hjr265 · antonioabelgc · May 15, 2024 · May 15, 2024 · May 15, 2024 · May 15, 2024
diff --git a/data/balancer.go b/data/balancer.go
@@ -6,7 +6,7 @@ import (
 	"crypto/sha1"
 	"crypto/x509"
 	"encoding/pem"
-
+	"os"
 	"github.com/boltdb/bolt"
 	"gopkg.in/mgo.v2/bson"
 )
@@ -23,17 +23,23 @@ type BalancerSettings struct {
 	Protocol   Protocol
 	Algorithm  Algorithm
 	SSLOptions SSLOptions
+	SSLVerifyClient SSLVerifyClient
 }
 
 type SSLOptions struct {
 	CipherSuite CipherSuite
 	Certificate []byte
 	PrivateKey  []byte
-
+	SSLVerify	SSLVerify
 	DNSNames    []string
 	Fingerprint []byte
 }
 
+type SSLVerifyClient struct {
+
+	ClientCertificate   []byte
+}
+
 func ListBalancers() ([]Balancer, error) {
 	bals := []Balancer{}
 	err := DB.View(func(tx *bolt.Tx) error {
@@ -76,6 +82,30 @@ func GetBalancer(id bson.ObjectId) (*Balancer, error) {
 	return bal, nil
 }
 
+func (b *Balancer) Delete() error {
+    servers, err := b.Servers()
+    if err != nil {
+        return err
+    }
+    for _, server := range servers {
+        err := server.Delete()
+        if err != nil {
+            return err
+        }
+    }
+
+    dirPath := "/var/lib/loadcat/out/" + b.Id.Hex()
+    err = os.RemoveAll(dirPath)
+    if err != nil {
+        return err
+    }
+
+    return DB.Update(func(tx *bolt.Tx) error {
+        bucket := tx.Bucket([]byte("balancers"))
+        return bucket.Delete([]byte(b.Id.Hex()))
+    })
+}
+
 func (l *Balancer) Servers() ([]Server, error) {
 	return ListServersByBalancer(l)
 }
@@ -111,6 +141,8 @@ func (l *Balancer) Put() error {
 		l.Settings.SSLOptions.PrivateKey = nil
 		l.Settings.SSLOptions.DNSNames = nil
 		l.Settings.SSLOptions.Fingerprint = nil
+		l.Settings.SSLVerifyClient.ClientCertificate = nil
+		l.Settings.SSLOptions.SSLVerify = "off"
 	}
 	return DB.Update(func(tx *bolt.Tx) error {
 		b := tx.Bucket([]byte("balancers"))

diff --git a/data/server.go b/data/server.go
@@ -69,6 +69,13 @@ func (s *Server) Balancer() (*Balancer, error) {
 	return GetBalancer(s.BalancerId)
 }
 
+func (s *Server) Delete() error {
+    return DB.Update(func(tx *bolt.Tx) error {
+        b := tx.Bucket([]byte("servers"))
+        return b.Delete([]byte(s.Id.Hex()))
+    })
+}
+
 func (s *Server) Put() error {
 	if !s.Id.Valid() {
 		s.Id = bson.NewObjectId()

diff --git a/data/sslverify.go b/data/sslverify.go
@@ -0,0 +1,19 @@
+// Copyright 2015 The Loadcat Authors. All rights reserved.
+
+package data
+
+type SSLVerify string
+
+var SSLVerifys = []SSLVerify{
+	"off",
+	"on",
+}
+
+func (p SSLVerify) Label() string {
+	return SSLVerifyLabels[p]
+}
+
+var SSLVerifyLabels = map[SSLVerify]string{
+	"off":  "OFF",
+	"on": "ON",
+}
diff --git a/docker-compose_base.yml b/docker-compose_base.yml
@@ -0,0 +1,21 @@
+version: '3.8'
+services:
+  web:
+    build:
+      context: .
+      dockerfile: ./docker/base/Dockerfile
+    ports:
+      - "26590:26590"
+      - "80:80"
+      - "443:443"
+    volumes:
+      - loadcat:/var/lib/loadcat
+      - ./loadcatd:/usr/bin/loadcatd
+      - ./ui/templates:/var/lib/loadcat/ui/templates
+    working_dir: /var/lib/loadcat
+    command: loadcatd -config /etc/loadcat.conf
+    restart: unless-stopped
+
+volumes:
+  loadcat:
+    driver: "local"
diff --git a/docker/base/Dockerfile b/docker/base/Dockerfile
@@ -1,8 +1,8 @@
-FROM nginx:1.21.0
+FROM nginx:stable
 
 ADD docker/base/nginx.conf /etc/nginx/nginx.conf
 ADD docker/base/loadcat.conf /etc/loadcat.conf
-ADD loadcat /usr/bin/loadcat
+ADD loadcatd /usr/bin/loadcat
 ADD ui/templates /var/lib/loadcat/ui/templates
 
