Add name validation

swap validator with garde, update deps
Fix editing and name column of wireguard peers
2025-05-12 11:18:21 +00:00 · 2024-07-27 23:16:07 +02:00 · 2024-07-27 21:15:09 +02:00 · 2024-07-27 19:07:12 +02:00
13 changed files with 955 additions and 523 deletions
--- a/Cargo.lock
+++ b/Cargo.lock
--- a/Cargo.toml
+++ b/Cargo.toml
@ -22,7 +22,9 @@ tower-http = "0.4.4"
 tracing = "0.1.40"
 tracing-subscriber = "0.3.17"
 uuid = { version = "1.5.0", features = ["v4"] }
-validator = { version = "0.15", features = ["derive"] }
 tera = "1"
 lazy_static = "1.4.0"
+garde = { version = "0.20.0", features = ["full"] }
+once_cell = "1.19.0"
+regex = "1.10.5"

--- a/client/src/pages/vpn/wireguard.peers.vue
+++ b/client/src/pages/vpn/wireguard.peers.vue
@ -1,6 +1,6 @@
 <script setup lang="ts">
-import { apiCall } from '../../api';
-import getPlugins from '../../plugins';
+import { apiCall } from "../../api";
+import getPlugins from "../../plugins";
 const p = getPlugins();

 let peers = $ref({});
@ -8,65 +8,81 @@ let loading = $ref(false);
 let selection = $ref([] as number[]);

 const columns = [
-  {heading: 'Name', path: 'name'},
-  {heading: 'Allowed IPs', path: 'allowed_ips'},
-  {heading: 'Endpoint', path: 'endpoint'},
-  {heading: 'Persistent Keepalive', path: 'persistent_keepalive'},
-  {heading: 'Comment', path: 'comment'},
+    { heading: "Name", path: "name" },
+    { heading: "Allowed IPs", path: "allowed_ips" },
+    { heading: "Endpoint", path: "endpoint" },
+    { heading: "Persistent Keepalive", path: "persistent_keepalive" },
+    { heading: "Comment", path: "comment" },
 ];

 const displayData = $computed(() => {
-  let data: any;
-  data = [];
-  for (const name in peers) {
-    data.push({
-      name,
-      allowed_ips: peers[name].allowed_ips,
-      endpoint: peers[name].endpoint,
-      persistent_keepalive: peers[name].persistent_keepalive,
-      comment: peers[name].comment,
-    });
-  }
-  return data;
+    let data: any;
+    data = [];
+    for (const index in peers) {
+        data.push({
+            name: peers[index].name,
+            allowed_ips: peers[index].allowed_ips,
+            endpoint: peers[index].endpoint,
+            persistent_keepalive: peers[index].persistent_keepalive,
+            comment: peers[index].comment,
+        });
+    }
+    return data;
 });

-async function load(){
-  loading = true;
-  let res = await apiCall('vpn.wireguard.peers.list', {});
-  if (res.Error === null) {
-    console.debug('peers', res.Data);
-    peers = res.Data;
-  } else {
-    console.debug('error', res);
-  }
-  loading = false;
+async function load() {
+    loading = true;
+    let res = await apiCall("vpn.wireguard.peers.list", {});
+    if (res.Error === null) {
+        console.debug("peers", res.Data);
+        peers = res.Data;
+    } else {
+        console.debug("error", res);
+    }
+    loading = false;
 }

-async function deletePeer(){
-  let res = await apiCall('vpn.wireguard.peers.delete', {name: displayData[selection[0]].name});
-  if (res.Error === null) {
-    console.debug('deleted peer');
-  } else {
-    console.debug('error', res);
-  }
-  load();
+async function deletePeer() {
+    let res = await apiCall("vpn.wireguard.peers.delete", {
+        name: displayData[selection[0]].name,
+    });
+    if (res.Error === null) {
+        console.debug("deleted peer");
+    } else {
+        console.debug("error", res);
+    }
+    load();
 }

 async function editPeer() {
-  p.router.push(`/vpn/wireguard.peers/edit/${  displayData[selection[0]].name}`);
+    p.router.push(
+        `/vpn/wireguard.peers/edit/${displayData[selection[0]].name}`,
+    );
 }

