Baguette
/
dnsmanagerv1
3
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

prise en compte de la sécurité dans le développement

master
Philippe Pittoli 2014-02-07 23:56:45 +01:00
parent 318b11e7f3
commit 6d75a31f88
3 changed files with 468 additions and 407 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

24
app/app.pm
View File

@ -116,7 +116,8 @@ sub delete_domain {
}
sub update_domain_raw {
my ($self, $login, $zone, $domain) = @_;
my ($self, $zone, $domain) = @_;
my $ze = app::zone::edit->new(zname => $domain
, zdir => $self->zdir
, host => $self->sshhost
@ -125,7 +126,7 @@ sub update_domain_raw {
}
sub update_domain {
my ($self, $login, $zone, $domain) = @_;
my ($self, $zone, $domain) = @_;
my $ze = app::zone::edit->new(zname => $domain
, zdir => $self->zdir
, host => $self->sshhost
@ -134,7 +135,7 @@ sub update_domain {
}
sub get_domain {
my ($self, $login, $domain) = @_;
my ($self, $domain) = @_;
my $ze = app::zone::edit->new(zname => $domain
, zdir => $self->zdir
, host => $self->sshhost
@ -160,7 +161,7 @@ sub get_all_users {
}
sub new_tmp {
my ($self, $login, $domain) = @_;
my ($self, $domain) = @_;
my $ze = app::zone::edit->new(zname => $domain
, zdir => $self->zdir
, host => $self->sshhost
@ -169,7 +170,7 @@ sub new_tmp {
}
sub _mod_entry {
my ($self, $login, $domain, $entryToDelete, $action, $newEntry) = @_;
my ($self, $domain, $entryToDelete, $action, $newEntry) = @_;
my $name = $entryToDelete->{'name'};
my $type = $entryToDelete->{'type'};
@ -185,7 +186,7 @@ sub _mod_entry {
# say "in _mod_entry : $action";
# say "in _mod_entry : $new_name";
my $zone = $self->get_domain($login , $domain);
my $zone = $self->get_domain($domain);
my $dump = $zone->dump;
my $record;
@ -258,18 +259,17 @@ sub _mod_entry {
}
$self->update_domain( $login, $zone, $domain );
$self->update_domain( $zone, $domain );
}
sub delete_entry {
my ($self, $login, $domain, $entryToDelete) = @_;
$self->_mod_entry( $login, $domain, $entryToDelete, 'del' );
my ($self, $domain, $entryToDelete) = @_;
$self->_mod_entry( $domain, $entryToDelete, 'del' );
}
sub modify_entry {
my ($self, $login, $domain, $entryToDelete, $newEntry) = @_;
$self->_mod_entry( $login, $domain, $entryToDelete, 'mod', $newEntry );
my ($self, $domain, $entryToDelete, $newEntry) = @_;
$self->_mod_entry( $domain, $entryToDelete, 'mod', $newEntry );
}
1;

