refactoring. convert for go module; totp auth

pashcovich · Nov 18, 2022 · 9e5553e · 9e5553e
1 parent 8ca2faa
commit 9e5553e
Show file tree

Hide file tree

Showing 10 changed files with 532 additions and 389 deletions.
diff --git a/README.md b/README.md
@@ -1,7 +1,7 @@
 # openvpn-user
 
 ## Disclaimer
-```diff
+```
 - Not tested in production environments! 
 ```
 
@@ -12,12 +12,12 @@ Use it on your own risk =)
 A simple tool to use with openvpn when you need to use `–auth-user-pass-verify` or wherever you want
 
 ### Example
-make sure `openvpn-user` binary available through `PATH` variable and you have `auth.sh` script with `+x` rights available to openvpn server
+make sure `openvpn-user` binary available through `PATH` variable and you have [auth.sh](https://github.com/pashcovich/openvpn-user/blob/master/auth.sh) or [auth_totp.sh](https://github.com/pashcovich/openvpn-user/blob/master/auth_totp.sh) script with `+x` rights available to openvpn server
 
 i.e. put binary to `/usr/local/sbin/` and auth script to `/etc/openvpn/scripts/` dir
 
 part of openvpn server config
-```bash
+```
 script-security 2
 auth-user-pass-verify /etc/openvpn/scripts/auth.sh via-file
 ```
@@ -30,50 +30,85 @@ usage: openvpn-user [<flags>] <command> [<args> ...]
 Flags:
   --help                         Show context-sensitive help (also try --help-long and --help-man).
   --db.path="./openvpn-user.db"  path do openvpn-user db
-  --debug                        Enable debug mode.
-  --version                      Show application version.
 
 Commands:
   help [<command>...]
     Show help.
 
+
   db-init
     Init db.
 
+
   db-migrate
     STUB: Migrate db.
 
+
   create --user=USER --password=PASSWORD
     Create user.
 
+    --user=USER          Username.
+    --password=PASSWORD  Password.
+
   delete --user=USER [<flags>]
     Delete user.
 
+    -f, --force      delete from db.
+    -u, --user=USER  Username.
+
   revoke --user=USER
     Revoke user.
 
+    -u, --user=USER  Username.
+
   restore --user=USER
     Restore user.
 
+    -u, --user=USER  Username.
+
   list [<flags>]
     List active users.
 
+    -a, --all  Show all users include revoked and deleted.
+
   check --user=USER
     check user existent.
 
+    -u, --user=USER  Username.
+
   auth --user=USER [<flags>]
     Auth user.
 
+    -u, --user=USER          Username.
+    -p, --password=PASSWORD  Password.
+    -t, --totp=TOTP          TOTP code.
+
   change-password --user=USER --password=PASSWORD
     Change password
 
+    -u, --user=USER          Username.
+    -p, --password=PASSWORD  Password.
+
   update-secret --user=USER [<flags>]
     update OTP secret
 
-  register-app --user=USER
+    -u, --user=USER          Username.
+    -s, --secret="generate"  Secret.
+
+  register-app --user=USER --totp=TOTP
     register 2FA application
 
+    -u, --user=USER  Username.
+    -t, --totp=TOTP  TOTP.
+
+  check-app --user=USER
+    check 2FA application
+
+    -u, --user=USER  Username.
+
   get-secret --user=USER
     get OTP secret
 