-onMounted(async() => {
-  load();
+onMounted(async () => {
+    load();
 });
-
 </script>

 <template>
-  <TableView v-model:selection="selection" v-model:data="displayData" title="Peers" :columns="columns" :loading="loading" :table-props="{sort:true, sortSelf: true}">
-    <button @click="load">Refresh</button>
-    <router-link class="button" to="/vpn/wireguard.peers/edit">Create</router-link>
-    <button :disabled="selection.length != 1" @click="editPeer">Edit</button>
-    <button :disabled="selection.length != 1" @click="deletePeer">Delete</button>
-  </TableView>
+    <TableView
+        v-model:selection="selection"
+        v-model:data="displayData"
+        title="Peers"
+        :columns="columns"
+        :loading="loading"
+        :table-props="{ sort: true, sortSelf: true }"
+    >
+        <button @click="load">Refresh</button>
+        <router-link class="button" to="/vpn/wireguard.peers/edit"
+            >Create</router-link
+        >
+        <button :disabled="selection.length != 1" @click="editPeer">
+            Edit
+        </button>
+        <button :disabled="selection.length != 1" @click="deletePeer">
+            Delete
+        </button>
+    </TableView>
 </template>
--- a/src/config_manager.rs
+++ b/src/config_manager.rs
@ -1,11 +1,11 @@
 use super::definitions::config::Config;
+use garde::Validate;
 use pwhash::sha512_crypt;
 use serde::Serialize;
 use std::fs;
 use std::sync::{Arc, Mutex, MutexGuard};
 use thiserror::Error;
 use tracing::{error, info};
-use validator::Validate;

 #[derive(Error, Debug)]
 pub enum ConfigError {
@ -13,7 +13,7 @@ pub enum ConfigError {
    SerdeError(#[from] serde_json::Error),

    #[error("Validation Error")]
-    ValidatonError(#[from] validator::ValidationErrors),
+    ValidatonError(#[from] garde::Report),

    #[error("Hash Error")]
    HashError(#[from] pwhash::error::Error),
--- a/src/definitions/config.rs
+++ b/src/definitions/config.rs
@ -1,5 +1,5 @@
+use garde::Validate;
 use serde::{Deserialize, Serialize};
-use validator::Validate;

 use super::firewall;
 use super::firewall::SNATType;
@ -17,13 +17,21 @@ use super::vpn;
 use crate::macro_db;

 #[derive(Serialize, Deserialize, Clone, Validate, Default, Debug)]
+#[garde(context(Config))]
 pub struct Config {
+    #[garde(skip)]
    pub config_version: u64,
+    #[garde(dive)]
    pub network: network::Network,
+    #[garde(dive)]
    pub object: object::Object,
+    #[garde(dive)]
    pub system: system::System,
+    #[garde(dive)]
    pub service: service::Service,
+    #[garde(dive)]
    pub vpn: vpn::VPN,
+    #[garde(dive)]
    pub firewall: firewall::Firewall,
 }

--- a/src/definitions/firewall.rs
+++ b/src/definitions/firewall.rs
@ -1,14 +1,21 @@
+use super::config::Config;
+use garde::Validate;
 use serde::{Deserialize, Serialize};
-use validator::Validate;

 #[derive(Serialize, Deserialize, Clone, Validate, Default, Debug)]
+#[garde(context(Config))]
 pub struct Firewall {
+    #[garde(dive)]
    pub forward_rules: Vec<ForwardRule>,
+    #[garde(dive)]
    pub destination_nat_rules: Vec<DestinationNATRule>,
+    #[garde(dive)]
    pub source_nat_rules: Vec<SourceNATRule>,
 }

 #[derive(Serialize, Deserialize, Clone, Validate, Debug)]
+#[garde(context(Config))]
+#[garde(allow_unvalidated)]
 pub struct ForwardRule {
    pub name: String,
    pub services: Vec<String>,
@ -20,6 +27,8 @@ pub struct ForwardRule {
 }

 #[derive(Serialize, Deserialize, Clone, Validate, Debug)]
+#[garde(context(Config))]
+#[garde(allow_unvalidated)]
 pub struct DestinationNATRule {
    pub name: String,
    pub services: Vec<String>,
@ -32,6 +41,8 @@ pub struct DestinationNATRule {
 }

