tmp { } sub _mod_entry { - my ($self, $login, $domain, $entryToDelete, $action, $newEntry) = @_; + my ($self, $domain, $entryToDelete, $action, $newEntry) = @_; - my $name = $entryToDelete->{'name'}; - my $type = $entryToDelete->{'type'}; - my $ttl = $entryToDelete->{'ttl'}; - my $host = $entryToDelete->{'host'}; - my $priority = $entryToDelete->{'priority'}; + my $name = $entryToDelete->{'name'}; + my $type = $entryToDelete->{'type'}; + my $ttl = $entryToDelete->{'ttl'}; + my $host = $entryToDelete->{'host'}; + my $priority = $entryToDelete->{'priority'}; - my $new_name = $newEntry->{'newname'}; - my $new_type = $newEntry->{'newtype'}; - my $new_ttl = $newEntry->{'newttl'}; - my $new_host = $newEntry->{'newhost'}; - my $new_priority = $newEntry->{'newpriority'}; + my $new_name = $newEntry->{'newname'}; + my $new_type = $newEntry->{'newtype'}; + my $new_ttl = $newEntry->{'newttl'}; + my $new_host = $newEntry->{'newhost'}; + my $new_priority = $newEntry->{'newpriority'}; - # say "in _mod_entry : $action"; - # say "in _mod_entry : $new_name"; - my $zone = $self->get_domain($login , $domain); - my $dump = $zone->dump; + # say "in _mod_entry : $action"; + # say "in _mod_entry : $new_name"; + my $zone = $self->get_domain($domain); + my $dump = $zone->dump; - my $record; - my $found = 0; + my $record; + my $found = 0; - given( lc $type ) - { - when ('a') - { - $record = $zone->a; - $found = 1; - } - when ('aaaa') - { - $record = $zone->aaaa; - $found = 1; - } - when ('cname') - { - $record = $zone->cname; - $found = 1; - } - when ('ns') - { - $record = $zone->ns; - $found = 1; - } - when ('mx') - { - $record = $zone->mx; - $found = 1; - } - when ('ptr') - { - $record = $zone->ptr; - $found = 1; - } - } + given( lc $type ) + { + when ('a') + { + $record = $zone->a; + $found = 1; + } + when ('aaaa') + { + $record = $zone->aaaa; + $found = 1; + } + when ('cname') + { + $record = $zone->cname; + $found = 1; + } + when ('ns') + { + $record = $zone->ns; + $found = 1; + } + when ('mx') + { + $record = $zone->mx; + $found = 1; + } + when ('ptr') + { + $record = $zone->ptr; + $found = 1; + } + } - if( $found ) - { + if( $found ) + { - foreach my $i ( 0 .. scalar @{$record}-1 ) - { + foreach my $i ( 0 .. scalar @{$record}-1 ) + { - if( $action eq 'del' ) - { - delete $record->[$i] - if( $record->[$i]->{'name'} eq $name && - $record->[$i]->{'host'} eq $host && - $record->[$i]->{'ttl'} == $ttl ); - } - if ( $action eq 'mod' ) - { - if( $record->[$i]->{'name'} eq $name && - $record->[$i]->{'host'} eq $host && - $record->[$i]->{'ttl'} == $ttl ) - { - $record->[$i]->{'name'} = $new_name; - $record->[$i]->{'host'} = $new_host; - $record->[$i]->{'ttl'} = $new_ttl; - if( defined $new_priority ) - { - $record->[$i]->{'priority'} = $new_priority - } - } - } + if( $action eq 'del' ) + { + delete $record->[$i] + if( $record->[$i]->{'name'} eq $name && + $record->[$i]->{'host'} eq $host && + $record->[$i]->{'ttl'} == $ttl ); + } + if ( $action eq 'mod' ) + { + if( $record->[$i]->{'name'} eq $name && + $record->[$i]->{'host'} eq $host && + $record->[$i]->{'ttl'} == $ttl ) + { + $record->[$i]->{'name'} = $new_name; + $record->[$i]->{'host'} = $new_host; + $record->[$i]->{'ttl'} = $new_ttl; + if( defined $new_priority ) + { + $record->[$i]->{'priority'} = $new_priority + } + } + } - } + } - } + } - $self->update_domain( $login, $zone, $domain ); + $self->update_domain( $zone, $domain ); } - sub delete_entry { - my ($self, $login, $domain, $entryToDelete) = @_; - $self->_mod_entry( $login, $domain, $entryToDelete, 'del' ); + my ($self, $domain, $entryToDelete) = @_; + $self->_mod_entry( $domain, $entryToDelete, 'del' ); } sub modify_entry { - my ($self, $login, $domain, $entryToDelete, $newEntry) = @_; - $self->_mod_entry( $login, $domain, $entryToDelete, 'mod', $newEntry ); + my ($self, $domain, $entryToDelete, $newEntry) = @_; + $self->_mod_entry( $domain, $entryToDelete, 'mod', $newEntry ); } 1; diff --git a/www/lib/DNSManager.pm b/www/lib/DNSManager.pm old mode 100644 new mode 100755 index e3cf446..b324f7e --- a/www/lib/DNSManager.pm +++ b/www/lib/DNSManager.pm @@ -9,9 +9,11 @@ use Data::Dump qw( dump ); use Data::Structure::Util qw ( unbless ); use File::Basename; use Config::Simple; +use Crypt::Digest::SHA256 qw( sha256_hex ) ; use Storable qw( freeze thaw ); $Storable::Deparse = true; $Storable::Eval=true; +use encoding 'utf-8'; # TODO check if this works well # Include other libs relative to current path use Find::Lib '../../'; # TODO remove it when it won't be usefull anymore @@ -19,6 +21,13 @@ use app::app; our $VERSION = '0.1'; +# TODO we can check if dn matches our domain name +sub is_domain_name { + my ($dn) = @_; + my $ndd = qr/^([a-zA-Z0-9]+[a-zA-Z0-9-]*[a-zA-Z0-9]*.)*[a-zA-Z0-9]+[a-zA-Z0-9-]*[a-zA-Z0-9]$/; + return $dn =~ $ndd; +} + # eventually change place sub initco { @@ -45,6 +54,7 @@ sub get_errmsg { $err; } +# TODO check if the referer was from our website sub get_route { my $route = '/'; $route = request->referer if (defined request->referer); @@ -81,47 +91,6 @@ get '/' => sub { } }; - -get '/home' => sub { - - unless( session('login') ) - { - redirect '/'; - } - else - { - my $app = initco(); - - my ($success, @domains) = $app->get_domains( session('login') ); - - if( $success ) { - - my (%zone_properties, %domains); - my $cs = session('creationSuccess'); - my $dn = session('domainName'); - - session creationSuccess => ''; - session domainName => ''; - - template home => { - login => session('login') - , admin => session('admin') - , domains => [@domains] - , zones_domains => \%domains - , zone_properties => \%zone_properties - , creationSuccess => $cs - , errmsg => get_errmsg - , domainName => $dn }; - - } - else { - session->destroy; - redirect '/ '; - } - - } -}; - prefix '/domain' => sub { any ['post', 'get'] => '/updateraw/:domain' => sub { @@ -135,25 +104,38 @@ prefix '/domain' => sub { { my $app = initco(); - my ($auth_ok, $user, $isadmin) = $app->auth(param('login'), - param('password') ); + my ($auth_ok, $user, $isadmin) = $app->auth(session('login'), + session('password') ); - my $success = $app->update_domain_raw(session('login') - , param('zoneupdated') - , param('domain')); + if($auth_ok && ($isadmin || grep { $_ eq param('domain') } + @{$user->domains}) ) { - redirect '/domain/details/' . param('domain'); + my $success = $app->update_domain_raw( param('zoneupdated') + , param('domain')); + + unless($success) { + session errmsg => q{Problème de mise à jour du domaine.}; + } + + redirect '/domain/details/' . param('domain'); + } + else { + session errmsg => q{Donnée privée, petit coquin. ;) }; + redirect '/'; + } } }; any ['post', 'get'] => '/update/:domain' => sub { - unless( session('login') && param('domain') ) - { + + unless( session('login') && param('domain') ) + { redirect '/'; } else { + my $type = param('type'); my $name = param('name'); my $value = param('value'); @@ -161,9 +143,18 @@ prefix '/domain' => sub { my $priority = param('priority'); my $app = initco(); - my ($auth_ok, $user, $isadmin) = $app->auth(param('login'), - param('password') ); - my $zone = $app->get_domain( session('login') , param('domain') ); + my ($auth_ok, $user, $isadmin) = $app->auth(session('login'), + session('password') ); + + unless($auth_ok && ($isadmin || grep { $_ eq param('domain') } + @{$user->domains}) ) { + + session