 WORKDIR /var/lib/loadcat

diff --git a/docker/dev/Dockerfile b/docker/dev/Dockerfile
@@ -1,4 +1,4 @@
-FROM nginx:1.21.0
+FROM nginx:stable
 
 ADD nginx.conf /etc/nginx/nginx.conf
 ADD loadcat.conf /etc/loadcat.conf
diff --git a/feline/nginx/nginx.go b/feline/nginx/nginx.go
@@ -43,9 +43,15 @@ server {
 	server_name  {{.Balancer.Settings.Hostname}};
 
 	{{if eq .Balancer.Settings.Protocol "https"}}
-		ssl                  on;
-		ssl_certificate      {{.Dir}}/server.crt;
-		ssl_certificate_key  {{.Dir}}/server.key;
+
+		ssl_certificate      /var/lib/loadcat/out/{{.Balancer.Id.Hex}}/server.crt;
+		ssl_certificate_key  /var/lib/loadcat/out/{{.Balancer.Id.Hex}}/server.key;
+
+	{{end}}
+
+	{{if eq .Balancer.Settings.SSLOptions.SSLVerify "on"}}
+		ssl_client_certificate /var/lib/loadcat/out/{{.Balancer.Id.Hex}}/ca.crt;
+		ssl_verify_client on;
 	{{end}}
 
 	location / {
@@ -105,6 +111,13 @@ func (n *Nginx) Generate(dir string, bal *data.Balancer) error {
 		}
 	}
 
+	if bal.Settings.SSLOptions.SSLVerify == "on" {
+		err = ioutil.WriteFile(filepath.Join(dir, "ca.crt"), bal.Settings.SSLVerifyClient.ClientCertificate, 0666)
+		if err != nil {
+			return err
+		}
+	}
+
 	return nil
 }
 

diff --git a/ui/balancers.go b/ui/balancers.go
@@ -104,11 +104,13 @@ func ServeBalancerEditForm(w http.ResponseWriter, r *http.Request) {
 	err = TplBalancerEditForm.Execute(w, struct {
 		Balancer     *data.Balancer
 		Protocols    []data.Protocol
+		SSLVerifys   []data.SSLVerify
 		Algorithms   []data.Algorithm
 		CipherSuites []data.CipherSuite
 	}{
 		Balancer:     bal,
 		Protocols:    data.Protocols,
+		SSLVerifys:   data.SSLVerifys,
 		Algorithms:   data.Algorithms,
 		CipherSuites: data.CipherSuites,
 	})
@@ -144,7 +146,11 @@ func HandleBalancerUpdate(w http.ResponseWriter, r *http.Request) {
 				CipherSuite string  `schema:"cipher_suite"`
 				Certificate *string `schema:"certificate"`
 				PrivateKey  *string `schema:"private_key"`
+				SSLVerify    string `schema:"sslverify"`
 			} `schema:"ssl_options"`
+			SSLVerifyClient struct {
+				ClientCertificate *string `schema:"clientcertificate"`
+			}
 		} `schema:"settings"`
 	}{}
 	err = schema.NewDecoder().Decode(&body, r.PostForm)
@@ -160,6 +166,13 @@ func HandleBalancerUpdate(w http.ResponseWriter, r *http.Request) {
 	bal.Settings.Algorithm = data.Algorithm(body.Settings.Algorithm)
 	if body.Settings.Protocol == "https" {
 		bal.Settings.SSLOptions.CipherSuite = "recommended"
+		bal.Settings.SSLOptions.SSLVerify = "off"
+		if body.Settings.SSLOptions.SSLVerify == "on" {
+			bal.Settings.SSLOptions.SSLVerify = data.SSLVerify(body.Settings.SSLOptions.SSLVerify)
+			if body.Settings.SSLVerifyClient.ClientCertificate != nil {
+				bal.Settings.SSLVerifyClient.ClientCertificate = []byte(*body.Settings.SSLVerifyClient.ClientCertificate)
+			}
+		}
 		if body.Settings.SSLOptions.Certificate != nil {
 			bal.Settings.SSLOptions.Certificate = []byte(*body.Settings.SSLOptions.Certificate)
 		}
@@ -180,6 +193,25 @@ func HandleBalancerUpdate(w http.ResponseWriter, r *http.Request) {
 	http.Redirect(w, r, "/balancers/"+bal.Id.Hex(), http.StatusSeeOther)
 }
 
