diff --git a/src/app.module.ts b/src/app.module.ts index f53906f..b159812 100644 --- a/src/app.module.ts +++ b/src/app.module.ts @@ -6,7 +6,7 @@ import { AppService } from './app.service'; import { ObjectsModule } from './modules/objects/objects.module'; import { ZoneModule } from './modules/zone/zone.module'; import configuration from './config/configuration'; -import { IcynetModule } from './modules/icynet/icynet.module'; +import { ManagementModule } from './modules/management/management.module'; @Module({ imports: [ @@ -18,7 +18,7 @@ import { IcynetModule } from './modules/icynet/icynet.module'; }), ObjectsModule, ZoneModule, - IcynetModule, + ManagementModule, ], controllers: [AppController], providers: [AppService], diff --git a/src/config/configuration.ts b/src/config/configuration.ts index e20390e..bf98710 100644 --- a/src/config/configuration.ts +++ b/src/config/configuration.ts @@ -11,10 +11,13 @@ export default () => ({ }, cacheTTL: parseInt(process.env.ZONE_CACHE_TTL, 10) || 1600, zoneDir: '.', - icynetKey: process.env.ICYNET_KEY || 'ch4ng3 m3!', + managementKey: process.env.MANAGEMENT_KEY || 'ch4ng3 m3!', rndc: { host: process.env.RNDC_SERVER || '127.0.0.1', port: parseInt(process.env.RNDC_PORT, 10) || 953, keyFile: process.env.RNDC_KEYFILE || 'rndc.key', }, + managementIPs: process.env.MANAGEMENT_IP + ? JSON.parse(process.env.MANAGEMENT_IP) + : ['127.0.0.1'], }); diff --git a/src/guards/icynet.guard.ts b/src/guards/management.guard.ts similarity index 74% rename from src/guards/icynet.guard.ts rename to src/guards/management.guard.ts index 228c8bb..0344378 100644 --- a/src/guards/icynet.guard.ts +++ b/src/guards/management.guard.ts @@ -4,19 +4,22 @@ import { Request } from 'express'; import { timingSafeEqual } from 'crypto'; @Injectable() -export class IcynetGuard implements CanActivate { +export class ManagementGuard implements CanActivate { constructor(private config: ConfigService) {} async canActivate(context: ExecutionContext): Promise { const request = context.switchToHttp().getRequest(); - const authHeader = request.headers.authorization; + const ips = this.config.get('managementIPs'); + if (ips.length && !ips.includes(request.ip)) return; + + const authHeader = request.headers.authorization; if (!authHeader) return false; const [base, token] = authHeader.split(' '); if (!base || base.toLowerCase() !== 'bearer' || !token) return false; - const configured = this.config.get('icynetKey'); + const configured = this.config.get('managementKey'); return timingSafeEqual(Buffer.from(token), Buffer.from(configured)); } diff --git a/src/guards/zone-access.guard.ts b/src/guards/zone-access.guard.ts index d19becd..a96dbb2 100644 --- a/src/guards/zone-access.guard.ts +++ b/src/guards/zone-access.guard.ts @@ -1,10 +1,10 @@ import { Injectable, CanActivate, ExecutionContext } from '@nestjs/common'; import { Request, Response } from 'express'; -import { ManagerService } from 'src/modules/objects/manager/manager.service'; +import { DatabaseService } from 'src/modules/objects/database/database.service'; @Injectable() export class ZoneAccessGuard implements CanActivate { - constructor(private service: ManagerService) {} + constructor(private service: DatabaseService) {} async canActivate(context: ExecutionContext): Promise { const request = context.switchToHttp().getRequest(); diff --git a/src/interceptors/domain.interceptor.ts b/src/interceptors/domain.interceptor.ts index 1a65cfb..63a36e8 100644 --- a/src/interceptors/domain.interceptor.ts +++ b/src/interceptors/domain.interceptor.ts @@ -11,14 +11,14 @@ import { resolve } from 'path'; import { from, Observable, of } from 'rxjs'; import { switchMap } from 'rxjs/operators'; import { DNSCacheService } from 'src/modules/objects/dns/dns-cache.service'; -import { ManagerService } from 'src/modules/objects/manager/manager.service'; +import { DatabaseService } from 'src/modules/objects/database/database.service'; import { CachedZone } from 'src/types/dns.interfaces'; @Injectable() export class DomainInterceptor implements NestInterceptor { constructor( private dns: DNSCacheService, - private manage: ManagerService, + private manage: DatabaseService, private config: ConfigService, ) {} diff --git a/src/modules/icynet/icynet.controller.ts b/src/modules/management/management.controller.ts similarity index 83% rename from src/modules/icynet/icynet.controller.ts rename to src/modules/management/management.controller.ts index e150e5c..8215bca 100644 --- a/src/modules/icynet/icynet.controller.ts +++ b/src/modules/management/management.controller.ts @@ -10,17 +10,17 @@ import { UseGuards, } from '@nestjs/common'; import { ApiExcludeController } from '@nestjs/swagger'; -import { IcynetGuard } from 'src/guards/icynet.guard'; -import { ManagerService } from '../objects/manager/manager.service'; -import { ZoneEntity } from '../objects/manager/zone.entity'; +import { ManagementGuard } from 'src/guards/management.guard'; +import { DatabaseService } from '../objects/database/database.service'; +import { ZoneEntity } from '../objects/database/zone.entity'; @ApiExcludeController() -@UseGuards(IcynetGuard) +@UseGuards(ManagementGuard) @Controller({ - path: 'api/v1/icynet', + path: 'api/v1/management', }) -export class IcynetController { - constructor(private service: ManagerService) {} +export class ManagementController { + constructor(private service: DatabaseService) {} @Get('zones') async getZoneList(@Query('uuid') uuid?: string) { diff --git a/src/modules/icynet/icynet.module.ts b/src/modules/management/management.module.ts similarity index 51% rename from src/modules/icynet/icynet.module.ts rename to src/modules/management/management.module.ts index fc9b2f4..c3bc965 100644 --- a/src/modules/icynet/icynet.module.ts +++ b/src/modules/management/management.module.ts @@ -1,9 +1,9 @@ import { Module } from '@nestjs/common'; import { ObjectsModule } from '../objects/objects.module'; -import { IcynetController } from './icynet.controller'; +import { ManagementController } from './management.controller'; @Module({ imports: [ObjectsModule], - controllers: [IcynetController], + controllers: [ManagementController], }) -export class IcynetModule {} +export class ManagementModule {} diff --git a/src/modules/objects/manager/access.entity.ts b/src/modules/objects/database/access.entity.ts similarity index 84% rename from src/modules/objects/manager/access.entity.ts rename to src/modules/objects/database/access.entity.ts index 0ce002f..9062695 100644 --- a/src/modules/objects/manager/access.entity.ts +++ b/src/modules/objects/database/access.entity.ts @@ -19,6 +19,12 @@ export class AccessEntity { @ManyToOne(() => ZoneEntity, { onDelete: 'CASCADE' }) zone: ZoneEntity; + @Column({ default: true }) + allow_soa: boolean; + + @Column({ default: true }) + allow_zone: boolean; + @CreateDateColumn() public created_at: Date; diff --git a/src/modules/objects/manager/manager.module.ts b/src/modules/objects/database/database.module.ts similarity index 70% rename from src/modules/objects/manager/manager.module.ts rename to src/modules/objects/database/database.module.ts index 907ada3..8489223 100644 --- a/src/modules/objects/manager/manager.module.ts +++ b/src/modules/objects/database/database.module.ts @@ -2,14 +2,14 @@ import { Module } from '@nestjs/common'; import { TypeOrmModule } from '@nestjs/typeorm'; import { AccessEntity } from './access.entity'; import { IcynetActorEntity } from './icynet.entity'; -import { ManagerService } from './manager.service'; +import { DatabaseService } from './database.service'; import { ZoneEntity } from './zone.entity'; @Module({ imports: [ TypeOrmModule.forFeature([AccessEntity, ZoneEntity, IcynetActorEntity]), ], - providers: [ManagerService], - exports: [ManagerService], + providers: [DatabaseService], + exports: [DatabaseService], }) -export class ManagerModule {} +export class DatabaseModule {} diff --git a/src/modules/objects/manager/manager.service.ts b/src/modules/objects/database/database.service.ts similarity index 99% rename from src/modules/objects/manager/manager.service.ts rename to src/modules/objects/database/database.service.ts index 1eb15bf..e30b7d6 100644 --- a/src/modules/objects/manager/manager.service.ts +++ b/src/modules/objects/database/database.service.ts @@ -7,7 +7,7 @@ import { IcynetActorEntity } from './icynet.entity'; import { ZoneEntity } from './zone.entity'; @Injectable() -export class ManagerService { +export class DatabaseService { constructor( @InjectRepository(AccessEntity) private access: Repository, diff --git a/src/modules/objects/manager/icynet.entity.ts b/src/modules/objects/database/icynet.entity.ts similarity index 100% rename from src/modules/objects/manager/icynet.entity.ts rename to src/modules/objects/database/icynet.entity.ts diff --git a/src/modules/objects/manager/zone.entity.ts b/src/modules/objects/database/zone.entity.ts similarity index 100% rename from src/modules/objects/manager/zone.entity.ts rename to src/modules/objects/database/zone.entity.ts diff --git a/src/modules/objects/objects.module.ts b/src/modules/objects/objects.module.ts index 7bfde6a..573bd61 100644 --- a/src/modules/objects/objects.module.ts +++ b/src/modules/objects/objects.module.ts @@ -1,9 +1,9 @@ import { Module } from '@nestjs/common'; import { DNSModule } from './dns/dns.module'; -import { ManagerModule } from './manager/manager.module'; +import { DatabaseModule } from './database/database.module'; @Module({ - imports: [DNSModule, ManagerModule], - exports: [DNSModule, ManagerModule], + imports: [DNSModule, DatabaseModule], + exports: [DNSModule, DatabaseModule], }) export class ObjectsModule {}