Add name validation

Cargo.toml

@@ -22,7 +22,9 @@ tower-http = "0.4.4"
 tracing = "0.1.40"
 tracing-subscriber = "0.3.17"
 uuid = { version = "1.5.0", features = ["v4"] }
-validator = { version = "0.15", features = ["derive"] }
 tera = "1"
 lazy_static = "1.4.0"
+garde = { version = "0.20.0", features = ["full"] }
+once_cell = "1.19.0"
+regex = "1.10.5"
 

client/src/pages/vpn/wireguard.peers.vue

@@ -1,6 +1,6 @@
 <script setup lang="ts">
-import { apiCall } from '../../api';
+import { apiCall } from "../../api";
-import getPlugins from '../../plugins';
+import getPlugins from "../../plugins";
 const p = getPlugins();
 
 let peers = $ref({});
@@ -8,65 +8,81 @@ let loading = $ref(false);
 let selection = $ref([] as number[]);
 
 const columns = [
-  {heading: 'Name', path: 'name'},
+    { heading: "Name", path: "name" },
-  {heading: 'Allowed IPs', path: 'allowed_ips'},
+    { heading: "Allowed IPs", path: "allowed_ips" },
-  {heading: 'Endpoint', path: 'endpoint'},
+    { heading: "Endpoint", path: "endpoint" },
-  {heading: 'Persistent Keepalive', path: 'persistent_keepalive'},
+    { heading: "Persistent Keepalive", path: "persistent_keepalive" },
-  {heading: 'Comment', path: 'comment'},
+    { heading: "Comment", path: "comment" },
 ];
 
 const displayData = $computed(() => {
     let data: any;
     data = [];
-  for (const name in peers) {
+    for (const index in peers) {
         data.push({
-      name,
+            name: peers[index].name,
-      allowed_ips: peers[name].allowed_ips,
+            allowed_ips: peers[index].allowed_ips,
-      endpoint: peers[name].endpoint,
+            endpoint: peers[index].endpoint,
-      persistent_keepalive: peers[name].persistent_keepalive,
+            persistent_keepalive: peers[index].persistent_keepalive,
-      comment: peers[name].comment,
+            comment: peers[index].comment,
         });
     }
     return data;
 });
 
-async function load(){
+async function load() {
     loading = true;
-  let res = await apiCall('vpn.wireguard.peers.list', {});
+    let res = await apiCall("vpn.wireguard.peers.list", {});
     if (res.Error === null) {
-    console.debug('peers', res.Data);
+        console.debug("peers", res.Data);
         peers = res.Data;
     } else {
-    console.debug('error', res);
+        console.debug("error", res);
     }
     loading = false;
 }
 
-async function deletePeer(){
+async function deletePeer() {
-  let res = await apiCall('vpn.wireguard.peers.delete', {name: displayData[selection[0]].name});
+    let res = await apiCall("vpn.wireguard.peers.delete", {
+        name: displayData[selection[0]].name,
+    });
     if (res.Error === null) {
-    console.debug('deleted peer');
+        console.debug("deleted peer");
     } else {
-    console.debug('error', res);
+        console.debug("error", res);
     }
     load();
 }
 
 async function editPeer() {
-  p.router.push(`/vpn/wireguard.peers/edit/${  displayData[selection[0]].name}`);
+    p.router.push(
+        `/vpn/wireguard.peers/edit/${displayData[selection[0]].name}`,
+    );
 }
 
-onMounted(async() => {
+onMounted(async () => {
     load();
 });
-
 </script>
 
 <template>
-  <TableView v-model:selection="selection" v-model:data="displayData" title="Peers" :columns="columns" :loading="loading" :table-props="{sort:true, sortSelf: true}">
+    <TableView
+        v-model:selection="selection"
+        v-model:data="displayData"
+        title="Peers"
+        :columns="columns"
+        :loading="loading"
+        :table-props="{ sort: true, sortSelf: true }"
+    >
         <button @click="load">Refresh</button>
-    <router-link class="button" to="/vpn/wireguard.peers/edit">Create</router-link>
+        <router-link class="button" to="/vpn/wireguard.peers/edit"
-    <button :disabled="selection.length != 1" @click="editPeer">Edit</button>
+            >Create</router-link
-    <button :disabled="selection.length != 1" @click="deletePeer">Delete</button>
+        >
+        <button :disabled="selection.length != 1" @click="editPeer">
+            Edit
+        </button>
+        <button :disabled="selection.length != 1" @click="deletePeer">
+            Delete
+        </button>
     </TableView>
 </template>

src/config_manager.rs

@@ -1,11 +1,11 @@
 use super::definitions::config::Config;
+use garde::Validate;
 use pwhash::sha512_crypt;
 use serde::Serialize;
 use std::fs;
 use std::sync::{Arc, Mutex, MutexGuard};
 use thiserror::Error;
 use tracing::{error, info};
-use validator::Validate;
 
 #[derive(Error, Debug)]
 pub enum ConfigError {
@@ -13,7 +13,7 @@ pub enum ConfigError {
     SerdeError(#[from] serde_json::Error),
 