323
www/lib/DNSManager.pm Normal file → Executable file
View File

@ -9,9 +9,11 @@ use Data::Dump qw( dump );
use Data::Structure::Util qw ( unbless );
use File::Basename;
use Config::Simple;
use Crypt::Digest::SHA256 qw( sha256_hex ) ;
use Storable qw( freeze thaw );
$Storable::Deparse = true;
$Storable::Eval=true;
use encoding 'utf-8'; # TODO check if this works well
# Include other libs relative to current path
use Find::Lib '../../'; # TODO remove it when it won't be usefull anymore
@ -19,6 +21,13 @@ use app::app;
our $VERSION = '0.1';
# TODO we can check if dn matches our domain name
sub is_domain_name {
my ($dn) = @_;
my $ndd = qr/^([a-zA-Z0-9]+[a-zA-Z0-9-]*[a-zA-Z0-9]*.)*[a-zA-Z0-9]+[a-zA-Z0-9-]*[a-zA-Z0-9]$/;
return $dn =~ $ndd;
}
# eventually change place
sub initco {
@ -45,6 +54,7 @@ sub get_errmsg {
$err;
}
# TODO check if the referer was from our website
sub get_route {
my $route = '/';
$route = request->referer if (defined request->referer);
@ -81,47 +91,6 @@ get '/' => sub {
}
};
get '/home' => sub {
unless( session('login') )
{
redirect '/';
}
else
{
my $app = initco();
my ($success, @domains) = $app->get_domains( session('login') );
if( $success ) {
my (%zone_properties, %domains);
my $cs = session('creationSuccess');
my $dn = session('domainName');
session creationSuccess => '';
session domainName => '';
template home => {
login => session('login')
, admin => session('admin')
, domains => [@domains]
, zones_domains => \%domains
, zone_properties => \%zone_properties
, creationSuccess => $cs
, errmsg => get_errmsg
, domainName => $dn };
}
else {
session->destroy;
redirect '/ ';
}
}
};
prefix '/domain' => sub {
any ['post', 'get'] => '/updateraw/:domain' => sub {
@ -135,25 +104,38 @@ prefix '/domain' => sub {
{
my $app = initco();
my ($auth_ok, $user, $isadmin) = $app->auth(param('login'),
param('password') );
my ($auth_ok, $user, $isadmin) = $app->auth(session('login'),
session('password') );
my $success = $app->update_domain_raw(session('login')
, param('zoneupdated')
if($auth_ok && ($isadmin || grep { $_ eq param('domain') }
@{$user->domains}) ) {
my $success = $app->update_domain_raw( param('zoneupdated')
, param('domain'));
unless($success) {
session errmsg => q{Problème de mise à jour du domaine.};
}
redirect '/domain/details/' . param('domain');
}
else {
session errmsg => q{Donnée privée, petit coquin. ;) };
redirect '/';
}
}
};
any ['post', 'get'] => '/update/:domain' => sub {
unless( session('login') && param('domain') )
{
redirect '/';
}
else
{
my $type = param('type');
my $name = param('name');
my $value = param('value');
@ -161,9 +143,18 @@ prefix '/domain' => sub {
my $priority = param('priority');
my $app = initco();
my ($auth_ok, $user, $isadmin) = $app->auth(param('login'),
param('password') );
my $zone = $app->get_domain( session('login') , param('domain') );
my ($auth_ok, $user, $isadmin) = $app->auth(session('login'),
session('password') );
unless($auth_ok && ($isadmin || grep { $_ eq param('domain') }
@{$user->domains}) ) {
session errmsg => q{Donnée privée, petit coquin. ;) };
redirect '/';
return;
}
my $zone = $app->get_domain( param('domain') );
given( $type )
{
@ -226,12 +217,11 @@ prefix '/domain' => sub {
}
$zone->new_serial();
$app->update_domain( session('login')
, $zone
, param('domain'));
dump($zone);
redirect '/domain/details/'.param('domain');
$app->update_domain( $zone , param('domain'));
redirect '/domain/details/' . param('domain');
}
};
@ -245,15 +235,26 @@ prefix '/domain' => sub {
else
{
my $app = initco();
# my ($auth_ok, $user, $isadmin) = $app->auth(param('login'),
# param('password') );
my $zone = $app->get_domain(session('login') , param('domain'));
my ($auth_ok, $user, $isadmin) = $app->auth(session('login'),
session('password') );
unless ( $auth_ok && ( $isadmin
|| grep { $_ =~ param('domain') } @{$user->domains})) {
session errmsg => q{Auth non OK.};
redirect '/ ';
return;
}
my $zone = $app->get_domain(param('domain'));
if( param( 'expert' ) )
{