 #[derive(Serialize, Deserialize, Clone, Validate, Debug)]
+#[garde(context(Config))]
+#[garde(allow_unvalidated)]
 pub struct SourceNATRule {
    pub name: String,
    pub services: Vec<String>,
--- a/src/definitions/network.rs
+++ b/src/definitions/network.rs
@ -1,15 +1,23 @@
+use super::config::Config;
+use crate::validation;
+use garde::Validate;
 use ipnet::IpNet;
 use serde::{Deserialize, Serialize};
-use validator::Validate;

 #[derive(Serialize, Deserialize, Clone, Validate, Default, Debug)]
+#[garde(context(Config))]
 pub struct Network {
+    #[garde(dive)]
    pub interfaces: Vec<NetworkInterface>,
+    #[garde(dive)]
    pub static_routes: Vec<StaticRoute>,
 }

 #[derive(Serialize, Deserialize, Clone, Validate, Debug)]
+#[garde(context(Config))]
+#[garde(allow_unvalidated)]
 pub struct NetworkInterface {
+    #[garde(custom(validation::validate_name))]
    pub name: String,
    pub alias: String,
    pub comment: String,
@ -39,7 +47,10 @@ pub enum AddressingMode {
 }

 #[derive(Serialize, Deserialize, Clone, Validate, Debug)]
+#[garde(context(Config))]
+#[garde(allow_unvalidated)]
 pub struct StaticRoute {
+    #[garde(custom(validation::validate_name))]
    pub name: String,
    pub interface: String,
    pub gateway: String,
@ -49,6 +60,8 @@ pub struct StaticRoute {
 }

 #[derive(Serialize, Deserialize, Clone, Validate, Debug)]
+#[garde(context(Config))]
+#[garde(allow_unvalidated)]
 pub struct Link {
    pub name: String,
 }
--- a/src/definitions/object.rs
+++ b/src/definitions/object.rs
@ -1,16 +1,24 @@
+use super::config::Config;
+use crate::validation;
+use garde::Validate;
 use ipnet::IpNet;
 use serde::{Deserialize, Serialize};
 use std::net::IpAddr;
-use validator::Validate;

 #[derive(Serialize, Deserialize, Clone, Validate, Default, Debug)]
+#[garde(context(Config))]
 pub struct Object {
+    #[garde(dive)]
    pub addresses: Vec<Address>,
+    #[garde(dive)]
    pub services: Vec<Service>,
 }

 #[derive(Serialize, Deserialize, Clone, Validate, Debug)]
+#[garde(context(Config))]
+#[garde(allow_unvalidated)]
 pub struct Address {
+    #[garde(custom(validation::validate_name))]
    pub name: String,
    pub address_type: AddressType,
    pub comment: String,
@ -26,7 +34,10 @@ pub enum AddressType {
 }

 #[derive(Serialize, Deserialize, Clone, Validate, Debug)]
+#[garde(context(Config))]
+#[garde(allow_unvalidated)]
 pub struct Service {
+    #[garde(custom(validation::validate_name))]
    pub name: String,
    pub service_type: ServiceType,
    pub comment: String,
--- a/src/definitions/service.rs
+++ b/src/definitions/service.rs
@ -1,15 +1,22 @@
+use super::config::Config;
+use garde::Validate;
 use macaddr::MacAddr8;
 use serde::{Deserialize, Serialize};
-use validator::Validate;

 #[derive(Serialize, Deserialize, Clone, Validate, Default, Debug)]
+#[garde(context(Config))]
 pub struct Service {
+    #[garde(dive)]
    pub dhcp_servers: Vec<DHCPServer>,
+    #[garde(dive)]
    pub dns_servers: Vec<DNSServer>,
+    #[garde(dive)]
    pub ntp_servers: Vec<NTPServer>,
 }

 #[derive(Serialize, Deserialize, Clone, Validate, Debug)]
+#[garde(context(Config))]
+#[garde(allow_unvalidated)]
 pub struct DHCPServer {
    pub name: String,
    pub interface: String,
@ -23,6 +30,8 @@ pub struct DHCPServer {
 }