     #[error("Validation Error")]
-    ValidatonError(#[from] validator::ValidationErrors),
+    ValidatonError(#[from] garde::Report),
 
     #[error("Hash Error")]
     HashError(#[from] pwhash::error::Error),

src/definitions/config.rs

@@ -1,5 +1,5 @@
+use garde::Validate;
 use serde::{Deserialize, Serialize};
-use validator::Validate;
 
 use super::firewall;
 use super::firewall::SNATType;
@@ -17,13 +17,21 @@ use super::vpn;
 use crate::macro_db;
 
 #[derive(Serialize, Deserialize, Clone, Validate, Default, Debug)]
+#[garde(context(Config))]
 pub struct Config {
+    #[garde(skip)]
     pub config_version: u64,
+    #[garde(dive)]
     pub network: network::Network,
+    #[garde(dive)]
     pub object: object::Object,
+    #[garde(dive)]
     pub system: system::System,
+    #[garde(dive)]
     pub service: service::Service,
+    #[garde(dive)]
     pub vpn: vpn::VPN,
+    #[garde(dive)]
     pub firewall: firewall::Firewall,
 }
 

src/definitions/firewall.rs

@@ -1,14 +1,21 @@
+use super::config::Config;
+use garde::Validate;
 use serde::{Deserialize, Serialize};
-use validator::Validate;
 
 #[derive(Serialize, Deserialize, Clone, Validate, Default, Debug)]
+#[garde(context(Config))]
 pub struct Firewall {
+    #[garde(dive)]
     pub forward_rules: Vec<ForwardRule>,
+    #[garde(dive)]
     pub destination_nat_rules: Vec<DestinationNATRule>,
+    #[garde(dive)]
     pub source_nat_rules: Vec<SourceNATRule>,
 }
 
 #[derive(Serialize, Deserialize, Clone, Validate, Debug)]
+#[garde(context(Config))]
+#[garde(allow_unvalidated)]
 pub struct ForwardRule {
     pub name: String,
     pub services: Vec<String>,
@@ -20,6 +27,8 @@ pub struct ForwardRule {
 }
 
 #[derive(Serialize, Deserialize, Clone, Validate, Debug)]
+#[garde(context(Config))]
+#[garde(allow_unvalidated)]
 pub struct DestinationNATRule {
     pub name: String,
     pub services: Vec<String>,
@@ -32,6 +41,8 @@ pub struct DestinationNATRule {
 }
 
 #[derive(Serialize, Deserialize, Clone, Validate, Debug)]
+#[garde(context(Config))]
+#[garde(allow_unvalidated)]
 pub struct SourceNATRule {
     pub name: String,
     pub services: Vec<String>,

src/definitions/network.rs

@@ -1,15 +1,23 @@
+use super::config::Config;
+use crate::validation;
+use garde::Validate;
 use ipnet::IpNet;
 use serde::{Deserialize, Serialize};
-use validator::Validate;
 
 #[derive(Serialize, Deserialize, Clone, Validate, Default, Debug)]
+#[garde(context(Config))]
 pub struct Network {
+    #[garde(dive)]
     pub interfaces: Vec<NetworkInterface>,
+    #[garde(dive)]
     pub static_routes: Vec<StaticRoute>,
 }
 
 #[derive(Serialize, Deserialize, Clone, Validate, Debug)]
+#[garde(context(Config))]
+#[garde(allow_unvalidated)]
 pub struct NetworkInterface {
+    #[garde(custom(validation::validate_name))]
     pub name: String,
     pub alias: String,
     pub comment: String,
@@ -39,7 +47,10 @@ pub enum AddressingMode {
 }
 
 #[derive(Serialize, Deserialize, Clone, Validate, Debug)]
+#[garde(context(Config))]
+#[garde(allow_unvalidated)]
 pub struct StaticRoute {
+    #[garde(custom(validation::validate_name))]
     pub name: String,
     pub interface: String,
     pub gateway: String,
@@ -49,6 +60,8 @@ pub struct StaticRoute {
 }
 
 #[derive(Serialize, Deserialize, Clone, Validate, Debug)]
+#[garde(context(Config))]
+#[garde(allow_unvalidated)]
 pub struct Link {
     pub name: String,
 }

src/definitions/object.rs

@@ -1,16 +1,24 @@
+use super::config::Config;
+use crate::validation;
+use garde::Validate;
 use ipnet::IpNet;
 use serde::{Deserialize, Serialize};
 use std::net::IpAddr;
-use validator::Validate;
 
 #[derive(Serialize, Deserialize, Clone, Validate, Default, Debug)]
+#[garde(context(Config))]
 pub struct Object {
+    #[garde(dive)]
     pub addresses: Vec<Address>,
+    #[garde(dive)]
     pub services: Vec<Service>,
 }
 
 #[derive(Serialize, Deserialize, Clone, Validate, Debug)]
+#[garde(context(Config))]
+#[garde(allow_unvalidated)]
 pub struct Address {
+    #[garde(custom(validation::validate_name))]
     pub name: String,
     pub address_type: AddressType,
     pub comment: String,
@@ -26,7 +34,10 @@ pub enum AddressType {
 }
 
