Multiple changes and documentation.

README.md

@@ -16,9 +16,63 @@ Sinatra provides for this simple use case:
 - A Dockerfile (and docker-compose) to encapsulate the server within a docker container.
 - Optional default VLAN support to support unknown MAC addresses, e.g. into a guest network.
 
+# Configuration
+
+Optional configuration is via environment variables.
+
+### SINATRA_PORT_RADIUS_AUTH
+Sets the listening port for RADIUS authentication.
+
+Default: 1812
+
+### SINATRA_PORT_RADIUS_ACCT
+Sets the listening port for RADIUS accounting
+
+Default: 1813
+
+### SINATRA_PORT_API
+Sets the listening port for the API
+
+Default: 8088
+
+### SINATRA_STORAGE
+Sets the storage type and location for data. The format is type://location.
+
+Supported types are:
+
+##### json
+Uses a serialised JSON data file. e.g. json://./data
+
+Default: json://./data
+
+### SINATRA_CLIENT_SECRET
+Sets the shared secret for RADIUS clients
+
+Default: password
+
+### SINATRA_DEFAULT_VLAN
+Sets the default VLAN ID for unauthenticated users. If false, users must pass authentication.
+
+Default: false
+
+### SINATRA_MAC_AUTH_ONLY
+Sets whether usernames and passwords should be processed as MAC addresses.  
+If true, then all input formats are normalised to lowercase alphanumeric strings, e.g. aabbccddeeff
+
+Default: false
+
+### SINATRA_SESSION_DURATION
+Sets the RADIUS session duration in minutes.
+
+Default: 60
+
+### SINATRA_TIME_RULES
+Sets whether time rules are to be processed.  
+If true, then all registered users must have at least one 'allow' rule defined.
+
+Default: false
+
 # Feature roadmap
 
 - Mass-import from CSV
-- Time-based authentication
-- Time-limited access
 - Connection accounting (with REST API endpoints for data access)

code/index.js

@@ -1,6 +1,6 @@
 // Baseline
 const product = 'NetRadius';
-const version = '0.2.0';
+const version = '0.4.0';
 
 // Load dependencies
 const dgram = require ('dgram');
@@ -13,44 +13,16 @@ const handlers = require ('./lib/handlers.js');
 
 // Load configuration
 log.write (product + ' v' + version);
-config = {};
+config = { ports: {} };
-try {
+config.ports.radius_authentication = process.env['SINATRA_PORT_RADIUS_AUTH'] || 1812;
-    config = JSON.parse (fs.readFileSync ('./config.json').toString ());
+config.ports.radius_accounting = process.env['SINATRA_PORT_RADIUS_ACCT'] || 1813;
-}
+config.ports.api = process.env['SINATRA_PORT_API'] || 8088;
-catch (error) {
+config.storage = process.env['SINATRA_STORAGE'] || "json:./data.json";
-    log.write ('Cannot open or read configuration file.');
+config.client_secret = process.env['SINATRA_CLIENT_SECRET'] || "password";
-    log.write ('Using defaults');
+config.default_vlan = process.env['SINATRA_DEFAULT_VLAN'] || false;
-    config = {
+config.mac_auth_only = process.env['SINATRA_MAC_AUTH_ONLY'] || false;
-        ports: {
+config.session_duration = process.env['SINATRA_SESSION_DURATION'] || 60;
-            radius_authentication: 1812,
+config.time_rules = process.env['SINATRA_TIME_RULES'] || false;
-            radius_accounting: 1813,
-            api: 8088
-        },
-        storage: "json:./data.json",
-        client_secret: "password",
-        default_vlan_enabled: false,
-        mac_auth_only: false,
-        session_duration: 60,
-        time_rules_enabled: false
-    }
-}
-if (process.env['SINATRA_PORT_RADIUS_AUTH']) config.ports.radius_authentication = process.env['SINATRA_PORT_RADIUS_AUTH'];
-if (process.env['SINATRA_PORT_RADIUS_ACCT']) config.ports.radius_accounting = process.env['SINATRA_PORT_RADIUS_ACCT'];
-if (process.env['SINATRA_PORT_API']) config.ports.api = process.env['SINATRA_PORT_API'];
-if (process.env['SINATRA_STORAGE']) config.storage = process.env['SINATRA_STORAGE'];
-if (process.env['SINATRA_DEFAULT_VLAN']) config.default_vlan_enabled = process.env['SINATRA_DEFAULT_VLAN'];
-if (process.env['SINATRA_DEFAULT_VLAN_ID']) config.default_vlan_id = process.env['SINATRA_DEFAULT_VLAN_ID'];
-if (process.env['SINATRA_CLIENT_SECRET']) config.client_secret = process.env['SINATRA_CLIENT_SECRET'];
-if (process.env['SINATRA_MAC_AUTH_ONLY']) config.mac_auth_only = process.env['SINATRA_MAC_AUTH_ONLY'];
-if (process.env['SINATRA_SESSION_DURATION']) config.session_duration = process.env['SINATRA_SESSION_DURATION'];
-if (process.env['SINATRA_TIME_RULES']) config.time_rules_enabled = process.env['SINATRA_TIME_RULES'];
-
-// Set defaults
-if (!config.ports.radius_authentication) config.ports.radius_authentication = 1812;
-if (!config.ports.radius_accounting) config.ports.radius_accounting = 1813;
-if (!config.ports.api) config.ports.api = 8088;
-if (!config.session_duration) config.session_duration = 60;
-if (!config.time_rules_enabled) config.time_rules_enabled = false;
 
 // Display active configuration
 log.write ('Using configuration: ' + JSON.stringify (config));

code/lib/time.js

@@ -41,7 +41,7 @@ const resolveRange = (str) => {
 module.exports = {
     checkAuth: (rules = []) => {
         var authorised = false;
-        if (config.time_rules_enabled) {
+        if (config.time_rules) {
             if (rules.length > 0) {
                 var now = new Date ();
                 var minuteOfDay = (now.getHours () * 60) + now.getMinutes (); // 0 - 1439