diff --git a/code/config.json b/code/config.json new file mode 100644 index 0000000..c1f207f --- /dev/null +++ b/code/config.json @@ -0,0 +1,11 @@ +{ + "ports": { + "radius_authentication": 1812, + "radius_accounting": 1813 + }, + "client_secret": "password", + "storage": "json:./data.json", + "default_vlan_enabled": true, + "default_vlan_id": 90, + "mac_auth_only": true +} diff --git a/code/data.json b/code/data.json index d88098e..ef0372d 100644 --- a/code/data.json +++ b/code/data.json @@ -6,8 +6,13 @@ "vlan": "123" }, { - "username": "test2", - "password": "test", + "username": "AB:CD:EF:12:34:56", + "password": "AB:CD:EF:12:34:56", + "vlan": "123" + }, + { + "username": "abcdef123456", + "password": "abcdef123456", "vlan": "123" } ] diff --git a/code/index.js b/code/index.js index a683124..b7bfad4 100644 --- a/code/index.js +++ b/code/index.js @@ -28,7 +28,8 @@ catch (error) { }, storage: "json:./data.json", client_secret: "password", - default_vlan_enabled: false + default_vlan_enabled: false, + mac_auth_only: false } } if (process.env['NETRADIUS_PORT_RADIUS_AUTH']) config.ports.radius_authentication = process.env['NETRADIUS_PORT_RADIUS_AUTH']; @@ -38,11 +39,12 @@ if (process.env['NETRADIUS_STORAGE']) config.storage = process.env['NETRADIUS_ST if (process.env['NETRADIUS_DEFAULT_VLAN']) config.default_vlan_enabled = process.env['NETRADIUS_DEFAULT_VLAN']; if (process.env['NETRADIUS_DEFAULT_VLAN_ID']) config.default_vlan_id = process.env['NETRADIUS_DEFAULT_VLAN_ID']; if (process.env['NETRADIUS_CLIENT_SECRET']) config.client_secret = process.env['NETRADIUS_CLIENT_SECRET']; +if (process.env['NETRADIUS_MAC_AUTH_ONLY']) config.mac_auth_only = process.env['NETRADIUS_MAC_AUTH_ONLY']; // Set defaults -config.ports.radius_authentication = 1812; -config.ports.radius_accounting = 1813; -config.ports.api = 8080; +if (!config.ports.radius_authentication) config.ports.radius_authentication = 1812; +if (!config.ports.radius_accounting) config.ports.radius_accounting = 1813; +if (!config.ports.api) config.ports.api = 8080; // Display active configuration log.write ('Using configuration: ' + JSON.stringify (config)); @@ -113,8 +115,9 @@ http.createServer (function (req, res) { var endpoint = req.method + " " + url; switch (endpoint) { + // Used for docker healthcheck case "GET /health": - respond (res, "OK\n\n", 200); + respond (res, "OK", 200); break; case "GET /users": @@ -147,24 +150,7 @@ http.createServer (function (req, res) { req.on ('end', () => { handlers.user.create (payload, (status, err) => { if (err) { - respond (res, "Error\n\n", 500); - } - else { - respond (res, status, 200); - } - }); - }); - break; - - case "UPDATE /user": - var payload = ''; - req.on ('data', chunk => { - payload += chunk.toString (); - }); - req.on ('end', () => { - handlers.user.update (payload, (status, err) => { - if (err) { - respond (res, "Error\n\n", 500); + respond (res, err, 500); } else { respond (res, status, 200); @@ -176,7 +162,7 @@ http.createServer (function (req, res) { case "DELETE /user": handlers.user.delete (req.url.substring (req.url.lastIndexOf ("/") + 1), (status, err) => { if (err) { - respond (res, "Error\n\n", 500); + respond (res, err, 404); } else { respond (res, status, 200); @@ -185,7 +171,7 @@ http.createServer (function (req, res) { break; default: - respond (res, "Not found\n\n", 404); + respond (res, "Not found", 404); } }).listen (8080); diff --git a/code/lib/data.js b/code/lib/data.js index 5c7e17e..0c55441 100644 --- a/code/lib/data.js +++ b/code/lib/data.js @@ -35,6 +35,10 @@ data.users.forEach ((e) => { module.exports = { authUser: (username, password) => { + if (config.mac_auth_only) { + username = username.toLowerCase ().replace (/[:-]/g, ''); + password = password.toLowerCase ().replace (/[:-]/g, ''); + } if (users[username] && users[username].password == password) { return { vlan: users[username].vlan @@ -50,6 +54,10 @@ module.exports = { payload = JSON.parse (payload); var username = payload.username; var password = payload.password; + if (config.mac_auth_only) { + username = username.toLowerCase ().replace (/[:-]/g, ''); + password = password.toLowerCase ().replace (/[:-]/g, ''); + } var description = payload.description || ""; var vlan = payload.vlan; users[username] = { @@ -84,6 +92,9 @@ module.exports = { }, getUser: (username, callback) => { + if (config.mac_auth_only) { + username = username.toLowerCase ().replace (/[:-]/g, ''); + } try { var user = users[username]; callback (user, null); @@ -93,19 +104,22 @@ module.exports = { } }, - updateUser: (payload, callback) => { - payload = JSON.parse (payload); - callback ("OK\n\n", null); - }, - deleteUser: (username, callback) => { - try { - delete users[username]; - persistData (); - callback ("OK\n\n", null); + if (config.mac_auth_only) { + username = username.toLowerCase ().replace (/[:-]/g, ''); } - catch (error) { - callback (null, "Error"); + if (users[username]) { + try { + delete users[username]; + persistData (); + callback ("OK\n\n", null); + } + catch (error) { + callback (null, "Error"); + } + } + else { + callback (null, "Not found"); } } } \ No newline at end of file diff --git a/code/lib/handlers.js b/code/lib/handlers.js index 1433a6d..90bbdda 100644 --- a/code/lib/handlers.js +++ b/code/lib/handlers.js @@ -12,6 +12,10 @@ module.exports = { if (decoded.code == 'Access-Request') { var username = decoded.attributes['User-Name']; var password = decoded.attributes['User-Password']; + if (config.mac_auth_only) { + username = username.toLowerCase ().replace (/[:-]/g, ''); + password = password.toLowerCase ().replace (/[:-]/g, ''); + } var user = data.authUser (username, password); var vlan = false; if (user) { @@ -59,7 +63,6 @@ module.exports = { create: data.createUser, getall: data.getUsers, getone: data.getUser, - update: data.updateUser, delete: data.deleteUser } } \ No newline at end of file