1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
|
package internal
import (
"encoding/json"
"errors"
"fmt"
"net/http"
"net/url"
)
// Authorized wrappers on top of HTTP
// the errors will not be wrapped here so that the caller can check if we got a status error, to retry oauth
func apiAuthorized(server Server, method string, endpoint string, opts *HTTPOptionalParams) (http.Header, []byte, error) {
// Ensure optional is not nil as we will fill it with headers
if opts == nil {
opts = &HTTPOptionalParams{}
}
base, baseErr := server.GetBase()
if baseErr != nil {
return nil, nil, baseErr
}
url := base.Endpoints.API.V3.API + endpoint
// Ensure we have valid tokens
stateBefore := base.FSM.Current
oauthErr := EnsureTokens(server)
// we reset the state so that we go from the authorized state to the state we want
base.FSM.Current = stateBefore
if oauthErr != nil {
return nil, nil, oauthErr
}
headerKey := "Authorization"
headerValue := fmt.Sprintf("Bearer %s", server.GetOAuth().Token.Access)
if opts.Headers != nil {
opts.Headers.Add(headerKey, headerValue)
} else {
opts.Headers = http.Header{headerKey: {headerValue}}
}
return HTTPMethodWithOpts(method, url, opts)
}
func apiAuthorizedRetry(server Server, method string, endpoint string, opts *HTTPOptionalParams) (http.Header, []byte, error) {
header, body, bodyErr := apiAuthorized(server, method, endpoint, opts)
base, baseErr := server.GetBase()
if baseErr != nil {
return nil, nil, &APIAuthorizedError{Err: baseErr}
}
if bodyErr != nil {
var error *HTTPStatusError
// Only retry authorized if we get a HTTP 401
if errors.As(bodyErr, &error) && error.Status == 401 {
base.Logger.Log(LOG_INFO, fmt.Sprintf("API: Got HTTP error %v, retrying authorized", error))
// Tell the method that the token is expired
server.GetOAuth().Token.ExpiredTimestamp = GenerateTimeSeconds()
retryHeader, retryBody, retryErr := apiAuthorized(server, method, endpoint, opts)
if retryErr != nil {
return nil, nil, &APIAuthorizedError{Err: retryErr}
}
return retryHeader, retryBody, nil
}
return nil, nil, &APIAuthorizedError{Err: bodyErr}
}
return header, body, nil
}
func APIInfo(server Server) error {
_, body, bodyErr := apiAuthorizedRetry(server, http.MethodGet, "/info", nil)
if bodyErr != nil {
return &APIInfoError{Err: bodyErr}
}
structure := ServerProfileInfo{}
jsonErr := json.Unmarshal(body, &structure)
if jsonErr != nil {
return &APIInfoError{Err: jsonErr}
}
base, baseErr := server.GetBase()
if baseErr != nil {
return &APIInfoError{Err: baseErr}
}
// Store the profiles and make sure that the current profile is not overwritten
previousProfile := base.Profiles.Current
base.Profiles = structure
base.Profiles.Current = previousProfile
base.ProfilesRaw = string(body)
return nil
}
func APIConnectWireguard(server Server, profile_id string, pubkey string, supportsOpenVPN bool) (string, string, string, error) {
headers := http.Header{
"content-type": {"application/x-www-form-urlencoded"},
"accept": {"application/x-wireguard-profile"},
}
if supportsOpenVPN {
headers.Add("accept", "application/x-openvpn-profile")
}
urlForm := url.Values{
"profile_id": {profile_id},
"public_key": {pubkey},
}
header, connectBody, connectErr := apiAuthorizedRetry(server, http.MethodPost, "/connect", &HTTPOptionalParams{Headers: headers, Body: urlForm})
if connectErr != nil {
return "", "", "", &APIConnectWireguardError{Err: connectErr}
}
expires := header.Get("expires")
contentType := header.Get("content-type")
content := "openvpn"
if contentType == "application/x-wireguard-profile" {
content = "wireguard"
}
return string(connectBody), content, expires, nil
}
func APIConnectOpenVPN(server Server, profile_id string) (string, string, error) {
headers := http.Header{
"content-type": {"application/x-www-form-urlencoded"},
"accept": {"application/x-openvpn-profile"},
}
urlForm := url.Values{
"profile_id": {profile_id},
}
header, connectBody, connectErr := apiAuthorizedRetry(server, http.MethodPost, "/connect", &HTTPOptionalParams{Headers: headers, Body: urlForm})
if connectErr != nil {
return "", "", &APIConnectOpenVPNError{Err: connectErr}
}
expires := header.Get("expires")
return string(connectBody), expires, nil
}
// This needs no further return value as it's best effort
func APIDisconnect(server Server) {
apiAuthorizedRetry(server, http.MethodPost, "/disconnect", nil)
}
type APIAuthorizedError struct {
Err error
}
func (e *APIAuthorizedError) Error() string {
return fmt.Sprintf("failed api authorized call with error: %v", e.Err)
}
type APIConnectWireguardError struct {
Err error
}
func (e *APIConnectWireguardError) Error() string {
return fmt.Sprintf("failed api /connect wireguard call with error: %v", e.Err)
}
type APIConnectOpenVPNError struct {
Err error
}
func (e *APIConnectOpenVPNError) Error() string {
return fmt.Sprintf("failed api /connect OpenVPN call with error: %v", e.Err)
}
type APIInfoError struct {
Err error
}
func (e *APIInfoError) Error() string {
return fmt.Sprintf("failed api /info call with error: %v", e.Err)
}
|