errmsg => q{Donnée privée, petit coquin. ;) }; + redirect '/'; + return; + } + + my $zone = $app->get_domain( param('domain') ); given( $type ) { @@ -226,12 +217,11 @@ prefix '/domain' => sub { } $zone->new_serial(); - $app->update_domain( session('login') - , $zone - , param('domain')); + dump($zone); - redirect '/domain/details/'.param('domain'); + $app->update_domain( $zone , param('domain')); + redirect '/domain/details/' . param('domain'); } }; @@ -245,33 +235,45 @@ prefix '/domain' => sub { else { my $app = initco(); - # my ($auth_ok, $user, $isadmin) = $app->auth(param('login'), - # param('password') ); - my $zone = $app->get_domain(session('login') , param('domain')); + my ($auth_ok, $user, $isadmin) = $app->auth(session('login'), + session('password') ); - if( param( 'expert' ) ) - { - template details => { - login => session('login') - , domain => param('domain') - , domain_zone => $zone->output() - , expert => true }; - } - else - { - # say dump( $zone->cname()); - template details => { - login => session('login') - , domain => param('domain') - , domain_zone => $zone->output() - , a => $zone->a() - , aaaa => $zone->aaaa() - , cname => $zone->cname() - , ptr => $zone->ptr() - , mx => $zone->mx() - , ns => $zone->ns() }; - } + unless ( $auth_ok && ( $isadmin + || grep { $_ =~ param('domain') } @{$user->domains})) { + + session errmsg => q{Auth non OK.}; + redirect '/ '; + return; + + } + + my $zone = $app->get_domain(param('domain')); + + if( param( 'expert' ) ) + { + template details => { + login => session('login') + , admin => session('admin') + , domain => param('domain') + , domain_zone => $zone->output() + , expert => true }; + } + else + { + # say dump( $zone->cname()); + template details => { + login => session('login') + , admin => session('admin') + , domain => param('domain') + , domain_zone => $zone->output() + , a => $zone->a() + , aaaa => $zone->aaaa() + , cname => $zone->cname() + , ptr => $zone->ptr() + , mx => $zone->mx() + , ns => $zone->ns() }; + } } @@ -313,7 +315,7 @@ prefix '/domain' => sub { session creationSuccess => $creationSuccess; session domainName => param('domain'); - redirect '/home'; + redirect '/user/home'; } @@ -321,329 +323,388 @@ prefix '/domain' => sub { get '/del/:domain' => sub { + my $app = initco(); + my ($auth_ok, $user, $isadmin) = $app->auth(session('login'), + session('password') ); + + unless ( $auth_ok && ( $isadmin + || grep { $_ =~ param('domain') } @{$user->domains})) { + + session errmsg => q{Auth non OK.}; + redirect '/ '; + return; + } + unless( defined param('domain') ) { session errmsg => q; redirect get_route; + return; + } + + if( ! is_domain_name(param('domain'))) { + session errmsg => q; + redirect get_route; + return; + } + + my $success = $app->delete_domain(session('login'), param('domain')); + + unless($success) { + session errmsg => q{Impossible de supprimer le domaine.}; + } + + if( request->referer =~ "/domain/details" ) { + redirect '/user/home'; } else { - my $app = initco(); - - # TODO tests des droits - if( session('login') ) { - - if($app->delete_domain(session('login'), param('domain'))) { - - if( request->referer =~ "/domain/details" ) { - redirect '/home'; - } - else { - redirect request->referer; - } - - } - else { - - session errmsg => "Impossible de supprimer le domaine " - . param('domain') - . '.' ; - redirect request->referer; - - } - } + redirect request->referer; } }; get '/del/:domain/:name/:type/:host/:ttl' => sub { + # Load :domain and search for corresponding data + my $app = initco(); + + my ($auth_ok, $user, $isadmin) = $app->auth(session('login'), + session('password') ); + + unless ( $auth_ok && ( $isadmin + || grep { $_ =~ param('domain') } @{$user->domains})) { + + session errmsg => q{Auth non OK.