template details => {
login => session('login')
, admin => session('admin')
, domain => param('domain')
, domain_zone => $zone->output()
, expert => true };
@ -263,6 +264,7 @@ prefix '/domain' => sub {
# say dump( $zone->cname());
template details => {
login => session('login')
, admin => session('admin')
, domain => param('domain')
, domain_zone => $zone->output()
, a => $zone->a()
@ -313,7 +315,7 @@ prefix '/domain' => sub {
session creationSuccess => $creationSuccess;
session domainName => param('domain');
redirect '/home';
redirect '/user/home';
}
@ -321,53 +323,68 @@ prefix '/domain' => sub {
get '/del/:domain' => sub {
my $app = initco();
my ($auth_ok, $user, $isadmin) = $app->auth(session('login'),
session('password') );
unless ( $auth_ok && ( $isadmin
|| grep { $_ =~ param('domain') } @{$user->domains})) {
session errmsg => q{Auth non OK.};
redirect '/ ';
return;
}
unless( defined param('domain') ) {
session errmsg => q<Domaine non renseigné.>;
redirect get_route;
return;
}
else {
my $app = initco();
# TODO tests des droits
if( session('login') ) {
if( ! is_domain_name(param('domain'))) {
session errmsg => q<Domaine non conforme.>;
redirect get_route;
return;
}
if($app->delete_domain(session('login'), param('domain'))) {
my $success = $app->delete_domain(session('login'), param('domain'));
unless($success) {
session errmsg => q{Impossible de supprimer le domaine.};
}
if( request->referer =~ "/domain/details" ) {
redirect '/home';
redirect '/user/home';
}
else {
redirect request->referer;
}
}
else {
session errmsg => "Impossible de supprimer le domaine "
. param('domain')
. '.' ;
redirect request->referer;
}
}
}
};
get '/del/:domain/:name/:type/:host/:ttl' => sub {
# Load :domain and search for corresponding data
my $app = initco();
my ($auth_ok, $user, $isadmin) = $app->auth(session('login'),
session('password') );
unless ( $auth_ok && ( $isadmin
|| grep { $_ =~ param('domain') } @{$user->domains})) {
session errmsg => q{Auth non OK.};
redirect '/ ';
return;
}
unless( session( 'user' ) and defined param('domain') ) {
session errmsg => q<Domaine non renseigné.>;
redirect get_route;
return;
}
else {
# Load :domain and search for corresponding data
my $app = initco();
# my ($auth_ok, $user, $isadmin) = $app->auth(param('login'),
# param('password') );
$app->delete_entry( session('login'),
param('domain'),
$app->delete_entry( param('domain'),
{
type => param('type'),
name => param('name'),
@ -376,23 +393,29 @@ prefix '/domain' => sub {
});
redirect '/domain/details/'. param('domain');
}
};
get '/mod/:domain/:name/:type/:host/:ttl' => sub {
my $app = initco();
my ($auth_ok, $user, $isadmin) = $app->auth(session('login'),
session('password') );
unless ( $auth_ok && ( $isadmin
|| grep { $_ =~ param('domain') } @{$user->domains})) {
session errmsg => q{Auth non OK.};
redirect '/ ';
return;
}
unless( session( 'user' ) and defined param('domain') ) {
session errmsg => q<Domaine non renseigné.>;
redirect get_route;
return;
}
else {
# Load :domain and search for corresponding data
my $app = initco();
# my ($auth_ok, $user, $isadmin) = $app->auth(param('login'),
# param('password') );
$app->modify_entry( session('login'),
param('domain'),
$app->modify_entry( param('domain'),
{
type => param('type'),
name => param('name'),
@ -408,7 +431,6 @@ prefix '/domain' => sub {
});
redirect '/domain/details/'. param('domain');
}
};
};
@ -417,17 +439,18 @@ any ['get', 'post'] => '/admin' => sub {
unless( session('login') )
{
redirect '/';
return;
}
else
{
my $app = initco();
my ($auth_ok, $user, $isadmin) = $app->auth(session('login'),
session('password') );
unless ( $auth_ok && $isadmin ) {
session errmsg => q{Donnée privée, petit coquin. ;) };
redirect '/ ';
return;
}
else {
my %alldomains = $app->get_all_domains;
my %allusers = $app->get_all_users;
@ -440,31 +463,75 @@ any ['get', 'post'] => '/admin' => sub {
, domains => [ @domains ]
, alldomains => { %alldomains }
, allusers => { %allusers } };
}
}
};
prefix '/user' => sub {
get '/home' => sub {