 #[derive(Serialize, Deserialize, Clone, Validate, Debug)]
+#[garde(context(Config))]
+#[garde(allow_unvalidated)]
 pub struct Service {
+    #[garde(custom(validation::validate_name))]
     pub name: String,
     pub service_type: ServiceType,
     pub comment: String,

src/definitions/service.rs

@@ -1,15 +1,22 @@
+use super::config::Config;
+use garde::Validate;
 use macaddr::MacAddr8;
 use serde::{Deserialize, Serialize};
-use validator::Validate;
 
 #[derive(Serialize, Deserialize, Clone, Validate, Default, Debug)]
+#[garde(context(Config))]
 pub struct Service {
+    #[garde(dive)]
     pub dhcp_servers: Vec<DHCPServer>,
+    #[garde(dive)]
     pub dns_servers: Vec<DNSServer>,
+    #[garde(dive)]
     pub ntp_servers: Vec<NTPServer>,
 }
 
 #[derive(Serialize, Deserialize, Clone, Validate, Debug)]
+#[garde(context(Config))]
+#[garde(allow_unvalidated)]
 pub struct DHCPServer {
     pub name: String,
     pub interface: String,
@@ -23,6 +30,8 @@ pub struct DHCPServer {
 }
 
 #[derive(Serialize, Deserialize, Clone, Validate, Default, Debug)]
+#[garde(context(Config))]
+#[garde(allow_unvalidated)]
 pub struct DNSServer {
     pub name: String,
     pub interface: String,
@@ -30,6 +39,8 @@ pub struct DNSServer {
 }
 
 #[derive(Serialize, Deserialize, Clone, Validate, Default, Debug)]
+#[garde(context(Config))]
+#[garde(allow_unvalidated)]
 pub struct NTPServer {
     pub name: String,
     pub interface: String,

src/definitions/system.rs

@@ -1,13 +1,20 @@
+use super::config::Config;
+use crate::validation;
+use garde::Validate;
 use serde::{Deserialize, Serialize};
-use validator::Validate;
 
 #[derive(Serialize, Deserialize, Clone, Validate, Default, Debug)]
+#[garde(context(Config))]
 pub struct System {
+    #[garde(dive)]
     pub users: Vec<User>,
 }
 
 #[derive(Serialize, Deserialize, Clone, Validate, Default, Debug)]
+#[garde(context(Config))]
+#[garde(allow_unvalidated)]
 pub struct User {
+    #[garde(custom(validation::validate_name))]
     pub name: String,
     pub comment: String,
     pub hash: String,

src/definitions/vpn.rs

@@ -1,19 +1,29 @@
+use super::config::Config;
+use crate::validation;
+use garde::Validate;
 use serde::{Deserialize, Serialize};
-use validator::Validate;
 
 #[derive(Serialize, Deserialize, Clone, Validate, Default, Debug)]
+#[garde(context(Config))]
 pub struct VPN {
+    #[garde(dive)]
     pub wireguard: Wireguard,
 }
 
 #[derive(Serialize, Deserialize, Clone, Validate, Default, Debug)]
+#[garde(context(Config))]
 pub struct Wireguard {
+    #[garde(dive)]
     pub interfaces: Vec<WireguardInterface>,
+    #[garde(dive)]
     pub peers: Vec<WireguardPeer>,
 }
 
 #[derive(Serialize, Deserialize, Clone, Validate, Debug)]
+#[garde(context(Config))]
+#[garde(allow_unvalidated)]
 pub struct WireguardInterface {
+    #[garde(custom(validation::validate_name))]
     pub name: String,
     pub public_key: String,
     pub private_key: String,
@@ -23,7 +33,10 @@ pub struct WireguardInterface {
 }
 
 #[derive(Serialize, Deserialize, Clone, Validate, Debug)]
+#[garde(context(Config))]
+#[garde(allow_unvalidated)]
 pub struct WireguardPeer {
+    #[garde(custom(validation::validate_name))]
     pub name: String,
     pub public_key: String,
     pub preshared_key: Option<String>,

src/main.rs

@@ -25,6 +25,7 @@ mod config_manager;
 mod definitions;
 mod state;
 mod templates;
+mod validation;
 mod web;
 
 #[tokio::main]

src/validation/mod.rs

@@ -0,0 +1,16 @@
+use {
+    crate::definitions::config::Config, garde::rules::pattern::Matcher, once_cell::sync::Lazy,
+    regex::Regex,
+};
+
+pub fn validate_name(value: &str, _: &Config) -> garde::Result {
+    if value.len() > 32 {
+        return Err(garde::Error::new("name is longer than 32"));
+    }
+
+    static RE: Lazy<Regex> = Lazy::new(|| Regex::new(r"/^[0-9A-Za-z_-]*$/g").unwrap());
+    if !RE.is_match(value) {
+        return Err(garde::Error::new("name must only contain 0-9A-Za-z_-"));
+    }
+    Ok(())
+}