Add name validation

Cargo.lock

@@ -1156,8 +1156,10 @@ dependencies = [
  "jsonrpsee",
  "lazy_static",
  "macaddr",
+ "once_cell",
  "pwhash",
  "rbtag",
+ "regex",
  "serde",
  "serde_json",
  "tera",

Cargo.toml

@@ -25,4 +25,6 @@ uuid = { version = "1.5.0", features = ["v4"] }
 tera = "1"
 lazy_static = "1.4.0"
 garde = { version = "0.20.0", features = ["full"] }
+once_cell = "1.19.0"
+regex = "1.10.5"
 

src/definitions/config.rs

@@ -17,6 +17,7 @@ use super::vpn;
 use crate::macro_db;
 
 #[derive(Serialize, Deserialize, Clone, Validate, Default, Debug)]
+#[garde(context(Config))]
 pub struct Config {
     #[garde(skip)]
     pub config_version: u64,

src/definitions/firewall.rs

@@ -1,7 +1,9 @@
+use super::config::Config;
 use garde::Validate;
 use serde::{Deserialize, Serialize};
 
 #[derive(Serialize, Deserialize, Clone, Validate, Default, Debug)]
+#[garde(context(Config))]
 pub struct Firewall {
     #[garde(dive)]
     pub forward_rules: Vec<ForwardRule>,
@@ -12,6 +14,7 @@ pub struct Firewall {
 }
 
 #[derive(Serialize, Deserialize, Clone, Validate, Debug)]
+#[garde(context(Config))]
 #[garde(allow_unvalidated)]
 pub struct ForwardRule {
     pub name: String,
@@ -24,6 +27,7 @@ pub struct ForwardRule {
 }
 
 #[derive(Serialize, Deserialize, Clone, Validate, Debug)]
+#[garde(context(Config))]
 #[garde(allow_unvalidated)]
 pub struct DestinationNATRule {
     pub name: String,
@@ -37,6 +41,7 @@ pub struct DestinationNATRule {
 }
 
 #[derive(Serialize, Deserialize, Clone, Validate, Debug)]
+#[garde(context(Config))]
 #[garde(allow_unvalidated)]
 pub struct SourceNATRule {
     pub name: String,

src/definitions/network.rs

@@ -1,8 +1,11 @@
+use super::config::Config;
+use crate::validation;
 use garde::Validate;
 use ipnet::IpNet;
 use serde::{Deserialize, Serialize};
 
 #[derive(Serialize, Deserialize, Clone, Validate, Default, Debug)]
+#[garde(context(Config))]
 pub struct Network {
     #[garde(dive)]
     pub interfaces: Vec<NetworkInterface>,
@@ -11,8 +14,10 @@ pub struct Network {
 }
 
 #[derive(Serialize, Deserialize, Clone, Validate, Debug)]
+#[garde(context(Config))]
 #[garde(allow_unvalidated)]
 pub struct NetworkInterface {
+    #[garde(custom(validation::validate_name))]
     pub name: String,
     pub alias: String,
     pub comment: String,
@@ -42,8 +47,10 @@ pub enum AddressingMode {
 }
 
 #[derive(Serialize, Deserialize, Clone, Validate, Debug)]
+#[garde(context(Config))]
 #[garde(allow_unvalidated)]
 pub struct StaticRoute {
+    #[garde(custom(validation::validate_name))]
     pub name: String,
     pub interface: String,
     pub gateway: String,
@@ -53,6 +60,7 @@ pub struct StaticRoute {
 }
 
 #[derive(Serialize, Deserialize, Clone, Validate, Debug)]
+#[garde(context(Config))]
 #[garde(allow_unvalidated)]
 pub struct Link {
     pub name: String,

src/definitions/object.rs

@@ -1,9 +1,12 @@
+use super::config::Config;
+use crate::validation;
 use garde::Validate;
 use ipnet::IpNet;
 use serde::{Deserialize, Serialize};
 use std::net::IpAddr;
 
 #[derive(Serialize, Deserialize, Clone, Validate, Default, Debug)]
+#[garde(context(Config))]
 pub struct Object {
     #[garde(dive)]
     pub addresses: Vec<Address>,
@@ -12,8 +15,10 @@ pub struct Object {
 }
 
 #[derive(Serialize, Deserialize, Clone, Validate, Debug)]
+#[garde(context(Config))]
 #[garde(allow_unvalidated)]
 pub struct Address {
+    #[garde(custom(validation::validate_name))]
     pub name: String,
     pub address_type: AddressType,
     pub comment: String,
@@ -29,8 +34,10 @@ pub enum AddressType {
 }
 