+    -u, --user=USER  Username.
+
 ```
diff --git a/auth.sh b/auth.sh
@@ -2,11 +2,12 @@
 
 PATH=$PATH:/usr/local/bin
 set -e
+
 auth_usr=$(head -1 $1)
 auth_passwd=$(tail -1 $1)
 
 if [ $common_name = ${auth_usr} ]; then
-  openvpn-user auth --user ${auth_usr} --password ${auth_passwd}
+  openvpn-user auth --user ${auth_usr} --password ${auth_passwd} # --db.path /etc/openvpn/easyrsa/pki/users.db
 else
   echo "Authorization failed"
   exit 1

diff --git a/auth_totp.sh b/auth_totp.sh
@@ -0,0 +1,14 @@
+#!/usr/bin/env sh
+
+PATH=$PATH:/usr/local/bin
+set -e
+
+auth_usr=$(head -1 $1)
+auth_token=$(tail -1 $1)
+
+if [ $common_name = ${auth_usr} ]; then
+  openvpn-user auth --user ${auth_usr} --totp ${auth_token} # --db.path /etc/openvpn/easyrsa/pki/users.db
+else
+  echo "Authorization failed"
+  exit 1
+fi
diff --git a/go.mod b/go.mod
@@ -1,13 +1,13 @@
-module openvpn-user
+module github.com/pashcovich/openvpn-user
 
 go 1.14
 
 require (
 	github.com/alecthomas/template v0.0.0-20190718012654-fb15b899a751 // indirect
 	github.com/alecthomas/units v0.0.0-20201120081800-1786d5ef83d4 // indirect
 	github.com/dgryski/dgoogauth v0.0.0-20190221195224-5a805980a5f3
-	github.com/mattn/go-sqlite3 v1.14.6
-	github.com/stretchr/testify v1.7.0 // indirect
+	github.com/mattn/go-sqlite3 v1.14.16
+	github.com/sirupsen/logrus v1.9.0
 	golang.org/x/crypto v0.2.0
 	gopkg.in/alecthomas/kingpin.v2 v2.2.6
 )
diff --git a/go.sum b/go.sum
@@ -2,14 +2,17 @@ github.com/alecthomas/template v0.0.0-20190718012654-fb15b899a751 h1:JYp7IbQjafo
 github.com/alecthomas/template v0.0.0-20190718012654-fb15b899a751/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc=
 github.com/alecthomas/units v0.0.0-20201120081800-1786d5ef83d4 h1:EBTWhcAX7rNQ80RLwLCpHZBBrJuzallFHnF+yMXo928=
 github.com/alecthomas/units v0.0.0-20201120081800-1786d5ef83d4/go.mod h1:OMCwj8VM1Kc9e19TLln2VL61YJF0x1XFtfdL4JdbSyE=
-github.com/davecgh/go-spew v1.1.0 h1:ZDRjVQ15GmhC3fiQ8ni8+OwkZQO4DARzQgrnXU1Liz8=
 github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
+github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
+github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/dgryski/dgoogauth v0.0.0-20190221195224-5a805980a5f3 h1:AqeKSZIG/NIC75MNQlPy/LM3LxfpLwahICJBHwSMFNc=
 github.com/dgryski/dgoogauth v0.0.0-20190221195224-5a805980a5f3/go.mod h1:hEfFauPHz7+NnjR/yHJGhrKo1Za+zStgwUETx3yzqgY=
-github.com/mattn/go-sqlite3 v1.14.6 h1:dNPt6NO46WmLVt2DLNpwczCmdV5boIZ6g/tlDrlRUbg=
-github.com/mattn/go-sqlite3 v1.14.6/go.mod h1:NyWgC/yNuGj7Q9rpYnZvas74GogHl5/Z4A/KQRfk6bU=
+github.com/mattn/go-sqlite3 v1.14.16 h1:yOQRA0RpS5PFz/oikGwBEqvAWhWg5ufRz4ETLjwpU1Y=
+github.com/mattn/go-sqlite3 v1.14.16/go.mod h1:2eHXhiwb8IkHr+BDWZGa96P6+rkvnG63S2DGjv9HUNg=
 github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
 github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
+github.com/sirupsen/logrus v1.9.0 h1:trlNQbNUG3OdDrDil03MCb1H2o9nJ1x4/5LYw7byDE0=
+github.com/sirupsen/logrus v1.9.0/go.mod h1:naHLuLoDiP4jHNo9R0sCBMtWGeIprob74mVsIT4qYEQ=
 github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
 github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4=
 github.com/stretchr/testify v1.7.0 h1:nwc3DEeHmmLAfoZucVR881uASk0Mfjw8xYJ99tb5CcY=
@@ -30,7 +33,9 @@ golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5h
 golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.2.0 h1:ljd4t30dBnAvMZaQCevtY0xLLD0A+bRZXbgLMLU1F/A=
 golang.org/x/sys v0.2.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
 golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=