+func HandleBalancerDelete(w http.ResponseWriter, r *http.Request) {
+	vars := mux.Vars(r)
+	if !bson.IsObjectIdHex(vars["id"]) {
+		http.Error(w, "Not Found", http.StatusNotFound)
+		return
+	}
+	bal, err := data.GetBalancer(bson.ObjectIdHex(vars["id"]))
+	if err != nil {
+		panic(err)
+	}
+
+	err = bal.Delete()
+	if err != nil {
+		panic(err)
+	}
+
+	http.Redirect(w, r, "/balancers", http.StatusSeeOther)
+}
+
 func init() {
 	Router.NewRoute().
 		Methods("GET").
@@ -205,4 +237,8 @@ func init() {
 		Methods("POST").
 		Path("/balancers/{id}/edit").
 		Handler(http.HandlerFunc(HandleBalancerUpdate))
+	Router.NewRoute().
+		Methods("POST").
+		Path("/balancers/{id}/delete").
+		Handler(http.HandlerFunc(HandleBalancerDelete))
 }
diff --git a/ui/templates/balancerEditForm.html b/ui/templates/balancerEditForm.html
@@ -91,16 +91,33 @@
 							<textarea name="settings.ssl_options.private_key" class="form-control" id="inpPrivateKey" {{if .Balancer.Settings.SSLOptions.Fingerprint}}disabled{{end}}></textarea>
 						</div>
 					</div>
-
+					<div class="form-group">
+						<label for="inpSSLVerify" class="col-sm-2 control-label">SSL Verify Client</label>
+						<div class="col-sm-4">
+							<select name="settings.ssl_options.sslverify" class="form-control" id="inpSSLVerify">
+								{{range $sslverify := .SSLVerifys}}
+									<option value="{{$sslverify}}" {{if eq $sslverify $.Balancer.Settings.SSLOptions.SSLVerify}}selected{{end}}>{{$sslverify.Label}}</option>
+								{{end}}
+							</select>
+						</div>
+					</div>
+					<div id="clientCertificateGroup" class="form-group">
+						<label for="inpClientCertificate" class="col-sm-2 control-label">Client Certificate</label>
+						<div class="col-sm-4">
+							<input type="text" class="form-control" id="inpClientCertificate" value="{{printf "% x" .Balancer.Settings.SSLVerifyClient.ClientCertificate}}" readonly>
+							<textarea name="settings.sslverifyclient.clientcertificate" class="form-control" id="inpClientCertificate"></textarea>
+						</div>
+					</div>					
 					<br>
 				</fieldset>
 
 				<div class="form-group">
 					<div class="col-sm-offset-2 col-sm-10">
 						<button type="submit" class="btn btn-primary">Update</button>
 						<a href="/balancers/{{.Balancer.Id.Hex}}" class="btn btn-default">Cancel</a>
+						<button type="button" class="btn btn-danger" onclick="deleteBalancer()">Delete</button>
 					</div>
-				</div>
+				</div>			
 			</form>
 		</div>
 	</div>
@@ -109,31 +126,49 @@
 {{define "sidebar"}}
 
 {{end}}
-
 {{define "scripts"}}
-	<script type="text/javascript">
-		$('#inpProtocol').on('change', function() {
-			switch($(this).val()) {
-				case 'http':
-					$('#setSSLOptions').addClass('hidden')
-					break
-				case 'https':
-					$('#setSSLOptions').removeClass('hidden')
-					break
-			}
-		})
-		.trigger('change')
+<script type="text/javascript">
+$('#inpProtocol').on('change', function() {
+    switch($(this).val()) {
+        case 'http':
+            $('#setSSLOptions').addClass('hidden');
+            break;
+        case 'https':
+            $('#setSSLOptions').removeClass('hidden');
+            break;
+    }
+}).trigger('change');
 
-		$('#btnReplaceCertificate').on('click', function(event) {
-			event.preventDefault()
-			$('#inpCertificate').removeClass('hidden').removeAttr('disabled')
-			$('#inpPrivateKey').removeAttr('disabled').closest('.form-group').removeClass('hidden')
-			$('#inpFingerprint').detach()
-			$('#btnReplaceCertificate').closest('div').detach()
-		})
+$('#inpSSLVerify').on('change', function() {
+    if ($(this).val() === 'on') {
+        $('#clientCertificateGroup').removeClass('hidden');
+    } else {
+        $('#clientCertificateGroup').addClass('hidden');
+    }
+}).trigger('change');
 
-		{{if .Balancer.Settings.SSLOptions.Fingerprint}}
-			$('#inpDNSNames ')
-		{{end}}
-	</script>
+$('#btnReplaceCertificate').on('click', function(event) {
+    event.preventDefault();
+    $('#inpCertificate').removeClass('hidden').removeAttr('disabled');
+    $('#inpPrivateKey').removeAttr('disabled').closest('.form-group').removeClass('hidden');
+    $('#inpFingerprint').detach();
+    $('#btnReplaceCertificate').closest('div').detach();
+});
+
+
+function deleteBalancer() {
+    if (confirm("Are you sure you want to delete this balancer?")) {
+        var xhr = new XMLHttpRequest();
+        xhr.open("POST", "/balancers/{{.Balancer.Id.Hex}}/delete", true);
+        xhr.setRequestHeader("Content-Type", "application/json");
+        xhr.onreadystatechange = function () {
+            if (xhr.readyState === 4 && xhr.status === 200) {
+                window.location.href = "/balancers";
+            }
+        };
+        xhr.send();
+    }
+}
+</script>
 {{end}}
+