protocols/luci-proto-openconnect/htdocs/luci-static/resources/protocol/openconnect.js

   1 'use strict';
   2 'require rpc';
   3 'require form';
   4 'require network';
   5
   6 var callGetCertificateFiles = rpc.declare({
   7         object: 'luci.openconnect',
   8         method: 'getCertificates',
   9         params: [ 'interface' ],
  10         expect: { '': {} }
  11 });
  12
  13 var callSetCertificateFiles = rpc.declare({
  14         object: 'luci.openconnect',
  15         method: 'setCertificates',
  16         params: [ 'interface', 'user_certificate', 'user_privatekey', 'ca_certificate' ],
  17         expect: { '': {} }
  18 });
  19
  20 network.registerPatternVirtual(/^vpn-.+$/);
  21
  22 function sanitizeCert(s) {
  23         if (typeof(s) != 'string')
  24                 return null;
  25
  26         s = s.trim();
  27
  28         if (s == '')
  29                 return null;
  30
  31         s = s.replace(/\r\n?/g, '\n');
  32
  33         if (!s.match(/\n$/))
  34                 s += '\n';
  35
  36         return s;
  37 }
  38
  39 function validateCert(priv, section_id, value) {
  40         var beg = priv ? /^-----BEGIN RSA PRIVATE KEY-----$/ : /^-----BEGIN CERTIFICATE-----$/,
  41             end = priv ? /^-----END RSA PRIVATE KEY-----$/ : /^-----END CERTIFICATE-----$/,
  42             lines = value.trim().split(/[\r\n]/),
  43             start = false,
  44             i;
  45
  46         if (value === null || value === '')
  47                 return true;
  48
  49         for (i = 0; i < lines.length; i++) {
  50                 if (lines[i].match(beg))
  51                         start = true;
  52                 else if (start && !lines[i].match(/^(?:[A-Za-z0-9+\/]{4})*(?:[A-Za-z0-9+\/]{2}==|[A-Za-z0-9+\/]{3}=)?$/))
  53                         break;
  54         }
  55
  56         if (!start || i < lines.length - 1 || !lines[i].match(end))
  57                 return _('This does not look like a valid PEM file');
  58
  59         return true;
  60 }
  61
  62 return network.registerProtocol('openconnect', {
  63         getI18n: function() {
  64                 return _('OpenConnect (CISCO AnyConnect)');
  65         },
  66
  67         getIfname: function() {
  68                 return this._ubus('l3_device') || 'vpn-%s'.format(this.sid);
  69         },
  70
  71         getOpkgPackage: function() {
  72                 return 'openconnect';
  73         },
  74
  75         isFloating: function() {
  76                 return true;
  77         },
  78
  79         isVirtual: function() {
  80                 return true;
  81         },
  82
  83         getDevices: function() {
  84                 return null;
  85         },
  86
  87         containsDevice: function(ifname) {
  88                 return (network.getIfnameOf(ifname) == this.getIfname());
  89         },
  90
  91         renderFormOptions: function(s) {
  92                 var dev = this.getDevice().getName(),
  93                     certLoadPromise = null,
  94                     o;
  95
  96                 o = s.taboption('general', form.Value, 'server', _('VPN Server'));
  97                 o.datatype = 'host(0)';
  98
  99                 o = s.taboption('general', form.Value, 'port', _('VPN Server port'));
 100                 o.placeholder = '443';
 101                 o.datatype    = 'port';
 102
 103                 s.taboption('general', form.Value, 'serverhash', _("VPN Server's certificate SHA1 hash"));
 104                 s.taboption('general', form.Value, 'authgroup', _('Auth Group'));
 105                 s.taboption('general', form.Value, 'usergroup', _('User Group'));
 106                 s.taboption("general", form.Value, "username", _("Username"));
 107
 108                 o = s.taboption('general', form.Value, 'password', _('Password'));
 109                 o.password = true;
 110
 111                 o = s.taboption('general', form.Value, 'password2', _('Password2'));
 112                 o.password = true;
 113
 114                 o = s.taboption('general', form.TextValue, 'usercert', _('User certificate (PEM encoded)'));
 115                 o.rows = 10;
 116                 o.monospace = true;
 117                 o.validate = L.bind(validateCert, o, false);
 118                 o.load = function(section_id) {
 119                         certLoadPromise = certLoadPromise || callGetCertificateFiles(section_id);
 120                         return certLoadPromise.then(function(certs) { return certs.user_certificate });
 121                 };
 122                 o.write = function(section_id, value) {
 123                         return callSetCertificateFiles(section_id, sanitizeCert(value), null, null);
 124                 };
 125
 126                 o = s.taboption('general', form.TextValue, 'userkey', _('User key (PEM encoded)'));
 127                 o.rows = 10;
 128                 o.monospace = true;
 129                 o.validate = L.bind(validateCert, o, true);
 130                 o.load = function(section_id) {
 131                         certLoadPromise = certLoadPromise || callGetCertificateFiles(section_id);
 132                         return certLoadPromise.then(function(certs) { return certs.user_privatekey });
 133                 };
 134                 o.write = function(section_id, value) {
 135                         return callSetCertificateFiles(section_id, null, sanitizeCert(value), null);
 136                 };
 137
 138                 o = s.taboption('general', form.TextValue, 'ca', _('CA certificate; if empty it will be saved after the first connection.'));
 139                 o.rows = 10;
 140                 o.monospace = true;
 141                 o.validate = L.bind(validateCert, o, false);
 142                 o.load = function(section_id) {
 143                         certLoadPromise = certLoadPromise || callGetCertificateFiles(section_id);
 144                         return certLoadPromise.then(function(certs) { return certs.ca_certificate });
 145                 };
 146                 o.write = function(section_id, value) {
 147                         return callSetCertificateFiles(section_id, null, null, sanitizeCert(value));
 148                 };
 149
 150                 o = s.taboption('advanced', form.Flag, 'defaultroute', _('Default gateway'), _('If unchecked, no default route is configured'));
 151                 o.default = o.enabled;
 152
 153                 o = s.taboption('advanced', form.Value, 'metric', _('Use gateway metric'));
 154                 o.placeholder = '0';
 155                 o.datatype    = 'uinteger';
 156                 o.depends('defaultroute', '1');
 157
 158                 o = s.taboption('advanced', form.Value, 'mtu', _('Override MTU'));
 159                 o.optional = true;
 160                 o.placeholder = 1406;
 161                 o.datatype = 'range(68, 9200)';
 162         }
 163 });