unless( session('login') ) {
redirect '/';
return;
}
my $app = initco();
my ($auth_ok, $user, $isadmin) = $app->auth(session('login'),
session('password') );
unless( $auth_ok ) {
session errmsg => q/problème de connexion à votre compte/;
redirect '/';
return;
}
my ($success, @domains) = $app->get_domains( session('login') );
if( $success ) {
my $cs = session('creationSuccess');
my $dn = session('domainName');
session creationSuccess => '';
session domainName => '';
template home => {
login => session('login')
, admin => session('admin')
, domains => [@domains]
, creationSuccess => $cs
, errmsg => get_errmsg
, domainName => $dn };
}
else {
session->destroy;
redirect '/ ';
}
};
get '/logout' => sub {
session->destroy;
redirect '/';
};
# add a user => registration
post '/add/' => sub {
if ( param('login') && param('password') )
{
if ( param('login') && param('password') ) {
my $pass = sha256_hex(param('password'));
my $app = initco();
my ($success) = $app->register_user(param('login')
, param('password'));
, $pass);
if($success) {
session login => param('login');
session password => param('password');
redirect '/home';
session password => $pass;
redirect '/user/home';
}
else {
session errmsg => q/Ce pseudo est déjà pris./;
@ -481,14 +548,14 @@ prefix '/user' => sub {
get '/subscribe' => sub {
if( defined session('login') )
{
redirect '/home';
if( defined session('login') ) {
redirect '/user/home';
}
else {
template subscribe => {
errmsg => get_errmsg
, admin => session('admin')
};
}
@ -496,33 +563,31 @@ prefix '/user' => sub {
get '/unsetadmin/:user' => sub {
unless( defined param('user') )
{
unless( defined param('user') ) {
# TODO ajouter une erreur à afficher
session errmsg => "L'administrateur n'est pas défini." ;
redirect request->referer;
return;
}
elsif(! defined session('login') )
{
if(! defined session('login') ) {
session errmsg => "Vous n'êtes pas connecté." ;
redirect '/';
return;
}
else {
my $app = initco();
my ($auth_ok, $user, $isadmin) = $app->auth(session('login'),
session('password') );
if ( $auth_ok && $isadmin ) {
$app->set_admin(param('user'), 0);
unless ( $auth_ok && $isadmin ) {
session errmsg => q/Vous n'êtes pas administrateur./;
}
else {
session errmsg => q/Vous n'êtes pas administrateur./;
$app->set_admin(param('user'), 0);
}
if( request->referer =~ "/admin" ) {
@ -532,35 +597,33 @@ prefix '/user' => sub {
redirect '/';
}
}
};
get '/setadmin/:user' => sub {
unless( defined param('user') )
{
unless( defined param('user') ) {
# TODO ajouter une erreur à afficher
session errmsg => "L'utilisateur n'est pas défini." ;
redirect request->referer;
return;
}
elsif(! defined session('login') )
{
if(! defined session('login') ) {
session errmsg => "Vous n'êtes pas connecté." ;
redirect '/';
return;
}
else {
my $app = initco();
my ($auth_ok, $user, $isadmin) = $app->auth(session('login'),
session('password') );
if ( $auth_ok && $isadmin ) {
unless ( $auth_ok && $isadmin ) {
session errmsg => q/Vous n'êtes pas administrateur./;
}
else {
$app->set_admin(param('user'), 1);
}
@ -571,8 +634,6 @@ prefix '/user' => sub {
redirect '/';
}
}
};
get '/del/:user' => sub {
@ -615,15 +676,15 @@ prefix '/user' => sub {
{
my $app = initco();
my $pass = sha256_hex(param('password'));
my ($auth_ok, $user, $isadmin) = $app->auth(param('login'),
param('password') );
$pass );
if( $auth_ok )
{
session login => param('login');
# TODO : change password storage…
session password => param('password');
session password => $pass;
session user => freeze( $user );
session admin => $isadmin;
@ -643,7 +704,7 @@ prefix '/user' => sub {
}
}
redirect '/home';
redirect '/user/home';
};
};

2
www/views/sidebar.tt
View File

@ -14,7 +14,7 @@
<div class="list-group">
<a href="/user/logout" class="list-group-item active">Déconnexion</a>
<a href='/home' class="list-group-item active">Ma page</a>
<a href='/user/home' class="list-group-item active">Ma page</a>
<% IF admin == 1 %>
<a href='/admin' class="list-group-item ">Administration</a>