 #[derive(Serialize, Deserialize, Clone, Validate, Default, Debug)]
+#[garde(context(Config))]
+#[garde(allow_unvalidated)]
 pub struct DNSServer {
    pub name: String,
    pub interface: String,
@ -30,6 +39,8 @@ pub struct DNSServer {
 }

 #[derive(Serialize, Deserialize, Clone, Validate, Default, Debug)]
+#[garde(context(Config))]
+#[garde(allow_unvalidated)]
 pub struct NTPServer {
    pub name: String,
    pub interface: String,
--- a/src/definitions/system.rs
+++ b/src/definitions/system.rs
@ -1,13 +1,20 @@
+use super::config::Config;
+use crate::validation;
+use garde::Validate;
 use serde::{Deserialize, Serialize};
-use validator::Validate;

 #[derive(Serialize, Deserialize, Clone, Validate, Default, Debug)]
+#[garde(context(Config))]
 pub struct System {
+    #[garde(dive)]
    pub users: Vec<User>,
 }

 #[derive(Serialize, Deserialize, Clone, Validate, Default, Debug)]
+#[garde(context(Config))]
+#[garde(allow_unvalidated)]
 pub struct User {
+    #[garde(custom(validation::validate_name))]
    pub name: String,
    pub comment: String,
    pub hash: String,
--- a/src/definitions/vpn.rs
+++ b/src/definitions/vpn.rs
@ -1,19 +1,29 @@
+use super::config::Config;
+use crate::validation;
+use garde::Validate;
 use serde::{Deserialize, Serialize};
-use validator::Validate;

 #[derive(Serialize, Deserialize, Clone, Validate, Default, Debug)]
+#[garde(context(Config))]
 pub struct VPN {
+    #[garde(dive)]
    pub wireguard: Wireguard,
 }

 #[derive(Serialize, Deserialize, Clone, Validate, Default, Debug)]
+#[garde(context(Config))]
 pub struct Wireguard {
+    #[garde(dive)]
    pub interfaces: Vec<WireguardInterface>,
+    #[garde(dive)]
    pub peers: Vec<WireguardPeer>,
 }

 #[derive(Serialize, Deserialize, Clone, Validate, Debug)]
+#[garde(context(Config))]
+#[garde(allow_unvalidated)]
 pub struct WireguardInterface {
+    #[garde(custom(validation::validate_name))]
    pub name: String,
    pub public_key: String,
    pub private_key: String,
@ -23,7 +33,10 @@ pub struct WireguardInterface {
 }

 #[derive(Serialize, Deserialize, Clone, Validate, Debug)]
+#[garde(context(Config))]
+#[garde(allow_unvalidated)]
 pub struct WireguardPeer {
+    #[garde(custom(validation::validate_name))]
    pub name: String,
    pub public_key: String,
    pub preshared_key: Option<String>,
--- a/src/main.rs
+++ b/src/main.rs
@ -25,6 +25,7 @@ mod config_manager;
 mod definitions;
 mod state;
 mod templates;
+mod validation;
 mod web;

 #[tokio::main]
--- a/src/validation/mod.rs
+++ b/src/validation/mod.rs
@ -0,0 +1,16 @@
+use {
+    crate::definitions::config::Config, garde::rules::pattern::Matcher, once_cell::sync::Lazy,
+    regex::Regex,
+};
+
+pub fn validate_name(value: &str, _: &Config) -> garde::Result {
+    if value.len() > 32 {
+        return Err(garde::Error::new("name is longer than 32"));
+    }
+
+    static RE: Lazy<Regex> = Lazy::new(|| Regex::new(r"/^[0-9A-Za-z_-]*$/g").unwrap());
+    if !RE.is_match(value) {
+        return Err(garde::Error::new("name must only contain 0-9A-Za-z_-"));
+    }
+    Ok(())
+}
Author	SHA1	Message	Date
Samuel Lorch	cfb3d0a3b0	Add name validation	2024-07-27 23:16:07 +02:00
Samuel Lorch	7d0b9c5c3b	swap validator with garde, update deps	2024-07-27 21:15:09 +02:00
Samuel Lorch	32e209b996	Fix editing and name column of wireguard peers	2024-07-27 19:07:12 +02:00