From f051bed335b5214cd67bde6a2d0b9c4f53d15a2c Mon Sep 17 00:00:00 2001 From: Alex Rennie-Lis Date: Sat, 8 Jun 2024 11:11:20 +0100 Subject: [PATCH] Multiple changes and documentation. --- README.md | 58 ++++++++++++++++++++++++++++++++++++++++++++++-- code/index.js | 50 +++++++++-------------------------------- code/lib/time.js | 2 +- 3 files changed, 68 insertions(+), 42 deletions(-) diff --git a/README.md b/README.md index 63f9b47..4b5beb3 100755 --- a/README.md +++ b/README.md @@ -16,9 +16,63 @@ Sinatra provides for this simple use case: - A Dockerfile (and docker-compose) to encapsulate the server within a docker container. - Optional default VLAN support to support unknown MAC addresses, e.g. into a guest network. +# Configuration + +Optional configuration is via environment variables. + +### SINATRA_PORT_RADIUS_AUTH +Sets the listening port for RADIUS authentication. + +Default: 1812 + +### SINATRA_PORT_RADIUS_ACCT +Sets the listening port for RADIUS accounting + +Default: 1813 + +### SINATRA_PORT_API +Sets the listening port for the API + +Default: 8088 + +### SINATRA_STORAGE +Sets the storage type and location for data. The format is type://location. + +Supported types are: + +##### json +Uses a serialised JSON data file. e.g. json://./data + +Default: json://./data + +### SINATRA_CLIENT_SECRET +Sets the shared secret for RADIUS clients + +Default: password + +### SINATRA_DEFAULT_VLAN +Sets the default VLAN ID for unauthenticated users. If false, users must pass authentication. + +Default: false + +### SINATRA_MAC_AUTH_ONLY +Sets whether usernames and passwords should be processed as MAC addresses. +If true, then all input formats are normalised to lowercase alphanumeric strings, e.g. aabbccddeeff + +Default: false + +### SINATRA_SESSION_DURATION +Sets the RADIUS session duration in minutes. + +Default: 60 + +### SINATRA_TIME_RULES +Sets whether time rules are to be processed. +If true, then all registered users must have at least one 'allow' rule defined. + +Default: false + # Feature roadmap - Mass-import from CSV -- Time-based authentication -- Time-limited access - Connection accounting (with REST API endpoints for data access) diff --git a/code/index.js b/code/index.js index 5f3452b..cbe2b7f 100755 --- a/code/index.js +++ b/code/index.js @@ -1,6 +1,6 @@ // Baseline const product = 'NetRadius'; -const version = '0.2.0'; +const version = '0.4.0'; // Load dependencies const dgram = require ('dgram'); @@ -13,44 +13,16 @@ const handlers = require ('./lib/handlers.js'); // Load configuration log.write (product + ' v' + version); -config = {}; -try { - config = JSON.parse (fs.readFileSync ('./config.json').toString ()); -} -catch (error) { - log.write ('Cannot open or read configuration file.'); - log.write ('Using defaults'); - config = { - ports: { - radius_authentication: 1812, - radius_accounting: 1813, - api: 8088 - }, - storage: "json:./data.json", - client_secret: "password", - default_vlan_enabled: false, - mac_auth_only: false, - session_duration: 60, - time_rules_enabled: false - } -} -if (process.env['SINATRA_PORT_RADIUS_AUTH']) config.ports.radius_authentication = process.env['SINATRA_PORT_RADIUS_AUTH']; -if (process.env['SINATRA_PORT_RADIUS_ACCT']) config.ports.radius_accounting = process.env['SINATRA_PORT_RADIUS_ACCT']; -if (process.env['SINATRA_PORT_API']) config.ports.api = process.env['SINATRA_PORT_API']; -if (process.env['SINATRA_STORAGE']) config.storage = process.env['SINATRA_STORAGE']; -if (process.env['SINATRA_DEFAULT_VLAN']) config.default_vlan_enabled = process.env['SINATRA_DEFAULT_VLAN']; -if (process.env['SINATRA_DEFAULT_VLAN_ID']) config.default_vlan_id = process.env['SINATRA_DEFAULT_VLAN_ID']; -if (process.env['SINATRA_CLIENT_SECRET']) config.client_secret = process.env['SINATRA_CLIENT_SECRET']; -if (process.env['SINATRA_MAC_AUTH_ONLY']) config.mac_auth_only = process.env['SINATRA_MAC_AUTH_ONLY']; -if (process.env['SINATRA_SESSION_DURATION']) config.session_duration = process.env['SINATRA_SESSION_DURATION']; -if (process.env['SINATRA_TIME_RULES']) config.time_rules_enabled = process.env['SINATRA_TIME_RULES']; - -// Set defaults -if (!config.ports.radius_authentication) config.ports.radius_authentication = 1812; -if (!config.ports.radius_accounting) config.ports.radius_accounting = 1813; -if (!config.ports.api) config.ports.api = 8088; -if (!config.session_duration) config.session_duration = 60; -if (!config.time_rules_enabled) config.time_rules_enabled = false; +config = { ports: {} }; +config.ports.radius_authentication = process.env['SINATRA_PORT_RADIUS_AUTH'] || 1812; +config.ports.radius_accounting = process.env['SINATRA_PORT_RADIUS_ACCT'] || 1813; +config.ports.api = process.env['SINATRA_PORT_API'] || 8088; +config.storage = process.env['SINATRA_STORAGE'] || "json:./data.json"; +config.client_secret = process.env['SINATRA_CLIENT_SECRET'] || "password"; +config.default_vlan = process.env['SINATRA_DEFAULT_VLAN'] || false; +config.mac_auth_only = process.env['SINATRA_MAC_AUTH_ONLY'] || false; +config.session_duration = process.env['SINATRA_SESSION_DURATION'] || 60; +config.time_rules = process.env['SINATRA_TIME_RULES'] || false; // Display active configuration log.write ('Using configuration: ' + JSON.stringify (config)); diff --git a/code/lib/time.js b/code/lib/time.js index 360e75b..50c5a96 100755 --- a/code/lib/time.js +++ b/code/lib/time.js @@ -41,7 +41,7 @@ const resolveRange = (str) => { module.exports = { checkAuth: (rules = []) => { var authorised = false; - if (config.time_rules_enabled) { + if (config.time_rules) { if (rules.length > 0) { var now = new Date (); var minuteOfDay = (now.getHours () * 60) + now.getMinutes (); // 0 - 1439