package main import ( "encoding/json" "net/http" "imuslab.com/zoraxy/mod/auth" "imuslab.com/zoraxy/mod/utils" ) /* API.go This file contains all the API called by the web management interface */ func initAPIs() { requireAuth := !(*noauth || handler.IsUsingExternalPermissionManager()) authRouter := auth.NewManagedHTTPRouter(auth.RouterOption{ AuthAgent: authAgent, RequireAuth: requireAuth, DeniedHandler: func(w http.ResponseWriter, r *http.Request) { http.Error(w, "401 - Unauthorized", http.StatusUnauthorized) }, }) //Register the standard web services urls fs := http.FileServer(http.Dir("./web")) if requireAuth { //Add a layer of middleware for auth control authHandler := AuthFsHandler(fs) http.Handle("/", authHandler) } else { http.Handle("/", fs) } //Authentication APIs registerAuthAPIs(requireAuth) //Reverse proxy authRouter.HandleFunc("/api/proxy/enable", ReverseProxyHandleOnOff) authRouter.HandleFunc("/api/proxy/add", ReverseProxyHandleAddEndpoint) authRouter.HandleFunc("/api/proxy/status", ReverseProxyStatus) authRouter.HandleFunc("/api/proxy/list", ReverseProxyList) authRouter.HandleFunc("/api/proxy/del", DeleteProxyEndpoint) authRouter.HandleFunc("/api/proxy/setIncoming", HandleIncomingPortSet) authRouter.HandleFunc("/api/proxy/useHttpsRedirect", HandleUpdateHttpsRedirect) authRouter.HandleFunc("/api/proxy/requestIsProxied", HandleManagementProxyCheck) //TLS / SSL config authRouter.HandleFunc("/api/cert/tls", handleToggleTLSProxy) authRouter.HandleFunc("/api/cert/upload", handleCertUpload) authRouter.HandleFunc("/api/cert/list", handleListCertificate) authRouter.HandleFunc("/api/cert/checkDefault", handleDefaultCertCheck) authRouter.HandleFunc("/api/cert/delete", handleCertRemove) //Redirection config authRouter.HandleFunc("/api/redirect/list", handleListRedirectionRules) authRouter.HandleFunc("/api/redirect/add", handleAddRedirectionRule) authRouter.HandleFunc("/api/redirect/delete", handleDeleteRedirectionRule) //Blacklist APIs authRouter.HandleFunc("/api/blacklist/list", handleListBlacklisted) authRouter.HandleFunc("/api/blacklist/country/add", handleCountryBlacklistAdd) authRouter.HandleFunc("/api/blacklist/country/remove", handleCountryBlacklistRemove) authRouter.HandleFunc("/api/blacklist/ip/add", handleIpBlacklistAdd) authRouter.HandleFunc("/api/blacklist/ip/remove", handleIpBlacklistRemove) authRouter.HandleFunc("/api/blacklist/enable", handleBlacklistEnable) //Statistic & uptime monitoring API authRouter.HandleFunc("/api/stats/summary", statisticCollector.HandleTodayStatLoad) authRouter.HandleFunc("/api/stats/countries", HandleCountryDistrSummary) authRouter.HandleFunc("/api/utm/list", HandleUptimeMonitorListing) //mDNS APIs authRouter.HandleFunc("/api/mdns/list", HandleMdnsListing) authRouter.HandleFunc("/api/mdns/discover", HandleMdnsScanning) //If you got APIs to add, append them here } //Function to renders Auth related APIs func registerAuthAPIs(requireAuth bool) { //Auth APIs http.HandleFunc("/api/auth/login", authAgent.HandleLogin) http.HandleFunc("/api/auth/logout", authAgent.HandleLogout) http.HandleFunc("/api/auth/checkLogin", func(w http.ResponseWriter, r *http.Request) { if requireAuth { authAgent.CheckLogin(w, r) } else { utils.SendJSONResponse(w, "true") } }) http.HandleFunc("/api/auth/username", func(w http.ResponseWriter, r *http.Request) { username, err := authAgent.GetUserName(w, r) if err != nil { http.Error(w, http.StatusText(http.StatusUnauthorized), http.StatusUnauthorized) return } js, _ := json.Marshal(username) utils.SendJSONResponse(w, string(js)) }) http.HandleFunc("/api/auth/userCount", func(w http.ResponseWriter, r *http.Request) { uc := authAgent.GetUserCounts() js, _ := json.Marshal(uc) utils.SendJSONResponse(w, string(js)) }) http.HandleFunc("/api/auth/register", func(w http.ResponseWriter, r *http.Request) { if authAgent.GetUserCounts() == 0 { //Allow register root admin authAgent.HandleRegisterWithoutEmail(w, r, func(username, reserved string) { }) } else { //This function is disabled utils.SendErrorResponse(w, "Root management account already exists") } }) http.HandleFunc("/api/auth/changePassword", func(w http.ResponseWriter, r *http.Request) { username, err := authAgent.GetUserName(w, r) if err != nil { http.Error(w, "401 - Unauthorized", http.StatusUnauthorized) return } oldPassword, err := utils.PostPara(r, "oldPassword") if err != nil { utils.SendErrorResponse(w, "empty current password") return } newPassword, err := utils.PostPara(r, "newPassword") if err != nil { utils.SendErrorResponse(w, "empty new password") return } confirmPassword, _ := utils.PostPara(r, "confirmPassword") if newPassword != confirmPassword { utils.SendErrorResponse(w, "confirm password not match") return } //Check if the old password correct oldPasswordCorrect, _ := authAgent.ValidateUsernameAndPasswordWithReason(username, oldPassword) if !oldPasswordCorrect { utils.SendErrorResponse(w, "Invalid current password given") return } //Change the password of the root user authAgent.UnregisterUser(username) authAgent.CreateUserAccount(username, newPassword, "") }) }