 #[derive(Serialize, Deserialize, Clone, Validate, Debug)]
+#[garde(context(Config))]
 #[garde(allow_unvalidated)]
 pub struct Service {
+    #[garde(custom(validation::validate_name))]
     pub name: String,
     pub service_type: ServiceType,
     pub comment: String,

src/definitions/service.rs

@@ -1,8 +1,10 @@
+use super::config::Config;
 use garde::Validate;
 use macaddr::MacAddr8;
 use serde::{Deserialize, Serialize};
 
 #[derive(Serialize, Deserialize, Clone, Validate, Default, Debug)]
+#[garde(context(Config))]
 pub struct Service {
     #[garde(dive)]
     pub dhcp_servers: Vec<DHCPServer>,
@@ -13,6 +15,7 @@ pub struct Service {
 }
 
 #[derive(Serialize, Deserialize, Clone, Validate, Debug)]
+#[garde(context(Config))]
 #[garde(allow_unvalidated)]
 pub struct DHCPServer {
     pub name: String,
@@ -27,6 +30,7 @@ pub struct DHCPServer {
 }
 
 #[derive(Serialize, Deserialize, Clone, Validate, Default, Debug)]
+#[garde(context(Config))]
 #[garde(allow_unvalidated)]
 pub struct DNSServer {
     pub name: String,
@@ -35,6 +39,7 @@ pub struct DNSServer {
 }
 
 #[derive(Serialize, Deserialize, Clone, Validate, Default, Debug)]
+#[garde(context(Config))]
 #[garde(allow_unvalidated)]
 pub struct NTPServer {
     pub name: String,

src/definitions/system.rs

@@ -1,15 +1,20 @@
+use super::config::Config;
+use crate::validation;
 use garde::Validate;
 use serde::{Deserialize, Serialize};
 
 #[derive(Serialize, Deserialize, Clone, Validate, Default, Debug)]
+#[garde(context(Config))]
 pub struct System {
     #[garde(dive)]
     pub users: Vec<User>,
 }
 
 #[derive(Serialize, Deserialize, Clone, Validate, Default, Debug)]
+#[garde(context(Config))]
 #[garde(allow_unvalidated)]
 pub struct User {
+    #[garde(custom(validation::validate_name))]
     pub name: String,
     pub comment: String,
     pub hash: String,

src/definitions/vpn.rs

@@ -1,13 +1,17 @@
+use super::config::Config;
+use crate::validation;
 use garde::Validate;
 use serde::{Deserialize, Serialize};
 
 #[derive(Serialize, Deserialize, Clone, Validate, Default, Debug)]
+#[garde(context(Config))]
 pub struct VPN {
     #[garde(dive)]
     pub wireguard: Wireguard,
 }
 
 #[derive(Serialize, Deserialize, Clone, Validate, Default, Debug)]
+#[garde(context(Config))]
 pub struct Wireguard {
     #[garde(dive)]
     pub interfaces: Vec<WireguardInterface>,
@@ -16,8 +20,10 @@ pub struct Wireguard {
 }
 
 #[derive(Serialize, Deserialize, Clone, Validate, Debug)]
+#[garde(context(Config))]
 #[garde(allow_unvalidated)]
 pub struct WireguardInterface {
+    #[garde(custom(validation::validate_name))]
     pub name: String,
     pub public_key: String,
     pub private_key: String,
@@ -27,8 +33,10 @@ pub struct WireguardInterface {
 }
 
 #[derive(Serialize, Deserialize, Clone, Validate, Debug)]
+#[garde(context(Config))]
 #[garde(allow_unvalidated)]
 pub struct WireguardPeer {
+    #[garde(custom(validation::validate_name))]
     pub name: String,
     pub public_key: String,
     pub preshared_key: Option<String>,

src/main.rs

@@ -25,6 +25,7 @@ mod config_manager;
 mod definitions;
 mod state;
 mod templates;
+mod validation;
 mod web;
 
 #[tokio::main]

src/validation/mod.rs

@@ -0,0 +1,16 @@
+use {
+    crate::definitions::config::Config, garde::rules::pattern::Matcher, once_cell::sync::Lazy,
+    regex::Regex,
+};
+
+pub fn validate_name(value: &str, _: &Config) -> garde::Result {
+    if value.len() > 32 {
+        return Err(garde::Error::new("name is longer than 32"));
+    }
+
+    static RE: Lazy<Regex> = Lazy::new(|| Regex::new(r"/^[0-9A-Za-z_-]*$/g").unwrap());
+    if !RE.is_match(value) {
+        return Err(garde::Error::new("name must only contain 0-9A-Za-z_-"));
+    }
+    Ok(())
+}