Add name validation

2025-05-11 02:48:21 +00:00 · 2024-07-27 23:16:07 +02:00 · 2024-07-27 23:16:07 +02:00 · fca86ca590
commit fca86ca590
parent 7d0b9c5c3b
11 changed files with 60 additions and 0 deletions
--- a/Cargo.lock
+++ b/Cargo.lock
@ -1156,8 +1156,10 @@ dependencies = [
 "jsonrpsee",
 "lazy_static",
 "macaddr",
 "once_cell",
 "pwhash",
 "rbtag",
 "regex",
 "serde",
 "serde_json",
 "tera",
--- a/Cargo.toml
+++ b/Cargo.toml
@ -25,4 +25,6 @@ uuid = { version = "1.5.0", features = ["v4"] }
 tera = "1"
 lazy_static = "1.4.0"
 garde = { version = "0.20.0", features = ["full"] }
 once_cell = "1.19.0"
 regex = "1.10.5"
--- a/src/definitions/config.rs
+++ b/src/definitions/config.rs
@ -17,6 +17,7 @@ use super::vpn;
 use crate::macro_db;
 #[derive(Serialize, Deserialize, Clone, Validate, Default, Debug)]
 #[garde(context(Config))]
 pub struct Config {
    #[garde(skip)]
    pub config_version: u64,
--- a/src/definitions/firewall.rs
+++ b/src/definitions/firewall.rs
@ -1,7 +1,9 @@
 use super::config::Config;
 use garde::Validate;
 use serde::{Deserialize, Serialize};
 #[derive(Serialize, Deserialize, Clone, Validate, Default, Debug)]
 #[garde(context(Config))]
 pub struct Firewall {
    #[garde(dive)]
    pub forward_rules: Vec<ForwardRule>,
@ -12,6 +14,7 @@ pub struct Firewall {
 }
 #[derive(Serialize, Deserialize, Clone, Validate, Debug)]
 #[garde(context(Config))]
 #[garde(allow_unvalidated)]
 pub struct ForwardRule {
    pub name: String,
@ -24,6 +27,7 @@ pub struct ForwardRule {
 }
 #[derive(Serialize, Deserialize, Clone, Validate, Debug)]
 #[garde(context(Config))]
 #[garde(allow_unvalidated)]
 pub struct DestinationNATRule {
    pub name: String,
@ -37,6 +41,7 @@ pub struct DestinationNATRule {
 }
 #[derive(Serialize, Deserialize, Clone, Validate, Debug)]
 #[garde(context(Config))]
 #[garde(allow_unvalidated)]
 pub struct SourceNATRule {
    pub name: String,
--- a/src/definitions/network.rs
+++ b/src/definitions/network.rs
@ -1,8 +1,11 @@
 use super::config::Config;
 use crate::validation;
 use garde::Validate;
 use ipnet::IpNet;
 use serde::{Deserialize, Serialize};
 #[derive(Serialize, Deserialize, Clone, Validate, Default, Debug)]
 #[garde(context(Config))]
 pub struct Network {
    #[garde(dive)]
    pub interfaces: Vec<NetworkInterface>,
@ -11,8 +14,10 @@ pub struct Network {
 }
 #[derive(Serialize, Deserialize, Clone, Validate, Debug)]
 #[garde(context(Config))]
 #[garde(allow_unvalidated)]
 pub struct NetworkInterface {
    #[garde(custom(validation::validate_name))]
    pub name: String,
    pub alias: String,
    pub comment: String,
@ -42,8 +47,10 @@ pub enum AddressingMode {
 }
 #[derive(Serialize, Deserialize, Clone, Validate, Debug)]
 #[garde(context(Config))]
 #[garde(allow_unvalidated)]
 pub struct StaticRoute {
    #[garde(custom(validation::validate_name))]
    pub name: String,
    pub interface: String,
    pub gateway: String,
@ -53,6 +60,7 @@ pub struct StaticRoute {
 }
 #[derive(Serialize, Deserialize, Clone, Validate, Debug)]
 #[garde(context(Config))]
 #[garde(allow_unvalidated)]
 pub struct Link {
    pub name: String,
--- a/src/definitions/object.rs
+++ b/src/definitions/object.rs
@ -1,9 +1,12 @@
 use super::config::Config;
 use crate::validation;
 use garde::Validate;
 use ipnet::IpNet;
 use serde::{Deserialize, Serialize};
 use std::net::IpAddr;
 #[derive(Serialize, Deserialize, Clone, Validate, Default, Debug)]
 #[garde(context(Config))]
 pub struct Object {
    #[garde(dive)]
    pub addresses: Vec<Address>,
@ -12,8 +15,10 @@ pub struct Object {
 }
 #[derive(Serialize, Deserialize, Clone, Validate, Debug)]
 #[garde(context(Config))]
 #[garde(allow_unvalidated)]
 pub struct Address {
    #[garde(custom(validation::validate_name))]
    pub name: String,
    pub address_type: AddressType,
    pub comment: String,