}; + redirect '/ '; + return; + } + unless( session( 'user' ) and defined param('domain') ) { session errmsg => q; redirect get_route; + return; } - else { - # Load :domain and search for corresponding data - my $app = initco(); - # my ($auth_ok, $user, $isadmin) = $app->auth(param('login'), - # param('password') ); - $app->delete_entry( session('login'), - param('domain'), - { - type => param('type'), - name => param('name'), - host => param('host'), - ttl => param('ttl') - }); + $app->delete_entry( param('domain'), + { + type => param('type'), + name => param('name'), + host => param('host'), + ttl => param('ttl') + }); - redirect '/domain/details/'. param('domain'); - } - }; + redirect '/domain/details/'. param('domain'); + }; get '/mod/:domain/:name/:type/:host/:ttl' => sub { + my $app = initco(); + my ($auth_ok, $user, $isadmin) = $app->auth(session('login'), + session('password') ); + + unless ( $auth_ok && ( $isadmin + || grep { $_ =~ param('domain') } @{$user->domains})) { + + session errmsg => q{Auth non OK.}; + redirect '/ '; + return; + } + unless( session( 'user' ) and defined param('domain') ) { session errmsg => q; redirect get_route; + return; } - else { - # Load :domain and search for corresponding data - my $app = initco(); - # my ($auth_ok, $user, $isadmin) = $app->auth(param('login'), - # param('password') ); - $app->modify_entry( session('login'), - param('domain'), - { - type => param('type'), - name => param('name'), - host => param('host'), - ttl => param('ttl') - }, - { - newtype => param('newtype'), - newname => param('newname'), - newhost => param('newhost'), - newttl => param('newttl'), - newpriority => param('newpriority') - }); + $app->modify_entry( param('domain'), + { + type => param('type'), + name => param('name'), + host => param('host'), + ttl => param('ttl') + }, + { + newtype => param('newtype'), + newname => param('newname'), + newhost => param('newhost'), + newttl => param('newttl'), + newpriority => param('newpriority') + }); - redirect '/domain/details/'. param('domain'); - } - }; + redirect '/domain/details/'. param('domain'); + }; }; any ['get', 'post'] => '/admin' => sub { - unless( session('login') ) - { - redirect '/'; - } - else - { - my $app = initco(); - my ($auth_ok, $user, $isadmin) = $app->auth(session('login'), - session('password') ); + unless( session('login') ) + { + redirect '/'; + return; + } - unless ( $auth_ok && $isadmin ) { - redirect '/ '; - } - else { + my $app = initco(); + my ($auth_ok, $user, $isadmin) = $app->auth(session('login'), + session('password') ); - my %alldomains = $app->get_all_domains; - my %allusers = $app->get_all_users; - my ($success, @domains) = $app->get_domains( session('login') ); + unless ( $auth_ok && $isadmin ) { + session errmsg => q{Donnée privée, petit coquin. ;) }; + redirect '/ '; + return; + } - template administration => { - login => session('login') - , admin => session('admin') - , errmsg => get_errmsg - , domains => [ @domains ] - , alldomains => { %alldomains } - , allusers => { %allusers } }; - } - } + my %alldomains = $app->get_all_domains; + my %allusers = $app->get_all_users; + my ($success, @domains) = $app->get_domains( session('login') ); + + template administration => { + login => session('login') + , admin => session('admin') + , errmsg => get_errmsg + , domains => [ @domains ] + , alldomains => { %alldomains } + , allusers => { %allusers } }; }; - prefix '/user' => sub { - get '/logout' => sub { - session->destroy; - redirect '/'; - }; + get '/home' => sub { - post '/add/' => sub { + unless( session('login') ) { + redirect '/'; + return; + } - if ( param('login') && param('password') ) - { + my $app = initco(); - my $app = initco(); - my ($success) = $app->register_user(param('login') - , param('password')); + my ($auth_ok, $user, $isadmin) = $app->auth(session('login'), + session('password') ); - if($success) { - session login => param('login'); - session password => param('password'); - redirect '/home'; - } - else { - session errmsg => q/Ce pseudo est déjà pris./; - redirect '/user/subscribe'; - } + unless( $auth_ok ) { + session errmsg => q/problème de connexion à votre compte/; + redirect '/'; + return; + } - } - else { - session errmsg => q/login ou password non renseignés/; - redirect '/user/subscribe'; - } + my ($success, @domains) = $app->get_domains( session('login') ); - }; + if( $success ) { - get '/subscribe' => sub { + my $cs = session('creationSuccess'); + my $dn = session('domainName'); - if( defined session('login') ) - { - redirect '/home'; - } - else { + session creationSuccess => ''; + session domainName => ''; - template subscribe => { - errmsg => get_errmsg - }; - } + template home => { + login => session('login') + , admin => session('admin') + , domains => [@domains] + , creationSuccess => $cs + , errmsg => get_errmsg + , domainName => $dn }; - }; + } + else { + session->destroy; + redirect '/ '; + } - get '/unsetadmin/:user' => sub { + }; - unless( defined param('user') ) - { - # TODO ajouter une erreur à afficher - session errmsg => "L'administrateur n'est pas défini." ; - redirect request->referer; + get '/logout' => sub { + session->destroy; + redirect '/'; + }; - } - elsif(! defined session('login') ) - { + # add a user => registration + post '/add/' => sub { - session errmsg => "Vous n'êtes pas connecté." ; - redirect '/'; + if ( param('login') && param('password') ) { - } - else { + my $pass = sha256_hex(param('password')); - my $app = initco(); + my $app = initco(); + my ($success) = $app->register_user(param('login') + , $pass); - my ($auth_ok, $user, $isadmin) = $app->auth(session('login'), - session('password') ); + if($success) { + session login => param('login'); + session password => $pass; + redirect '/user/home'; + } + else { + session errmsg => q/Ce pseudo est déjà pris./; + redirect '/user/subscribe'; + } - if ( $auth_ok && $isadmin ) { - $app->set_admin(param('user'), 0); - } - else { - session errmsg => q/Vous n'êtes pas administrateur./; - } + } + else { + session errmsg => q/login ou password non renseignés/; + redirect '/user/subscribe'; + } - if( request->referer =~ "/admin" ) { - redirect request->referer; - } - else { - redirect '/'; - } + }; - } + get '/subscribe' => sub { - }; + if( defined session('login') ) { + redirect '/user/home'; + } + else { - get '/setadmin/:user' => sub { + template subscribe => { + errmsg => get_errmsg + , admin => session('admin') + }; + } - unless( defined param('user') ) - { + }; - # TODO ajouter une erreur à afficher - session errmsg => "L'utilisateur n'est pas défini." ; - redirect request->referer; + get '/unsetadmin/:user' => sub { - } - elsif(! defined session('login') ) - { + unless( defined param('user') ) { - session errmsg => "Vous n'êtes pas connecté." ; - redirect '/'; + session errmsg => "L'administrateur n'est pas défini." ; + redirect request->referer; + return; - } - else { + } - my $app = initco(); + if(! defined session('login') ) { - my ($auth_ok, $user, $isadmin) = $app->auth(session('login'), - session('password') ); + session errmsg => "Vous n'êtes pas connecté." ; + redirect '/'; + return; + } - if ( $auth_ok && $isadmin ) { - $app->set_admin(param('user'), 1); - } + my $app = initco(); - if( request->referer =~ "/admin" ) { - redirect request->referer; - } - else { - redirect '/'; - } + my ($auth_ok, $user, $isadmin) = $app->auth(session('login'), + session('password') ); - } + unless ( $auth_ok && $isadmin ) { + session errmsg => q/Vous n'êtes pas administrateur./; + } + else { + $app->set_admin(param('user'), 0); + } - }; + if( request->referer =~ "/admin" ) { + redirect request->referer; + } + else { + redirect '/'; + } - get '/del/:user' => sub { + }; - if(defined param 'user') { + get '/setadmin/:user' => sub { - my $app = initco(); + unless( defined param('user') ) { - my ($auth_ok, $user, $isadmin) = $app->auth(session('login'), - session('password') ); + session errmsg => "L'utilisateur n'est pas défini." ; + redirect request->referer; + return; + } - if ( $auth_ok && $isadmin || session('login') eq param('user')) { - unless ( $app->delete_user(param('user'))) { - session errmsg => "L'utilisateur " - . param 'user' - . " n'a pas pu être supprimé."; - } - } - } - else { - session errmsg => q{Le nom d'utilisateur n'est pas renseigné.}; - } + if(! defined session('login') ) { - if( defined request->referer) { - redirect request->referer; - } - else { - redirect '/'; - } + session errmsg => "Vous n'êtes pas connecté." ; + redirect '/'; + return; + } - }; + my $app = initco(); - post '/login' => sub { + my ($auth_ok, $user, $isadmin) = $app->auth(session('login'), + session('password') ); - # Check if user is already logged - unless ( session('login') ) - { - # Check user login and password - if ( param('login') && param('password') ) - { + unless ( $auth_ok && $isadmin ) { + session errmsg => q/Vous n'êtes pas administrateur./; + } + else { + $app->set_admin(param('user'), 1); + } - my $app = initco(); - my ($auth_ok, $user, $isadmin) = $app->auth(param('login'), - param('password') ); + if( request->referer =~ "/admin" ) { + redirect request->referer; + } + else { + redirect '/'; + } - if( $auth_ok ) - { + }; - session login => param('login'); - # TODO : change password storage… - session password => param('password'); - session user => freeze( $user ); - session admin => $isadmin; + get '/del/:user' => sub { - if( $isadmin ) { - redirect '/admin'; - return; - } + if(defined param 'user') { - } - else - { + my $app = initco(); - session errmsg => q; - redirect '/'; + my ($auth_ok, $user, $isadmin) = $app->auth(session('login'), + session('password') ); - } - } - } + if ( $auth_ok && $isadmin || session('login') eq param('user')) { + unless ( $app->delete_user(param('user'))) { + session errmsg => "L'utilisateur " + . param 'user' + . " n'a pas pu être supprimé."; + } + } + } + else { + session errmsg => q{Le nom d'utilisateur n'est pas renseigné.}; + } - redirect '/home'; + if( defined request->referer) { + redirect request->referer; + } + else { + redirect '/'; + } - }; + }; + + post '/login' => sub { + + # Check if user is already logged + unless ( session('login') ) + { + # Check user login and password + if ( param('login') && param('password') ) + { + + my $app = initco(); + my $pass = sha256_hex(param('password')); + my ($auth_ok, $user, $isadmin) = $app->auth(param('login'), + $pass ); + + if( $auth_ok ) + { + + session login => param('login'); + session password => $pass; + session user => freeze( $user ); + session admin => $isadmin; + + if( $isadmin ) { + redirect '/admin'; + return; + } + + } + else + { + + session errmsg => q; + redirect '/'; + + } + } + } + + redirect '/user/home'; + + }; }; diff --git a/www/views/sidebar.tt b/www/views/sidebar.tt index 42f54c5..1f4270e 100644 --- a/www/views/sidebar.tt +++ b/www/views/sidebar.tt @@ -14,7 +14,7 @@
Déconnexion - Ma page + Ma page <% IF admin == 1 %> Administration