@ -29,8 +34,10 @@ pub enum AddressType {
 }
 #[derive(Serialize, Deserialize, Clone, Validate, Debug)]
 #[garde(context(Config))]
 #[garde(allow_unvalidated)]
 pub struct Service {
    #[garde(custom(validation::validate_name))]
    pub name: String,
    pub service_type: ServiceType,
    pub comment: String,
--- a/src/definitions/service.rs
+++ b/src/definitions/service.rs
@ -1,8 +1,10 @@
 use super::config::Config;
 use garde::Validate;
 use macaddr::MacAddr8;
 use serde::{Deserialize, Serialize};
 #[derive(Serialize, Deserialize, Clone, Validate, Default, Debug)]
 #[garde(context(Config))]
 pub struct Service {
    #[garde(dive)]
    pub dhcp_servers: Vec<DHCPServer>,
@ -13,6 +15,7 @@ pub struct Service {
 }
 #[derive(Serialize, Deserialize, Clone, Validate, Debug)]
 #[garde(context(Config))]
 #[garde(allow_unvalidated)]
 pub struct DHCPServer {
    pub name: String,
@ -27,6 +30,7 @@ pub struct DHCPServer {
 }
 #[derive(Serialize, Deserialize, Clone, Validate, Default, Debug)]
 #[garde(context(Config))]
 #[garde(allow_unvalidated)]
 pub struct DNSServer {
    pub name: String,
@ -35,6 +39,7 @@ pub struct DNSServer {
 }
 #[derive(Serialize, Deserialize, Clone, Validate, Default, Debug)]
 #[garde(context(Config))]
 #[garde(allow_unvalidated)]
 pub struct NTPServer {
    pub name: String,
--- a/src/definitions/system.rs
+++ b/src/definitions/system.rs
@ -1,15 +1,20 @@
 use super::config::Config;
 use crate::validation;
 use garde::Validate;
 use serde::{Deserialize, Serialize};
 #[derive(Serialize, Deserialize, Clone, Validate, Default, Debug)]
 #[garde(context(Config))]
 pub struct System {
    #[garde(dive)]
    pub users: Vec<User>,
 }
 #[derive(Serialize, Deserialize, Clone, Validate, Default, Debug)]
 #[garde(context(Config))]
 #[garde(allow_unvalidated)]
 pub struct User {
    #[garde(custom(validation::validate_name))]
    pub name: String,
    pub comment: String,
    pub hash: String,
--- a/src/definitions/vpn.rs
+++ b/src/definitions/vpn.rs
@ -1,13 +1,17 @@
 use super::config::Config;
 use crate::validation;
 use garde::Validate;
 use serde::{Deserialize, Serialize};
 #[derive(Serialize, Deserialize, Clone, Validate, Default, Debug)]
 #[garde(context(Config))]
 pub struct VPN {
    #[garde(dive)]
    pub wireguard: Wireguard,
 }
 #[derive(Serialize, Deserialize, Clone, Validate, Default, Debug)]
 #[garde(context(Config))]
 pub struct Wireguard {
    #[garde(dive)]
    pub interfaces: Vec<WireguardInterface>,
@ -16,8 +20,10 @@ pub struct Wireguard {
 }
 #[derive(Serialize, Deserialize, Clone, Validate, Debug)]
 #[garde(context(Config))]
 #[garde(allow_unvalidated)]
 pub struct WireguardInterface {
    #[garde(custom(validation::validate_name))]
    pub name: String,
    pub public_key: String,
    pub private_key: String,
@ -27,8 +33,10 @@ pub struct WireguardInterface {
 }
 #[derive(Serialize, Deserialize, Clone, Validate, Debug)]
 #[garde(context(Config))]
 #[garde(allow_unvalidated)]
 pub struct WireguardPeer {
    #[garde(custom(validation::validate_name))]
    pub name: String,
    pub public_key: String,
    pub preshared_key: Option<String>,
--- a/src/main.rs
+++ b/src/main.rs
@ -25,6 +25,7 @@ mod config_manager;
 mod definitions;
 mod state;
 mod templates;
 mod validation;
 mod web;
 #[tokio::main]
--- a/src/validation/mod.rs
+++ b/src/validation/mod.rs
@ -0,0 +1,16 @@
 use {
    crate::definitions::config::Config, garde::rules::pattern::Matcher, once_cell::sync::Lazy,
    regex::Regex,
 };
 pub fn validate_name(value: &str, _: &Config) -> garde::Result {
    if value.len() > 32 {
        return Err(garde::Error::new("name is longer than 32"));
    }
    static RE: Lazy<Regex> = Lazy::new(|| Regex::new(r"/^[0-9A-Za-z_-]*$/g").unwrap());
    if !RE.is_match(value) {
        return Err(garde::Error::new("name must only contain 0-9A-Za-z_-"));
    }
    Ok(())
 }